linux-yocto/6.6: address ltp hang

Integrating the following commit(s) to linux-yocto/6.6: 1/1 [ Author: Baokun Li Email: libaokun1@huawei.com Subject: ext4: get rid of ppath in get_ext_path() Date: Thu, 22 Aug 2024 10:35:32 +0800 The use of path and ppath is now very confusing, so to make the code more readable, pass path between functions uniformly, and get rid of ppath. After getting rid of ppath in get_ext_path(), its caller may pass an error pointer to ext4_free_ext_path(), so it needs to teach ext4_free_ext_path() and ext4_ext_drop_refs() to skip the error pointer. No functional changes. Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Reviewed-by: Ojaswin Mujoo <ojaswin@linux.ibm.com> Tested-by: Ojaswin Mujoo <ojaswin@linux.ibm.com> Link: https://patch.msgid.link/20240822023545.1994557-13-libaokun@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> ] (From OE-Core rev: 737293bead3e7b994347e47f09bc69437479d50c) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> [YC: more detail at https://lore.kernel.org/openembedded-core/DJGKEQF8GRU1.RF7JY64COTAA@smile.fr/T/#u] Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
linux-yocto/6.6: genericarm64 fix configuration audit warning
2026-06-27 02:13:39 +02:00 · 2026-06-26 16:55:55 +01:00 · 2026-06-26 16:55:55 +01:00 · 2026-06-26 16:55:55 +01:00 · 2026-06-26 16:55:55 +01:00 · 2026-06-26 16:55:55 +01:00
595 changed files with 63914 additions and 7489 deletions
--- a/README.OE-Core.md
+++ b/README.OE-Core.md
@@ -22,7 +22,7 @@ for full details on how to submit changes.
 As a quick guide, patches should be sent to openembedded-core@lists.openembedded.org
 The git command to do that would be:

-     git send-email -M -1 --to openembedded-core@lists.openembedded.org
+     git send-email -M -1 --to openembedded-core@lists.openembedded.org --subject-prefix='scarthgap][PATCH'

 Mailing list:

--- a/bitbake/lib/bb/COW.py
+++ b/bitbake/lib/bb/COW.py
@@ -36,8 +36,9 @@ class COWDictMeta(COWMeta):
    __marker__ = tuple()

    def __str__(cls):
-        # FIXME: I have magic numbers!
-        return "<COWDict Level: %i Current Keys: %i>" % (cls.__count__, len(cls.__dict__) - 3)
+        ignored_keys = set(["__count__", "__doc__", "__module__", "__firstlineno__", "__static_attributes__"])
+        keys = set(cls.__dict__.keys()) - ignored_keys
+        return "<COWDict Level: %i Current Keys: %i>" % (cls.__count__, len(keys))

    __repr__ = __str__

@@ -161,8 +162,9 @@ class COWDictMeta(COWMeta):

 class COWSetMeta(COWDictMeta):
    def __str__(cls):
-        # FIXME: I have magic numbers!
-        return "<COWSet Level: %i Current Keys: %i>" % (cls.__count__, len(cls.__dict__) - 3)
+        ignored_keys = set(["__count__", "__doc__", "__module__", "__firstlineno__", "__static_attributes__"])
+        keys = set(cls.__dict__.keys()) - ignored_keys
+        return "<COWSet Level: %i Current Keys: %i>" % (cls.__count__, len(keys))

    __repr__ = __str__

--- a/bitbake/lib/bb/data.py
+++ b/bitbake/lib/bb/data.py
@@ -377,7 +377,7 @@ def generate_dependencies(d, ignored_vars):
    mod_funcs = set(bb.codeparser.modulecode_deps.keys())
    keys = set(key for key in d if not key.startswith("__")) | mod_funcs
    shelldeps = set(key for key in d.getVar("__exportlist", False) if bb.utils.to_boolean(d.getVarFlag(key, "export")) and not bb.utils.to_boolean(d.getVarFlag(key, "unexport")))
-    varflagsexcl = d.getVar('BB_SIGNATURE_EXCLUDE_FLAGS')
+    varflagsexcl = (d.getVar('BB_SIGNATURE_EXCLUDE_FLAGS') or "").split()

    codeparserd = d.createCopy()
    for forced in (d.getVar('BB_HASH_CODEPARSER_VALS') or "").split():
--- a/bitbake/lib/bb/fetch2/init.py
+++ b/bitbake/lib/bb/fetch2/init.py
@@ -23,6 +23,7 @@ import collections
 import subprocess
 import pickle
 import errno
+import shlex
 import bb.persist_data, bb.utils
 import bb.checksum
 import bb.process
@@ -1519,7 +1520,10 @@ class FetchMethod(object):
        if unpack:
            tar_cmd = 'tar --extract --no-same-owner'
            if 'striplevel' in urldata.parm:
-                tar_cmd += ' --strip-components=%s' %  urldata.parm['striplevel']
+                striplevel = urldata.parm['striplevel']
+                if not striplevel.isdigit():
+                    raise UnpackError("Invalid striplevel parameter: %s" % striplevel, urldata.url)
+                tar_cmd += ' --strip-components=%s' % striplevel
            if file.endswith('.tar'):
                cmd = '%s -f %s' % (tar_cmd, file)
            elif file.endswith('.tgz') or file.endswith('.tar.gz') or file.endswith('.tar.Z'):
@@ -1559,24 +1563,27 @@ class FetchMethod(object):
            elif file.endswith('.rpm') or file.endswith('.srpm'):
                if 'extract' in urldata.parm:
                    unpack_file = urldata.parm.get('extract')
-                    cmd = 'rpm2cpio.sh %s | cpio -id %s' % (file, unpack_file)
+                    cmd = 'rpm2cpio.sh %s | cpio --no-absolute-filenames -id %s' % (file, unpack_file)
                    iterate = True
                    iterate_file = unpack_file
                else:
-                    cmd = 'rpm2cpio.sh %s | cpio -id' % (file)
+                    cmd = 'rpm2cpio.sh %s | cpio --no-absolute-filenames -id' % (file)
            elif file.endswith('.deb') or file.endswith('.ipk'):
                output = subprocess.check_output(['ar', '-t', file], preexec_fn=subprocess_setup)
                datafile = None
+                valid_datafiles = ('data.tar', 'data.tar.gz', 'data.tar.xz',
+                                   'data.tar.zst', 'data.tar.bz2', 'data.tar.lzma')
                if output:
                    for line in output.decode().splitlines():
-                        if line.startswith('data.tar.'):
+                        if line in valid_datafiles:
                            datafile = line
                            break
                    else:
-                        raise UnpackError("Unable to unpack deb/ipk package - does not contain data.tar.* file", urldata.url)
+                        raise UnpackError("Unable to unpack deb/ipk package - does not contain supported data.tar* file", urldata.url)
                else:
                    raise UnpackError("Unable to unpack deb/ipk package - could not list contents", urldata.url)
-                cmd = 'ar x %s %s && %s -p -f %s && rm %s' % (file, datafile, tar_cmd, datafile, datafile)
+                quoted_datafile = shlex.quote(datafile)
+                cmd = 'ar x %s %s && %s -p -f %s && rm %s' % (shlex.quote(file), quoted_datafile, tar_cmd, quoted_datafile, quoted_datafile)

        # If 'subdir' param exists, create a dir and use it as destination for unpack cmd
        if 'subdir' in urldata.parm:
@@ -1606,7 +1613,7 @@ class FetchMethod(object):
                    if urlpath.find("/") != -1:
                        destdir = urlpath.rsplit("/", 1)[0] + '/'
                        bb.utils.mkdirhier("%s/%s" % (unpackdir, destdir))
-                cmd = 'cp -fpPRH "%s" "%s"' % (file, destdir)
+                cmd = 'cp --force --preserve=timestamps --no-dereference --recursive -H "%s" "%s"' % (file, destdir)
        else:
            urldata.unpack_tracer.unpack("archive-extract", unpackdir)

--- a/bitbake/lib/bb/fetch2/crate.py
+++ b/bitbake/lib/bb/fetch2/crate.py
@@ -68,8 +68,11 @@ class Crate(Wget):
        # if using upstream just fix it up nicely
        if host == 'crates.io':
            host = 'crates.io/api/v1/crates'
+            cdn_host = 'static.crates.io/crates'
+        else:
+            cdn_host = host

-        ud.url = "https://%s/%s/%s/download" % (host, name, version)
+        ud.url = "https://%s/%s/%s/download" % (cdn_host, name, version)
        ud.parm['downloadfilename'] = "%s-%s.crate" % (name, version)
        if 'name' not in ud.parm:
            ud.parm['name'] = '%s-%s' % (name, version)
--- a/bitbake/lib/bb/fetch2/git.py
+++ b/bitbake/lib/bb/fetch2/git.py
@@ -399,14 +399,14 @@ class Git(FetchMethod):
                bb.utils.mkdirhier(ud.clonedir)
                runfetchcmd("tar -xzf %s" % ud.fullmirror, d, workdir=ud.clonedir)
            else:
-                tmpdir = tempfile.mkdtemp(dir=d.getVar('DL_DIR'))
-                runfetchcmd("tar -xzf %s" % ud.fullmirror, d, workdir=tmpdir)
-                output = runfetchcmd("%s remote" % ud.basecmd, d, quiet=True, workdir=ud.clonedir)
-                if 'mirror' in output:
-                    runfetchcmd("%s remote rm mirror" % ud.basecmd, d, workdir=ud.clonedir)
-                runfetchcmd("%s remote add --mirror=fetch mirror %s" % (ud.basecmd, tmpdir), d, workdir=ud.clonedir)
-                fetch_cmd = "LANG=C %s fetch -f --update-head-ok  --progress mirror " % (ud.basecmd)
-                runfetchcmd(fetch_cmd, d, workdir=ud.clonedir)
+                with tempfile.TemporaryDirectory(dir=d.getVar('DL_DIR')) as tmpdir:
+                    runfetchcmd("tar -xzf %s" % ud.fullmirror, d, workdir=tmpdir)
+                    output = runfetchcmd("%s remote" % ud.basecmd, d, quiet=True, workdir=ud.clonedir)
+                    if 'mirror' in output:
+                        runfetchcmd("%s remote rm mirror" % ud.basecmd, d, workdir=ud.clonedir)
+                    runfetchcmd("%s remote add --mirror=fetch mirror %s" % (ud.basecmd, tmpdir), d, workdir=ud.clonedir)
+                    fetch_cmd = "LANG=C %s fetch -f --update-head-ok  --progress mirror " % (ud.basecmd)
+                    runfetchcmd(fetch_cmd, d, workdir=ud.clonedir)
        repourl = self._get_repo_url(ud)

        needs_clone = False
@@ -602,7 +602,7 @@ class Git(FetchMethod):
        shallow_cmd = [self.make_shallow_path, '-s']
        for b in shallow_branches:
            shallow_cmd.append('-r')
-            shallow_cmd.append(b)
+            shallow_cmd.append(shlex.quote(b))
        shallow_cmd.extend(shallow_revisions)
        runfetchcmd(subprocess.list2cmdline(shallow_cmd), d, workdir=dest)

--- a/bitbake/lib/bb/fetch2/gitsm.py
+++ b/bitbake/lib/bb/fetch2/gitsm.py
@@ -123,7 +123,7 @@ class GitSM(Git):
            url += ";name=%s" % module
            url += ";subpath=%s" % module
            url += ";nobranch=1"
-            url += ";lfs=%s" % self._need_lfs(ud)
+            url += ";lfs=%s" % ("1" if self._need_lfs(ud) else "0")
            # Note that adding "user=" here to give credentials to the
            # submodule is not supported. Since using SRC_URI to give git://
            # URL a password is not supported, one have to use one of the
@@ -243,12 +243,24 @@ class GitSM(Git):
        ret = self.process_submodules(ud, ud.destdir, unpack_submodules, d)

        if not ud.bareclone and ret:
-            # All submodules should already be downloaded and configured in the tree.  This simply
-            # sets up the configuration and checks out the files.  The main project config should
-            # remain unmodified, and no download from the internet should occur. As such, lfs smudge
-            # should also be skipped as these files were already smudged in the fetch stage if lfs
-            # was enabled.
-            runfetchcmd("GIT_LFS_SKIP_SMUDGE=1 %s submodule update --recursive --no-fetch" % (ud.basecmd), d, quiet=True, workdir=ud.destdir)
+            cmdprefix = ""
+            # Avoid LFS smudging (replacing the LFS pointers with the actual content) when LFS shouldn't be used but git-lfs is installed.
+            if not self._need_lfs(ud):
+                cmdprefix = "GIT_LFS_SKIP_SMUDGE=1 "
+            runfetchcmd("%s%s submodule update --recursive --no-fetch" % (cmdprefix, ud.basecmd), d, quiet=True, workdir=ud.destdir)
+    def clean(self, ud, d):
+        def clean_submodule(ud, url, module, modpath, workdir, d):
+            url += ";bareclone=1;nobranch=1"
+            try:
+                newfetch = Fetch([url], d, cache=False)
+                newfetch.clean()
+            except Exception as e:
+                logger.warning('gitsm: submodule clean failed: %s %s' % (type(e).__name__, str(e)))
+
+        self.call_process_submodules(ud, d, True, clean_submodule)
+
+        # Clean top git dir
+        Git.clean(self, ud, d)

    def implicit_urldata(self, ud, d):
        import shutil, subprocess, tempfile
--- a/bitbake/lib/bb/fetch2/wget.py
+++ b/bitbake/lib/bb/fetch2/wget.py
@@ -303,15 +303,70 @@ class Wget(FetchMethod):
            http_error_403 = http_error_405


+        def _url_origin(url):
+            parsed = urllib.parse.urlsplit(url)
+            scheme = parsed.scheme.lower()
+            host = parsed.hostname.lower() if parsed.hostname else ""
+            port = parsed.port
+            if port is None:
+                port = {"http": 80, "https": 443}.get(scheme)
+            return (scheme, host, port)
+
+        def _same_origin(url_a, url_b):
+            return _url_origin(url_a) == _url_origin(url_b)
+
        class FixedHTTPRedirectHandler(urllib.request.HTTPRedirectHandler):
            """
-            urllib2.HTTPRedirectHandler resets the method to GET on redirect,
-            when we want to follow redirects using the original method.
+            urllib2.HTTPRedirectHandler before 3.13 has two flaws:
+            
+            It resets the method to GET on redirect when we want to follow
+            redirects using the original method (typically HEAD). This was fixed
+            in 759e8e7.
+
+            It also doesn't handle 308 (Permanent Redirect). This was fixed in
+            c379bc5.
+
+            Until we depend on Python 3.13 onwards, copy the redirect_request
+            method to fix these issues.
+
+            Additionally, strip sensitive headers (Authorization, Cookie) when
+            redirecting to a different origin to avoid credential leaks.
            """
            def redirect_request(self, req, fp, code, msg, headers, newurl):
-                newreq = urllib.request.HTTPRedirectHandler.redirect_request(self, req, fp, code, msg, headers, newurl)
-                newreq.get_method = req.get_method
-                return newreq
+                m = req.get_method()
+                if (not (code in (301, 302, 303, 307, 308) and m in ("GET", "HEAD")
+                    or code in (301, 302, 303) and m == "POST")):
+                    raise urllib.HTTPError(req.full_url, code, msg, headers, fp)
+
+                # Strictly (according to RFC 2616), 301 or 302 in response to
+                # a POST MUST NOT cause a redirection without confirmation
+                # from the user (of urllib.request, in this case).  In practice,
+                # essentially all clients do redirect in this case, so we do
+                # the same.
+
+                # Be conciliant with URIs containing a space.  This is mainly
+                # redundant with the more complete encoding done in http_error_302(),
+                # but it is kept for compatibility with other callers.
+                newurl = newurl.replace(' ', '%20')
+
+                CONTENT_HEADERS = ("content-length", "content-type")
+                SENSITIVE_REDIRECT_HEADERS = ("authorization", "cookie")
+                same_origin = _same_origin(req.get_full_url(), newurl)
+                newheaders = {}
+                for k, v in req.headers.items():
+                    header = k.lower()
+                    if header in CONTENT_HEADERS:
+                        continue
+                    if not same_origin and header in SENSITIVE_REDIRECT_HEADERS:
+                        continue
+                    newheaders[k] = v
+                return urllib.request.Request(newurl,
+                            method="HEAD" if m == "HEAD" else "GET",
+                            headers=newheaders,
+                            origin_req_host=req.origin_req_host,
+                            unverifiable=True)
+
+            http_error_308 = urllib.request.HTTPRedirectHandler.http_error_302

        # We need to update the environment here as both the proxy and HTTPS
        # handlers need variables set. The proxy needs http_proxy and friends to
--- a/bitbake/lib/bb/runqueue.py
+++ b/bitbake/lib/bb/runqueue.py
@@ -22,11 +22,12 @@ from bb import msg, event
 from bb import monitordisk
 import subprocess
 import pickle
-from multiprocessing import Process
 import shlex
 import pprint
 import time

+Process = bb.multiprocessing.Process
+
 bblogger = logging.getLogger("BitBake")
 logger = logging.getLogger("BitBake.RunQueue")
 hashequiv_logger = logging.getLogger("BitBake.RunQueue.HashEquiv")
--- a/bitbake/lib/bb/siggen.py
+++ b/bitbake/lib/bb/siggen.py
@@ -43,6 +43,10 @@ def check_siggen_version(siggen):
    if siggen.find_siginfo_version < siggen.find_siginfo_minversion:
        bb.fatal("Siggen from metadata (OE-Core?) is too old, please update it (%s vs %s)" % (siggen.find_siginfo_version, siggen.find_siginfo_minversion))

+def check_hashserv_unihash(unihash):
+    if not hashserv.is_valid_unihash(unihash):
+        bb.fatal("Hash Equivalence Server returned invalid unihash")
+
 class SetEncoder(json.JSONEncoder):
    def default(self, obj):
        if isinstance(obj, set) or isinstance(obj, frozenset):
@@ -753,6 +757,7 @@ class SignatureGeneratorUniHashMixIn(object):
            #    the unique hash.
            taskhash = self.taskhash[tid]
            if unihash:
+                check_hashserv_unihash(unihash)
                # A unique hash equal to the taskhash is not very interesting,
                # so it is reported it at debug level 2. If they differ, that
                # is much more interesting, so it is reported at debug level 1
@@ -772,7 +777,7 @@ class SignatureGeneratorUniHashMixIn(object):
        import importlib

        taskhash = d.getVar('BB_TASKHASH')
-        unihash = d.getVar('BB_UNIHASH')
+        unihash = d.getVar('BB_UNIHASH', expand=False)
        report_taskdata = d.getVar('SSTATE_HASHEQUIV_REPORT_TASKDATA') == '1'
        tempdir = d.getVar('T')
        mcfn = d.getVar('BB_FILENAME')
@@ -834,6 +839,7 @@ class SignatureGeneratorUniHashMixIn(object):
                    data = client.report_unihash(taskhash, method, outhash, unihash, extra_data)

                new_unihash = data['unihash']
+                check_hashserv_unihash(new_unihash)

                if new_unihash != unihash:
                    hashequiv_logger.debug('Task %s unihash changed %s -> %s by server %s' % (taskhash, unihash, new_unihash, self.server))
@@ -873,6 +879,7 @@ class SignatureGeneratorUniHashMixIn(object):
                return False

            finalunihash = data['unihash']
+            check_hashserv_unihash(finalunihash)

            if finalunihash == current_unihash:
                hashequiv_logger.verbose('Task %s unihash %s unchanged by server' % (tid, finalunihash))
--- a/bitbake/lib/bb/tests/fetch.py
+++ b/bitbake/lib/bb/tests/fetch.py
@@ -7,13 +7,17 @@
 #

 import contextlib
+import http.server
+import shutil
 import unittest
 import hashlib
 import tempfile
 import collections
 import os
 import signal
+import subprocess
 import tarfile
+import threading
 from bb.fetch2 import URI
 from bb.fetch2 import FetchMethod
 import bb
@@ -731,6 +735,34 @@ class FetcherLocalTest(FetcherTest):
        bb.process.run('tar cjf archive.tar.bz2 -C dir .', cwd=self.localsrcdir)
        self.d.setVar("FILESPATH", self.localsrcdir)

+    def make_ar_package(self, package_name, data_member="data.tar"):
+        if not shutil.which("ar"):
+            self.skipTest("ar not installed")
+
+        workdir = tempfile.mkdtemp(dir=self.tempdir)
+        payload = os.path.join(workdir, "payload")
+        with open(payload, "w") as f:
+            f.write("payload\n")
+
+        data_path = os.path.join(workdir, data_member)
+        mode = "w:gz" if data_member.endswith(".gz") else "w"
+        with tarfile.open(data_path, mode) as archive:
+            archive.add(payload, arcname="payload")
+
+        with open(os.path.join(workdir, "debian-binary"), "w") as f:
+            f.write("2.0\n")
+
+        control = os.path.join(workdir, "control")
+        with open(control, "w") as f:
+            f.write("Package: fetch-test\nVersion: 1\nArchitecture: all\n")
+        with tarfile.open(os.path.join(workdir, "control.tar"), "w") as archive:
+            archive.add(control, arcname="control")
+
+        package_path = os.path.join(self.localsrcdir, package_name)
+        subprocess.check_call(["ar", "r", package_path, "debian-binary", "control.tar", data_member],
+                              cwd=workdir, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
+        return package_name
+
    def fetchUnpack(self, uris):
        fetcher = bb.fetch.Fetch(uris, self.d)
        fetcher.download()
@@ -800,6 +832,40 @@ class FetcherLocalTest(FetcherTest):
        tree = self.fetchUnpack(['file://archive.tar.bz2;subdir=bar;striplevel=1'])
        self.assertEqual(tree, ['bar/c', 'bar/d', 'bar/subdir/e'])

+    def test_local_deb_quoted_filename(self):
+        package = self.make_ar_package("archive$(id).deb")
+        tree = self.fetchUnpack(['file://%s' % package])
+        self.assertEqual(tree, ['payload'])
+
+    def test_local_ipk_gz_data_member(self):
+        package = self.make_ar_package("archive.ipk", data_member="data.tar.gz")
+        tree = self.fetchUnpack(['file://%s' % package])
+        self.assertEqual(tree, ['payload'])
+
+    def test_local_deb_rejects_unknown_data_member_suffix(self):
+        package = self.make_ar_package("archive.deb", data_member="data.tar.foo")
+        with self.assertRaises(bb.fetch2.UnpackError) as context:
+            self.fetchUnpack(['file://%s' % package])
+
+        self.assertIn("does not contain supported data.tar* file", str(context.exception))
+
+    def test_local_deb_rejects_unsafe_data_member(self):
+        package = self.make_ar_package("archive.deb", data_member="data.tar.xz;id")
+        with self.assertRaises(bb.fetch2.UnpackError) as context:
+            self.fetchUnpack(['file://%s' % package])
+
+        self.assertIn("does not contain supported data.tar* file", str(context.exception))
+
+    def assertInvalidStriplevel(self, value):
+        with self.assertRaises(bb.fetch2.UnpackError) as context:
+            self.fetchUnpack(['file://archive.tar;subdir=bar;striplevel=%s' % value])
+        self.assertIn("Invalid striplevel parameter", str(context.exception))
+
+    def test_local_striplevel_rejects_invalid_values(self):
+        for value in ("abc", "", "-1", "1 2"):
+            with self.subTest(striplevel=repr(value)):
+                self.assertInvalidStriplevel(value)
+
    def dummyGitTest(self, suffix):
        # Create dummy local Git repo
        src_dir = tempfile.mkdtemp(dir=self.tempdir,
@@ -1107,7 +1173,7 @@ class FetcherNetworkTest(FetcherTest):
        # URL with ssh submodules
        url = "gitsm://git.yoctoproject.org/git-submodule-test;branch=ssh-gitsm-tests;rev=049da4a6cb198d7c0302e9e8b243a1443cb809a7;branch=master;protocol=https"
        # Original URL (comment this if you have ssh access to git.yoctoproject.org)
-        url = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master;rev=a2885dd7d25380d23627e7544b7bbb55014b16ee;branch=master;protocol=https"
+        url = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master;rev=38e61644af90dccd73c03ed3acaed98c8dda9294;branch=master;protocol=https"
        fetcher = bb.fetch.Fetch([url], self.d)
        fetcher.download()
        # Previous cwd has been deleted
@@ -1546,6 +1612,41 @@ class FetchCheckStatusTest(FetcherTest):
                      "https://github.com/kergoth/tslib/releases/download/1.1/tslib-1.1.tar.xz"
                      ]

+    def _start_checkstatus_server(self):
+        class CheckStatusHTTPRequestHandler(http.server.BaseHTTPRequestHandler):
+            def do_HEAD(self):
+                self.server.requests.append((self.path, dict(self.headers)))
+                if self.path == "/a" and self.server.redirect_url:
+                    self.send_response(302)
+                    self.send_header("Location", self.server.redirect_url)
+                    self.end_headers()
+                    return
+                self.send_response(200)
+                self.end_headers()
+
+            def log_message(self, format_str, *args):
+                pass
+
+        server = http.server.HTTPServer(("127.0.0.1", 0), CheckStatusHTTPRequestHandler)
+        server.redirect_url = None
+        server.requests = []
+        thread = threading.Thread(target=server.serve_forever, kwargs={"poll_interval": 0.05})
+        thread.daemon = True
+        thread.start()
+
+        def stop_server():
+            server.shutdown()
+            thread.join()
+            server.server_close()
+
+        self.addCleanup(stop_server)
+        return server
+
+    def _checkstatus(self, url):
+        fetch = bb.fetch2.Fetch([url], self.d)
+        ud = fetch.ud[url]
+        return ud.method.checkstatus(fetch, ud, self.d)
+
    @skipIfNoNetwork()
    def test_wget_checkstatus(self):
        fetch = bb.fetch2.Fetch(self.test_wget_uris, self.d)
@@ -1573,6 +1674,31 @@ class FetchCheckStatusTest(FetcherTest):

        connection_cache.close_connections()

+    def test_wget_checkstatus_same_origin_redirect_keeps_auth(self):
+        server = self._start_checkstatus_server()
+        server.redirect_url = "http://127.0.0.1:%s/b" % server.server_port
+
+        url = "http://127.0.0.1:%s/a;user=user;pswd=pass" % server.server_port
+        self.assertTrue(self._checkstatus(url))
+
+        self.assertEqual(len(server.requests), 2)
+        redirected_headers = {k.lower(): v for k, v in server.requests[1][1].items()}
+        self.assertIn("authorization", redirected_headers)
+
+    def test_wget_checkstatus_different_origin_redirect_drops_auth(self):
+        origin = self._start_checkstatus_server()
+        target = self._start_checkstatus_server()
+        # Same host but different port is a different origin.
+        origin.redirect_url = "http://127.0.0.1:%s/b" % target.server_port
+
+        url = "http://127.0.0.1:%s/a;user=user;pswd=pass" % origin.server_port
+        self.assertTrue(self._checkstatus(url))
+
+        self.assertEqual(len(origin.requests), 1)
+        self.assertEqual(len(target.requests), 1)
+        redirected_headers = {k.lower(): v for k, v in target.requests[0][1].items()}
+        self.assertNotIn("authorization", redirected_headers)
+

 class GitMakeShallowTest(FetcherTest):
    def setUp(self):
@@ -2142,6 +2268,36 @@ class GitShallowTest(FetcherTest):
        self.assertRefs(['master', 'origin/master', 'v1.0'])
        self.assertRevCount(1)

+    def test_shallow_extra_refs_wildcard_shell_quoted(self):
+        self.add_empty_file('a')
+        marker = os.path.join(self.tempdir, 'ref-command-marker')
+        ref = 'refs/tags/poc;touch${IFS}%s' % marker
+        self.git(['update-ref', ref, 'HEAD'], cwd=self.srcdir)
+
+        self.d.setVar('BB_GIT_SHALLOW_EXTRA_REFS', 'refs/tags/*')
+        self.fetch_shallow()
+
+        self.assertFalse(os.path.exists(marker))
+        self.assertRefs(['master', 'origin/master', ref])
+
+    def test_shallow_extra_refs_wildcard_fetch_options(self):
+        self.add_empty_file('a')
+        marker = os.path.join(self.tempdir, 'ref-option-marker')
+        helper = os.path.join(self.tempdir, 'upload-pack-helper')
+        with open(helper, 'w') as f:
+            f.write('#!/bin/sh\n')
+            f.write('touch "%s"\n' % marker)
+            f.write('exec git-upload-pack "$@"\n')
+        os.chmod(helper, 0o755)
+        ref = 'refs/tags/--upload-pack=%s' % helper
+        self.git(['update-ref', ref, 'HEAD'], cwd=self.srcdir)
+
+        self.d.setVar('BB_GIT_SHALLOW_EXTRA_REFS', 'refs/tags/*')
+        self.fetch_shallow()
+
+        self.assertFalse(os.path.exists(marker))
+        self.assertRefs(['master', 'origin/master', ref])
+
    def test_shallow_missing_extra_refs(self):
        self.add_empty_file('a')
        self.add_empty_file('b')
@@ -3267,6 +3423,7 @@ class FetchPremirroronlyNetworkTest(FetcherTest):
        self.reponame = "fstests"
        self.clonedir = os.path.join(self.tempdir, "git")
        self.gitdir = os.path.join(self.tempdir, "git", "{}.git".format(self.reponame))
+        self.giturl = "https://git.yoctoproject.org/fstests"
        self.recipe_url = "git://git.yoctoproject.org/fstests;protocol=https"
        self.d.setVar("BB_FETCH_PREMIRRORONLY", "1")
        self.d.setVar("BB_NO_NETWORK", "0")
@@ -3276,7 +3433,7 @@ class FetchPremirroronlyNetworkTest(FetcherTest):
        import shutil
        self.mirrorname = "git2_git.yoctoproject.org.fstests.tar.gz"
        os.makedirs(self.clonedir)
-        self.git("clone --bare --shallow-since=\"01.01.2013\" {}".format(self.recipe_url), self.clonedir)
+        self.git("clone --bare --shallow-since=\"01.01.2013\" {}".format(self.giturl), self.clonedir)
        bb.process.run('tar -czvf {} .'.format(os.path.join(self.mirrordir, self.mirrorname)), cwd =  self.gitdir)
        shutil.rmtree(self.clonedir)

--- a/bitbake/lib/bb/tests/siggen.py
+++ b/bitbake/lib/bb/tests/siggen.py
@@ -9,7 +9,9 @@
 import unittest
 import logging
 import bb
+import bb.data
 import time
+from contextlib import contextmanager

 logger = logging.getLogger('BitBake.TestSiggen')

@@ -26,3 +28,49 @@ class SiggenTest(unittest.TestCase):
        for t in tests:
            self.assertEqual(bb.siggen.build_pnid(*t), tests[t])

+    def test_get_unihashes_rejects_invalid_hashserv_unihash(self):
+        class TestClient:
+            def get_unihash_batch(self, query):
+                list(query)
+                return ["${@os.system('true')}"]
+
+        class TestSiggen(bb.siggen.SignatureGeneratorUniHashMixIn):
+            def __init__(self):
+                self.server = "test-server"
+                self.method = "test-method"
+                self.extramethod = {}
+                self.taskhash = {"test.bb:do_compile": "a" * 64}
+                self.unihash = {}
+                self.unitaskhashes = {}
+                self.tidtopn = {}
+                self.setscenetasks = set()
+                self.max_parallel = 1
+
+            @contextmanager
+            def client(self):
+                yield TestClient()
+
+        siggen = TestSiggen()
+
+        with self.assertRaises(bb.BBHandledException):
+            siggen.get_unihashes(["test.bb:do_compile"])
+
+        self.assertEqual(siggen.unihash, {})
+        self.assertEqual(siggen.unitaskhashes, {})
+
+    def test_report_unihash_reads_bb_unihash_without_expansion(self):
+        class TestSiggen(bb.siggen.SignatureGeneratorUniHashMixIn):
+            def __init__(self):
+                self.setscenetasks = set()
+                self.taskhash = {"test.bb:do_compile": "b" * 64}
+
+        d = bb.data.init()
+        d.setVar("BB_TASKHASH", "a" * 64)
+        d.setVar("BB_UNIHASH", "${@d.setVar('EXPANDED_UNIHASH', '1') or 'bad'}")
+        d.setVar("SSTATE_HASHEQUIV_REPORT_TASKDATA", "0")
+        d.setVar("T", "/tmp")
+        d.setVar("BB_FILENAME", "test.bb")
+
+        TestSiggen().report_unihash(".", "compile", d)
+
+        self.assertIsNone(d.getVar("EXPANDED_UNIHASH"))
--- a/bitbake/lib/bb/ui/knotty.py
+++ b/bitbake/lib/bb/ui/knotty.py
@@ -131,7 +131,7 @@ class TerminalFilter(object):
    def getTerminalColumns(self):
        def ioctl_GWINSZ(fd):
            try:
-                cr = struct.unpack('hh', fcntl.ioctl(fd, self.termios.TIOCGWINSZ, '1234'))
+                cr = struct.unpack('hhhh', fcntl.ioctl(fd, self.termios.TIOCGWINSZ, b'12345678'))[0:2]
            except:
                return None
            return cr
@@ -145,7 +145,7 @@ class TerminalFilter(object):
                pass
        if not cr:
            try:
-                cr = (os.environ['LINES'], os.environ['COLUMNS'])
+                cr = (int(os.environ['LINES']), int(os.environ['COLUMNS']))
            except:
                cr = (25, 80)
        return cr
--- a/bitbake/lib/hashserv/init.py
+++ b/bitbake/lib/hashserv/init.py
@@ -7,12 +7,19 @@ import asyncio
 from contextlib import closing
 import itertools
 import json
+import re
 from collections import namedtuple
 from urllib.parse import urlparse
 from bb.asyncrpc.client import parse_address, ADDR_TYPE_UNIX, ADDR_TYPE_WS

 User = namedtuple("User", ("username", "permissions"))

+UNIHASH_REGEX = re.compile(r"^[0-9a-f]{64}$")
+
+
+def is_valid_unihash(value):
+    return isinstance(value, str) and UNIHASH_REGEX.fullmatch(value) is not None
+
 def create_server(
    addr,
    dbname,
--- a/bitbake/lib/hashserv/server.py
+++ b/bitbake/lib/hashserv/server.py
@@ -12,6 +12,7 @@ import os
 import base64
 import hashlib
 from . import create_async_client
+from . import is_valid_unihash
 import bb.asyncrpc

 logger = logging.getLogger("hashserv.server")
@@ -172,6 +173,11 @@ def hash_token(algo, salt, token):
    return ":".join([algo, salt, h.hexdigest()])


+def validate_unihash(value):
+    if not is_valid_unihash(value):
+        raise bb.asyncrpc.InvokeError("Invalid unihash")
+
+
 def permissions(*permissions, allow_anon=True, allow_self_service=False):
    """
    Function decorator that can be used to decorate an RPC function call and
@@ -343,7 +349,7 @@ class ServerClient(bb.asyncrpc.AsyncServerConnection):
                d = {k: row[k] for k in row.keys()}
            elif self.upstream_client is not None:
                d = await self.upstream_client.get_taskhash(method, taskhash)
-                await self.db.insert_unihash(d["method"], d["taskhash"], d["unihash"])
+                await self.insert_unihash(d["method"], d["taskhash"], d["unihash"])

        return d

@@ -375,9 +381,13 @@ class ServerClient(bb.asyncrpc.AsyncServerConnection):
        if data is None:
            return

-        await self.db.insert_unihash(data["method"], data["taskhash"], data["unihash"])
+        await self.insert_unihash(data["method"], data["taskhash"], data["unihash"])
        await self.db.insert_outhash(data)

+    async def insert_unihash(self, method, taskhash, unihash):
+        validate_unihash(unihash)
+        return await self.db.insert_unihash(method, taskhash, unihash)
+
    async def _stream_handler(self, handler):
        await self.socket.send_message("ok")

@@ -465,6 +475,8 @@ class ServerClient(bb.asyncrpc.AsyncServerConnection):
    # report is made inside the function
    @permissions(READ_PERM)
    async def handle_report(self, data):
+        validate_unihash(data.get("unihash"))
+
        if self.server.read_only or not self.user_has_permissions(REPORT_PERM):
            return await self.report_readonly(data)

@@ -507,7 +519,7 @@ class ServerClient(bb.asyncrpc.AsyncServerConnection):
                    if upstream_data is not None:
                        unihash = upstream_data["unihash"]

-            await self.db.insert_unihash(data["method"], data["taskhash"], unihash)
+            await self.insert_unihash(data["method"], data["taskhash"], unihash)

        unihash_data = await self.get_unihash(data["method"], data["taskhash"])
        if unihash_data is not None:
@@ -523,7 +535,9 @@ class ServerClient(bb.asyncrpc.AsyncServerConnection):

    @permissions(READ_PERM, REPORT_PERM)
    async def handle_equivreport(self, data):
-        await self.db.insert_unihash(data["method"], data["taskhash"], data["unihash"])
+        validate_unihash(data.get("unihash"))
+
+        await self.insert_unihash(data["method"], data["taskhash"], data["unihash"])

        # Fetch the unihash that will be reported for the taskhash. If the
        # unihash matches, it means this row was inserted (or the mapping
@@ -859,7 +873,10 @@ class Server(bb.asyncrpc.AsyncServer):
                method, taskhash = item
                d = await client.get_taskhash(method, taskhash)
                if d is not None:
-                    await db.insert_unihash(d["method"], d["taskhash"], d["unihash"])
+                    if is_valid_unihash(d.get("unihash")):
+                        await db.insert_unihash(d["method"], d["taskhash"], d["unihash"])
+                    else:
+                        self.logger.warning("Upstream server returned invalid unihash")
                self.backfill_queue.task_done()

    def start(self):
--- a/bitbake/lib/hashserv/tests.py
+++ b/bitbake/lib/hashserv/tests.py
@@ -128,7 +128,7 @@ class HashEquivalenceTestSetup(object):
        # Simple test that hashes can be created
        taskhash = '35788efcb8dfb0a02659d81cf2bfd695fb30faf9'
        outhash = '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f'
-        unihash = 'f46d3fbb439bd9b921095da657a4de906510d2cd'
+        unihash = 'a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9'

        self.assertClientGetHash(client, taskhash, None)

@@ -182,7 +182,7 @@ class HashEquivalenceCommonTests(object):
        # assigned the same unihash
        taskhash = '53b8dce672cb6d0c73170be43f540460bfc347b4'
        outhash = '5a9cb1649625f0bf41fc7791b635cd9c2d7118c7f021ba87dcd03f72b67ce7a8'
-        unihash = 'f37918cc02eb5a520b1aff86faacbc0a38124646'
+        unihash = '46edb5140d2613049332d0bf3745d9fafec9c559dac8cc61813739a28007fcdf'

        result = self.client.report_unihash(taskhash, self.METHOD, outhash, unihash)
        self.assertEqual(result['unihash'], unihash, 'Server returned bad unihash')
@@ -190,7 +190,7 @@ class HashEquivalenceCommonTests(object):
        # Report a different task with the same outhash. The returned unihash
        # should match the first task
        taskhash2 = '3bf6f1e89d26205aec90da04854fbdbf73afe6b4'
-        unihash2 = 'af36b199320e611fbb16f1f277d3ee1d619ca58b'
+        unihash2 = 'bf6e81926066f770e960f9f777cd088c62bea9addb7745f3e77deaa81a645747'
        result = self.client.report_unihash(taskhash2, self.METHOD, outhash, unihash2)
        self.assertEqual(result['unihash'], unihash, 'Server returned bad unihash')

@@ -200,19 +200,19 @@ class HashEquivalenceCommonTests(object):
        # taskhash
        taskhash = '8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a'
        outhash = 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e'
-        unihash = '218e57509998197d570e2c98512d0105985dffc9'
+        unihash = '5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380'
        self.client.report_unihash(taskhash, self.METHOD, outhash, unihash)

        self.assertClientGetHash(self.client, taskhash, unihash)

        outhash2 = '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d'
-        unihash2 = 'ae9a7d252735f0dafcdb10e2e02561ca3a47314c'
+        unihash2 = 'a37541b54fd22440e292f617eb30ba07455e88fb0b9f0952eca229b6356290e3'
        self.client.report_unihash(taskhash, self.METHOD, outhash2, unihash2)

        self.assertClientGetHash(self.client, taskhash, unihash)

        outhash3 = '77623a549b5b1a31e3732dfa8fe61d7ce5d44b3370f253c5360e136b852967b4'
-        unihash3 = '9217a7d6398518e5dc002ed58f2cbbbc78696603'
+        unihash3 = '6842f1f2daccd96ddef15c9154d4e41ac8a2300d781ac9a9db7f8afeb8a96808'
        self.client.report_unihash(taskhash, self.METHOD, outhash3, unihash3)

        self.assertClientGetHash(self.client, taskhash, unihash)
@@ -272,7 +272,7 @@ class HashEquivalenceCommonTests(object):
        # Simple test that hashes can be created
        taskhash = 'c665584ee6817aa99edfc77a44dd853828279370'
        outhash = '3c979c3db45c569f51ab7626a4651074be3a9d11a84b1db076f5b14f7d39db44'
-        unihash = '90e9bc1d1f094c51824adca7f8ea79a048d68824'
+        unihash = '06f89b8f329ba8124ff73c56d09ef921b42624747c421277bddaf5e23f136e57'

        self.assertClientGetHash(self.client, taskhash, None)

@@ -295,6 +295,36 @@ class HashEquivalenceCommonTests(object):
        self.assertEqual(result_outhash['outhash'], outhash)
        self.assertEqual(result_outhash['outhash_siginfo'], siginfo)

+    def test_report_rejects_invalid_unihash(self):
+        taskhash = '68a9206490b2321bb033fb3eab013a4ec62c41f9'
+        outhash = 'bf5f2efaf1ca351f3b4c3d079363540ab48f7c58db3d23cfbb069cf4ff1ea8f7'
+        invalid_unihashes = (
+            "${@os.system('true')}",
+            'a' * 63,
+            'a' * 65,
+            'A' * 64,
+            None,
+        )
+
+        for unihash in invalid_unihashes:
+            with self.subTest(unihash=unihash):
+                with self.start_client(self.server_address) as client:
+                    with self.assertRaises(InvokeError) as context:
+                        client.report_unihash(taskhash, self.METHOD, outhash, unihash)
+
+                self.assertEqual(str(context.exception), "Invalid unihash")
+
+        self.assertClientGetHash(self.client, taskhash, None)
+
+    def test_equivreport_rejects_invalid_unihash(self):
+        taskhash = 'ae6339531895ddf5b67e663e6a374ad8ec71d81c'
+
+        with self.assertRaises(InvokeError) as context:
+            self.client.report_unihash_equiv(taskhash, self.METHOD, "${@os.system('true')}")
+
+        self.assertEqual(str(context.exception), "Invalid unihash")
+        self.assertClientGetHash(self.start_client(self.server_address), taskhash, None)
+
    def test_stress(self):
        def query_server(failures):
            client = Client(self.server_address)
@@ -365,7 +395,7 @@ class HashEquivalenceCommonTests(object):
        # Basic report
        taskhash = '8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a'
        outhash = 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e'
-        unihash = '218e57509998197d570e2c98512d0105985dffc9'
+        unihash = '5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380'
        self.client.report_unihash(taskhash, self.METHOD, outhash, unihash)

        check_hash(taskhash, unihash, None)
@@ -373,7 +403,7 @@ class HashEquivalenceCommonTests(object):
        # Duplicated taskhash with multiple output hashes and unihashes.
        # All servers should agree with the originally reported hash
        outhash2 = '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d'
-        unihash2 = 'ae9a7d252735f0dafcdb10e2e02561ca3a47314c'
+        unihash2 = 'a37541b54fd22440e292f617eb30ba07455e88fb0b9f0952eca229b6356290e3'
        self.client.report_unihash(taskhash, self.METHOD, outhash2, unihash2)

        check_hash(taskhash, unihash, unihash)
@@ -381,7 +411,7 @@ class HashEquivalenceCommonTests(object):
        # Report an equivalent task. The sideload will originally report
        # no unihash until backfilled
        taskhash3 = "044c2ec8aaf480685a00ff6ff49e6162e6ad34e1"
-        unihash3 = "def64766090d28f627e816454ed46894bb3aab36"
+        unihash3 = "aca636d800aef40e6ddcea4b2262cc4ea0d1180a6783e5b4653a20c7dd73458d"
        self.client.report_unihash(taskhash3, self.METHOD, outhash, unihash3)

        check_hash(taskhash3, unihash, None)
@@ -390,7 +420,7 @@ class HashEquivalenceCommonTests(object):
        # propagating to the upstream server
        taskhash4 = "e3da00593d6a7fb435c7e2114976c59c5fd6d561"
        outhash4 = "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a"
-        unihash4 = "3b5d3d83f07f259e9086fcb422c855286e18a57d"
+        unihash4 = "7aebef07d66a8c0f92d0c4f65ec8b1fbb850a3693c53827b8774b64fa9a8a9fe"
        down_client.report_unihash(taskhash4, self.METHOD, outhash4, unihash4)
        down_client.backfill_wait()

@@ -402,18 +432,18 @@ class HashEquivalenceCommonTests(object):
        # match which was previously reported to the upstream server
        taskhash5 = '35788efcb8dfb0a02659d81cf2bfd695fb30faf9'
        outhash5 = '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f'
-        unihash5 = 'f46d3fbb439bd9b921095da657a4de906510d2cd'
+        unihash5 = 'a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9'
        result = self.client.report_unihash(taskhash5, self.METHOD, outhash5, unihash5)

        taskhash6 = '35788efcb8dfb0a02659d81cf2bfd695fb30fafa'
-        unihash6 = 'f46d3fbb439bd9b921095da657a4de906510d2ce'
+        unihash6 = 'eabc7a98e0c12bbeb8394dbdf055eb81aac60e4a14cca5c1f069d36efc933b23'
        result = down_client.report_unihash(taskhash6, self.METHOD, outhash5, unihash6)
        self.assertEqual(result['unihash'], unihash5, 'Server failed to copy unihash from upstream')

        # Tests read through from server with
        taskhash7 = '9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74'
        outhash7 = '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69'
-        unihash7 = '05d2a63c81e32f0a36542ca677e8ad852365c538'
+        unihash7 = '7521a98a0c645341bc51559b234ef37a097e8f3a01665e0303a317925ab7b4d5'
        self.client.report_unihash(taskhash7, self.METHOD, outhash7, unihash7)

        result = down_client.get_taskhash(self.METHOD, taskhash7, True)
@@ -424,7 +454,7 @@ class HashEquivalenceCommonTests(object):

        taskhash8 = '86978a4c8c71b9b487330b0152aade10c1ee58aa'
        outhash8 = 'ca8c128e9d9e4a28ef24d0508aa20b5cf880604eacd8f65c0e366f7e0cc5fbcf'
-        unihash8 = 'd8bcf25369d40590ad7d08c84d538982f2023e01'
+        unihash8 = '83386d9385b0bf3ba25693127ddcaaadeaa1c4bf8cb0baecfb5314b9a20072a1'
        self.client.report_unihash(taskhash8, self.METHOD, outhash8, unihash8)

        result = down_client.get_outhash(self.METHOD, outhash8, taskhash8)
@@ -435,7 +465,7 @@ class HashEquivalenceCommonTests(object):

        taskhash9 = 'ae6339531895ddf5b67e663e6a374ad8ec71d81c'
        outhash9 = 'afc78172c81880ae10a1fec994b5b4ee33d196a001a1b66212a15ebe573e00b5'
-        unihash9 = '6662e699d6e3d894b24408ff9a4031ef9b038ee8'
+        unihash9 = 'cc74784b2c0ad5b378a6b783c74c518d2c46b8b52fba29cb39a8430d742440d7'
        self.client.report_unihash(taskhash9, self.METHOD, outhash9, unihash9)

        result = down_client.get_taskhash(self.METHOD, taskhash9, False)
@@ -446,7 +476,7 @@ class HashEquivalenceCommonTests(object):
    def test_unihash_exsits(self):
        taskhash, outhash, unihash = self.create_test_hash(self.client)
        self.assertTrue(self.client.unihash_exists(unihash))
-        self.assertFalse(self.client.unihash_exists('6662e699d6e3d894b24408ff9a4031ef9b038ee8'))
+        self.assertFalse(self.client.unihash_exists('cc74784b2c0ad5b378a6b783c74c518d2c46b8b52fba29cb39a8430d742440d7'))

    def test_ro_server(self):
        rw_server = self.start_server()
@@ -458,7 +488,7 @@ class HashEquivalenceCommonTests(object):
        # Report a hash via the read-write server
        taskhash = '35788efcb8dfb0a02659d81cf2bfd695fb30faf9'
        outhash = '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f'
-        unihash = 'f46d3fbb439bd9b921095da657a4de906510d2cd'
+        unihash = 'a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9'

        result = rw_client.report_unihash(taskhash, self.METHOD, outhash, unihash)
        self.assertEqual(result['unihash'], unihash, 'Server returned bad unihash')
@@ -469,7 +499,7 @@ class HashEquivalenceCommonTests(object):
        # Ensure that reporting via the read-only server fails
        taskhash2 = 'c665584ee6817aa99edfc77a44dd853828279370'
        outhash2 = '3c979c3db45c569f51ab7626a4651074be3a9d11a84b1db076f5b14f7d39db44'
-        unihash2 = '90e9bc1d1f094c51824adca7f8ea79a048d68824'
+        unihash2 = '06f89b8f329ba8124ff73c56d09ef921b42624747c421277bddaf5e23f136e57'

        result = ro_client.report_unihash(taskhash2, self.METHOD, outhash2, unihash2)
        self.assertEqual(result['unihash'], unihash2)
@@ -559,15 +589,15 @@ class HashEquivalenceCommonTests(object):
    def test_client_pool_get_unihashes(self):
        TEST_INPUT = (
            # taskhash                                   outhash                                                            unihash
-            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e','218e57509998197d570e2c98512d0105985dffc9'),
+            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e','5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380'),
            # Duplicated taskhash with multiple output hashes and unihashes.
-            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', 'ae9a7d252735f0dafcdb10e2e02561ca3a47314c'),
+            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', 'a37541b54fd22440e292f617eb30ba07455e88fb0b9f0952eca229b6356290e3'),
            # Equivalent hash
-            ("044c2ec8aaf480685a00ff6ff49e6162e6ad34e1", '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', "def64766090d28f627e816454ed46894bb3aab36"),
-            ("e3da00593d6a7fb435c7e2114976c59c5fd6d561", "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a", "3b5d3d83f07f259e9086fcb422c855286e18a57d"),
-            ('35788efcb8dfb0a02659d81cf2bfd695fb30faf9', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2cd'),
-            ('35788efcb8dfb0a02659d81cf2bfd695fb30fafa', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2ce'),
-            ('9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74', '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69', '05d2a63c81e32f0a36542ca677e8ad852365c538'),
+            ("044c2ec8aaf480685a00ff6ff49e6162e6ad34e1", '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', "aca636d800aef40e6ddcea4b2262cc4ea0d1180a6783e5b4653a20c7dd73458d"),
+            ("e3da00593d6a7fb435c7e2114976c59c5fd6d561", "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a", "7aebef07d66a8c0f92d0c4f65ec8b1fbb850a3693c53827b8774b64fa9a8a9fe"),
+            ('35788efcb8dfb0a02659d81cf2bfd695fb30faf9', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9'),
+            ('35788efcb8dfb0a02659d81cf2bfd695fb30fafa', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'eabc7a98e0c12bbeb8394dbdf055eb81aac60e4a14cca5c1f069d36efc933b23'),
+            ('9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74', '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69', '7521a98a0c645341bc51559b234ef37a097e8f3a01665e0303a317925ab7b4d5'),
        )
        EXTRA_QUERIES = (
            "6b6be7a84ab179b4240c4302518dc3f6",
@@ -584,28 +614,56 @@ class HashEquivalenceCommonTests(object):
            result = client_pool.get_unihashes(query)

            self.assertDictEqual(result, {
-                0: "218e57509998197d570e2c98512d0105985dffc9",
-                1: "218e57509998197d570e2c98512d0105985dffc9",
-                2: "218e57509998197d570e2c98512d0105985dffc9",
-                3: "3b5d3d83f07f259e9086fcb422c855286e18a57d",
-                4: "f46d3fbb439bd9b921095da657a4de906510d2cd",
-                5: "f46d3fbb439bd9b921095da657a4de906510d2cd",
-                6: "05d2a63c81e32f0a36542ca677e8ad852365c538",
+                0: "5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380",
+                1: "5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380",
+                2: "5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380",
+                3: "7aebef07d66a8c0f92d0c4f65ec8b1fbb850a3693c53827b8774b64fa9a8a9fe",
+                4: "a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9",
+                5: "a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9",
+                6: "7521a98a0c645341bc51559b234ef37a097e8f3a01665e0303a317925ab7b4d5",
                7: None,
            })

    def test_get_unihash_batch(self):
        TEST_INPUT = (
            # taskhash                                   outhash                                                            unihash
-            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e','218e57509998197d570e2c98512d0105985dffc9'),
+            (
+                '8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a',
+                'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e',
+                '5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380',
+            ),
            # Duplicated taskhash with multiple output hashes and unihashes.
-            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', 'ae9a7d252735f0dafcdb10e2e02561ca3a47314c'),
+            (
+                '8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a',
+                '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d',
+                'a37541b54fd22440e292f617eb30ba07455e88fb0b9f0952eca229b6356290e3',
+            ),
            # Equivalent hash
-            ("044c2ec8aaf480685a00ff6ff49e6162e6ad34e1", '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', "def64766090d28f627e816454ed46894bb3aab36"),
-            ("e3da00593d6a7fb435c7e2114976c59c5fd6d561", "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a", "3b5d3d83f07f259e9086fcb422c855286e18a57d"),
-            ('35788efcb8dfb0a02659d81cf2bfd695fb30faf9', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2cd'),
-            ('35788efcb8dfb0a02659d81cf2bfd695fb30fafa', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2ce'),
-            ('9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74', '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69', '05d2a63c81e32f0a36542ca677e8ad852365c538'),
+            (
+                "044c2ec8aaf480685a00ff6ff49e6162e6ad34e1",
+                '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d',
+                "aca636d800aef40e6ddcea4b2262cc4ea0d1180a6783e5b4653a20c7dd73458d",
+            ),
+            (
+                "e3da00593d6a7fb435c7e2114976c59c5fd6d561",
+                "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a",
+                "7aebef07d66a8c0f92d0c4f65ec8b1fbb850a3693c53827b8774b64fa9a8a9fe",
+            ),
+            (
+                '35788efcb8dfb0a02659d81cf2bfd695fb30faf9',
+                '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f',
+                'a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9',
+            ),
+            (
+                '35788efcb8dfb0a02659d81cf2bfd695fb30fafa',
+                '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f',
+                'eabc7a98e0c12bbeb8394dbdf055eb81aac60e4a14cca5c1f069d36efc933b23',
+            ),
+            (
+                '9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74',
+                '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69',
+                '7521a98a0c645341bc51559b234ef37a097e8f3a01665e0303a317925ab7b4d5',
+            ),
        )
        EXTRA_QUERIES = (
            "6b6be7a84ab179b4240c4302518dc3f6",
@@ -621,28 +679,28 @@ class HashEquivalenceCommonTests(object):
        )

        self.assertListEqual(result, [
-            "218e57509998197d570e2c98512d0105985dffc9",
-            "218e57509998197d570e2c98512d0105985dffc9",
-            "218e57509998197d570e2c98512d0105985dffc9",
-            "3b5d3d83f07f259e9086fcb422c855286e18a57d",
-            "f46d3fbb439bd9b921095da657a4de906510d2cd",
-            "f46d3fbb439bd9b921095da657a4de906510d2cd",
-            "05d2a63c81e32f0a36542ca677e8ad852365c538",
+            "5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380",
+            "5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380",
+            "5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380",
+            "7aebef07d66a8c0f92d0c4f65ec8b1fbb850a3693c53827b8774b64fa9a8a9fe",
+            "a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9",
+            "a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9",
+            "7521a98a0c645341bc51559b234ef37a097e8f3a01665e0303a317925ab7b4d5",
            None,
        ])

    def test_client_pool_unihash_exists(self):
        TEST_INPUT = (
            # taskhash                                   outhash                                                            unihash
-            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e','218e57509998197d570e2c98512d0105985dffc9'),
+            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e','5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380'),
            # Duplicated taskhash with multiple output hashes and unihashes.
-            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', 'ae9a7d252735f0dafcdb10e2e02561ca3a47314c'),
+            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', 'a37541b54fd22440e292f617eb30ba07455e88fb0b9f0952eca229b6356290e3'),
            # Equivalent hash
-            ("044c2ec8aaf480685a00ff6ff49e6162e6ad34e1", '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', "def64766090d28f627e816454ed46894bb3aab36"),
-            ("e3da00593d6a7fb435c7e2114976c59c5fd6d561", "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a", "3b5d3d83f07f259e9086fcb422c855286e18a57d"),
-            ('35788efcb8dfb0a02659d81cf2bfd695fb30faf9', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2cd'),
-            ('35788efcb8dfb0a02659d81cf2bfd695fb30fafa', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2ce'),
-            ('9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74', '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69', '05d2a63c81e32f0a36542ca677e8ad852365c538'),
+            ("044c2ec8aaf480685a00ff6ff49e6162e6ad34e1", '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', "aca636d800aef40e6ddcea4b2262cc4ea0d1180a6783e5b4653a20c7dd73458d"),
+            ("e3da00593d6a7fb435c7e2114976c59c5fd6d561", "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a", "7aebef07d66a8c0f92d0c4f65ec8b1fbb850a3693c53827b8774b64fa9a8a9fe"),
+            ('35788efcb8dfb0a02659d81cf2bfd695fb30faf9', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9'),
+            ('35788efcb8dfb0a02659d81cf2bfd695fb30fafa', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'eabc7a98e0c12bbeb8394dbdf055eb81aac60e4a14cca5c1f069d36efc933b23'),
+            ('9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74', '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69', '7521a98a0c645341bc51559b234ef37a097e8f3a01665e0303a317925ab7b4d5'),
        )
        EXTRA_QUERIES = (
            "6b6be7a84ab179b4240c4302518dc3f6",
@@ -676,15 +734,43 @@ class HashEquivalenceCommonTests(object):
    def test_unihash_exists_batch(self):
        TEST_INPUT = (
            # taskhash                                   outhash                                                            unihash
-            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', 'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e','218e57509998197d570e2c98512d0105985dffc9'),
+            (
+                '8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a',
+                'afe240a439959ce86f5e322f8c208e1fedefea9e813f2140c81af866cc9edf7e',
+                '5b521d8a12683086cc08bc2c6d94a7a2dcff17eba53b9911e145d51164689380',
+            ),
            # Duplicated taskhash with multiple output hashes and unihashes.
-            ('8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a', '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', 'ae9a7d252735f0dafcdb10e2e02561ca3a47314c'),
+            (
+                '8aa96fcffb5831b3c2c0cb75f0431e3f8b20554a',
+                '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d',
+                'a37541b54fd22440e292f617eb30ba07455e88fb0b9f0952eca229b6356290e3',
+            ),
            # Equivalent hash
-            ("044c2ec8aaf480685a00ff6ff49e6162e6ad34e1", '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d', "def64766090d28f627e816454ed46894bb3aab36"),
-            ("e3da00593d6a7fb435c7e2114976c59c5fd6d561", "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a", "3b5d3d83f07f259e9086fcb422c855286e18a57d"),
-            ('35788efcb8dfb0a02659d81cf2bfd695fb30faf9', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2cd'),
-            ('35788efcb8dfb0a02659d81cf2bfd695fb30fafa', '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f', 'f46d3fbb439bd9b921095da657a4de906510d2ce'),
-            ('9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74', '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69', '05d2a63c81e32f0a36542ca677e8ad852365c538'),
+            (
+                "044c2ec8aaf480685a00ff6ff49e6162e6ad34e1",
+                '0904a7fe3dc712d9fd8a74a616ddca2a825a8ee97adf0bd3fc86082c7639914d',
+                "aca636d800aef40e6ddcea4b2262cc4ea0d1180a6783e5b4653a20c7dd73458d",
+            ),
+            (
+                "e3da00593d6a7fb435c7e2114976c59c5fd6d561",
+                "1cf8713e645f491eb9c959d20b5cae1c47133a292626dda9b10709857cbe688a",
+                "7aebef07d66a8c0f92d0c4f65ec8b1fbb850a3693c53827b8774b64fa9a8a9fe",
+            ),
+            (
+                '35788efcb8dfb0a02659d81cf2bfd695fb30faf9',
+                '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f',
+                'a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9',
+            ),
+            (
+                '35788efcb8dfb0a02659d81cf2bfd695fb30fafa',
+                '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f',
+                'eabc7a98e0c12bbeb8394dbdf055eb81aac60e4a14cca5c1f069d36efc933b23',
+            ),
+            (
+                '9d81d76242cc7cfaf7bf74b94b9cd2e29324ed74',
+                '8470d56547eea6236d7c81a644ce74670ca0bbda998e13c629ef6bb3f0d60b69',
+                '7521a98a0c645341bc51559b234ef37a097e8f3a01665e0303a317925ab7b4d5',
+            ),
        )
        EXTRA_QUERIES = (
            "6b6be7a84ab179b4240c4302518dc3f6",
@@ -1024,14 +1110,14 @@ class HashEquivalenceCommonTests(object):
    def test_gc(self):
        taskhash = '53b8dce672cb6d0c73170be43f540460bfc347b4'
        outhash = '5a9cb1649625f0bf41fc7791b635cd9c2d7118c7f021ba87dcd03f72b67ce7a8'
-        unihash = 'f37918cc02eb5a520b1aff86faacbc0a38124646'
+        unihash = '46edb5140d2613049332d0bf3745d9fafec9c559dac8cc61813739a28007fcdf'

        result = self.client.report_unihash(taskhash, self.METHOD, outhash, unihash)
        self.assertEqual(result['unihash'], unihash, 'Server returned bad unihash')

        taskhash2 = '3bf6f1e89d26205aec90da04854fbdbf73afe6b4'
        outhash2 = '77623a549b5b1a31e3732dfa8fe61d7ce5d44b3370f253c5360e136b852967b4'
-        unihash2 = 'af36b199320e611fbb16f1f277d3ee1d619ca58b'
+        unihash2 = 'bf6e81926066f770e960f9f777cd088c62bea9addb7745f3e77deaa81a645747'

        result = self.client.report_unihash(taskhash2, self.METHOD, outhash2, unihash2)
        self.assertClientGetHash(self.client, taskhash2, unihash2)
@@ -1057,14 +1143,14 @@ class HashEquivalenceCommonTests(object):
    def test_gc_switch_mark(self):
        taskhash = '53b8dce672cb6d0c73170be43f540460bfc347b4'
        outhash = '5a9cb1649625f0bf41fc7791b635cd9c2d7118c7f021ba87dcd03f72b67ce7a8'
-        unihash = 'f37918cc02eb5a520b1aff86faacbc0a38124646'
+        unihash = '46edb5140d2613049332d0bf3745d9fafec9c559dac8cc61813739a28007fcdf'

        result = self.client.report_unihash(taskhash, self.METHOD, outhash, unihash)
        self.assertEqual(result['unihash'], unihash, 'Server returned bad unihash')

        taskhash2 = '3bf6f1e89d26205aec90da04854fbdbf73afe6b4'
        outhash2 = '77623a549b5b1a31e3732dfa8fe61d7ce5d44b3370f253c5360e136b852967b4'
-        unihash2 = 'af36b199320e611fbb16f1f277d3ee1d619ca58b'
+        unihash2 = 'bf6e81926066f770e960f9f777cd088c62bea9addb7745f3e77deaa81a645747'

        result = self.client.report_unihash(taskhash2, self.METHOD, outhash2, unihash2)
        self.assertClientGetHash(self.client, taskhash2, unihash2)
@@ -1102,14 +1188,14 @@ class HashEquivalenceCommonTests(object):
    def test_gc_switch_sweep_mark(self):
        taskhash = '53b8dce672cb6d0c73170be43f540460bfc347b4'
        outhash = '5a9cb1649625f0bf41fc7791b635cd9c2d7118c7f021ba87dcd03f72b67ce7a8'
-        unihash = 'f37918cc02eb5a520b1aff86faacbc0a38124646'
+        unihash = '46edb5140d2613049332d0bf3745d9fafec9c559dac8cc61813739a28007fcdf'

        result = self.client.report_unihash(taskhash, self.METHOD, outhash, unihash)
        self.assertEqual(result['unihash'], unihash, 'Server returned bad unihash')

        taskhash2 = '3bf6f1e89d26205aec90da04854fbdbf73afe6b4'
        outhash2 = '77623a549b5b1a31e3732dfa8fe61d7ce5d44b3370f253c5360e136b852967b4'
-        unihash2 = 'af36b199320e611fbb16f1f277d3ee1d619ca58b'
+        unihash2 = 'bf6e81926066f770e960f9f777cd088c62bea9addb7745f3e77deaa81a645747'

        result = self.client.report_unihash(taskhash2, self.METHOD, outhash2, unihash2)
        self.assertClientGetHash(self.client, taskhash2, unihash2)
@@ -1132,7 +1218,7 @@ class HashEquivalenceCommonTests(object):
    def test_gc_new_hashes(self):
        taskhash = '53b8dce672cb6d0c73170be43f540460bfc347b4'
        outhash = '5a9cb1649625f0bf41fc7791b635cd9c2d7118c7f021ba87dcd03f72b67ce7a8'
-        unihash = 'f37918cc02eb5a520b1aff86faacbc0a38124646'
+        unihash = '46edb5140d2613049332d0bf3745d9fafec9c559dac8cc61813739a28007fcdf'

        result = self.client.report_unihash(taskhash, self.METHOD, outhash, unihash)
        self.assertEqual(result['unihash'], unihash, 'Server returned bad unihash')
@@ -1149,7 +1235,7 @@ class HashEquivalenceCommonTests(object):

        taskhash2 = '3bf6f1e89d26205aec90da04854fbdbf73afe6b4'
        outhash2 = '77623a549b5b1a31e3732dfa8fe61d7ce5d44b3370f253c5360e136b852967b4'
-        unihash2 = 'af36b199320e611fbb16f1f277d3ee1d619ca58b'
+        unihash2 = 'bf6e81926066f770e960f9f777cd088c62bea9addb7745f3e77deaa81a645747'

        result = self.client.report_unihash(taskhash2, self.METHOD, outhash2, unihash2)
        self.assertClientGetHash(self.client, taskhash2, unihash2)
@@ -1205,7 +1291,7 @@ class TestHashEquivalenceClient(HashEquivalenceTestSetup, unittest.TestCase):

        p = self.run_hashclient([
            "--address", self.server_address,
-            "unihash-exists", '6662e699d6e3d894b24408ff9a4031ef9b038ee8',
+            "unihash-exists", 'cc74784b2c0ad5b378a6b783c74c518d2c46b8b52fba29cb39a8430d742440d7',
        ], check=True)
        self.assertEqual(p.stdout.strip(), "false")

@@ -1222,7 +1308,7 @@ class TestHashEquivalenceClient(HashEquivalenceTestSetup, unittest.TestCase):

        p = self.run_hashclient([
            "--address", self.server_address,
-            "unihash-exists", '6662e699d6e3d894b24408ff9a4031ef9b038ee8',
+            "unihash-exists", 'cc74784b2c0ad5b378a6b783c74c518d2c46b8b52fba29cb39a8430d742440d7',
            "--quiet",
        ])
        self.assertEqual(p.returncode, 1)
@@ -1448,14 +1534,14 @@ class TestHashEquivalenceClient(HashEquivalenceTestSetup, unittest.TestCase):
    def test_gc(self):
        taskhash = '53b8dce672cb6d0c73170be43f540460bfc347b4'
        outhash = '5a9cb1649625f0bf41fc7791b635cd9c2d7118c7f021ba87dcd03f72b67ce7a8'
-        unihash = 'f37918cc02eb5a520b1aff86faacbc0a38124646'
+        unihash = '46edb5140d2613049332d0bf3745d9fafec9c559dac8cc61813739a28007fcdf'

        result = self.client.report_unihash(taskhash, self.METHOD, outhash, unihash)
        self.assertEqual(result['unihash'], unihash, 'Server returned bad unihash')

        taskhash2 = '3bf6f1e89d26205aec90da04854fbdbf73afe6b4'
        outhash2 = '77623a549b5b1a31e3732dfa8fe61d7ce5d44b3370f253c5360e136b852967b4'
-        unihash2 = 'af36b199320e611fbb16f1f277d3ee1d619ca58b'
+        unihash2 = 'bf6e81926066f770e960f9f777cd088c62bea9addb7745f3e77deaa81a645747'

        result = self.client.report_unihash(taskhash2, self.METHOD, outhash2, unihash2)
        self.assertClientGetHash(self.client, taskhash2, unihash2)
@@ -1498,7 +1584,7 @@ class TestHashEquivalenceUnixServerLongPath(HashEquivalenceTestSetup, unittest.T
        # Simple test that hashes can be created
        taskhash = '35788efcb8dfb0a02659d81cf2bfd695fb30faf9'
        outhash = '2765d4a5884be49b28601445c2760c5f21e7e5c0ee2b7e3fce98fd7e5970796f'
-        unihash = 'f46d3fbb439bd9b921095da657a4de906510d2cd'
+        unihash = 'a69ec97f5af2e21e1a1f9cc8896965515d5559425666f734e245a3d40cee33d9'

        self.assertClientGetHash(self.client, taskhash, None)

@@ -1585,4 +1671,3 @@ class TestHashEquivalenceExternalServer(HashEquivalenceTestSetup, HashEquivalenc

    def test_auth_get_all_users(self):
        self.skipTest("Cannot test all users with external server")
-
--- a/documentation/Makefile
+++ b/documentation/Makefile
@@ -43,11 +43,11 @@ PNGs := $(foreach dir, $(IMAGEDIRS), $(patsubst %.svg,%.png,$(wildcard $(SOURCED

 # Pattern rule for converting SVG to PDF
 %.pdf : %.svg
-	$(SVG2PDF) --format=Pdf --output=$@ $<
+	$(SVG2PDF) --format=pdf --output=$@ $<

 # Pattern rule for converting SVG to PNG
 %.png : %.svg
-	$(SVG2PNG) --format=Png --output=$@ $<
+	$(SVG2PNG) --format=png --output=$@ $<

 clean:
 	@rm -rf $(BUILDDIR) $(PNGs) $(PDFs) poky.yaml sphinx-static/switchers.js releases.rst
@@ -68,7 +68,7 @@ epub: $(PNGs)
 #   Unable to read an entire line---bufsize=200000. Please increase buf_size in texmf.cnf.
 latexpdf: $(PDFs)
 	$(SOURCEDIR)/set_versions.py
-	buf_size=10000000 $(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+	buf_size=10000000 LATEXMKOPTS="-silent" $(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

 all: html epub latexpdf

--- a/documentation/brief-yoctoprojectqs/index.rst
+++ b/documentation/brief-yoctoprojectqs/index.rst
@@ -61,8 +61,8 @@ following requirements:

   -  Git &MIN_GIT_VERSION; or greater
   -  tar &MIN_TAR_VERSION; or greater
-   -  Python &MIN_PYTHON_VERSION; or greater.
-   -  gcc &MIN_GCC_VERSION; or greater.
+   -  Python &MIN_PYTHON_VERSION; or greater
+   -  gcc &MIN_GCC_VERSION; or greater
   -  GNU make &MIN_MAKE_VERSION; or greater

 If your build host does not satisfy all of the above version
--- a/documentation/bsp-guide/bsp.rst
+++ b/documentation/bsp-guide/bsp.rst
@@ -7,10 +7,10 @@ Board Support Packages (BSP) --- Developer's Guide
 A Board Support Package (BSP) is a collection of information that
 defines how to support a particular hardware device, set of devices, or
 hardware platform. The BSP includes information about the hardware
-features present on the device and kernel configuration information
-along with any additional hardware drivers required. The BSP also lists
-any additional software components required in addition to a generic
-Linux software stack for both essential and optional platform features.
+features present on the device, any essential bootloader, kernel and
+device tree configuration, along with any additional hardware drivers required.
+The BSP also lists any additional software components required in addition to
+a generic Linux software stack for both essential and optional platform features.

 This guide presents information about BSP layers, defines a structure
 for components so that BSPs follow a commonly understood layout,
@@ -1302,7 +1302,7 @@ to build, and U-Boot configurations.

 The following list provides some explanation for the statements found in
 the example reference machine configuration file for the BeagleBone
-development boards. Realize that much more can be defined as part of a
+development board. Realize that much more can be defined as part of a
 machine's configuration file. In general, you can learn about related
 variables that this example does not have by locating the variables in
 the ":ref:`ref-manual/variables:variables glossary`" in the Yocto
@@ -1376,7 +1376,7 @@ Project Reference Manual.

 -  :term:`PREFERRED_VERSION_linux-yocto <PREFERRED_VERSION>`:
   Defines the version of the recipe used to build the kernel, which is
-   "6.12" in this case.
+   "6.18%" in this case.

 -  :term:`KERNEL_IMAGETYPE`:
   The type of kernel to build for the device. In this case, the
@@ -1435,35 +1435,27 @@ The kernel recipe used to build the kernel image for the BeagleBone
 device was established in the machine configuration::

   PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
-   PREFERRED_VERSION_linux-yocto ?= "6.1%"
+   PREFERRED_VERSION_linux-yocto ?= "6.18%"

 The ``meta-yocto-bsp/recipes-kernel/linux`` directory in the layer contains
 metadata used to build the kernel. In this case, a kernel append file
-(i.e. ``linux-yocto_6.1.bbappend``) is used to override an established
-kernel recipe (i.e. ``linux-yocto_6.1.bb``), which is located in
-:yocto_git:`/poky/tree/meta/recipes-kernel/linux`.
+(i.e. ``linux-yocto_6.18.bbappend``) is used to override an established
+kernel recipe (i.e. ``linux-yocto_6.18.bb``), which is located in
+:oe_git:`/openembedded-core/tree/meta/recipes-kernel/linux`.

 The contents of the append file are::

-   KBRANCH:genericx86  = "v6.1/standard/base"
-   KBRANCH:genericx86-64  = "v6.1/standard/base"
-   KBRANCH:beaglebone-yocto = "v6.1/standard/beaglebone"
-
-   KMACHINE:genericx86 ?= "common-pc"
-   KMACHINE:genericx86-64 ?= "common-pc-64"
-   KMACHINE:beaglebone-yocto ?= "beaglebone"
-
-   SRCREV_machine:genericx86 ?= "6ec439b4b456ce929c4c07fe457b5d6a4b468e86"
-   SRCREV_machine:genericx86-64 ?= "6ec439b4b456ce929c4c07fe457b5d6a4b468e86"
-   SRCREV_machine:beaglebone-yocto ?= "423e1996694b61fbfc8ec3bf062fc6461d64fde1"
-
+   COMPATIBLE_MACHINE:genericarm64 = "genericarm64"
+   COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto"
   COMPATIBLE_MACHINE:genericx86 = "genericx86"
   COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64"
-   COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto"

-   LINUX_VERSION:genericx86 = "6.1.30"
-   LINUX_VERSION:genericx86-64 = "6.1.30"
-   LINUX_VERSION:beaglebone-yocto = "6.1.20"
+   KMACHINE:beaglebone-yocto ?= "beaglebone"
+   KMACHINE:genericx86 ?= "common-pc"
+   KMACHINE:genericx86-64 ?= "common-pc-64"
+
+   KBRANCH:genericarm64 ?= "v6.18/standard/genericarm64"
+   SRCREV_machine:genericarm64 ?= "5cd75b0b5da06045acdd0c66e50656ab82cb880f"

 This particular append file works for all the machines that are
 part of the ``meta-yocto-bsp`` layer. The relevant statements are
--- a/documentation/conf.py
+++ b/documentation/conf.py
@@ -89,23 +89,38 @@ rst_prolog = """
 .. |author| replace:: %s
 """ % (project, copyright, author)

+# base url definitions
+oe_git_server = "https://git.openembedded.org"
+oecore_git = f"{oe_git_server}/openembedded-core"
+bitbake_git = f"{oe_git_server}/bitbake"
+yocto_git_server = "https://git.yoctoproject.org"
+meta_yocto_git = f"{yocto_git_server}/meta-yocto"
+bugzilla_server = "https://bugzilla.yoctoproject.org"
+
 # external links and substitutions
 extlinks = {
-    'bitbake_git': ('https://git.openembedded.org/bitbake%s', None),
+    'bitbake_git': (f'{bitbake_git}%s', None),
+    'bitbake_path': (f'{bitbake_git}/tree/%s', '%s'),
+    'bitbake_rev': (f'{bitbake_git}/commit/?id=%s', '%.7s'),
    'cve_mitre': ('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-%s', 'CVE-%s'),
    'cve_nist': ('https://nvd.nist.gov/vuln/detail/CVE-%s', 'CVE-%s'),
    'yocto_home': ('https://www.yoctoproject.org%s', None),
    'yocto_wiki': ('https://wiki.yoctoproject.org/wiki%s', None),
    'yocto_dl': ('https://downloads.yoctoproject.org%s', None),
    'yocto_lists': ('https://lists.yoctoproject.org%s', None),
-    'yocto_bugs': ('https://bugzilla.yoctoproject.org%s', None),
+    'yocto_bugs': (f'{bugzilla_server}%s', None),
+    'yocto_bug': (f'{bugzilla_server}/show_bug.cgi?id=%s', '%s'),
    'yocto_ab': ('https://autobuilder.yoctoproject.org%s', None),
    'yocto_docs': ('https://docs.yoctoproject.org%s', None),
-    'yocto_git': ('https://git.yoctoproject.org%s', None),
+    'yocto_git': (f'{yocto_git_server}%s', None),
+    'meta_yocto_path': (f'{meta_yocto_git}/tree/%s', '%s'),
+    'meta_yocto_rev': (f'{meta_yocto_git}/commit/?id=%s', '%.7s'),
    'yocto_sstate': ('http://sstate.yoctoproject.org%s', None),
    'oe_home': ('https://www.openembedded.org%s', None),
    'oe_lists': ('https://lists.openembedded.org%s', None),
-    'oe_git': ('https://git.openembedded.org%s', None),
+    'oe_git': (f'{oe_git_server}%s', None),
+    'oecore_path': (f'{oecore_git}/tree/%s', '%s'),
+    'oecore_rev': (f'{oecore_git}/commit/?id=%s', '%.7s'),
    'oe_wiki': ('https://www.openembedded.org/wiki%s', None),
    'oe_layerindex': ('https://layers.openembedded.org%s', None),
    'oe_layer': ('https://layers.openembedded.org/layerindex/branch/master/layer%s', None),
--- a/documentation/contributor-guide/recipe-style-guide.rst
+++ b/documentation/contributor-guide/recipe-style-guide.rst
@@ -28,7 +28,7 @@ file name. It is recommended to use released versions of software as these are
 revisions that upstream are expecting people to use.

 Recipe versions should always compare and sort correctly so that upgrades work
-as expected. With conventional versions such as ``1.4`` upgrading ``to 1.5``
+as expected. With conventional versions such as ``1.4`` upgrading to ``1.5``
 this happens naturally, but some versions don't sort. For example,
 ``1.5 Release Candidate 2`` could be written as ``1.5rc2`` but this sorts after
 ``1.5``, so upgrades from feeds won't happen correctly.
@@ -82,7 +82,7 @@ Recipe formatting
 Variable Formatting
 -------------------

-  Variable assignment should a space around each side of the operator, e.g.
+-  Variable assignment should include a space around each side of the operator, e.g.
   ``FOO = "bar"``, not ``FOO="bar"``.

 -  Double quotes should be used on the right-hand side of the assignment,
@@ -221,6 +221,20 @@ Recipes need to define both the :term:`LICENSE` and
   ``meta/files/common-licenses/`` or the :term:`SPDXLICENSEMAP` flag names
   defined in ``meta/conf/licenses.conf``.

+   .. note::
+
+      Setting a :term:`LICENSE` in a recipe applies to the software to be built
+      by this recipe, not to the recipe file itself. The license of recipes,
+      configuration files and scripts should also be clearly specified, for
+      example via comments or via a license found in the :term:`layer` that
+      holds these files. These license files are usually found at the root of
+      the layer. Exceptions should be clearly stated in the layer README or
+      LICENSE file.
+
+      For example, the :term:`OpenEmbedded-Core (OE-Core)` layer provides both
+      the GPL-2.0-only and MIT license files, and a "LICENSE" file to explain
+      how these two licenses are attributed to files found in the layer.
+
 -  :term:`LIC_FILES_CHKSUM`: The OpenEmbedded build system uses this
   variable to make sure the license text has not changed. If it has,
   the build produces an error and it affords you the chance to figure
@@ -279,7 +293,7 @@ Tips and Guidelines for Writing Recipes
   - then, copy ``X.orig`` back to ``X``,
   - and, finally, modify ``X``.

-   This ensures if rerun the task always has the same end result and the
+   This ensures that rerunning the task always produces the same end result and the
   original file can be preserved to reuse. It also guards against an
   interrupted build corrupting the file.

@@ -301,7 +315,7 @@ following status strings:
   No determination has been made yet, or patch has not yet been submitted to
   upstream.

-   Keep in mind that every patch submitted upstream reduces the maintainance
+   Keep in mind that every patch submitted upstream reduces the maintenance
   burden in OpenEmbedded and Yocto Project in the long run, so this patch
   status should only be used in exceptional cases if there are genuine
   obstacles to submitting a patch upstream; the reason for that should be
@@ -332,7 +346,7 @@ following status strings:
   The patch is not appropriate for upstream, include a brief reason on the
   same line enclosed with ``[]``. In the past, there were several different
   reasons not to submit patches upstream, but we have to consider that every
-   non-upstreamed patch means a maintainance burden for recipe maintainers.
+   non-upstreamed patch means a maintenance burden for recipe maintainers.
   Currently, the only reasons to mark patches as inappropriate for upstream
   submission are:

@@ -389,7 +403,7 @@ CVE patches
 ===========

 In order to have a better control of vulnerabilities, patches that fix CVEs must
-contain a ``CVE:`` tag. This tag list all CVEs fixed by the patch. If more than
+contain a ``CVE:`` tag. This tag should list all CVEs fixed by the patch. If more than
 one CVE is fixed, separate them using spaces.

 CVE Examples
--- a/documentation/contributor-guide/submit-changes.rst
+++ b/documentation/contributor-guide/submit-changes.rst
@@ -329,10 +329,10 @@ Validating Patches with Patchtest

 ``patchtest`` is available in ``openembedded-core`` as a tool for making
 sure that your patches are well-formatted and contain important info for
-maintenance purposes, such as ``Signed-off-by`` and ``Upstream-Status``
-tags. Note that no functional testing of the changes will be performed by ``patchtest``.
-Currently, it only supports testing patches for ``openembedded-core`` branches.
-To setup, perform the following::
+maintenance purposes, such as the ``Signed-off-by`` presence. Note that no
+functional testing of the changes will be performed by ``patchtest``. Currently,
+it only supports testing patches for ``openembedded-core`` branches. To setup,
+perform the following::

    pip install -r meta/lib/patchtest/requirements.txt
    source oe-init-build-env
@@ -697,8 +697,8 @@ backported to a stable branch unless the bug in question does not affect the
 master branch or the fix on the master branch is unsuitable for backporting.

 The list of stable branches along with the status and maintainer for each
-branch can be obtained from the
-:yocto_wiki:`Releases wiki page </Releases>`.
+branch can be obtained from the :yocto_home:`Releases </development/releases/>`
+page.

 .. note::

@@ -752,7 +752,7 @@ Taking Patch Review into Account
 You may get feedback on your submitted patches from other community members
 or from the automated patchtest service. If issues are identified in your
 patches then it is usually necessary to address these before the patches are
-accepted into the project. In this case you should your commits according
+accepted into the project. In this case you should revise your commits according
 to the feedback and submit an updated version to the relevant mailing list.

 In any case, never fix reported issues by fixing them in new commits
--- a/documentation/dev-manual/build-quality.rst
+++ b/documentation/dev-manual/build-quality.rst
@@ -242,8 +242,8 @@ Here is an example of ``image-info.txt``:
   BAD_RECOMMENDATIONS =
   NO_RECOMMENDATIONS =
   PACKAGE_EXCLUDE =
-   ROOTFS_POSTPROCESS_COMMAND = write_package_manifest; license_create_manifest; cve_check_write_rootfs_manifest;   ssh_allow_empty_password;  ssh_allow_root_login;  postinst_enable_logging;  rootfs_update_timestamp;   write_image_test_data;   empty_var_volatile;   sort_passwd; rootfs_reproducible;
-   IMAGE_POSTPROCESS_COMMAND =  buildhistory_get_imageinfo ;
+   ROOTFS_POSTPROCESS_COMMAND = ssh_allow_empty_password  ssh_allow_root_login  postinst_enable_logging  rootfs_update_timestamp   write_image_test_data   empty_var_volatile   sort_passwd rootfs_reproducible
+   IMAGE_POSTPROCESS_COMMAND =  buildhistory_get_imageinfo
   IMAGESIZE = 9265

 Other than ``IMAGESIZE``,
--- a/documentation/dev-manual/building.rst
+++ b/documentation/dev-manual/building.rst
@@ -920,7 +920,7 @@ Replicating a Build Offline
 It can be useful to take a "snapshot" of upstream sources used in a
 build and then use that "snapshot" later to replicate the build offline.
 To do so, you need to first prepare and populate your downloads
-directory your "snapshot" of files. Once your downloads directory is
+directory with your "snapshot" of files. Once your downloads directory is
 ready, you can use it at any time and from any machine to replicate your
 build.

@@ -948,7 +948,7 @@ Follow these steps to populate your Downloads directory:
 #. *Populate Your Downloads Directory Without Building:* Use BitBake to
   fetch your sources but inhibit the build::

-      $ bitbake target --runonly=fetch
+      $ bitbake target --runall=fetch

   The downloads directory (i.e. ``${DL_DIR}``) now has
   a "snapshot" of the source files in the form of tarballs, which can
--- a/documentation/dev-manual/debugging.rst
+++ b/documentation/dev-manual/debugging.rst
@@ -111,17 +111,17 @@ occurred in your project. Perhaps an attempt to :ref:`modify a variable
 <bitbake-user-manual/bitbake-user-manual-metadata:modifying existing
 variables>` did not work out as expected.

-BitBake's ``-e`` option is used to display variable values after
-parsing. The following command displays the variable values after the
-configuration files (i.e. ``local.conf``, ``bblayers.conf``,
+BitBake's ``bitbake-getvar`` command is used to display variable values after
+parsing. The following command displays the variable value for :term:`OVERRIDES`
+after the configuration files (i.e. ``local.conf``, ``bblayers.conf``,
 ``bitbake.conf`` and so forth) have been parsed::

-   $ bitbake -e
+   $ bitbake-getvar OVERRIDES

-The following command displays variable values after a specific recipe has
-been parsed. The variables include those from the configuration as well::
+The following command displays the value of :term:`PV` after a specific recipe
+has been parsed::

-   $ bitbake -e recipename
+   $ bitbake-getvar -r recipename PV

 .. note::

@@ -135,19 +135,25 @@ been parsed. The variables include those from the configuration as well::
   the recipe datastore, which means that variables set within one task
   will not be visible to other tasks.

-In the output of ``bitbake -e``, each variable is preceded by a
-description of how the variable got its value, including temporary
-values that were later overridden. This description also includes
-variable flags (varflags) set on the variable. The output can be very
+In the output of ``bitbake-getvar``, the line containing the value of the
+variable is preceded by a description of how the variable got its value,
+including temporary values that were later overridden. This description also
+includes variable flags (varflags) set on the variable. The output can be very
 helpful during debugging.

 Variables that are exported to the environment are preceded by
-``export`` in the output of ``bitbake -e``. See the following example::
+``export`` in the output of ``bitbake-getvar``. See the following example::

   export CC="i586-poky-linux-gcc -m32 -march=i586 --sysroot=/home/ulf/poky/build/tmp/sysroots/qemux86"

-In addition to variable values, the output of the ``bitbake -e`` and
-``bitbake -e`` recipe commands includes the following information:
+Shell functions and tasks can also be inspected with the same mechanism::
+
+   $ bitbake-getvar -r recipename do_install
+
+For Python functions and tasks, ``bitbake -e recipename`` can be used instead.
+
+Moreover, the output of the ``bitbake -e`` and ``bitbake -e`` recipe commands
+includes the following information:

 -  The output starts with a tree listing all configuration files and
   classes included globally, recursively listing the files they include
--- a/documentation/dev-manual/external-scm.rst
+++ b/documentation/dev-manual/external-scm.rst
@@ -38,28 +38,29 @@ configuration file contains the line::

   require conf/distro/include/poky-floating-revisions.inc

-This line pulls in the
-listed include file that contains numerous lines of exactly that form::
+This line pulls in the listed include file that defines the set of
+AUTOREV-enabled recipes::

-   #SRCREV:pn-opkg-native ?= "${AUTOREV}"
-   #SRCREV:pn-opkg-sdk ?= "${AUTOREV}"
-   #SRCREV:pn-opkg ?= "${AUTOREV}"
-   #SRCREV:pn-opkg-utils-native ?= "${AUTOREV}"
-   #SRCREV:pn-opkg-utils ?= "${AUTOREV}"
-   SRCREV:pn-gconf-dbus ?= "${AUTOREV}"
-   SRCREV:pn-matchbox-common ?= "${AUTOREV}"
-   SRCREV:pn-matchbox-config-gtk ?= "${AUTOREV}"
-   SRCREV:pn-matchbox-desktop ?= "${AUTOREV}"
-   SRCREV:pn-matchbox-keyboard ?= "${AUTOREV}"
-   SRCREV:pn-matchbox-panel-2 ?= "${AUTOREV}"
-   SRCREV:pn-matchbox-themes-extra ?= "${AUTOREV}"
-   SRCREV:pn-matchbox-terminal ?= "${AUTOREV}"
-   SRCREV:pn-matchbox-wm ?= "${AUTOREV}"
-   SRCREV:pn-settings-daemon ?= "${AUTOREV}"
-   SRCREV:pn-screenshot ?= "${AUTOREV}"
-   . . .
+   INHERIT += "poky-bleeding"

-These lines allow you to
+   POKY_AUTOREV_RECIPES = "\
+       libmatchbox \
+       opkg-utils \
+       matchbox-config-gtk \
+       matchbox-desktop \
+       matchbox-keyboard \
+       matchbox-panel-2 \
+       matchbox-terminal \
+       matchbox-theme-sato \
+       matchbox-wm \
+       pseudo \
+       puzzles \
+       sato-icon-theme \
+       sato-screenshot \
+       settings-daemon \
+   "
+
+This allows you to
 experiment with building a distribution that tracks the latest
 development source for numerous packages.

--- a/documentation/dev-manual/index.rst
+++ b/documentation/dev-manual/index.rst
@@ -41,7 +41,6 @@ Yocto Project Development Tasks Manual
   build-quality
   debugging
   licenses
-   security-subjects
   vulnerabilities
   sbom
   error-reporting-tool
--- a/documentation/dev-manual/init-manager.rst
+++ b/documentation/dev-manual/init-manager.rst
@@ -5,7 +5,7 @@
 Selecting an Initialization Manager
 ***********************************

-By default, the Yocto Project uses :wikipedia:`SysVinit <Init#SysV-style>` as
+By default, the :term:`Poky` distro uses :wikipedia:`SysVinit <Init#SysV-style>` as
 the initialization manager. There is also support for BusyBox init, a simpler
 implementation, as well as support for :wikipedia:`systemd <Systemd>`, which
 is a full replacement for init with parallel starting of services, reduced
--- a/documentation/dev-manual/layers.rst
+++ b/documentation/dev-manual/layers.rst
@@ -123,10 +123,9 @@ Follow these general steps to create your layer without using tools:
      Lists all layers on which this layer depends (if any).

   -  :term:`LAYERSERIES_COMPAT`:
-      Lists the :yocto_wiki:`Yocto Project </Releases>`
-      releases for which the current version is compatible. This
-      variable is a good way to indicate if your particular layer is
-      current.
+      Lists the :yocto_home:`Yocto Project releases </development/releases/>`
+      for which the current version is compatible. This variable is a good
+      way to indicate if your particular layer is current.


   .. note::
@@ -832,6 +831,8 @@ The following list describes the available commands:
   can replicate the directory structure and revisions of the layers in a current build.
   For more information, see ":ref:`dev-manual/layers:saving and restoring the layers setup`".

+-  ``show-machines``: Lists the machines available in the currently configured layers.
+
 Creating a General Layer Using the ``bitbake-layers`` Script
 ============================================================

--- a/documentation/dev-manual/libraries.rst
+++ b/documentation/dev-manual/libraries.rst
@@ -232,7 +232,7 @@ Here are the implementation details for the IPK Package Management System:
 Installing Multiple Versions of the Same Library
 ================================================

-There are be situations where you need to install and use multiple versions
+There might be situations where you need to install and use multiple versions
 of the same library on the same system at the same time. This
 almost always happens when a library API changes and you have
 multiple pieces of software that depend on the separate versions of the
--- a/documentation/dev-manual/new-recipe.rst
+++ b/documentation/dev-manual/new-recipe.rst
@@ -83,19 +83,20 @@ command::
   OpenEmbedded recipe tool

   options:
-     -d, --debug     Enable debug output
-     -q, --quiet     Print only errors
-     --color COLOR   Colorize output (where COLOR is auto, always, never)
-     -h, --help      show this help message and exit
+     -d, --debug       Enable debug output
+     -q, --quiet       Print only errors
+     --color COLOR     Colorize output (where COLOR is auto, always, never)
+     -h, --help        show this help message and exit

   subcommands:
-     create          Create a new recipe
-     newappend       Create a bbappend for the specified target in the specified
-                       layer
-     setvar          Set a variable within a recipe
-     appendfile      Create/update a bbappend to replace a target file
-     appendsrcfiles  Create/update a bbappend to add or replace source files
-     appendsrcfile   Create/update a bbappend to add or replace a source file
+     newappend         Create a bbappend for the specified target in the specified layer
+     create            Create a new recipe
+     setvar            Set a variable within a recipe
+     appendfile        Create/update a bbappend to replace a target file
+     appendsrcfiles    Create/update a bbappend to add or replace source files
+     appendsrcfile     Create/update a bbappend to add or replace a source file
+     edit              Edit the recipe and appends for the specified target. This obeys $VISUAL if set,
+                       otherwise $EDITOR, otherwise vi.
   Use recipetool <subcommand> --help to get help on a specific command

 Running ``recipetool create -o OUTFILE`` creates the base recipe and
@@ -218,9 +219,9 @@ compilation and packaging files, and so forth.

 The path to the per-recipe temporary work directory depends on the
 context in which it is being built. The quickest way to find this path
-is to have BitBake return it by running the following::
+is to use the ``bitbake-getvar`` utility::

-   $ bitbake -e basename | grep ^WORKDIR=
+   $ bitbake-getvar -r basename WORKDIR

 As an example, assume a Source Directory
 top-level folder named ``poky``, a default :term:`Build Directory` at
@@ -438,7 +439,7 @@ Licensing
 =========

 Your recipe needs to define variables related to the license
-under whith the software is distributed. See the
+under which the software is distributed. See the
 :ref:`contributor-guide/recipe-style-guide:recipe license fields`
 section in the Contributor Guide for details.

@@ -975,11 +976,10 @@ kernel recipe you want by using the :term:`PREFERRED_PROVIDER` variable. As
 an example, consider the :yocto_git:`x86-base.inc
 </poky/tree/meta/conf/machine/include/x86/x86-base.inc>` include file, which is a
 machine (i.e. :term:`MACHINE`) configuration file. This include file is the
-reason all x86-based machines use the ``linux-yocto`` kernel. Here are the
-relevant lines from the include file::
+reason all x86-based machines use the ``linux-yocto`` kernel. Here is the
+relevant line from that include file::

   PREFERRED_PROVIDER_virtual/kernel ??= "linux-yocto"
-   PREFERRED_VERSION_linux-yocto ??= "4.15%"

 When you use a virtual provider, you do not have to "hard code" a recipe
 name as a build dependency. You can use the
--- a/documentation/dev-manual/packages.rst
+++ b/documentation/dev-manual/packages.rst
@@ -274,8 +274,23 @@ with a number. The number used depends on the state of the PR Service:

   .. code-block:: none

-      hello-world-git_0.0+git0+b6558dd387-r0.0_armv7a-neon.ipk
-      hello-world-git_0.0+git1+dd2f5c3565-r0.0_armv7a-neon.ipk
+      hello-world-git_1.0+git0+b6558dd387-r0.0_armv7a-neon.ipk
+      hello-world-git_1.0+git1+dd2f5c3565-r0.1_armv7a-neon.ipk
+
+   Two numbers got incremented here:
+
+   -  ``gitX`` changed from ``git0`` to ``git1``. This is because there was a
+      change in the source code (``SRCREV``).
+
+   -  ``r0.X`` changed from ``r0.0`` to ``r0.1``. This is because the hash of
+      the :ref:`ref-tasks-package` task changed.
+
+      The reason for this change can be many. To understand why the hash of the
+      :ref:`ref-tasks-package` task changed, you can run the following command:
+
+      .. code-block:: console
+
+         $ bitbake-diffsigs -t hello-world package

 -  If PR Service is not enabled, the build system replaces the
   ``AUTOINC`` placeholder with zero (i.e. "0"). This results in
@@ -285,8 +300,8 @@ with a number. The number used depends on the state of the PR Service:

   .. code-block:: none

-      hello-world-git_0.0+git0+b6558dd387-r0.0_armv7a-neon.ipk
-      hello-world-git_0.0+git0+dd2f5c3565-r0.0_armv7a-neon.ipk
+      hello-world-git_1.0+git0+b6558dd387-r0_armv7a-neon.ipk
+      hello-world-git_1.0+git0+dd2f5c3565-r0_armv7a-neon.ipk

 In summary, the OpenEmbedded build system does not track the history of
 binary package versions for this purpose. ``AUTOINC``, in this case, is
@@ -549,12 +564,12 @@ variable to specify the format:

      PACKAGE_CLASSES ?= "package_packageformat"

-   where packageformat can be "ipk", "rpm",
-   "deb", or "tar" which are the supported package formats.
+   where packageformat can be "ipk", "rpm", or
+   "deb" which are the supported package formats.

   .. note::

-      Because the Yocto Project supports four different package formats,
+      Because the Yocto Project supports three different package formats,
      you can set the variable with more than one argument. However, the
      OpenEmbedded build system only uses the first argument when
      creating an image or Software Development Kit (SDK).
--- a/documentation/dev-manual/prebuilt-libraries.rst
+++ b/documentation/dev-manual/prebuilt-libraries.rst
@@ -153,8 +153,8 @@ default :term:`FILES` variables in ``bitbake.conf`` are::

   SOLIBS = ".so.*"
   SOLIBSDEV = ".so"
-   FILES:${PN} = "... ${libdir}/lib*${SOLIBS} ..."
-   FILES_SOLIBSDEV ?= "... ${libdir}/lib*${SOLIBSDEV} ..."
+   FILES:${PN} = "... ${libdir}/lib*${SOLIBS} ... ${base_libdir}/*${SOLIBS} ..."
+   FILES_SOLIBSDEV ?= "${base_libdir}/lib*${SOLIBSDEV} ${libdir}/lib*${SOLIBSDEV}"
   FILES:${PN}-dev = "... ${FILES_SOLIBSDEV} ..."

 :term:`SOLIBS` defines a pattern that matches real shared object libraries.
--- a/documentation/dev-manual/sbom.rst
+++ b/documentation/dev-manual/sbom.rst
@@ -24,11 +24,12 @@ users can read in standardized format.
 :term:`SBOM` information is also critical to performing vulnerability exposure
 assessments, as all the components used in the Software Supply Chain are listed.

-The OpenEmbedded build system doesn't generate such information by default.
-To make this happen, you must inherit the
-:ref:`ref-classes-create-spdx` class from a configuration file::
+The OpenEmbedded build system generates such information by default (by
+inheriting the :ref:`ref-classes-create-spdx` class in :term:`INHERIT_DISTRO`).

-   INHERIT += "create-spdx"
+If needed, it can be disabled from a :term:`configuration file`::
+
+   INHERIT_DISTRO:remove = "create-spdx"

 Upon building an image, you will then get the compressed archive
 ``IMAGE-MACHINE.spdx.tar.zst`` contains the index and the files for the single
--- a/documentation/dev-manual/security-subjects.rst
+++ b/documentation/dev-manual/security-subjects.rst
@@ -1,194 +0,0 @@
-.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
-
-Dealing with Vulnerability Reports
-**********************************
-
-The Yocto Project and OpenEmbedded are open-source, community-based projects
-used in numerous products. They assemble multiple other open-source projects,
-and need to handle security issues and practices both internal (in the code
-maintained by both projects), and external (maintained by other projects and
-organizations).
-
-This manual assembles security-related information concerning the whole
-ecosystem. It includes information on reporting a potential security issue,
-the operation of the YP Security team and how to contribute in the
-related code. It is written to be useful for both security researchers and
-YP developers.
-
-How to report a potential security vulnerability?
-=================================================
-
-If you would like to report a public issue (for example, one with a released
-CVE number), please report it using the
-:yocto_bugs:`Security Bugzilla </enter_bug.cgi?product=Security>`.
-
-If you are dealing with a not-yet-released issue, or an urgent one, please send
-a message to security AT yoctoproject DOT org, including as many details as
-possible: the layer or software module affected, the recipe and its version,
-and any example code, if available. This mailing list is monitored by the
-Yocto Project Security team.
-
-For each layer, you might also look for specific instructions (if any) for
-reporting potential security issues in the specific ``SECURITY.md`` file at the
-root of the repository. Instructions on how and where submit a patch are
-usually available in ``README.md``. If this is your first patch to the
-Yocto Project/OpenEmbedded, you might want to have a look into the
-Contributor's Manual section
-":ref:`contributor-guide/submit-changes:preparing changes for submission`".
-
-Branches maintained with security fixes
---------------------------------------
-
-See the
-:ref:`Release process <ref-manual/release-process:Stable Release Process>`
-documentation for details regarding the policies and maintenance of stable
-branches.
-
-The :yocto_wiki:`Releases page </Releases>` contains a list
-of all releases of the Yocto Project. Versions in gray are no longer actively
-maintained with security patches, but well-tested patches may still be accepted
-for them for significant issues.
-
-Security-related discussions at the Yocto Project
-------------------------------------------------
-
-We have set up two security-related emails/mailing lists:
-
-  -  Public Mailing List: yocto [dash] security [at] yoctoproject[dot] org
-
-     This is a public mailing list for anyone to subscribe to. This list is an
-     open list to discuss public security issues/patches and security-related
-     initiatives. For more information, including subscription information,
-     please see the  :yocto_lists:`yocto-security mailing list info page
-     </g/yocto-security>`.
-
-     This list requires moderator approval for new topics to be posted, to avoid
-     private security reports to be posted by mistake.
-
-  -  Yocto Project Security Team: security [at] yoctoproject [dot] org
-
-     This is an email for reporting non-published potential vulnerabilities.
-     Emails sent to this address are forwarded to the Yocto Project Security
-     Team members.
-
-
-What you should do if you find a security vulnerability
-------------------------------------------------------
-
-If you find a security flaw: a crash, an information leakage, or anything that
-can have a security impact if exploited in any Open Source software built or
-used by the Yocto Project, please report this to the Yocto Project Security
-Team. If you prefer to contact the upstream project directly, please send a
-copy to the security team at the Yocto Project as well. If you believe this is
-highly sensitive information, please report the vulnerability in a secure way,
-i.e. encrypt the email and send it to the private list. This ensures that
-the exploit is not leaked and exploited before a response/fix has been generated.
-
-Security team
-=============
-
-The Yocto Project/OpenEmbedded security team coordinates the work on security
-subjects in the project. All general discussion takes place publicly. The
-Security Team only uses confidential communication tools to deal with private
-vulnerability reports before they are released.
-
-Security team appointment
-------------------------
-
-The Yocto Project Security Team consists of at least three members. When new
-members are needed, the Yocto Project Technical Steering Committee (YP TSC)
-asks for nominations by public channels including a nomination deadline.
-Self-nominations are possible. When the limit time is
-reached, the YP TSC posts the list of candidates for the comments of project
-participants and developers. Comments may be sent publicly or privately to the
-YP and OE TSCs. The candidates are approved by both YP TSC and OpenEmbedded
-Technical Steering Committee (OE TSC) and the final list of the team members
-is announced publicly. The aim is to have people representing technical
-leadership, security knowledge and infrastructure present with enough people
-to provide backup/coverage but keep the notification list small enough to
-minimize information risk and maintain trust.
-
-YP Security Team members may resign at any time.
-
-Security Team Operations
------------------------
-
-The work of the Security Team might require high confidentiality. Team members
-are individuals selected by merit and do not represent the companies they work
-for. They do not share information about confidential issues outside of the team
-and do not hint about ongoing embargoes.
-
-Team members can bring in domain experts as needed. Those people should be
-added to individual issues only and adhere to the same standards as the YP
-Security Team.
-
-The YP security team organizes its meetings and communication as needed.
-
-When the YP Security team receives a report about a potential security
-vulnerability, they quickly analyze and notify the reporter of the result.
-They might also request more information.
-
-If the issue is confirmed and affects the code maintained by the YP, they
-confidentially notify maintainers of that code and work with them to prepare
-a fix.
-
-If the issue is confirmed and affects an upstream project, the YP security team
-notifies the project. Usually, the upstream project analyzes the problem again.
-If they deem it a real security problem in their software, they develop and
-release a fix following their security policy. They may want to include the
-original reporter in the loop. There is also sometimes some coordination for
-handling patches, backporting patches etc, or just understanding the problem
-or what caused it.
-
-When the fix is publicly available, the YP security team member or the
-package maintainer sends patches against the YP code base, following usual
-procedures, including public code review.
-
-What Yocto Security Team does when it receives a security vulnerability
-----------------------------------------------------------------------
-
-The YP Security Team team performs a quick analysis and would usually report
-the flaw to the upstream project. Normally the upstream project analyzes the
-problem. If they deem it a real security problem in their software, they
-develop and release a fix following their own security policy. They may want
-to include the original reporter in the loop. There is also sometimes some
-coordination for handling patches, backporting patches etc, or just
-understanding the problem or what caused it.
-
-The security policy of the upstream project might include a notification to
-Linux distributions or other important downstream projects in advance to
-discuss coordinated disclosure. These mailing lists are normally non-public.
-
-When the upstream project releases a version with the fix, they are responsible
-for contacting `Mitre <https://www.cve.org/>`__ to get a CVE number assigned and
-the CVE record published.
-
-If an upstream project does not respond quickly
-----------------------------------------------
-
-If an upstream project does not fix the problem in a reasonable time,
-the Yocto's Security Team will contact other interested parties (usually
-other distributions) in the community and together try to solve the
-vulnerability as quickly as possible.
-
-The Yocto Project Security team adheres to the 90 days disclosure policy
-by default. An increase of the embargo time is possible when necessary.
-
-Current Security Team members
-----------------------------
-
-For secure communications, please send your messages encrypted using the GPG
-keys. Remember, message headers are not encrypted so do not include sensitive
-information in the subject line.
-
-  -  Ross Burton: <ross@burtonini.com> `Public key <https://keys.openpgp.org/search?q=ross%40burtonini.com>`__
-
-  -  Michael Halstead: <mhalstead [at] linuxfoundation [dot] org>
-     `Public key <https://pgp.mit.edu/pks/lookup?op=vindex&search=0x3373170601861969>`__
-     or `Public key <https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xd1f2407285e571ed12a407a73373170601861969>`__
-
-  -  Richard Purdie: <richard.purdie@linuxfoundation.org> `Public key <https://keys.openpgp.org/search?q=richard.purdie%40linuxfoundation.org>`__
-
-  -  Marta Rybczynska: <marta DOT rybczynska [at] syslinbit [dot] com> `Public key <https://keys.openpgp.org/search?q=marta.rybczynska@syslinbit.com>`__
-
-  -  Steve Sakoman: <steve [at] sakoman [dot] com> `Public key <https://keys.openpgp.org/search?q=steve%40sakoman.com>`__
--- a/documentation/dev-manual/start.rst
+++ b/documentation/dev-manual/start.rst
@@ -651,7 +651,7 @@ described in the ":ref:`dev-manual/start:accessing source archives`" section.
   .. note::

      For a "map" of Yocto Project releases to version numbers, see the
-      :yocto_wiki:`Releases </Releases>` wiki page.
+      :yocto_home:`Releases </development/releases/>` page.

   You can use the "RELEASE ARCHIVE" link to reveal a menu of all Yocto
   Project releases.
--- a/documentation/dev-manual/temporary-source-code.rst
+++ b/documentation/dev-manual/temporary-source-code.rst
@@ -36,11 +36,11 @@ The path to the work directory for the recipe
 (:term:`WORKDIR`) is defined as
 follows::

-   ${TMPDIR}/work/${MULTIMACH_TARGET_SYS}/${PN}/${EXTENDPE}${PV}-${PR}
+   ${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}/${PN}/${PV}

 The actual directory depends on several things:

-  :term:`TMPDIR`: The top-level build
+-  :term:`BASE_WORKDIR`: The top-level build
   output directory.

 -  :term:`MULTIMACH_TARGET_SYS`:
@@ -48,19 +48,13 @@ The actual directory depends on several things:

 -  :term:`PN`: The recipe name.

-  :term:`EXTENDPE`: The epoch --- if
-   :term:`PE` is not specified, which is
-   usually the case for most recipes, then :term:`EXTENDPE` is blank.
-
 -  :term:`PV`: The recipe version.

-  :term:`PR`: The recipe revision.
-
 As an example, assume a Source Directory top-level folder named
-``poky``, a default :term:`Build Directory` at ``poky/build``, and a
+``project``, a default :term:`Build Directory` at ``project/build``, and a
 ``qemux86-poky-linux`` machine target system. Furthermore, suppose your
 recipe is named ``foo_1.3.0.bb``. In this case, the work directory the
 build system uses to build the package would be as follows::

-   poky/build/tmp/work/qemux86-poky-linux/foo/1.3.0-r0
+   project/build/tmp/work/qemux86-poky-linux/foo/1.3.0

--- a/documentation/figures/yp-how-it-works-new-diagram.png
+++ b/documentation/figures/yp-how-it-works-new-diagram.png
--- a/documentation/index.rst
+++ b/documentation/index.rst
@@ -17,10 +17,9 @@ Welcome to the Yocto Project Documentation
   Quick Build <brief-yoctoprojectqs/index>
   what-i-wish-id-known
   transitioning-to-a-custom-environment
-   Yocto Project Software Overview <https://www.yoctoproject.org/software-overview/>
+   Yocto Project Technical Overview <https://www.yoctoproject.org/development/technical-overview/>
   Tips and Tricks Wiki <https://wiki.yoctoproject.org/wiki/TipsAndTricks>

-
 .. toctree::
   :maxdepth: 1
   :caption: Manuals
@@ -37,6 +36,12 @@ Welcome to the Yocto Project Documentation
   Test Environment Manual <test-manual/index>
   bitbake

+.. toctree::
+   :maxdepth: 1
+   :caption: Security
+
+   Yocto Project Security Reference <security-reference/index>
+
 .. toctree::
   :maxdepth: 1
   :caption: Release Manuals
--- a/documentation/kernel-dev/common.rst
+++ b/documentation/kernel-dev/common.rst
@@ -1191,10 +1191,12 @@ appear in the ``.config`` file, which is in the :term:`Build Directory`.

 It is simple to create a configuration fragment. One method is to use
 shell commands. For example, issuing the following from the shell
-creates a configuration fragment file named ``my_smp.cfg`` that enables
-multi-processor support within the kernel::
+creates a configuration fragment file named ``my_changes.cfg`` that enables
+multi-processor support within the kernel and disables the FPGA
+Configuration Framework::

-   $ echo "CONFIG_SMP=y" >> my_smp.cfg
+   $ echo "CONFIG_SMP=y" >> my_changes.cfg
+   $ echo "# CONFIG_FPGA is not set" >> my_changes.cfg

 .. note::

@@ -1431,15 +1433,13 @@ Expanding Variables
 ===================

 Sometimes it is helpful to determine what a variable expands to during a
-build. You can examine the values of variables by examining the
-output of the ``bitbake -e`` command. The output is long and is more
-easily managed in a text file, which allows for easy searches::
+build. You can examine the value of a variable by running the ``bitbake-getvar``
+command::

-   $ bitbake -e virtual/kernel > some_text_file
+   $ bitbake-getvar -r virtual/kernel VARIABLE

-Within the text file, you can see
-exactly how each variable is expanded and used by the OpenEmbedded build
-system.
+The output of the command explains exactly how the variable is expanded and used
+by the :term:`OpenEmbedded Build System`.

 Working with a "Dirty" Kernel Version String
 ============================================
--- a/documentation/kernel-dev/concepts-appx.rst
+++ b/documentation/kernel-dev/concepts-appx.rst
@@ -76,22 +76,6 @@ and included with Yocto Project releases:
 -  *linux-yocto-dev:* A development kernel based on the latest
   upstream release candidate available.

-.. note::
-
-   Long Term Support Initiative (LTSI) for Yocto Linux kernels is as
-   follows:
-
-   -  For Yocto Project releases 1.7, 1.8, and 2.0, the LTSI kernel is
-      ``linux-yocto-3.14``.
-
-   -  For Yocto Project releases 2.1, 2.2, and 2.3, the LTSI kernel is
-      ``linux-yocto-4.1``.
-
-   -  For Yocto Project release 2.4, the LTSI kernel is
-      ``linux-yocto-4.9``
-
-   -  ``linux-yocto-4.4`` is an LTS kernel.
-
 Once a Yocto Linux kernel is officially released, the Yocto Project team
 goes into their next development cycle, or upward revision (uprev)
 cycle, while still continuing maintenance on the released kernel. It is
--- a/documentation/kernel-dev/intro.rst
+++ b/documentation/kernel-dev/intro.rst
@@ -23,11 +23,7 @@ whose Git repositories you can view in the Yocto
 heading. New recipes for the release track the latest Linux kernel
 upstream developments from https://www.kernel.org and introduce
 newly-supported platforms. Previous recipes in the release are refreshed
-and supported for at least one additional Yocto Project release. As they
-align, these previous releases are updated to include the latest from
-the Long Term Support Initiative (LTSI) project. You can learn more
-about Yocto Linux kernels and LTSI in the
-":ref:`kernel-dev/concepts-appx:yocto project kernel development and maintenance`" section.
+and supported for at least one additional Yocto Project release.

 Also included is a Yocto Linux kernel development recipe
 (``linux-yocto-dev.bb``) should you want to work with the very latest in
--- a/documentation/migration-guides/release-4.0.rst
+++ b/documentation/migration-guides/release-4.0.rst
@@ -37,3 +37,8 @@ Release 4.0 (kirkstone)
   release-notes-4.0.28
   release-notes-4.0.29
   release-notes-4.0.30
+   release-notes-4.0.31
+   release-notes-4.0.32
+   release-notes-4.0.33
+   release-notes-4.0.34
+   release-notes-4.0.35
--- a/documentation/migration-guides/release-5.0.rst
+++ b/documentation/migration-guides/release-5.0.rst
@@ -19,3 +19,9 @@ Release 5.0 (scarthgap)
   release-notes-5.0.10
   release-notes-5.0.11
   release-notes-5.0.12
+   release-notes-5.0.13
+   release-notes-5.0.14
+   release-notes-5.0.15
+   release-notes-5.0.16
+   release-notes-5.0.17
+   release-notes-5.0.18
--- a/documentation/migration-guides/release-notes-4.0.31.rst
+++ b/documentation/migration-guides/release-notes-4.0.31.rst
@@ -0,0 +1,210 @@
+Release notes for Yocto-4.0.31 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.31
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: Fix :cve_nist:`2025-8225`, :cve_nist:`2025-11081`, :cve_nist:`2025-11082` and
+   :cve_nist:`2025-11083`
+-  busybox: Fix :cve_nist:`2025-46394`
+-  cmake: Fix :cve_nist:`2025-9301`
+-  curl: Fix :cve_nist:`2025-9086`
+-  ffmpeg: Ignore :cve_nist:`2023-6603`
+-  ffmpeg: mark :cve_nist:`2023-6601` as Fixed
+-  ghostscript: Fix :cve_nist:`2025-59798`, :cve_nist:`2025-59799` and :cve_nist:`2025-59800`
+-  git: Fix :cve_nist:`2025-48386`
+-  glib-networking: Fix :cve_nist:`2025-60018` and :cve_nist:`2025-60019`
+-  go: Fix :cve_nist:`2025-47906` and :cve_nist:`2025-47907`
+-  grub2: Fix :cve_nist:`2024-56738`
+-  grub: Ignore :cve_nist:`2024-2312`
+-  gstreamer1.0-plugins-bad: Fix :cve_nist:`2025-3887`
+-  gstreamer1.0: Ignore :cve_nist:`2025-2759`, :cve_nist:`2025-3887`, :cve_nist:`2025-47183`,
+   :cve_nist:`2025-47219`, :cve_nist:`2025-47806`, :cve_nist:`2025-47807` and :cve_nist:`2025-47808`
+-  python3-jinja2: Fix :cve_nist:`2024-56201`, :cve_nist:`2024-56326` and :cve_nist:`2025-27516`
+-  libxml2: Fix :cve_nist:`2025-9714`
+-  libxslt: Fix :cve_nist:`2025-7424`
+-  lz4: Fix :cve_nist:`2025-62813`
+-  openssl: Fix :cve_nist:`2025-9230` and :cve_nist:`2025-9232`
+-  pulseaudio: Ignore :cve_nist:`2024-11586`
+-  python3: Fix :cve_nist:`2024-6345`, :cve_nist:`2025-47273` and :cve_nist:`2025-59375`
+-  qemu: Fix :cve_nist:`2024-8354`
+-  tiff: Fix :cve_nist:`2025-8961`, :cve_nist:`2025-9165` and :cve_nist:`2025-9900`
+-  vim: Fix :cve_nist:`2025-9389`
+
+
+Fixes in Yocto-4.0.31
+~~~~~~~~~~~~~~~~~~~~~
+
+-  build-appliance-image: Update to kirkstone head revision
+-  poky.conf: bump version for 4.0.31
+-  ref-manual/classes.rst: document the relative_symlinks class
+-  ref-manual/classes.rst: gettext: extend the documentation of the class
+-  ref-manual/variables.rst: document the CCACHE_DISABLE, UNINATIVE_CHECKSUM, UNINATIVE_URL, USE_NLS,
+   REQUIRED_COMBINED_FEATURES, REQUIRED_IMAGE_FEATURES, :term:`REQUIRED_MACHINE_FEATURES` variable
+-  ref-manual/variables.rst: fix :term:`LAYERDEPENDS` description
+-  dev-manual, test-manual: Update autobuilder output links
+-  ref-manual/classes.rst: extend the uninative class documentation
+-  python3: upgrade to 3.10.19
+-  linux-yocto/5.15: update to v5.15.194
+-  glibc: : PTHREAD_COND_INITIALIZER compatibility with pre-2.41 versions (bug 32786)
+-  glibc: nptl Use all of g1_start and g_signals
+-  glibc: nptl rename __condvar_quiesce_and_switch_g1
+-  glibc: nptl Fix indentation
+-  glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loop
+-  glibc: Remove g_refs from condition variables
+-  glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait
+-  glibc: nptl Remove unnecessary catch-all-wake in condvar group switch
+-  glibc: nptl Update comments and indentation for new condvar implementation
+-  glibc: pthreads NPTL lost wakeup fix 2
+-  glibc: Remove partial BZ#25847 backport patches
+-  vulnerabilities: update nvdcve file name
+-  migration-guides: add release notes for 4.0.30
+-  oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server
+-  selftest/cases/meta_ide.py: use use gnu mirror instead of main server
+-  conf/bitbake.conf: use gnu mirror instead of main server
+-  p11-kit: backport fix for handle :term:`USE_NLS` from master
+-  systemd: backport fix for handle :term:`USE_NLS` from master
+-  glibc: stable 2.35 branch updates
+-  openssl: upgrade to 3.0.18
+-  scripts/install-buildtools: Update to 4.0.30
+-  ref-manual/variables.rst: fix the description of :term:`STAGING_DIR`
+-  ref-manual/structure: document the auto.conf file
+-  dev-manual/building.rst: add note about externalsrc variables absolute paths
+-  ref-manual/variables.rst: fix the description of :term:`KBUILD_DEFCONFIG`
+-  kernel-dev/common.rst: fix the in-tree defconfig description
+-  test-manual/yocto-project-compatible.rst: fix a typo
+-  contributor-guide: submit-changes: make "Crediting contributors" part of "Commit your changes"
+-  contributor-guide: submit-changes: number instruction list in commit your changes
+-  contributor-guide: submit-changes: reword commit message instructions
+-  contributor-guide: submit-changes: make the Cc tag follow kernel guidelines
+-  contributor-guide: submit-changes: align :term:`CC` tag description
+-  contributor-guide: submit-changes: clarify example with Yocto bug ID
+-  contributor-guide: submit-changes: fix improper bold string
+-  libhandy: update git branch name
+-  python3-jinja2: upgrade to 3.1.6
+-  vim: upgrade to 9.1.1683
+
+
+Known Issues in Yocto-4.0.31
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.31
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Adam Blank
+-  Aleksandar Nikolic
+-  Antonin Godard
+-  Archana Polampalli
+-  AshishKumar Mishra
+-  Bruce Ashfield
+-  Deepesh Varatharajan
+-  Divya Chellam
+-  Gyorgy Sarvari
+-  Hitendra Prajapati
+-  João Marcos Costa
+-  Lee Chee Yang
+-  Paul Barker
+-  Peter Marko
+-  Praveen Kumar
+-  Quentin Schulz
+-  Rajeshkumar Ramasamy
+-  Saravanan
+-  Soumya Sambu
+-  Steve Sakoman
+-  Sunil Dora
+-  Talel BELHAJ SALEM
+-  Theo GAIGE
+-  Vijay Anusuri
+-  Yash Shinde
+-  Yogita Urade
+
+Repositories / Downloads for Yocto-4.0.31
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.31 </yocto-docs/log/?h=yocto-4.0.31>`
+-  Git Revision: :yocto_git:`073f3bca4c374b03398317e7f445d2440a287741 </yocto-docs/commit/?id=073f3bca4c374b03398317e7f445d2440a287741>`
+-  Release Artefact: yocto-docs-073f3bca4c374b03398317e7f445d2440a287741
+-  sha: 3bfde9b6ad310dd42817509b67f61cd69552f74b2bc5011bd20788fe96d6823b
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.31/yocto-docs-073f3bca4c374b03398317e7f445d2440a287741.tar.bz2
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.31/yocto-docs-073f3bca4c374b03398317e7f445d2440a287741.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.31 </poky/log/?h=yocto-4.0.31>`
+-  Git Revision: :yocto_git:`04b39e5b7eb19498215d85c88a5fffb460fea1eb </poky/commit/?id=04b39e5b7eb19498215d85c88a5fffb460fea1eb>`
+-  Release Artefact: poky-04b39e5b7eb19498215d85c88a5fffb460fea1eb
+-  sha: 0ca18ab1ed25c0d77412ba30dbb03d74811756c7c2fe2401940f848a5e734930
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.31/poky-04b39e5b7eb19498215d85c88a5fffb460fea1eb.tar.bz2
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.31/poky-04b39e5b7eb19498215d85c88a5fffb460fea1eb.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.31 </openembedded-core/log/?h=yocto-4.0.31>`
+-  Git Revision: :oe_git:`99204008786f659ab03538cd2ae2fd23ed4164c5 </openembedded-core/commit/?id=99204008786f659ab03538cd2ae2fd23ed4164c5>`
+-  Release Artefact: oecore-99204008786f659ab03538cd2ae2fd23ed4164c5
+-  sha: aa97bf826ad217b3a5278b4ad60bef4d194f0f1ff617677cf2323d3cc4897687
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.31/oecore-99204008786f659ab03538cd2ae2fd23ed4164c5.tar.bz2
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.31/oecore-99204008786f659ab03538cd2ae2fd23ed4164c5.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`kirkstone </meta-yocto/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.31 </meta-yocto/log/?h=yocto-4.0.31>`
+-  Git Revision: :yocto_git:`3b2df00345b46479237fe0218675a818249f891c </meta-yocto/commit/?id=3b2df00345b46479237fe0218675a818249f891c>`
+-  Release Artefact: meta-yocto-3b2df00345b46479237fe0218675a818249f891c
+-  sha: 630e99e0f515bab8a316b2e32aff1352b4404f15aa087e8821b84093596a08ce
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.31/meta-yocto-3b2df00345b46479237fe0218675a818249f891c.tar.bz2
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.31/meta-yocto-3b2df00345b46479237fe0218675a818249f891c.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.31 </meta-mingw/log/?h=yocto-4.0.31>`
+-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
+-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
+-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.31/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.31/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.31 </meta-gplv2/log/?h=yocto-4.0.31>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.31/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.31/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.31 </bitbake/log/?h=yocto-4.0.31>`
+-  Git Revision: :oe_git:`8e2d1f8de055549b2101614d85454fcd1d0f94b2 </bitbake/commit/?id=8e2d1f8de055549b2101614d85454fcd1d0f94b2>`
+-  Release Artefact: bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2
+-  sha: fad4e7699bae62082118e89785324b031b0af0743064caee87c91ba28549afb0
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.31/bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2.tar.bz2
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.31/bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2.tar.bz2
+
--- a/documentation/migration-guides/release-notes-4.0.32.rst
+++ b/documentation/migration-guides/release-notes-4.0.32.rst
@@ -0,0 +1,194 @@
+Release notes for Yocto-4.0.32 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.32
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  bind: Fix :cve_nist:`2025-8677`, :cve_nist:`2025-40778` and :cve_nist:`2025-40780`
+-  binutils: Fix :cve_nist:`2025-11412` and :cve_nist:`2025-11413`
+-  curl: Ignore :cve_nist:`2025-10966`
+-  elfutils: Fix :cve_nist:`2025-1376` and :cve_nist:`2025-1377`
+-  gnutls: Fix :cve_nist:`2025-9820`
+-  go: Fix :cve_nist:`2024-24783`, :cve_nist:`2025-58187`, :cve_nist:`2025-58189`,
+   :cve_nist:`2025-61723` and :cve_nist:`2025-61724`
+-  libarchive: Fix :cve_nist:`2025-60753`
+-  libarchive: Fix 2 security issue (https://github.com/libarchive/libarchive/pull/2753 and
+   https://github.com/libarchive/libarchive/pull/2768)
+-  libpng: Fix :cve_nist:`2025-64505`, :cve_nist:`2025-64506`, :cve_nist:`2025-64720`,
+   :cve_nist:`2025-65018` and :cve_nist:`2025-66293`
+-  libxml2: Fix :cve_nist:`2025-7425`
+-  musl: Fix :cve_nist:`2025-26519`
+-  openssh: Fix :cve_nist:`2025-61984` and :cve_nist:`2025-61985`
+-  python3-idna: Fix :cve_nist:`2024-3651`
+-  python3-urllib3: Fix :cve_nist:`2024-37891`
+-  python3: fix :cve_nist:`2025-6075`
+-  ruby: Fix :cve_nist:`2024-35176`, :cve_nist:`2024-39908` and :cve_nist:`2024-41123`
+-  rust-cross-canadian: Ignore :cve_nist:`2024-43402`
+-  u-boot: Fix :cve_nist:`2024-42040`
+-  wpa-supplicant: Fix :cve_nist:`2025-24912`
+-  xserver-xorg: Fix :cve_nist:`2025-62229`, :cve_nist:`2025-62230` and :cve_nist:`2025-62231`
+-  xwayland: Fix :cve_nist:`2025-62229`, :cve_nist:`2025-62230` and :cve_nist:`2025-62231`
+
+
+Fixes in Yocto-4.0.32
+~~~~~~~~~~~~~~~~~~~~~
+
+-  babeltrace2: fetch with https protocol
+-  bind: upgrade to 9.18.41
+-  build-appliance-image: Update to kirkstone head revision
+-  dev-manual/layers.rst: document "bitbake-layers show-machines"
+-  dev-manual/new-recipe.rst: replace 'bitbake -e' with 'bitbake-getvar'
+-  dev-manual/new-recipe.rst: typo, "whith" -> "which"
+-  dev-manual/new-recipe.rst: update "recipetool -h" output
+-  dev-manual: debugging: use bitbake-getvar in Viewing Variable Values section
+-  documentation: link to the Releases page on yoctoproject.org instead of wiki
+-  efibootmgr: update :term:`SRC_URI` branch
+-  flac: patch seeking bug
+-  goarch.bbclass: do not leak :term:`TUNE_FEATURES` into crosssdk task signatures
+-  kernel-dev: add disable config example
+-  kernel-dev: common: migrate bitbake -e to bitbake-getvar
+-  libmicrohttpd: disable experimental code by default
+-  migration-guides: add release notes for 4.0.31
+-  oe-build-perf-report: relax metadata matching rules
+-  overview-manual: migrate to SVG + fix typo
+-  poky.conf: bump version for 4.0.32
+-  python3-urllib3: upgrade to 1.26.20
+-  recipes: Don't use ftp.gnome.org
+-  ref-manual: variables: migrate the :term:`OVERRIDES` note to bitbake-getvar
+-  systemd-bootchart: update :term:`SRC_URI` branch
+-  xf86-video-intel: correct :term:`SRC_URI` as freedesktop anongit is down
+
+
+Known Issues in Yocto-4.0.32
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.32
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Alexander Kanavin
+-  Archana Polampalli
+-  Divya Chellam
+-  Gyorgy Sarvari
+-  Hitendra Prajapati
+-  Hongxu Jia
+-  Jason Schonberg
+-  Lee Chee Yang
+-  Peter Marko
+-  Praveen Kumar
+-  Quentin Schulz
+-  Richard Purdie
+-  Robert P. J. Day
+-  Ross Burton
+-  Saquib Iltaf
+-  Soumya Sambu
+-  Steve Sakoman
+-  Vijay Anusuri
+-  Walter Werner SCHNEIDER
+
+
+Repositories / Downloads for Yocto-4.0.32
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.32 </yocto-docs/log/?h=yocto-4.0.32>`
+-  Git Revision: :yocto_git:`4b9df539fa06fb19ed8b51ef2d46e5c56779de81 </yocto-docs/commit/?id=4b9df539fa06fb19ed8b51ef2d46e5c56779de81>`
+-  Release Artefact: yocto-docs-4b9df539fa06fb19ed8b51ef2d46e5c56779de81
+-  sha: 70ee2caf576683c5f31ac5a592cde1c0650ece25cfcd5ff3cc7eedf531575611
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/yocto-docs-4b9df539fa06fb19ed8b51ef2d46e5c56779de81.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/yocto-docs-4b9df539fa06fb19ed8b51ef2d46e5c56779de81.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.32 </poky/log/?h=yocto-4.0.32>`
+-  Git Revision: :yocto_git:`2c05660b21c7cc1082aeac8b75d8a2d82e249f63 </poky/commit/?id=2c05660b21c7cc1082aeac8b75d8a2d82e249f63>`
+-  Release Artefact: poky-2c05660b21c7cc1082aeac8b75d8a2d82e249f63
+-  sha: d7a55a18a597a7b140a81586b7ca6379c208ebbb3285de36c48fde10882947d8
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/poky-2c05660b21c7cc1082aeac8b75d8a2d82e249f63.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/poky-2c05660b21c7cc1082aeac8b75d8a2d82e249f63.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.32 </openembedded-core/log/?h=yocto-4.0.32>`
+-  Git Revision: :oe_git:`2ed3f8b938579dbbb804e04c45a968cc57761db7 </openembedded-core/commit/?id=2ed3f8b938579dbbb804e04c45a968cc57761db7>`
+-  Release Artefact: oecore-2ed3f8b938579dbbb804e04c45a968cc57761db7
+-  sha: 11b9632586dfbf3f0ef69eca2014a8002f25ca8d53cfe9424e27361ba3a20831
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/oecore-2ed3f8b938579dbbb804e04c45a968cc57761db7.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/oecore-2ed3f8b938579dbbb804e04c45a968cc57761db7.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`kirkstone </meta-yocto/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.32 </meta-yocto/log/?h=yocto-4.0.32>`
+-  Git Revision: :yocto_git:`77b40877c179ea3ce5c37c7ba1831e9c0e289266 </meta-yocto/commit/?id=77b40877c179ea3ce5c37c7ba1831e9c0e289266>`
+-  Release Artefact: meta-yocto-77b40877c179ea3ce5c37c7ba1831e9c0e289266
+-  sha: e908d42690881cd6e07b9ca18a21eb8761a0ec72d940b12905622e75ba913974
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/meta-yocto-77b40877c179ea3ce5c37c7ba1831e9c0e289266.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/meta-yocto-77b40877c179ea3ce5c37c7ba1831e9c0e289266.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.32 </meta-mingw/log/?h=yocto-4.0.32>`
+-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
+-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
+-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.32 </meta-gplv2/log/?h=yocto-4.0.32>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.32 </bitbake/log/?h=yocto-4.0.32>`
+-  Git Revision: :oe_git:`8e2d1f8de055549b2101614d85454fcd1d0f94b2 </bitbake/commit/?id=8e2d1f8de055549b2101614d85454fcd1d0f94b2>`
+-  Release Artefact: bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2
+-  sha: fad4e7699bae62082118e89785324b031b0af0743064caee87c91ba28549afb0
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.32/bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.32/bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2.tar.bz2
+
--- a/documentation/migration-guides/release-notes-4.0.33.rst
+++ b/documentation/migration-guides/release-notes-4.0.33.rst
@@ -0,0 +1,182 @@
+Release notes for Yocto-4.0.33 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.33
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: Fix :cve_nist:`2025-1181`, :cve_nist:`2025-11494`, :cve_nist:`2025-11839` and
+   :cve_nist:`2025-11840`
+-  cups: Fix :cve_nist:`2025-58436` and :cve_nist:`2025-61915`
+-  curl: Fix :cve_nist:`2025-14017`, :cve_nist:`2025-15079` and :cve_nist:`2025-15224`
+-  dropbear: Fix :cve_nist:`2019-6111`
+-  glib-2.0: Fix :cve_nist:`2025-13601`, :cve_nist:`2025-14087` and :cve_nist:`2025-14512`
+-  gnupg: Fix :cve_nist:`2025-68973`
+-  go: Fix :cve_nist:`2023-39323`, :cve_nist:`2025-61727` and :cve_nist:`2025-61729`
+-  go: Fix :cve_nist:`2025-58187` (update patch)
+-  grub: Fix :cve_nist:`2025-61661`, :cve_nist:`2025-61662`, :cve_nist:`2025-61663` and
+   :cve_nist:`2025-61664`
+-  libarchive: Fix :cve_nist:`2025-60753` (update patch)
+-  libpcap: Fix :cve_nist:`2025-11961` and :cve_nist:`2025-11964`
+-  libsoup: fix :cve_nist:`2025-12105`
+-  libxslt: Fix :cve_nist:`2025-11731`
+-  python3: Fix :cve_nist:`2025-13836`
+-  python3-urllib3: Fix :cve_nist:`2025-66418`
+-  qemu: Fix :cve_nist:`2025-12464`
+-  qemu: Ignore :cve_nist:`2025-54566` and :cve_nist:`2025-54567`
+-  rsync: Fix :cve_nist:`2025-10158`
+-  util-linux: Fix :cve_nist:`2025-14104`
+
+
+Fixes in Yocto-4.0.33
+~~~~~~~~~~~~~~~~~~~~~
+
+-  build-appliance-image: Update to kirkstone head revision
+-  contributor-guide/recipe-style-guide.rst: explain difference between layer and recipe license(s)
+-  cross.bbclass: Propagate dependencies to outhash
+-  cups: allow unknown directives in conf files
+-  docs: Add a new "Security" section
+-  oeqa: Use 2.14 release of cpio instead of 2.13
+-  overview-manual/yp-intro.rst: change removed ECOSYSTEM to ABOUT
+-  overview-manual/yp-intro.rst: fix SDK type in bullet list
+-  overview-manual/yp-intro.rst: link to YP members and participants
+-  overview-manual: convert YP-flow-diagram.png to SVG
+-  poky.conf: Bump version for 4.0.33 release
+-  pseudo: Upgrade to 1.9.2+git125b020dd2
+-  ref-manual/classes.rst: document the image-container class
+-  ref-manual/release-process.rst: add a "Development Cycle" section
+-  ref-manual/svg/releases.svg: mark styhead and walnascar EOL
+-  ref-manual/svg/releases.svg: mark whinlatter as current release
+-  ref-manual/variables.rst: document the :term:`CCACHE_TOP_DIR` variable
+-  scripts/install-buildtools: Update to 4.0.31
+-  test-manual/ptest.rst: detail the exit code and output requirements
+
+
+Known Issues in Yocto-4.0.33
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.33
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Aleksandar Nikolic
+-  Antonin Godard
+-  Changqing Li
+-  Deepesh Varatharajan
+-  Hitendra Prajapati
+-  Jiaying Song
+-  Kai Kang
+-  Khem Raj
+-  Libo Chen
+-  Liyin Zhang
+-  Martin Jansa
+-  Mingli Yu
+-  Paul Barker
+-  Peter Marko
+-  Richard Purdie
+-  Robert Yang
+-  Vijay Anusuri
+-  Yash Shinde
+
+Repositories / Downloads for Yocto-4.0.33
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.33 </yocto-docs/log/?h=yocto-4.0.33>`
+-  Git Revision: :yocto_git:`6799b1be5d48f4bf5dcd0b16c2dbc2e297d4ecd9 </yocto-docs/commit/?id=6799b1be5d48f4bf5dcd0b16c2dbc2e297d4ecd9>`
+-  Release Artefact: yocto-docs-6799b1be5d48f4bf5dcd0b16c2dbc2e297d4ecd9
+-  sha: 42a0eb89c8f87a9a966aecb8265f463486d4383cb67d1e67382ddf9d4d7f88b5
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.33/yocto-docs-6799b1be5d48f4bf5dcd0b16c2dbc2e297d4ecd9.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.33/yocto-docs-6799b1be5d48f4bf5dcd0b16c2dbc2e297d4ecd9.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.33 </poky/log/?h=yocto-4.0.33>`
+-  Git Revision: :yocto_git:`ff118ede826a9ae45eb35025a5f7f612880fba01 </poky/commit/?id=ff118ede826a9ae45eb35025a5f7f612880fba01>`
+-  Release Artefact: poky-ff118ede826a9ae45eb35025a5f7f612880fba01
+-  sha: 2a8c24406fa96fc52728a96f25136a3fd7ee652eea6e12319a6b7c0457ccfdfd
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.33/poky-ff118ede826a9ae45eb35025a5f7f612880fba01.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.33/poky-ff118ede826a9ae45eb35025a5f7f612880fba01.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.33 </openembedded-core/log/?h=yocto-4.0.33>`
+-  Git Revision: :oe_git:`036f76ea35c49a78d612093dcd8eb1fac7ded8d7 </openembedded-core/commit/?id=036f76ea35c49a78d612093dcd8eb1fac7ded8d7>`
+-  Release Artefact: oecore-036f76ea35c49a78d612093dcd8eb1fac7ded8d7
+-  sha: fc180ff224529fd73a7aec4a4cf5beb40fba17646ee694715cf603baba26610c
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.33/oecore-036f76ea35c49a78d612093dcd8eb1fac7ded8d7.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.33/oecore-036f76ea35c49a78d612093dcd8eb1fac7ded8d7.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`kirkstone </meta-yocto/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.33 </meta-yocto/log/?h=yocto-4.0.33>`
+-  Git Revision: :yocto_git:`677379f21941363d50f9d946963542b4ccb7e27c </meta-yocto/commit/?id=677379f21941363d50f9d946963542b4ccb7e27c>`
+-  Release Artefact: meta-yocto-677379f21941363d50f9d946963542b4ccb7e27c
+-  sha: 90f52c406f4e69748b8d73eee07b8a1247d19cc29f4893174f110a034b10415f
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.33/meta-yocto-677379f21941363d50f9d946963542b4ccb7e27c.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.33/meta-yocto-677379f21941363d50f9d946963542b4ccb7e27c.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.33 </meta-mingw/log/?h=yocto-4.0.33>`
+-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
+-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
+-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.33/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.33/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.33 </meta-gplv2/log/?h=yocto-4.0.33>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.33/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.33/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.33 </bitbake/log/?h=yocto-4.0.33>`
+-  Git Revision: :oe_git:`8e2d1f8de055549b2101614d85454fcd1d0f94b2 </bitbake/commit/?id=8e2d1f8de055549b2101614d85454fcd1d0f94b2>`
+-  Release Artefact: bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2
+-  sha: fad4e7699bae62082118e89785324b031b0af0743064caee87c91ba28549afb0
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.33/bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.33/bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2.tar.bz2
+
--- a/documentation/migration-guides/release-notes-4.0.34.rst
+++ b/documentation/migration-guides/release-notes-4.0.34.rst
@@ -0,0 +1,191 @@
+Release notes for Yocto-4.0.34 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.34
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  avahi: Fix :cve_nist:`2026-24401`, :cve_nist:`2025-68276`, :cve_nist:`2025-68468` and
+   :cve_nist:`2025-68471`
+-  bind: Fix :cve_nist:`2025-13878`
+-  expat: Fix :cve_nist:`2026-24515` and :cve_nist:`2026-25210`
+-  ffmpeg: Ignore :cve_nist:`2025-25468` and :cve_nist:`2025-25469`
+-  glib-2.0: Fix :cve_nist:`2026-0988`, :cve_nist:`2026-1484`, :cve_nist:`2026-1485` and
+   :cve_nist:`2026-1489`
+-  glibc: Fix :cve_nist:`2025-15281`, :cve_nist:`2026-0861` and :cve_nist:`2026-0915`
+-  harfbuzz: Ignore :cve_nist:`2026-22693`
+-  inetutils: Fix :cve_nist:`2026-24061`
+-  libpng: Fix :cve_nist:`2026-22695`, :cve_nist:`2026-22801` and :cve_nist:`2026-25646`
+-  libtasn1: Fix :cve_nist:`2025-13151`
+-  libxml2: Fix :cve_nist:`2026-0990` and :cve_nist:`2026-0992`
+-  linux-yocto/5.15: Fix :cve_nist:`2022-49465`, :cve_nist:`2023-54207`, :cve_nist:`2025-22058`,
+   :cve_nist:`2025-40040`, :cve_nist:`2025-40149`, :cve_nist:`2025-40164`, :cve_nist:`2025-68211`,
+   :cve_nist:`2025-68340`, :cve_nist:`2025-68365`, :cve_nist:`2025-68725`, :cve_nist:`2025-68817`,
+   :cve_nist:`2025-71147`, :cve_nist:`2025-71154`, :cve_nist:`2025-71162`, :cve_nist:`2025-71163`,
+   :cve_nist:`2026-22976`, :cve_nist:`2026-22977`, :cve_nist:`2026-22978`, :cve_nist:`2026-22980`,
+   :cve_nist:`2026-22982`, :cve_nist:`2026-22984`, :cve_nist:`2026-22990`, :cve_nist:`2026-22991`,
+   :cve_nist:`2026-22992`, :cve_nist:`2026-22997`, :cve_nist:`2026-22998`, :cve_nist:`2026-22999`,
+   :cve_nist:`2026-23060`, :cve_nist:`2026-23061`, :cve_nist:`2026-23063`, :cve_nist:`2026-23064`,
+   :cve_nist:`2026-23076`, :cve_nist:`2026-23078`, :cve_nist:`2026-23080`, :cve_nist:`2026-23083`,
+   :cve_nist:`2026-23084`, :cve_nist:`2026-23085`, :cve_nist:`2026-23087`, :cve_nist:`2026-23089`,
+   :cve_nist:`2026-23090`, :cve_nist:`2026-23091`, :cve_nist:`2026-23093`, :cve_nist:`2026-23095`,
+   :cve_nist:`2026-23096`, :cve_nist:`2026-23097`, :cve_nist:`2026-23119`, :cve_nist:`2026-23120`,
+   :cve_nist:`2026-23121`, :cve_nist:`2026-23124`, :cve_nist:`2026-23125`, :cve_nist:`2026-23133`,
+   :cve_nist:`2026-23146`, :cve_nist:`2026-23150`, :cve_nist:`2026-23164`, :cve_nist:`2026-23167`
+   and :cve_nist:`2026-23170`
+-  openssl: Fix :cve_nist:`2025-15467`, :cve_nist:`2026-22795`, :cve_nist:`2026-22796`,
+   :cve_nist:`2025-68160`, :cve_nist:`2025-69418`, :cve_nist:`2025-69419`, :cve_nist:`2025-69420`
+   and :cve_nist:`2025-69421`
+-  python3: Fix :cve_nist:`2025-12084` and :cve_nist:`2025-13837`
+-  vim: Ignore :cve_nist:`2025-66476`
+-  zlib: Ignore :cve_nist:`2026-22184`
+
+
+Fixes in Yocto-4.0.34
+~~~~~~~~~~~~~~~~~~~~~
+
+-  bind: Upgrade to 9.18.44
+-  build-appliance-image: Update to kirkstone head revision
+-  classes/buildhistory: Do not sign buildhistory commits
+-  dev-manual/packages.rst: fix example recipe version
+-  dev-manual/packages.rst: pr server: fix and explain why r0.X increments on :term:`SRCREV` change
+-  dev-manual/packages.rst: rename r0.0 to r0 when :term:`PR` server is not enabled
+-  glibc: stable 2.35 branch updates
+-  linux-yocto/5.15: update to v5.15.199
+-  migration-guides: add release notes for 4.0.32
+-  openssl: upgrade to 3.0.19
+-  poky.conf: Bump version for 4.0.34 release
+-  poky.conf: add fedora-41, debian-12, rocky-8&9 to :term:`SANITY_TESTED_DISTROS`
+-  pseudo: Update to 1.9.3+git43cbd8fb49
+-  ref-manual/classes.rst: fix broken links to U-Boot documentation
+-  ref-manual/system-requirements.rst: update untested distros
+-  scripts/install-buildtools: Update to 4.0.32
+-  u-boot: move CVE patch out of u-boot-common.inc
+-  what-i-wish-id-known.rst: replace figure by the new SVG
+
+
+Known Issues in Yocto-4.0.34
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.34
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Aleksandar Nikolic
+-  Amaury Couderc
+-  Ankur Tyagi
+-  Antonin Godard
+-  Bruce Ashfield
+-  Fabio Berton
+-  Hugo SIMELIERE
+-  Lee Chee Yang
+-  Michael Opdenacker
+-  Paul Barker
+-  Peter Marko
+-  Richard Purdie
+-  Scott Murray
+-  Vijay Anusuri
+-  Yoann Congal
+
+Repositories / Downloads for Yocto-4.0.34
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.34 </yocto-docs/log/?h=yocto-4.0.34>`
+-  Git Revision: :yocto_git:`7c348dd67cfd169b1a56bf969606b03dccb76c56 </yocto-docs/commit/?id=7c348dd67cfd169b1a56bf969606b03dccb76c56>`
+-  Release Artefact: yocto-docs-7c348dd67cfd169b1a56bf969606b03dccb76c56
+-  sha: 0677fc3aee3c936599f3bcffbe16792494058bd3506ca3ab1697ceac1822829b
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.34/yocto-docs-7c348dd67cfd169b1a56bf969606b03dccb76c56.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.34/yocto-docs-7c348dd67cfd169b1a56bf969606b03dccb76c56.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.34 </poky/log/?h=yocto-4.0.34>`
+-  Git Revision: :yocto_git:`8334e82e1d85e50557bd3da64054fc9e3eafc495 </poky/commit/?id=8334e82e1d85e50557bd3da64054fc9e3eafc495>`
+-  Release Artefact: poky-8334e82e1d85e50557bd3da64054fc9e3eafc495
+-  sha: 74fcc57d1dd3bb0c6ef77bfaaeca7504f393e705a55149cf52d4b61981c9c387
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.34/poky-8334e82e1d85e50557bd3da64054fc9e3eafc495.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.34/poky-8334e82e1d85e50557bd3da64054fc9e3eafc495.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.34 </openembedded-core/log/?h=yocto-4.0.34>`
+-  Git Revision: :oe_git:`7b6c9faa301a6d058ca34e230586f6a81ffa3ffb </openembedded-core/commit/?id=7b6c9faa301a6d058ca34e230586f6a81ffa3ffb>`
+-  Release Artefact: oecore-7b6c9faa301a6d058ca34e230586f6a81ffa3ffb
+-  sha: 375a22e3e229064749e78c80c44cde95adcedd26df76045fccefa3a9d3fa14ad
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.34/oecore-7b6c9faa301a6d058ca34e230586f6a81ffa3ffb.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.34/oecore-7b6c9faa301a6d058ca34e230586f6a81ffa3ffb.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`kirkstone </meta-yocto/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.34 </meta-yocto/log/?h=yocto-4.0.34>`
+-  Git Revision: :yocto_git:`1d3874a383023a5e2433e0fcfd87ac5d1e6d341d </meta-yocto/commit/?id=1d3874a383023a5e2433e0fcfd87ac5d1e6d341d>`
+-  Release Artefact: meta-yocto-1d3874a383023a5e2433e0fcfd87ac5d1e6d341d
+-  sha: baf48bbe1f29686d502c0c6f311c7723b0a18f08e7efbf89c150589102285dbe
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.34/meta-yocto-1d3874a383023a5e2433e0fcfd87ac5d1e6d341d.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.34/meta-yocto-1d3874a383023a5e2433e0fcfd87ac5d1e6d341d.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.34 </meta-mingw/log/?h=yocto-4.0.34>`
+-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
+-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
+-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.34/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.34/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.34 </meta-gplv2/log/?h=yocto-4.0.34>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.34/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.34/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.34 </bitbake/log/?h=yocto-4.0.34>`
+-  Git Revision: :oe_git:`8e2d1f8de055549b2101614d85454fcd1d0f94b2 </bitbake/commit/?id=8e2d1f8de055549b2101614d85454fcd1d0f94b2>`
+-  Release Artefact: bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2
+-  sha: fad4e7699bae62082118e89785324b031b0af0743064caee87c91ba28549afb0
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.34/bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.34/bitbake-8e2d1f8de055549b2101614d85454fcd1d0f94b2.tar.bz2
+
--- a/documentation/migration-guides/release-notes-4.0.35.rst
+++ b/documentation/migration-guides/release-notes-4.0.35.rst
@@ -0,0 +1,198 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.35 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.35
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  alsa-lib: Fix :cve_nist:`2026-25068`
+-  busybox: Fix :cve_nist:`2025-60876`
+-  curl: Fix :cve_nist:`2025-14524`, :cve_nist:`2026-1965`, :cve_nist:`2026-3783` and
+   :cve_nist:`2026-3784`
+-  ffmpeg: Fix :cve_nist:`2025-10256`
+-  gdk-pixbuf: Fix :cve_nist:`2025-6199`
+-  inetutils: Fix :cve_nist:`2026-28372`
+-  libarchive: Fix :cve_nist:`2026-4111`
+-  libpam: Fix :cve_nist:`2024-10963`
+-  linux-yocto/5.15: Fix :cve_nist:`2025-40082`, :cve_nist:`2025-68358`, :cve_nist:`2025-71089`,
+   :cve_nist:`2025-71220`, :cve_nist:`2025-71222`, :cve_nist:`2025-71232`, :cve_nist:`2025-71233`,
+   :cve_nist:`2025-71235`, :cve_nist:`2025-71236`, :cve_nist:`2025-71237`, :cve_nist:`2025-71238`,
+   :cve_nist:`2026-23111`, :cve_nist:`2026-23112`, :cve_nist:`2026-23169`, :cve_nist:`2026-23190`,
+   :cve_nist:`2026-23193`, :cve_nist:`2026-23198`, :cve_nist:`2026-23202`, :cve_nist:`2026-23206`,
+   :cve_nist:`2026-23209`, :cve_nist:`2026-23216`, :cve_nist:`2026-23221`, :cve_nist:`2026-23222`,
+   :cve_nist:`2026-23228`, :cve_nist:`2026-23229`, :cve_nist:`2026-23231`, :cve_nist:`2026-23234`,
+   :cve_nist:`2026-23235`, :cve_nist:`2026-23236`, :cve_nist:`2026-23237` and :cve_nist:`2026-23238`
+-  ncurses: Fix :cve_nist:`2025-69720`
+-  python3: Fix :cve_nist:`2024-6923`, :cve_nist:`2025-15282`, :cve_nist:`2025-59375`,
+   :cve_nist:`2026-0865`, :cve_nist:`2026-24515` and :cve_nist:`2026-25210`
+-  python3-pip: Fix :cve_nist:`2026-1703`
+-  python3-pyopenssl: Fix :cve_nist:`2026-27448` and :cve_nist:`2026-27459`
+-  sqlite3: Fix :cve_nist:`2025-70873`
+-  tiff: Fix :cve_nist:`2025-61143` and :cve_nist:`2025-61144`
+-  vim: Fix :cve_nist:`2026-25749`, :cve_nist:`2026-26269`, :cve_nist:`2026-28418`,
+   :cve_nist:`2026-28419` and :cve_nist:`2026-33412`
+
+
+Fixes in Yocto-4.0.35
+~~~~~~~~~~~~~~~~~~~~~
+
+-  bitbake: tests/fetch: Avoid using git protocol in tests
+-  build-appliance-image: Update to kirkstone head revision
+-  contributor-guide/submit-changes.rst: Added missing word
+-  create-pull-request: Keep commit hash to be pulled in cover email
+-  createrepo-c: Fix createrepo-c-native build on GCC14 hosts (e.g. Fedora 41)
+-  gtk+3: fix incompatible-pointer-types errors for native build on Fedora 41
+-  libcomps: Fix libcomps-native build on GCC14 hosts (e.g. Fedora 41)
+-  libpam: re-add missing libgen include
+-  libtheora: set :term:`CVE_PRODUCT`
+-  linux-yocto/5.15: update to v5.15.201
+-  lsb.py: strip ' from os-release file
+-  migration-guide: add release notes for 4.0.33 4.0.34
+-  oeqa/manual: Default to https git protocol for YP/OE repos
+-  oeqa/sdk: Default to https git protocol for YP/OE repos
+-  oeqa/selftest/git-submodule-test: Default to https git protocol for YP/OE repos
+-  overview-manual: escape wildcard in inline markup
+-  poky.conf: Bump version for 4.0.35 release
+-  python3: upgrade to 3.10.20
+-  README.OE-Core: update contributor links and add kirkstone prefix
+-  recipes: Default to https git protocol for YP/OE repos
+-  recipetool: Recognise https://git. as git urls
+-  ref-manual/system-requirements.rst: update end-of-life distros
+-  scripts/install-buildtools: Update to 4.0.34
+-  scripts: Default to https git protocol for YP/OE repos
+-  selftest/scripts: Update old git protocol references
+-  tcl: skip http11 tests
+-  tiff: set status of CVE-2025-61145 as fixed by patch for :cve_nist:`2025-8961`
+-  tzdata,tzcode-native: Upgrade to 2026a
+
+
+Known Issues in Yocto-4.0.35
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.35
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Aleksandar Nikolic
+-  Antonin Godard
+-  Bruce Ashfield
+-  Fabien Thomas
+-  Hitendra Prajapati
+-  Jinfeng Wang
+-  Ken Kurematsu
+-  Kristiyan Chakarov
+-  Lee Chee Yang
+-  Martin Jansa
+-  Paul Barker
+-  Peter Marko
+-  Richard Purdie
+-  Ross Burton
+-  Shaik Moin
+-  Vijay Anusuri
+-  Yanis BINARD
+-  Yoann Congal
+
+Repositories / Downloads for Yocto-4.0.35
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.35 </yocto-docs/log/?h=yocto-4.0.35>`
+-  Git Revision: :yocto_git:`ce6734c68649739c635675a133fa77edb9865028 </yocto-docs/commit/?id=ce6734c68649739c635675a133fa77edb9865028>`
+-  Release Artefact: yocto-docs-ce6734c68649739c635675a133fa77edb9865028
+-  sha: ddb6fac4d257f4f76836055cafad529729e99c293d3b8d3dabef926fad5e725f
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.35/yocto-docs-ce6734c68649739c635675a133fa77edb9865028.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.35/yocto-docs-ce6734c68649739c635675a133fa77edb9865028.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.35 </poky/log/?h=yocto-4.0.35>`
+-  Git Revision: :yocto_git:`93431249a6260da7bd29ee3ca32145d89e5b8259 </poky/commit/?id=93431249a6260da7bd29ee3ca32145d89e5b8259>`
+-  Release Artefact: poky-93431249a6260da7bd29ee3ca32145d89e5b8259
+-  sha: a8e95213248c5400276611754f2c98b8d8972e166bdf41433c45fcdd2bf668cb
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.35/poky-93431249a6260da7bd29ee3ca32145d89e5b8259.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.35/poky-93431249a6260da7bd29ee3ca32145d89e5b8259.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.35 </openembedded-core/log/?h=yocto-4.0.35>`
+-  Git Revision: :oe_git:`51259c7e933a2ac8ebc01604d6e65607b76b7b56 </openembedded-core/commit/?id=51259c7e933a2ac8ebc01604d6e65607b76b7b56>`
+-  Release Artefact: oecore-51259c7e933a2ac8ebc01604d6e65607b76b7b56
+-  sha: 2cd531e2a107849e7a452e71e41f22b42160979066e10d0661e97acfab125b1f
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.35/oecore-51259c7e933a2ac8ebc01604d6e65607b76b7b56.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.35/oecore-51259c7e933a2ac8ebc01604d6e65607b76b7b56.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`kirkstone </meta-yocto/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.35 </meta-yocto/log/?h=yocto-4.0.35>`
+-  Git Revision: :yocto_git:`34e3c9a19b8b955116109a2e9528966db3fced37 </meta-yocto/commit/?id=34e3c9a19b8b955116109a2e9528966db3fced37>`
+-  Release Artefact: meta-yocto-34e3c9a19b8b955116109a2e9528966db3fced37
+-  sha: 18da6dbb745d5e4e42a93527c36751778155e3762728b0b1020b890480402dde
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.35/meta-yocto-34e3c9a19b8b955116109a2e9528966db3fced37.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.35/meta-yocto-34e3c9a19b8b955116109a2e9528966db3fced37.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.35 </meta-mingw/log/?h=yocto-4.0.35>`
+-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
+-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
+-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.35/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.35/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.35 </meta-gplv2/log/?h=yocto-4.0.35>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.35/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.35/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.35 </bitbake/log/?h=yocto-4.0.35>`
+-  Git Revision: :oe_git:`7fd0197fd5fedd23cc885b5e7e816d86a392fdf9 </bitbake/commit/?id=7fd0197fd5fedd23cc885b5e7e816d86a392fdf9>`
+-  Release Artefact: bitbake-7fd0197fd5fedd23cc885b5e7e816d86a392fdf9
+-  sha: 6c01ff2b4b0060ef3d6d3f1fc11690094b22865af4989946544d08d74b473ec9
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.35/bitbake-7fd0197fd5fedd23cc885b5e7e816d86a392fdf9.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-4.0.35/bitbake-7fd0197fd5fedd23cc885b5e7e816d86a392fdf9.tar.bz2
+
--- a/documentation/migration-guides/release-notes-4.3.rst
+++ b/documentation/migration-guides/release-notes-4.3.rst
@@ -274,7 +274,7 @@ New Features / Enhancements in 4.3

   -  New :doc:`../contributor-guide/index` document.

-   -  New :doc:`../dev-manual/security-subjects` chapter in the Development
+   -  New "Dealing with Vulnerability Reports" chapter in the Development
      Tasks Manual.

   -  Long overdue documentation for the :ref:`ref-classes-devicetree` class.
--- a/documentation/migration-guides/release-notes-5.0.13.rst
+++ b/documentation/migration-guides/release-notes-5.0.13.rst
@@ -0,0 +1,241 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-5.0.13 (Scarthgap)
+------------------------------------------
+
+Security Fixes in Yocto-5.0.13
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  busybox: Fix :cve_nist:`2025-46394`
+-  cups: Fix :cve_nist:`2025-58060` and :cve_nist:`2025-58364`
+-  curl: Fix :cve_nist:`2025-9086`
+-  dpkg: Fix :cve_nist:`2025-6297`
+-  expat: follow-up Fix :cve_nist:`2024-8176`
+-  ffmpeg: Fix :cve_nist:`2025-1594`
+-  ffmpeg: Ignore :cve_nist:`2023-49502`, :cve_nist:`2023-50007`, :cve_nist:`2023-50008`,
+   :cve_nist:`2023-50009`, :cve_nist:`2023-50010`, :cve_nist:`2024-31578`, :cve_nist:`2024-31582`
+   and :cve_nist:`2024-31585`
+-  ghostscript: Fix :cve_nist:`2025-59798`, :cve_nist:`2025-59799` and :cve_nist:`2025-59800`
+-  glib-2.0: Fix :cve_nist:`2025-6052` and :cve_nist:`2025-7039`
+-  go-binary-native: Ignore :cve_nist:`2025-0913`
+-  go: Fix :cve_nist:`2025-4674`, :cve_nist:`2025-47906` and :cve_nist:`2025-47907`
+-  grub2: Fix :cve_nist:`2024-56738`
+-  grub2: Ignore :cve_nist:`2024-2312`
+-  gstreamer1.0-plugins-bad: Fix :cve_nist:`2025-3887`
+-  gstreamer1.0-plugins-base: Fix :cve_nist:`2025-47807`
+-  gstreamer1.0-plugins-base: Ignore :cve_nist:`2025-47806` and :cve_nist:`2025-47808`
+-  gstreamer1.0-plugins-good: Ignore :cve_nist:`2025-47183` and :cve_nist:`2025-47219`
+-  gstreamer1.0: Ignore :cve_nist:`2025-2759`
+-  libpam: Fix :cve_nist:`2024-10963`
+-  libxslt: Fix :cve_nist:`2025-7424`
+-  openssl: Fix :cve_nist:`2025-9230`, :cve_nist:`2025-9231` and :cve_nist:`2025-9232`
+-  pulseaudio: Ignore :cve_nist:`2024-11586`
+-  qemu: Ignore :cve_nist:`2024-7730`
+-  tiff: Fix :cve_nist:`2025-9900`
+-  tiff: Ignore :cve_nist:`2024-13978`, :cve_nist:`2025-8176`, :cve_nist:`2025-8177`,
+   :cve_nist:`2025-8534` and :cve_nist:`2025-8851`
+-  vim: Fix :cve_nist:`2025-9389`
+-  wpa-supplicant: Fix :cve_nist:`2022-37660`
+
+
+Fixes in Yocto-5.0.13
+~~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: fix build with gcc-15
+-  bitbake: Use a "fork" multiprocessing context
+-  bitbake: bitbake: Bump version to 2.8.1
+-  build-appliance-image: Update to scarthgap head revision
+-  buildtools-tarball: fix unbound variable issues under 'set -u'
+-  cmake: fix build with gcc-15 on host
+-  conf/bitbake.conf: use gnu mirror instead of main server
+-  contributor-guide: submit-changes: align :term:`CC` tag description
+-  contributor-guide: submit-changes: clarify example with Yocto bug ID
+-  contributor-guide: submit-changes: fix improper bold string
+-  contributor-guide: submit-changes: make "Crediting contributors" part of "Commit your changes"
+-  contributor-guide: submit-changes: make the Cc tag follow kernel guidelines
+-  contributor-guide: submit-changes: number instruction list in commit your changes
+-  contributor-guide: submit-changes: reword commit message instructions
+-  cpio: Pin to use C17 std
+-  cups: upgrade to 2.4.11
+-  curl: update :term:`CVE_STATUS` for :cve_nist:`2025-5025`
+-  dbus-glib: fix build with gcc-15
+-  default-distrovars.inc: Fix CONNECTIVITY_CHECK_URIS redirect issue
+-  dev-manual/building.rst: add note about externalsrc variables absolute paths
+-  dev-manual/security-subjects.rst: update mailing lists
+-  elfutils: fix build with gcc-15
+-  examples: genl: fix wrong attribute size
+-  expect: Fix build with GCC 15
+-  expect: Revert "expect-native: fix do_compile failure with gcc-14"
+-  expect: cleanup do_install
+-  expect: don't run aclocal in do_configure
+-  expect: fix native build with GCC 15
+-  expect: update code for Tcl channel implementation
+-  ffmpeg: upgrade to 6.1.3
+-  gdbm: Use C11 standard
+-  git: fix build with gcc-15 on host
+-  gmp: Fix build with GCC15/C23
+-  gmp: Fix build with older gcc versions
+-  kernel-dev/common.rst: fix the in-tree defconfig description
+-  lib/oe/utils: use multiprocessing from bb
+-  libarchive: patch regression of patch for :cve_nist:`2025-5918`
+-  libgpg-error: fix build with gcc-15
+-  libtirpc: Fix build with gcc-15/C23
+-  license.py: avoid deprecated ast.Str
+-  llvm: fix build with gcc-15
+-  llvm: update to 18.1.8
+-  m4: Stick to C17 standard
+-  migration-guides: add release notes for 4.0.29 5.0.12
+-  ncurses: Pin to C17 standard
+-  oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server
+-  openssl: upgrade to 3.2.6
+-  p11-kit: backport fix for handle :term:`USE_NLS` from master
+-  pkgconfig: fix build with gcc-15
+-  poky.conf: bump version for 5.0.13
+-  pulseaudio: Add audio group explicitly
+-  ref-manual/structure: document the auto.conf file
+-  ref-manual/variables.rst: expand :term:`IMAGE_OVERHEAD_FACTOR` glossary entry
+-  ref-manual/variables.rst: fix the description of :term:`KBUILD_DEFCONFIG` :term:`STAGING_DIR`
+-  rpm: keep leading "/" from sed operation
+-  ruby-ptest: some ptest fixes
+-  runqemu: fix special characters bug
+-  rust-llvm: fix build with gcc-15
+-  sanity.conf: Update minimum bitbake version to 2.8.1
+-  scripts/install-buildtools: Update to 5.0.12
+-  sdk: The main in the C example should return an int
+-  selftest/cases/meta_ide.py: use use gnu mirror instead of main server
+-  shared-mime-info: Handle :term:`USE_NLS`
+-  sudo: remove devtool FIXME comment
+-  systemd: backport fix for handle :term:`USE_NLS` from master
+-  systemtap: Fix task_work_cancel build
+-  test-manual/yocto-project-compatible.rst: fix a typo
+-  test-manual: update runtime-testing Exporting Tests section
+-  unifdef: Don't use C23 constexpr keyword
+-  unzip: Fix build with GCC-15
+-  util-linux: use ${B} instead of ${WORKDIR}/build, to fix building under devtool
+-  vim: upgrade to 9.1.1683
+-  yocto-uninative: Update to 4.9 for glibc 2.42 GCC 15.1
+
+
+Known Issues in Yocto-5.0.13
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+Contributors to Yocto-5.0.13
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+-  Adam Blank
+-  Adrian Freihofer
+-  Aleksandar Nikolic
+-  Antonin Godard
+-  Archana Polampalli
+-  AshishKumar Mishra
+-  Barne Carstensen
+-  Chris Laplante
+-  Deepak Rathore
+-  Divya Chellam
+-  Gyorgy Sarvari
+-  Haixiao Yan
+-  Hitendra Prajapati
+-  Hongxu Jia
+-  Jan Vermaete
+-  Jiaying Song
+-  Jinfeng Wang
+-  Joao Marcos Costa
+-  Joshua Watt
+-  Khem Raj
+-  Kyungjik Min
+-  Lee Chee Yang
+-  Libo Chen
+-  Martin Jansa
+-  Michael Halstead
+-  Nitin Wankhade
+-  Peter Marko
+-  Philip Lorenz
+-  Praveen Kumar
+-  Quentin Schulz
+-  Ross Burton
+-  Stanislav Vovk
+-  Steve Sakoman
+-  Talel BELHAJ SALEM
+-  Vijay Anusuri
+-  Vrushti Dabhi
+-  Yogita Urade
+
+
+Repositories / Downloads for Yocto-5.0.13
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.13 </yocto-docs/log/?h=yocto-5.0.13>`
+-  Git Revision: :yocto_git:`6f086fd3d9dbbb0c80f6c3e89b8df4fed422e79a </yocto-docs/commit/?id=6f086fd3d9dbbb0c80f6c3e89b8df4fed422e79a>`
+-  Release Artefact: yocto-docs-6f086fd3d9dbbb0c80f6c3e89b8df4fed422e79a
+-  sha: 454601d8b6034268212f74ca689ed360b08f7a4c7de5df726aa3706586ca4351
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.13/yocto-docs-6f086fd3d9dbbb0c80f6c3e89b8df4fed422e79a.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.13/yocto-docs-6f086fd3d9dbbb0c80f6c3e89b8df4fed422e79a.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.13 </poky/log/?h=yocto-5.0.13>`
+-  Git Revision: :yocto_git:`f16cffd030d21d12dd57bb95cfc310bda41f8a1f </poky/commit/?id=f16cffd030d21d12dd57bb95cfc310bda41f8a1f>`
+-  Release Artefact: poky-f16cffd030d21d12dd57bb95cfc310bda41f8a1f
+-  sha: 1367e43907f5ffa725f3afb019cd7ca07de21f13e5e73a1f5d1808989ae6ed2a
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.13/poky-f16cffd030d21d12dd57bb95cfc310bda41f8a1f.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.13/poky-f16cffd030d21d12dd57bb95cfc310bda41f8a1f.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.13 </openembedded-core/log/?h=yocto-5.0.13>`
+-  Git Revision: :oe_git:`7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b </openembedded-core/commit/?id=7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b>`
+-  Release Artefact: oecore-7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b
+-  sha: 4dcf636ec4a7b38b47a24e9cb3345b385bc126bb19620bf6af773bf292fef6b2
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.13/oecore-7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.13/oecore-7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`scarthgap </meta-yocto/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.13 </meta-yocto/log/?h=yocto-5.0.13>`
+-  Git Revision: :yocto_git:`3ff7ca786732390cd56ae92ff4a43aba46a1bf2e </meta-yocto/commit/?id=3ff7ca786732390cd56ae92ff4a43aba46a1bf2e>`
+-  Release Artefact: meta-yocto-3ff7ca786732390cd56ae92ff4a43aba46a1bf2e
+-  sha: 8efbaeab49dc3e1c4b67ff8d5801df1b05204c2255d18cff9a6857769ae33b23
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.13/meta-yocto-3ff7ca786732390cd56ae92ff4a43aba46a1bf2e.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.13/meta-yocto-3ff7ca786732390cd56ae92ff4a43aba46a1bf2e.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.13 </meta-mingw/log/?h=yocto-5.0.13>`
+-  Git Revision: :yocto_git:`bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f </meta-mingw/commit/?id=bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f>`
+-  Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
+-  sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.13/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.13/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.13 </bitbake/log/?h=yocto-5.0.13>`
+-  Git Revision: :oe_git:`1c9ec1ffde75809de34c10d3ec2b40d84d258cb4 </bitbake/commit/?id=1c9ec1ffde75809de34c10d3ec2b40d84d258cb4>`
+-  Release Artefact: bitbake-1c9ec1ffde75809de34c10d3ec2b40d84d258cb4
+-  sha: 98bf54fa3abe237b73a93b1e33842a429209371fca6e409c258a441987879d16
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.13/bitbake-1c9ec1ffde75809de34c10d3ec2b40d84d258cb4.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.13/bitbake-1c9ec1ffde75809de34c10d3ec2b40d84d258cb4.tar.bz2
+
--- a/documentation/migration-guides/release-notes-5.0.14.rst
+++ b/documentation/migration-guides/release-notes-5.0.14.rst
@@ -0,0 +1,211 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-5.0.14 (Scarthgap)
+------------------------------------------
+
+Security Fixes in Yocto-5.0.14
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  bind: Fix :cve_nist:`2025-8677`, :cve_nist:`2025-40778` and :cve_nist:`2025-40780`
+-  binutils: Fix :cve_nist:`2025-8225`, :cve_nist:`2025-11081`, :cve_nist:`2025-11082`,
+   :cve_nist:`2025-11083`, :cve_nist:`2025-11412`, :cve_nist:`2025-11413` and :cve_nist:`2025-11414`
+-  cmake: fix :cve_nist:`2025-9301`
+-  curl: Ignore :cve_nist:`2025-10966`
+-  elfutils: Fix :cve_nist:`2025-1376` and :cve_nist:`2025-1377`
+-  expat: Fix :cve_nist:`2025-59375`
+-  glib-networking: Fix :cve_nist:`2025-60018` and :cve_nist:`2025-60019`
+-  gnupg: Ignore :cve_nist:`2025-30258`
+-  go: Fix :cve_nist:`2025-47912`, :cve_nist:`2025-58185`, :cve_nist:`2025-58187`,
+   :cve_nist:`2025-58188`, :cve_nist:`2025-58189`, :cve_nist:`2025-61723` and :cve_nist:`2025-61724`
+-  libpam: Ignore :cve_nist:`2025-6018`
+-  lz4: Fix :cve_nist:`2025-62813`
+-  openssh: Fix :cve_nist:`2025-61984` and :cve_nist:`2025-61985`
+-  python3: Fix :cve_nist:`2025-59375`
+-  python3-xmltodict: Fix :cve_nist:`2025-9375`
+-  qemu: Fix :cve_nist:`2024-8354`
+-  tiff: Ignore :cve_nist:`2025-8961`
+-  u-boot: Fix :cve_nist:`2024-42040`
+-  wpa-supplicant: Fix :cve_nist:`2025-24912`
+
+
+Fixes in Yocto-5.0.14
+~~~~~~~~~~~~~~~~~~~~~
+
+-  bind: upgrade to 9.18.41
+-  bitbake: bb/fetch2/__init__.py: remove a DeprecationWarning in uri_replace()
+-  bitbake: fetch2/wget: Keep query parameters in URL during checkstatus
+-  build-appliance-image: Update to scarthgap head revision
+-  ca-certificates: Add comment for provenance of :term:`SRCREV`
+-  ca-certificates: fix on-target postinstall script
+-  ca-certificates: get sources from debian tarballs
+-  ca-certificates: submit sysroot patch upstream, drop default-sysroot.patch
+-  ca-certificates: upgrade to 20250419
+-  classes/create-spdx-2.2: align DEPLOY_DIR_SPDX with SPDX_VERSION layout
+-  classes/create-spdx-2.2: Handle empty packages
+-  classes-global/license: Move functions to library code
+-  classes-global/staging: Exclude do_create_spdx from automatic sysroot extension
+-  classes-recipe/baremetal-image: Add image file manifest
+-  classes-recipe/image: Add image file manifest
+-  curl: only set CA bundle in target build
+-  dev-manual, test-manual: Update autobuilder output links
+-  flex: fix build with gcc-15 on host
+-  glibc: stable 2.39 branch updates
+-  gstreamer1.0-plugins-bad: fix buffer allocation fail for v4l2codecs
+-  icu: Backport patch to fix build issues with long paths (>512 chars)
+-  iptables: remove /etc/ethertypes
+-  lib/license: Move package license skip to library
+-  lib: oe: license: Add missing import
+-  lib: oeqa: spdx: Add tests for extra options
+-  linux-yocto/6.6: update to v6.6.111
+-  meta: backport :term:`SPDX` 3.0 fixes and tasks from upstream version Walnascar
+-  migration-guides: add release notes for 4.0.30
+-  oe-build-perf-report: relax metadata matching rules
+-  oe-core: Remove empty file
+-  oeqa/runtime/ping: don't bother trying to ping localhost
+-  oeqa/selftest: Add :term:`SPDX` 3.0 include source case for work-share
+-  oeqa/selftest/devtool: Update after upstream repo changes
+-  oeqa: spdx: Add tar test for :term:`SPDX` 2.2
+-  overview-manual/yp-intro.rst: update on-target packaging info
+-  perf: add arm64 source files for unistd_64.h
+-  poky.conf: bump version for 5.0.14
+-  python3: upgrade to 3.12.12
+-  ref-manual/classes.rst: document the relative_symlinks class
+-  ref-manual/classes.rst: extend the uninative class documentation
+-  ref-manual/classes.rst: gettext: extend the documentation of the class
+-  ref-manual/variables.rst: document :term:`CCACHE_DISABLE` CHECKSUM :term:`UNINATIVE_URL`
+   :term:`REQUIRED_COMBINED_FEATURES` :term:`REQUIRED_IMAGE_FEATURES`
+   :term:`REQUIRED_MACHINE_FEATURES` :term:`USE_NLS` variable
+-  ref-manual/variables.rst: fix :term:`LAYERDEPENDS` description
+-  selftest: spdx: Add :term:`SPDX` 3.0 test cases
+-  selftest/spdx: Fix for SPDX_VERSION addition
+-  spdx 3.0: Rework how :term:`SPDX` aliases are linked
+-  spdx30_tasks: adapt CVE handling to new cve-check API
+-  spdx30_tasks: fix FetchData attribute in add_download_files
+-  util-linux: fix pointer usage in hwclock param handling
+-  vulnerabilities: update nvdcve file name
+-  webkitgtk: upgrade to 2.44.4
+-  wireless-regdb: upgrade to 2025.10.07
+-  xf86-video-intel: correct :term:`SRC_URI` as freedesktop anongit is down
+
+
+Known Issues in Yocto-5.0.14
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+Contributors to Yocto-5.0.14
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+-  Alexander Kanavin
+-  Anders Heimer
+-  Ankur Tyagi
+-  Antonin Godard
+-  Archana Polampalli
+-  Bastian Krause
+-  Bin Lan
+-  Bruce Ashfield
+-  Carlos Alberto Lopez Perez
+-  Daniel Semkowicz
+-  David Nyström
+-  Deepesh Varatharajan
+-  Gyorgy Sarvari
+-  Hongxu Jia
+-  Joshua Watt
+-  João Marcos Costa
+-  Kamel Bouhara (Schneider Electric)
+-  Lee Chee Yang
+-  Martin Jansa
+-  Matthias Schiffer
+-  Michael Haener
+-  Paul Barker
+-  Peter Marko
+-  Philippe-Alexandre Mathieu
+-  Praveen Kumar
+-  Rajeshkumar Ramasamy
+-  Rasmus Villemoes
+-  Richard Purdie
+-  Robert P. J. Day
+-  Saravanan
+-  Soumya Sambu
+-  Steve Sakoman
+-  Theodore A. Roth
+-  Wang Mingyu
+-  Yannic Moog
+-  Yash Shinde
+-  Yogita Urade
+
+Repositories / Downloads for Yocto-5.0.14
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.14 </yocto-docs/log/?h=yocto-5.0.14>`
+-  Git Revision: :yocto_git:`a8687e4bb2e822670b6ad110613a12fa02943d3d </yocto-docs/commit/?id=a8687e4bb2e822670b6ad110613a12fa02943d3d>`
+-  Release Artefact: yocto-docs-a8687e4bb2e822670b6ad110613a12fa02943d3d
+-  sha: 72a51b6049a59f773720d9b0aa94f090222a41aeb22d65c5f4211c78418fb6fa
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/yocto-docs-a8687e4bb2e822670b6ad110613a12fa02943d3d.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/yocto-docs-a8687e4bb2e822670b6ad110613a12fa02943d3d.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.14 </poky/log/?h=yocto-5.0.14>`
+-  Git Revision: :yocto_git:`7e8674996b0164b07e56bc066d0fba790e627061 </poky/commit/?id=7e8674996b0164b07e56bc066d0fba790e627061>`
+-  Release Artefact: poky-7e8674996b0164b07e56bc066d0fba790e627061
+-  sha: 071e189ebccfad99d4d79ea9021475296fa642611828249f0963b019f842a021
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/poky-7e8674996b0164b07e56bc066d0fba790e627061.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/poky-7e8674996b0164b07e56bc066d0fba790e627061.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.14 </openembedded-core/log/?h=yocto-5.0.14>`
+-  Git Revision: :oe_git:`471adaa5f77fa3b974eab60a2ded48e360042828 </openembedded-core/commit/?id=471adaa5f77fa3b974eab60a2ded48e360042828>`
+-  Release Artefact: oecore-471adaa5f77fa3b974eab60a2ded48e360042828
+-  sha: 4dfad047a68aea2293845cdb4a86911bb3b1b0444a63f51b4e5a2448018d6a5e
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/oecore-471adaa5f77fa3b974eab60a2ded48e360042828.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/oecore-471adaa5f77fa3b974eab60a2ded48e360042828.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`scarthgap </meta-yocto/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.14 </meta-yocto/log/?h=yocto-5.0.14>`
+-  Git Revision: :yocto_git:`bf6aea52c4009e08f26565c33ce432eec7cfb090 </meta-yocto/commit/?id=bf6aea52c4009e08f26565c33ce432eec7cfb090>`
+-  Release Artefact: meta-yocto-bf6aea52c4009e08f26565c33ce432eec7cfb090
+-  sha: 92c9da1027efaf945d80bcd44984d5f8e7606c7ded485b57c0c8f47c9fa1302d
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/meta-yocto-bf6aea52c4009e08f26565c33ce432eec7cfb090.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/meta-yocto-bf6aea52c4009e08f26565c33ce432eec7cfb090.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.14 </meta-mingw/log/?h=yocto-5.0.14>`
+-  Git Revision: :yocto_git:`bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f </meta-mingw/commit/?id=bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f>`
+-  Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
+-  sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.14 </bitbake/log/?h=yocto-5.0.14>`
+-  Git Revision: :oe_git:`8dcf084522b9c66a6639b5f117f554fde9b6b45a </bitbake/commit/?id=8dcf084522b9c66a6639b5f117f554fde9b6b45a>`
+-  Release Artefact: bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a
+-  sha: 766eda21f2a914276d2723b1d8248be11507f954aef8fc5bb1767f3cb65688dd
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.14/bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.14/bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a.tar.bz2
--- a/documentation/migration-guides/release-notes-5.0.15.rst
+++ b/documentation/migration-guides/release-notes-5.0.15.rst
@@ -0,0 +1,219 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-5.0.15 (Scarthgap)
+------------------------------------------
+
+Users of Alma 9, Rocky 9 and Centos Stream 9 rolling releases have seen obtuse failures in the execution of tar in various tasks after recent host distro updates. These newer versions of tar contain a CVE fix which uses a new glibc call/syscall (openat2). The fix is to update to a newer pseudo version which handles this syscall. This is not included in this stable release but we aim to include it in the next one.
+
+Security Fixes in Yocto-5.0.15
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: Fix :cve_nist:`2025-11494`, :cve_nist:`2025-11839` and :cve_nist:`2025-11840`
+-  cmake-native: Fix :cve_nist:`2025-9301`
+-  cups: Fix :cve_nist:`2025-58436` and :cve_nist:`2025-61915`
+-  gnutls: Fix CVE-2025-9820
+-  go: Fix :cve_nist:`2025-61727` and :cve_nist:`2025-61729`
+-  go: Update :cve_nist:`2025-58187` patches
+-  grub: Fix :cve_nist:`2025-54770`, :cve_nist:`2025-61661`, :cve_nist:`2025-61662`,
+   :cve_nist:`2025-61663` and :cve_nist:`2025-61664`
+-  libarchive: Fix :cve_nist:`2025-60753`
+-  libarchive: Fix 2 security issue (https://github.com/libarchive/libarchive/pull/2753 and
+   https://github.com/libarchive/libarchive/pull/2768)
+-  libmicrohttpd: Ignore :cve_nist:`2025-59777` and :cve_nist:`2025-62689`
+-  libpng: Fix :cve_nist:`2025-64505`, :cve_nist:`2025-64506`, :cve_nist:`2025-64720`,
+   :cve_nist:`2025-65018` and :cve_nist:`2025-66293`
+-  libsoup: Fix :cve_nist:`2025-12105`
+-  libssh2: Fix :cve_nist:`2023-48795`
+-  libxml2: Fix :cve_nist:`2025-7425`
+-  libxslt: Fix :cve_nist:`2025-11731`
+-  musl: Fix :cve_nist:`2025-26519`
+-  python3-urllib3: Fix :cve_nist:`2025-66418` and :cve_nist:`2025-66471`
+-  python3: Fix :cve_nist:`2025-6075`
+-  qemu: Fix :cve_nist:`2025-12464`
+-  rsync: Fix :cve_nist:`2025-10158`
+-  ruby: Fix :cve_nist:`2025-24294`, :cve_nist:`2025-25186` and :cve_nist:`2025-61594`
+-  sqlite3: Fix :cve_nist:`2025-7709`
+-  xserver-xorg: Fix :cve_nist:`2025-62229`, :cve_nist:`2025-62230` and :cve_nist:`2025-62231`
+-  xwayland: Fix :cve_nist:`2025-62229`, :cve_nist:`2025-62230` and :cve_nist:`2025-62231`
+
+
+Fixes and Feature Changes in Yocto-5.0.15
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  build-appliance-image: Update to scarthgap head revision
+-  classes/create-spdx-2.2: Define SPDX_VERSION to 2.2
+-  cml1.bbclass: use consistent make flags for menuconfig
+-  cross.bbclass: Propagate dependencies to outhash
+-  curl: Ensure 'CURL_CA_BUNDLE' from host env is indeed respected
+-  curl: Use host CA bundle by default for native(sdk) builds
+-  cve-check: extract extending :term:`CVE_STATUS` to library function
+-  dev-manual/layers.rst: document "bitbake-layers show-machines"
+-  dev-manual/new-recipe.rst: replace 'bitbake -e' with 'bitbake-getvar'
+-  dev-manual/new-recipe.rst: typo, "whith" -> "which"
+-  dev-manual/new-recipe.rst: update "recipetool -h" output
+-  dev-manual/sbom.rst: reflect that create-spdx is enabled by default
+-  dev-manual: debugging: use bitbake-getvar in Viewing Variable Values section
+-  documentation: link to the Releases page on yoctoproject.org instead of wiki
+-  glslang: fix compiling with gcc15
+-  go: add sdk test
+-  go: extend runtime test
+-  go: remove duplicate arch map in sdk test
+-  goarch.bbclass: do not leak :term:`TUNE_FEATURES` into crosssdk task signatures
+-  kernel-dev: add disable config example
+-  kernel-dev: common: migrate bitbake -e to bitbake-getvar
+-  kernel.bbclass: Add task to export kernel configuration to :term:`SPDX`
+-  libssh2: fix regression in KEX method validation (GH-1553)
+-  libssh2: upgrade to 1.11.1
+-  migration-guides: add release notes for 4.0.31 and 5.0.13
+-  oe/sdk: fix empty SDK manifests
+-  oeqa/sdk/buildepoxy: skip test in eSDK
+-  oeqa/selftest: oe-selftest: Add :term:`SPDX` tests for kernel config and :term:`PACKAGECONFIG`
+-  oeqa: drop unnecessary dependency from go runtime tests
+-  oeqa: fix package detection in go sdk tests
+-  overview-manual: migrate to SVG + fix typo
+-  poky.conf: bump version for 5.0.15
+-  ref-manual: variables: migrate the :term:`OVERRIDES` note to bitbake-getvar
+-  ruby: Upgrade to 3.3.10
+-  rust-target-config: fix nativesdk-libstd-rs build with baremetal
+-  scripts/install-buildtools: Update to 5.0.14
+-  spdx30: Provide software_packageUrl field in :term:`SPDX` 3.0 SBOM
+-  spdx30: fix cve status for patch files in VEX
+-  spdx30: provide all CVE_STATUS, not only Patched status
+-  spdx30_tasks: Add support for exporting :term:`PACKAGECONFIG` to :term:`SPDX`
+-  spdx: Revert "spdx: Update for bitbake changes"
+-  spdx: extend :term:`CVE_STATUS` variables
+-  testsdk: allow user to specify which tests to run
+-  vex.bbclass: add a new class
+-  vex: fix rootfs manifest
+-  xserver-xorg: remove redundant patch
+
+
+Known Issues in Yocto-5.0.15
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+Contributors to Yocto-5.0.15
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Adarsh Jagadish Kamini
+-  Aleksandar Nikolic
+-  Alexander Kanavin
+-  Benjamin Robin (Schneider Electric)
+-  Changqing Li
+-  Daniel Turull
+-  Deepak Rathore
+-  Deepesh Varatharajan
+-  Enrico Jörns
+-  Gyorgy Sarvari
+-  Hitendra Prajapati
+-  Hongxu Jia
+-  Hugo SIMELIERE
+-  Jiaying Song
+-  Kai Kang
+-  Kamel Bouhara (Schneider Electric)
+-  Lee Chee Yang
+-  Martin Jansa
+-  Mingli Yu
+-  Moritz Haase
+-  Osama Abdelkader
+-  Ovidiu Panait
+-  Peter Marko
+-  Praveen Kumar
+-  Quentin Schulz
+-  Robert P. J. Day
+-  Ross Burton
+-  Steve Sakoman
+-  Vijay Anusuri
+-  Walter Werner SCHNEIDER
+-  Yash Shinde
+-  Yogita Urade
+
+Repositories / Downloads for Yocto-5.0.15
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.15 </yocto-docs/log/?h=yocto-5.0.15>`
+-  Git Revision: :yocto_git:`b0f5cc276639916df197435780b3e94accd4af41 </yocto-docs/commit/?id=b0f5cc276639916df197435780b3e94accd4af41>`
+-  Release Artefact: yocto-docs-b0f5cc276639916df197435780b3e94accd4af41
+-  sha: 28ebedfa6471e4ed7583aca0925cd31f4429af3d27ffc0a7e250f7b75404edd7
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/yocto-docs-b0f5cc276639916df197435780b3e94accd4af41.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/yocto-docs-b0f5cc276639916df197435780b3e94accd4af41.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.15 </poky/log/?h=yocto-5.0.15>`
+-  Git Revision: :yocto_git:`72983ac391008ebceb45edc7a8f0f6d5f4fe715c </poky/commit/?id=72983ac391008ebceb45edc7a8f0f6d5f4fe715c>`
+-  Release Artefact: poky-72983ac391008ebceb45edc7a8f0f6d5f4fe715c
+-  sha: d5336d1ef1dd48b88cb92748c669360901004d458b7786ddc1918da12fef4edd
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/poky-72983ac391008ebceb45edc7a8f0f6d5f4fe715c.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/poky-72983ac391008ebceb45edc7a8f0f6d5f4fe715c.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.15 </openembedded-core/log/?h=yocto-5.0.15>`
+-  Git Revision: :oe_git:`6988157ad983978ffd6b12bcefedd4deaffdbbd1 </openembedded-core/commit/?id=6988157ad983978ffd6b12bcefedd4deaffdbbd1>`
+-  Release Artefact: oecore-6988157ad983978ffd6b12bcefedd4deaffdbbd1
+-  sha: 98a691ce87f9aba57007e91b56bbe0af6d6c8f62aacb68820026478ff8e1f819
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/oecore-6988157ad983978ffd6b12bcefedd4deaffdbbd1.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/oecore-6988157ad983978ffd6b12bcefedd4deaffdbbd1.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`scarthgap </meta-yocto/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.15 </meta-yocto/log/?h=yocto-5.0.15>`
+-  Git Revision: :yocto_git:`9bb6e6e8b016a0c9dfe290369a6ed91ef4020535 </meta-yocto/commit/?id=9bb6e6e8b016a0c9dfe290369a6ed91ef4020535>`
+-  Release Artefact: meta-yocto-9bb6e6e8b016a0c9dfe290369a6ed91ef4020535
+-  sha: 01778c43673ef11ec5d0fb76bd7c600031f5fc9bcfd9bfa586d5fb6b6babff95
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/meta-yocto-9bb6e6e8b016a0c9dfe290369a6ed91ef4020535.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/meta-yocto-9bb6e6e8b016a0c9dfe290369a6ed91ef4020535.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.15 </meta-mingw/log/?h=yocto-5.0.15>`
+-  Git Revision: :yocto_git:`bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f </meta-mingw/commit/?id=bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f>`
+-  Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
+-  sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.15 </bitbake/log/?h=yocto-5.0.15>`
+-  Git Revision: :oe_git:`8dcf084522b9c66a6639b5f117f554fde9b6b45a </bitbake/commit/?id=8dcf084522b9c66a6639b5f117f554fde9b6b45a>`
+-  Release Artefact: bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a
+-  sha: 766eda21f2a914276d2723b1d8248be11507f954aef8fc5bb1767f3cb65688dd
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.15/bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a.tar.bz2
+
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.15/bitbake-8dcf084522b9c66a6639b5f117f554fde9b6b45a.tar.bz2
--- a/documentation/migration-guides/release-notes-5.0.16.rst
+++ b/documentation/migration-guides/release-notes-5.0.16.rst
@@ -0,0 +1,219 @@
+Release notes for Yocto-5.0.16 (Scarthgap)
+------------------------------------------
+
+This release breaks support for Ubuntu 20.04 as a :ref:`compatible host
+<ref-manual/system-requirements:Supported Linux Distributions>`. The Ubuntu 20.04
+Linux kernel headers are not recent enough to support the latest :ref:`pseudo
+<overview-manual/concepts:fakeroot and pseudo>` fixes.
+
+Ubuntu 20.04 is End-of-Life since 31 May 2025. Impacted users are encouraged to
+upgrade to an actively supported host distribution. See
+:doc:`/ref-manual/system-requirements` for more information on compatible hosts.
+
+Alternatively, a fix has been merged to scarthgap branch and can be applied on top of this
+release:
+
+-  :oe_git:`/openembedded-core/commit/?h=scarthgap&id=fe2666749094e896736ff24d6885419905488723`
+-  :yocto_git:`/poky/commit/?h=scarthgap&id=65c3ebea05dde5cbc9d249e7949fabbc0047313e`
+
+
+Security Fixes in Yocto-5.0.16
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  curl: Fix :cve_nist:`2025-10148`, :cve_nist:`2025-14017`, :cve_nist:`2025-14524`,
+   :cve_nist:`2025-14819`, :cve_nist:`2025-15079` and :cve_nist:`2025-15224`
+-  dropbear: Fix :cve_nist:`2019-6111`
+-  expat: Fix :cve_nist:`2026-24515` and :cve_nist:`2026-25210`
+-  ffmpeg: Ignore :cve_nist:`2025-25469`
+-  glib-2.0: Fix :cve_nist:`2025-13601`, :cve_nist:`2025-14087`, :cve_nist:`2025-14512` and
+   :cve_nist:`2026-0988`
+-  glibc: FIx :cve_nist:`2025-15281`, :cve_nist:`2026-0861` and :cve_nist:`2026-0915`
+-  inetutils: Fix :cve_nist:`2026-24061`
+-  libarchive: Fix :cve_nist:`2025-60753` (follow-up fix)
+-  libpcap: Fix :cve_nist:`2025-11961` and :cve_nist:`2025-11964`
+-  libpng: Fix :cve_nist:`2026-22695` and :cve_nist:`2026-22801`
+-  libtasn1: Fix :cve_nist:`2025-13151`
+-  libxml2: Fix :cve_nist:`2026-0989`, :cve_nist:`2026-0990` and :cve_nist:`2026-0992`
+-  python-urllib3: Fix for :cve_nist:`2026-21441`
+-  python3: Fix :cve_nist:`2025-12084`, :cve_nist:`2025-13836` and :cve_nist:`2025-13837`
+-  qemu: Ignore :cve_nist:`2025-54566` and :cve_nist:`2025-54567`
+-  util-linux: Fix :cve_nist:`2025-14104`
+-  zlib: Ignore :cve_nist:`2026-22184`
+
+
+Fixes in Yocto-5.0.16
+~~~~~~~~~~~~~~~~~~~~~
+
+-  bitbake: knotty: Make sure getTerminalColumns() returns two integers
+-  bitbake: knotty: fix TIOCGWINSZ call for Python 3.14 and later
+-  build-appliance-image: Update to scarthgap head revision
+-  contributor-guide/recipe-style-guide.rst: explain difference between layer and recipe license(s)
+-  contributor-guide/submit-changes.rst: remove mention of Upstream-Status
+-  cups: allow unknown directives in conf files
+-  dev-manual/packages.rst: fix example recipe version
+-  dev-manual/packages.rst: pr server: fix and explain why r0.X increments on :term:`SRCREV` change
+-  dev-manual/packages.rst: rename r0.0 to r0 when :term:`PR` server is not enabled
+-  dev-manual/temporary-source-code.rst: fix definition of :term:`WORKDIR`
+-  docbook-xml-dtd4: fix the fetching failure
+-  docs: Add a new "Security" section
+-  docs: Makefile: fix rsvg-convert --format capitalization
+-  ffmpeg: upgrade to 6.1.4
+-  glibc: stable 2.39 branch updates
+-  improve_kernel_cve_report: add script for postprocesing of kernel CVE data
+-  libtheora: set :term:`CVE_PRODUCT`
+-  lighttpd: Fix trailing slash on files in mod_dirlisting
+-  meta/classes: fix missing vardeps for CVE status variables
+-  migration-guides: add release notes for 4.0.32, 5.0.14 and 5.0.15
+-  overview-manual/yp-intro.rst: change removed ECOSYSTEM to ABOUT
+-  overview-manual/yp-intro.rst: fix SDK type in bullet list
+-  overview-manual/yp-intro.rst: link to YP members and participants
+-  overview-manual: convert YP-flow-diagram.png to SVG
+-  pseudo: Add hard sstate dependencies for pseudo-native
+-  pseudo: Update to 1.9.3 release
+-  ref-manual/classes.rst: document the image-container class
+-  ref-manual/release-process.rst: add a "Development Cycle" section
+-  ref-manual/svg/releases.svg: mark styhead and walnascar EOL
+-  ref-manual/svg/releases.svg: mark whinlatter as current release
+-  ref-manual/variables.rst: document the :term:`CCACHE_TOP_DIR` variable
+-  sdk-manual: appending-customizing: use none lexer for BitBake code blocks
+-  sdk-manual: appendix-obtain: fix default path for eSDK installer script
+-  sdk-manual: appendix-obtain: replace directory structure PNG with a parsed-literal block
+-  sdk-manual: appendix-obtain: replace eSDK directory structure PNG with a parsed-literal block
+-  sdk-manual: appendix-obtain: use parsed-literal block for naming convention of the installer scripts
+-  sdk-manual: delete sdk-title PNG
+-  sdk-manual: fix improper indent of general form of tarball installer scripts
+-  sdk-manual: fix incorrect highlight language for console code-blocks
+-  sdk-manual: fix incorrect highlight language for text code-blocks
+-  sdk-manual: replace sdk-environment PNG with SVG
+-  sdk-manual: using: fix SDK filename example
+-  sdk-manual: working-projects: properly highlight code code-blocks
+-  test-manual/ptest.rst: detail the exit code and output requirements
+-  zlib: Add :term:`CVE_PRODUCT` to exclude false positives
+-  zlib: cleanup obsolete CVE_STATUS[CVE-2023-45853]
+
+
+Known Issues in Yocto-5.0.16
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The poky :term:`DISTRO_VERSION` was incorrectly left at 5.0.15. This is a minor
+issue, if a workaround is needed please cherry-pick:
+
+-  poky commit :yocto_git:`/poky/commit/?h=scarthgap&id=06210079b2e10d6d3fb943afe87864267e329821`
+-  meta-yocto commit :yocto_git:`/meta-yocto/commit/?h=scarthgap&id=03f93c769ec99e5086e492d8145eb308a718e8d3`
+
+
+Contributors to Yocto-5.0.16
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Adarsh Jagadish Kamini
+-  Amaury Couderc
+-  Ankur Tyagi
+-  Antonin Godard
+-  Benjamin Robin (Schneider Electric)
+-  Daniel Turull
+-  Enrico Scholz
+-  Fred Bacon
+-  Het Patel
+-  Hitendra Prajapati
+-  Hugo SIMELIERE
+-  Ken Kurematsu
+-  Khai Dang
+-  Lee Chee Yang
+-  Paul Barker
+-  Peter Marko
+-  Quentin Schulz
+-  Richard Purdie
+-  Robert Yang
+-  Vijay Anusuri
+-  Yoann Congal
+-  Zoltan Boszormenyi
+
+Repositories / Downloads for Yocto-5.0.16
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.16 </yocto-docs/log/?h=yocto-5.0.16>`
+-  Git Revision: :yocto_git:`369f3307368eaea605983e80047377fd19ebd6bf </yocto-docs/commit/?id=369f3307368eaea605983e80047377fd19ebd6bf>`
+-  Release Artefact: yocto-docs-369f3307368eaea605983e80047377fd19ebd6bf
+-  sha: e8ea8e2d5da2bfad868178d6fb37093c4f9ff06553f68970f0f730d6fb5cbd26
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.16/yocto-docs-369f3307368eaea605983e80047377fd19ebd6bf.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.16/yocto-docs-369f3307368eaea605983e80047377fd19ebd6bf.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.16 </poky/log/?h=yocto-5.0.16>`
+-  Git Revision: :yocto_git:`1d54d1c4736a114e1cecbe85a0306e3814d5ce70 </poky/commit/?id=1d54d1c4736a114e1cecbe85a0306e3814d5ce70>`
+-  Release Artefact: poky-1d54d1c4736a114e1cecbe85a0306e3814d5ce70
+-  sha: efb75697fa7a8e35a3f46abcfa706400f56ae1d1b5e360b48d6ffa81f6a675e8
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.16/poky-1d54d1c4736a114e1cecbe85a0306e3814d5ce70.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.16/poky-1d54d1c4736a114e1cecbe85a0306e3814d5ce70.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.16 </openembedded-core/log/?h=yocto-5.0.16>`
+-  Git Revision: :oe_git:`a1f4ae4e569bc0e36c27c1e4651e502e54d63b28 </openembedded-core/commit/?id=a1f4ae4e569bc0e36c27c1e4651e502e54d63b28>`
+-  Release Artefact: oecore-a1f4ae4e569bc0e36c27c1e4651e502e54d63b28
+-  sha: 10eefd2296206e5cbaf138de7dbd0dbe7bfc413618e924a123cd3f7f9a8418e0
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.16/oecore-a1f4ae4e569bc0e36c27c1e4651e502e54d63b28.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.16/oecore-a1f4ae4e569bc0e36c27c1e4651e502e54d63b28.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`scarthgap </meta-yocto/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.16 </meta-yocto/log/?h=yocto-5.0.16>`
+-  Git Revision: :yocto_git:`9bb6e6e8b016a0c9dfe290369a6ed91ef4020535 </meta-yocto/commit/?id=9bb6e6e8b016a0c9dfe290369a6ed91ef4020535>`
+-  Release Artefact: meta-yocto-9bb6e6e8b016a0c9dfe290369a6ed91ef4020535
+-  sha: d9cfd2192d12ebc55553bc421f3ab00d1f49c5f5c4c70e48923da695d19e8e2a
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.16/meta-yocto-9bb6e6e8b016a0c9dfe290369a6ed91ef4020535.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.16/meta-yocto-9bb6e6e8b016a0c9dfe290369a6ed91ef4020535.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.16 </meta-mingw/log/?h=yocto-5.0.16>`
+-  Git Revision: :yocto_git:`bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f </meta-mingw/commit/?id=bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f>`
+-  Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
+-  sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.16/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.16/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.16 </bitbake/log/?h=yocto-5.0.16>`
+-  Git Revision: :oe_git:`10118785e4a670bce4980e1044c0888a8b6e84af </bitbake/commit/?id=10118785e4a670bce4980e1044c0888a8b6e84af>`
+-  Release Artefact: bitbake-10118785e4a670bce4980e1044c0888a8b6e84af
+-  sha: 601a16210d7dc9b7a7306240d3e7013b3f950db8953fdd972151d715e050cc39
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.16/bitbake-10118785e4a670bce4980e1044c0888a8b6e84af.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.16/bitbake-10118785e4a670bce4980e1044c0888a8b6e84af.tar.bz2
+
--- a/documentation/migration-guides/release-notes-5.0.17.rst
+++ b/documentation/migration-guides/release-notes-5.0.17.rst
@@ -0,0 +1,263 @@
+Release notes for Yocto-5.0.17 (Scarthgap)
+------------------------------------------
+
+Openssl 3.2 has reached EOL. Some projects would like to use LTS version due to criticality and exposure of this component, so upgrade to 3.5 branch.
+
+Security Fixes in Yocto-5.0.17
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  alsa-lib: Fix :cve_nist:`2026-25068`
+-  avahi: Fix :cve_nist:`2025-68276`, :cve_nist:`2025-68468`, :cve_nist:`2025-68471` and
+   :cve_nist:`2026-24401`
+-  bind: Fix :cve_nist:`2025-13878`
+-  busybox: Fix :cve_nist:`2025-60876`
+-  ffmpeg: ignore :cve_nist:`2025-1594`, :cve_nist:`2025-10256`, :cve_nist:`2025-12343` and
+   :cve_nist:`2025-25468`
+-  freetype: Fix :cve_nist:`2026-23865`
+-  gdk-pixbuf: Fix :cve_nist:`2025-6199`
+-  glib-2.0: Fix :cve_nist:`2026-1484`, :cve_nist:`2026-1485` and :cve_nist:`2026-1489`
+-  gnupg: Fix :cve_nist:`2025-68973`
+-  gnutls: Fix :cve_nist:`2025-14831`
+-  go 1.22.12: Fix :cve_nist:`2025-61726`, :cve_nist:`2025-61728`, :cve_nist:`2025-61730`,
+   :cve_nist:`2025-61731`, :cve_nist:`2025-61732`, :cve_nist:`2025-68119` and :cve_nist:`2025-68121`
+-  harfbuzz: Fix :cve_nist:`2026-22693`
+-  inetutils: Fix :cve_nist:`2026-28372` and :cve_nist:`2026-32746`
+-  libpng: Fix :cve_nist:`2026-25646`
+-  libsndfile1: Fix :cve_nist:`2025-56226`
+-  libtheora: Ignore :cve_nist:`2024-56431`
+-  linux-yocto/6.6: Fix :cve_nist:`2025-38593`, :cve_nist:`2025-38643`, :cve_nist:`2025-38678`,
+   :cve_nist:`2025-40039`, :cve_nist:`2025-40040`, :cve_nist:`2025-40149`, :cve_nist:`2025-40164`,
+   :cve_nist:`2025-40251`, :cve_nist:`2025-68211`, :cve_nist:`2025-68214`, :cve_nist:`2025-68223`,
+   :cve_nist:`2025-68340`, :cve_nist:`2025-68365`, :cve_nist:`2025-68725`, :cve_nist:`2025-68817`,
+   :cve_nist:`2025-71068`, :cve_nist:`2025-71071`, :cve_nist:`2025-71075`, :cve_nist:`2025-71077`,
+   :cve_nist:`2025-71078`, :cve_nist:`2025-71079`, :cve_nist:`2025-71081`, :cve_nist:`2025-71082`,
+   :cve_nist:`2025-71083`, :cve_nist:`2025-71084`, :cve_nist:`2025-71085`, :cve_nist:`2025-71086`,
+   :cve_nist:`2025-71087`, :cve_nist:`2025-71088`, :cve_nist:`2025-71089`, :cve_nist:`2025-71091`,
+   :cve_nist:`2025-71093`, :cve_nist:`2025-71094`, :cve_nist:`2025-71095`, :cve_nist:`2025-71096`,
+   :cve_nist:`2025-71097`, :cve_nist:`2025-71098`, :cve_nist:`2025-71101`, :cve_nist:`2025-71102`,
+   :cve_nist:`2025-71104`, :cve_nist:`2025-71105`, :cve_nist:`2025-71107`, :cve_nist:`2025-71108`,
+   :cve_nist:`2025-71111`, :cve_nist:`2025-71112`, :cve_nist:`2025-71113`, :cve_nist:`2025-71114`,
+   :cve_nist:`2025-71116`, :cve_nist:`2025-71118`, :cve_nist:`2025-71119`, :cve_nist:`2025-71120`,
+   :cve_nist:`2025-71121`, :cve_nist:`2025-71122`, :cve_nist:`2025-71125`, :cve_nist:`2025-71126`,
+   :cve_nist:`2025-71127`, :cve_nist:`2025-71129`, :cve_nist:`2025-71130`, :cve_nist:`2025-71131`,
+   :cve_nist:`2025-71132`, :cve_nist:`2025-71133`, :cve_nist:`2025-71136`, :cve_nist:`2025-71137`,
+   :cve_nist:`2025-71138`, :cve_nist:`2025-71141`, :cve_nist:`2025-71143`, :cve_nist:`2025-71147`,
+   :cve_nist:`2025-71148`, :cve_nist:`2025-71149`, :cve_nist:`2025-71150`, :cve_nist:`2025-71151`,
+   :cve_nist:`2025-71153`, :cve_nist:`2025-71154`, :cve_nist:`2025-71160`, :cve_nist:`2025-71162`,
+   :cve_nist:`2025-71163`, :cve_nist:`2025-71180`, :cve_nist:`2025-71182`, :cve_nist:`2025-71183`,
+   :cve_nist:`2025-71185`, :cve_nist:`2025-71186`, :cve_nist:`2025-71188`, :cve_nist:`2025-71189`,
+   :cve_nist:`2025-71190`, :cve_nist:`2025-71191`, :cve_nist:`2025-71200`, :cve_nist:`2026-22976`,
+   :cve_nist:`2026-22977`, :cve_nist:`2026-22978`, :cve_nist:`2026-22979`, :cve_nist:`2026-22980`,
+   :cve_nist:`2026-22982`, :cve_nist:`2026-22984`, :cve_nist:`2026-22990`, :cve_nist:`2026-22991`,
+   :cve_nist:`2026-22992`, :cve_nist:`2026-22994`, :cve_nist:`2026-22997`, :cve_nist:`2026-22998`,
+   :cve_nist:`2026-22999`, :cve_nist:`2026-23001`, :cve_nist:`2026-23003`, :cve_nist:`2026-23005`,
+   :cve_nist:`2026-23006`, :cve_nist:`2026-23010`, :cve_nist:`2026-23011`, :cve_nist:`2026-23019`,
+   :cve_nist:`2026-23020`, :cve_nist:`2026-23021`, :cve_nist:`2026-23025`, :cve_nist:`2026-23026`,
+   :cve_nist:`2026-23060`, :cve_nist:`2026-23061`, :cve_nist:`2026-23062`, :cve_nist:`2026-23063`,
+   :cve_nist:`2026-23064`, :cve_nist:`2026-23068`, :cve_nist:`2026-23069`, :cve_nist:`2026-23071`,
+   :cve_nist:`2026-23073`, :cve_nist:`2026-23074`, :cve_nist:`2026-23075`, :cve_nist:`2026-23076`,
+   :cve_nist:`2026-23078`, :cve_nist:`2026-23080`, :cve_nist:`2026-23083`, :cve_nist:`2026-23084`,
+   :cve_nist:`2026-23085`, :cve_nist:`2026-23086`, :cve_nist:`2026-23087`, :cve_nist:`2026-23088`,
+   :cve_nist:`2026-23089`, :cve_nist:`2026-23090`, :cve_nist:`2026-23091`, :cve_nist:`2026-23093`,
+   :cve_nist:`2026-23094`, :cve_nist:`2026-23095`, :cve_nist:`2026-23096`, :cve_nist:`2026-23097`,
+   :cve_nist:`2026-23098`, :cve_nist:`2026-23099`, :cve_nist:`2026-23101`, :cve_nist:`2026-23102`,
+   :cve_nist:`2026-23103`, :cve_nist:`2026-23105`, :cve_nist:`2026-23107`, :cve_nist:`2026-23108`,
+   :cve_nist:`2026-23110`, :cve_nist:`2026-23113`, :cve_nist:`2026-23116`, :cve_nist:`2026-23119`,
+   :cve_nist:`2026-23120`, :cve_nist:`2026-23121`, :cve_nist:`2026-23123`, :cve_nist:`2026-23124`,
+   :cve_nist:`2026-23125`, :cve_nist:`2026-23126`, :cve_nist:`2026-23128`, :cve_nist:`2026-23131`,
+   :cve_nist:`2026-23133`, :cve_nist:`2026-23135`, :cve_nist:`2026-23136`, :cve_nist:`2026-23139`,
+   :cve_nist:`2026-23140`, :cve_nist:`2026-23141`, :cve_nist:`2026-23142`, :cve_nist:`2026-23144`,
+   :cve_nist:`2026-23146`, :cve_nist:`2026-23150`, :cve_nist:`2026-23156`, :cve_nist:`2026-23160`,
+   :cve_nist:`2026-23163`, :cve_nist:`2026-23164`, :cve_nist:`2026-23167`, :cve_nist:`2026-23168`,
+   :cve_nist:`2026-23170`, :cve_nist:`2026-23172`, :cve_nist:`2026-23173` and :cve_nist:`2026-23212`
+-  openssl: fix :cve_nist:`2025-15468` and :cve_nist:`2025-69419`
+-  python3-cryptography: Fix :cve_nist:`2026-26007`
+-  python3-pip: Fix :cve_nist:`2026-1703`
+-  python3-pyopenssl: Fix :cve_nist:`2026-27448` and :cve_nist:`2026-27459`
+-  tiff: ignore :cve_nist:`2025-61144` and :cve_nist:`2025-61145`
+-  vim: ignore :cve_nist:`2025-66476`
+-  zlib: Fix :cve_nist:`2026-27171`
+
+
+Fixes in Yocto-5.0.17
+~~~~~~~~~~~~~~~~~~~~~
+
+-  README: Add scarthgap subject-prefix to git-send-email suggestion
+-  bind: upgrade to 9.18.44
+-  bitbake: COW: Fix hardcoded magic numbers and work with python 3.13
+-  bitbake: fetch2: Fix LFS object checkout in submodules
+-  bitbake: fetch2: Fix incorrect lfs parametrization for submodules
+-  bitbake: fetch2: don't try to preserve all attributes when unpacking files
+-  bitbake: gitsm: Add clean function
+-  build-appliance-image: Update to scarthgap head revision
+-  classes/buildhistory: Do not sign buildhistory commits
+-  create-pull-request: Keep commit hash to be pulled in cover email
+-  dev-manual: delete references to "tar" package format
+-  docs: Makefile: pass -silent to latexmk
+-  go-vendor: Fix absolute paths issue
+-  improve_kernel_cve_report: add option to read debugsources.zstd
+-  improve_kernel_cve_report: do not override backported-patch
+-  improve_kernel_cve_report: do not use custom version
+-  linux-yocto/6.6: upgrade to v6.6.123
+-  lsb.py: strip ' from os-release file
+-  migration-guides: add release notes for 5.0.16
+-  mobile-broadband-provider-info: upgrade to 20251101
+-  oe-setup-build: Fix typo
+-  oeqa/selftest/wic: test recursive dir copy on ext partitions
+-  openssl: upgrade to 3.5.5
+-  overview-manual/concepts: list other possible class directories
+-  overview-manual: escape wildcard in inline markup
+-  poky.conf: Bump version for 5.0.17 release
+-  poky.conf: add Centos Stream 9, fedora-41, rocky-8 to :term:`SANITY_TESTED_DISTROS`
+-  pseudo: Update to include a fix for systems with kernel <5.6
+-  python3-pip: drop unused Windows distlib launcher templates
+-  python3-setuptools: drop Windows launcher executables on non-mingw builds
+-  ref-manual/classes.rst: fix broken links to U-Boot documentation
+-  ref-manual/system-requirements.rst: update supported, end-of-life and untested distros
+-  scripts/install-buildtools: Update to 5.0.15
+-  spdx30_tasks: Exclude 'doc' when exporting :term:`PACKAGECONFIG` to :term:`SPDX`
+-  spdx: add option to include only compiled sources
+-  systemd-systemctl: Fix instance name parsing with escapes or periods
+-  tzdata,tzcode-native: upgrade to 2025c
+-  u-boot: move CVE Fixes out of the common .inc file
+-  uboot-config: Fix devtool modify
+-  weston: fix a touch-calibrator issue
+-  what-i-wish-id-known.rst: replace figure by the new SVG
+-  wic/engine: error on old host debugfs for standalone directory copy
+-  wic/engine: fix copying directories into wic image with ext* partition
+-  wireless-regdb: upgrade to 2026.02.04
+
+
+Known Issues in Yocto-5.0.17
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+Contributors to Yocto-5.0.17
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Aleksandar Nikolic
+-  Amaury Couderc
+-  Ankur Tyagi
+-  Antonin Godard
+-  Benjamin Robin (Schneider Electric)
+-  Bruce Ashfield
+-  Daniel Dragomir
+-  Daniel Turull
+-  Deepak Rathore
+-  Dragomir, Daniel
+-  Eduardo Ferreira
+-  Fabio Berton
+-  Hitendra Prajapati
+-  Hugo SIMELIERE
+-  João Marcos Costa (Schneider Electric)
+-  Kristiyan Chakarov
+-  Krupal Ka Patel
+-  Lee Chee Yang
+-  Livin Sunny
+-  Martin Jansa
+-  Michael Opdenacker
+-  Ming Liu
+-  Nguyen Dat Tho
+-  Paul Barker
+-  Peter Marko
+-  Philip Lorenz
+-  Quentin Schulz
+-  Richard Purdie
+-  Robert P. J. Day
+-  Robert Yang
+-  Ross Burton
+-  Ryan Eatmon
+-  Shaik Moin
+-  Tom Hochstein
+-  Trent Piepho
+-  Vijay Anusuri
+-  Yoann Congal
+
+Repositories / Downloads for Yocto-5.0.17
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.17 </yocto-docs/log/?h=yocto-5.0.17>`
+-  Git Revision: :yocto_git:`aa7226705451e6c1ef964d49963bbed29b267c27 </yocto-docs/commit/?id=aa7226705451e6c1ef964d49963bbed29b267c27>`
+-  Release Artefact: yocto-docs-aa7226705451e6c1ef964d49963bbed29b267c27
+-  sha: d429833609637657f213611317dfadbd70293fff2f9e22753d1f71ef8515a6c0
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.17/yocto-docs-aa7226705451e6c1ef964d49963bbed29b267c27.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.17/yocto-docs-aa7226705451e6c1ef964d49963bbed29b267c27.tar.bz2
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.17 </poky/log/?h=yocto-5.0.17>`
+-  Git Revision: :yocto_git:`1e8099846661571ede077f533eb1b6c86818ddce </poky/commit/?id=1e8099846661571ede077f533eb1b6c86818ddce>`
+-  Release Artefact: poky-1e8099846661571ede077f533eb1b6c86818ddce
+-  sha: b56890576f593cc881ea8e467562d842cfca248099ce653d28ca14d250f6219e
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.17/poky-1e8099846661571ede077f533eb1b6c86818ddce.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.17/poky-1e8099846661571ede077f533eb1b6c86818ddce.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.17 </openembedded-core/log/?h=yocto-5.0.17>`
+-  Git Revision: :oe_git:`52380df998b3a8fe6a091f8547434a3231320a8e </openembedded-core/commit/?id=52380df998b3a8fe6a091f8547434a3231320a8e>`
+-  Release Artefact: oecore-52380df998b3a8fe6a091f8547434a3231320a8e
+-  sha: a948d75acf76a392d170129ce6eb6f5fe45082d95b4fd28045aac58b8373cb26
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.17/oecore-52380df998b3a8fe6a091f8547434a3231320a8e.tar.bz
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.17/oecore-52380df998b3a8fe6a091f8547434a3231320a8e.tar.bz2
+
+meta-yocto
+
+-  Repository Location: :yocto_git:`/meta-yocto`
+-  Branch: :yocto_git:`scarthgap </meta-yocto/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.17 </meta-yocto/log/?h=yocto-5.0.17>`
+-  Git Revision: :yocto_git:`c7c38663a1cafb1fa8593c0b246811e51d3bbe20 </meta-yocto/commit/?id=c7c38663a1cafb1fa8593c0b246811e51d3bbe20>`
+-  Release Artefact: meta-yocto-c7c38663a1cafb1fa8593c0b246811e51d3bbe20
+-  sha: 5a2a9360249e639694cc2a75985e3907085512b3eb236e8491cb07f1e0cb0f19
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.17/meta-yocto-c7c38663a1cafb1fa8593c0b246811e51d3bbe20.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.17/meta-yocto-c7c38663a1cafb1fa8593c0b246811e51d3bbe20.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.17 </meta-mingw/log/?h=yocto-5.0.17>`
+-  Git Revision: :yocto_git:`bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f </meta-mingw/commit/?id=bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f>`
+-  Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
+-  sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.17/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.17/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.17 </bitbake/log/?h=yocto-5.0.17>`
+-  Git Revision: :oe_git:`d3b4c352dd33fca90cd31649eda054b884478739 </bitbake/commit/?id=d3b4c352dd33fca90cd31649eda054b884478739>`
+-  Release Artefact: bitbake-d3b4c352dd33fca90cd31649eda054b884478739
+-  sha: 1021fc412780e21b25ccb045b66368ebe3fc4e785a65066ac0cafb9bdd5492fa
+-  Download Locations:
+
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.17/bitbake-d3b4c352dd33fca90cd31649eda054b884478739.tar.bz2
+
+   https://mirrors.edge.kernel.org/yocto/yocto/yocto-5.0.17/bitbake-d3b4c352dd33fca90cd31649eda054b884478739.tar.bz2
+
--- a/documentation/migration-guides/release-notes-5.0.18.rst
+++ b/documentation/migration-guides/release-notes-5.0.18.rst
--- a/documentation/overview-manual/concepts.rst
+++ b/documentation/overview-manual/concepts.rst
@@ -11,6 +11,14 @@ workflow,
 cross-development toolchains, shared state cache, and so forth are
 explained.

+.. note::
+
+   Throughout this section, many variables and their meanings are
+   introduced. If, in the context of a :term:`Build Directory`,
+   you want to examine the value of any of these variables, you can
+   use the ``bitbake-getvar`` command, explained in the
+   ":ref:`dev-manual/debugging:viewing variable values`" section.
+
 Yocto Project Components
 ========================

@@ -63,7 +71,7 @@ following commands::
 The most common usage for BitBake is ``bitbake recipename``, where
 ``recipename`` is the name of the recipe you want to build (referred
 to as the "target"). The target often equates to the first part of a
-recipe's filename (e.g. "foo" for a recipe named ``foo_1.3.0-r0.bb``).
+recipe's filename (e.g. "foo" for a recipe file named ``foo_1.3.0.bb``).
 So, to process the ``matchbox-desktop_1.2.3.bb`` recipe file, you might
 type the following::

@@ -162,7 +170,7 @@ The following diagram represents the high-level workflow of a build. The
 remainder of this section expands on the fundamental input, output,
 process, and metadata logical blocks that make up the workflow.

-.. image:: figures/YP-flow-diagram.png
+.. image:: svg/yp-flow-diagram.*
   :width: 100%

 In general, the build's workflow consists of several functional areas:
@@ -427,9 +435,11 @@ configurations into their own layer. Settings you provide in
 in your ``conf/local.conf`` file in the :term:`Build Directory`.

 The following list provides some explanation and references for what you
-typically find in a distribution layer:
+typically find in a distribution layer (recall that
+:yocto_git:`meta-poky </meta-yocto/tree/meta-poky>` is such a layer):

-  *classes:* Class files (``.bbclass``) hold common functionality that
+-  *classes*, *classes-global*, *classes-recipe:* Class files (``.bbclass``)
+   hold common functionality that
   can be shared among recipes in the distribution. When your recipes
   inherit a class, they take on the settings and functions for that
   class. You can read more about class files in the
@@ -441,7 +451,7 @@ typically find in a distribution layer:
   (``conf/distro/distro.conf``), and any distribution-wide include
   files.

-  *recipes-*:* Recipes and append files that affect common
+-  *recipes-\*:* Recipes and append files that affect common
   functionality across the distribution. This area could include
   recipes and append files to add distribution-specific configuration,
   initialization scripts, custom image recipes, and so forth. Examples
@@ -769,7 +779,8 @@ and the :term:`FILESPATH` variable
 to locate applicable patch files.

 Default processing for patch files assumes the files have either
-``*.patch`` or ``*.diff`` file types. You can use :term:`SRC_URI` parameters
+``*.patch`` or ``*.diff`` file types (or a compressed form of those
+file types). You can use :term:`SRC_URI` parameters
 to change the way the build system recognizes patch files. See the
 :ref:`ref-tasks-patch` task for more
 information.
@@ -807,17 +818,20 @@ to a holding area (staged) in preparation for packaging:
 This step in the build process consists of the following tasks:

 -  :ref:`ref-tasks-prepare_recipe_sysroot`:
-   This task sets up the two sysroots in
-   ``${``\ :term:`WORKDIR`\ ``}``
-   (i.e. ``recipe-sysroot`` and ``recipe-sysroot-native``) so that
-   during the packaging phase the sysroots can contain the contents of
-   the
-   :ref:`ref-tasks-populate_sysroot`
-   tasks of the recipes on which the recipe containing the tasks
-   depends. A sysroot exists for both the target and for the native
-   binaries, which run on the host system.
+   This task sets up the two sysroots in the ``${``\ :term:`WORKDIR`\ ``}`` (i.e.
+   ``recipe-sysroot`` and ``recipe-sysroot-native``) so that the subsequent tasks
+   of the recipe (notably :ref:`ref-tasks-configure` and :ref:`ref-tasks-compile`)
+   can access the libraries, headers, and similar files built by the recipes on
+   which it depends.

-  *do_configure*: This task configures the source by enabling and
+   -  ``recipe-sysroot``: contains target libraries, and associated headers and
+      other data needed to cross-build software from its sources
+
+   -  ``recipe-sysroot-native``: contains host-native executables with their libraries
+      and other data, so that they can be run directly on the build host when
+      that is required by the build process
+
+-  :ref:`ref-tasks-configure`: This task configures the source by enabling and
   disabling any build-time and configuration options for the software
   being built. Configurations can come from the recipe itself as well
   as from an inherited class. Additionally, the software itself might
@@ -836,7 +850,7 @@ This step in the build process consists of the following tasks:
   class, see the :ref:`ref-classes-autotools` class
   :yocto_git:`here </poky/tree/meta/classes-recipe/autotools.bbclass>`.

-  *do_compile*: Once a configuration task has been satisfied,
+-  :ref:`ref-tasks-compile`: Once a configuration task has been satisfied,
   BitBake compiles the source using the
   :ref:`ref-tasks-compile` task.
   Compilation occurs in the directory pointed to by the
@@ -844,7 +858,7 @@ This step in the build process consists of the following tasks:
   :term:`B` directory is, by default, the same as the
   :term:`S` directory.

-  *do_install*: After compilation completes, BitBake executes the
+-  :ref:`ref-tasks-install`: After compilation completes, BitBake executes the
   :ref:`ref-tasks-install` task.
   This task copies files from the :term:`B` directory and places them in a
   holding area pointed to by the :term:`D`
@@ -935,7 +949,7 @@ root filesystem on the target, and must *not* make a reference to the variable
 .. note::

   The list of files for a package is defined using the override syntax by
-   separating :term:`FILES` and the package name by a semi-colon (``:``).
+   separating :term:`FILES` and the package name by a colon (``:``).

 A given file can only ever be in one package. By iterating from the leftmost to
 rightmost package in :term:`PACKAGES`, each file matching one of the patterns
@@ -1133,7 +1147,7 @@ host part is the part of the SDK that runs on the
 :term:`SDKMACHINE`.

 The :ref:`ref-tasks-populate_sdk_ext` task helps create the extensible SDK and
-handles host and target parts differently than its counter part does for
+handles host and target parts differently than its counterpart does for
 the standard SDK. For the extensible SDK, the task encapsulates the
 build system, which includes everything needed (host and target) for the
 SDK.
@@ -1814,7 +1828,8 @@ adding shared state wrapping to a task is as simple as this
       sstate_setscene(d)
   }
   addtask do_deploy_setscene
-   do_deploy[dirs] = "${DEPLOYDIR} ${B}"
+   do_deploy[dirs] = "${B}"
+   do_deploy[cleandirs] = "${DEPLOYDIR}"
   do_deploy[stamp-extra-info] = "${MACHINE_ARCH}"

 The following list explains the previous example:
@@ -1859,9 +1874,16 @@ The following list explains the previous example:
   information, see the ":ref:`bitbake-user-manual/bitbake-user-manual-execution:setscene`"
   section in the BitBake User Manual.

-  The ``do_deploy[dirs] = "${DEPLOYDIR} ${B}"`` line creates ``${DEPLOYDIR}``
-   and ``${B}`` before the :ref:`ref-tasks-deploy` task runs, and also sets the
-   current working directory of :ref:`ref-tasks-deploy` to ``${B}``. For more
+-  The ``do_deploy[dirs] = "${B}"`` line creates the directory ``${B}``
+   before the :ref:`ref-tasks-deploy` task runs, and also sets the
+   current working directory of :ref:`ref-tasks-deploy` to ``${B}``.
+   (If the directory already exists, it is left as is.) For more
+   information, see the ":ref:`bitbake-user-manual/bitbake-user-manual-metadata:variable flags`"
+   section in the BitBake User Manual.
+
+-  The ``do_deploy[cleandirs] = "${DEPLOYDIR}"`` line creates the *empty*
+   directory ``${DEPLOYDIR}`` before the :ref:`ref-tasks-deploy` task runs.
+   (If the directory already exists, it is deleted and recreated empty.) For more
   information, see the ":ref:`bitbake-user-manual/bitbake-user-manual-metadata:variable flags`"
   section in the BitBake User Manual.

--- a/documentation/overview-manual/development-environment.rst
+++ b/documentation/overview-manual/development-environment.rst
@@ -172,7 +172,7 @@ these tarballs gives you a snapshot of the released files.
      BSP repository and the Source Directory (i.e. ``poky``)
      repository. For example, if you have checked out the "&DISTRO_NAME_NO_CAP;"
      branch of ``poky`` and you are going to use ``meta-intel``, be
-      sure to checkout the "&DISTRO_NAME_NO_CAP;" branch of ``meta-intel``.
+      sure to check out the "&DISTRO_NAME_NO_CAP;" branch of ``meta-intel``.

 In summary, here is where you can get the project files needed for
 development:
@@ -438,7 +438,7 @@ local branch named "&DISTRO_NAME_NO_CAP;", which tracks the upstream
 branch would ultimately affect the upstream "&DISTRO_NAME_NO_CAP;" branch
 of the ``poky`` repository.

-It is important to understand that when you create and checkout a local
+It is important to understand that when you create and check out a local
 working branch based on a branch name, your local environment matches
 the "tip" of that particular development branch at the time you created
 your local branch, which could be different from the files in the
@@ -461,10 +461,10 @@ releases.

 When you create a local copy of the Git repository, you also have access
 to all the tags in the upstream repository. Similar to branches, you can
-create and checkout a local working Git branch based on a tag name. When
+create and check out a local working Git branch based on a tag name. When
 you do this, you get a snapshot of the Git repository that reflects the
 state of the files when the change was made associated with that tag.
-The most common use is to checkout a working branch that matches a
+The most common use is to check out a working branch that matches a
 specific Yocto Project release. Here is an example::

   $ cd ~
@@ -483,7 +483,7 @@ whose "HEAD" matches the commit in the repository associated with the
 "rocko-18.0.0" tag. The files in your repository now exactly match that
 particular Yocto Project release as it is tagged in the upstream Git
 repository. It is important to understand that when you create and
-checkout a local working branch based on a tag, your environment matches
+check out a local working branch based on a tag, your environment matches
 a specific point in time and not the entire development branch (i.e.
 from the "tip" of the branch backwards).

--- a/documentation/overview-manual/figures/YP-flow-diagram.png
+++ b/documentation/overview-manual/figures/YP-flow-diagram.png
--- a/documentation/overview-manual/figures/key-dev-elements.png
+++ b/documentation/overview-manual/figures/key-dev-elements.png
--- a/documentation/overview-manual/intro.rst
+++ b/documentation/overview-manual/intro.rst
@@ -19,7 +19,7 @@ Here is what you can get from this manual:
   about features and challenges of the Yocto Project, the layer model,
   components and tools, development methods, the
   :term:`Poky` reference distribution, the
-   OpenEmbedded build system workflow, and some basic Yocto terms.
+   :term:`OpenEmbedded Build System` workflow, and some basic Yocto terms.

 -  :ref:`overview-manual/development-environment:the yocto project development environment`\ *:*
   This chapter helps you get started understanding the Yocto Project
--- a/documentation/overview-manual/svg/key-dev-elements.svg
+++ b/documentation/overview-manual/svg/key-dev-elements.svg
@@ -0,0 +1,172 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="164.765mm"
+   height="72.988113mm"
+   viewBox="0 0 164.765 72.988114"
+   version="1.1"
+   id="svg1"
+   xml:space="preserve"
+   inkscape:version="1.4.2 (ebf0e940d0, 2025-05-08)"
+   sodipodi:docname="key-dev-elements.svg"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="false"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     inkscape:zoom="1"
+     inkscape:cx="341.5"
+     inkscape:cy="-31.5"
+     inkscape:window-width="2560"
+     inkscape:window-height="1440"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="0"
+     inkscape:current-layer="layer2"
+     showborder="false"
+     borderlayer="false"
+     inkscape:antialias-rendering="true"
+     showguides="true" /><defs
+     id="defs1" /><g
+     inkscape:groupmode="layer"
+     id="layer2"
+     inkscape:label="Layer "
+     style="display:inline"
+     transform="translate(-20.664242,-129.6793)"><rect
+       style="display:inline;fill:#f1e9cc;fill-opacity:1;stroke:#6d8eb4;stroke-width:0.653;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:7.4;stroke-opacity:1;paint-order:fill markers stroke"
+       id="rect1"
+       width="164.112"
+       height="54.273098"
+       x="20.990742"
+       y="130.0058"
+       ry="0"
+       inkscape:label="yp-rect" /><rect
+       style="display:inline;fill:#f3d770;fill-opacity:1;stroke:#6d8eb4;stroke-width:0.653;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:7.4;stroke-opacity:1;paint-order:fill markers stroke"
+       id="rect2"
+       width="101.45864"
+       height="41.151588"
+       x="28.1292"
+       y="137.10953"
+       inkscape:label="poky-rect" /><rect
+       style="display:inline;fill:#c0ebf5;fill-opacity:1;stroke:#6d8eb4;stroke-width:0.653;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:7.4;stroke-opacity:1;paint-order:fill markers stroke"
+       id="rect3"
+       width="50.652737"
+       height="53.04562"
+       x="35.516178"
+       y="149.29529"
+       inkscape:label="oe-rect" /><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:4.23333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:start;writing-mode:lr-tb;direction:ltr;text-anchor:start;white-space:pre;inline-size:46.7487;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:7.4;stroke-dasharray:none;stroke-opacity:1;paint-order:fill markers stroke"
+       x="136.38763"
+       y="137.69727"
+       id="text3"
+       inkscape:label="poky-title"
+       transform="matrix(0.90889596,0,0,0.81399719,-26.072941,39.399474)"><tspan
+         x="136.38763"
+         y="137.69727"
+         id="tspan2">Poky</tspan></text><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:4.23333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:start;writing-mode:lr-tb;direction:ltr;text-anchor:start;white-space:pre;inline-size:46.7487;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:7.4;stroke-dasharray:none;stroke-opacity:1;paint-order:fill markers stroke"
+       x="136.38763"
+       y="137.69727"
+       id="text3-8"
+       inkscape:label="oe-title"
+       transform="matrix(0.90889596,0,0,0.81399719,-78.327995,83.175189)"><tspan
+         x="136.38763"
+         y="137.69727"
+         id="tspan4">OpenEmbedded</tspan></text><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:4.23333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:start;writing-mode:lr-tb;direction:ltr;text-anchor:start;white-space:pre;inline-size:46.7487;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:7.4;stroke-dasharray:none;stroke-opacity:1;paint-order:fill markers stroke"
+       x="136.38763"
+       y="137.69727"
+       id="text3-0"
+       inkscape:label="yp-title"
+       transform="matrix(0.8469291,0,0,0.81399719,21.497595,28.033837)"><tspan
+         x="136.38763"
+         y="137.69727"
+         id="tspan5">YOCTO PROJECT (YP)</tspan></text><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:2.98347px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:start;writing-mode:lr-tb;direction:ltr;text-anchor:start;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:7.4;stroke-dasharray:none;stroke-opacity:1;paint-order:fill markers stroke"
+       x="137.19444"
+       y="150.50006"
+       id="text4"
+       transform="scale(1.0050579,0.9949676)"
+       inkscape:label="yp-text"><tspan
+         sodipodi:role="line"
+         id="tspan3"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:2.98347px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;stroke-width:0"
+         x="137.19444"
+         y="150.50006">Umbrella Open Source Project</tspan><tspan
+         sodipodi:role="line"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:2.98347px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;stroke-width:0"
+         x="137.19444"
+         y="154.2294"
+         id="tspan6">that Builds and Maintains</tspan><tspan
+         sodipodi:role="line"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:2.98347px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;stroke-width:0"
+         x="137.19444"
+         y="157.95874"
+         id="tspan7">Validated Open Source Tools and</tspan><tspan
+         sodipodi:role="line"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:2.98347px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;stroke-width:0"
+         x="137.19444"
+         y="161.68808"
+         id="tspan8">Components Associated with</tspan><tspan
+         sodipodi:role="line"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:2.98347px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;stroke-width:0"
+         x="137.19444"
+         y="165.4174"
+         id="tspan9">Embedded Linux</tspan></text><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:2.97078px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:start;writing-mode:lr-tb;direction:ltr;text-anchor:start;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:7.4;stroke-dasharray:none;stroke-opacity:1;paint-order:fill markers stroke"
+       x="90.582634"
+       y="159.10139"
+       id="text10"
+       transform="scale(1.0018079,0.9981954)"
+       inkscape:label="poky-text"><tspan
+         sodipodi:role="line"
+         id="tspan10"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:2.97078px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;stroke-width:0"
+         x="90.582634"
+         y="159.10139">Yocto Project Open</tspan><tspan
+         sodipodi:role="line"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:2.97078px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;stroke-width:0"
+         x="90.582634"
+         y="162.81487"
+         id="tspan11">Source Reference</tspan><tspan
+         sodipodi:role="line"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:2.97078px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;stroke-width:0"
+         x="90.582634"
+         y="166.52835"
+         id="tspan12">Embedded Distribution</tspan></text><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.01677px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:start;writing-mode:lr-tb;direction:ltr;text-anchor:start;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:7.4;stroke-dasharray:none;stroke-opacity:1;paint-order:fill markers stroke"
+       x="40.36692"
+       y="160.98824"
+       id="text13"
+       transform="scale(0.99784993,1.0021547)"
+       inkscape:label="oe-text"><tspan
+         sodipodi:role="line"
+         id="tspan13"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.01677px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;stroke-width:0"
+         x="40.36692"
+         y="160.98824">Open Source Build Engine</tspan><tspan
+         sodipodi:role="line"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.01677px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;stroke-width:0"
+         x="40.36692"
+         y="164.7592"
+         id="tspan14">and YP-Compatible Metadata</tspan><tspan
+         sodipodi:role="line"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.01677px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;stroke-width:0"
+         x="40.36692"
+         y="168.53017"
+         id="tspan15">for Embedded Linux</tspan></text></g></svg>
--- a/documentation/overview-manual/svg/yp-flow-diagram.svg
+++ b/documentation/overview-manual/svg/yp-flow-diagram.svg
@@ -0,0 +1,950 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 13.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 14948)  -->
+
+<svg
+   version="1.1"
+   id="Layer_1"
+   x="0px"
+   y="0px"
+   width="760.50098"
+   height="352.582"
+   viewBox="0 0 760.50095 352.582"
+   enable-background="new 0 0 758.189 424.276"
+   xml:space="preserve"
+   sodipodi:docname="yp-flow-diagram.svg"
+   inkscape:version="1.4.3 (0d15f75042, 2025-12-25)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><defs
+   id="defs86">
+		
+	</defs><sodipodi:namedview
+   id="namedview86"
+   pagecolor="#ffffff"
+   bordercolor="#000000"
+   borderopacity="0.25"
+   inkscape:showpageshadow="2"
+   inkscape:pageopacity="0.0"
+   inkscape:pagecheckerboard="0"
+   inkscape:deskcolor="#d1d1d1"
+   inkscape:zoom="2.8284271"
+   inkscape:cx="296.80807"
+   inkscape:cy="212.83914"
+   inkscape:window-width="1906"
+   inkscape:window-height="934"
+   inkscape:window-x="0"
+   inkscape:window-y="0"
+   inkscape:window-maximized="0"
+   inkscape:current-layer="Layer_1" />
+<g
+   id="g17"
+   transform="matrix(1,0,0,1.0035497,-2.0824824,-11.037238)"><rect
+     style="opacity:1;fill:#00b6de;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11"
+     width="484.25"
+     height="249"
+     x="90"
+     y="112.5" /><rect
+     style="fill:#00b6de;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-8"
+     width="12"
+     height="12"
+     x="507.56818"
+     y="-301.10004"
+     ry="0"
+     transform="rotate(44.313856)" /><rect
+     style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-8-1"
+     width="12"
+     height="12"
+     x="361.46231"
+     y="-89.463524"
+     ry="0"
+     transform="rotate(44.313856)" /><rect
+     style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-8-1-1"
+     width="12"
+     height="12"
+     x="389.40585"
+     y="-60.842598"
+     ry="0"
+     transform="rotate(44.313856)" /><rect
+     style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-8-1-1-0"
+     width="12"
+     height="12"
+     x="416.47607"
+     y="-33.116081"
+     ry="0"
+     transform="rotate(44.313856)" /></g><rect
+   style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+   id="rect11-9"
+   width="87"
+   height="216"
+   x="193.91776"
+   y="119.24599" /><rect
+   style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+   id="rect11-8-1-4"
+   width="12"
+   height="12"
+   x="487.27533"
+   y="-296.15897"
+   ry="0"
+   transform="rotate(44.313856)" /><rect
+   style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+   id="rect11-9-3"
+   width="85.75"
+   height="219.75"
+   x="470.16751"
+   y="119.49599" /><g
+   id="g2"
+   transform="translate(2.3119996,-71.694)">
+	<g
+   id="g1">
+		<polygon
+   fill="#00b6de"
+   points="703.77,340.194 712.852,349.277 721.934,340.194 758.189,340.194 758.189,256.861 723.582,256.861 713.171,267.274 702.758,256.861 628.582,256.861 618.171,267.274 607.758,256.861 561.523,256.861 561.523,340.194 609.104,340.194 618.186,349.277 627.268,340.194 "
+   id="polygon1" />
+	</g>
+</g>
+<g
+   id="g4"
+   transform="translate(2.3119996,-71.694)">
+	<g
+   id="g3">
+		<polygon
+   fill="#e6e6e6"
+   points="712.837,278.274 707.221,272.658 676.557,272.658 676.557,333.657 706.983,333.657 713.055,339.729 719.128,333.657 751.557,333.657 751.557,272.658 718.452,272.658 "
+   id="polygon2" />
+	</g>
+</g>
+<g
+   id="g6"
+   transform="translate(2.3119996,-71.694)">
+	<g
+   id="g5">
+		<polygon
+   fill="#e6e6e6"
+   points="618.171,278.274 611.555,271.658 581.558,271.658 581.558,332.657 611.983,332.657 618.056,338.729 624.128,332.657 656.558,332.657 656.558,271.658 624.786,271.658 "
+   id="polygon4" />
+	</g>
+</g>
+<g
+   id="g8"
+   transform="translate(2.3119996,-71.694)"
+   style="fill:#000080">
+	<g
+   id="g7"
+   style="fill:#000080">
+		<polygon
+   fill="#ed1849"
+   points="722.166,349.277 712.504,358.941 702.84,349.277 670.523,349.277 670.523,424.276 757.523,424.276 757.523,349.277 "
+   id="polygon6"
+   style="fill:#000080" />
+	</g>
+</g>
+<g
+   id="g10"
+   transform="translate(2.3119996,-71.694)"
+   style="fill:#000080">
+	<g
+   id="g9"
+   style="fill:#000080">
+		<polygon
+   fill="#ed1849"
+   points="628.371,348.611 618.043,358.941 607.713,348.611 575.523,348.611 575.523,423.61 662.523,423.61 662.523,348.611 "
+   id="polygon8"
+   style="fill:#000080" />
+	</g>
+</g>
+
+<g
+   id="g14"
+   transform="translate(2.3119996,-71.694)">
+	<g
+   id="g13">
+		<polygon
+   fill="#c1d82f"
+   points="575.428,217.35 575.428,250.526 610.09,250.526 618.171,258.607 626.251,250.526 705.09,250.526 713.171,258.607 721.251,250.526 757.427,250.526 757.427,173.527 575.428,173.527 575.428,199.703 584.252,208.525 "
+   id="polygon12" />
+	</g>
+</g>
+
+
+
+
+
+<g
+   id="g26"
+   transform="translate(0.4155534,-73.944)">
+	<g
+   id="g25">
+		<polygon
+   fill="#4a4a30"
+   points="177.974,133.944 125.111,133.944 118.043,141.013 110.974,133.944 86.834,133.944 86.834,166.944 178.263,166.944 184.834,173.514 191.403,166.944 281.833,166.944 281.833,133.944 258.611,133.944 251.543,141.013 244.474,133.944 192.111,133.944 185.043,141.013 "
+   id="polygon24" />
+	</g>
+</g>
+<g
+   id="g28"
+   transform="matrix(0.93986241,0,0,1,-22.331287,-17.694)">
+	<g
+   id="g27">
+		<polygon
+   fill="#e6e6e6"
+   points="330.188,290.202 330.188,296.444 511.188,296.444 511.188,289.015 517.259,282.942 511.188,276.87 511.188,268.444 330.188,268.444 330.188,277.683 336.447,283.942 "
+   id="polygon26" />
+	</g>
+</g>
+<g
+   id="g30"
+   transform="matrix(0.93986241,0,0,1,-22.331287,-17.694)">
+	<g
+   id="g29">
+		<polygon
+   fill="#e6e6e6"
+   points="330.188,251.536 330.188,257.944 511.188,257.944 511.188,250.515 517.259,244.442 511.188,238.37 511.188,229.944 330.188,229.944 330.188,239.016 336.447,245.276 "
+   id="polygon28" />
+	</g>
+</g>
+<g
+   id="g32"
+   transform="matrix(0.93986241,0,0,1,-22.331287,-17.694)">
+	<g
+   id="g31">
+		<polygon
+   fill="#e6e6e6"
+   points="330.188,211.18 330.188,218.444 511.188,218.444 511.188,211.015 517.259,204.942 511.188,198.87 511.188,190.444 330.188,190.444 330.188,199.372 336.092,205.276 "
+   id="polygon30" />
+	</g>
+</g>
+<g
+   id="g34"
+   transform="translate(-40.188,-71.694)">
+	<g
+   id="g33">
+		<polygon
+   fill="#e6e6e6"
+   points="144.188,342.944 144.188,406.944 225.188,406.944 225.188,381.515 231.259,375.442 225.188,369.37 225.188,342.944 190.445,342.944 184.043,349.348 177.639,342.944 "
+   id="polygon32" />
+	</g>
+</g>
+<g
+   id="g36"
+   transform="translate(-40.188,-71.694)">
+	<g
+   id="g35">
+		<polygon
+   fill="#e6e6e6"
+   points="177.618,330.944 184.188,337.514 190.757,330.944 225.188,330.944 225.188,266.944 190.778,266.944 183.71,274.014 176.64,266.944 144.188,266.944 144.188,330.944 "
+   id="polygon34" />
+	</g>
+</g>
+<g
+   id="g38"
+   transform="translate(-40.188,-71.694)">
+	<g
+   id="g37">
+		<polygon
+   fill="#e6e6e6"
+   points="177.118,254.944 183.688,261.514 190.257,254.944 224.688,254.944 224.688,190.944 191.445,190.944 184.376,198.014 177.306,190.944 143.688,190.944 143.688,254.944 "
+   id="polygon36" />
+	</g>
+</g>
+<g
+   id="g40"
+   transform="matrix(1,0,0,0.86327911,0.062,-77.645148)">
+	<g
+   id="g39">
+		<polygon
+   fill="#4a4a30"
+   points="81.188,221.611 0.188,221.611 0.188,285.61 81.188,285.61 81.188,260.181 87.259,254.109 81.188,248.037 "
+   id="polygon38" />
+	</g>
+</g><g
+   id="g40-0"
+   transform="matrix(1,0,0,0.86327911,0.312,-18.368819)">
+	<g
+   id="g39-6">
+		<polygon
+   fill="#4a4a30"
+   points="87.259,254.109 81.188,248.037 81.188,221.611 0.188,221.611 0.188,285.61 81.188,285.61 81.188,260.181 "
+   id="polygon38-4" />
+	</g>
+</g><g
+   id="g40-0-2"
+   transform="matrix(1,0,0,0.86327911,0.062,40.907511)">
+	<g
+   id="g39-6-5">
+		<polygon
+   fill="#4a4a30"
+   points="87.259,254.109 81.188,248.037 81.188,221.611 0.188,221.611 0.188,285.61 81.188,285.61 81.188,260.181 "
+   id="polygon38-4-8" />
+	</g>
+</g><g
+   id="g40-0-28"
+   transform="matrix(1,0,0,0.86327911,-0.188,100.18384)">
+	<g
+   id="g39-6-4">
+		<polygon
+   fill="#4a4a30"
+   points="81.188,285.61 81.188,260.181 87.259,254.109 81.188,248.037 81.188,221.611 0.188,221.611 0.188,285.61 "
+   id="polygon38-4-7" />
+	</g>
+</g>
+<g
+   id="g42"
+   transform="translate(0.062,-71.944)"
+   style="fill:#ff7f2a">
+	<g
+   id="g41"
+   style="fill:#ff7f2a">
+		<polygon
+   fill="#7e8082"
+   points="178.618,123.944 185.188,130.514 191.757,123.944 215.188,123.944 215.188,71.944 154.188,71.944 154.188,123.944 "
+   id="polygon40"
+   style="fill:#ff7f2a" />
+	</g>
+</g>
+<rect
+   x="126.062"
+   y="75.334"
+   fill="none"
+   width="116.666"
+   height="21.333"
+   id="rect42" />
+<text
+   fill="#ffffff"
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text42"
+   x="139.47949"
+   y="82.440079"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Source Materials</text>
+<rect
+   x="155.41699"
+   y="10.834001"
+   fill="none"
+   width="58.666"
+   height="40.667"
+   id="rect43" />
+<text
+   id="text44"
+   x="190.00726"
+   y="29.10741"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:49.6985"
+   transform="translate(-5.5244746,-7.8775879)"
+   xml:space="preserve"><tspan
+     x="190.00726"
+     y="29.10741"
+     id="tspan1">Local<tspan
+   y="29.10741"
+   id="tspan2"> </tspan></tspan><tspan
+     x="190.00726"
+     y="42.440787"
+     id="tspan3">Projects</tspan></text>
+<g
+   id="g45"
+   transform="translate(0.062,-71.944)"
+   style="fill:#ff7f2a">
+	<g
+   id="g44"
+   style="fill:#ff7f2a">
+		<polygon
+   fill="#7e8082"
+   points="245.118,123.944 251.688,130.514 258.257,123.944 281.688,123.944 281.688,71.944 220.688,71.944 220.688,123.944 "
+   id="polygon44"
+   style="fill:#ff7f2a" />
+	</g>
+</g>
+<rect
+   x="221.91699"
+   y="7.8340006"
+   fill="none"
+   width="58.666"
+   height="40.667"
+   id="rect45" />
+<text
+   id="text47"
+   x="258.17291"
+   y="26.10741"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:56.5275;fill:#000000"
+   transform="translate(-6.4360358,-3.6326896)"
+   xml:space="preserve"><tspan
+     x="258.17291"
+     y="26.10741"
+     id="tspan4">SCMs<tspan
+   y="26.10741"
+   id="tspan5"> </tspan></tspan><tspan
+     x="258.17291"
+     y="39.440787"
+     id="tspan6">(optional)</tspan></text>
+<g
+   id="g48"
+   transform="translate(0.062,-71.944)"
+   style="fill:#ff7f2a">
+	<g
+   id="g47"
+   style="fill:#ff7f2a">
+		<polygon
+   fill="#7e8082"
+   points="111.618,123.944 118.188,130.514 124.757,123.944 148.188,123.944 148.188,71.944 87.188,71.944 87.188,123.944 "
+   id="polygon47"
+   style="fill:#ff7f2a" />
+	</g>
+</g>
+<rect
+   x="88.417007"
+   y="10.834001"
+   fill="none"
+   width="58.666"
+   height="40.667"
+   id="rect48" />
+<text
+   id="text49"
+   x="125.51399"
+   y="29.10741"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:64.823"
+   transform="translate(-8.2169997,-13.75401)"
+   xml:space="preserve"><tspan
+     x="125.51399"
+     y="29.10741"
+     id="tspan7">Upstream<tspan
+   y="29.10741"
+   id="tspan8"> </tspan></tspan><tspan
+     x="125.51399"
+     y="42.440787"
+     id="tspan9">Project<tspan
+   y="42.440787"
+   id="tspan10"> </tspan></tspan><tspan
+     x="125.51399"
+     y="55.774165"
+     id="tspan11">Releases</tspan></text>
+<rect
+   x="115.167"
+   y="137.084"
+   fill="none"
+   width="58.666"
+   height="40.667"
+   id="rect49" />
+<text
+   id="text51"
+   x="128.34723"
+   y="147.37112"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"><tspan
+     x="128.34723"
+     y="147.37112"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan50"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Source </tspan><tspan
+     x="123.54125"
+     y="161.77113"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan51"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Fetching</tspan></text>
+<rect
+   x="115.167"
+   y="215.08401"
+   fill="none"
+   width="58.666"
+   height="40.666"
+   id="rect51" />
+<text
+   id="text53"
+   x="131.82678"
+   y="224.31099"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"><tspan
+     x="131.82678"
+     y="224.31099"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan52"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Patch </tspan><tspan
+     x="117.00081"
+     y="238.70999"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan53"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Application</tspan></text>
+<rect
+   x="107.167"
+   y="279.08401"
+   fill="none"
+   width="74.166"
+   height="69.237"
+   id="rect53" />
+<text
+   id="text57"
+   x="149.00055"
+   y="297.35791"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:74.8743"
+   transform="translate(-3.496696,4.953096)"
+   xml:space="preserve"><tspan
+     x="149.00055"
+     y="297.35791"
+     id="tspan12">Configuration /<tspan
+   y="297.35791"
+   id="tspan13"> </tspan></tspan><tspan
+     x="149.00055"
+     y="310.69127"
+     id="tspan14">Compile</tspan></text>
+<rect
+   x="201.16699"
+   y="184.084"
+   fill="none"
+   width="74.166"
+   height="89.237"
+   id="rect57" />
+<text
+   id="text63"
+   x="221.86859"
+   y="192.60429"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"><tspan
+     x="221.86859"
+     y="192.60429"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan58"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Output </tspan><tspan
+     x="211.42859"
+     y="207.0043"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan59"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Analysis for </tspan><tspan
+     x="218.94058"
+     y="221.4043"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan60"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">package </tspan><tspan
+     x="207.54759"
+     y="235.80429"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan61"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">splitting plus </tspan><tspan
+     x="218.94058"
+     y="250.2043"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan62"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">package </tspan><tspan
+     x="207.81059"
+     y="264.60431"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan63"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">relationships</tspan></text><text
+   id="text63-1"
+   x="555.48315"
+   y="202.90402"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:31.0495"
+   transform="translate(-42.334211,23.629617)"
+   xml:space="preserve"><tspan
+     x="555.48315"
+     y="202.90402"
+     id="tspan15">QA<tspan
+   y="202.90402"
+   id="tspan16"> </tspan></tspan><tspan
+     x="555.48315"
+     y="216.2374"
+     id="tspan18">Tests</tspan></text>
+<rect
+   x="319.146"
+   y="127.084"
+   fill="none"
+   width="116.666"
+   height="21.333"
+   id="rect63" />
+<text
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text64"
+   x="335.19238"
+   y="189.60429"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">.rpm generation</text>
+<rect
+   x="319.146"
+   y="166.584"
+   fill="none"
+   width="116.666"
+   height="21.333"
+   id="rect64" />
+<text
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text65"
+   x="335.76849"
+   y="229.10429"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">.deb generation</text>
+<rect
+   x="319.146"
+   y="205.08401"
+   fill="none"
+   width="116.666"
+   height="21.333"
+   id="rect65" />
+<text
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text66"
+   x="337.9404"
+   y="267.60391"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">.ipk generation</text>
+<rect
+   x="296.16699"
+   y="307.08401"
+   fill="none"
+   width="77.166"
+   height="30.237"
+   id="rect66" />
+
+<rect
+   x="299.66699"
+   y="261.08401"
+   fill="none"
+   width="71.853996"
+   height="33.664001"
+   id="rect67" />
+
+<rect
+   x="395.97998"
+   y="261.08401"
+   fill="none"
+   width="71.853996"
+   height="33.664001"
+   id="rect69" />
+
+<rect
+   x="390.66699"
+   y="307.08401"
+   fill="none"
+   width="77.166"
+   height="30.237"
+   id="rect71" />
+
+<rect
+   y="133"
+   fill="none"
+   width="81.666"
+   height="39.334"
+   id="rect73"
+   x="0.061999973" />
+<text
+   id="text75"
+   x="64.610138"
+   y="186.94585"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:66.7773"
+   transform="translate(-23.458902,-49.50401)"
+   xml:space="preserve"><tspan
+     x="64.610138"
+     y="186.94585"
+     id="tspan20"><tspan
+   style="fill:#ffffff"
+   id="tspan19">User</tspan>
+</tspan><tspan
+     x="64.610138"
+     y="200.27922"
+     id="tspan22"><tspan
+       style="fill:#ffffff"
+       id="tspan21">Configuration</tspan></tspan></text><text
+   id="text75-4"
+   x="64.610138"
+   y="186.94585"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:66.7773"
+   transform="translate(-24.603766,70.32617)"
+   xml:space="preserve"><tspan
+     x="64.610138"
+     y="186.94585"
+     id="tspan24"><tspan
+   style="fill:#ffffff"
+   id="tspan23">Machine BSP</tspan>
+</tspan><tspan
+     x="64.610138"
+     y="200.27922"
+     id="tspan26"><tspan
+       style="fill:#ffffff"
+       id="tspan25">Configuration</tspan></tspan></text><text
+   id="text75-4-6"
+   x="64.610138"
+   y="186.94585"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:66.7773"
+   transform="translate(-25.353766,128.82617)"
+   xml:space="preserve"><tspan
+     x="64.610138"
+     y="186.94585"
+     id="tspan28"><tspan
+   style="fill:#ffffff"
+   id="tspan27">Policy</tspan>
+</tspan><tspan
+     x="64.610138"
+     y="200.27922"
+     id="tspan30"><tspan
+       style="fill:#ffffff"
+       id="tspan29">Configuration</tspan></tspan></text>
+
+<rect
+   y="211.16798"
+   fill="none"
+   width="81.666"
+   height="39.333"
+   id="rect76"
+   x="0.061999973" />
+<text
+   id="text78"
+   x="70.02713"
+   y="265.4418"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:89.4625"
+   transform="translate(-28.848315,-69.549143)"
+   xml:space="preserve"><tspan
+     x="70.02713"
+     y="265.4418"
+     id="tspan32"><tspan
+       style="fill:#ffffff"
+       id="tspan31">Metadata
+</tspan></tspan><tspan
+     x="70.02713"
+     y="278.77516"
+     id="tspan34"><tspan
+       style="fill:#ffffff"
+       id="tspan33">(.bb + patches)</tspan></tspan></text>
+<rect
+   x="612.83502"
+   y="131.418"
+   fill="none"
+   width="112.186"
+   height="20.163"
+   id="rect78" />
+<text
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text79"
+   x="629.87451"
+   y="142.68779"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Package Feeds</text>
+<rect
+   x="579.98102"
+   y="306.25101"
+   fill="none"
+   width="81.666"
+   height="39.332001"
+   id="rect79" />
+<text
+   fill="#ffffff"
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text80"
+   x="604.24854"
+   y="319.7699"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Images</text>
+<rect
+   x="584.14703"
+   y="216.08499"
+   fill="none"
+   width="71.853996"
+   height="33.664001"
+   id="rect80" />
+<text
+   id="text81"
+   x="606.88434"
+   y="227.1058"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"><tspan
+     x="606.88434"
+     y="227.1058"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan80"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Image </tspan><tspan
+     x="594.48834"
+     y="241.50479"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan81"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Generation</tspan></text>
+<rect
+   x="678.83301"
+   y="215.08499"
+   fill="none"
+   width="77.166"
+   height="30.237"
+   id="rect81" />
+<text
+   id="text83"
+   x="708.21045"
+   y="228.6058"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"><tspan
+     x="708.21045"
+     y="228.6058"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan82"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">SDK </tspan><tspan
+     x="690.33142"
+     y="243.00479"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="tspan83"
+     style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal">Generation</tspan></text>
+<rect
+   x="379.06299"
+   y="86.834"
+   fill="none"
+   width="199.03999"
+   height="21.164"
+   id="rect83" />
+<text
+   fill="#333333"
+   font-family="MyriadPro-Regular"
+   font-size="12px"
+   id="text84"
+   x="426.28253"
+   y="26.005543"
+   style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333">OpenEmbedded Architecture Workflow</text><g
+   id="g18"
+   transform="translate(-10.254525,-9.75401)"><rect
+     style="fill:#00b6de;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17">Build System</tspan></text></g><g
+   id="g18-4"
+   transform="translate(-10.254525,-25.970712)"><rect
+     style="fill:#4a4a30;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5-8"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6-0"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17-4">Metadata/Inputs</tspan></text></g><g
+   id="g18-4-9"
+   transform="translate(-10.254525,-42.187414)"><rect
+     style="fill:#ff7f2a;fill-opacity:1;stroke:#ff631a;stroke-width:0.49911493;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5-8-6"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6-0-1"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17-4-0">Upstream Source</tspan></text></g><g
+   id="g18-4-9-2"
+   transform="translate(101.50803,-40.934366)"><rect
+     style="fill:#c1d82f;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5-8-6-2"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6-0-1-2"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17-4-0-0">Output Packages</tspan></text></g><g
+   id="g18-4-9-2-5"
+   transform="translate(101.50803,-24.709046)"><rect
+     style="fill:#e6e6e6;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5-8-6-2-2"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6-0-1-2-9"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17-4-0-0-0">Process steps (tasks)</tspan></text></g><g
+   id="g18-4-9-2-5-8"
+   transform="translate(101.50803,-8.4837252)"><rect
+     style="fill:#000080;fill-opacity:1;stroke:#ff631a;stroke-width:0;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-dasharray:none"
+     id="rect11-5-8-6-2-2-3"
+     width="10"
+     height="9.9646282"
+     x="442.00568"
+     y="76.711205"
+     transform="matrix(1,0,0,1.0035497,0,-1.2832284)" /><text
+     fill="#333333"
+     font-family="MyriadPro-Regular"
+     font-size="12px"
+     id="text84-6-0-1-2-9-8"
+     x="456.48013"
+     y="84.126945"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:12px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#333333"><tspan
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9.33333px;font-family:Sans;-inkscape-font-specification:'Sans, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal"
+       id="tspan17-4-0-0-0-0">Output Imaga Data</tspan></text></g>
+
+
+<rect
+   x="675.64801"
+   y="304.91699"
+   fill="none"
+   width="81.666"
+   height="39.332001"
+   id="rect85" />
+<text
+   id="text86"
+   x="720.58508"
+   y="322.93991"
+   style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10.6667px;font-family:'Nimbus Sans L';-inkscape-font-specification:'Nimbus Sans L, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;white-space:pre;inline-size:65.518"
+   transform="translate(-2.5824824,-12.25401)"
+   xml:space="preserve"><tspan
+     x="720.58508"
+     y="322.93991"
+     id="tspan36"><tspan
+   style="fill:#ffffff"
+   id="tspan35">Application</tspan><tspan
+   y="322.93991"
+   id="tspan37"> </tspan></tspan><tspan
+     x="720.58508"
+     y="336.27327"
+     id="tspan39"><tspan
+   style="fill:#ffffff"
+   id="tspan38">Development</tspan><tspan
+   y="336.27327"
+   id="tspan40"> </tspan></tspan><tspan
+     x="720.58508"
+     y="349.60665"
+     id="tspan42"><tspan
+       style="fill:#ffffff"
+       id="tspan41">SDK</tspan></tspan></text>
+</svg>
--- a/documentation/overview-manual/yp-intro.rst
+++ b/documentation/overview-manual/yp-intro.rst
@@ -23,15 +23,9 @@ comes to delivering embedded software stacks. The project allows
 software customizations and build interchange for multiple hardware
 platforms as well as software stacks that can be maintained and scaled.

-.. image:: figures/key-dev-elements.png
+.. image:: svg/key-dev-elements.*
    :width: 100%

-For further introductory information on the Yocto Project, you might be
-interested in this
-`article <https://www.embedded.com/why-the-yocto-project-for-my-iot-project/>`__
-by Drew Moseley and in this short introductory
-`video <https://www.youtube.com/watch?v=utZpKM7i5Z4>`__.
-
 The remainder of this section overviews advantages and challenges tied
 to the Yocto Project.

@@ -44,7 +38,7 @@ Here are features and advantages of the Yocto Project:
   system, software, and service vendors adopt and support the Yocto
   Project in their products and services. For a look at the Yocto
   Project community and the companies involved with the Yocto Project,
-   see the "COMMUNITY" and "ECOSYSTEM" tabs on the
+   see the "COMMUNITY" and "ABOUT" tabs on the
   :yocto_home:`Yocto Project <>` home page.

 -  *Architecture Agnostic:* Yocto Project supports Intel, ARM, MIPS,
@@ -60,10 +54,9 @@ Here are features and advantages of the Yocto Project:
   move between architectures without moving to new development
   environments. Additionally, if you have used the Yocto Project to
   create an image or application and you find yourself not able to
-   support it, commercial Linux vendors such as Wind River, Mentor
-   Graphics, Timesys, and ENEA could take it and provide ongoing
-   support. These vendors have offerings that are built using the Yocto
-   Project.
+   support it, commercial Linux vendors listed on :yocto_home:`/members/` and
+   :yocto_home:`/about/participants/` could take it and provide ongoing
+   support.

 -  *Flexibility:* Corporations use the Yocto Project many different
   ways. One example is to create an internal Linux distribution as a
@@ -388,7 +381,7 @@ Yocto Project:

   .. note::

-      AutoBuilder is based on buildbot.
+      AutoBuilder is based on `buildbot <https://buildbot.net/>`__.

   A goal of the Yocto Project is to lead the open source industry with
   a project that automates testing and QA procedures. In doing so, the
@@ -735,7 +728,7 @@ The :term:`OpenEmbedded Build System` uses a "workflow" to
 accomplish image and SDK generation. The following figure overviews that
 workflow:

-.. image:: figures/YP-flow-diagram.png
+.. image:: svg/yp-flow-diagram.*
    :width: 100%

 Here is a brief summary of the "workflow":
@@ -761,7 +754,8 @@ Here is a brief summary of the "workflow":
   package feed that is used to create the final root file image.

 #. The build system generates the file system image and a customized
-   Extensible SDK (eSDK) for application development in parallel.
+   :doc:`SDK </sdk-manual/index>` (Software Development Kit) for application
+   development in parallel.

 For a very detailed look at this workflow, see the
 ":ref:`overview-manual/concepts:openembedded build system concepts`" section.
@@ -787,7 +781,9 @@ helpful for getting started:
   their code available to other application developers. For information
   on the eSDK, see the :doc:`/sdk-manual/index` manual.

-  *Layer:* A collection of related recipes. Layers allow you to
+-  *Layer:* A collection of related metadata, which could include any of
+   recipes, machine configuration files, distro configuration files
+   and/or class files. Layers allow you to
   consolidate related metadata to customize your build. Layers also
   isolate information used when building for multiple architectures.
   Layers are hierarchical in their ability to override previous
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -1248,6 +1248,53 @@ The :ref:`ref-classes-image_types` class also handles conversion and compression
   :term:`IMAGE_FSTYPES`. This would also be similar for Virtual Box Virtual Disk
   Image ("vdi") and QEMU Copy On Write Version 2 ("qcow2") images.

+.. _ref-classes-image-container:
+
+``image-container``
+===================
+
+The :ref:`ref-classes-image-container` class is automatically inherited in
+:doc:`image </ref-manual/images>` recipes that have the ``container`` image type
+in :term:`IMAGE_FSTYPES`. It provides relevant settings to generate an image
+ready for use with an :wikipedia:`OCI <Open_Container_Initiative>`-compliant
+container management tool, such as :wikipedia:`Podman <Podman>` or
+:wikipedia:`Docker <Docker_(software)>`.
+
+.. note::
+
+   This class neither builds nor installs container management tools on the
+   target. Those tools are available in the :yocto_git:`meta-virtualization
+   </meta-virtualization>` layer.
+
+You should set the :term:`PREFERRED_PROVIDER` for the Linux kernel to
+``linux-dummy`` in a :term:`configuration file`::
+
+   PREFERRED_PROVIDER_virtual/kernel = "linux-dummy"
+
+Otherwise an error is triggered. If desired, the
+:term:`IMAGE_CONTAINER_NO_DUMMY` variable can be set to "1" to avoid triggering
+this error.
+
+The ``linux-dummy`` recipe acts as a Linux kernel recipe but builds nothing. It
+is relevant to use as the preferred Linux kernel provider in this case as a
+container image does not need to include a Linux kernel. Selecting it as the
+preferred provider for the kernel will also decrease build time.
+
+Using this class only deploys an additional ``tar.bz2`` archive to
+:term:`DEPLOY_DIR_IMAGE`. This archive can be used in a container file (a file
+typically named ``Dockerfile`` or ``Containerfile``). For example, to be used with
+:wikipedia:`Podman <Podman>` or :wikipedia:`Docker <Docker_(software)>`, the
+`container file <https://docs.docker.com/reference/dockerfile/>`__ could contain
+the following instructions:
+
+.. code-block:: dockerfile
+
+   FROM scratch
+   ADD ./image-container-qemux86-64.rootfs.tar.bz2 /
+   ENTRYPOINT /bin/sh
+
+This is suitable to build a container using our generated root filesystem image.
+
 .. _ref-classes-image-live:

 ``image-live``
@@ -2357,6 +2404,18 @@ section in the Yocto Project Development Tasks Manual.

 Previously, this class was called the ``task`` class.

+.. note::
+
+   If you're defining a packagegroup and need to set::
+
+      PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+   for the packagegroup, you need to do that *before* the
+   ``inherit packagegroup`` line in the recipe file.
+   Setting it afterward can break BitBake parsing, result in
+   an "allarch" architecture mismatch error, or allow
+   architecture-independent defaults to override your intent.
+
 .. _ref-classes-patch:

 ``patch``
@@ -2797,6 +2856,13 @@ which can also be set in your ``local.conf`` file. Here is an example::

   RM_WORK_EXCLUDE += "busybox glibc"

+Finally, if you are using this class for a recipe but want to prevent
+:term:`BitBake` from deleting specific folders or files in that recipe's
+:term:`WORKDIR` (other than ``temp``), you can preserve those folders or
+files with the :term:`RM_WORK_EXCLUDE_ITEMS` variable as follows::
+
+   RM_WORK_EXCLUDE_ITEMS += "items_to_keep"
+
 .. _ref-classes-rootfs*:

 ``rootfs*``
@@ -3382,9 +3448,9 @@ The variables used by this class are:
   rebuilding the FIT image containing the kernel.

 See U-Boot's documentation for details about `verified boot
-<https://source.denx.de/u-boot/u-boot/-/blob/master/doc/uImage.FIT/verified-boot.txt>`__
+<https://docs.u-boot.org/en/latest/usage/fit/verified-boot.html>`__
 and the `signature process
-<https://source.denx.de/u-boot/u-boot/-/blob/master/doc/uImage.FIT/signature.txt>`__.
+<https://docs.u-boot.org/en/latest/usage/fit/signature.html>`__.

 See also the description of :ref:`ref-classes-kernel-fitimage` class, which this class
 imitates.
--- a/documentation/ref-manual/release-process.rst
+++ b/documentation/ref-manual/release-process.rst
@@ -45,6 +45,45 @@ release process validates the content of the new branch.
   Realize that there can be patches merged onto the stable release
   branches as and when they become available.

+.. _ref-yp-development-cycle:
+
+Development Cycle
+=================
+
+As explained in the previous :ref:`ref-manual/release-process:Major and Minor
+Release Cadence` section, a new release comes out every six months.
+
+During this six-months period of time, the Yocto Project releases four
+"Milestone" releases which represent distinct points of time. The milestone
+releases are tested through the :ref:`ref-manual/release-process:Testing and
+Quality Assurance` process and helps spotting issues before the actual release
+is out.
+
+The time span between milestone releases can vary, but they are in general
+evenly spaced out during this six-months period of time.
+
+These milestone releases are tagged with a capital "M" after the future release
+tag name. For example, the milestone tags "&DISTRO_RELEASE_SERIES;M1",
+"&DISTRO_RELEASE_SERIES;M2", and "&DISTRO_RELEASE_SERIES;M3" are released before
+the actual "&DISTRO_RELEASE_SERIES;" release.
+
+.. note::
+
+   The fourth milestone (M4) is not actually released and announced, but
+   represents a point of time for the Quality Assurance team to start the
+   :ref:`ref-manual/release-process:Testing and Quality Assurance` process
+   before tagging and delivering the final release.
+
+After the third milestone release (M3), the Yocto Project enters **Feature
+Freeze**. This means that the maintainers of :term:`OpenEmbedded-Core
+(OE-Core)`, :term:`BitBake` and other core repositories stop accepting
+significant changes on the "master" branch. Changes that may be accepted are
+minor upgrades to core components and security/bug fixes.
+
+During feature freeze, a new branch is created and maintained separately to
+test new features and enhancements received from contributors, but these changes
+will only make it to the master branch after the release is out.
+
 Major Release Codenames
 =======================

@@ -62,7 +101,8 @@ codename are likely to be compatible and thus work together.

 Releases are given a nominal release version as well but the codename is
 used in repositories for this reason. You can find information on Yocto
-Project releases and codenames at :yocto_wiki:`/Releases`.
+Project releases and codenames in the :yocto_home:`Releases page
+</development/releases/>`.

 Our :doc:`/migration-guides/index` detail how to migrate from one release of
 the Yocto Project to the next.
--- a/documentation/ref-manual/svg/releases.svg
+++ b/documentation/ref-manual/svg/releases.svg
@@ -608,7 +608,7 @@
         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
         id="tspan10317-2-9-1-4">4.2</tspan></text>
    <rect
-       style="opacity:1;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       style="opacity:0.5;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
       id="rect917-0-0-4-4-9-4-5-3-9-2-3-6"
       width="140"
       height="45.000004"
@@ -632,7 +632,7 @@
         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
         id="tspan10317-2-9-1-4-6-5-6">5.1</tspan></text>
    <rect
-       style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1;opacity:0.5"
       id="rect917-0-0-4-4-9-4-5-3-9-2-3-6-2"
       width="140"
       height="45.000004"
@@ -656,26 +656,26 @@
         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
         id="tspan10317-2-9-1-4-6-5-6-9">5.2</tspan></text>
    <rect
-       style="opacity:0.75;fill:#251f32;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       style="opacity:1;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
       id="rect917-0-0-4-4-9-4-5-3-9-2-3-67"
       width="140"
       height="45.000004"
-       x="1163.6425"
+       x="1223.8723"
       y="-382.27469"
       ry="2.2558987" />
    <text
       xml:space="preserve"
       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1214.9716"
+       x="1275.2014"
       y="-363.89413"
       id="text1185-3-55-4-0-0-0-1-1-6-4-3-53"><tspan
         sodipodi:role="line"
-         x="1214.9716"
+         x="1275.2014"
         y="-363.89413"
         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
         id="tspan957-2-8-6-3-9-7-4-2-0-5-5">Whinlatter</tspan><tspan
         sodipodi:role="line"
-         x="1214.9716"
+         x="1275.2014"
         y="-345.89746"
         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
         id="tspan10317-2-9-1-4-6-5-6-6-6">5.3</tspan></text>
@@ -1847,7 +1847,7 @@
         x="2128.7158"
         y="-7.6722765"
         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans';text-align:center;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none"
-         id="tspan10317-2-9-1-4-6-5-6-6-5-9-7">Current (Apr. 25)</tspan></text>
+         id="tspan10317-2-9-1-4-6-5-6-6-5-9-7">Current (Dec. 25)</tspan></text>
    <text
       xml:space="preserve"
       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
--- a/documentation/ref-manual/system-requirements.rst
+++ b/documentation/ref-manual/system-requirements.rst
@@ -64,6 +64,7 @@ supported on the following distributions:

 -  AlmaLinux 8
 -  AlmaLinux 9
+-  CentOS Stream 9
 -  Debian 11
 -  Debian 12
 -  Fedora 39
@@ -71,10 +72,8 @@ supported on the following distributions:
 -  Fedora 41
 -  Rocky Linux 8
 -  Rocky Linux 9
-  Ubuntu 20.04 (LTS)
 -  Ubuntu 22.04 (LTS)
 -  Ubuntu 24.04 (LTS)
-  Ubuntu 24.10

 The following distribution versions are still tested, even though the
 organizations publishing them no longer make updates publicly available:
@@ -86,7 +85,7 @@ organizations publishing them no longer make updates publicly available:

 -  Fedora 39
 -  Fedora 40
-  Ubuntu 20.04 (LTS)
+-  Fedora 41

 Note that the Yocto Project doesn't have access to private updates
 that some of these versions may have. Therefore, our testing has
@@ -103,7 +102,9 @@ tested on former revisions of "&DISTRO_NAME;", but no longer are:
 -  Fedora 38
 -  OpenSUSE Leap 15.4
 -  Ubuntu 18.04
+-  Ubuntu 20.04
 -  Ubuntu 23.04
+-  Ubuntu 24.10

 .. note::

--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -1463,6 +1463,12 @@ system and gives an overview of their function and contents.
      :term:`CCACHE_DISABLE` variable can be set to "1" in a recipe to disable
      `Ccache` support. This is useful when the recipe is known to not support it.

+   :term:`CCACHE_TOP_DIR`
+      When inheriting the :ref:`ref-classes-ccache` class, the
+      :term:`CCACHE_TOP_DIR` variable can be set to the location of where
+      `Ccache` stores its cache files. This directory can be shared between
+      builds.
+
   :term:`CCLD`
      The minimal command and arguments used to run the linker when the C
      compiler is being used as the linker.
@@ -1632,7 +1638,7 @@ system and gives an overview of their function and contents.
         (set via :term:`RRECOMMENDS`) are always ignored.

   :term:`COMPONENTS_DIR`
-      Stores sysroot components for each recipe. The OpenEmbedded build
+      Stores sysroot components provided by each recipe. The OpenEmbedded build
      system uses :term:`COMPONENTS_DIR` when constructing recipe-specific
      sysroots for other recipes.

@@ -2138,7 +2144,7 @@ system and gives an overview of their function and contents.

      The practical effect of the previous assignment is that all files
      installed by bar will be available in the appropriate staging sysroot,
-      given by the :term:`STAGING_DIR* <STAGING_DIR>` variables, by the time
+      given by the :term:`STAGING_DIR* <STAGING_DIR_HOST>` variables, by the time
      the :ref:`ref-tasks-configure` task for ``foo`` runs. This mechanism is
      implemented by having :ref:`ref-tasks-configure` depend on the
      :ref:`ref-tasks-populate_sysroot` task of each recipe listed in
@@ -3837,6 +3843,24 @@ system and gives an overview of their function and contents.
      variable, see the :ref:`ref-classes-image_types`
      class file, which is ``meta/classes-recipe/image_types.bbclass``.

+   :term:`IMAGE_CONTAINER_NO_DUMMY`
+      When an image recipe has the ``container`` image type in
+      :term:`IMAGE_FSTYPES`, it expects the :term:`PREFERRED_PROVIDER` for
+      the Linux kernel (``virtual/kernel``) to be set to ``linux-dummy`` from a
+      :term:`configuration file`. Otherwise, an error is triggered.
+
+      When set to "1", the :term:`IMAGE_CONTAINER_NO_DUMMY` variable allows the
+      :term:`PREFERRED_PROVIDER` variable to be set to another value, thus
+      skipping the check and not triggering the build error. Any other value
+      will keep the check.
+
+      This variable should be set from the image recipe using the ``container``
+      image type.
+
+      See the documentation of the :ref:`ref-classes-image-container` class for
+      more information on why setting the :term:`PREFERRED_PROVIDER` to
+      ``linux-dummy`` is advised with this class.
+
   :term:`IMAGE_DEVICE_TABLES`
      Specifies one or more files that contain custom device tables that
      are passed to the ``makedevs`` command as part of creating an image.
@@ -5325,7 +5349,8 @@ system and gives an overview of their function and contents.
      section in the Yocto Project Development Tasks Manual.

   :term:`LICENSE`
-      The list of source licenses for the recipe. Follow these rules:
+      This is a required field in an OpenEmbedded recipe file, and should
+      contain a list of source licenses for the recipe. Follow these rules:

      -  Do not use spaces within individual license names.

@@ -5365,6 +5390,12 @@ system and gives an overview of their function and contents.
         LICENSE:${PN} = "GPL-2.0.only"
         LICENSE:${PN}-doc = "GFDL-1.2"

+      .. note::
+
+         A recipe's :term:`LICENSE` value must be accompanied by an associated
+         :term:`LIC_FILES_CHKSUM` value, except in the special case where
+         the :term:`LICENSE` value is set to "CLOSED".
+
   :term:`LICENSE_CREATE_PACKAGE`
      Setting :term:`LICENSE_CREATE_PACKAGE` to "1" causes the OpenEmbedded
      build system to create an extra package (i.e.
@@ -5750,6 +5781,9 @@ system and gives an overview of their function and contents.
      The default value for :term:`MIRRORS` is defined in the
      ``meta/classes-global/mirrors.bbclass`` file in the core metadata layer.

+      See the definition of this variable in the BitBake Manual for more
+      details: :term:`bitbake:MIRRORS`.
+
   :term:`MLPREFIX`
      Specifies a prefix has been added to :term:`PN` to create a
      special version of a recipe or package (i.e. a Multilib version). The
@@ -6172,8 +6206,8 @@ system and gives an overview of their function and contents.

      .. note::

-         An easy way to see what overrides apply is to search for :term:`OVERRIDES`
-         in the output of the ``bitbake -e`` command. See the
+         An easy way to see what overrides apply is to run the command
+         ``bitbake-getvar -r myrecipe OVERRIDES``. See the
         ":ref:`dev-manual/debugging:viewing variable values`" section in the Yocto
         Project Development Tasks Manual for more information.

@@ -6322,8 +6356,8 @@ system and gives an overview of their function and contents.
      an iterative development process to remove specific components from a
      system.

-      This variable is supported only when using the IPK and RPM
-      packaging backends. DEB is not supported.
+      This variable is supported by all of the RPM, DEB and IPK
+      packaging backends.

      See the :term:`NO_RECOMMENDATIONS` and the
      :term:`BAD_RECOMMENDATIONS` variables for
@@ -6817,19 +6851,17 @@ system and gives an overview of their function and contents.
      Points to a shared, global-state directory that holds data generated
      during the packaging process. During the packaging process, the
      :ref:`ref-tasks-packagedata` task packages data
-      for each recipe and installs it into this temporary, shared area.
+      for each recipe and installs it into this shared area.
      This directory defaults to the following, which you should not
      change::

-         ${STAGING_DIR_HOST}/pkgdata
+         ${TMPDIR}/pkgdata/${MACHINE}

      For examples of how this data is used, see the
      ":ref:`overview-manual/concepts:automatically added runtime dependencies`"
      section in the Yocto Project Overview and Concepts Manual and the
      ":ref:`dev-manual/debugging:viewing package information with ``oe-pkgdata-util```"
-      section in the Yocto Project Development Tasks Manual. For more
-      information on the shared, global-state directory, see
-      :term:`STAGING_DIR_HOST`.
+      section in the Yocto Project Development Tasks Manual.

   :term:`PKGDEST`
      Points to the parent directory for files to be packaged after they
@@ -7077,6 +7109,9 @@ system and gives an overview of their function and contents.
      ``file://`` URLs to point to local directories or network shares as
      well.

+      See the definition of this variable in the BitBake Manual for more
+      details: :term:`bitbake:PREMIRRORS`.
+
   :term:`PRIORITY`
      Indicates the importance of a package.

@@ -7411,13 +7446,13 @@ system and gives an overview of their function and contents.
      section.

   :term:`RECIPE_SYSROOT`
-      This variable points to the directory that holds all files populated from
+      This variable points to the directory populated with all files provided by
      recipes specified in :term:`DEPENDS`. As the name indicates,
-      think of this variable as a custom root (``/``) for the recipe that will be
+      think of this variable as a custom root (``/``) for the recipe, that will be
      used by the compiler in order to find headers and other files needed to complete
      its job.

-      This variable is related to :term:`STAGING_DIR_HOST` or :term:`STAGING_DIR_TARGET`
+      This variable is used to define :term:`STAGING_DIR_HOST` or :term:`STAGING_DIR_TARGET`
      according to the type of the recipe and the build target.

      To better understand this variable, consider the following examples:
@@ -7431,11 +7466,11 @@ system and gives an overview of their function and contents.
      Do not modify it.

   :term:`RECIPE_SYSROOT_NATIVE`
-      This is similar to :term:`RECIPE_SYSROOT` but the populated files are from
-      ``-native`` recipes. This allows a recipe built for the target machine to
-      use ``native`` tools.
+      This is similar to :term:`RECIPE_SYSROOT` but files in it are provided by
+      native recipes. This allows a recipe built for the target machine to
+      use native tools.

-      This variable is related to :term:`STAGING_DIR_NATIVE`.
+      This variable is used to define :term:`STAGING_DIR_NATIVE`.

      The default value is ``"${WORKDIR}/recipe-sysroot-native"``.
      Do not modify it.
@@ -7505,6 +7540,12 @@ system and gives an overview of their function and contents.
      specifies a list of recipes whose work directories should not be removed.
      See the ":ref:`ref-classes-rm-work`" section for more details.

+   :term:`RM_WORK_EXCLUDE_ITEMS`
+      With :ref:`ref-classes-rm-work` enabled, this variable specifies
+      a list of files or folders --- relative to the recipe's :term:`WORKDIR` ---
+      to be preserved.
+      See the ":ref:`ref-classes-rm-work`" section for more details.
+
   :term:`ROOT_HOME`
      Defines the root home directory. By default, this directory is set as
      follows in the BitBake configuration file::
@@ -7696,7 +7737,9 @@ system and gives an overview of their function and contents.
   :term:`RSUGGESTS`
      A list of additional packages that you can suggest for installation
      by the package manager at the time a package is installed. Not all
-      package managers support this functionality.
+      package managers support this functionality. This feature takes effect
+      only when the package manager is being used to install packages on
+      the target system from a package feed.

      As with all package-controlling variables, you must always use this
      variable in conjunction with a package name override. Here is an
@@ -7704,6 +7747,10 @@ system and gives an overview of their function and contents.

         RSUGGESTS:${PN} = "useful_package another_package"

+      For more information on package management, see the
+      :ref:`dev-manual/packages:Using Runtime Package Management` section
+      of the Yocto Project Development Tasks Manual.
+
   :term:`RUST_CHANNEL`
      Specifies which version of Rust to build - "stable", "beta" or "nightly".
      The default value is "stable". Set this at your own risk, as values other
@@ -8869,8 +8916,7 @@ system and gives an overview of their function and contents.
      directory for the build host.

   :term:`STAGING_DIR`
-      Helps construct the ``recipe-sysroot*`` directories, which are used
-      during packaging.
+      Used for constructing directory trees used during staging.

      For information on how staging for recipe-specific sysroots occurs,
      see the :ref:`ref-tasks-populate_sysroot`
@@ -8890,31 +8936,31 @@ system and gives an overview of their function and contents.
         those files into the sysroot.

   :term:`STAGING_DIR_HOST`
-      Specifies the path to the sysroot directory for the system on which
-      the component is built to run (the system that hosts the component).
-      For most recipes, this sysroot is the one in which that recipe's
-      :ref:`ref-tasks-populate_sysroot` task copies
-      files. Exceptions include ``-native`` recipes, where the
-      :ref:`ref-tasks-populate_sysroot` task instead uses
-      :term:`STAGING_DIR_NATIVE`. Depending on
-      the type of recipe and the build target, :term:`STAGING_DIR_HOST` can
-      have the following values:
+      Specifies the path to the recipe's input sysroot directory, populated with files
+      for the system on which the component is built to run
+      (the system that hosts the component).
+      For most recipes, this sysroot is populated by their
+      :ref:`ref-tasks-populate_sysroot` task (when sharing files
+      between recipes). Exceptions include native recipes, for which the files from
+      :ref:`ref-tasks-populate_sysroot` task are instead copied to
+      :term:`STAGING_DIR_NATIVE`. Depending on the type of recipe and the build target,
+      :term:`STAGING_DIR_HOST` can have the following values:

      -  For recipes building for the target machine, the value is
-         "${:term:`STAGING_DIR`}/${:term:`MACHINE`}".
+         ``"${RECIPE_SYSROOT}"``, check :term:`RECIPE_SYSROOT`.

-      -  For native recipes building for the build host, the value is empty
-         given the assumption that when building for the build host, the
-         build host's own directories should be used.
+      -  For native recipes (building for the :term:`build host`), the value is empty
+         given the assumption that when building for the :term:`build host`, the
+         :term:`build host`'s own directories should be used.

         .. note::

-            ``-native`` recipes are not installed into host paths like such
-            as ``/usr``. Rather, these recipes are installed into
-            :term:`STAGING_DIR_NATIVE`. When compiling ``-native`` recipes,
+            Native recipe files are not installed into host paths such
+            as ``/usr``. Rather, such files are installed into
+            :term:`STAGING_DIR_NATIVE`. When compiling native recipes,
            standard build environment variables such as
            :term:`CPPFLAGS` and
-            :term:`CFLAGS` are set up so that both host paths
+            :term:`CFLAGS` are set up so that both :term:`build host`'s paths
            and :term:`STAGING_DIR_NATIVE` are searched for libraries and
            headers using, for example, GCC's ``-isystem`` option.

@@ -8922,16 +8968,15 @@ system and gives an overview of their function and contents.
            should be viewed as input variables by tasks such as
            :ref:`ref-tasks-configure`,
            :ref:`ref-tasks-compile`, and
-            :ref:`ref-tasks-install`. Having the real system
-            root correspond to :term:`STAGING_DIR_HOST` makes conceptual sense
-            for ``-native`` recipes, as they make use of host headers and
-            libraries.
-
-      Check :term:`RECIPE_SYSROOT` and :term:`RECIPE_SYSROOT_NATIVE`.
+            :ref:`ref-tasks-install`. Having the real system root
+            (the :term:`build host`'s root) play the role of :term:`STAGING_DIR_HOST`
+            makes conceptual sense for native recipes, as they make use
+            of the :term:`build host`'s headers and libraries.

   :term:`STAGING_DIR_NATIVE`
-      Specifies the path to the sysroot directory used when building
-      components that run on the build host itself.
+      Specifies the path to the recipe's input sysroot directory, populated with
+      files provided by native recipes (recipes building components that
+      run on the :term:`build host` itself).

      The default value is ``"${RECIPE_SYSROOT_NATIVE}"``,
      check :term:`RECIPE_SYSROOT_NATIVE`.
--- a/documentation/sdk-manual/appendix-customizing.rst
+++ b/documentation/sdk-manual/appendix-customizing.rst
@@ -147,7 +147,9 @@ from the :term:`DISTRO` variable.
 The
 :ref:`populate_sdk_base <ref-classes-populate-sdk-*>`
 class defines the default value of the :term:`SDK_TITLE` variable as
-follows::
+follows:
+
+.. code-block:: none

   SDK_TITLE ??= "${@d.getVar('DISTRO_NAME') or d.getVar('DISTRO')} SDK"

@@ -159,7 +161,9 @@ an example, assume you have your own layer for your distribution named
 does the default "poky" distribution. If so, you could update the
 :term:`SDK_TITLE` variable in the
 ``~/meta-mydistro/conf/distro/mydistro.conf`` file using the following
-form::
+form:
+
+.. code-block:: none

   SDK_TITLE = "your_title"

@@ -189,7 +193,9 @@ the installed SDKs to update the installed SDKs by using the
 #. Build the extensible SDK normally (i.e., use the
   ``bitbake -c populate_sdk_ext`` imagename command).

-#. Publish the SDK using the following command::
+#. Publish the SDK using the following command:
+
+   .. code-block:: console

      $ oe-publish-sdk some_path/sdk-installer.sh path_to_shared_http_directory

@@ -212,7 +218,9 @@ installation directory for the SDK is based on the
 :term:`SDKEXTPATH` variables from
 within the
 :ref:`populate_sdk_base <ref-classes-populate-sdk-*>`
-class as follows::
+class as follows:
+
+.. code-block:: none

   SDKEXTPATH ??= "~/${@d.getVar('DISTRO')}_sdk"

@@ -229,7 +237,9 @@ assume you have your own layer for your distribution named
 does the default "poky" distribution. If so, you could update the
 :term:`SDKEXTPATH` variable in the
 ``~/meta-mydistro/conf/distro/mydistro.conf`` file using the following
-form::
+form:
+
+.. code-block:: none

   SDKEXTPATH = "some_path_for_your_installed_sdk"

@@ -263,7 +273,9 @@ source, you need to do a number of things:

 #. Set the appropriate configuration so that the produced SDK knows how
   to find the configuration. The variable you need to set is
-   :term:`SSTATE_MIRRORS`::
+   :term:`SSTATE_MIRRORS`:
+
+   .. code-block:: none

      SSTATE_MIRRORS = "file://.* https://example.com/some_path/sstate-cache/PATH"

@@ -276,7 +288,9 @@ source, you need to do a number of things:
      side, and its contents will not interfere with the build), then
      you can set the variable in your ``local.conf`` or custom distro
      configuration file. You can then pass the variable to the SDK by
-      adding the following::
+      adding the following:
+
+      .. code-block:: none

         ESDK_LOCALCONF_ALLOW = "SSTATE_MIRRORS"

@@ -299,7 +313,9 @@ everything needed to reconstruct the image for which the SDK was built.
 This bundling can lead to an SDK installer file that is a Gigabyte or
 more in size. If the size of this file causes a problem, you can build
 an SDK that has just enough in it to install and provide access to the
-``devtool command`` by setting the following in your configuration::
+``devtool command`` by setting the following in your configuration:
+
+.. code-block:: none

   SDK_EXT_TYPE = "minimal"

@@ -321,7 +337,9 @@ information enables the ``devtool search`` command to return useful
 results.

 To facilitate this wider range of information, you would need to set the
-following::
+following:
+
+.. code-block:: none

   SDK_INCLUDE_PKGDATA = "1"

--- a/documentation/sdk-manual/appendix-obtain.rst
+++ b/documentation/sdk-manual/appendix-obtain.rst
@@ -40,15 +40,20 @@ Follow these steps to locate and hand-install the toolchain:
   hardware, and image type.

   The installer files (``*.sh``) follow this naming convention:
-   ``poky-glibc-host_system-core-image-type-arch-toolchain[-ext]-release.sh``:

-   -  ``host_system``: string representing your development system: ``i686`` or ``x86_64``
+   .. parsed-literal::

-   -  ``type``: string representing the image: ``sato`` or ``minimal``
+      poky-glibc-*host_system*-core-image-*type*-*arch*-toolchain[-ext]-*release*.sh

-   -  ``arch``: string representing the target architecture such as ``cortexa57-qemuarm64``
+   With:

-   -  ``release``: version of the Yocto Project.
+   -  *host_system*: string representing your development system: ``i686`` or ``x86_64``
+
+   -  *type*: string representing the image: ``sato`` or ``minimal``
+
+   -  *arch*: string representing the target architecture such as ``cortexa57-qemuarm64``
+
+   -  *release*: version of the Yocto Project.

   .. note::
      The standard SDK installer does not have the ``-ext`` string as
@@ -61,13 +66,17 @@ Follow these steps to locate and hand-install the toolchain:

   For example, if your build host is a 64-bit x86 system and you need
   an extended SDK for a 64-bit core2 QEMU target, go into the ``x86_64``
-   folder and download the following installer::
+   folder and download the following installer:
+
+   .. code-block:: text

      poky-glibc-x86_64-core-image-sato-core2-64-qemux86-64-toolchain-&DISTRO;.sh

 #. *Run the Installer:* Be sure you have execution privileges and run
   the installer. Here is an example from the ``Downloads``
-   directory::
+   directory:
+
+   .. code-block:: console

      $ ~/Downloads/poky-glibc-x86_64-core-image-sato-core2-64-qemux86-64-toolchain-&DISTRO;.sh

@@ -104,7 +113,9 @@ build the SDK installer. Follow these steps:
   the Source Directory (i.e. ``poky``), run the
   :ref:`structure-core-script` environment
   setup script to define the OpenEmbedded build environment on your
-   build host::
+   build host:
+
+   .. code-block:: console

      $ source oe-init-build-env

@@ -130,7 +141,9 @@ build the SDK installer. Follow these steps:
      :term:`SDKMACHINE` value must be set for the architecture of the
      machine you are using to build the installer. If :term:`SDKMACHINE`
      is not set appropriately, the build fails and provides an error
-      message similar to the following::
+      message similar to the following:
+
+      .. code-block:: text

         The extensible SDK can currently only be built for the same
         architecture as the machine being built on - SDK_ARCH
@@ -141,11 +154,15 @@ build the SDK installer. Follow these steps:

 #. *Build the SDK Installer:* To build the SDK installer for a standard
   SDK and populate the SDK image, use the following command form. Be
-   sure to replace ``image`` with an image (e.g. "core-image-sato")::
+   sure to replace ``image`` with an image (e.g. "core-image-sato"):
+
+   .. code-block:: console

      $ bitbake image -c populate_sdk

-   You can do the same for the extensible SDK using this command form::
+   You can do the same for the extensible SDK using this command form:
+
+   .. code-block:: console

      $ bitbake image -c populate_sdk_ext

@@ -170,7 +187,9 @@ build the SDK installer. Follow these steps:
         libc-staticdev"

 #. *Run the Installer:* You can now run the SDK installer from
-   ``tmp/deploy/sdk`` in the :term:`Build Directory`. Here is an example::
+   ``tmp/deploy/sdk`` in the :term:`Build Directory`. Here is an example:
+
+   .. code-block:: console

      $ cd poky/build/tmp/deploy/sdk
      $ ./poky-glibc-x86_64-core-image-sato-core2-64-toolchain-ext-&DISTRO;.sh
@@ -209,14 +228,19 @@ Follow these steps to extract the root filesystem:
   also contain flattened root filesystem image files (``*.ext4``),
   which you can use with QEMU directly.

-   The pre-built root filesystem image files follow the
-   ``core-image-profile-machine.tar.bz2`` naming convention:
+   The pre-built root filesystem image files follow this naming convention:

-   -  ``profile``: filesystem image's profile, such as ``minimal``,
+   .. parsed-literal::
+
+      core-image-*profile*-*machine*.tar.bz2
+
+   With:
+
+   -  *profile*: filesystem image's profile, such as ``minimal``,
      ``minimal-dev`` or ``sato``. For information on these types of image
      profiles, see the "Images" chapter in the Yocto Project Reference Manual.

-   -  ``machine``:  same string as the name of the parent download directory.
+   -  *machine*:  same string as the name of the parent download directory.

   The root filesystems
   provided by the Yocto Project are based off of the
@@ -224,7 +248,9 @@ Follow these steps to extract the root filesystem:

   For example, if you plan on using a BeagleBone device as your target
   hardware and your image is a ``core-image-sato-sdk`` image, you can
-   download the following file::
+   download the following file:
+
+   .. code-block:: text

      core-image-sato-sdk-beaglebone-yocto.tar.bz2

@@ -236,7 +262,9 @@ Follow these steps to extract the root filesystem:
   installed the toolchain (e.g. ``poky_sdk``).

   Here is an example based on the toolchain installed in the
-   ":ref:`sdk-manual/appendix-obtain:locating pre-built sdk installers`" section::
+   ":ref:`sdk-manual/appendix-obtain:locating pre-built sdk installers`" section:
+
+   .. code-block:: console

      $ source poky_sdk/environment-setup-core2-64-poky-linux

@@ -247,7 +275,9 @@ Follow these steps to extract the root filesystem:
   from a previously built root filesystem image that was downloaded
   from the :yocto_dl:`Index of Releases </releases/yocto/&DISTRO_REL_LATEST_TAG;/machines/>`.
   This command extracts the root filesystem into the ``core2-64-sato``
-   directory::
+   directory:
+
+   .. code-block:: console

      $ runqemu-extract-sdk ~/Downloads/core-image-sato-sdk-beaglebone-yocto.tar.bz2 ~/beaglebone-sato

@@ -256,24 +286,52 @@ Follow these steps to extract the root filesystem:
 Installed Standard SDK Directory Structure
 ==========================================

-The following figure shows the resulting directory structure after you
-install the Standard SDK by running the ``*.sh`` SDK installation
-script:
+After you install the Standard SDK by running the ``*.sh`` SDK installation
+script, the following directory structure should be observed:

-.. image:: figures/sdk-installed-standard-sdk-directory.png
-   :scale: 100%
+.. parsed-literal::
+
+   *install_dir*/*version*/
+   ├── buildinfo
+   ├── environment-setup-*target*-poky-linux
+   ├── site-config-*target*-poky-linux
+   ├── sysroots/
+   │   ├── *target*-poky-linux/
+   │   │   ├── bin/
+   │   │   ├── boot/
+   │   │   ├── etc/
+   │   │   ├── home/
+   │   │   ├── lib/
+   │   │   ├── media/
+   │   │   ├── mnt/
+   │   │   ├── proc/
+   │   │   ├── run/
+   │   │   ├── sbin/
+   │   │   ├── sys/
+   │   │   ├── tmp/
+   │   │   ├── usr/
+   │   │   └── var/
+   │   └── *host*-pokysdk-linux/
+   │       ├── bin/
+   │       ├── environment-setup.d/
+   │       ├── etc/
+   │       ├── lib/
+   │       ├── sbin/
+   │       ├── usr/
+   │       └── var/
+   └── version-*target*-poky-linux

 The installed SDK consists of an environment setup script for the SDK, a
 configuration file for the target, a version file for the target, and
 the root filesystem (``sysroots``) needed to develop objects for the
 target system.

-Within the figure, italicized text is used to indicate replaceable
-portions of the file or directory name. For example, install_dir/version
-is the directory where the SDK is installed. By default, this directory
-is ``/opt/poky/``. And, version represents the specific snapshot of the
-SDK (e.g. &DISTRO;). Furthermore, target represents the target architecture
-(e.g. ``i586``) and host represents the development system's
+In the layout above, italicized text is used to indicate replaceable
+portions of the file or directory name. For example, *install_dir*/*version*
+is the directory where the SDK is installed. By default, *install_dir*
+is ``/opt/poky/``. And, *version* represents the specific snapshot of the
+SDK (e.g. &DISTRO;). Furthermore, *target* represents the target architecture
+(e.g. ``i586``) and *host* represents the development system's
 architecture (e.g. ``x86_64``). Thus, the complete names of the two
 directories within the ``sysroots`` could be ``i586-poky-linux`` and
 ``x86_64-pokysdk-linux`` for the target and host, respectively.
@@ -281,13 +339,29 @@ directories within the ``sysroots`` could be ``i586-poky-linux`` and
 Installed Extensible SDK Directory Structure
 ============================================

-The following figure shows the resulting directory structure after you
-install the Extensible SDK by running the ``*.sh`` SDK installation
-script:
+After you install the Extensible SDK by running the ``*.sh`` SDK installation
+script, the following directory structure should be observed:

-.. image:: figures/sdk-installed-extensible-sdk-directory.png
-   :scale: 80%
-   :align: center
+.. parsed-literal::
+
+   *install_dir*/
+   ├── bitbake-cookerdaemon.log
+   ├── buildinfo
+   ├── buildtools/
+   ├── cache/
+   ├── conf/
+   ├── .devtoolbase
+   ├── downloads/
+   ├── environment-setup-*target*-poky-linux
+   ├── layers/
+   ├── oe-time-dd-test.dat
+   ├── preparing_system_build.log
+   ├── site-config-*target*-poky-linux
+   ├── sstate-cache/
+   ├── sysroots/
+   ├── tmp/
+   ├── version-*target*-poky-linux
+   └── workspace/

 The installed directory structure for the extensible SDK is quite
 different than the installed structure for the standard SDK. The
@@ -300,7 +374,7 @@ the SDK, a configuration file for the target, a version file for the
 target, and log files for the OpenEmbedded build system preparation
 script run by the installer and BitBake.

-Within the figure, italicized text is used to indicate replaceable
-portions of the file or directory name. For example, install_dir is the
-directory where the SDK is installed, which is ``poky_sdk`` by default,
-and target represents the target architecture (e.g. ``i586``).
+In the layout above, italicized text is used to indicate replaceable
+portions of the file or directory name. For example, *install_dir* is the
+directory where the SDK is installed, which is by default ``poky_sdk`` in your
+home directory and *target* represents the target architecture (e.g. ``i586``).
--- a/documentation/sdk-manual/extensible.rst
+++ b/documentation/sdk-manual/extensible.rst
@@ -71,7 +71,9 @@ Setting up the Extensible SDK environment directly in a Yocto build
 #. Set up all the needed layers and a Yocto :term:`Build Directory`, e.g. a regular Yocto
   build where ``bitbake`` can be executed.

-#. Run::
+#. Run:
+
+.. code-block:: console

      $ bitbake meta-ide-support
      $ bitbake -c populate_sysroot gtk+3
@@ -98,30 +100,27 @@ The names of the tarball installer scripts are such that a string
 representing the host system appears first in the filename and then is
 immediately followed by a string representing the target architecture.
 An extensible SDK has the string "-ext" as part of the name. Following
-is the general form::
+is the general form:

-   poky-glibc-host_system-image_type-arch-toolchain-ext-release_version.sh
+.. parsed-literal::

-   Where:
-       host_system is a string representing your development system:
+   poky-glibc-*host_system*-*image_type*-*arch*-toolchain-ext-*release_version*.sh

-                  i686 or x86_64.
+Where:

-       image_type is the image for which the SDK was built:
+-  *host_system* is a string representing your development system: ``i686`` or ``x86_64``.

-                  core-image-sato or core-image-minimal
+-  *image_type* is the image for which the SDK was built: ``core-image-sato`` or ``core-image-minimal``.

-       arch is a string representing the tuned target architecture:
+-  *arch* is a string representing the tuned target architecture: ``aarch64``, ``armv5e``, ``core2-64``, ``i586``, ``mips32r2``, ``mips64``, ``ppc7400``, or ``cortexa8hf-neon``.

-                  aarch64, armv5e, core2-64, i586, mips32r2, mips64, ppc7400, or cortexa8hf-neon
-
-       release_version is a string representing the release number of the Yocto Project:
-
-                  &DISTRO;, &DISTRO;+snapshot
+-  *release_version* is a string representing the release number of the Yocto Project: ``&DISTRO;``, ``&DISTRO;+snapshot``.

 For example, the following SDK installer is for a 64-bit
 development host system and a i586-tuned target architecture based off
-the SDK for ``core-image-sato`` and using the current &DISTRO; snapshot::
+the SDK for ``core-image-sato`` and using the current &DISTRO; snapshot:
+
+.. code-block:: text

   poky-glibc-x86_64-core-image-sato-i586-toolchain-ext-&DISTRO;.sh

@@ -142,7 +141,9 @@ must be writable for whichever users need to use the SDK.
 The following command shows how to run the installer given a toolchain
 tarball for a 64-bit x86 development host system and a 64-bit x86 target
 architecture. The example assumes the SDK installer is located in
-``~/Downloads/`` and has execution rights::
+``~/Downloads/`` and has execution rights:
+
+.. code-block:: console

   $ ./Downloads/poky-glibc-x86_64-core-image-minimal-core2-64-toolchain-ext-2.5.sh
   Poky (Yocto Project Reference Distro) Extensible SDK installer version 2.5
@@ -192,7 +193,9 @@ begin with the string "``environment-setup``" and include as part of
 their name the tuned target architecture. As an example, the following
 commands set the working directory to where the SDK was installed and
 then source the environment setup script. In this example, the setup
-script is for an IA-based target machine using i586 tuning::
+script is for an IA-based target machine using i586 tuning:
+
+.. code-block:: console

   $ cd /home/scottrif/poky_sdk
   $ source environment-setup-core2-64-poky-linux
@@ -200,7 +203,9 @@ script is for an IA-based target machine using i586 tuning::
   Run devtool --help for further details.

 When using the environment script directly in a Yocto build, it can
-be run similarly::
+be run similarly:
+
+.. code-block:: console

   $ source tmp/deploy/images/qemux86-64/environment-setup-core2-64-poky-linux

@@ -1585,7 +1590,9 @@ populated on-demand. Sometimes you must explicitly install extra items
 into the SDK. If you need these extra items, you can first search for
 the items using the ``devtool search`` command. For example, suppose you
 need to link to libGL but you are not sure which recipe provides libGL.
-You can use the following command to find out::
+You can use the following command to find out:
+
+.. code-block:: console

   $ devtool search libGL mesa
   A free implementation of the OpenGL API
@@ -1598,7 +1605,9 @@ When using the extensible SDK directly in a Yocto build

 In this scenario, the Yocto build tooling, e.g. ``bitbake``
 is directly accessible to build additional items, and it
-can simply be executed directly::
+can simply be executed directly:
+
+.. code-block:: console

   $ bitbake curl-native
   # Add newly built native items to native sysroot
@@ -1610,14 +1619,16 @@ can simply be executed directly::
 When using a standalone installer for the Extensible SDK
 --------------------------------------------------------

-::
+.. code-block:: console

   $ devtool sdk-install mesa

 By default, the ``devtool sdk-install`` command assumes
 the item is available in pre-built form from your SDK provider. If the
 item is not available and it is acceptable to build the item from
-source, you can add the "-s" option as follows::
+source, you can add the "-s" option as follows:
+
+.. code-block:: console

   $ devtool sdk-install -s mesa

@@ -1633,7 +1644,9 @@ If you are working with an installed extensible SDK that gets
 occasionally updated (e.g. a third-party SDK), then you will need to
 manually "pull down" the updates into the installed SDK.

-To update your installed SDK, use ``devtool`` as follows::
+To update your installed SDK, use ``devtool`` as follows:
+
+.. code-block:: console

   $ devtool sdk-update

@@ -1641,7 +1654,9 @@ The previous command assumes your SDK provider has set the default update URL
 for you through the :term:`SDK_UPDATE_URL` variable as described in the
 ":ref:`sdk-manual/appendix-customizing:Providing Updates to the Extensible SDK After Installation`"
 section. If the SDK provider has not set that default URL, you need to
-specify it yourself in the command as follows::
+specify it yourself in the command as follows:
+
+.. code-block:: console

   $ devtool sdk-update path_to_update_directory

--- a/documentation/sdk-manual/figures/sdk-environment.png
+++ b/documentation/sdk-manual/figures/sdk-environment.png
--- a/documentation/sdk-manual/figures/sdk-installed-extensible-sdk-directory.png
+++ b/documentation/sdk-manual/figures/sdk-installed-extensible-sdk-directory.png
--- a/documentation/sdk-manual/figures/sdk-installed-standard-sdk-directory.png
+++ b/documentation/sdk-manual/figures/sdk-installed-standard-sdk-directory.png
--- a/documentation/sdk-manual/figures/sdk-title.png
+++ b/documentation/sdk-manual/figures/sdk-title.png
--- a/documentation/sdk-manual/intro.rst
+++ b/documentation/sdk-manual/intro.rst
@@ -148,7 +148,7 @@ SDK Development Model

 Fundamentally, the SDK fits into the development process as follows:

-.. image:: figures/sdk-environment.png
+.. image:: svg/sdk-environment.*
   :width: 100%

 The SDK is installed on any machine and can be used to develop applications,
--- a/documentation/sdk-manual/svg/sdk-environment.svg
+++ b/documentation/sdk-manual/svg/sdk-environment.svg
@@ -0,0 +1,463 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="152.07843mm"
+   height="104.79381mm"
+   viewBox="0 0 152.07843 104.79381"
+   version="1.1"
+   id="svg1"
+   xml:space="preserve"
+   inkscape:version="1.4.3 (0d15f75042, 2025-12-25)"
+   sodipodi:docname="sdk-environment.svg"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     inkscape:zoom="1.7923962"
+     inkscape:cx="323.86813"
+     inkscape:cy="222.32808"
+     inkscape:window-width="2560"
+     inkscape:window-height="1440"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="0"
+     inkscape:current-layer="layer2" /><defs
+     id="defs1"><marker
+       style="overflow:visible"
+       id="marker27"
+       refX="0"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="1.5"
+       markerHeight="1"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="none"><path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path27" /></marker><marker
+       style="overflow:visible"
+       id="marker24"
+       refX="0"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="1.5"
+       markerHeight="1"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="none"><path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path24" /></marker><marker
+       style="overflow:visible"
+       id="Triangle"
+       refX="-1"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="0.25"
+       markerHeight="0.44999999"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="none"
+       markerUnits="strokeWidth"><path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path135" /></marker></defs><g
+     inkscape:groupmode="layer"
+     id="layer2"
+     inkscape:label="Layer 2"
+     style="display:inline"
+     transform="translate(-15.261151,-139.49913)"><g
+       id="g5"
+       inkscape:label="yp-machine"><rect
+         style="display:inline;fill:#7399cb;fill-opacity:1;stroke:#4d6fad;stroke-width:0.4;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect1"
+         width="79.70993"
+         height="38.067791"
+         x="15.552484"
+         y="150.90607"
+         inkscape:label="yp-machine-rect" /><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.153561"
+         y="161.57883"
+         id="text3"
+         inkscape:label="yp-machine-rect-hosts-yp-text"><tspan
+           sodipodi:role="line"
+           id="tspan3"
+           style="stroke-width:0"
+           x="19.153561"
+           y="161.57883">Hosts Yocto Project</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.240089"
+         y="166.77032"
+         id="text3-0"
+         inkscape:label="yp-machine-rect-host-sdk-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5"
+           style="stroke-width:0"
+           x="19.240089"
+           y="166.77032">Can Host an SDK</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.36305"
+         y="171.6631"
+         id="text3-0-3"
+         inkscape:label="yp-machine-rect-build-sdk-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3"
+           style="stroke-width:0"
+           x="19.36305"
+           y="171.6631">Can Build an SDK</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.291393"
+         y="176.81357"
+         id="text3-0-3-3"
+         inkscape:label="yp-machine-rect-build-img-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3-4"
+           style="stroke-width:0"
+           x="19.291393"
+           y="176.81357">Can Build an Image</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.267235"
+         y="181.81523"
+         id="text3-0-3-3-8"
+         inkscape:label="yp-machine-rect-build-app-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3-4-1"
+           style="stroke-width:0"
+           x="19.267235"
+           y="181.81523">Can Build an Application</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.93636px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#4d6fad;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="15.660255"
+         y="155.1917"
+         id="text2"
+         inkscape:label="yp-machine-text"
+         transform="scale(1.0510998,0.95138443)"><tspan
+           id="tspan2"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.93636px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#000000;stroke:#000000;stroke-width:0;stroke-dasharray:none;stroke-opacity:1"
+           x="15.660255"
+           y="155.1917"
+           sodipodi:role="line">Yocto Project Machine</tspan></text></g><g
+       id="g7"
+       inkscape:label="target-hw"><rect
+         style="display:inline;fill:#ff8e98;fill-opacity:1;stroke:#4d6fad;stroke-width:0.4;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect5"
+         width="54.540253"
+         height="21.210974"
+         x="15.461151"
+         y="222.88196"
+         inkscape:label="target-hw-rect" /><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.230175"
+         y="229.96002"
+         id="text3-0-3-3-8-6"
+         inkscape:label="target-hw-rect-boot-run-app-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3-4-1-7"
+           style="stroke-width:0"
+           x="19.230175"
+           y="229.96002">Boots and Runs Images</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.216074"
+         y="235.00998"
+         id="text3-0-3-3-8-6-3"
+         inkscape:label="target-hw-rect-rt-debug-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3-4-1-7-7"
+           style="stroke-width:0"
+           x="19.216074"
+           y="235.00998">Real Time Debugging</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="19.318588"
+         y="239.95505"
+         id="text3-0-3-3-8-6-3-1"
+         inkscape:label="target-hw-rect-run-apps-text"><tspan
+           sodipodi:role="line"
+           id="tspan3-5-3-4-1-7-7-0"
+           style="stroke-width:0"
+           x="19.318588"
+           y="239.95505">Runs Applications</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.85198px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="15.431406"
+         y="240.36668"
+         id="text5"
+         transform="scale(1.0919034,0.9158319)"
+         inkscape:label="target-hw-text"><tspan
+           sodipodi:role="line"
+           id="tspan5"
+           style="stroke-width:0"
+           x="15.431406"
+           y="240.36668">Target Hardware</tspan></text></g><g
+       id="g22"
+       inkscape:label="sdk-machine-bot"
+       transform="translate(-0.02339256,71.952437)"
+       style="display:inline"><rect
+         style="display:inline;opacity:1;fill:#bcff75;fill-opacity:1;stroke:#4d6fad;stroke-width:0.4;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect18"
+         width="35.780399"
+         height="24.143047"
+         x="131.34613"
+         y="144.82916"
+         inkscape:label="sdk-machine-rect" /><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.18832"
+         y="163.78954"
+         id="text19"
+         inkscape:label="sdk-machine-rect-host-sdk-text"><tspan
+           sodipodi:role="line"
+           id="tspan19"
+           style="stroke-width:0"
+           x="135.18832"
+           y="163.78954">Hosts an SDK</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.28667"
+         y="158.73506"
+         id="text20"
+         inkscape:label="sdk-machine-rect-dbg-text"><tspan
+           sodipodi:role="line"
+           id="tspan20"
+           style="stroke-width:0"
+           x="135.28667"
+           y="158.73506">Debug Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.0829"
+         y="153.75328"
+         id="text21"
+         inkscape:label="sdk-machine-rect-compile-text"><tspan
+           sodipodi:role="line"
+           id="tspan21"
+           style="stroke-width:0"
+           x="135.0829"
+           y="153.75328">Compile Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.8036px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="123.12138"
+         y="153.16264"
+         id="text22"
+         transform="scale(1.0781897,0.92748058)"
+         inkscape:label="sdk-machine-text"><tspan
+           sodipodi:role="line"
+           id="tspan22"
+           style="stroke-width:0"
+           x="123.12138"
+           y="153.16264">SDK Machine</tspan></text></g><g
+       id="g11"
+       inkscape:label="sdk-machine-mid"
+       transform="translate(0.01304739,36.040971)"
+       style="display:inline"><rect
+         style="display:inline;opacity:1;fill:#bcff75;fill-opacity:1;stroke:#4d6fad;stroke-width:0.4;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect8"
+         width="35.780399"
+         height="24.143047"
+         x="131.34613"
+         y="144.82916"
+         inkscape:label="sdk-machine-rect" /><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.18832"
+         y="163.78954"
+         id="text8"
+         inkscape:label="sdk-machine-rect-host-sdk-text"><tspan
+           sodipodi:role="line"
+           id="tspan8"
+           style="stroke-width:0"
+           x="135.18832"
+           y="163.78954">Hosts an SDK</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.28667"
+         y="158.73506"
+         id="text9"
+         inkscape:label="sdk-machine-rect-dbg-text"><tspan
+           sodipodi:role="line"
+           id="tspan9"
+           style="stroke-width:0"
+           x="135.28667"
+           y="158.73506">Debug Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.0829"
+         y="153.75328"
+         id="text10"
+         inkscape:label="sdk-machine-rect-compile-text"><tspan
+           sodipodi:role="line"
+           id="tspan10"
+           style="stroke-width:0"
+           x="135.0829"
+           y="153.75328">Compile Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.8036px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="123.12138"
+         y="153.16264"
+         id="text11"
+         transform="scale(1.0781897,0.92748058)"
+         inkscape:label="sdk-machine-text"><tspan
+           sodipodi:role="line"
+           id="tspan11"
+           style="stroke-width:0"
+           x="123.12138"
+           y="153.16264">SDK Machine</tspan></text></g><g
+       id="g18"
+       inkscape:label="sdk-machine-top"
+       style="display:inline"><rect
+         style="display:inline;opacity:1;fill:#bcff75;fill-opacity:1;stroke:#4d6fad;stroke-width:0.4;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         id="rect15"
+         width="35.780399"
+         height="24.143047"
+         x="131.34613"
+         y="144.82916"
+         inkscape:label="sdk-machine-rect" /><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.18832"
+         y="163.78954"
+         id="text15"
+         inkscape:label="sdk-machine-rect-host-sdk-text"><tspan
+           sodipodi:role="line"
+           id="tspan15"
+           style="stroke-width:0"
+           x="135.18832"
+           y="163.78954">Hosts an SDK</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.28667"
+         y="158.73506"
+         id="text16"
+         inkscape:label="sdk-machine-rect-dbg-text"><tspan
+           sodipodi:role="line"
+           id="tspan16"
+           style="stroke-width:0"
+           x="135.28667"
+           y="158.73506">Debug Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="135.0829"
+         y="153.75328"
+         id="text17"
+         inkscape:label="sdk-machine-rect-compile-text"><tspan
+           sodipodi:role="line"
+           id="tspan17"
+           style="stroke-width:0"
+           x="135.0829"
+           y="153.75328">Compile Code</tspan></text><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.8036px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="123.12138"
+         y="153.16264"
+         id="text18"
+         transform="scale(1.0781897,0.92748058)"
+         inkscape:label="sdk-machine-text"><tspan
+           sodipodi:role="line"
+           id="tspan18"
+           style="stroke-width:0"
+           x="123.12138"
+           y="153.16264">SDK Machine</tspan></text></g><g
+       id="g24"
+       inkscape:label="deploy"><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.52777px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="67.689835"
+         y="202.65199"
+         id="text4"
+         inkscape:label="deploy-text"><tspan
+           sodipodi:role="line"
+           id="tspan4"
+           style="stroke-width:0"
+           x="67.689835"
+           y="202.65199">Deploy</tspan></text><path
+         style="opacity:1;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:6;stroke-linecap:square;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#Triangle)"
+         d="m 61.112324,191.97241 -0.104376,23.8825"
+         id="path22"
+         sodipodi:nodetypes="cc"
+         inkscape:label="arrow-deploy" /></g><g
+       id="g27"
+       inkscape:label="objects-bot"
+       style="display:inline"><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.55315px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="112.58056"
+         y="228.37267"
+         id="text4-0-7-2"
+         inkscape:label="objects-text"
+         transform="scale(1.0071938,0.99285757)"><tspan
+           sodipodi:role="line"
+           id="tspan4-7-2-7"
+           style="stroke-width:0"
+           x="112.58056"
+           y="228.37267">Objects</tspan></text><path
+         style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.799999;stroke-linecap:square;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker27)"
+         d="m 130.78047,228.73371 -20.13864,0.0652 0.10438,-43.68265 -10.933713,-0.10439"
+         id="path26"
+         sodipodi:nodetypes="cccc"
+         inkscape:label="arrow" /></g><g
+       id="g26"
+       style="display:inline"
+       inkscape:label="objects-mid"><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.56577px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="104.3705"
+         y="170.58327"
+         id="text4-0-7"
+         inkscape:label="objects-text"
+         transform="scale(1.0107715,0.98934328)"><tspan
+           sodipodi:role="line"
+           id="tspan4-7-2"
+           style="stroke-width:0"
+           x="104.3705"
+           y="170.58327">Objects</tspan></text><path
+         style="display:inline;opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.8;stroke-linecap:square;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker24)"
+         d="m 130.9339,191.93551 -11.2556,-0.0369 0.18452,-21.88383 -20.038641,0.18453"
+         id="path25"
+         sodipodi:nodetypes="cccc"
+         inkscape:label="arrow" /></g><g
+       id="g25"
+       inkscape:label="objects-top"><text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.55676px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;writing-mode:lr-tb;direction:ltr;display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         x="104.78993"
+         y="157.1425"
+         id="text4-0"
+         inkscape:label="objects-text"
+         transform="scale(1.0082173,0.99184966)"><tspan
+           sodipodi:role="line"
+           id="tspan4-7"
+           style="stroke-width:0"
+           x="104.78993"
+           y="157.1425">Objects</tspan></text><path
+         style="opacity:1;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0.9;stroke-linecap:square;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker24)"
+         d="m 130.91375,157.65432 -30.64596,-0.24975"
+         id="path23"
+         sodipodi:nodetypes="cc"
+         inkscape:label="arrow" /></g></g></svg>
--- a/documentation/sdk-manual/using.rst
+++ b/documentation/sdk-manual/using.rst
@@ -52,32 +52,29 @@ libraries appropriate for developing against the corresponding image.

 The names of the tarball installer scripts are such that a string
 representing the host system appears first in the filename and then is
-immediately followed by a string representing the target architecture::
+immediately followed by a string representing the target architecture:

-   poky-glibc-host_system-image_type-arch-toolchain-release_version.sh
+.. parsed-literal::

-   Where:
-       host_system is a string representing your development system:
+   poky-glibc-*host_system*-*image_type*-*arch*-toolchain-*release_version*.sh

-                  i686 or x86_64.
+Where:

-       image_type is the image for which the SDK was built:
+-  *host_system* is a string representing your development system: ``i686`` or ``x86_64``.

-                  core-image-minimal or core-image-sato.
+-  *image_type* is the image for which the SDK was built: ``core-image-minimal`` or ``core-image-sato``.

-       arch is a string representing the tuned target architecture:
+-  *arch* is a string representing the tuned target architecture: ``aarch64``, ``armv5e``, ``core2-64``, ``i586``, ``mips32r2``, ``mips64``, ``ppc7400``, or ``cortexa8hf-neon``.

-                  aarch64, armv5e, core2-64, i586, mips32r2, mips64, ppc7400, or cortexa8hf-neon.
-
-       release_version is a string representing the release number of the Yocto Project:
-
-                  &DISTRO;, &DISTRO;+snapshot
+-  *release_version* is a string representing the release number of the Yocto Project: ``&DISTRO;``, ``&DISTRO;+snapshot``.

 For example, the following SDK installer is for a 64-bit
 development host system and a i586-tuned target architecture based off
-the SDK for ``core-image-sato`` and using the current DISTRO snapshot::
+the SDK for ``core-image-sato`` and the ``&DISTRO;`` release:

-   poky-glibc-x86_64-core-image-sato-i586-toolchain-DISTRO.sh
+.. code-block:: text
+
+   poky-glibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh

 .. note::

@@ -96,7 +93,9 @@ must be writable for whichever users need to use the SDK.
 The following command shows how to run the installer given a toolchain
 tarball for a 64-bit x86 development host system and a 64-bit x86 target
 architecture. The example assumes the SDK installer is located in
-``~/Downloads/`` and has execution rights::
+``~/Downloads/`` and has execution rights:
+
+.. code-block:: console

   $ ./Downloads/poky-glibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh
   Poky (Yocto Project Reference Distro) SDK installer version &DISTRO;
@@ -136,7 +135,9 @@ begin with the string "``environment-setup``" and include as part of
 their name the tuned target architecture. As an example, the following
 commands set the working directory to where the SDK was installed and
 then source the environment setup script. In this example, the setup
-script is for an IA-based target machine using i586 tuning::
+script is for an IA-based target machine using i586 tuning:
+
+.. code-block:: console

   $ source /opt/poky/&DISTRO;/environment-setup-i586-poky-linux

--- a/documentation/sdk-manual/working-projects.rst
+++ b/documentation/sdk-manual/working-projects.rst
@@ -33,7 +33,9 @@ project:

 #. *Create a Working Directory and Populate It:* Create a clean
   directory for your project and then make that directory your working
-   location::
+   location:
+
+   .. code-block:: console

      $ mkdir $HOME/helloworld
      $ cd $HOME/helloworld
@@ -45,14 +47,18 @@ project:
   respectively.

   Use the following command to create an empty README file, which is
-   required by GNU Coding Standards::
+   required by GNU Coding Standards:
+
+   .. code-block:: console

      $ touch README

   Create the remaining
   three files as follows:

-   -  ``hello.c``::
+   -  ``hello.c``:
+
+      .. code-block:: c

         #include <stdio.h>

@@ -62,7 +68,9 @@ project:
                 return 0;
             }

-   -  ``configure.ac``::
+   -  ``configure.ac``:
+
+      .. code-block:: none

         AC_INIT(hello,0.1)
         AM_INIT_AUTOMAKE([foreign])
@@ -70,7 +78,9 @@ project:
         AC_CONFIG_FILES(Makefile)
         AC_OUTPUT

-   -  ``Makefile.am``::
+   -  ``Makefile.am``:
+
+      .. code-block:: none

         bin_PROGRAMS = hello
         hello_SOURCES = hello.c
@@ -84,17 +94,23 @@ project:
   which is followed by the string "poky-linux". For this example, the
   command sources a script from the default SDK installation directory
   that uses the 32-bit Intel x86 Architecture and the &DISTRO; Yocto
-   Project release::
+   Project release:
+
+   .. code-block:: console

      $ source /opt/poky/&DISTRO;/environment-setup-i586-poky-linux

   Another example is sourcing the environment setup directly in a Yocto
-   build::
+   build:
+
+   .. code-block:: console

      $ source tmp/deploy/images/qemux86-64/environment-setup-core2-64-poky-linux

 #. *Create the configure Script:* Use the ``autoreconf`` command to
-   generate the ``configure`` script::
+   generate the ``configure`` script:
+
+   .. code-block:: console

      $ autoreconf

@@ -113,7 +129,9 @@ project:
   the cross-compiler. The
   :term:`CONFIGURE_FLAGS`
   environment variable provides the minimal arguments for GNU
-   configure::
+   configure:
+
+   .. code-block:: console

      $ ./configure ${CONFIGURE_FLAGS}

@@ -126,12 +144,16 @@ project:
   ``armv5te-poky-linux-gnueabi``. You will notice that the name of the
   script is ``environment-setup-armv5te-poky-linux-gnueabi``. Thus, the
   following command works to update your project and rebuild it using
-   the appropriate cross-toolchain tools::
+   the appropriate cross-toolchain tools:
+
+   .. code-block:: console

     $ ./configure --host=armv5te-poky-linux-gnueabi --with-libtool-sysroot=sysroot_dir

 #. *Make and Install the Project:* These two commands generate and
-   install the project into the destination directory::
+   install the project into the destination directory:
+
+   .. code-block:: console

      $ make
      $ make install DESTDIR=./tmp
@@ -146,13 +168,17 @@ project:
   This next command is a simple way to verify the installation of your
   project. Running the command prints the architecture on which the
   binary file can run. This architecture should be the same
-   architecture that the installed cross-toolchain supports::
+   architecture that the installed cross-toolchain supports:
+
+   .. code-block:: console

      $ file ./tmp/usr/local/bin/hello

 #. *Execute Your Project:* To execute the project, you would need to run
   it on your target hardware. If your target hardware happens to be
-   your build host, you could run the project as follows::
+   your build host, you could run the project as follows:
+
+   .. code-block:: console

      $ ./tmp/usr/local/bin/hello

@@ -198,7 +224,9 @@ regarding variable behavior:
 .. note::

   Regardless of how you set your variables, if you use the "-e" option
-   with ``make``, the variables from the SDK setup script take precedence::
+   with ``make``, the variables from the SDK setup script take precedence:
+
+   .. code-block:: console

      $ make -e target

@@ -209,7 +237,9 @@ demonstrates these variable behaviors.
 In a new shell environment variables are not established for the SDK
 until you run the setup script. For example, the following commands show
 a null value for the compiler variable (i.e.
-:term:`CC`)::
+:term:`CC`):
+
+.. code-block:: console

   $ echo ${CC}

@@ -219,7 +249,9 @@ Running the
 SDK setup script for a 64-bit build host and an i586-tuned target
 architecture for a ``core-image-sato`` image using the current &DISTRO;
 Yocto Project release and then echoing that variable shows the value
-established through the script::
+established through the script:
+
+.. code-block:: console

   $ source /opt/poky/&DISTRO;/environment-setup-i586-poky-linux
   $ echo ${CC}
@@ -230,7 +262,9 @@ example:

 #. *Create a Working Directory and Populate It:* Create a clean
   directory for your project and then make that directory your working
-   location::
+   location:
+
+   .. code-block:: console

      $ mkdir $HOME/helloworld
      $ cd $HOME/helloworld
@@ -243,7 +277,9 @@ example:

   Create the three files as follows:

-   -  ``main.c``::
+   -  ``main.c``:
+
+      .. code-block:: c

         #include "module.h"
         void sample_func();
@@ -253,12 +289,16 @@ example:
             return 0;
         }

-   -  ``module.h``::
+   -  ``module.h``:
+
+      .. code-block:: c

         #include <stdio.h>
         void sample_func();

-   -  ``module.c``::
+   -  ``module.c``:
+
+      .. code-block:: c

         #include "module.h"
         void sample_func()
@@ -276,12 +316,16 @@ example:
   which is followed by the string "poky-linux". For this example, the
   command sources a script from the default SDK installation directory
   that uses the 32-bit Intel x86 Architecture and the &DISTRO_NAME; Yocto
-   Project release::
+   Project release:
+
+   .. code-block:: console

      $ source /opt/poky/&DISTRO;/environment-setup-i586-poky-linux

   Another example is sourcing the environment setup directly in a Yocto
-   build::
+   build:
+
+   .. code-block:: console

      $ source tmp/deploy/images/qemux86-64/environment-setup-core2-64-poky-linux

@@ -289,7 +333,9 @@ example:
   two lines that can be used to set the :term:`CC` variable. One line is
   identical to the value that is set when you run the SDK environment
   setup script, and the other line sets :term:`CC` to "gcc", the default
-   GNU compiler on the build host::
+   GNU compiler on the build host:
+
+   .. code-block:: Makefile

      # CC=i586-poky-linux-gcc -m32 -march=i586 --sysroot=/opt/poky/2.5/sysroots/i586-poky-linux
      # CC="gcc"
@@ -306,7 +352,9 @@ example:
 #. *Make the Project:* Use the ``make`` command to create the binary
   output file. Because variables are commented out in the Makefile, the
   value used for :term:`CC` is the value set when the SDK environment setup
-   file was run::
+   file was run:
+
+   .. code-block:: console

      $ make
      i586-poky-linux-gcc -m32 -march=i586 --sysroot=/opt/poky/2.5/sysroots/i586-poky-linux -I . -c main.c
@@ -319,7 +367,9 @@ example:

   You can override the :term:`CC` environment variable with the same
   variable as set from the Makefile by uncommenting the line in the
-   Makefile and running ``make`` again::
+   Makefile and running ``make`` again:
+
+   .. code-block:: console

      $ make clean
      rm -rf *.o
@@ -340,7 +390,9 @@ example:
   variable as part of the command line. Go into the Makefile and
   re-insert the comment character so that running ``make`` uses the
   established SDK compiler. However, when you run ``make``, use a
-   command-line argument to set :term:`CC` to "gcc"::
+   command-line argument to set :term:`CC` to "gcc":
+
+   .. code-block:: console

      $ make clean
      rm -rf *.o
@@ -364,7 +416,9 @@ example:
   environment variable.

   In this last case, edit Makefile again to use the "gcc" compiler but
-   then use the "-e" option on the ``make`` command line::
+   then use the "-e" option on the ``make`` command line:
+
+   .. code-block:: console

      $ make clean
      rm -rf *.o
@@ -389,7 +443,9 @@ example:
   Makefile.

 #. *Execute Your Project:* To execute the project (i.e. ``target_bin``),
-   use the following command::
+   use the following command:
+
+   .. code-block:: console

      $ ./target_bin
      Hello World!
--- a/documentation/security-reference/index.rst
+++ b/documentation/security-reference/index.rst
@@ -0,0 +1,14 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+================================
+Yocto Project Security Reference
+================================
+
+.. toctree::
+   :caption: Table of Contents
+   :numbered:
+
+   security-team
+   reporting-vulnerabilities
+
+.. include:: /boilerplate.rst
--- a/documentation/security-reference/reporting-vulnerabilities.rst
+++ b/documentation/security-reference/reporting-vulnerabilities.rst
@@ -0,0 +1,85 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Reporting Vulnerabilities
+*************************
+
+The Yocto Project and OpenEmbedded are open-source, community-based projects
+used in numerous products. They assemble multiple other open-source projects,
+and need to handle security issues and practices both internal (in the code
+maintained by both projects), and external (maintained by other projects and
+organizations).
+
+This manual assembles security-related information concerning the whole
+ecosystem. It includes information on reporting a potential security issue,
+the operation of the YP Security team and how to contribute in the
+related code. It is written to be useful for both security researchers and
+YP developers.
+
+How to report a potential security vulnerability?
+=================================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it using the
+:yocto_bugs:`Security Bugzilla </enter_bug.cgi?product=Security>`.
+
+If you are dealing with a not-yet-released issue, or an urgent one, please send
+a message to security AT yoctoproject DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available. This mailing list is monitored by the
+Yocto Project Security team.
+
+For each layer, you might also look for specific instructions (if any) for
+reporting potential security issues in the specific ``SECURITY.md`` file at the
+root of the repository. Instructions on how and where submit a patch are
+usually available in ``README.md``. If this is your first patch to the
+Yocto Project/OpenEmbedded, you might want to have a look into the
+Contributor's Manual section
+":ref:`contributor-guide/submit-changes:preparing changes for submission`".
+
+Branches maintained with security fixes
+---------------------------------------
+
+See the
+:ref:`Release process <ref-manual/release-process:Stable Release Process>`
+documentation for details regarding the policies and maintenance of stable
+branches.
+
+The :yocto_home:`Releases </development/releases/>` page contains a list of all
+releases of the Yocto Project, grouped into current and previous releases.
+Previous releases are no longer actively maintained with security patches, but
+well-tested patches may still be accepted for them for significant issues.
+
+Security-related discussions at the Yocto Project
+-------------------------------------------------
+
+We have set up two security-related emails/mailing lists:
+
+  -  Public Mailing List: yocto [dash] security [at] yoctoproject[dot] org
+
+     This is a public mailing list for anyone to subscribe to. This list is an
+     open list to discuss public security issues/patches and security-related
+     initiatives. For more information, including subscription information,
+     please see the  :yocto_lists:`yocto-security mailing list info page
+     </g/yocto-security>`.
+
+     This list requires moderator approval for new topics to be posted, to avoid
+     private security reports to be posted by mistake.
+
+  -  Yocto Project Security Team: security [at] yoctoproject [dot] org
+
+     This is an email for reporting non-published potential vulnerabilities.
+     Emails sent to this address are forwarded to the Yocto Project Security
+     Team members.
+
+
+What you should do if you find a security vulnerability
+-------------------------------------------------------
+
+If you find a security flaw: a crash, an information leakage, or anything that
+can have a security impact if exploited in any Open Source software built or
+used by the Yocto Project, please report this to the Yocto Project Security
+Team. If you prefer to contact the upstream project directly, please send a
+copy to the security team at the Yocto Project as well. If you believe this is
+highly sensitive information, please report the vulnerability in a secure way,
+i.e. encrypt the email and send it to the private list. This ensures that
+the exploit is not leaked and exploited before a response/fix has been generated.
--- a/documentation/security-reference/security-team.rst
+++ b/documentation/security-reference/security-team.rst
@@ -0,0 +1,122 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Security team
+*************
+
+The Yocto Project/OpenEmbedded security team coordinates the work on security
+subjects in the project. All general discussion takes place publicly. The
+Security Team only uses confidential communication tools to deal with private
+vulnerability reports before they are released.
+
+Security team appointment
+=========================
+
+The Yocto Project Security Team consists of at least three members. When new
+members are needed, the Yocto Project Technical Steering Committee (YP TSC)
+asks for nominations by public channels including a nomination deadline.
+Self-nominations are possible. When the limit time is
+reached, the YP TSC posts the list of candidates for the comments of project
+participants and developers. Comments may be sent publicly or privately to the
+YP and OE TSCs. The candidates are approved by both YP TSC and OpenEmbedded
+Technical Steering Committee (OE TSC) and the final list of the team members
+is announced publicly. The aim is to have people representing technical
+leadership, security knowledge and infrastructure present with enough people
+to provide backup/coverage but keep the notification list small enough to
+minimize information risk and maintain trust.
+
+YP Security Team members may resign at any time.
+
+Security Team Operations
+========================
+
+The work of the Security Team might require high confidentiality. Team members
+are individuals selected by merit and do not represent the companies they work
+for. They do not share information about confidential issues outside of the team
+and do not hint about ongoing embargoes.
+
+Team members can bring in domain experts as needed. Those people should be
+added to individual issues only and adhere to the same standards as the YP
+Security Team.
+
+The YP security team organizes its meetings and communication as needed.
+
+When the YP Security team receives a report about a potential security
+vulnerability, they quickly analyze and notify the reporter of the result.
+They might also request more information.
+
+If the issue is confirmed and affects the code maintained by the YP, they
+confidentially notify maintainers of that code and work with them to prepare
+a fix.
+
+If the issue is confirmed and affects an upstream project, the YP security team
+notifies the project. Usually, the upstream project analyzes the problem again.
+If they deem it a real security problem in their software, they develop and
+release a fix following their security policy. They may want to include the
+original reporter in the loop. There is also sometimes some coordination for
+handling patches, backporting patches etc, or just understanding the problem
+or what caused it.
+
+The security policy of the upstream project might include a notification to
+Linux distributions or other important downstream projects in advance to
+discuss coordinated disclosure. These mailing lists are normally non-public.
+
+When the upstream project releases a version with the fix, they are responsible
+for contacting an appropriate CVE Numbering Authority (CNA), such as `Mitre
+<https://cveform.mitre.org/>`__, to get a CVE number assigned and the CVE
+record published.
+
+When the fix is publicly available, the YP security team member or the
+package maintainer sends patches against the YP code base, following usual
+procedures, including public code review.
+
+If an upstream project does not respond quickly
+-----------------------------------------------
+
+If an upstream project does not fix the problem in a reasonable time,
+the Yocto's Security Team will contact other interested parties (usually
+other distributions) in the community and together try to solve the
+vulnerability as quickly as possible.
+
+The Yocto Project Security team adheres to the 90 days disclosure policy
+by default. An increase of the embargo time is possible when necessary.
+
+Handling multi-project embargoes
+--------------------------------
+
+In rare cases, a severe security issue affects multiple projects. This might be
+numerous projects having a similar issue because of design, coding pattern, or
+reuse of the same code (an example of this situation is :cve_nist:`2023-44487`
+where multiple web servers share a design weakness). It might also be a
+high-profile issue in a commonly used library (like OpenSSL). In such cases,
+the project, learning first about the issue, might decide to notify other
+affected projects confidentially so that they come up with a synchronized fix.
+It might also be the affected project informing major distributions to roll out
+the update simultaneously.
+
+Such notifications happen over confidential, non-public means. Typically, the
+project initiating this "embargo" directly notifies a selected number of people
+from each project, including a subset of the security team. When Yocto Project
+is a part of such a notified group, developers prepare fixes on separate
+infrastructure and test it. They might also include additional developers and
+domain experts who can help with the fix and eventual regressions. When the
+embargo is lifted, they send a patch to the relevant public list, and the usual
+review process starts.
+
+Security Team Members
+=====================
+
+For secure communications, please send your messages encrypted using the GPG
+keys. Remember, message headers are not encrypted so do not include sensitive
+information in the subject line.
+
+-  Ross Burton: <ross [at] burtonini [dot] com> `Public key <https://keys.openpgp.org/search?q=ross%40burtonini.com>`__
+
+-  Michael Halstead: <mhalstead [at] linuxfoundation [dot] org>
+   `Public key <https://pgp.mit.edu/pks/lookup?op=vindex&search=0x3373170601861969>`__
+   or `Public key <https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xd1f2407285e571ed12a407a73373170601861969>`__
+
+-  Richard Purdie: <richard.purdie [at] linuxfoundation [dot] org> `Public key <https://keys.openpgp.org/search?q=richard.purdie%40linuxfoundation.org>`__
+
+-  Marta Rybczynska: <marta DOT rybczynska [at] ygreky [dot] com> `Public key <https://keys.openpgp.org/search?q=marta.rybczynska@ygreky.com>`__
+
+-  Paul Barker <paul [at] pbarker [dot] dev> `Public key <https://keys.openpgp.org/search?q=paul@pbarker.dev>`__
--- a/documentation/sphinx-static/theme_overrides.css
+++ b/documentation/sphinx-static/theme_overrides.css
@@ -99,14 +99,19 @@ em {
 [alt='Permalink'] { color: #eee; }
 [alt='Permalink']:hover { color: black; }

-@media screen {
-    /* content column
-     *
-     * RTD theme's default is 800px as max width for the content, but we have
-     * tables with tons of columns, which need the full width of the view-port.
-     */
+.literal-block {
+    background: #f8f8f8;
+}

-    .wy-nav-content{max-width: none; }
+@media screen {
+    .wy-nav-content {
+       max-width: 1000px;
+       background: #fcfcfc;
+    }
+
+    .wy-nav-content-wrap {
+       background: #efefef;
+    }

    /* inline literal: drop the borderbox, padding and red color */
    code, .rst-content tt, .rst-content code {
--- a/documentation/test-manual/ptest.rst
+++ b/documentation/test-manual/ptest.rst
@@ -84,6 +84,25 @@ test. Here is what you have to do for each recipe:
      cd test
      make -k runtest-TESTS

+-  *Return an appropriate exit code*: The ``run-ptest`` script must return 0 on
+   success, 1 on failure. This is needed by ``ptest-runner`` to keep track of
+   the successful and failed tests.
+
+-  *Make sure the test prints at least one test result*: The execution of the
+   ``run-ptest`` script must result in at least one test result output on the
+   console, with the following format::
+
+      result: testname
+
+   Where ``result`` can be one of ``PASS``, ``SKIP``, or ``FAIL``. ``testname``
+   can be any name.
+
+   There can be as many test results as desired.
+
+   This information is read by the :ref:`ref-classes-testimage` class and
+   :oe_git:`logparser </openembedded-core/tree/meta/lib/oeqa/utils/logparser.py>`
+   module.
+
 -  *Ensure dependencies are met:* If the test adds build or runtime
   dependencies that normally do not exist for the package (such as
   requiring "make" to run the test suite), use the
--- a/documentation/transitioning-to-a-custom-environment.rst
+++ b/documentation/transitioning-to-a-custom-environment.rst
@@ -9,10 +9,10 @@ Transitioning to a custom environment for systems development
 .. note::

   So you've finished the :doc:`brief-yoctoprojectqs/index` and
-   glanced over the document :doc:`what-i-wish-id-known`, the latter contains
+   glanced over the document :doc:`what-i-wish-id-known`, the latter containing
   important information learned from other users. You're well prepared. But
   now, as you are starting your own project, it isn't exactly straightforward what
-   to do. And, the documentation is daunting. We've put together a few hints to
+   to do, and the documentation is daunting. We've put together a few hints to
   get you started.

 #. **Make a list of the processor, target board, technologies, and capabilities
@@ -23,7 +23,7 @@ Transitioning to a custom environment for systems development
 #. **Set up your board support**.
   Even if you're using custom hardware, it might be easier to start with an
   existing target board that uses the same processor or at least the same
-   architecture as your custom hardware. Knowing the board already has a
+   architecture as your custom hardware. Knowing that the board already has a
   functioning Board Support Package (BSP) within the project makes it easier
   for you to get comfortable with project concepts.

@@ -34,19 +34,19 @@ Transitioning to a custom environment for systems development
   target board. The Yocto Project layer index BSPs are regularly validated. The
   best place to get your first BSP is from your silicon manufacturer or board
   vendor – they can point you to their most qualified efforts. In general, for
-   Intel silicon use meta-intel, for Texas Instruments use meta-ti, and so
+   Intel silicon use ``meta-intel``, for Texas Instruments use ``meta-ti``, and so
   forth. Choose a BSP that has been tested with the same Yocto Project release
   that you've downloaded. Be aware that some BSPs may not be immediately
   supported on the very latest release, but they will be eventually.

   You might want to start with the build specification that Poky provides
-   (which is reference embedded distribution) and then add your newly chosen
+   (which is reference embedded distribution) and then add your newly-chosen
   layers to that. Here is the information :ref:`about adding layers
   <dev-manual/layers:Understanding and Creating Layers>`.

 #. **Based on the layers you've chosen, make needed changes in your
   configuration**.
-   For instance, you've chosen a machine type and added in the corresponding BSP
+   For instance, assume you've chosen a machine type and added in the corresponding BSP
   layer. You'll then need to change the value of the :term:`MACHINE` variable in your
   configuration file (build/local.conf) to point to that same machine
   type. There could be other layer-specific settings you need to change as
@@ -68,8 +68,8 @@ Transitioning to a custom environment for systems development
   bsp layer using the \`\`bitbake-layers\`\` script>`. For example, given a
   64-bit x86-based machine, copy the conf/intel-corei7-64 definition and give
   the machine a relevant name (think board name, not product name). Make sure
-   the layer configuration is dependent on the meta-intel layer (or at least,
-   meta-intel remains in your bblayers.conf). Now you can put your custom BSP
+   the layer configuration is dependent on the ``meta-intel`` layer (or at least,
+   ``meta-intel`` remains in your ``bblayers.conf`` file). Now you can put your custom BSP
   settings into your layer and you can re-use it for different applications.

 #. **Write your own recipe to build additional software support that isn't
--- a/documentation/what-i-wish-id-known.rst
+++ b/documentation/what-i-wish-id-known.rst
@@ -9,7 +9,7 @@ What I wish I'd known about Yocto Project
 .. note::

   Before reading further, make sure you've taken a look at the
-   :yocto_home:`Software Overview</software-overview>` page which presents the
+   :yocto_home:`Technical Overview</development/technical-overview>` page which presents the
   definitions for many of the terms referenced here. Also, know that some of the
   information here won't make sense now, but as you start developing, it is the
   information you'll want to keep close at hand. These are best known methods for
@@ -22,8 +22,8 @@ known before embarking on their first build with Yocto Project. Feel free to
 contact us with other suggestions.

 #. **Use Git, not the tarball download:**
-   If you use git the software will be automatically updated with bug updates
-   because of how git works. If you download the tarball instead, you will need
+   If you use Git, the software will be automatically updated with bug updates
+   because of how Git works. If you download the tarball instead, you will need
   to be responsible for your own updates.

 #. **Get to know the layer index:**
@@ -98,7 +98,7 @@ contact us with other suggestions.
   function of a particular part of the workflow gives you an idea of what might
   be going wrong.

-   .. image:: figures/yp-how-it-works-new-diagram.png
+   .. image:: overview-manual/svg/yp-flow-diagram.*
      :width: 100%

 #. **Know that you can generate a dependency graph and learn how to do it:**
@@ -165,19 +165,19 @@ contact us with other suggestions.

   * deal with corporate proxies
   * add a package to an image
-   * understand the difference between a recipe and package
-   * build a package by itself and why that's useful
+   * understand the difference between a recipe and a package
+   * build a package by itself and understand why that's useful
   * find out what packages are created by a recipe
   * find out what files are in a package
   * find out what files are in an image
-   * add an ssh server to an image (enable transferring of files to target)
+   * add an SSH server to an image (enable transferring of files to target)
   * know the anatomy of a recipe
   * know how to create and use layers
   * find recipes (with the :oe_layerindex:`OpenEmbedded Layer index <>`)
-   * understand difference between machine and distro settings
+   * understand the difference between MACHINE and DISTRO settings
   * find and use the right BSP (machine) for your hardware
-   * find examples of distro features and know where to set them
-   * understanding the task pipeline and executing individual tasks
+   * find examples of DISTRO features and know where to set them
+   * understand the task pipeline and how to execute individual tasks
   * understand devtool and how it simplifies your workflow
   * improve build speeds with shared downloads and shared state cache
   * generate and understand a dependency graph
--- a/meta-poky/conf/distro/poky.conf
+++ b/meta-poky/conf/distro/poky.conf
@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "5.0.14"
+DISTRO_VERSION = "5.0.18"
 DISTRO_CODENAME = "scarthgap"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}"
@@ -42,7 +42,9 @@ SANITY_TESTED_DISTROS ?= " \
            fedora-38 \n \
            fedora-39 \n \
            fedora-40 \n \
-            centosstream-8 \n \
+            fedora-41 \n \
+            centos-8 \n \
+            centos-9 \n \
            debian-11 \n \
            debian-12 \n \
            opensuseleap-15.4 \n \
@@ -51,6 +53,7 @@ SANITY_TESTED_DISTROS ?= " \
            almalinux-8.10 \n \
            almalinux-9.2 \n \
            almalinux-9.4 \n \
+            rocky-8 \n \
            rocky-9 \n \
            "
 # add poky sanity bbclass
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
@@ -11,7 +11,7 @@ SRCREV = "1a3e1343761b30750bed70e0fd688f6d3c7b3717"
 PV = "0.1+git"
 PR = "r2"

-SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master"
+SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master;protocol=https"
 UPSTREAM_CHECK_COMMITS = "1"
 RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"

--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
@@ -10,7 +10,7 @@ DEPENDS = "dbus"
 SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517"
 PV = "0.1+git"

-SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master"
+SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master;protocol=https"
 UPSTREAM_CHECK_COMMITS = "1"
 RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"

--- a/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb
+++ b/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb
@@ -7,8 +7,8 @@ INHIBIT_DEFAULT_DEPS = "1"

 UPSTREAM_VERSION_UNKNOWN = "1"

-SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master"
-SRCREV = "a2885dd7d25380d23627e7544b7bbb55014b16ee"
+SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master;protocol=https"
+SRCREV = "f280847494763cdcf71197557a81ba7d8a6bce42"

 S = "${WORKDIR}/git"

--- a/meta/classes-global/base.bbclass
+++ b/meta/classes-global/base.bbclass
@@ -111,7 +111,11 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True):
            # clean up dead symlink
            if os.path.islink(desttool):
                os.unlink(desttool)
-            srctool = bb.utils.which(path, tool, executable=True)
+
+            # Prefer gnu-prefixed binaries, if available
+            srctool = (bb.utils.which(path, "gnu" + tool, executable=True) or
+                       bb.utils.which(path, tool, executable=True))
+
            # gcc/g++ may link to ccache on some hosts, e.g.,
            # /usr/local/bin/ccache/gcc -> /usr/bin/ccache, then which(gcc)
            # would return /usr/local/bin/ccache/gcc, but what we need is
--- a/meta/classes-recipe/cml1.bbclass
+++ b/meta/classes-recipe/cml1.bbclass
@@ -31,7 +31,7 @@ CROSS_CURSES_LIB = "-lncurses -ltinfo"
 CROSS_CURSES_INC = '-DCURSES_LOC="<curses.h>"'
 TERMINFO = "${STAGING_DATADIR_NATIVE}/terminfo"

-KCONFIG_CONFIG_COMMAND ??= "menuconfig"
+KCONFIG_CONFIG_COMMAND ??= "menuconfig ${EXTRA_OEMAKE}"
 KCONFIG_CONFIG_ENABLE_MENUCONFIG ??= "true"
 KCONFIG_CONFIG_ROOTDIR ??= "${B}"
 python do_menuconfig() {
--- a/meta/classes-recipe/cross.bbclass
+++ b/meta/classes-recipe/cross.bbclass
@@ -101,3 +101,39 @@ addtask addto_recipe_sysroot after do_populate_sysroot
 do_addto_recipe_sysroot[deptask] = "do_populate_sysroot"

 PATH:prepend = "${COREBASE}/scripts/cross-intercept:"
+
+#
+# Cross task outputs can call native dependencies and even when cross
+# recipe output doesn't change it might produce different results when
+# the called native dependency is changed, e.g. clang-cross-${TARGET_ARCH}
+# contains symlink to clang binary from clang-native, but when clang-native
+# outhash is changed, clang-cross-${TARGET_ARCH} will still be considered
+# equivalent and target recipes aren't rebuilt with new clang binary, see
+# work around in https://github.com/kraj/meta-clang/pull/1140 to make target
+# recipes to depend directly not only on clang-cross-${TARGET_ARCH} but
+# clang-native as well.
+#
+# This can cause poor interactions with hash equivalence, since this recipes
+# output-changing dependency is "hidden" and downstream task only see that this
+# recipe has the same outhash and therefore is equivalent. This can result in
+# different output in different cases.
+#
+# To resolve this, unhide the output-changing dependency by adding its unihash
+# to this tasks outhash calculation. Unfortunately, don't know specifically
+# know which dependencies are output-changing, so we have to add all of them.
+#
+python cross_add_do_populate_sysroot_deps () {
+    current_task = "do_" + d.getVar("BB_CURRENTTASK")
+    if current_task != "do_populate_sysroot":
+        return
+
+    taskdepdata = d.getVar("BB_TASKDEPDATA", False)
+    pn = d.getVar("PN")
+    deps = {
+        dep[0]:dep[6] for dep in taskdepdata.values() if
+            dep[1] == current_task and dep[0] != pn
+    }
+
+    d.setVar("HASHEQUIV_EXTRA_SIGDATA", "\n".join("%s: %s" % (k, deps[k]) for k in sorted(deps.keys())))
+}
+SSTATECREATEFUNCS += "cross_add_do_populate_sysroot_deps"
--- a/meta/classes-recipe/go.bbclass
+++ b/meta/classes-recipe/go.bbclass
@@ -22,6 +22,7 @@ export GOARCH = "${TARGET_GOARCH}"
 export GOOS = "${TARGET_GOOS}"
 export GOHOSTARCH="${BUILD_GOARCH}"
 export GOHOSTOS="${BUILD_GOOS}"
+export GOWORK = "off"

 GOARM[export] = "0"
 GOARM:arm:class-target = "${TARGET_GOARM}"
@@ -77,7 +78,7 @@ B = "${WORKDIR}/build"
 export GOPATH = "${B}"
 export GOENV = "off"
 export GOPROXY ??= "https://proxy.golang.org,direct"
-export GOTMPDIR ?= "${WORKDIR}/build-tmp"
+export GOTMPDIR ?= "${WORKDIR}/tmp-go-build"
 GOTMPDIR[vardepvalue] = ""

 python go_do_unpack() {
--- a/meta/classes-recipe/goarch.bbclass
+++ b/meta/classes-recipe/goarch.bbclass
@@ -24,6 +24,9 @@ TARGET_GOMIPS = "${@go_map_mips(d.getVar('TARGET_ARCH'), d.getVar('TUNE_FEATURES
 TARGET_GOARM:class-native = "7"
 TARGET_GO386:class-native = "sse2"
 TARGET_GOMIPS:class-native = "hardfloat"
+TARGET_GOARM:class-crosssdk = "7"
+TARGET_GO386:class-crosssdk = "sse2"
+TARGET_GOMIPS:class-crosssdk = "hardfloat"
 TARGET_GOTUPLE = "${TARGET_GOOS}_${TARGET_GOARCH}"
 GO_BUILD_BINDIR = "${@['bin/${HOST_GOTUPLE}','bin'][d.getVar('BUILD_GOTUPLE') == d.getVar('HOST_GOTUPLE')]}"

--- a/meta/classes-recipe/gtk-icon-cache.bbclass
+++ b/meta/classes-recipe/gtk-icon-cache.bbclass
@@ -46,7 +46,7 @@ gtk_icon_cache_postrm() {
 if [ "x$D" != "x" ]; then
 	$INTERCEPT_DIR/postinst_intercept update_gtk_icon_cache ${PKG} \
 		mlprefix=${MLPREFIX} \
-		libdir=${libdir}
+		libdir_native=${libdir_native}
 else
 	for icondir in /usr/share/icons/* ; do
 		if [ -d $icondir ] ; then
--- a/meta/classes-recipe/kernel.bbclass
+++ b/meta/classes-recipe/kernel.bbclass
@@ -697,9 +697,6 @@ addtask savedefconfig after do_configure

 inherit cml1 pkgconfig

-# Need LD, HOSTLDFLAGS and more for config operations
-KCONFIG_CONFIG_COMMAND:append = " ${EXTRA_OEMAKE}"
-
 EXPORT_FUNCTIONS do_compile do_transform_kernel do_transform_bundled_initramfs do_install do_configure

 # kernel-base becomes kernel-${KERNEL_VERSION}
@@ -873,5 +870,72 @@ addtask deploy after do_populate_sysroot do_packagedata

 EXPORT_FUNCTIONS do_deploy

+do_create_spdx:append() {
+    def create_kernel_config_spdx(d):
+        if not bb.data.inherits_class("create-spdx-3.0", d):
+            return
+        if d.getVar("SPDX_INCLUDE_KERNEL_CONFIG", True) != "1":
+            return
+
+        import oe.spdx30
+        import oe.spdx30_tasks
+        from pathlib import Path
+        from datetime import datetime, timezone
+
+        pkg_arch = d.getVar("SSTATE_PKGARCH")
+        deploydir = Path(d.getVar("SPDXDEPLOY"))
+        pn = d.getVar("PN")
+
+        config_path = d.expand("${B}/.config")
+        kernel_params = []
+        if not os.path.exists(config_path):
+            bb.warn(f"SPDX: Kernel config file not found at: {config_path}")
+            return
+
+        try:
+            with open(config_path, 'r') as f:
+                for line in f:
+                    line = line.strip()
+                    if not line or line.startswith("#"):
+                        continue
+                    if "=" in line:
+                        key, value = line.split("=", 1)
+                        kernel_params.append(oe.spdx30.DictionaryEntry(
+                            key=key,
+                            value=value.strip('"')
+                        ))
+            bb.note(f"Parsed {len(kernel_params)} kernel config entries from {config_path}")
+        except Exception as e:
+            bb.error(f"Failed to parse kernel config file: {e}")
+
+        path = oe.sbom30.jsonld_arch_path(d, pkg_arch, "recipes", f"recipe-{pn}", deploydir=deploydir)
+        build_objset = oe.sbom30.load_jsonld(d, path, required=True)
+        build = build_objset.find_root(oe.spdx30.build_Build)
+        if not build:
+            bb.fatal("No root %s found in %s" % (oe.spdx30.build_Build.__name__, path))
+
+        kernel_build = build_objset.add_root(
+            oe.spdx30.build_Build(
+                _id=build_objset.new_spdxid("kernel-config"),
+                creationInfo=build_objset.doc.creationInfo,
+                build_buildType="https://openembedded.org/kernel-configuration",
+                build_parameter=kernel_params
+            )
+        )
+
+        oe.spdx30_tasks.set_timestamp_now(d, kernel_build, "build_buildStartTime")
+
+        build_objset.new_relationship(
+            [build],
+            oe.spdx30.RelationshipType.ancestorOf,
+            [kernel_build]
+        )
+
+        oe.sbom30.write_jsonld_doc(d, build_objset, path)
+
+    create_kernel_config_spdx(d)
+}
+do_create_spdx[depends] += "virtual/kernel:do_configure"
+
 # Add using Device Tree support
 inherit kernel-devicetree
--- a/meta/classes-recipe/python_setuptools_build_meta.bbclass
+++ b/meta/classes-recipe/python_setuptools_build_meta.bbclass
@@ -7,3 +7,7 @@
 inherit setuptools3-base python_pep517

 DEPENDS += "python3-setuptools-native python3-wheel-native"
+
+# This isn't nice, but is the best solutions to ensure clean builds for now.
+# https://github.com/pypa/setuptools/issues/4732
+do_configure[cleandirs] = "${PEP517_SOURCE_PATH}/build"
--- a/meta/classes-recipe/rust-target-config.bbclass
+++ b/meta/classes-recipe/rust-target-config.bbclass
@@ -329,6 +329,7 @@ def rust_gen_target(d, thing, wd, arch):
    sys = d.getVar('{}_SYS'.format(thing))
    prefix = d.getVar('{}_PREFIX'.format(thing))
    rustsys = d.getVar('RUST_{}_SYS'.format(thing))
+    os = d.getVar('{}_OS'.format(thing))

    abi = None
    cpu = "generic"
@@ -368,7 +369,7 @@ def rust_gen_target(d, thing, wd, arch):
    tspec['target-c-int-width'] = d.getVarFlag('TARGET_C_INT_WIDTH', arch_abi)
    tspec['target-endian'] = d.getVarFlag('TARGET_ENDIAN', arch_abi)
    tspec['arch'] = arch_to_rust_target_arch(rust_arch)
-    if "baremetal" in d.getVar('TCLIBC'):
+    if "elf" in os:
        tspec['os'] = "none"
    else:
        tspec['os'] = "linux"
--- a/Show More
+++ b/Show More