798 files changed, 45062 insertions, 7123 deletions

diff --git a/bitbake/bin/bitbake-diffsigs b/bitbake/bin/bitbake-diffsigs
index 8202c78623..9d6cb8c944 100755
--- a/bitbake/bin/bitbake-diffsigs
+++ b/bitbake/bin/bitbake-diffsigs
@@ -72,16 +72,17 @@ def find_siginfo_task(bbhandler, pn, taskname, sig1=None, sig2=None):
         elif sig2 not in sigfiles:
             logger.error('No sigdata files found matching %s %s with signature %s' % (pn, taskname, sig2))
             sys.exit(1)
+
+        latestfiles = [sigfiles[sig1]['path'], sigfiles[sig2]['path']]
     else:
         sigfiles = find_siginfo(bbhandler, pn, taskname)
         latestsigs = sorted(sigfiles.keys(), key=lambda h: sigfiles[h]['time'])[-2:]
         if not latestsigs:
             logger.error('No sigdata files found matching %s %s' % (pn, taskname))
             sys.exit(1)
-        sig1 = latestsigs[0]
-        sig2 = latestsigs[1]
-
-    latestfiles = [sigfiles[sig1]['path'], sigfiles[sig2]['path']]
+        latestfiles = [sigfiles[latestsigs[0]]['path']]
+        if len(latestsigs) > 1:
+            latestfiles.append(sigfiles[latestsigs[1]]['path'])
 
     return latestfiles
 
diff --git a/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst b/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst
index 899e584f91..f23fb7f2a7 100644
--- a/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst
+++ b/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst
@@ -424,7 +424,7 @@ overview of their function and contents.
 
       Example usage::
 
-         BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"
+         BB_HASHSERVE_UPSTREAM = "hashserv.yoctoproject.org:8686"
 
    :term:`BB_INVALIDCONF`
       Used in combination with the ``ConfigParsed`` event to trigger
diff --git a/bitbake/lib/bb/asyncrpc/client.py b/bitbake/lib/bb/asyncrpc/client.py
index a350b4fb12..6fa2839f48 100644
--- a/bitbake/lib/bb/asyncrpc/client.py
+++ b/bitbake/lib/bb/asyncrpc/client.py
@@ -87,7 +87,11 @@ class AsyncClient(object):
         import websockets
 
         async def connect_sock():
-            websocket = await websockets.connect(uri, ping_interval=None)
+            websocket = await websockets.connect(
+                uri,
+                ping_interval=None,
+                open_timeout=self.timeout,
+            )
             return WebsocketConnection(websocket, self.timeout)
 
         self._connect_sock = connect_sock
diff --git a/bitbake/lib/bb/command.py b/bitbake/lib/bb/command.py
index 1fcb9bf14c..5e166fe45c 100644
--- a/bitbake/lib/bb/command.py
+++ b/bitbake/lib/bb/command.py
@@ -420,15 +420,30 @@ class CommandsSync:
         return command.cooker.recipecaches[mc].pkg_dp
     getDefaultPreference.readonly = True
 
+
     def getSkippedRecipes(self, command, params):
+        """
+        Get the map of skipped recipes for the specified multiconfig/mc name (`params[0]`).
+
+        Invoked by `bb.tinfoil.Tinfoil.get_skipped_recipes`
+
+        :param command: Internally used parameter.
+        :param params: Parameter array. params[0] is multiconfig/mc name. If not given, then default mc '' is assumed.
+        :return: Dict whose keys are virtualfns and values are `bb.cooker.SkippedPackage`
+        """
+        try:
+            mc = params[0]
+        except IndexError:
+            mc = ''
+
         # Return list sorted by reverse priority order
         import bb.cache
         def sortkey(x):
             vfn, _ = x
-            realfn, _, mc = bb.cache.virtualfn2realfn(vfn)
-            return (-command.cooker.collections[mc].calc_bbfile_priority(realfn)[0], vfn)
+            realfn, _, item_mc = bb.cache.virtualfn2realfn(vfn)
+            return -command.cooker.collections[item_mc].calc_bbfile_priority(realfn)[0], vfn
 
-        skipdict = OrderedDict(sorted(command.cooker.skiplist.items(), key=sortkey))
+        skipdict = OrderedDict(sorted(command.cooker.skiplist_by_mc[mc].items(), key=sortkey))
         return list(skipdict.items())
     getSkippedRecipes.readonly = True
 
diff --git a/bitbake/lib/bb/cooker.py b/bitbake/lib/bb/cooker.py
index 6318ef4a8f..6fce19b464 100644
--- a/bitbake/lib/bb/cooker.py
+++ b/bitbake/lib/bb/cooker.py
@@ -17,7 +17,7 @@ import threading
 from io import StringIO, UnsupportedOperation
 from contextlib import closing
 from collections import defaultdict, namedtuple
-import bb, bb.exceptions, bb.command
+import bb, bb.command
 from bb import utils, data, parse, event, cache, providers, taskdata, runqueue, build
 import queue
 import signal
@@ -134,7 +134,8 @@ class BBCooker:
         self.baseconfig_valid = False
         self.parsecache_valid = False
         self.eventlog = None
-        self.skiplist = {}
+        # The skiplists, one per multiconfig
+        self.skiplist_by_mc = defaultdict(dict)
         self.featureset = CookerFeatures()
         if featureSet:
             for f in featureSet:
@@ -612,8 +613,8 @@ class BBCooker:
         localdata = {}
 
         for mc in self.multiconfigs:
-            taskdata[mc] = bb.taskdata.TaskData(halt, skiplist=self.skiplist, allowincomplete=allowincomplete)
-            localdata[mc] = data.createCopy(self.databuilder.mcdata[mc])
+            taskdata[mc] = bb.taskdata.TaskData(halt, skiplist=self.skiplist_by_mc[mc], allowincomplete=allowincomplete)
+            localdata[mc] = bb.data.createCopy(self.databuilder.mcdata[mc])
             bb.data.expandKeys(localdata[mc])
 
         current = 0
@@ -933,7 +934,7 @@ class BBCooker:
         for mc in self.multiconfigs:
             # First get list of recipes, including skipped
             recipefns = list(self.recipecaches[mc].pkg_fn.keys())
-            recipefns.extend(self.skiplist.keys())
+            recipefns.extend(self.skiplist_by_mc[mc].keys())
 
             # Work out list of bbappends that have been applied
             applied_appends = []
@@ -2097,7 +2098,6 @@ class Parser(multiprocessing.Process):
         except Exception as exc:
             tb = sys.exc_info()[2]
             exc.recipe = filename
-            exc.traceback = list(bb.exceptions.extract_traceback(tb, context=3))
             return True, None, exc
         # Need to turn BaseExceptions into Exceptions here so we gracefully shutdown
         # and for example a worker thread doesn't just exit on its own in response to
@@ -2298,8 +2298,12 @@ class CookerParser(object):
             return False
         except ParsingFailure as exc:
             self.error += 1
-            logger.error('Unable to parse %s: %s' %
-                     (exc.recipe, bb.exceptions.to_string(exc.realexception)))
+
+            exc_desc = str(exc)
+            if isinstance(exc, SystemExit) and not isinstance(exc.code, str):
+                exc_desc = 'Exited with "%d"' % exc.code
+
+            logger.error('Unable to parse %s: %s' % (exc.recipe, exc_desc))
             self.shutdown(clean=False)
             return False
         except bb.parse.ParseError as exc:
@@ -2308,20 +2312,33 @@ class CookerParser(object):
             self.shutdown(clean=False, eventmsg=str(exc))
             return False
         except bb.data_smart.ExpansionError as exc:
+            def skip_frames(f, fn_prefix):
+                while f and f.tb_frame.f_code.co_filename.startswith(fn_prefix):
+                    f = f.tb_next
+                return f
+
             self.error += 1
             bbdir = os.path.dirname(__file__) + os.sep
-            etype, value, _ = sys.exc_info()
-            tb = list(itertools.dropwhile(lambda e: e.filename.startswith(bbdir), exc.traceback))
+            etype, value, tb = sys.exc_info()
+
+            # Remove any frames where the code comes from bitbake. This
+            # prevents deep (and pretty useless) backtraces for expansion error
+            tb = skip_frames(tb, bbdir)
+            cur = tb
+            while cur:
+                cur.tb_next = skip_frames(cur.tb_next, bbdir)
+                cur = cur.tb_next
+
             logger.error('ExpansionError during parsing %s', value.recipe,
                          exc_info=(etype, value, tb))
             self.shutdown(clean=False)
             return False
         except Exception as exc:
             self.error += 1
-            etype, value, tb = sys.exc_info()
+            _, value, _ = sys.exc_info()
             if hasattr(value, "recipe"):
                 logger.error('Unable to parse %s' % value.recipe,
-                            exc_info=(etype, value, exc.traceback))
+                            exc_info=sys.exc_info())
             else:
                 # Most likely, an exception occurred during raising an exception
                 import traceback
@@ -2342,7 +2359,7 @@ class CookerParser(object):
         for virtualfn, info_array in result:
             if info_array[0].skipped:
                 self.skipped += 1
-                self.cooker.skiplist[virtualfn] = SkippedPackage(info_array[0])
+                self.cooker.skiplist_by_mc[mc][virtualfn] = SkippedPackage(info_array[0])
             self.bb_caches[mc].add_info(virtualfn, info_array, self.cooker.recipecaches[mc],
                                         parsed=parsed, watcher = self.cooker.add_filewatch)
         return True
diff --git a/bitbake/lib/bb/data_smart.py b/bitbake/lib/bb/data_smart.py
index c6049d578e..7b67127c06 100644
--- a/bitbake/lib/bb/data_smart.py
+++ b/bitbake/lib/bb/data_smart.py
@@ -31,7 +31,7 @@ logger = logging.getLogger("BitBake.Data")
 
 __setvar_keyword__ = [":append", ":prepend", ":remove"]
 __setvar_regexp__ = re.compile(r'(?P<base>.*?)(?P<keyword>:append|:prepend|:remove)(:(?P<add>[^A-Z]*))?$')
-__expand_var_regexp__ = re.compile(r"\${[a-zA-Z0-9\-_+./~:]+?}")
+__expand_var_regexp__ = re.compile(r"\${[a-zA-Z0-9\-_+./~:]+}")
 __expand_python_regexp__ = re.compile(r"\${@(?:{.*?}|.)+?}")
 __whitespace_split__ = re.compile(r'(\s)')
 __override_regexp__ = re.compile(r'[a-z0-9]+')
@@ -580,12 +580,9 @@ class DataSmart(MutableMapping):
             else:
                 loginfo['op'] = keyword
             self.varhistory.record(**loginfo)
-            # todo make sure keyword is not __doc__ or __module__
-            # pay the cookie monster
 
             # more cookies for the cookie monster
-            if ':' in var:
-                self._setvar_update_overrides(base, **loginfo)
+            self._setvar_update_overrides(base, **loginfo)
 
             if base in self.overridevars:
                 self._setvar_update_overridevars(var, value)
@@ -638,6 +635,7 @@ class DataSmart(MutableMapping):
                 nextnew.update(vardata.contains.keys())
             new = nextnew
         self.overrides = None
+        self.expand_cache = {}
 
     def _setvar_update_overrides(self, var, **loginfo):
         # aka pay the cookie monster
diff --git a/bitbake/lib/bb/event.py b/bitbake/lib/bb/event.py
index 4761c86880..a12adbc937 100644
--- a/bitbake/lib/bb/event.py
+++ b/bitbake/lib/bb/event.py
@@ -19,7 +19,6 @@ import sys
 import threading
 import traceback
 
-import bb.exceptions
 import bb.utils
 
 # This is the pid for which we should generate the event. This is set when
@@ -195,7 +194,12 @@ def fire_ui_handlers(event, d):
         ui_queue.append(event)
         return
 
-    with bb.utils.lock_timeout(_thread_lock):
+    with bb.utils.lock_timeout_nocheck(_thread_lock) as lock:
+        if not lock:
+            # If we can't get the lock, we may be recursively called, queue and return
+            ui_queue.append(event)
+            return
+
         errors = []
         for h in _ui_handlers:
             #print "Sending event %s" % event
@@ -214,6 +218,9 @@ def fire_ui_handlers(event, d):
         for h in errors:
             del _ui_handlers[h]
 
+    while ui_queue:
+        fire_ui_handlers(ui_queue.pop(), d)
+
 def fire(event, d):
     """Fire off an Event"""
 
@@ -759,13 +766,7 @@ class LogHandler(logging.Handler):
 
     def emit(self, record):
         if record.exc_info:
-            etype, value, tb = record.exc_info
-            if hasattr(tb, 'tb_next'):
-                tb = list(bb.exceptions.extract_traceback(tb, context=3))
-            # Need to turn the value into something the logging system can pickle
-            record.bb_exc_info = (etype, value, tb)
-            record.bb_exc_formatted = bb.exceptions.format_exception(etype, value, tb, limit=5)
-            value = str(value)
+            record.bb_exc_formatted = traceback.format_exception(*record.exc_info)
             record.exc_info = None
         fire(record, None)
 
diff --git a/bitbake/lib/bb/exceptions.py b/bitbake/lib/bb/exceptions.py
deleted file mode 100644
index 801db9c82f..0000000000
--- a/bitbake/lib/bb/exceptions.py
+++ /dev/null
@@ -1,96 +0,0 @@
-#
-# Copyright BitBake Contributors
-#
-# SPDX-License-Identifier: GPL-2.0-only
-#
-
-import inspect
-import traceback
-import bb.namedtuple_with_abc
-from collections import namedtuple
-
-
-class TracebackEntry(namedtuple.abc):
-    """Pickleable representation of a traceback entry"""
-    _fields = 'filename lineno function args code_context index'
-    _header = '  File "{0.filename}", line {0.lineno}, in {0.function}{0.args}'
-
-    def format(self, formatter=None):
-        if not self.code_context:
-            return self._header.format(self) + '\n'
-
-        formatted = [self._header.format(self) + ':\n']
-
-        for lineindex, line in enumerate(self.code_context):
-            if formatter:
-                line = formatter(line)
-
-            if lineindex == self.index:
-                formatted.append('    >%s' % line)
-            else:
-                formatted.append('     %s' % line)
-        return formatted
-
-    def __str__(self):
-        return ''.join(self.format())
-
-def _get_frame_args(frame):
-    """Get the formatted arguments and class (if available) for a frame"""
-    arginfo = inspect.getargvalues(frame)
-
-    try:
-        if not arginfo.args:
-            return '', None
-    # There have been reports from the field of python 2.6 which doesn't 
-    # return a namedtuple here but simply a tuple so fallback gracefully if
-    # args isn't present.
-    except AttributeError:
-        return '', None
-
-    firstarg = arginfo.args[0]
-    if firstarg == 'self':
-        self = arginfo.locals['self']
-        cls = self.__class__.__name__
-
-        arginfo.args.pop(0)
-        del arginfo.locals['self']
-    else:
-        cls = None
-
-    formatted = inspect.formatargvalues(*arginfo)
-    return formatted, cls
-
-def extract_traceback(tb, context=1):
-    frames = inspect.getinnerframes(tb, context)
-    for frame, filename, lineno, function, code_context, index in frames:
-        formatted_args, cls = _get_frame_args(frame)
-        if cls:
-            function = '%s.%s' % (cls, function)
-        yield TracebackEntry(filename, lineno, function, formatted_args,
-                             code_context, index)
-
-def format_extracted(extracted, formatter=None, limit=None):
-    if limit:
-        extracted = extracted[-limit:]
-
-    formatted = []
-    for tracebackinfo in extracted:
-        formatted.extend(tracebackinfo.format(formatter))
-    return formatted
-
-
-def format_exception(etype, value, tb, context=1, limit=None, formatter=None):
-    formatted = ['Traceback (most recent call last):\n']
-
-    if hasattr(tb, 'tb_next'):
-        tb = extract_traceback(tb, context)
-
-    formatted.extend(format_extracted(tb, formatter, limit))
-    formatted.extend(traceback.format_exception_only(etype, value))
-    return formatted
-
-def to_string(exc):
-    if isinstance(exc, SystemExit):
-        if not isinstance(exc.code, str):
-            return 'Exited with "%d"' % exc.code
-    return str(exc)
diff --git a/bitbake/lib/bb/fetch2/__init__.py b/bitbake/lib/bb/fetch2/__init__.py
index 5bf2c4b8cf..1a6ff25d4d 100644
--- a/bitbake/lib/bb/fetch2/__init__.py
+++ b/bitbake/lib/bb/fetch2/__init__.py
@@ -237,7 +237,7 @@ class URI(object):
         # to RFC compliant URL format. E.g.:
         #   file://foo.diff -> file:foo.diff
         if urlp.scheme in self._netloc_forbidden:
-            uri = re.sub("(?<=:)//(?!/)", "", uri, 1)
+            uri = re.sub(r"(?<=:)//(?!/)", "", uri, count=1)
             reparse = 1
 
         if reparse:
@@ -499,30 +499,30 @@ def fetcher_init(d):
     Calls before this must not hit the cache.
     """
 
-    revs = bb.persist_data.persist('BB_URI_HEADREVS', d)
-    try:
-        # fetcher_init is called multiple times, so make sure we only save the
-        # revs the first time it is called.
-        if not bb.fetch2.saved_headrevs:
-            bb.fetch2.saved_headrevs = dict(revs)
-    except:
-        pass
-
-    # When to drop SCM head revisions controlled by user policy
-    srcrev_policy = d.getVar('BB_SRCREV_POLICY') or "clear"
-    if srcrev_policy == "cache":
-        logger.debug("Keeping SRCREV cache due to cache policy of: %s", srcrev_policy)
-    elif srcrev_policy == "clear":
-        logger.debug("Clearing SRCREV cache due to cache policy of: %s", srcrev_policy)
-        revs.clear()
-    else:
-        raise FetchError("Invalid SRCREV cache policy of: %s" % srcrev_policy)
+    with bb.persist_data.persist('BB_URI_HEADREVS', d) as revs:
+        try:
+            # fetcher_init is called multiple times, so make sure we only save the
+            # revs the first time it is called.
+            if not bb.fetch2.saved_headrevs:
+                bb.fetch2.saved_headrevs = dict(revs)
+        except:
+            pass
 
-    _checksum_cache.init_cache(d.getVar("BB_CACHEDIR"))
+        # When to drop SCM head revisions controlled by user policy
+        srcrev_policy = d.getVar('BB_SRCREV_POLICY') or "clear"
+        if srcrev_policy == "cache":
+            logger.debug("Keeping SRCREV cache due to cache policy of: %s", srcrev_policy)
+        elif srcrev_policy == "clear":
+            logger.debug("Clearing SRCREV cache due to cache policy of: %s", srcrev_policy)
+            revs.clear()
+        else:
+            raise FetchError("Invalid SRCREV cache policy of: %s" % srcrev_policy)
+
+        _checksum_cache.init_cache(d.getVar("BB_CACHEDIR"))
 
-    for m in methods:
-        if hasattr(m, "init"):
-            m.init(d)
+        for m in methods:
+            if hasattr(m, "init"):
+                m.init(d)
 
 def fetcher_parse_save():
     _checksum_cache.save_extras()
@@ -536,8 +536,8 @@ def fetcher_compare_revisions(d):
     when bitbake was started and return true if they have changed.
     """
 
-    headrevs = dict(bb.persist_data.persist('BB_URI_HEADREVS', d))
-    return headrevs != bb.fetch2.saved_headrevs
+    with dict(bb.persist_data.persist('BB_URI_HEADREVS', d)) as headrevs:
+        return headrevs != bb.fetch2.saved_headrevs
 
 def mirror_from_string(data):
     mirrors = (data or "").replace('\\n',' ').split()
@@ -1662,13 +1662,13 @@ class FetchMethod(object):
         if not hasattr(self, "_latest_revision"):
             raise ParameterError("The fetcher for this URL does not support _latest_revision", ud.url)
 
-        revs = bb.persist_data.persist('BB_URI_HEADREVS', d)
-        key = self.generate_revision_key(ud, d, name)
-        try:
-            return revs[key]
-        except KeyError:
-            revs[key] = rev = self._latest_revision(ud, d, name)
-            return rev
+        with bb.persist_data.persist('BB_URI_HEADREVS', d) as revs:
+            key = self.generate_revision_key(ud, d, name)
+            try:
+                return revs[key]
+            except KeyError:
+                revs[key] = rev = self._latest_revision(ud, d, name)
+                return rev
 
     def sortable_revision(self, ud, d, name):
         latest_rev = self._build_revision(ud, d, name)
diff --git a/bitbake/lib/bb/fetch2/gcp.py b/bitbake/lib/bb/fetch2/gcp.py
index eb3e0c6a6b..2ee9ed2194 100644
--- a/bitbake/lib/bb/fetch2/gcp.py
+++ b/bitbake/lib/bb/fetch2/gcp.py
@@ -23,7 +23,6 @@ import urllib.parse, urllib.error
 from bb.fetch2 import FetchMethod
 from bb.fetch2 import FetchError
 from bb.fetch2 import logger
-from bb.fetch2 import runfetchcmd
 
 class GCP(FetchMethod):
     """
@@ -48,7 +47,6 @@ class GCP(FetchMethod):
             ud.basename = os.path.basename(ud.path)
 
         ud.localfile = d.expand(urllib.parse.unquote(ud.basename))
-        ud.basecmd = "gsutil stat"
 
     def get_gcp_client(self):
         from google.cloud import storage
@@ -59,17 +57,20 @@ class GCP(FetchMethod):
         Fetch urls using the GCP API.
         Assumes localpath was called first.
         """
+        from google.api_core.exceptions import NotFound
         logger.debug2(f"Trying to download gs://{ud.host}{ud.path} to {ud.localpath}")
         if self.gcp_client is None:
             self.get_gcp_client()
 
-        bb.fetch2.check_network_access(d, ud.basecmd, f"gs://{ud.host}{ud.path}")
-        runfetchcmd("%s %s" % (ud.basecmd, f"gs://{ud.host}{ud.path}"), d)
+        bb.fetch2.check_network_access(d, "blob.download_to_filename", f"gs://{ud.host}{ud.path}")
 
         # Path sometimes has leading slash, so strip it
         path = ud.path.lstrip("/")
         blob = self.gcp_client.bucket(ud.host).blob(path)
-        blob.download_to_filename(ud.localpath)
+        try:
+            blob.download_to_filename(ud.localpath)
+        except NotFound:
+            raise FetchError("The GCP API threw a NotFound exception")
 
         # Additional sanity checks copied from the wget class (although there
         # are no known issues which mean these are required, treat the GCP API
@@ -91,8 +92,7 @@ class GCP(FetchMethod):
         if self.gcp_client is None:
             self.get_gcp_client()
 
-        bb.fetch2.check_network_access(d, ud.basecmd, f"gs://{ud.host}{ud.path}")
-        runfetchcmd("%s %s" % (ud.basecmd, f"gs://{ud.host}{ud.path}"), d)
+        bb.fetch2.check_network_access(d, "gcp_client.bucket(ud.host).blob(path).exists()", f"gs://{ud.host}{ud.path}")
 
         # Path sometimes has leading slash, so strip it
         path = ud.path.lstrip("/")
diff --git a/bitbake/lib/bb/fetch2/git.py b/bitbake/lib/bb/fetch2/git.py
index c7ff769fdf..6029144601 100644
--- a/bitbake/lib/bb/fetch2/git.py
+++ b/bitbake/lib/bb/fetch2/git.py
@@ -926,9 +926,8 @@ class Git(FetchMethod):
             commits = None
         else:
             if not os.path.exists(rev_file) or not os.path.getsize(rev_file):
-                from pipes import quote
                 commits = bb.fetch2.runfetchcmd(
-                        "git rev-list %s -- | wc -l" % quote(rev),
+                        "git rev-list %s -- | wc -l" % shlex.quote(rev),
                         d, quiet=True).strip().lstrip('0')
                 if commits:
                     open(rev_file, "w").write("%d\n" % int(commits))
diff --git a/bitbake/lib/bb/fetch2/gitsm.py b/bitbake/lib/bb/fetch2/gitsm.py
index f7f3af7212..fab4b1164c 100644
--- a/bitbake/lib/bb/fetch2/gitsm.py
+++ b/bitbake/lib/bb/fetch2/gitsm.py
@@ -147,6 +147,19 @@ class GitSM(Git):
 
         return submodules != []
 
+    def call_process_submodules(self, ud, d, extra_check, subfunc):
+        # If we're using a shallow mirror tarball it needs to be
+        # unpacked temporarily so that we can examine the .gitmodules file
+        if ud.shallow and os.path.exists(ud.fullshallow) and extra_check:
+            tmpdir = tempfile.mkdtemp(dir=d.getVar("DL_DIR"))
+            try:
+                runfetchcmd("tar -xzf %s" % ud.fullshallow, d, workdir=tmpdir)
+                self.process_submodules(ud, tmpdir, subfunc, d)
+            finally:
+                shutil.rmtree(tmpdir)
+        else:
+            self.process_submodules(ud, ud.clonedir, subfunc, d)
+
     def need_update(self, ud, d):
         if Git.need_update(self, ud, d):
             return True
@@ -164,15 +177,7 @@ class GitSM(Git):
                 logger.error('gitsm: submodule update check failed: %s %s' % (type(e).__name__, str(e)))
                 need_update_result = True
 
-        # If we're using a shallow mirror tarball it needs to be unpacked
-        # temporarily so that we can examine the .gitmodules file
-        if ud.shallow and os.path.exists(ud.fullshallow) and not os.path.exists(ud.clonedir):
-            tmpdir = tempfile.mkdtemp(dir=d.getVar("DL_DIR"))
-            runfetchcmd("tar -xzf %s" % ud.fullshallow, d, workdir=tmpdir)
-            self.process_submodules(ud, tmpdir, need_update_submodule, d)
-            shutil.rmtree(tmpdir)
-        else:
-            self.process_submodules(ud, ud.clonedir, need_update_submodule, d)
+        self.call_process_submodules(ud, d, not os.path.exists(ud.clonedir), need_update_submodule)
 
         if need_update_list:
             logger.debug('gitsm: Submodules requiring update: %s' % (' '.join(need_update_list)))
@@ -195,16 +200,7 @@ class GitSM(Git):
                 raise
 
         Git.download(self, ud, d)
-
-        # If we're using a shallow mirror tarball it needs to be unpacked
-        # temporarily so that we can examine the .gitmodules file
-        if ud.shallow and os.path.exists(ud.fullshallow) and self.need_update(ud, d):
-            tmpdir = tempfile.mkdtemp(dir=d.getVar("DL_DIR"))
-            runfetchcmd("tar -xzf %s" % ud.fullshallow, d, workdir=tmpdir)
-            self.process_submodules(ud, tmpdir, download_submodule, d)
-            shutil.rmtree(tmpdir)
-        else:
-            self.process_submodules(ud, ud.clonedir, download_submodule, d)
+        self.call_process_submodules(ud, d, self.need_update(ud, d), download_submodule)
 
     def unpack(self, ud, destdir, d):
         def unpack_submodules(ud, url, module, modpath, workdir, d):
@@ -263,14 +259,6 @@ class GitSM(Git):
             newfetch = Fetch([url], d, cache=False)
             urldata.extend(newfetch.expanded_urldata())
 
-        # If we're using a shallow mirror tarball it needs to be unpacked
-        # temporarily so that we can examine the .gitmodules file
-        if ud.shallow and os.path.exists(ud.fullshallow) and ud.method.need_update(ud, d):
-            tmpdir = tempfile.mkdtemp(dir=d.getVar("DL_DIR"))
-            subprocess.check_call("tar -xzf %s" % ud.fullshallow, cwd=tmpdir, shell=True)
-            self.process_submodules(ud, tmpdir, add_submodule, d)
-            shutil.rmtree(tmpdir)
-        else:
-            self.process_submodules(ud, ud.clonedir, add_submodule, d)
+        self.call_process_submodules(ud, d, ud.method.need_update(ud, d), add_submodule)
 
         return urldata
diff --git a/bitbake/lib/bb/fetch2/wget.py b/bitbake/lib/bb/fetch2/wget.py
index 2e92117634..5bb3b2f361 100644
--- a/bitbake/lib/bb/fetch2/wget.py
+++ b/bitbake/lib/bb/fetch2/wget.py
@@ -87,7 +87,7 @@ class Wget(FetchMethod):
         if not ud.localfile:
             ud.localfile = d.expand(urllib.parse.unquote(ud.host + ud.path).replace("/", "."))
 
-        self.basecmd = d.getVar("FETCHCMD_wget") or "/usr/bin/env wget -t 2 -T 30"
+        self.basecmd = d.getVar("FETCHCMD_wget") or "/usr/bin/env wget -t 2 -T 100"
 
         if ud.type == 'ftp' or ud.type == 'ftps':
             self.basecmd += " --passive-ftp"
@@ -371,7 +371,7 @@ class Wget(FetchMethod):
                 except (FileNotFoundError, netrc.NetrcParseError):
                     pass
 
-                with opener.open(r, timeout=30) as response:
+                with opener.open(r, timeout=100) as response:
                     pass
             except (urllib.error.URLError, ConnectionResetError, TimeoutError) as e:
                 if try_again:
diff --git a/bitbake/lib/bb/msg.py b/bitbake/lib/bb/msg.py
index 3e18596faa..4f616ff42e 100644
--- a/bitbake/lib/bb/msg.py
+++ b/bitbake/lib/bb/msg.py
@@ -89,10 +89,6 @@ class BBLogFormatter(logging.Formatter):
             msg = logging.Formatter.format(self, record)
         if hasattr(record, 'bb_exc_formatted'):
             msg += '\n' + ''.join(record.bb_exc_formatted)
-        elif hasattr(record, 'bb_exc_info'):
-            etype, value, tb = record.bb_exc_info
-            formatted = bb.exceptions.format_exception(etype, value, tb, limit=5)
-            msg += '\n' + ''.join(formatted)
         return msg
 
     def colorize(self, record):
diff --git a/bitbake/lib/bb/parse/ast.py b/bitbake/lib/bb/parse/ast.py
index 7581d003fd..327e45c8ac 100644
--- a/bitbake/lib/bb/parse/ast.py
+++ b/bitbake/lib/bb/parse/ast.py
@@ -391,6 +391,14 @@ def finalize(fn, d, variant = None):
         if d.getVar("_FAILPARSINGERRORHANDLED", False) == True:
             raise bb.BBHandledException()
 
+        while True:
+            inherits = d.getVar('__BBDEFINHERITS', False) or []
+            if not inherits:
+                break
+            inherit, filename, lineno = inherits.pop(0)
+            d.setVar('__BBDEFINHERITS', inherits)
+            bb.parse.BBHandler.inherit(inherit, filename, lineno, d, deferred=True)
+
         for var in d.getVar('__BBHANDLERS', False) or []:
             # try to add the handler
             handlerfn = d.getVarFlag(var, "filename", False)
@@ -444,14 +452,6 @@ def multi_finalize(fn, d):
         logger.debug("Appending .bbappend file %s to %s", append, fn)
         bb.parse.BBHandler.handle(append, d, True)
 
-    while True:
-        inherits = d.getVar('__BBDEFINHERITS', False) or []
-        if not inherits:
-            break
-        inherit, filename, lineno = inherits.pop(0)
-        d.setVar('__BBDEFINHERITS', inherits)
-        bb.parse.BBHandler.inherit(inherit, filename, lineno, d, deferred=True)
-
     onlyfinalise = d.getVar("__ONLYFINALISE", False)
 
     safe_d = d
@@ -487,7 +487,9 @@ def multi_finalize(fn, d):
                 d.setVar("BBEXTENDVARIANT", variantmap[name])
             else:
                 d.setVar("PN", "%s-%s" % (pn, name))
-            bb.parse.BBHandler.inherit(extendedmap[name], fn, 0, d)
+            inherits = d.getVar('__BBDEFINHERITS', False) or []
+            inherits.append((extendedmap[name], fn, 0))
+            d.setVar('__BBDEFINHERITS', inherits)
 
         safe_d.setVar("BBCLASSEXTEND", extended)
         _create_variants(datastores, extendedmap.keys(), extendfunc, onlyfinalise)
diff --git a/bitbake/lib/bb/persist_data.py b/bitbake/lib/bb/persist_data.py
index bcca791edf..c4454b153a 100644
--- a/bitbake/lib/bb/persist_data.py
+++ b/bitbake/lib/bb/persist_data.py
@@ -154,6 +154,7 @@ class SQLTable(collections.abc.MutableMapping):
 
     def __exit__(self, *excinfo):
         self.connection.__exit__(*excinfo)
+        self.connection.close()
 
     @_Decorators.retry()
     @_Decorators.transaction
diff --git a/bitbake/lib/bb/runqueue.py b/bitbake/lib/bb/runqueue.py
index 93079a9776..439da2bb44 100644
--- a/bitbake/lib/bb/runqueue.py
+++ b/bitbake/lib/bb/runqueue.py
@@ -14,6 +14,7 @@ import os
 import sys
 import stat
 import errno
+import itertools
 import logging
 import re
 import bb
@@ -2189,12 +2190,20 @@ class RunQueueExecute:
         if not hasattr(self, "sorted_setscene_tids"):
             # Don't want to sort this set every execution
             self.sorted_setscene_tids = sorted(self.rqdata.runq_setscene_tids)
+            # Resume looping where we left off when we returned to feed the mainloop
+            self.setscene_tids_generator = itertools.cycle(self.rqdata.runq_setscene_tids)
 
         task = None
         if not self.sqdone and self.can_start_task():
-            # Find the next setscene to run
-            for nexttask in self.sorted_setscene_tids:
+            loopcount = 0
+            # Find the next setscene to run, exit the loop when we've processed all tids or found something to execute
+            while loopcount < len(self.rqdata.runq_setscene_tids):
+                loopcount += 1
+                nexttask = next(self.setscene_tids_generator)
                 if nexttask in self.sq_buildable and nexttask not in self.sq_running and self.sqdata.stamps[nexttask] not in self.build_stamps.values() and nexttask not in self.sq_harddep_deferred:
+                    if nexttask in self.sq_deferred and self.sq_deferred[nexttask] not in self.runq_complete:
+                        # Skip deferred tasks quickly before the 'expensive' tests below - this is key to performant multiconfig builds
+                        continue
                     if nexttask not in self.sqdata.unskippable and self.sqdata.sq_revdeps[nexttask] and \
                             nexttask not in self.sq_needed_harddeps and \
                             self.sqdata.sq_revdeps[nexttask].issubset(self.scenequeue_covered) and \
@@ -2224,8 +2233,7 @@ class RunQueueExecute:
                         if t in self.runq_running and t not in self.runq_complete:
                             continue
                     if nexttask in self.sq_deferred:
-                        if self.sq_deferred[nexttask] not in self.runq_complete:
-                            continue
+                        # Deferred tasks that were still deferred were skipped above so we now need to process
                         logger.debug("Task %s no longer deferred" % nexttask)
                         del self.sq_deferred[nexttask]
                         valid = self.rq.validate_hashes(set([nexttask]), self.cooker.data, 0, False, summary=False)
@@ -2751,8 +2759,12 @@ class RunQueueExecute:
                 logger.debug2("%s was unavailable and is a hard dependency of %s so skipping" % (task, dep))
                 self.sq_task_failoutright(dep)
                 continue
+
+        # For performance, only compute allcovered once if needed
+        if self.sqdata.sq_deps[task]:
+            allcovered = self.scenequeue_covered | self.scenequeue_notcovered
         for dep in sorted(self.sqdata.sq_deps[task]):
-            if self.sqdata.sq_revdeps[dep].issubset(self.scenequeue_covered | self.scenequeue_notcovered):
+            if self.sqdata.sq_revdeps[dep].issubset(allcovered):
                 if dep not in self.sq_buildable:
                     self.sq_buildable.add(dep)
 
diff --git a/bitbake/lib/bb/tests/fetch.py b/bitbake/lib/bb/tests/fetch.py
index 33cc9bcac6..afabaeba18 100644
--- a/bitbake/lib/bb/tests/fetch.py
+++ b/bitbake/lib/bb/tests/fetch.py
@@ -1419,12 +1419,12 @@ class FetchLatestVersionTest(FetcherTest):
         ("dtc", "git://git.yoctoproject.org/bbfetchtests-dtc.git;branch=master;protocol=https", "65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf", "", "")
             : "1.4.0",
         # combination version pattern
-        ("sysprof", "git://gitlab.gnome.org/GNOME/sysprof.git;protocol=https;branch=master", "cd44ee6644c3641507fb53b8a2a69137f2971219", "", "")
+        ("sysprof", "git://git.yoctoproject.org/sysprof.git;protocol=https;branch=master", "cd44ee6644c3641507fb53b8a2a69137f2971219", "", "")
             : "1.2.0",
         ("u-boot-mkimage", "git://source.denx.de/u-boot/u-boot.git;branch=master;protocol=https", "62c175fbb8a0f9a926c88294ea9f7e88eb898f6c", "", "")
             : "2014.01",
         # version pattern "yyyymmdd"
-        ("mobile-broadband-provider-info", "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=master", "4ed19e11c2975105b71b956440acdb25d46a347d", "", "")
+        ("mobile-broadband-provider-info", "git://git.yoctoproject.org/mobile-broadband-provider-info.git;protocol=https;branch=master", "4ed19e11c2975105b71b956440acdb25d46a347d", "", "")
             : "20120614",
         # packages with a valid UPSTREAM_CHECK_GITTAGREGEX
                 # mirror of git://anongit.freedesktop.org/xorg/driver/xf86-video-omap since network issues interfered with testing
@@ -1715,6 +1715,8 @@ class GitShallowTest(FetcherTest):
         if cwd is None:
             cwd = self.gitdir
         actual_refs = self.git(['for-each-ref', '--format=%(refname)'], cwd=cwd).splitlines()
+        # Resolve references into the same format as the comparision (needed by git 2.48 onwards)
+        actual_refs = self.git(['rev-parse', '--symbolic-full-name'] + actual_refs, cwd=cwd).splitlines()
         full_expected = self.git(['rev-parse', '--symbolic-full-name'] + expected_refs, cwd=cwd).splitlines()
         self.assertEqual(sorted(set(full_expected)), sorted(set(actual_refs)))
 
diff --git a/bitbake/lib/bb/tinfoil.py b/bitbake/lib/bb/tinfoil.py
index dcd3910cc4..4dc4590c31 100644
--- a/bitbake/lib/bb/tinfoil.py
+++ b/bitbake/lib/bb/tinfoil.py
@@ -188,11 +188,19 @@ class TinfoilCookerAdapter:
             self._cache[name] = attrvalue
             return attrvalue
 
+    class TinfoilSkiplistByMcAdapter:
+        def __init__(self, tinfoil):
+            self.tinfoil = tinfoil
+
+        def __getitem__(self, mc):
+            return self.tinfoil.get_skipped_recipes(mc)
+
     def __init__(self, tinfoil):
         self.tinfoil = tinfoil
         self.multiconfigs = [''] + (tinfoil.config_data.getVar('BBMULTICONFIG') or '').split()
         self.collections = {}
         self.recipecaches = {}
+        self.skiplist_by_mc = self.TinfoilSkiplistByMcAdapter(tinfoil)
         for mc in self.multiconfigs:
             self.collections[mc] = self.TinfoilCookerCollectionAdapter(tinfoil, mc)
             self.recipecaches[mc] = self.TinfoilRecipeCacheAdapter(tinfoil, mc)
@@ -201,8 +209,6 @@ class TinfoilCookerAdapter:
         # Grab these only when they are requested since they aren't always used
         if name in self._cache:
             return self._cache[name]
-        elif name == 'skiplist':
-            attrvalue = self.tinfoil.get_skipped_recipes()
         elif name == 'bbfile_config_priorities':
             ret = self.tinfoil.run_command('getLayerPriorities')
             bbfile_config_priorities = []
@@ -514,12 +520,12 @@ class Tinfoil:
         """
         return defaultdict(list, self.run_command('getOverlayedRecipes', mc))
 
-    def get_skipped_recipes(self):
+    def get_skipped_recipes(self, mc=''):
         """
         Find recipes which were skipped (i.e. SkipRecipe was raised
         during parsing).
         """
-        return OrderedDict(self.run_command('getSkippedRecipes'))
+        return OrderedDict(self.run_command('getSkippedRecipes', mc))
 
     def get_all_providers(self, mc=''):
         return defaultdict(list, self.run_command('allProviders', mc))
@@ -533,6 +539,7 @@ class Tinfoil:
     def get_runtime_providers(self, rdep):
         return self.run_command('getRuntimeProviders', rdep)
 
+    # TODO: teach this method about mc
     def get_recipe_file(self, pn):
         """
         Get the file name for the specified recipe/target. Raises
@@ -541,6 +548,7 @@ class Tinfoil:
         """
         best = self.find_best_provider(pn)
         if not best or (len(best) > 3 and not best[3]):
+            # TODO: pass down mc
             skiplist = self.get_skipped_recipes()
             taskdata = bb.taskdata.TaskData(None, skiplist=skiplist)
             skipreasons = taskdata.get_reasons(pn)
diff --git a/bitbake/lib/bb/ui/knotty.py b/bitbake/lib/bb/ui/knotty.py
index f86999bb09..3784c93ad8 100644
--- a/bitbake/lib/bb/ui/knotty.py
+++ b/bitbake/lib/bb/ui/knotty.py
@@ -577,6 +577,8 @@ def main(server, eventHandler, params, tf = TerminalFilter):
     else:
         log_exec_tty = False
 
+    should_print_hyperlinks = sys.stdout.isatty() and os.environ.get('NO_COLOR', '') == ''
+
     helper = uihelper.BBUIHelper()
 
     # Look for the specially designated handlers which need to be passed to the
@@ -640,7 +642,7 @@ def main(server, eventHandler, params, tf = TerminalFilter):
     return_value = 0
     errors = 0
     warnings = 0
-    taskfailures = []
+    taskfailures = {}
 
     printintervaldelta = 10 * 60 # 10 minutes
     printinterval = printintervaldelta
@@ -726,6 +728,8 @@ def main(server, eventHandler, params, tf = TerminalFilter):
             if isinstance(event, bb.build.TaskFailed):
                 return_value = 1
                 print_event_log(event, includelogs, loglines, termfilter)
+                k = "{}:{}".format(event._fn, event._task)
+                taskfailures[k] = event.logfile
             if isinstance(event, bb.build.TaskBase):
                 logger.info(event._message)
                 continue
@@ -821,7 +825,7 @@ def main(server, eventHandler, params, tf = TerminalFilter):
 
             if isinstance(event, bb.runqueue.runQueueTaskFailed):
                 return_value = 1
-                taskfailures.append(event.taskstring)
+                taskfailures.setdefault(event.taskstring)
                 logger.error(str(event))
                 continue
 
@@ -942,11 +946,21 @@ def main(server, eventHandler, params, tf = TerminalFilter):
     try:
         termfilter.clearFooter()
         summary = ""
+        def format_hyperlink(url, link_text):
+            if should_print_hyperlinks:
+                start = f'\033]8;;{url}\033\\'
+                end = '\033]8;;\033\\'
+                return f'{start}{link_text}{end}'
+            return link_text
+
         if taskfailures:
             summary += pluralise("\nSummary: %s task failed:",
                                  "\nSummary: %s tasks failed:", len(taskfailures))
-            for failure in taskfailures:
+            for (failure, log_file) in taskfailures.items():
                 summary += "\n  %s" % failure
+                if log_file:
+                    hyperlink = format_hyperlink(f"file://{log_file}", log_file)
+                    summary += "\n    log: {}".format(hyperlink)
         if warnings:
             summary += pluralise("\nSummary: There was %s WARNING message.",
                                  "\nSummary: There were %s WARNING messages.", warnings)
diff --git a/bitbake/lib/bb/ui/teamcity.py b/bitbake/lib/bb/ui/teamcity.py
index fca46c2874..7eeaab8d63 100644
--- a/bitbake/lib/bb/ui/teamcity.py
+++ b/bitbake/lib/bb/ui/teamcity.py
@@ -30,7 +30,6 @@ import bb.build
 import bb.command
 import bb.cooker
 import bb.event
-import bb.exceptions
 import bb.runqueue
 from bb.ui import uihelper
 
@@ -102,10 +101,6 @@ class TeamcityLogFormatter(logging.Formatter):
         details = ""
         if hasattr(record, 'bb_exc_formatted'):
             details = ''.join(record.bb_exc_formatted)
-        elif hasattr(record, 'bb_exc_info'):
-            etype, value, tb = record.bb_exc_info
-            formatted = bb.exceptions.format_exception(etype, value, tb, limit=5)
-            details = ''.join(formatted)
 
         if record.levelno in [bb.msg.BBLogFormatter.ERROR, bb.msg.BBLogFormatter.CRITICAL]:
             # ERROR gets a separate errorDetails field
diff --git a/bitbake/lib/bb/utils.py b/bitbake/lib/bb/utils.py
index ebee65d3dd..67e22f4389 100644
--- a/bitbake/lib/bb/utils.py
+++ b/bitbake/lib/bb/utils.py
@@ -1857,12 +1857,30 @@ def path_is_descendant(descendant, ancestor):
 # If we don't have a timeout of some kind and a process/thread exits badly (for example
 # OOM killed) and held a lock, we'd just hang in the lock futex forever. It is better
 # we exit at some point than hang. 5 minutes with no progress means we're probably deadlocked.
+# This function can still deadlock python since it can't signal the other threads to exit
+# (signals are handled in the main thread) and even os._exit() will wait on non-daemon threads
+# to exit.
 @contextmanager
 def lock_timeout(lock):
-    held = lock.acquire(timeout=5*60)
     try:
+        s = signal.pthread_sigmask(signal.SIG_BLOCK, signal.valid_signals())
+        held = lock.acquire(timeout=5*60)
         if not held:
+            bb.server.process.serverlog("Couldn't get the lock for 5 mins, timed out, exiting.\n%s" % traceback.format_stack())
             os._exit(1)
         yield held
     finally:
         lock.release()
+        signal.pthread_sigmask(signal.SIG_SETMASK, s)
+
+# A version of lock_timeout without the check that the lock was locked and a shorter timeout
+@contextmanager
+def lock_timeout_nocheck(lock):
+    try:
+        s = signal.pthread_sigmask(signal.SIG_BLOCK, signal.valid_signals())
+        l = lock.acquire(timeout=10)
+        yield l
+    finally:
+        if l:
+            lock.release()
+        signal.pthread_sigmask(signal.SIG_SETMASK, s)
diff --git a/bitbake/lib/bblayers/query.py b/bitbake/lib/bblayers/query.py
index bfc18a7593..9b2e081cfd 100644
--- a/bitbake/lib/bblayers/query.py
+++ b/bitbake/lib/bblayers/query.py
@@ -142,10 +142,11 @@ skipped recipes will also be listed, with a " (skipped)" suffix.
         # Ensure we list skipped recipes
         # We are largely guessing about PN, PV and the preferred version here,
         # but we have no choice since skipped recipes are not fully parsed
-        skiplist = list(self.tinfoil.cooker.skiplist.keys())
-        mcspec = 'mc:%s:' % mc
+        skiplist = list(self.tinfoil.cooker.skiplist_by_mc[mc].keys())
+
         if mc:
-            skiplist = [s[len(mcspec):] for s in skiplist if s.startswith(mcspec)]
+            mcspec = f'mc:{mc}:'
+            skiplist = [s[len(mcspec):] if s.startswith(mcspec) else s for s in skiplist]
 
         for fn in skiplist:
             recipe_parts = os.path.splitext(os.path.basename(fn))[0].split('_')
@@ -162,7 +163,7 @@ skipped recipes will also be listed, with a " (skipped)" suffix.
         def print_item(f, pn, ver, layer, ispref):
             if not selected_layer or layer == selected_layer:
                 if not bare and f in skiplist:
-                    skipped = ' (skipped: %s)' % self.tinfoil.cooker.skiplist[f].skipreason
+                    skipped = ' (skipped: %s)' % self.tinfoil.cooker.skiplist_by_mc[mc][f].skipreason
                 else:
                     skipped = ''
                 if show_filenames:
@@ -301,7 +302,7 @@ Lists recipes with the bbappends that apply to them as subitems.
             if self.show_appends_for_pn(pn, cooker_data, args.mc):
                 appends = True
 
-        if not args.pnspec and self.show_appends_for_skipped():
+        if not args.pnspec and self.show_appends_for_skipped(args.mc):
             appends = True
 
         if not appends:
@@ -317,9 +318,9 @@ Lists recipes with the bbappends that apply to them as subitems.
 
         return self.show_appends_output(filenames, best_filename)
 
-    def show_appends_for_skipped(self):
+    def show_appends_for_skipped(self, mc):
         filenames = [os.path.basename(f)
-                    for f in self.tinfoil.cooker.skiplist.keys()]
+                    for f in self.tinfoil.cooker.skiplist_by_mc[mc].keys()]
         return self.show_appends_output(filenames, None, " (skipped)")
 
     def show_appends_output(self, filenames, best_filename, name_suffix = ''):
diff --git a/bitbake/lib/toaster/tests/builds/buildtest.py b/bitbake/lib/toaster/tests/builds/buildtest.py
index cacfccd4d3..e54d561334 100644
--- a/bitbake/lib/toaster/tests/builds/buildtest.py
+++ b/bitbake/lib/toaster/tests/builds/buildtest.py
@@ -128,7 +128,7 @@ class BuildTest(unittest.TestCase):
         if os.environ.get("TOASTER_TEST_USE_SSTATE_MIRROR"):
             ProjectVariable.objects.get_or_create(
                 name="SSTATE_MIRRORS",
-                value="file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH",
+                value="file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH",
                 project=project)
 
         ProjectTarget.objects.create(project=project,
diff --git a/documentation/Makefile b/documentation/Makefile
index 189bd1dfac..65e29713d4 100644
--- a/documentation/Makefile
+++ b/documentation/Makefile
@@ -3,17 +3,18 @@
 
 # You can set these variables from the command line, and also
 # from the environment for the first two.
-SPHINXOPTS    ?= -W --keep-going -j auto
-SPHINXBUILD   ?= sphinx-build
+SPHINXOPTS     ?= -W --keep-going -j auto
+SPHINXBUILD    ?= sphinx-build
 # Release notes are excluded because they contain contributor names and commit messages which can't be modified
-VALEOPTS      ?= --no-wrap --glob '!migration-guides/release-notes-*.rst'
-VALEDOCS      ?= .
-SOURCEDIR     = .
-IMAGEDIRS     = */svg
-BUILDDIR      = _build
-DESTDIR       = final
-SVG2PNG       = inkscape
-SVG2PDF       = inkscape
+VALEOPTS       ?= --no-wrap --glob '!migration-guides/release-notes-*.rst'
+SOURCEDIR      = .
+VALEDOCS       ?= $(SOURCEDIR)
+SPHINXLINTDOCS ?= $(SOURCEDIR)
+IMAGEDIRS      = */svg
+BUILDDIR       = _build
+DESTDIR        = final
+SVG2PNG        = rsvg-convert
+SVG2PDF        = rsvg-convert
 
 ifeq ($(shell if which $(SPHINXBUILD) >/dev/null 2>&1; then echo 1; else echo 0; fi),0)
 $(error "The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed")
@@ -25,10 +26,12 @@ help:
 
 .PHONY: all help Makefile clean stylecheck publish epub latexpdf
 
-publish: Makefile html singlehtml
+publish: Makefile epub latexpdf html singlehtml
         rm -rf $(BUILDDIR)/$(DESTDIR)/
         mkdir -p $(BUILDDIR)/$(DESTDIR)/
         cp -r $(BUILDDIR)/html/* $(BUILDDIR)/$(DESTDIR)/
+        mkdir -p $(BUILDDIR)/$(DESTDIR)/_static
+        cp $(BUILDDIR)/epub/TheYoctoProject.epub $(BUILDDIR)/latex/theyoctoproject.pdf $(BUILDDIR)/$(DESTDIR)/_static/
         cp $(BUILDDIR)/singlehtml/index.html $(BUILDDIR)/$(DESTDIR)/singleindex.html
         sed -i -e 's@index.html#@singleindex.html#@g' $(BUILDDIR)/$(DESTDIR)/singleindex.html
 
@@ -40,11 +43,11 @@ PNGs := $(foreach dir, $(IMAGEDIRS), $(patsubst %.svg,%.png,$(wildcard $(SOURCED
 
 # Pattern rule for converting SVG to PDF
 %.pdf : %.svg
-        $(SVG2PDF) --export-filename=$@ $<
+        $(SVG2PDF) --format=Pdf --output=$@ $<
 
 # Pattern rule for converting SVG to PNG
 %.png : %.svg
-        $(SVG2PNG) --export-filename=$@ $<
+        $(SVG2PNG) --format=Png --output=$@ $<
 
 clean:
         @rm -rf $(BUILDDIR) $(PNGs) $(PDFs) poky.yaml sphinx-static/switchers.js releases.rst
@@ -54,15 +57,18 @@ stylecheck:
         vale $(VALEOPTS) $(VALEDOCS)
 
 sphinx-lint:
-        sphinx-lint $(SOURCEDIR)
+        sphinx-lint $(SPHINXLINTDOCS)
 
 epub: $(PNGs)
         $(SOURCEDIR)/set_versions.py
         @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
 
+# Note: we need to pass buf_size here (which is also configurable from
+# texmf.cnf), to avoid following error:
+#   Unable to read an entire line---bufsize=200000. Please increase buf_size in texmf.cnf.
 latexpdf: $(PDFs)
         $(SOURCEDIR)/set_versions.py
-        @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+        buf_size=10000000 $(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
 
 all: html epub latexpdf
 
diff --git a/documentation/README b/documentation/README
index b60472fcbf..c394ab9288 100644
--- a/documentation/README
+++ b/documentation/README
@@ -165,7 +165,15 @@ To run Vale:
 
  $ make stylecheck
 
-Link checking the Yocto Project documentation
+Style checking the whole documentation might take some time and generate a
+lot of warnings/errors, thus one can run Vale on a subset of files or
+directories:
+
+  $ make stylecheck VALEDOCS=<file>
+  $ make stylecheck VALEDOCS="<file1> <file2>"
+  $ make stylecheck VALEDOCS=<dir>
+
+Lint checking the Yocto Project documentation
 =============================================
 
 To fix errors which are not reported by Sphinx itself,
@@ -179,6 +187,14 @@ To run sphinx-lint:
 
  $ make sphinx-lint
 
+Lint checking the whole documentation might take some time and generate a
+lot of warnings/errors, thus one can run sphinx-lint on a subset of files
+or directories:
+
+  $ make sphinx-lint SPHINXLINTDOCS=<file>
+  $ make sphinx-lint SPHINXLINTDOCS="<file1> <file2>"
+  $ make sphinx-lint SPHINXLINTDOCS=<dir>
+
 Sphinx theme and CSS customization
 ==================================
 
@@ -413,5 +429,22 @@ both the Yocto Project and BitBake manuals:
 Submitting documentation changes
 ================================
 
-Please see the top level README file in this repository for details of where
-to send patches.
+Please refer to our contributor guide here: https://docs.yoctoproject.org/contributor-guide/
+for full details on how to submit changes.
+
+As a quick guide, patches should be sent to docs@lists.yoctoproject.org
+The git command to do that would be:
+
+     git send-email -M -1 --to docs@lists.yoctoproject.org
+
+The 'To' header can be set as default for this repository:
+
+     git config sendemail.to docs@lists.yoctoproject.org
+
+Now you can just do 'git send-email origin/master..' to send all local patches.
+
+Read the other sections in this document and documentation/standards.md for
+rules to follow when contributing to the documentation.
+
+Git repository: https://git.yoctoproject.org/yocto-docs
+Mailing list: docs@lists.yoctoproject.org
diff --git a/documentation/brief-yoctoprojectqs/index.rst b/documentation/brief-yoctoprojectqs/index.rst
index c5400e4ac8..b37142ef14 100644
--- a/documentation/brief-yoctoprojectqs/index.rst
+++ b/documentation/brief-yoctoprojectqs/index.rst
@@ -44,7 +44,7 @@ following requirements:
    much more will help to run multiple builds and increase
    performance by reusing build artifacts.
 
--  At least &MIN_RAM; Gbytes of RAM, though a modern modern build host with as
+-  At least &MIN_RAM; Gbytes of RAM, though a modern build host with as
    much RAM and as many CPU cores as possible is strongly recommended to
    maximize build performance.
 
@@ -57,7 +57,7 @@ following requirements:
    :ref:`dev-manual/start:preparing the build host`
    section in the Yocto Project Development Tasks Manual.
 
--
+-  Ensure that the following utilities have these minimum version numbers:
 
    -  Git &MIN_GIT_VERSION; or greater
    -  tar &MIN_TAR_VERSION; or greater
@@ -65,7 +65,7 @@ following requirements:
    -  gcc &MIN_GCC_VERSION; or greater.
    -  GNU make &MIN_MAKE_VERSION; or greater
 
-If your build host does not meet any of these three listed version
+If your build host does not satisfy all of the above version
 requirements, you can take steps to prepare the system so that you
 can still use the Yocto Project. See the
 :ref:`ref-manual/system-requirements:required git, tar, python, make and gcc versions`
@@ -78,7 +78,7 @@ You must install essential host packages on your build host. The
 following command installs the host packages based on an Ubuntu
 distribution::
 
-   $ sudo apt install &UBUNTU_HOST_PACKAGES_ESSENTIAL;
+   $ sudo apt install &UBUNTU_DEBIAN_HOST_PACKAGES_ESSENTIAL;
 
 .. note::
 
@@ -182,7 +182,7 @@ an entire Linux distribution, including the toolchain, from source.
       page of the Yocto Project Wiki.
 
 #. **Initialize the Build Environment:** From within the ``poky``
-   directory, run the :ref:`ref-manual/structure:\`\`oe-init-build-env\`\``
+   directory, run the :ref:`ref-manual/structure:``oe-init-build-env```
    environment
    setup script to define Yocto Project's build environment on your
    build host.
@@ -252,7 +252,7 @@ an entire Linux distribution, including the toolchain, from source.
       file in the :term:`Build Directory`::
 
          BB_HASHSERVE_UPSTREAM = "wss://hashserv.yoctoproject.org/ws"
-         SSTATE_MIRRORS ?= "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"
+         SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
          BB_HASHSERVE = "auto"
          BB_SIGNATURE_HANDLER = "OEEquivHash"
 
diff --git a/documentation/bsp-guide/bsp.rst b/documentation/bsp-guide/bsp.rst
index 11ca5d8b76..73e31670d6 100644
--- a/documentation/bsp-guide/bsp.rst
+++ b/documentation/bsp-guide/bsp.rst
@@ -81,7 +81,7 @@ directory of that Layer. This directory is what you add to the
 ``conf/bblayers.conf`` file found in your
 :term:`Build Directory`, which is
 established after you run the OpenEmbedded build environment setup
-script (i.e. :ref:`ref-manual/structure:\`\`oe-init-build-env\`\``).
+script (i.e. :ref:`ref-manual/structure:``oe-init-build-env```).
 Adding the root directory allows the :term:`OpenEmbedded Build System`
 to recognize the BSP
 layer and from it build an image. Here is an example::
@@ -166,7 +166,7 @@ section.
    BSPs, which are maintained in their own layers or in layers designed
    to contain several BSPs. To get an idea of machine support through
    BSP layers, you can look at the
-   :yocto_dl:`index of machines </releases/yocto/yocto-&DISTRO;/machines>`
+   :yocto_dl:`index of machines </releases/yocto/&DISTRO_REL_LATEST_TAG;/machines>`
    for the release.
 
 #. *Optionally Clone the meta-intel BSP Layer:* If your hardware is
@@ -229,7 +229,7 @@ section.
 
 #. *Initialize the Build Environment:* While in the root directory of
    the Source Directory (i.e. ``poky``), run the
-   :ref:`ref-manual/structure:\`\`oe-init-build-env\`\`` environment
+   :ref:`ref-manual/structure:``oe-init-build-env``` environment
    setup script to define the OpenEmbedded build environment on your
    build host. ::
 
@@ -674,21 +674,21 @@ to the kernel recipe by using a similarly named append file, which is
 located in the BSP Layer for your target device (e.g. the
 ``meta-bsp_root_name/recipes-kernel/linux`` directory).
 
-Suppose you are using the ``linux-yocto_4.4.bb`` recipe to build the
+Suppose you are using the ``linux-yocto_6.12.bb`` recipe to build the
 kernel. In other words, you have selected the kernel in your
 ``"bsp_root_name".conf`` file by adding
 :term:`PREFERRED_PROVIDER` and :term:`PREFERRED_VERSION`
 statements as follows::
 
    PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
-   PREFERRED_VERSION_linux-yocto ?= "4.4%"
+   PREFERRED_VERSION_linux-yocto ?= "6.12%"
 
 .. note::
 
    When the preferred provider is assumed by default, the :term:`PREFERRED_PROVIDER`
    statement does not appear in the ``"bsp_root_name".conf`` file.
 
-You would use the ``linux-yocto_4.4.bbappend`` file to append specific
+You would use the ``linux-yocto_6.12.bbappend`` file to append specific
 BSP settings to the kernel, thus configuring the kernel for your
 particular BSP.
 
@@ -698,14 +698,19 @@ in the Yocto Project Linux Kernel Development Manual.
 
 An alternate scenario is when you create your own kernel recipe for the
 BSP. A good example of this is the Raspberry Pi BSP. If you examine the
-``recipes-kernel/linux`` directory you see the following::
+``recipes-kernel/linux`` directory in that layer you see the following
+Raspberry Pi-specific recipes and associated files::
 
+   files/
+   linux-raspberrypi_6.12.bb
+   linux-raspberrypi_6.1.bb
+   linux-raspberrypi_6.6.bb
    linux-raspberrypi-dev.bb
    linux-raspberrypi.inc
-   linux-raspberrypi_4.14.bb
-   linux-raspberrypi_4.9.bb
-
-The directory contains three kernel recipes and a common include file.
+   linux-raspberrypi-v7_6.12.bb
+   linux-raspberrypi-v7_6.1.bb
+   linux-raspberrypi-v7_6.6.bb
+   linux-raspberrypi-v7.inc
 
 Developing a Board Support Package (BSP)
 ========================================
@@ -1177,7 +1182,7 @@ Use these steps to create a BSP layer:
 
 -  *Create a Kernel Recipe:* Create a kernel recipe in
    ``recipes-kernel/linux`` by either using a kernel append file or a
-   new custom kernel recipe file (e.g. ``linux-yocto_4.12.bb``). The BSP
+   new custom kernel recipe file (e.g. ``linux-yocto_6.12.bb``). The BSP
    layers mentioned in the previous step also contain different kernel
    examples. See the ":ref:`kernel-dev/common:modifying an existing recipe`"
    section in the Yocto Project Linux Kernel Development Manual for
@@ -1242,7 +1247,7 @@ located in :yocto_git:`poky/meta-yocto-bsp/conf/machine/beaglebone-yocto.conf
 
    PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg"
 
-   MACHINE_EXTRA_RRECOMMENDS = "kernel-modules kernel-devicetree"
+   MACHINE_EXTRA_RRECOMMENDS = "kernel-modules"
 
    EXTRA_IMAGEDEPENDS += "virtual/bootloader"
 
@@ -1258,23 +1263,21 @@ located in :yocto_git:`poky/meta-yocto-bsp/conf/machine/beaglebone-yocto.conf
    SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyO0 115200;ttyAMA0"
 
    PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
-   PREFERRED_VERSION_linux-yocto ?= "6.1%"
+   PREFERRED_VERSION_linux-yocto ?= "6.12%"
 
    KERNEL_IMAGETYPE = "zImage"
-   KERNEL_DEVICETREE = "am335x-bone.dtb am335x-boneblack.dtb am335x-bonegreen.dtb"
-   KERNEL_EXTRA_ARGS += "LOADADDR=${UBOOT_ENTRYPOINT}"
+   DTB_FILES = "am335x-bone.dtb am335x-boneblack.dtb am335x-bonegreen.dtb"
+   KERNEL_DEVICETREE = '${@' '.join('ti/omap/%s' % d for d in '${DTB_FILES}'.split())}'
 
    PREFERRED_PROVIDER_virtual/bootloader ?= "u-boot"
 
    SPL_BINARY = "MLO"
    UBOOT_SUFFIX = "img"
    UBOOT_MACHINE = "am335x_evm_defconfig"
-   UBOOT_ENTRYPOINT = "0x80008000"
-   UBOOT_LOADADDRESS = "0x80008000"
 
    MACHINE_FEATURES = "usbgadget usbhost vfat alsa"
 
-   IMAGE_BOOT_FILES ?= "u-boot.${UBOOT_SUFFIX} ${SPL_BINARY} ${KERNEL_IMAGETYPE} ${KERNEL_DEVICETREE}"
+   IMAGE_BOOT_FILES ?= "u-boot.${UBOOT_SUFFIX} ${SPL_BINARY} ${KERNEL_IMAGETYPE} ${DTB_FILES}"
 
    # support runqemu
    EXTRA_IMAGEDEPENDS += "qemu-native qemu-helper-native"
@@ -1328,12 +1331,12 @@ Project Reference Manual.
    needed in the root filesystem. In this case, the U-Boot recipe must
    be built for the image.
 
-   At the end of the file, we also use this setings to implement
+   At the end of the file, we also use this setting to implement
    ``runqemu`` support on the host machine.
 
 -  :term:`DEFAULTTUNE`: Machines
    use tunings to optimize machine, CPU, and application performance.
-   These features, which are collectively known as "tuning features",
+   These features --- collectively known as "tuning features" ---
    are set in the :term:`OpenEmbedded-Core (OE-Core)` layer. In this
    example, the default tuning file is :oe_git:`tune-cortexa8
    </openembedded-core/tree/meta/conf/machine/include/arm/armv7a/tune-cortexa8.inc>`.
@@ -1363,8 +1366,7 @@ Project Reference Manual.
    to create the sysroot when building a Wic image.
 
 -  :term:`SERIAL_CONSOLES`:
-   Defines a serial console (TTY) to enable using getty. In this case,
-   the baud rate is "115200" and the device name is "ttyO0".
+   Defines one or more serial consoles (TTYs) to enable using getty.
 
 -  :term:`PREFERRED_PROVIDER_virtual/kernel <PREFERRED_PROVIDER>`:
    Specifies the recipe that provides "virtual/kernel" when more than
@@ -1374,7 +1376,7 @@ Project Reference Manual.
 
 -  :term:`PREFERRED_VERSION_linux-yocto <PREFERRED_VERSION>`:
    Defines the version of the recipe used to build the kernel, which is
-   "6.1" in this case.
+   "6.12" in this case.
 
 -  :term:`KERNEL_IMAGETYPE`:
    The type of kernel to build for the device. In this case, the
@@ -1416,12 +1418,6 @@ Project Reference Manual.
       Specifies the value passed on the make command line when building
       a U-Boot image.
 
-   -  :term:`UBOOT_ENTRYPOINT`:
-      Specifies the entry point for the U-Boot image.
-
-   -  :term:`UBOOT_LOADADDRESS`:
-      Specifies the load address for the U-Boot image.
-
 -  :term:`MACHINE_FEATURES`:
    Specifies the list of hardware features the BeagleBone device is
    capable of supporting. In this case, the device supports "usbgadget
diff --git a/documentation/conf.py b/documentation/conf.py
index 35c5c14535..1eca8756ab 100644
--- a/documentation/conf.py
+++ b/documentation/conf.py
@@ -13,6 +13,7 @@
 # documentation root, use os.path.abspath to make it absolute, like shown here.
 #
 import os
+import re
 import sys
 import datetime
 try:
@@ -90,8 +91,9 @@ rst_prolog = """
 
 # external links and substitutions
 extlinks = {
-    'cve': ('https://nvd.nist.gov/vuln/detail/CVE-%s', 'CVE-%s'),
+    'bitbake_git': ('https://git.openembedded.org/bitbake%s', None),
     'cve_mitre': ('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-%s', 'CVE-%s'),
+    'cve_nist': ('https://nvd.nist.gov/vuln/detail/CVE-%s', 'CVE-%s'),
     'yocto_home': ('https://www.yoctoproject.org%s', None),
     'yocto_wiki': ('https://wiki.yoctoproject.org/wiki%s', None),
     'yocto_dl': ('https://downloads.yoctoproject.org%s', None),
@@ -110,6 +112,9 @@ extlinks = {
     'wikipedia': ('https://en.wikipedia.org/wiki/%s', None),
 }
 
+# To be able to use :manpage:`<something>` in the docs.
+manpages_url = 'https://manpages.debian.org/{path}'
+
 # Intersphinx config to use cross reference with BitBake user manual
 intersphinx_mapping = {
     'bitbake': ('https://docs.yoctoproject.org/bitbake/' + bitbake_version, None)
@@ -135,6 +140,7 @@ except ImportError:
     sys.exit(1)
 
 html_logo = 'sphinx-static/YoctoProject_Logo_RGB.jpg'
+html_favicon = 'sphinx-static/favicon.ico'
 
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
@@ -158,11 +164,34 @@ html_last_updated_fmt = '%b %d, %Y'
 # Remove the trailing 'dot' in section numbers
 html_secnumber_suffix = " "
 
+# We need XeTeX to process special unicode character, sometimes the contributor
+# list from the release note contains those.
+# See https://docs.readthedocs.io/en/stable/guides/pdf-non-ascii-languages.html.
+latex_engine = 'xelatex'
+latex_use_xindy = False
 latex_elements = {
     'passoptionstopackages': '\\PassOptionsToPackage{bookmarksdepth=5}{hyperref}',
-    'preamble': '\\setcounter{tocdepth}{2}',
+    'preamble': '\\usepackage[UTF8]{ctex}\n\\setcounter{tocdepth}{2}',
 }
 
+
+from sphinx.search import SearchEnglish
+from sphinx.search import languages
+class DashFriendlySearchEnglish(SearchEnglish):
+
+    # Accept words that can include hyphens
+    _word_re = re.compile(r'[\w\-]+')
+
+    js_splitter_code = r"""
+function splitQuery(query) {
+    return query
+        .split(/[^\p{Letter}\p{Number}_\p{Emoji_Presentation}-]+/gu)
+        .filter(term => term.length > 0);
+}
+"""
+
+languages['en'] = DashFriendlySearchEnglish
+
 # Make the EPUB builder prefer PNG to SVG because of issues rendering Inkscape SVG
 from sphinx.builders.epub3 import Epub3Builder
 Epub3Builder.supported_image_types = ['image/png', 'image/gif', 'image/jpeg']
diff --git a/documentation/contributor-guide/recipe-style-guide.rst b/documentation/contributor-guide/recipe-style-guide.rst
index 08d8fb4259..617e202431 100644
--- a/documentation/contributor-guide/recipe-style-guide.rst
+++ b/documentation/contributor-guide/recipe-style-guide.rst
@@ -47,10 +47,10 @@ Debian policy closely.
 
 When a recipe references a git revision that does not correspond to a released
 version of software (e.g. is not a tagged version), the :term:`PV` variable
-should include the Git revision using the following to make the
-version clear::
+should include the sign ``+``, so :term:`bitbake` automatically includes package
+version information during the packaging phase::
 
-    PV = "<version>+git${SRCPV}"
+    PV = "<version>+git"
 
 In this case, ``<version>`` should be the most recently released version of the
 software from the current source revision (``git describe`` can be useful for
@@ -395,7 +395,7 @@ one CVE is fixed, separate them using spaces.
 CVE Examples
 ------------
 
-This should be the header of patch that fixes :cve:`2015-8370` in GRUB2::
+This should be the header of patch that fixes :cve_nist:`2015-8370` in GRUB2::
 
    grub2: Fix CVE-2015-8370
 
diff --git a/documentation/contributor-guide/submit-changes.rst b/documentation/contributor-guide/submit-changes.rst
index 47a416b245..6d5d69d7cf 100644
--- a/documentation/contributor-guide/submit-changes.rst
+++ b/documentation/contributor-guide/submit-changes.rst
@@ -65,6 +65,13 @@ use to identify your commits::
    git config --global user.name "Ada Lovelace"
    git config --global user.email "ada.lovelace@gmail.com"
 
+By default, Git adds a signature line at the end of patches containing the Git
+version. We suggest to remove it as it doesn't add useful information.
+
+Remove it with the following command::
+
+   git config --global format.signature ""
+
 Clone the Git repository for the component to modify
 ----------------------------------------------------
 
@@ -483,7 +490,7 @@ typical usage of ``git send-email``::
    git send-email --to <mailing-list-address> *.patch
 
 Then, review each subject line and list of recipients carefully, and then
-and then allow the command to send each message.
+allow the command to send each message.
 
 You will see that ``git send-email`` will automatically copy the people listed
 in any commit tags such as ``Signed-off-by`` or ``Reported-by``.
@@ -769,6 +776,38 @@ argument to ``git format-patch`` with a version number::
 
    git format-patch -v2 <ref-branch>
 
+
+After generating updated patches (v2, v3, and so on) via ``git
+format-patch``, ideally developers will add a patch version changelog
+to each patch that describes what has changed between each revision of
+the patch. Add patch version changelogs after the ``---`` marker in the
+patch, indicating that this information is part of this patch, but is not
+suitable for inclusion in the commit message (i.e. the git history) itself.
+Providing a patch version changelog makes it easier for maintainers and
+reviewers to succinctly understand what changed in all versions of the
+patch, without having to consult alternate sources of information, such as
+searching through messages on a mailing list. For example::
+
+   <patch title>
+
+   <commit message>
+
+   <Signed-off-by/other trailers>
+   ---
+   changes in v4:
+   - provide a clearer commit message
+   - fix spelling mistakes
+
+   changes in v3:
+   - replace func() to use other_func() instead
+
+   changes in v2:
+   - this patch was added in v2
+   ---
+   <diffstat output>
+
+   <unified diff>
+
 Lastly please ensure that you also test your revised changes. In particular
 please don't just edit the patch file written out by ``git format-patch`` and
 resend it.
@@ -825,3 +864,52 @@ Other layers may have similar testing branches but there is no formal
 requirement or standard for these so please check the documentation for the
 layers you are contributing to.
 
+Acceptance of AI Generated Code
+===============================
+
+The Yocto Project and OpenEmbedded follow the guidance of the Linux Foundation
+in regards to the use of generative AI tools. See:
+https://www.linuxfoundation.org/legal/generative-ai.
+
+All of the existing guidelines in this document are expected to be followed,
+including in the :doc:`recipe-style-guide`, and contributing the changes with
+additional requirements to the items in section
+:ref:`contributor-guide/submit-changes:Implement and commit changes`.
+
+All AI Generated Code must be labeled as such in the commit message,
+prior to your ``Signed-off-by`` line. It is also strongly recommended,
+that any patches or code within the commit also have a comment or other
+indication that this code was AI generated.
+
+For example, here is a properly formatted commit message::
+
+   component: Add the ability to ...
+
+   AI-Generated: Uses GitHub Copilot
+
+   Signed-off-by: Your Name <your.name@domain>
+
+The ``Signed-off-by`` line must be written by you, and not the AI helper.
+As a reminder, when contributing a change, your ``Signed-off-by`` line is
+required and the stipulations in the `Developer's Statement of Origin
+1.1 <https://developercertificate.org/>`__ still apply.
+
+Additionally, you must stipulate AI contributions conform to the Linux
+Foundation policy, specifically:
+
+#. Contributors should ensure that the terms and conditions of the generative AI
+   tool do not place any contractual restrictions on how the tool's output can
+   be used that are inconsistent with the project's open source software
+   license, the project's intellectual property policies, or the Open Source
+   Definition.
+
+#. If any pre-existing copyrighted materials (including pre-existing open
+   source code) authored or owned by third parties are included in the AI tool's
+   output, prior to contributing such output to the project, the Contributor
+   should confirm that they have permission from the third party
+   owners -- such as the form of an open source license or public domain
+   declaration that complies with the project's licensing policies -- to use and
+   modify such pre-existing materials and contribute them to the project.
+   Additionally, the contributor should provide notice and attribution of such
+   third party rights, along with information about the applicable license
+   terms, with their contribution.
diff --git a/documentation/dev-manual/bblock.rst b/documentation/dev-manual/bblock.rst
new file mode 100644
index 0000000000..605bb75655
--- /dev/null
+++ b/documentation/dev-manual/bblock.rst
@@ -0,0 +1,129 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Locking and Unlocking Recipes Using ``bblock``
+**********************************************
+
+By design, the OpenEmbedded build system builds everything from scratch
+unless BitBake determines that specific tasks do not require rebuilding.
+At startup, it computes a signature for all tasks, based on the task's input.
+Then, it compares these signatures with the ones from the sstate cache (if they
+exist). Any changes cause the task to rerun.
+
+During development, changes might trigger BitBake to rebuild certain
+recipes, even when we know they do not require rebuilding at that stage.
+For example, modifying a recipe can lead to rebuilding its native
+counterpart, which might prove unnecessary. Editing the ``python3`` recipe,
+for instance, can prompt BitBake to rebuild ``python3-native`` along with any
+recipes that depend on it.
+
+To prevent this, use ``bblock`` to lock specific tasks or recipes to
+specific signatures, forcing BitBake to use the sstate cache for them.
+
+.. warning::
+
+   Use ``bblock`` only during the development phase.
+
+   Forcing BitBake to use the sstate cache, regardless of input changes, means
+   the recipe metadata no longer directly reflect the output. Use this feature
+   with caution. If you do not understand why signatures change, see the section
+   on :yocto_wiki:`understanding what changed </TipsAndTricks/Understanding_what_changed_(diffsigs_etc)>`.
+
+
+Locking tasks and recipes
+-------------------------
+
+To lock a recipe, use::
+
+   $ bblock recipe
+
+You can also use a space-separated list of recipes to lock multiple recipes::
+
+   $ bblock recipe1 recipe2
+
+Locking a recipe means locking all tasks of the recipe. If you need to
+lock only particular tasks, use the `-t` option with a comma-separated
+list of tasks::
+
+  $ bblock -t task1,task2 recipe
+
+
+Unlocking tasks and recipes
+---------------------------
+
+To unlock a recipe, use the ``-r`` option::
+
+   $ bblock -r recipe
+
+You can also use a space-separated list of recipes to unlock multiple recipes::
+
+   $ bblock -r recipe1 recipe2
+
+Unlocking a recipe means unlocking all tasks of the recipe. If you need to
+unlock only particular tasks use the ``-t`` option with a comma-separated
+list of tasks::
+
+  $ bblock -r -t task1,task2 recipe
+
+To unlock all recipes, do not specify any recipe::
+
+  $ bblock -r
+
+
+Configuration file
+------------------
+
+``bblock`` will dump the signatures in the ``build/conf/bblock.conf`` file,
+included by default in :oe_git:`meta/conf/bitbake.conf </openembedded-core/tree/meta/conf/bitbake.conf>`.
+
+To dump the file, use the ``-d`` option::
+
+  $ bblock -d
+
+
+Locking mechanism
+-----------------
+
+``bblock`` computes the signature(s) of the task(s) and sets the 3 following
+variables: :term:`SIGGEN_LOCKEDSIGS`, :term:`SIGGEN_LOCKEDSIGS_TYPES`
+and :term:`SIGGEN_LOCKEDSIGS_TASKSIG_CHECK`.
+
+In particular, ``bblock`` sets::
+
+  SIGGEN_LOCKEDSIGS_TASKSIG_CHECK = "info"
+  SIGGEN_LOCKEDSIGS_TYPES += "${PACKAGE_ARCHS}"
+
+  SIGGEN_LOCKEDSIGS_<package_arch> += "<recipe>:<task>:<signature>"
+
+This produces architecture specific locks and reminds user that some tasks
+have locked signatures.
+
+Example
+-------
+
+When working on the ``python3`` recipe, we can lock ``python3-native`` with
+the following::
+
+  $ bblock python3-native
+  $ bblock -d
+  # Generated by bblock
+  SIGGEN_LOCKEDSIGS_TASKSIG_CHECK = "info"
+  SIGGEN_LOCKEDSIGS_TYPES += "${PACKAGE_ARCHS}"
+
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_patch:865859c27e603ba42025b7bb766c3cd4c0f477e4962cfd39128c0619d695fce7"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_populate_sysroot:f8fa5d3194cef638416000252b959e86d0a19f6b7898e1f56b643c588cdd8605"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_prepare_recipe_sysroot:fe295ac505d9d1143313424b201c6f3f2a0a90da40a13a905b86b874705f226a"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_fetch:1b6e4728fee631bc7a8a7006855c5b8182a8224579e32e3d0a2db77c26459f25"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_unpack:2ad74d6f865ef75c35c0e6bbe3f9a90923a6b2c62c18a3ddef514ea31fbc588f"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_deploy_source_date_epoch:15f89b8483c1ad7507480f337619bb98c26e231227785eb3543db163593e7b42"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_configure:7960c13d23270fdb12b3a7c426ce1da0d2f5c7cf5e5d3f5bdce5fa330eb7d482"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_compile:012e1d4a63f1a78fc2143bd90d704dbcf5865c5257d6272aa7540ec1cd3063d9"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_install:d3401cc2afa4c996beb154beaad3e45fa0272b9c56fb86e9db14ec3544c68f9d"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_build:fa88bb7afb9046c0417c24a3fa98a058653805a8b00eda2c2d7fea68fc42f882"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_collect_spdx_deps:cc9c53ba7c495567e9a38ec4801830c425c0d1f895aa2fc66930a2edd510d9b4"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_create_spdx:766a1d09368438b7b5a1a8e2a8f823b2b731db44b57e67d8b3196de91966f9c5"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_create_package_spdx:46f80faeab25575e9977ba3bf14c819489c3d489432ae5145255635108c21020"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_recipe_qa:cb960cdb074e7944e894958db58f3dc2a0436ecf87c247feb3e095e214fec0e4"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_populate_lic:15657441621ee83f15c2e650e7edbb036870b56f55e72e046c6142da3c5783fd"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_create_manifest:24f0abbec221d27bbb2909b6e846288b12cab419f1faf9f5006ed80423d37e28"
+  SIGGEN_LOCKEDSIGS_x86_64 += "python3-native:do_addto_recipe_sysroot:bcb6a1905f113128de3f88d702b706befd6a786267c045ee82532759a7c214d7"
+
diff --git a/documentation/dev-manual/bmaptool.rst b/documentation/dev-manual/bmaptool.rst
index f6f0e6afaf..87162a49c9 100644
--- a/documentation/dev-manual/bmaptool.rst
+++ b/documentation/dev-manual/bmaptool.rst
@@ -1,13 +1,13 @@
 .. SPDX-License-Identifier: CC-BY-SA-2.0-UK
 
-Flashing Images Using ``bmaptool``
-**********************************
+Flashing Images Using `bmaptool`
+********************************
 
 A fast and easy way to flash an image to a bootable device is to use
-bmaptool, which is integrated into the OpenEmbedded build system.
-bmaptool is a generic tool that creates a file's block map (bmap) and
+`bmaptool`, which is integrated into the OpenEmbedded build system.
+`bmaptool` is a generic tool that creates a file's block map (bmap) and
 then uses that map to copy the file. As compared to traditional tools
-such as dd or cp, bmaptool can copy (or flash) large files like raw
+such as `dd` or `cp`, `bmaptool` can copy (or flash) large files like raw
 system image files much faster.
 
 .. note::
@@ -20,13 +20,13 @@ system image files much faster.
          $ sudo apt install bmap-tools
 
    -  If you are unable to install the ``bmap-tools`` package, you will
-      need to build bmaptool before using it. Use the following command::
+      need to build `bmaptool` before using it. Use the following command::
 
-         $ bitbake bmaptool-native
+         $ bitbake bmaptool-native -caddto_recipe_sysroot
 
 Following, is an example that shows how to flash a Wic image. Realize
-that while this example uses a Wic image, you can use bmaptool to flash
-any type of image. Use these steps to flash an image using bmaptool:
+that while this example uses a Wic image, you can use `bmaptool` to flash
+any type of image. Use these steps to flash an image using `bmaptool`:
 
 #. *Update your local.conf File:* You need to have the following set
    in your ``local.conf`` file before building your image::
@@ -39,18 +39,17 @@ any type of image. Use these steps to flash an image using bmaptool:
 
       $ bitbake image
 
-#. *Flash the Device:* Flash the device with the image by using bmaptool
+#. *Flash the Device:* Flash the device with the image by using `bmaptool`
    depending on your particular setup. The following commands assume the
    image resides in the :term:`Build Directory`'s ``deploy/images/`` area:
 
-   -  If you have write access to the media, use this command form::
+   -  If you installed the package for `bmaptool`, you can directly run::
 
-         $ oe-run-native bmaptool-native bmaptool copy build-directory/tmp/deploy/images/machine/image.wic /dev/sdX
+         $ sudo bmaptool copy build-directory/tmp/deploy/images/machine/image.wic /dev/sdX
 
-   -  If you do not have write access to the media, set your permissions
-      first and then use the same command form::
+   -  Otherwise, if you built `bmaptool` with BitBake, run::
 
-         $ sudo chmod 666 /dev/sdX
+         $ sudo chmod a+w /dev/sdX       # get write access to the media, needed only once after booting
          $ oe-run-native bmaptool-native bmaptool copy build-directory/tmp/deploy/images/machine/image.wic /dev/sdX
 
 For help on the ``bmaptool`` command, use the following command::
diff --git a/documentation/dev-manual/building.rst b/documentation/dev-manual/building.rst
index fe502690dd..4770a5a184 100644
--- a/documentation/dev-manual/building.rst
+++ b/documentation/dev-manual/building.rst
@@ -280,7 +280,9 @@ Follow these steps to create an :term:`Initramfs` image:
 #. *Create the Initramfs Image Recipe:* You can reference the
    ``core-image-minimal-initramfs.bb`` recipe found in the
    ``meta/recipes-core`` directory of the :term:`Source Directory`
-   as an example from which to work.
+   as an example from which to work. The ``core-image-minimal-initramfs`` recipe
+   is based on the :ref:`initramfs-framework <dev-manual/building:Customizing an
+   Initramfs using \`\`initramfs-framework\`\`>` recipe described below.
 
 #. *Decide if You Need to Bundle the Initramfs Image Into the Kernel
    Image:* If you want the :term:`Initramfs` image that is built to be bundled
@@ -308,6 +310,86 @@ Follow these steps to create an :term:`Initramfs` image:
    and bundled with the kernel image if you used the
    :term:`INITRAMFS_IMAGE_BUNDLE` variable described earlier.
 
+Customizing an Initramfs using ``initramfs-framework``
+------------------------------------------------------
+
+The ``core-image-minimal-initramfs.bb`` recipe found in
+:oe_git:`meta/recipes-core/images
+</openembedded-core/tree/meta/recipes-core/images>` uses the
+:oe_git:`initramfs-framework_1.0.bb
+</openembedded-core/tree/meta/recipes-core/initrdscripts/initramfs-framework_1.0.bb>`
+recipe as its base component. The goal of the ``initramfs-framework`` recipe is
+to provide the building blocks to build a customized :term:`Initramfs`.
+
+The ``initramfs-framework`` recipe relies on shell initialization scripts
+defined in :oe_git:`meta/recipes-core/initrdscripts/initramfs-framework
+</openembedded-core/tree/meta/recipes-core/initrdscripts/initramfs-framework>`. Since some of
+these scripts do not apply for all use cases, the ``initramfs-framework`` recipe
+defines different packages:
+
+-  ``initramfs-framework-base``: this package installs the basic components of
+   an :term:`Initramfs`, such as the ``init`` script or the ``/dev/console``
+   character special file. As this package is a runtime dependency of all
+   modules listed below, it is automatically pulled in when one of the modules
+   is installed in the image.
+-  ``initramfs-module-exec``: support for execution of applications.
+-  ``initramfs-module-mdev``: support for `mdev
+   <https://wiki.gentoo.org/wiki/Mdev>`__.
+-  ``initramfs-module-udev``: support for :wikipedia:`Udev <Udev>`.
+-  ``initramfs-module-e2fs``: support for :wikipedia:`ext4/ext3/ext2
+   <Extended_file_system>` filesystems.
+-  ``initramfs-module-nfsrootfs``: support for locating and mounting the root
+   partition via :wikipedia:`NFS <Network_File_System>`.
+-  ``initramfs-module-rootfs``: support for locating and mounting the root
+   partition.
+-  ``initramfs-module-debug``: dynamic debug support.
+-  ``initramfs-module-lvm``: :wikipedia:`LVM <Logical_volume_management>` rootfs support.
+-  ``initramfs-module-overlayroot``: support for mounting a read-write overlay
+   on top of a read-only root filesystem.
+
+In addition to the packages defined by the ``initramfs-framework`` recipe
+itself, the following packages are defined by the recipes present in
+:oe_git:`meta/recipes-core/initrdscripts </openembedded-core/tree/meta/recipes-core/initrdscripts>`:
+
+-  ``initramfs-module-install``: module to create and install a partition layout
+   on a selected block device.
+-  ``initramfs-module-install-efi``: module to create and install an EFI
+   partition layout on a selected block device.
+-  ``initramfs-module-setup-live``: module to start a shell in the
+   :term:`Initramfs` if ``root=/dev/ram0`` in passed in the `Kernel command-line
+   <https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html>`__
+   or the ``root=`` parameter was not passed.
+
+To customize the :term:`Initramfs`, you can add or remove packages listed
+earlier from the :term:`PACKAGE_INSTALL` variable with a :ref:`bbappend
+<dev-manual/layers:Appending Other Layers Metadata With Your Layer>` on the
+``core-image-minimal-initramfs`` recipe, or create a custom recipe for the
+:term:`Initramfs` taking ``core-image-minimal-initramfs`` as example.
+
+Custom scripts can be added to the :term:`Initramfs` by writing your own
+recipes. The recipes are conventionally named ``initramfs-module-<module name>``
+where ``<module name>`` is the name of the module. The recipe should set its
+:term:`RDEPENDS` package-specific variables to include
+``initramfs-framework-base`` and the other packages on which the module depends
+at runtime.
+
+The recipe must install shell initialization scripts in :term:`${D} <D>`\
+``/init.d`` and must follow the ``<number>-<script name>`` naming scheme where:
+
+-  ``<number>`` is a *two-digit* number that affects the execution order of the
+   script compared to others. For example, the script ``80-setup-live`` would be
+   executed after ``01-udev`` because 80 is greater than 01.
+
+   This number being two-digits is important here as the scripts are executed
+   alphabetically. For example, the script ``10-script`` would be executed
+   before the script ``8-script``, because ``1`` is inferior to ``8``.
+   Therefore, the script should be named ``08-script``.
+
+-  ``<script name>`` is the script name which you can choose freely.
+
+   If two script use the same ``<number>``, they are sorted alphabetically based
+   on ``<script name>``.
+
 Bundling an Initramfs Image From a Separate Multiconfig
 -------------------------------------------------------
 
diff --git a/documentation/dev-manual/customizing-images.rst b/documentation/dev-manual/customizing-images.rst
index 5b18958ade..53cad9c79c 100644
--- a/documentation/dev-manual/customizing-images.rst
+++ b/documentation/dev-manual/customizing-images.rst
@@ -80,15 +80,14 @@ recipe that are enabled with :term:`IMAGE_FEATURES`. The value of
 :term:`EXTRA_IMAGE_FEATURES` is added to :term:`IMAGE_FEATURES` within
 ``meta/conf/bitbake.conf``.
 
-To illustrate how you can use these variables to modify your image,
-consider an example that selects the SSH server. The Yocto Project ships
-with two SSH servers you can use with your images: Dropbear and OpenSSH.
-Dropbear is a minimal SSH server appropriate for resource-constrained
-environments, while OpenSSH is a well-known standard SSH server
-implementation. By default, the ``core-image-sato`` image is configured
-to use Dropbear. The ``core-image-full-cmdline`` and ``core-image-lsb``
-images both include OpenSSH. The ``core-image-minimal`` image does not
-contain an SSH server.
+To illustrate how you can use these variables to modify your image, consider an
+example that selects the SSH server. The Yocto Project ships with two SSH
+servers you can use with your images: Dropbear and OpenSSH. Dropbear is a
+minimal SSH server appropriate for resource-constrained environments, while
+OpenSSH is a well-known standard SSH server implementation. By default, the
+``core-image-sato`` image is configured to use Dropbear. The
+``core-image-full-cmdline`` image includes OpenSSH. The ``core-image-minimal``
+image does not contain an SSH server.
 
 You can customize your image and change these defaults. Edit the
 :term:`IMAGE_FEATURES` variable in your recipe or use the
diff --git a/documentation/dev-manual/debugging.rst b/documentation/dev-manual/debugging.rst
index 92458a0c37..8552b26aea 100644
--- a/documentation/dev-manual/debugging.rst
+++ b/documentation/dev-manual/debugging.rst
@@ -36,7 +36,7 @@ section:
    use the BitBake ``-e`` option to examine variable values after a
    recipe has been parsed.
 
--  ":ref:`dev-manual/debugging:viewing package information with \`\`oe-pkgdata-util\`\``"
+-  ":ref:`dev-manual/debugging:viewing package information with ``oe-pkgdata-util```"
    describes how to use the ``oe-pkgdata-util`` utility to query
    :term:`PKGDATA_DIR` and
    display package-related information for built packages.
diff --git a/documentation/dev-manual/external-scm.rst b/documentation/dev-manual/external-scm.rst
index 97a7e63e36..896b1b5ac7 100644
--- a/documentation/dev-manual/external-scm.rst
+++ b/documentation/dev-manual/external-scm.rst
@@ -12,10 +12,13 @@ revision number for changes. Currently, you can do this with Apache
 Subversion (SVN), Git, and Bazaar (BZR) repositories.
 
 To enable this behavior, the :term:`PV` of
-the recipe needs to reference
-:term:`SRCPV`. Here is an example::
+the recipe needs to include a ``+`` sign in its assignment.
+Here is an example::
 
-   PV = "1.2.3+git${SRCPV}"
+   PV = "1.2.3+git"
+
+:term:`Bitbake` later includes the source control information in :term:`PKGV`
+during the packaging phase.
 
 Then, you can add the following to your
 ``local.conf``::
diff --git a/documentation/dev-manual/index.rst b/documentation/dev-manual/index.rst
index 9ccf60f701..8243c0f4cb 100644
--- a/documentation/dev-manual/index.rst
+++ b/documentation/dev-manual/index.rst
@@ -39,7 +39,6 @@ Yocto Project Development Tasks Manual
    external-scm
    read-only-rootfs
    build-quality
-   runtime-testing
    debugging
    licenses
    security-subjects
@@ -48,5 +47,6 @@ Yocto Project Development Tasks Manual
    error-reporting-tool
    wayland
    qemu
+   bblock
 
 .. include:: /boilerplate.rst
diff --git a/documentation/dev-manual/layers.rst b/documentation/dev-manual/layers.rst
index 91889bd0ae..89c8466933 100644
--- a/documentation/dev-manual/layers.rst
+++ b/documentation/dev-manual/layers.rst
@@ -644,6 +644,96 @@ variable and append the layer's root name::
    order of ``.conf`` or ``.bbclass`` files. Future versions of BitBake
    might address this.
 
+Providing Global-level Configurations With Your Layer
+-----------------------------------------------------
+
+When creating a layer, you may need to define configurations that should take
+effect globally in your build environment when the layer is part of the build.
+The ``layer.conf`` file is a :term:`configuration file` that affects the build
+system globally, so it is a candidate for this use-case.
+
+.. warning::
+
+   Providing unconditional global level configuration from the ``layer.conf``
+   file is *not* a good practice, and should be avoided. For this reason, the
+   section :ref:`ref-conditional-layer-confs` below shows how the ``layer.conf``
+   file can be used to provide configurations only if a certain condition is
+   met.
+
+For example, if your layer provides a Linux kernel recipe named
+``linux-custom``, you may want to make :term:`PREFERRED_PROVIDER_virtual/kernel
+<PREFERRED_PROVIDER>` point to ``linux-custom``::
+
+   PREFERRED_PROVIDER_virtual/kernel = "linux-custom"
+
+This can be defined in the ``layer.conf`` file. If your layer is at the last
+position in the :term:`BBLAYERS` list, it will take precedence over previous
+``PREFERRED_PROVIDER_virtual/kernel`` assignments (unless one is set from a
+:term:`configuration file` that is parsed later, such as machine or distro
+configuration files).
+
+.. _ref-conditional-layer-confs:
+
+Conditionally Provide Global-level Configurations With Your Layer
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In some cases, your layer may provide global configurations only if some
+features it provides are enabled. Since the ``layer.conf`` file is parsed at an
+earlier stage in the parsing process, the :term:`DISTRO_FEATURES` and
+:term:`MACHINE_FEATURES` variables are not yet available to ``layer.conf``, and
+declaring conditional assignments based on these variables is not possible. The
+following technique shows a way to bypass this limitation by using the
+:term:`USER_CLASSES` variable and a conditional ``require`` command.
+
+In the following steps, let's assume our layer is named ``meta-mylayer`` and
+that this layer defines a custom :ref:`distro feature <ref-features-distro>`
+named ``mylayer-kernel``. We will set the :term:`PREFERRED_PROVIDER` variable
+for the kernel only if our feature ``mylayer-kernel`` is part of the
+:term:`DISTRO_FEATURES`:
+
+#. Create an include file in the directory
+   ``meta-mylayer/conf/distro/include/``, for example a file named
+   ``mylayer-kernel-provider.inc`` that sets the kernel provider to
+   ``linux-custom``::
+
+      PREFERRED_PROVIDER_virtual/kernel = "linux-custom"
+
+#. Provide a path to this include file in your ``layer.conf``::
+
+      META_MYLAYER_KERNEL_PROVIDER_PATH = "${LAYERDIR}/conf/distro/include/mylayer-kernel-provider.inc"
+
+#. Create a new class in ``meta-mylayer/classes-global/``, for example a class
+   ``meta-mylayer-cfg.bbclass``. Make it conditionally require the file
+   ``mylayer-kernel-provider.inc`` defined above, using the variable
+   ``META_MYLAYER_KERNEL_PROVIDER_PATH`` defined in ``layer.conf``::
+
+      require ${@bb.utils.contains('DISTRO_FEATURES', 'mylayer-kernel', '${META_MYLAYER_KERNEL_PROVIDER_PATH}', '', d)}
+
+   For details on the ``bb.utils.contains`` function, see its definition in
+   :bitbake_git:`lib/bb/utils.py </tree/lib/bb/utils.py>`.
+
+   .. note::
+
+      The ``require`` command is designed to not fail if the function
+      ``bb.utils.contains`` returns an empty string.
+
+#. Back to your ``layer.conf`` file, add the class ``meta-mylayer-cfg`` class to
+   the :term:`USER_CLASSES` variable::
+
+      USER_CLASSES:append = " meta-mylayer-cfg"
+
+   This will add the class ``meta-mylayer-cfg`` to the list of classes to
+   globally inherit. Since the ``require`` command is conditional in
+   ``meta-mylayer-cfg.bbclass``, even though inherited the class will have no
+   effect unless the feature ``mylayer-kernel`` is enabled through
+   :term:`DISTRO_FEATURES`.
+
+This technique can also be used for :ref:`Machine features
+<ref-features-machine>` by following the same steps. Though not mandatory, it is
+recommended to put include files for :term:`DISTRO_FEATURES` in your layer's
+``conf/distro/include`` and the ones for :term:`MACHINE_FEATURES` in your
+layer's ``conf/machine/include``.
+
 Managing Layers
 ===============
 
diff --git a/documentation/dev-manual/new-recipe.rst b/documentation/dev-manual/new-recipe.rst
index 61fc2eb122..af88db937b 100644
--- a/documentation/dev-manual/new-recipe.rst
+++ b/documentation/dev-manual/new-recipe.rst
@@ -56,7 +56,7 @@ necessary when adding a recipe to build a new piece of software to be
 included in a build.
 
 You can find a complete description of the ``devtool add`` command in
-the ":ref:`sdk-manual/extensible:a closer look at \`\`devtool add\`\``" section
+the ":ref:`sdk-manual/extensible:a closer look at ``devtool add```" section
 in the Yocto Project Application Development and the Extensible Software
 Development Kit (eSDK) manual.
 
@@ -291,13 +291,13 @@ another example that specifies these types of files, see the
 
 Another way of specifying source is from an SCM. For Git repositories,
 you must specify :term:`SRCREV` and you should specify :term:`PV` to include
-the revision with :term:`SRCPV`. Here is an example from the recipe
-``meta/recipes-core/musl/gcompat_git.bb``::
+a ``+`` sign in its definition. Here is an example from the recipe
+:oe_git:`meta/recipes-sato/l3afpad/l3afpad_git.bb </openembedded-core/tree/meta/recipes-sato/l3afpad/l3afpad_git.bb>`::
 
-   SRC_URI = "git://git.adelielinux.org/adelie/gcompat.git;protocol=https;branch=current"
+   SRC_URI = "git://github.com/stevenhoneyman/l3afpad.git;branch=master;protocol=https"
 
-   PV = "1.0.0+1.1+git${SRCPV}"
-   SRCREV = "af5a49e489fdc04b9cf02547650d7aeaccd43793"
+   PV = "0.8.18.1.11+git"
+   SRCREV ="3cdccdc9505643e50f8208171d9eee5de11a42ff"
 
 If your :term:`SRC_URI` statement includes URLs pointing to individual files
 fetched from a remote server other than a version control system,
diff --git a/documentation/dev-manual/packages.rst b/documentation/dev-manual/packages.rst
index e5028fffdc..4ba2dcae3a 100644
--- a/documentation/dev-manual/packages.rst
+++ b/documentation/dev-manual/packages.rst
@@ -16,7 +16,7 @@ This section describes a few tasks that involve packages:
 -  :ref:`dev-manual/packages:generating and using signed packages`
 
 -  :ref:`Setting up and running package test
-   (ptest) <dev-manual/packages:testing packages with ptest>`
+   (ptest) <test-manual/ptest:testing packages with ptest>`
 
 -  :ref:`dev-manual/packages:creating node package manager (npm) packages`
 
@@ -84,10 +84,6 @@ the following:
 
 -  :term:`PR`: The recipe revision.
 
--  :term:`SRCPV`: The OpenEmbedded
-   build system uses this string to help define the value of :term:`PV` when
-   the source code revision needs to be included in it.
-
 -  :yocto_wiki:`PR Service </PR_Service>`: A
    network-based service that helps automate keeping package feeds
    compatible with existing package manager applications such as RPM,
@@ -256,15 +252,14 @@ the software::
 
    SRCREV = "${AUTOREV}"
 
-Furthermore, you need to reference :term:`SRCPV` in :term:`PV` in order to
+Furthermore, you need to include a ``+`` sign in :term:`PV` in order to
 automatically update the version whenever the revision of the source
 code changes. Here is an example::
 
-   PV = "1.0+git${SRCPV}"
-
-The OpenEmbedded build system substitutes :term:`SRCPV` with the following:
+   PV = "1.0+git"
 
-.. code-block:: none
+The OpenEmbedded build system will automatically add the source control
+information to the end of the variable :term:`PKGV`, in this format::
 
    AUTOINC+source_code_revision
 
@@ -887,114 +882,8 @@ related to signed package feeds are available:
 Testing Packages With ptest
 ===========================
 
-A Package Test (ptest) runs tests against packages built by the
-OpenEmbedded build system on the target machine. A ptest contains at
-least two items: the actual test, and a shell script (``run-ptest``)
-that starts the test. The shell script that starts the test must not
-contain the actual test --- the script only starts the test. On the other
-hand, the test can be anything from a simple shell script that runs a
-binary and checks the output to an elaborate system of test binaries and
-data files.
-
-The test generates output in the format used by Automake::
-
-   result: testname
-
-where the result can be ``PASS``, ``FAIL``, or ``SKIP``, and
-the testname can be any identifying string.
-
-For a list of Yocto Project recipes that are already enabled with ptest,
-see the :yocto_wiki:`Ptest </Ptest>` wiki page.
-
-.. note::
-
-   A recipe is "ptest-enabled" if it inherits the :ref:`ref-classes-ptest`
-   class.
-
-Adding ptest to Your Build
---------------------------
-
-To add package testing to your build, add the :term:`DISTRO_FEATURES` and
-:term:`EXTRA_IMAGE_FEATURES` variables to your ``local.conf`` file, which
-is found in the :term:`Build Directory`::
-
-   DISTRO_FEATURES:append = " ptest"
-   EXTRA_IMAGE_FEATURES += "ptest-pkgs"
-
-Once your build is complete, the ptest files are installed into the
-``/usr/lib/package/ptest`` directory within the image, where ``package``
-is the name of the package.
-
-Running ptest
--------------
-
-The ``ptest-runner`` package installs a shell script that loops through
-all installed ptest test suites and runs them in sequence. Consequently,
-you might want to add this package to your image.
-
-Getting Your Package Ready
---------------------------
-
-In order to enable a recipe to run installed ptests on target hardware,
-you need to prepare the recipes that build the packages you want to
-test. Here is what you have to do for each recipe:
-
--  *Be sure the recipe inherits the* :ref:`ref-classes-ptest` *class:*
-   Include the following line in each recipe::
-
-      inherit ptest
-
--  *Create run-ptest:* This script starts your test. Locate the
-   script where you will refer to it using
-   :term:`SRC_URI`. Here is an
-   example that starts a test for ``dbus``::
-
-      #!/bin/sh
-      cd test
-      make -k runtest-TESTS
-
--  *Ensure dependencies are met:* If the test adds build or runtime
-   dependencies that normally do not exist for the package (such as
-   requiring "make" to run the test suite), use the
-   :term:`DEPENDS` and
-   :term:`RDEPENDS` variables in
-   your recipe in order for the package to meet the dependencies. Here
-   is an example where the package has a runtime dependency on "make"::
-
-      RDEPENDS:${PN}-ptest += "make"
-
--  *Add a function to build the test suite:* Not many packages support
-   cross-compilation of their test suites. Consequently, you usually
-   need to add a cross-compilation function to the package.
-
-   Many packages based on Automake compile and run the test suite by
-   using a single command such as ``make check``. However, the host
-   ``make check`` builds and runs on the same computer, while
-   cross-compiling requires that the package is built on the host but
-   executed for the target architecture (though often, as in the case
-   for ptest, the execution occurs on the host). The built version of
-   Automake that ships with the Yocto Project includes a patch that
-   separates building and execution. Consequently, packages that use the
-   unaltered, patched version of ``make check`` automatically
-   cross-compiles.
-
-   Regardless, you still must add a ``do_compile_ptest`` function to
-   build the test suite. Add a function similar to the following to your
-   recipe::
-
-      do_compile_ptest() {
-          oe_runmake buildtest-TESTS
-      }
-
--  *Ensure special configurations are set:* If the package requires
-   special configurations prior to compiling the test code, you must
-   insert a ``do_configure_ptest`` function into the recipe.
-
--  *Install the test suite:* The :ref:`ref-classes-ptest` class
-   automatically copies the file ``run-ptest`` to the target and then runs make
-   ``install-ptest`` to run the tests. If this is not enough, you need
-   to create a ``do_install_ptest`` function and make sure it gets
-   called after the "make install-ptest" completes.
+See the :ref:`test-manual/ptest:Testing Packages With ptest` section of the
+Yocto Project Test Environment Manual.
 
 Creating Node Package Manager (NPM) Packages
 ============================================
diff --git a/documentation/dev-manual/qemu.rst b/documentation/dev-manual/qemu.rst
index 19f3e40d63..253aff9977 100644
--- a/documentation/dev-manual/qemu.rst
+++ b/documentation/dev-manual/qemu.rst
@@ -75,7 +75,7 @@ available. Follow these general steps to run QEMU:
       your :term:`Build Directory`.
 
    -  If you have not built an image, you can go to the
-      :yocto_dl:`machines/qemu </releases/yocto/yocto-&DISTRO;/machines/qemu/>` area and download a
+      :yocto_dl:`machines/qemu </releases/yocto/&DISTRO_REL_LATEST_TAG;/machines/qemu/>` area and download a
       pre-built image that matches your architecture and can be run on
       QEMU.
 
@@ -280,12 +280,11 @@ present, the toolchain is also automatically used.
       networking.
 
    -  SSH servers are available in some QEMU images. The ``core-image-sato``
-      QEMU image has a Dropbear secure shell (SSH) server that runs with
-      the root password disabled. The ``core-image-full-cmdline`` and
-      ``core-image-lsb`` QEMU images have OpenSSH instead of Dropbear.
-      Including these SSH servers allow you to use standard ``ssh`` and
-      ``scp`` commands. The ``core-image-minimal`` QEMU image, however,
-      contains no SSH server.
+      QEMU image has a Dropbear secure shell (SSH) server that runs with the
+      root password disabled. The ``core-image-full-cmdline`` QEMU image has
+      OpenSSH instead of Dropbear. Including these SSH servers allow you to use
+      standard ``ssh`` and ``scp`` commands. The ``core-image-minimal`` QEMU
+      image, however, contains no SSH server.
 
    -  You can use a provided, user-space NFS server to boot the QEMU
       session using a local copy of the root filesystem on the host. In
diff --git a/documentation/dev-manual/sbom.rst b/documentation/dev-manual/sbom.rst
index b72bad1554..7c4b5804fb 100644
--- a/documentation/dev-manual/sbom.rst
+++ b/documentation/dev-manual/sbom.rst
@@ -30,16 +30,9 @@ To make this happen, you must inherit the
 
    INHERIT += "create-spdx"
 
-Upon building an image, you will then get:
-
--  :term:`SPDX` output in JSON format as an ``IMAGE-MACHINE.spdx.json`` file in
-   ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`.
-
--  This toplevel file is accompanied by an ``IMAGE-MACHINE.spdx.index.json``
-   containing an index of JSON :term:`SPDX` files for individual recipes.
-
--  The compressed archive ``IMAGE-MACHINE.spdx.tar.zst`` contains the index
-   and the files for the single recipes.
+Upon building an image, you will then get the compressed archive
+``IMAGE-MACHINE.spdx.tar.zst`` contains the index and the files for the single
+recipes.
 
 The :ref:`ref-classes-create-spdx` class offers options to include
 more information in the output :term:`SPDX` data:
@@ -56,7 +49,7 @@ more information in the output :term:`SPDX` data:
 
 Though the toplevel :term:`SPDX` output is available in
 ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`, ancillary
-generated files are available in ``tmp/deploy/spdx/MACHINE`` too, such as:
+generated files are available in ``tmp/deploy/spdx`` too, such as:
 
 -  The individual :term:`SPDX` JSON files in the ``IMAGE-MACHINE.spdx.tar.zst``
    archive.
diff --git a/documentation/dev-manual/start.rst b/documentation/dev-manual/start.rst
index 386e5f5d29..f4da61b53f 100644
--- a/documentation/dev-manual/start.rst
+++ b/documentation/dev-manual/start.rst
@@ -615,7 +615,7 @@ Accessing Source Archives
 The Yocto Project also provides source archives of its releases, which
 are available on :yocto_dl:`/releases/yocto/`. Then, choose the subdirectory
 containing the release you wish to use, for example
-:yocto_dl:`yocto-&DISTRO; </releases/yocto/yocto-&DISTRO;/>`.
+:yocto_dl:`&DISTRO_REL_LATEST_TAG; </releases/yocto/&DISTRO_REL_LATEST_TAG;/>`.
 
 You will find there source archives of individual components (if you wish
 to use them individually), and of the corresponding Poky release bundling
diff --git a/documentation/dev-manual/upgrading-recipes.rst b/documentation/dev-manual/upgrading-recipes.rst
index 4fac78bdfb..a38fd7837c 100644
--- a/documentation/dev-manual/upgrading-recipes.rst
+++ b/documentation/dev-manual/upgrading-recipes.rst
@@ -333,7 +333,7 @@ Manually Upgrading a Recipe
 
 If for some reason you choose not to upgrade recipes using
 :ref:`dev-manual/upgrading-recipes:Using the Auto Upgrade Helper (AUH)` or
-by :ref:`dev-manual/upgrading-recipes:Using \`\`devtool upgrade\`\``,
+by :ref:`dev-manual/upgrading-recipes:Using ``devtool upgrade```,
 you can manually edit the recipe files to upgrade the versions.
 
 .. note::
diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst
index 1bc2a85929..f5f9fe3a0c 100644
--- a/documentation/dev-manual/vulnerabilities.rst
+++ b/documentation/dev-manual/vulnerabilities.rst
@@ -62,37 +62,77 @@ found in ``build/tmp/deploy/cve``.
 
 For example the CVE check report for the ``flex-native`` recipe looks like::
 
-   $ cat poky/build/tmp/deploy/cve/flex-native
-   LAYER: meta
-   PACKAGE NAME: flex-native
-   PACKAGE VERSION: 2.6.4
-   CVE: CVE-2016-6354
-   CVE STATUS: Patched
-   CVE SUMMARY: Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
-   CVSS v2 BASE SCORE: 7.5
-   CVSS v3 BASE SCORE: 9.8
-   VECTOR: NETWORK
-   MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6354
-
-   LAYER: meta
-   PACKAGE NAME: flex-native
-   PACKAGE VERSION: 2.6.4
-   CVE: CVE-2019-6293
-   CVE STATUS: Ignored
-   CVE SUMMARY: An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.
-   CVSS v2 BASE SCORE: 4.3
-   CVSS v3 BASE SCORE: 5.5
-   VECTOR: NETWORK
-   MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6293
+   $ cat ./tmp/deploy/cve/flex-native_cve.json
+   {
+     "version": "1",
+     "package": [
+       {
+         "name": "flex-native",
+         "layer": "meta",
+         "version": "2.6.4",
+         "products": [
+           {
+             "product": "flex",
+             "cvesInRecord": "No"
+           },
+           {
+             "product": "flex",
+             "cvesInRecord": "Yes"
+           }
+         ],
+         "issue": [
+           {
+             "id": "CVE-2006-0459",
+             "status": "Patched",
+             "link": "https://nvd.nist.gov/vuln/detail/CVE-2006-0459",
+             "summary": "flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.",
+             "scorev2": "7.5",
+             "scorev3": "0.0",
+             "scorev4": "0.0",
+             "modified": "2024-11-21T00:06Z",
+             "vector": "NETWORK",
+             "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+             "detail": "version-not-in-range"
+           },
+           {
+             "id": "CVE-2016-6354",
+             "status": "Patched",
+             "link": "https://nvd.nist.gov/vuln/detail/CVE-2016-6354",
+             "summary": "Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.",
+             "scorev2": "7.5",
+             "scorev3": "9.8",
+             "scorev4": "0.0",
+             "modified": "2024-11-21T02:55Z",
+             "vector": "NETWORK",
+             "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+             "detail": "version-not-in-range"
+           },
+           {
+             "id": "CVE-2019-6293",
+             "status": "Ignored",
+             "link": "https://nvd.nist.gov/vuln/detail/CVE-2019-6293",
+             "summary": "An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.",
+             "scorev2": "4.3",
+             "scorev3": "5.5",
+             "scorev4": "0.0",
+             "modified": "2024-11-21T04:46Z",
+             "vector": "NETWORK",
+             "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
+             "detail": "upstream-wontfix",
+             "description": "there is stack exhaustion but no bug and it is building the parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address this."
+           }
+         ]
+       }
+     ]
+   }
 
 For images, a summary of all recipes included in the image and their CVEs is also
-generated in textual and JSON formats. These ``.cve`` and ``.json`` reports can be found
+generated in the JSON format. These ``.json`` reports can be found
 in the ``tmp/deploy/images`` directory for each compiled image.
 
 At build time CVE check will also throw warnings about ``Unpatched`` CVEs::
 
-   WARNING: flex-2.6.4-r0 do_cve_check: Found unpatched CVE (CVE-2019-6293), for more information check /poky/build/tmp/work/core2-64-poky-linux/flex/2.6.4-r0/temp/cve.log
-   WARNING: libarchive-3.5.1-r0 do_cve_check: Found unpatched CVE (CVE-2021-36976), for more information check /poky/build/tmp/work/core2-64-poky-linux/libarchive/3.5.1-r0/temp/cve.log
+   WARNING: qemu-native-9.2.0-r0 do_cve_check: Found unpatched CVE (CVE-2023-1386)
 
 It is also possible to check the CVE status of individual packages as follows::
 
@@ -111,10 +151,10 @@ upstream `NIST CVE database <https://nvd.nist.gov/>`__.
 
 The variable supports using vendor and product names like this::
 
-   CVE_PRODUCT = "flex_project:flex"
+   CVE_PRODUCT = "flex_project:flex westes:flex"
 
-In this example the vendor name used in the CVE database is ``flex_project`` and the
-product is ``flex``. With this setting the ``flex`` recipe only maps to this specific
+In this example we have two possible vendors names,  ``flex_project`` and ``westes``,
+with the product name ``flex``. With this setting the ``flex`` recipe only maps to this specific
 product and not products from other vendors with same name ``flex``.
 
 Similarly, when the recipe version :term:`PV` is not compatible with software versions used by
diff --git a/documentation/dev-manual/wic.rst b/documentation/dev-manual/wic.rst
index a3880f3a1c..fced0e170c 100644
--- a/documentation/dev-manual/wic.rst
+++ b/documentation/dev-manual/wic.rst
@@ -513,7 +513,7 @@ or ::
 
    For more information on how to use the ``bmaptool``
    to flash a device with an image, see the
-   ":ref:`dev-manual/bmaptool:flashing images using \`\`bmaptool\`\``"
+   ":ref:`dev-manual/bmaptool:flashing images using \`bmaptool\``"
    section.
 
 Using a Modified Kickstart File
@@ -721,7 +721,7 @@ the existing kernel, and then inserts a new kernel:
 
    Once the new kernel is added back into the image, you can use the
    ``dd`` command or :ref:`bmaptool
-   <dev-manual/bmaptool:flashing images using \`\`bmaptool\`\`>`
+   <dev-manual/bmaptool:flashing images using \`bmaptool\`>` commands
    to flash your wic image onto an SD card or USB stick and test your
    target.
 
diff --git a/documentation/downloads.rst b/documentation/downloads.rst
new file mode 100644
index 0000000000..7ec978ef2d
--- /dev/null
+++ b/documentation/downloads.rst
@@ -0,0 +1,11 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+=======================
+Documentation Downloads
+=======================
+
+The documentation can be downloaded in file formats to be read offline or on
+another device. The currently supported formats are linked below:
+
+-  `EPub <_static/TheYoctoProject.epub>`_
+-  `PDF <_static/theyoctoproject.pdf>`_
diff --git a/documentation/index.rst b/documentation/index.rst
index 3fef1704a4..6c6be38a7e 100644
--- a/documentation/index.rst
+++ b/documentation/index.rst
@@ -51,3 +51,10 @@ Welcome to the Yocto Project Documentation
    :hidden:
 
    genindex
+
+.. toctree::
+   :maxdepth: 1
+   :caption: Documentation Downloads
+   :hidden:
+
+   downloads
diff --git a/documentation/kernel-dev/common.rst b/documentation/kernel-dev/common.rst
index fda41694dc..654c4e0a01 100644
--- a/documentation/kernel-dev/common.rst
+++ b/documentation/kernel-dev/common.rst
@@ -672,7 +672,7 @@ The steps in this procedure show you how you can patch the kernel using
 
    Before attempting this procedure, be sure you have performed the
    steps to get ready for updating the kernel as described in the
-   ":ref:`kernel-dev/common:getting ready to develop using \`\`devtool\`\``"
+   ":ref:`kernel-dev/common:getting ready to develop using ``devtool```"
    section.
 
 Patching the kernel involves changing or adding configurations to an
@@ -685,7 +685,7 @@ output at boot time through ``printk`` statements in the kernel's
 ``calibrate.c`` source code file. Applying the patch and booting the
 modified image causes the added messages to appear on the emulator's
 console. The example is a continuation of the setup procedure found in
-the ":ref:`kernel-dev/common:getting ready to develop using \`\`devtool\`\``" Section.
+the ":ref:`kernel-dev/common:getting ready to develop using ``devtool```" Section.
 
 #. *Check Out the Kernel Source Files:* First you must use ``devtool``
    to checkout the kernel source code in its workspace.
@@ -693,7 +693,7 @@ the ":ref:`kernel-dev/common:getting ready to develop using \`\`devtool\`\``" Se
    .. note::
 
       See this step in the
-      ":ref:`kernel-dev/common:getting ready to develop using \`\`devtool\`\``"
+      ":ref:`kernel-dev/common:getting ready to develop using ``devtool```"
       section for more information.
 
    Use the following ``devtool`` command to check out the code::
@@ -804,7 +804,7 @@ the ":ref:`kernel-dev/common:getting ready to develop using \`\`devtool\`\``" Se
    .. note::
 
       See Step 3 of the
-      ":ref:`kernel-dev/common:getting ready to develop using \`\`devtool\`\``"
+      ":ref:`kernel-dev/common:getting ready to develop using ``devtool```"
       section for information on setting up this layer.
 
    Once the command
@@ -1190,7 +1190,7 @@ appear in the ``.config`` file, which is in the :term:`Build Directory`.
 
    For more information about where the ``.config`` file is located, see the
    example in the
-   ":ref:`kernel-dev/common:using \`\`menuconfig\`\``"
+   ":ref:`kernel-dev/common:using ``menuconfig```"
    section.
 
 It is simple to create a configuration fragment. One method is to use
@@ -1286,7 +1286,7 @@ when you override a policy configuration in a hardware configuration
 fragment.
 
 In order to run this task, you must have an existing ``.config`` file.
-See the ":ref:`kernel-dev/common:using \`\`menuconfig\`\``" section for
+See the ":ref:`kernel-dev/common:using ``menuconfig```" section for
 information on how to create a configuration file.
 
 Here is sample output from the :ref:`ref-tasks-kernel_configcheck` task:
@@ -1359,7 +1359,7 @@ and
 tasks until they produce no warnings.
 
 For more information on how to use the ``menuconfig`` tool, see the
-:ref:`kernel-dev/common:using \`\`menuconfig\`\`` section.
+:ref:`kernel-dev/common:using ``menuconfig``` section.
 
 Fine-Tuning the Kernel Configuration File
 -----------------------------------------
@@ -1562,16 +1562,9 @@ Here are some basic steps you can use to work with your own sources:
       changed.
 
    -  :term:`PV`: The default :term:`PV`
-      assignment is typically adequate. It combines the
-      :term:`LINUX_VERSION` with the Source Control Manager (SCM) revision
-      as derived from the :term:`SRCPV`
-      variable. The combined results are a string with the following
-      form::
-
-         3.19.11+git1+68a635bf8dfb64b02263c1ac80c948647cc76d5f_1+218bd8d2022b9852c60d32f0d770931e3cf343e2
-
-      While lengthy, the extra verbosity in :term:`PV` helps ensure you are
-      using the exact sources from which you intend to build.
+      assignment is typically adequate. It combines the value of
+      :term:`LINUX_VERSION` and the value ``+git`` which adds source control
+      information to :term:`PKGV` later during the packaging phase.
 
    -  :term:`COMPATIBLE_MACHINE`:
       A list of the machines supported by your new recipe. This variable
diff --git a/documentation/kernel-dev/intro.rst b/documentation/kernel-dev/intro.rst
index a663733a1d..7df342f8d5 100644
--- a/documentation/kernel-dev/intro.rst
+++ b/documentation/kernel-dev/intro.rst
@@ -122,7 +122,7 @@ general information and references for further information.
    Using ``devtool`` requires that you have a clean build
    of the image. For
    more information, see the
-   ":ref:`kernel-dev/common:getting ready to develop using \`\`devtool\`\``"
+   ":ref:`kernel-dev/common:getting ready to develop using ``devtool```"
    section.
 
    Using traditional kernel development requires that you have the
diff --git a/documentation/migration-guides/migration-1.5.rst b/documentation/migration-guides/migration-1.5.rst
index c8f3cbc165..da26cca63d 100644
--- a/documentation/migration-guides/migration-1.5.rst
+++ b/documentation/migration-guides/migration-1.5.rst
@@ -248,8 +248,8 @@ A new automated image testing framework has been added through the
 framework replaces the older ``imagetest-qemu`` framework.
 
 You can learn more about performing automated image tests in the
-":ref:`dev-manual/runtime-testing:performing automated runtime testing`"
-section in the Yocto Project Development Tasks Manual.
+":ref:`test-manual/runtime-testing:performing automated runtime testing`"
+section in the Yocto Project Test Environment Manual.
 
 .. _migration-1.5-build-history:
 
diff --git a/documentation/migration-guides/migration-1.6.rst b/documentation/migration-guides/migration-1.6.rst
index 916169e836..b052a43a31 100644
--- a/documentation/migration-guides/migration-1.6.rst
+++ b/documentation/migration-guides/migration-1.6.rst
@@ -221,7 +221,7 @@ Package Test (ptest)
 
 Package Tests (ptest) are built but not installed by default. For
 information on using Package Tests, see the
-":ref:`dev-manual/packages:testing packages with ptest`" section in the
+":ref:`test-manual/ptest:testing packages with ptest`" section in the
 Yocto Project Development Tasks Manual. See also the ":ref:`ref-classes-ptest`"
 section.
 
diff --git a/documentation/migration-guides/release-4.0.rst b/documentation/migration-guides/release-4.0.rst
index 4954ea678b..1053ec4c0b 100644
--- a/documentation/migration-guides/release-4.0.rst
+++ b/documentation/migration-guides/release-4.0.rst
@@ -27,4 +27,10 @@ Release 4.0 (kirkstone)
    release-notes-4.0.18
    release-notes-4.0.19
    release-notes-4.0.20
-
+   release-notes-4.0.21
+   release-notes-4.0.22
+   release-notes-4.0.23
+   release-notes-4.0.24
+   release-notes-4.0.25
+   release-notes-4.0.26
+   release-notes-4.0.27
diff --git a/documentation/migration-guides/release-5.0.rst b/documentation/migration-guides/release-5.0.rst
index 1d6ba7692e..b3e7a67912 100644
--- a/documentation/migration-guides/release-5.0.rst
+++ b/documentation/migration-guides/release-5.0.rst
@@ -10,3 +10,10 @@ Release 5.0 (scarthgap)
    release-notes-5.0.1
    release-notes-5.0.2
    release-notes-5.0.3
+   release-notes-5.0.4
+   release-notes-5.0.5
+   release-notes-5.0.6
+   release-notes-5.0.7
+   release-notes-5.0.8
+   release-notes-5.0.9
+   release-notes-5.0.10
diff --git a/documentation/migration-guides/release-notes-3.4.1.rst b/documentation/migration-guides/release-notes-3.4.1.rst
index 097c249a90..c4b99a269b 100644
--- a/documentation/migration-guides/release-notes-3.4.1.rst
+++ b/documentation/migration-guides/release-notes-3.4.1.rst
@@ -11,14 +11,14 @@ Known Issues in 3.4.1
 Security Fixes in 3.4.1
 ~~~~~~~~~~~~~~~~~~~~~~~
 
--  glibc: Backport fix for :cve:`2021-43396`
--  vim: add patch number to :cve:`2021-3778` patch
--  vim: fix :cve:`2021-3796`, :cve:`2021-3872`, and :cve:`2021-3875`
--  squashfs-tools: follow-up fix for :cve:`2021-41072`
+-  glibc: Backport fix for :cve_nist:`2021-43396`
+-  vim: add patch number to :cve_nist:`2021-3778` patch
+-  vim: fix :cve_nist:`2021-3796`, :cve_nist:`2021-3872`, and :cve_nist:`2021-3875`
+-  squashfs-tools: follow-up fix for :cve_nist:`2021-41072`
 -  avahi: update CVE id fixed by local-ping.patch
--  squashfs-tools: fix :cve:`2021-41072`
--  ffmpeg: fix :cve:`2021-38114`
--  curl: fix :cve:`2021-22945`, :cve:`2021-22946` and :cve:`2021-22947`
+-  squashfs-tools: fix :cve_nist:`2021-41072`
+-  ffmpeg: fix :cve_nist:`2021-38114`
+-  curl: fix :cve_nist:`2021-22945`, :cve_nist:`2021-22946` and :cve_nist:`2021-22947`
 
 Fixes in 3.4.1
 ~~~~~~~~~~~~~~
diff --git a/documentation/migration-guides/release-notes-3.4.2.rst b/documentation/migration-guides/release-notes-3.4.2.rst
index 5ff42d3900..94dffcb79e 100644
--- a/documentation/migration-guides/release-notes-3.4.2.rst
+++ b/documentation/migration-guides/release-notes-3.4.2.rst
@@ -6,29 +6,29 @@ Release notes for 3.4.2 (honister)
 Security Fixes in 3.4.2
 ~~~~~~~~~~~~~~~~~~~~~~~
 
--  tiff: backport fix for :cve:`2022-22844`
--  glibc : Fix :cve:`2021-3999`
--  glibc : Fix :cve:`2021-3998`
--  glibc : Fix :cve:`2022-23219`
--  glibc : Fix :cve:`2022-23218`
--  lighttpd: backport a fix for :cve:`2022-22707`
--  speex: fix :cve:`2020-23903`
--  linux-yocto/5.10: amdgpu: updates for :cve:`2021-42327`
--  libsndfile1: fix :cve:`2021-4156`
+-  tiff: backport fix for :cve_nist:`2022-22844`
+-  glibc : Fix :cve_nist:`2021-3999`
+-  glibc : Fix :cve_nist:`2021-3998`
+-  glibc : Fix :cve_nist:`2022-23219`
+-  glibc : Fix :cve_nist:`2022-23218`
+-  lighttpd: backport a fix for :cve_nist:`2022-22707`
+-  speex: fix :cve_nist:`2020-23903`
+-  linux-yocto/5.10: amdgpu: updates for :cve_nist:`2021-42327`
+-  libsndfile1: fix :cve_nist:`2021-4156`
 -  xserver-xorg: whitelist two CVEs
--  grub2: fix :cve:`2021-3981`
+-  grub2: fix :cve_nist:`2021-3981`
 -  xserver-xorg: update :term:`CVE_PRODUCT`
--  binutils: :cve:`2021-42574`
--  gcc: Fix :cve:`2021-42574`
--  gcc: Fix :cve:`2021-35465`
+-  binutils: :cve_nist:`2021-42574`
+-  gcc: Fix :cve_nist:`2021-42574`
+-  gcc: Fix :cve_nist:`2021-35465`
 -  cve-extra-exclusions: add db CVEs to exclusion list
--  gcc: Add :cve:`2021-37322` to the list of CVEs to ignore
--  bind: fix :cve:`2021-25219`
--  openssh: fix :cve:`2021-41617`
--  ncurses: fix :cve:`2021-39537`
--  vim: fix :cve:`2021-3968` and :cve:`2021-3973`
--  vim: fix :cve:`2021-3927` and :cve:`2021-3928`
--  gmp: fix :cve:`2021-43618`
+-  gcc: Add :cve_nist:`2021-37322` to the list of CVEs to ignore
+-  bind: fix :cve_nist:`2021-25219`
+-  openssh: fix :cve_nist:`2021-41617`
+-  ncurses: fix :cve_nist:`2021-39537`
+-  vim: fix :cve_nist:`2021-3968` and :cve_nist:`2021-3973`
+-  vim: fix :cve_nist:`2021-3927` and :cve_nist:`2021-3928`
+-  gmp: fix :cve_nist:`2021-43618`
 
 Fixes in 3.4.2
 ~~~~~~~~~~~~~~
diff --git a/documentation/migration-guides/release-notes-3.4.3.rst b/documentation/migration-guides/release-notes-3.4.3.rst
index 2af802307d..cd9698d0e8 100644
--- a/documentation/migration-guides/release-notes-3.4.3.rst
+++ b/documentation/migration-guides/release-notes-3.4.3.rst
@@ -6,12 +6,12 @@ Release notes for 3.4.3 (honister)
 Security Fixes in 3.4.3
 ~~~~~~~~~~~~~~~~~~~~~~~
 
--  ghostscript: fix :cve:`2021-3781`
--  ghostscript: fix :cve:`2021-45949`
--  tiff: Add backports for two CVEs from upstream (:cve:`2022-0561` & :cve:`2022-0562`)
--  gcc : Fix :cve:`2021-46195`
+-  ghostscript: fix :cve_nist:`2021-3781`
+-  ghostscript: fix :cve_nist:`2021-45949`
+-  tiff: Add backports for two CVEs from upstream (:cve_nist:`2022-0561` & :cve_nist:`2022-0562`)
+-  gcc : Fix :cve_nist:`2021-46195`
 -  virglrenderer: fix `CVE-2022-0135 <https://security-tracker.debian.org/tracker/CVE-2022-0135>`__ and `CVE-2022-0175 <https://security-tracker.debian.org/tracker/CVE-2022-0175>`__
--  binutils: Add fix for :cve:`2021-45078`
+-  binutils: Add fix for :cve_nist:`2021-45078`
 
 
 Fixes in 3.4.3
diff --git a/documentation/migration-guides/release-notes-3.4.4.rst b/documentation/migration-guides/release-notes-3.4.4.rst
index 0bf9a16209..3ab858b0b9 100644
--- a/documentation/migration-guides/release-notes-3.4.4.rst
+++ b/documentation/migration-guides/release-notes-3.4.4.rst
@@ -6,11 +6,11 @@ Release notes for 3.4.4 (honister)
 Security Fixes in 3.4.4
 ~~~~~~~~~~~~~~~~~~~~~~~
 
--  tiff: fix :cve:`2022-0865`, :cve:`2022-0891`, :cve:`2022-0907`, :cve:`2022-0908`, :cve:`2022-0909` and :cve:`2022-0924`
+-  tiff: fix :cve_nist:`2022-0865`, :cve_nist:`2022-0891`, :cve_nist:`2022-0907`, :cve_nist:`2022-0908`, :cve_nist:`2022-0909` and :cve_nist:`2022-0924`
 -  xz: fix `CVE-2022-1271 <https://security-tracker.debian.org/tracker/CVE-2022-1271>`__
 -  unzip: fix `CVE-2021-4217 <https://security-tracker.debian.org/tracker/CVE-2021-4217>`__
--  zlib: fix :cve:`2018-25032`
--  grub: ignore :cve:`2021-46705`
+-  zlib: fix :cve_nist:`2018-25032`
+-  grub: ignore :cve_nist:`2021-46705`
 
 Fixes in 3.4.4
 ~~~~~~~~~~~~~~
diff --git a/documentation/migration-guides/release-notes-3.4.rst b/documentation/migration-guides/release-notes-3.4.rst
index d76bb004b1..6eca9956be 100644
--- a/documentation/migration-guides/release-notes-3.4.rst
+++ b/documentation/migration-guides/release-notes-3.4.rst
@@ -220,34 +220,34 @@ Other license-related notes:
 Security Fixes in 3.4
 ~~~~~~~~~~~~~~~~~~~~~
 
--  apr: :cve:`2021-35940`
--  aspell: :cve:`2019-25051`
--  avahi: :cve:`2021-3468`, :cve:`2021-36217`
--  binutils: :cve:`2021-20197`
--  bluez: :cve:`2021-3658`
--  busybox: :cve:`2021-28831`
--  cairo: :cve:`2020-35492`
--  cpio: :cve:`2021-38185`
--  expat: :cve:`2013-0340`
--  ffmpeg: :cve:`2020-20446`, :cve:`2020-22015`, :cve:`2020-22021`, :cve:`2020-22033`, :cve:`2020-22019`, :cve:`2021-33815`, :cve:`2021-38171`, :cve:`2020-20453`
--  glibc: :cve:`2021-33574`, :cve:`2021-38604`
--  inetutils: :cve:`2021-40491`
--  libgcrypt: :cve:`2021-40528`
--  linux-yocto/5.10, 5.14: :cve:`2021-3653`, :cve:`2021-3656`
--  lz4: :cve:`2021-3520`
--  nettle: :cve:`2021-20305`
--  openssl: :cve:`2021-3711`, :cve:`2021-3712`
--  perl: :cve:`2021-36770`
--  python3: :cve:`2021-29921`
--  python3-pip: :cve:`2021-3572`
--  qemu: :cve:`2020-27821`, :cve:`2020-29443`, :cve:`2020-35517`, :cve:`2021-3392`, :cve:`2021-3409`, :cve:`2021-3416`, :cve:`2021-3527`, :cve:`2021-3544`, :cve:`2021-3545`, :cve:`2021-3546`, :cve:`2021-3682`, :cve:`2021-20181`, :cve:`2021-20221`, :cve:`2021-20257`, :cve:`2021-20263`
--  rpm: :cve:`2021-3421`, :cve:`2021-20271`
--  rsync: :cve:`2020-14387`
--  util-linux: :cve:`2021-37600`
--  vim: :cve:`2021-3770`, :cve:`2021-3778`
--  wpa-supplicant: :cve:`2021-30004`
--  xdg-utils: :cve:`2020-27748`
--  xserver-xorg: :cve:`2021-3472`
+-  apr: :cve_nist:`2021-35940`
+-  aspell: :cve_nist:`2019-25051`
+-  avahi: :cve_nist:`2021-3468`, :cve_nist:`2021-36217`
+-  binutils: :cve_nist:`2021-20197`
+-  bluez: :cve_nist:`2021-3658`
+-  busybox: :cve_nist:`2021-28831`
+-  cairo: :cve_nist:`2020-35492`
+-  cpio: :cve_nist:`2021-38185`
+-  expat: :cve_nist:`2013-0340`
+-  ffmpeg: :cve_nist:`2020-20446`, :cve_nist:`2020-22015`, :cve_nist:`2020-22021`, :cve_nist:`2020-22033`, :cve_nist:`2020-22019`, :cve_nist:`2021-33815`, :cve_nist:`2021-38171`, :cve_nist:`2020-20453`
+-  glibc: :cve_nist:`2021-33574`, :cve_nist:`2021-38604`
+-  inetutils: :cve_nist:`2021-40491`
+-  libgcrypt: :cve_nist:`2021-40528`
+-  linux-yocto/5.10, 5.14: :cve_nist:`2021-3653`, :cve_nist:`2021-3656`
+-  lz4: :cve_nist:`2021-3520`
+-  nettle: :cve_nist:`2021-20305`
+-  openssl: :cve_nist:`2021-3711`, :cve_nist:`2021-3712`
+-  perl: :cve_nist:`2021-36770`
+-  python3: :cve_nist:`2021-29921`
+-  python3-pip: :cve_nist:`2021-3572`
+-  qemu: :cve_nist:`2020-27821`, :cve_nist:`2020-29443`, :cve_nist:`2020-35517`, :cve_nist:`2021-3392`, :cve_nist:`2021-3409`, :cve_nist:`2021-3416`, :cve_nist:`2021-3527`, :cve_nist:`2021-3544`, :cve_nist:`2021-3545`, :cve_nist:`2021-3546`, :cve_nist:`2021-3682`, :cve_nist:`2021-20181`, :cve_nist:`2021-20221`, :cve_nist:`2021-20257`, :cve_nist:`2021-20263`
+-  rpm: :cve_nist:`2021-3421`, :cve_nist:`2021-20271`
+-  rsync: :cve_nist:`2020-14387`
+-  util-linux: :cve_nist:`2021-37600`
+-  vim: :cve_nist:`2021-3770`, :cve_nist:`2021-3778`
+-  wpa-supplicant: :cve_nist:`2021-30004`
+-  xdg-utils: :cve_nist:`2020-27748`
+-  xserver-xorg: :cve_nist:`2021-3472`
 
 Recipe Upgrades in 3.4
 ~~~~~~~~~~~~~~~~~~~~~~
diff --git a/documentation/migration-guides/release-notes-4.0.1.rst b/documentation/migration-guides/release-notes-4.0.1.rst
index 5529f71c6f..5b972f899e 100644
--- a/documentation/migration-guides/release-notes-4.0.1.rst
+++ b/documentation/migration-guides/release-notes-4.0.1.rst
@@ -6,11 +6,11 @@ Release notes for 4.0.1 (kirkstone)
 Security Fixes in 4.0.1
 ~~~~~~~~~~~~~~~~~~~~~~~
 
--  linux-yocto/5.15: fix :cve:`2022-28796`
--  python3: ignore :cve:`2015-20107`
--  e2fsprogs: fix :cve:`2022-1304`
--  lua: fix :cve:`2022-28805`
--  busybox: fix :cve:`2022-28391`
+-  linux-yocto/5.15: fix :cve_nist:`2022-28796`
+-  python3: ignore :cve_nist:`2015-20107`
+-  e2fsprogs: fix :cve_nist:`2022-1304`
+-  lua: fix :cve_nist:`2022-28805`
+-  busybox: fix :cve_nist:`2022-28391`
 
 Fixes in 4.0.1
 ~~~~~~~~~~~~~~
diff --git a/documentation/migration-guides/release-notes-4.0.10.rst b/documentation/migration-guides/release-notes-4.0.10.rst
index f37c3471ea..4e88bafe8a 100644
--- a/documentation/migration-guides/release-notes-4.0.10.rst
+++ b/documentation/migration-guides/release-notes-4.0.10.rst
@@ -6,28 +6,28 @@ Release notes for Yocto-4.0.10 (Kirkstone)
 Security Fixes in Yocto-4.0.10
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  binutils: Fix :cve:`2023-1579`, :cve:`2023-1972`, :cve_mitre:`2023-25584`, :cve_mitre:`2023-25585` and :cve_mitre:`2023-25588`
--  cargo : Ignore :cve:`2022-46176`
--  connman: Fix :cve:`2023-28488`
--  curl: Fix :cve:`2023-27533`, :cve:`2023-27534`, :cve:`2023-27535`, :cve:`2023-27536` and :cve:`2023-27538`
--  ffmpeg: Fix :cve:`2022-48434`
--  freetype: Fix :cve:`2023-2004`
+-  binutils: Fix :cve_nist:`2023-1579`, :cve_nist:`2023-1972`, :cve_mitre:`2023-25584`, :cve_mitre:`2023-25585` and :cve_mitre:`2023-25588`
+-  cargo : Ignore :cve_nist:`2022-46176`
+-  connman: Fix :cve_nist:`2023-28488`
+-  curl: Fix :cve_nist:`2023-27533`, :cve_nist:`2023-27534`, :cve_nist:`2023-27535`, :cve_nist:`2023-27536` and :cve_nist:`2023-27538`
+-  ffmpeg: Fix :cve_nist:`2022-48434`
+-  freetype: Fix :cve_nist:`2023-2004`
 -  ghostscript: Fix :cve_mitre:`2023-29979`
--  git: Fix :cve:`2023-25652` and :cve:`2023-29007`
--  go: Fix :cve:`2022-41722`, :cve:`2022-41724`, :cve:`2022-41725`, :cve:`2023-24534`, :cve:`2023-24537` and :cve:`2023-24538`
--  go: Ignore :cve:`2022-41716`
--  libxml2: Fix :cve:`2023-28484` and :cve:`2023-29469`
--  libxpm: Fix :cve:`2022-44617`, :cve:`2022-46285` and :cve:`2022-4883`
--  linux-yocto: Ignore :cve:`2021-3759`, :cve:`2021-4135`, :cve:`2021-4155`, :cve:`2022-0168`, :cve:`2022-0171`, :cve:`2022-1016`, :cve:`2022-1184`, :cve:`2022-1198`, :cve:`2022-1199`, :cve:`2022-1462`, :cve:`2022-1734`, :cve:`2022-1852`, :cve:`2022-1882`, :cve:`2022-1998`, :cve:`2022-2078`, :cve:`2022-2196`, :cve:`2022-2318`, :cve:`2022-2380`, :cve:`2022-2503`, :cve:`2022-26365`, :cve:`2022-2663`, :cve:`2022-2873`, :cve:`2022-2905`, :cve:`2022-2959`, :cve:`2022-3028`, :cve:`2022-3078`, :cve:`2022-3104`, :cve:`2022-3105`, :cve:`2022-3106`, :cve:`2022-3107`, :cve:`2022-3111`, :cve:`2022-3112`, :cve:`2022-3113`, :cve:`2022-3115`, :cve:`2022-3202`, :cve:`2022-32250`, :cve:`2022-32296`, :cve:`2022-32981`, :cve:`2022-3303`, :cve:`2022-33740`, :cve:`2022-33741`, :cve:`2022-33742`, :cve:`2022-33743`, :cve:`2022-33744`, :cve:`2022-33981`, :cve:`2022-3424`, :cve:`2022-3435`, :cve:`2022-34918`, :cve:`2022-3521`, :cve:`2022-3545`, :cve:`2022-3564`, :cve:`2022-3586`, :cve:`2022-3594`, :cve:`2022-36123`, :cve:`2022-3621`, :cve:`2022-3623`, :cve:`2022-3629`, :cve:`2022-3633`, :cve:`2022-3635`, :cve:`2022-3646`, :cve:`2022-3649`, :cve:`2022-36879`, :cve:`2022-36946`, :cve:`2022-3707`, :cve:`2022-39188`, :cve:`2022-39190`, :cve:`2022-39842`, :cve:`2022-40307`, :cve:`2022-40768`, :cve:`2022-4095`, :cve:`2022-41218`, :cve:`2022-4139`, :cve:`2022-41849`, :cve:`2022-41850`, :cve:`2022-41858`, :cve:`2022-42328`, :cve:`2022-42329`, :cve:`2022-42703`, :cve:`2022-42721`, :cve:`2022-42722`, :cve:`2022-42895`, :cve:`2022-4382`, :cve:`2022-4662`, :cve:`2022-47518`, :cve:`2022-47519`, :cve:`2022-47520`, :cve:`2022-47929`, :cve:`2023-0179`, :cve:`2023-0394`, :cve:`2023-0461`, :cve:`2023-0590`, :cve:`2023-1073`, :cve:`2023-1074`, :cve:`2023-1077`, :cve:`2023-1078`, :cve:`2023-1079`, :cve:`2023-1095`, :cve:`2023-1118`, :cve:`2023-1249`, :cve:`2023-1252`, :cve:`2023-1281`, :cve:`2023-1382`, :cve:`2023-1513`, :cve:`2023-1829`, :cve:`2023-1838`, :cve:`2023-1998`, :cve:`2023-2006`, :cve:`2023-2008`, :cve:`2023-2162`, :cve:`2023-2166`, :cve:`2023-2177`, :cve:`2023-22999`, :cve:`2023-23002`, :cve:`2023-23004`, :cve:`2023-23454`, :cve:`2023-23455`, :cve:`2023-23559`, :cve:`2023-25012`, :cve:`2023-26545`, :cve:`2023-28327` and :cve:`2023-28328`
--  nasm: Fix :cve:`2022-44370`
--  python3-cryptography: Fix :cve:`2023-23931`
--  qemu: Ignore :cve:`2023-0664`
--  ruby: Fix :cve:`2023-28755` and :cve:`2023-28756`
--  screen: Fix :cve:`2023-24626`
--  shadow: Fix :cve:`2023-29383`
--  tiff: Fix :cve:`2022-4645`
--  webkitgtk: Fix :cve:`2022-32888` and :cve:`2022-32923`
--  xserver-xorg: Fix :cve:`2023-1393`
+-  git: Fix :cve_nist:`2023-25652` and :cve_nist:`2023-29007`
+-  go: Fix :cve_nist:`2022-41722`, :cve_nist:`2022-41724`, :cve_nist:`2022-41725`, :cve_nist:`2023-24534`, :cve_nist:`2023-24537` and :cve_nist:`2023-24538`
+-  go: Ignore :cve_nist:`2022-41716`
+-  libxml2: Fix :cve_nist:`2023-28484` and :cve_nist:`2023-29469`
+-  libxpm: Fix :cve_nist:`2022-44617`, :cve_nist:`2022-46285` and :cve_nist:`2022-4883`
+-  linux-yocto: Ignore :cve_nist:`2021-3759`, :cve_nist:`2021-4135`, :cve_nist:`2021-4155`, :cve_nist:`2022-0168`, :cve_nist:`2022-0171`, :cve_nist:`2022-1016`, :cve_nist:`2022-1184`, :cve_nist:`2022-1198`, :cve_nist:`2022-1199`, :cve_nist:`2022-1462`, :cve_nist:`2022-1734`, :cve_nist:`2022-1852`, :cve_nist:`2022-1882`, :cve_nist:`2022-1998`, :cve_nist:`2022-2078`, :cve_nist:`2022-2196`, :cve_nist:`2022-2318`, :cve_nist:`2022-2380`, :cve_nist:`2022-2503`, :cve_nist:`2022-26365`, :cve_nist:`2022-2663`, :cve_nist:`2022-2873`, :cve_nist:`2022-2905`, :cve_nist:`2022-2959`, :cve_nist:`2022-3028`, :cve_nist:`2022-3078`, :cve_nist:`2022-3104`, :cve_nist:`2022-3105`, :cve_nist:`2022-3106`, :cve_nist:`2022-3107`, :cve_nist:`2022-3111`, :cve_nist:`2022-3112`, :cve_nist:`2022-3113`, :cve_nist:`2022-3115`, :cve_nist:`2022-3202`, :cve_nist:`2022-32250`, :cve_nist:`2022-32296`, :cve_nist:`2022-32981`, :cve_nist:`2022-3303`, :cve_nist:`2022-33740`, :cve_nist:`2022-33741`, :cve_nist:`2022-33742`, :cve_nist:`2022-33743`, :cve_nist:`2022-33744`, :cve_nist:`2022-33981`, :cve_nist:`2022-3424`, :cve_nist:`2022-3435`, :cve_nist:`2022-34918`, :cve_nist:`2022-3521`, :cve_nist:`2022-3545`, :cve_nist:`2022-3564`, :cve_nist:`2022-3586`, :cve_nist:`2022-3594`, :cve_nist:`2022-36123`, :cve_nist:`2022-3621`, :cve_nist:`2022-3623`, :cve_nist:`2022-3629`, :cve_nist:`2022-3633`, :cve_nist:`2022-3635`, :cve_nist:`2022-3646`, :cve_nist:`2022-3649`, :cve_nist:`2022-36879`, :cve_nist:`2022-36946`, :cve_nist:`2022-3707`, :cve_nist:`2022-39188`, :cve_nist:`2022-39190`, :cve_nist:`2022-39842`, :cve_nist:`2022-40307`, :cve_nist:`2022-40768`, :cve_nist:`2022-4095`, :cve_nist:`2022-41218`, :cve_nist:`2022-4139`, :cve_nist:`2022-41849`, :cve_nist:`2022-41850`, :cve_nist:`2022-41858`, :cve_nist:`2022-42328`, :cve_nist:`2022-42329`, :cve_nist:`2022-42703`, :cve_nist:`2022-42721`, :cve_nist:`2022-42722`, :cve_nist:`2022-42895`, :cve_nist:`2022-4382`, :cve_nist:`2022-4662`, :cve_nist:`2022-47518`, :cve_nist:`2022-47519`, :cve_nist:`2022-47520`, :cve_nist:`2022-47929`, :cve_nist:`2023-0179`, :cve_nist:`2023-0394`, :cve_nist:`2023-0461`, :cve_nist:`2023-0590`, :cve_nist:`2023-1073`, :cve_nist:`2023-1074`, :cve_nist:`2023-1077`, :cve_nist:`2023-1078`, :cve_nist:`2023-1079`, :cve_nist:`2023-1095`, :cve_nist:`2023-1118`, :cve_nist:`2023-1249`, :cve_nist:`2023-1252`, :cve_nist:`2023-1281`, :cve_nist:`2023-1382`, :cve_nist:`2023-1513`, :cve_nist:`2023-1829`, :cve_nist:`2023-1838`, :cve_nist:`2023-1998`, :cve_nist:`2023-2006`, :cve_nist:`2023-2008`, :cve_nist:`2023-2162`, :cve_nist:`2023-2166`, :cve_nist:`2023-2177`, :cve_nist:`2023-22999`, :cve_nist:`2023-23002`, :cve_nist:`2023-23004`, :cve_nist:`2023-23454`, :cve_nist:`2023-23455`, :cve_nist:`2023-23559`, :cve_nist:`2023-25012`, :cve_nist:`2023-26545`, :cve_nist:`2023-28327` and :cve_nist:`2023-28328`
+-  nasm: Fix :cve_nist:`2022-44370`
+-  python3-cryptography: Fix :cve_nist:`2023-23931`
+-  qemu: Ignore :cve_nist:`2023-0664`
+-  ruby: Fix :cve_nist:`2023-28755` and :cve_nist:`2023-28756`
+-  screen: Fix :cve_nist:`2023-24626`
+-  shadow: Fix :cve_nist:`2023-29383`
+-  tiff: Fix :cve_nist:`2022-4645`
+-  webkitgtk: Fix :cve_nist:`2022-32888` and :cve_nist:`2022-32923`
+-  xserver-xorg: Fix :cve_nist:`2023-1393`
 
 
 Fixes in Yocto-4.0.10
diff --git a/documentation/migration-guides/release-notes-4.0.11.rst b/documentation/migration-guides/release-notes-4.0.11.rst
index 8a15884908..baef380586 100644
--- a/documentation/migration-guides/release-notes-4.0.11.rst
+++ b/documentation/migration-guides/release-notes-4.0.11.rst
@@ -6,18 +6,18 @@ Release notes for Yocto-4.0.11 (Kirkstone)
 Security Fixes in Yocto-4.0.11
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  cups: Fix :cve:`2023-32324`
--  curl: Fix :cve:`2023-28319`, :cve:`2023-28320`, :cve:`2023-28321` and :cve:`2023-28322`
--  git: Ignore :cve:`2023-25815`
--  go: Fix :cve:`2023-24539` and :cve:`2023-24540`
--  nasm: Fix :cve:`2022-46457`
--  openssh: Fix :cve:`2023-28531`
--  openssl: Fix :cve:`2023-1255` and :cve:`2023-2650`
--  perl: Fix :cve:`2023-31484`
--  python3-requests: Fix for :cve:`2023-32681`
--  sysstat: Fix :cve:`2023-33204`
--  vim: Fix :cve:`2023-2426`
--  webkitgtk: fix :cve:`2022-42867`, :cve:`2022-46691`, :cve:`2022-46699` and :cve:`2022-46700`
+-  cups: Fix :cve_nist:`2023-32324`
+-  curl: Fix :cve_nist:`2023-28319`, :cve_nist:`2023-28320`, :cve_nist:`2023-28321` and :cve_nist:`2023-28322`
+-  git: Ignore :cve_nist:`2023-25815`
+-  go: Fix :cve_nist:`2023-24539` and :cve_nist:`2023-24540`
+-  nasm: Fix :cve_nist:`2022-46457`
+-  openssh: Fix :cve_nist:`2023-28531`
+-  openssl: Fix :cve_nist:`2023-1255` and :cve_nist:`2023-2650`
+-  perl: Fix :cve_nist:`2023-31484`
+-  python3-requests: Fix for :cve_nist:`2023-32681`
+-  sysstat: Fix :cve_nist:`2023-33204`
+-  vim: Fix :cve_nist:`2023-2426`
+-  webkitgtk: fix :cve_nist:`2022-42867`, :cve_nist:`2022-46691`, :cve_nist:`2022-46699` and :cve_nist:`2022-46700`
 
 
 Fixes in Yocto-4.0.11
diff --git a/documentation/migration-guides/release-notes-4.0.12.rst b/documentation/migration-guides/release-notes-4.0.12.rst
index 0ea92a453d..ead33e1854 100644
--- a/documentation/migration-guides/release-notes-4.0.12.rst
+++ b/documentation/migration-guides/release-notes-4.0.12.rst
@@ -6,30 +6,30 @@ Release notes for Yocto-4.0.12 (Kirkstone)
 Security Fixes in Yocto-4.0.12
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bind: Fix :cve:`2023-2828` and :cve:`2023-2911`
--  cups: Fix :cve:`2023-34241`
--  curl: Added :cve:`2023-28320` Follow-up patch
--  dbus: Fix :cve:`2023-34969`
--  dmidecode: fix :cve:`2023-30630`
--  ghostscript: fix :cve:`2023-36664`
--  go: fix :cve_mitre:`2023-24531`, :cve:`2023-24536`, :cve:`2023-29400`, :cve:`2023-29402`, :cve:`2023-29404`, :cve:`2023-29405` and :cve:`2023-29406`
--  libarchive: Ignore :cve:`2023-30571`
--  libcap: Fix :cve:`2023-2602` and :cve:`2023-2603`
--  libjpeg-turbo: Fix :cve:`2023-2804`
--  libpcre2: Fix :cve:`2022-41409`
--  libtiff: fix :cve:`2023-26965`
--  libwebp: Fix :cve:`2023-1999`
--  libx11: Fix :cve:`2023-3138`
--  libxpm: Fix :cve:`2022-44617`
--  ninja: Ignore :cve:`2021-4336`
--  openssh: Fix :cve:`2023-38408`
--  openssl: Fix :cve:`2023-2975`, :cve:`2023-3446` and :cve:`2023-3817`
--  perl: Fix :cve:`2023-31486`
--  python3: Ignore :cve:`2023-36632`
--  qemu: Fix :cve:`2023-0330`, :cve_mitre:`2023-2861`, :cve_mitre:`2023-3255` and :cve_mitre:`2023-3301`
--  sqlite3: Fix :cve:`2023-36191`
--  tiff: Fix :cve:`2023-0795`, :cve:`2023-0796`, :cve:`2023-0797`, :cve:`2023-0798`, :cve:`2023-0799`, :cve:`2023-25433`, :cve:`2023-25434` and :cve:`2023-25435`
--  vim: :cve:`2023-2609` and :cve:`2023-2610`
+-  bind: Fix :cve_nist:`2023-2828` and :cve_nist:`2023-2911`
+-  cups: Fix :cve_nist:`2023-34241`
+-  curl: Added :cve_nist:`2023-28320` Follow-up patch
+-  dbus: Fix :cve_nist:`2023-34969`
+-  dmidecode: fix :cve_nist:`2023-30630`
+-  ghostscript: fix :cve_nist:`2023-36664`
+-  go: fix :cve_mitre:`2023-24531`, :cve_nist:`2023-24536`, :cve_nist:`2023-29400`, :cve_nist:`2023-29402`, :cve_nist:`2023-29404`, :cve_nist:`2023-29405` and :cve_nist:`2023-29406`
+-  libarchive: Ignore :cve_nist:`2023-30571`
+-  libcap: Fix :cve_nist:`2023-2602` and :cve_nist:`2023-2603`
+-  libjpeg-turbo: Fix :cve_nist:`2023-2804`
+-  libpcre2: Fix :cve_nist:`2022-41409`
+-  libtiff: fix :cve_nist:`2023-26965`
+-  libwebp: Fix :cve_nist:`2023-1999`
+-  libx11: Fix :cve_nist:`2023-3138`
+-  libxpm: Fix :cve_nist:`2022-44617`
+-  ninja: Ignore :cve_nist:`2021-4336`
+-  openssh: Fix :cve_nist:`2023-38408`
+-  openssl: Fix :cve_nist:`2023-2975`, :cve_nist:`2023-3446` and :cve_nist:`2023-3817`
+-  perl: Fix :cve_nist:`2023-31486`
+-  python3: Ignore :cve_nist:`2023-36632`
+-  qemu: Fix :cve_nist:`2023-0330`, :cve_mitre:`2023-2861`, :cve_mitre:`2023-3255` and :cve_mitre:`2023-3301`
+-  sqlite3: Fix :cve_nist:`2023-36191`
+-  tiff: Fix :cve_nist:`2023-0795`, :cve_nist:`2023-0796`, :cve_nist:`2023-0797`, :cve_nist:`2023-0798`, :cve_nist:`2023-0799`, :cve_nist:`2023-25433`, :cve_nist:`2023-25434` and :cve_nist:`2023-25435`
+-  vim: :cve_nist:`2023-2609` and :cve_nist:`2023-2610`
 
 
 Fixes in Yocto-4.0.12
diff --git a/documentation/migration-guides/release-notes-4.0.13.rst b/documentation/migration-guides/release-notes-4.0.13.rst
index 3c096c356f..641c9d1f05 100644
--- a/documentation/migration-guides/release-notes-4.0.13.rst
+++ b/documentation/migration-guides/release-notes-4.0.13.rst
@@ -6,43 +6,43 @@ Release notes for Yocto-4.0.13 (Kirkstone)
 Security Fixes in Yocto-4.0.13
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bind: Fix :cve:`2023-2829`
--  binutils: Fix :cve:`2022-48065`
--  busybox: Fix :cve:`2022-48174`
--  cups: Fix :cve:`2023-32360`
--  curl: Fix :cve:`2023-32001`
--  dmidecode: Fix :cve:`2023-30630`
--  dropbear: Fix :cve:`2023-36328`
--  ffmpeg: Ignored :cve:`2023-39018`
--  file: Fix :cve:`2022-48554`
--  flac: Fix :cve:`2020-22219`
--  gcc: Fix :cve:`2023-4039`
--  gdb: Fix :cve:`2023-39128`
--  ghostscript: Fix :cve:`2023-38559`
--  glib-2.0: Fix :cve:`2023-29499`, :cve:`2023-32611`, :cve:`2023-32636`, :cve:`2023-32643` and :cve:`2023-32665`
--  go: Fix :cve:`2023-29409` and :cve:`2023-39319`
+-  bind: Fix :cve_nist:`2023-2829`
+-  binutils: Fix :cve_nist:`2022-48065`
+-  busybox: Fix :cve_nist:`2022-48174`
+-  cups: Fix :cve_nist:`2023-32360`
+-  curl: Fix :cve_nist:`2023-32001`
+-  dmidecode: Fix :cve_nist:`2023-30630`
+-  dropbear: Fix :cve_nist:`2023-36328`
+-  ffmpeg: Ignored :cve_nist:`2023-39018`
+-  file: Fix :cve_nist:`2022-48554`
+-  flac: Fix :cve_nist:`2020-22219`
+-  gcc: Fix :cve_nist:`2023-4039`
+-  gdb: Fix :cve_nist:`2023-39128`
+-  ghostscript: Fix :cve_nist:`2023-38559`
+-  glib-2.0: Fix :cve_nist:`2023-29499`, :cve_nist:`2023-32611`, :cve_nist:`2023-32636`, :cve_nist:`2023-32643` and :cve_nist:`2023-32665`
+-  go: Fix :cve_nist:`2023-29409` and :cve_nist:`2023-39319`
 -  gstreamer1.0-plugins-bad: Fix :cve_mitre:`2023-37329`
 -  gstreamer1.0-plugins-base: Fix :cve_mitre:`2023-37328`
 -  gstreamer1.0-plugins-good: Fix :cve_mitre:`2023-37327`
--  inetutils: Fix :cve:`2023-40303`
--  json-c: Fix :cve:`2021-32292`
--  librsvg: Fix :cve:`2023-38633`
--  libssh2: Fix :cve:`2020-22218`
--  libtiff: Fix :cve:`2023-26966`
--  libxml2: Fix :cve:`2023-39615`
--  linux-yocto/5.15: Ignore :cve:`2003-1604`, :cve:`2004-0230`, :cve:`2006-3635`, :cve:`2006-5331`, :cve:`2006-6128`, :cve:`2007-4774`, :cve:`2007-6761`, :cve:`2007-6762`, :cve:`2008-7316`, :cve:`2009-2692`, :cve:`2010-0008`, :cve:`2010-3432`, :cve:`2010-4648`, :cve:`2010-5313`, :cve:`2010-5328`, :cve:`2010-5329`, :cve:`2010-5331`, :cve:`2010-5332`, :cve:`2011-4098`, :cve:`2011-4131`, :cve:`2011-4915`, :cve:`2011-5321`, :cve:`2011-5327`, :cve:`2012-0957`, :cve:`2012-2119`, :cve:`2012-2136`, :cve:`2012-2137`, :cve:`2012-2313`, :cve:`2012-2319`, :cve:`2012-2372`, :cve:`2012-2375`, :cve:`2012-2390`, :cve:`2012-2669`, :cve:`2012-2744`, :cve:`2012-2745`, :cve:`2012-3364`, :cve:`2012-3375`, :cve:`2012-3400`, :cve:`2012-3412`, :cve:`2012-3430`, :cve:`2012-3510`, :cve:`2012-3511`, :cve:`2012-3520`, :cve:`2012-3552`, :cve:`2012-4398`, :cve:`2012-4444`, :cve:`2012-4461`, :cve:`2012-4467`, :cve:`2012-4508`, :cve:`2012-4530`, :cve:`2012-4565`, :cve:`2012-5374`, :cve:`2012-5375`, :cve:`2012-5517`, :cve:`2012-6536`, :cve:`2012-6537`, :cve:`2012-6538`, :cve:`2012-6539`, :cve:`2012-6540`, :cve:`2012-6541`, :cve:`2012-6542`, :cve:`2012-6543`, :cve:`2012-6544`, :cve:`2012-6545`, :cve:`2012-6546`, :cve:`2012-6547`, :cve:`2012-6548`, :cve:`2012-6549`, :cve:`2012-6638`, :cve:`2012-6647`, :cve:`2012-6657`, :cve:`2012-6689`, :cve:`2012-6701`, :cve:`2012-6703`, :cve:`2012-6704`, :cve:`2012-6712`, :cve:`2013-0160`, :cve:`2013-0190`, :cve:`2013-0216`, :cve:`2013-0217`, :cve:`2013-0228`, :cve:`2013-0231`, :cve:`2013-0268`, :cve:`2013-0290`, :cve:`2013-0309`, :cve:`2013-0310`, :cve:`2013-0311`, :cve:`2013-0313`, :cve:`2013-0343`, :cve:`2013-0349`, :cve:`2013-0871`, :cve:`2013-0913`, :cve:`2013-0914`, :cve:`2013-1059`, :cve:`2013-1763`, :cve:`2013-1767`, :cve:`2013-1772`, :cve:`2013-1773`, :cve:`2013-1774`, :cve:`2013-1792`, :cve:`2013-1796`, :cve:`2013-1797`, :cve:`2013-1798`, :cve:`2013-1819`, :cve:`2013-1826`, :cve:`2013-1827`, :cve:`2013-1828`, :cve:`2013-1848`, :cve:`2013-1858`, :cve:`2013-1860`, :cve:`2013-1928`, :cve:`2013-1929`, :cve:`2013-1943`, :cve:`2013-1956`, :cve:`2013-1957`, :cve:`2013-1958`, :cve:`2013-1959`, :cve:`2013-1979`, :cve:`2013-2015`, :cve:`2013-2017`, :cve:`2013-2058`, :cve:`2013-2094`, :cve:`2013-2128`, :cve:`2013-2140`, :cve:`2013-2141`, :cve:`2013-2146`, :cve:`2013-2147`, :cve:`2013-2148`, :cve:`2013-2164`, :cve:`2013-2206`, :cve:`2013-2232`, :cve:`2013-2234`, :cve:`2013-2237`, :cve:`2013-2546`, :cve:`2013-2547`, :cve:`2013-2548`, :cve:`2013-2596`, :cve:`2013-2634`, :cve:`2013-2635`, :cve:`2013-2636`, :cve:`2013-2850`, :cve:`2013-2851`, :cve:`2013-2852`, :cve:`2013-2888`, :cve:`2013-2889`, :cve:`2013-2890`, :cve:`2013-2891`, :cve:`2013-2892`, :cve:`2013-2893`, :cve:`2013-2894`, :cve:`2013-2895`, :cve:`2013-2896`, :cve:`2013-2897`, :cve:`2013-2898`, :cve:`2013-2899`, :cve:`2013-2929`, :cve:`2013-2930`, :cve:`2013-3076`, :cve:`2013-3222`, :cve:`2013-3223`, :cve:`2013-3224`, :cve:`2013-3225`, :cve:`2013-3226`, :cve:`2013-3227`, :cve:`2013-3228`, :cve:`2013-3229`, :cve:`2013-3230`, :cve:`2013-3231`, :cve:`2013-3232`, :cve:`2013-3233`, :cve:`2013-3234`, :cve:`2013-3235`, :cve:`2013-3236`, :cve:`2013-3237`, :cve:`2013-3301`, :cve:`2013-3302`, :cve:`2013-4125`, :cve:`2013-4127`, :cve:`2013-4129`, :cve:`2013-4162`, :cve:`2013-4163`, :cve:`2013-4205`, :cve:`2013-4220`, :cve:`2013-4247`, :cve:`2013-4254`, :cve:`2013-4270`, :cve:`2013-4299`, :cve:`2013-4300`, :cve:`2013-4312`, :cve:`2013-4343`, :cve:`2013-4345`, :cve:`2013-4348`, :cve:`2013-4350`, :cve:`2013-4387`, :cve:`2013-4470`, :cve:`2013-4483`, :cve:`2013-4511`, :cve:`2013-4512`, :cve:`2013-4513`, :cve:`2013-4514`, :cve:`2013-4515`, :cve:`2013-4516`, :cve:`2013-4563`, :cve:`2013-4579`, :cve:`2013-4587`, :cve:`2013-4588`, :cve:`2013-4591`, :cve:`2013-4592`, :cve:`2013-5634`, :cve:`2013-6282`, :cve:`2013-6367`, :cve:`2013-6368`, :cve:`2013-6376`, :cve:`2013-6378`, :cve:`2013-6380`, :cve:`2013-6381`, :cve:`2013-6382`, :cve:`2013-6383`, :cve:`2013-6431`, :cve:`2013-6432`, :cve:`2013-6885`, :cve:`2013-7026`, :cve:`2013-7027`, :cve:`2013-7263`, :cve:`2013-7264`, :cve:`2013-7265`, :cve:`2013-7266`, :cve:`2013-7267`, :cve:`2013-7268`, :cve:`2013-7269`, :cve:`2013-7270`, :cve:`2013-7271`, :cve:`2013-7281`, :cve:`2013-7339`, :cve:`2013-7348`, :cve:`2013-7421`, :cve:`2013-7446`, :cve:`2013-7470`, :cve:`2014-0038`, :cve:`2014-0049`, :cve:`2014-0055`, :cve:`2014-0069`, :cve:`2014-0077`, :cve:`2014-0100`, :cve:`2014-0101`, :cve:`2014-0102`, :cve:`2014-0131`, :cve:`2014-0155`, :cve:`2014-0181`, :cve:`2014-0196`, :cve:`2014-0203`, :cve:`2014-0205`, :cve:`2014-0206`, :cve:`2014-1438`, :cve:`2014-1444`, :cve:`2014-1445`, :cve:`2014-1446`, :cve:`2014-1690`, :cve:`2014-1737`, :cve:`2014-1738`, :cve:`2014-1739`, :cve:`2014-1874`, :cve:`2014-2038`, :cve:`2014-2039`, :cve:`2014-2309`, :cve:`2014-2523`, :cve:`2014-2568`, :cve:`2014-2580`, :cve:`2014-2672`, :cve:`2014-2673`, :cve:`2014-2678`, :cve:`2014-2706`, :cve:`2014-2739`, :cve:`2014-2851`, :cve:`2014-2889`, :cve:`2014-3122`, :cve:`2014-3144`, :cve:`2014-3145`, :cve:`2014-3153`, :cve:`2014-3180`, :cve:`2014-3181`, :cve:`2014-3182`, :cve:`2014-3183`, :cve:`2014-3184`, :cve:`2014-3185`, :cve:`2014-3186`, :cve:`2014-3534`, :cve:`2014-3535`, :cve:`2014-3601`, :cve:`2014-3610`, :cve:`2014-3611`, :cve:`2014-3631`, :cve:`2014-3645`, :cve:`2014-3646`, :cve:`2014-3647`, :cve:`2014-3673`, :cve:`2014-3687`, :cve:`2014-3688`, :cve:`2014-3690`, :cve:`2014-3917`, :cve:`2014-3940`, :cve:`2014-4014`, :cve:`2014-4027`, :cve:`2014-4157`, :cve:`2014-4171`, :cve:`2014-4508`, :cve:`2014-4608`, :cve:`2014-4611`, :cve:`2014-4652`, :cve:`2014-4653`, :cve:`2014-4654`, :cve:`2014-4655`, :cve:`2014-4656`, :cve:`2014-4667`, :cve:`2014-4699`, :cve:`2014-4943`, :cve:`2014-5045`, :cve:`2014-5077`, :cve:`2014-5206`, :cve:`2014-5207`, :cve:`2014-5471`, :cve:`2014-5472`, :cve:`2014-6410`, :cve:`2014-6416`, :cve:`2014-6417`, :cve:`2014-6418`, :cve:`2014-7145`, :cve:`2014-7283`, :cve:`2014-7284`, :cve:`2014-7822`, :cve:`2014-7825`, :cve:`2014-7826`, :cve:`2014-7841`, :cve:`2014-7842`, :cve:`2014-7843`, :cve:`2014-7970`, :cve:`2014-7975`, :cve:`2014-8086`, :cve:`2014-8133`, :cve:`2014-8134`, :cve:`2014-8159`, :cve:`2014-8160`, :cve:`2014-8171`, :cve:`2014-8172`, :cve:`2014-8173`, :cve:`2014-8369`, :cve:`2014-8480`, :cve:`2014-8481`, :cve:`2014-8559`, :cve:`2014-8709`, :cve:`2014-8884`, :cve:`2014-8989`, :cve:`2014-9090`, :cve:`2014-9322`, :cve:`2014-9419`, :cve:`2014-9420`, :cve:`2014-9428`, :cve:`2014-9529`, :cve:`2014-9584`, :cve:`2014-9585`, :cve:`2014-9644`, :cve:`2014-9683`, :cve:`2014-9710`, :cve:`2014-9715`, :cve:`2014-9717`, :cve:`2014-9728`, :cve:`2014-9729`, :cve:`2014-9730`, :cve:`2014-9731`, :cve:`2014-9803`, :cve:`2014-9870`, :cve:`2014-9888`, :cve:`2014-9895`, :cve:`2014-9903`, :cve:`2014-9904`, :cve:`2014-9914`, :cve:`2014-9922`, :cve:`2014-9940`, :cve:`2015-0239`, :cve:`2015-0274`, :cve:`2015-0275`, :cve:`2015-1333`, :cve:`2015-1339`, :cve:`2015-1350`, :cve:`2015-1420`, :cve:`2015-1421`, :cve:`2015-1465`, :cve:`2015-1573`, :cve:`2015-1593`, :cve:`2015-1805`, :cve:`2015-2041`, :cve:`2015-2042`, :cve:`2015-2150`, :cve:`2015-2666`, :cve:`2015-2672`, :cve:`2015-2686`, :cve:`2015-2830`, :cve:`2015-2922`, :cve:`2015-2925`, :cve:`2015-3212`, :cve:`2015-3214`, :cve:`2015-3288`, :cve:`2015-3290`, :cve:`2015-3291`, :cve:`2015-3331`, :cve:`2015-3339`, :cve:`2015-3636`, :cve:`2015-4001`, :cve:`2015-4002`, :cve:`2015-4003`, :cve:`2015-4004`, :cve:`2015-4036`, :cve:`2015-4167`, :cve:`2015-4170`, :cve:`2015-4176`, :cve:`2015-4177`, :cve:`2015-4178`, :cve:`2015-4692`, :cve:`2015-4700`, :cve:`2015-5156`, :cve:`2015-5157`, :cve:`2015-5257`, :cve:`2015-5283`, :cve:`2015-5307`, :cve:`2015-5327`, :cve:`2015-5364`, :cve:`2015-5366`, :cve:`2015-5697`, :cve:`2015-5706`, :cve:`2015-5707`, :cve:`2015-6252`, :cve:`2015-6526`, :cve:`2015-6937`, :cve:`2015-7509`, :cve:`2015-7513`, :cve:`2015-7515`, :cve:`2015-7550`, :cve:`2015-7566`, :cve:`2015-7613`, :cve:`2015-7799`, :cve:`2015-7833`, :cve:`2015-7872`, :cve:`2015-7884`, :cve:`2015-7885`, :cve:`2015-7990`, :cve:`2015-8104`, :cve:`2015-8215`, :cve:`2015-8324`, :cve:`2015-8374`, :cve:`2015-8539`, :cve:`2015-8543`, :cve:`2015-8550`, :cve:`2015-8551`, :cve:`2015-8552`, :cve:`2015-8553`, :cve:`2015-8569`, :cve:`2015-8575`, :cve:`2015-8660`, :cve:`2015-8709`, :cve:`2015-8746`, :cve:`2015-8767`, :cve:`2015-8785`, :cve:`2015-8787`, :cve:`2015-8812`, :cve:`2015-8816`, :cve:`2015-8830`, :cve:`2015-8839`, :cve:`2015-8844`, :cve:`2015-8845`, :cve:`2015-8950`, :cve:`2015-8952`, :cve:`2015-8953`, :cve:`2015-8955`, :cve:`2015-8956`, :cve:`2015-8961`, :cve:`2015-8962`, :cve:`2015-8963`, :cve:`2015-8964`, :cve:`2015-8966`, :cve:`2015-8967`, :cve:`2015-8970`, :cve:`2015-9004`, :cve:`2015-9016`, :cve:`2015-9289`, :cve:`2016-0617`, :cve:`2016-0723`, :cve:`2016-0728`, :cve:`2016-0758`, :cve:`2016-0821`, :cve:`2016-0823`, :cve:`2016-10044`, :cve:`2016-10088`, :cve:`2016-10147`, :cve:`2016-10150`, :cve:`2016-10153`, :cve:`2016-10154`, :cve:`2016-10200`, :cve:`2016-10208`, :cve:`2016-10229`, :cve:`2016-10318`, :cve:`2016-10723`, :cve:`2016-10741`, :cve:`2016-10764`, :cve:`2016-10905`, :cve:`2016-10906`, :cve:`2016-10907`, :cve:`2016-1237`, :cve:`2016-1575`, :cve:`2016-1576`, :cve:`2016-1583`, :cve:`2016-2053`, :cve:`2016-2069`, :cve:`2016-2070`, :cve:`2016-2085`, :cve:`2016-2117`, :cve:`2016-2143`, :cve:`2016-2184`, :cve:`2016-2185`, :cve:`2016-2186`, :cve:`2016-2187`, :cve:`2016-2188`, :cve:`2016-2383`, :cve:`2016-2384`, :cve:`2016-2543`, :cve:`2016-2544`, :cve:`2016-2545`, :cve:`2016-2546`, :cve:`2016-2547`, :cve:`2016-2548`, :cve:`2016-2549`, :cve:`2016-2550`, :cve:`2016-2782`, :cve:`2016-2847`, :cve:`2016-3044`, :cve:`2016-3070`, :cve:`2016-3134`, :cve:`2016-3135`, :cve:`2016-3136`, :cve:`2016-3137`, :cve:`2016-3138`, :cve:`2016-3139`, :cve:`2016-3140`, :cve:`2016-3156`, :cve:`2016-3157`, :cve:`2016-3672`, :cve:`2016-3689`, :cve:`2016-3713`, :cve:`2016-3841`, :cve:`2016-3857`, :cve:`2016-3951`, :cve:`2016-3955`, :cve:`2016-3961`, :cve:`2016-4440`, :cve:`2016-4470`, :cve:`2016-4482`, :cve:`2016-4485`, :cve:`2016-4486`, :cve:`2016-4557`, :cve:`2016-4558`, :cve:`2016-4565`, :cve:`2016-4568`, :cve:`2016-4569`, :cve:`2016-4578`, :cve:`2016-4580`, :cve:`2016-4581`, :cve:`2016-4794`, :cve:`2016-4805`, :cve:`2016-4913`, :cve:`2016-4951`, :cve:`2016-4997`, :cve:`2016-4998`, :cve:`2016-5195`, :cve:`2016-5243`, :cve:`2016-5244`, :cve:`2016-5400`, :cve:`2016-5412`, :cve:`2016-5696`, :cve:`2016-5728`, :cve:`2016-5828`, :cve:`2016-5829`, :cve:`2016-6130`, :cve:`2016-6136`, :cve:`2016-6156`, :cve:`2016-6162`, :cve:`2016-6187`, :cve:`2016-6197`, :cve:`2016-6198`, :cve:`2016-6213`, :cve:`2016-6327`, :cve:`2016-6480`, :cve:`2016-6516`, :cve:`2016-6786`, :cve:`2016-6787`, :cve:`2016-6828`, :cve:`2016-7039`, :cve:`2016-7042`, :cve:`2016-7097`, :cve:`2016-7117`, :cve:`2016-7425`, :cve:`2016-7910`, :cve:`2016-7911`, :cve:`2016-7912`, :cve:`2016-7913`, :cve:`2016-7914`, :cve:`2016-7915`, :cve:`2016-7916`, :cve:`2016-7917`, :cve:`2016-8399`, :cve:`2016-8405`, :cve:`2016-8630`, :cve:`2016-8632`, :cve:`2016-8633`, :cve:`2016-8636`, :cve:`2016-8645`, :cve:`2016-8646`, :cve:`2016-8650`, :cve:`2016-8655`, :cve:`2016-8658`, :cve:`2016-8666`, :cve:`2016-9083`, :cve:`2016-9084`, :cve:`2016-9120`, :cve:`2016-9178`, :cve:`2016-9191`, :cve:`2016-9313`, :cve:`2016-9555`, :cve:`2016-9576`, :cve:`2016-9588`, :cve:`2016-9604`, :cve:`2016-9685`, :cve:`2016-9754`, :cve:`2016-9755`, :cve:`2016-9756`, :cve:`2016-9777`, :cve:`2016-9793`, :cve:`2016-9794`, :cve:`2016-9806`, :cve:`2016-9919`, :cve:`2017-0605`, :cve:`2017-0627`, :cve:`2017-0750`, :cve:`2017-0786`, :cve:`2017-0861`, :cve:`2017-1000`, :cve:`2017-1000111`, :cve:`2017-1000112`, :cve:`2017-1000251`, :cve:`2017-1000252`, :cve:`2017-1000253`, :cve:`2017-1000255`, :cve:`2017-1000363`, :cve:`2017-1000364`, :cve:`2017-1000365`, :cve:`2017-1000370`, :cve:`2017-1000371`, :cve:`2017-1000379`, :cve:`2017-1000380`, :cve:`2017-1000405`, :cve:`2017-1000407`, :cve:`2017-1000410`, :cve:`2017-10661`, :cve:`2017-10662`, :cve:`2017-10663`, :cve:`2017-10810`, :cve:`2017-10911`, :cve:`2017-11089`, :cve:`2017-11176`, :cve:`2017-11472`, :cve:`2017-11473`, :cve:`2017-11600`, :cve:`2017-12134`, :cve:`2017-12146`, :cve:`2017-12153`, :cve:`2017-12154`, :cve:`2017-12168`, :cve:`2017-12188`, :cve:`2017-12190`, :cve:`2017-12192`, :cve:`2017-12193`, :cve:`2017-12762`, :cve:`2017-13080`, :cve:`2017-13166`, :cve:`2017-13167`, :cve:`2017-13168`, :cve:`2017-13215`, :cve:`2017-13216`, :cve:`2017-13220`, :cve:`2017-13305`, :cve:`2017-13686`, :cve:`2017-13695`, :cve:`2017-13715`, :cve:`2017-14051`, :cve:`2017-14106`, :cve:`2017-14140`, :cve:`2017-14156`, :cve:`2017-14340`, :cve:`2017-14489`, :cve:`2017-14497`, :cve:`2017-14954`, :cve:`2017-14991`, :cve:`2017-15102`, :cve:`2017-15115`, :cve:`2017-15116`, :cve:`2017-15121`, :cve:`2017-15126`, :cve:`2017-15127`, :cve:`2017-15128`, :cve:`2017-15129`, :cve:`2017-15265`, :cve:`2017-15274`, :cve:`2017-15299`, :cve:`2017-15306`, :cve:`2017-15537`, :cve:`2017-15649`, :cve:`2017-15868`, :cve:`2017-15951`, :cve:`2017-16525`, :cve:`2017-16526`, :cve:`2017-16527`, :cve:`2017-16528`, :cve:`2017-16529`, :cve:`2017-16530`, :cve:`2017-16531`, :cve:`2017-16532`, :cve:`2017-16533`, :cve:`2017-16534`, :cve:`2017-16535`, :cve:`2017-16536`, :cve:`2017-16537`, :cve:`2017-16538`, :cve:`2017-16643`, :cve:`2017-16644`, :cve:`2017-16645`, :cve:`2017-16646`, :cve:`2017-16647`, :cve:`2017-16648`, :cve:`2017-16649`, :cve:`2017-16650`, :cve:`2017-16911`, :cve:`2017-16912`, :cve:`2017-16913`, :cve:`2017-16914`, :cve:`2017-16939`, :cve:`2017-16994`, :cve:`2017-16995`, :cve:`2017-16996`, :cve:`2017-17052`, :cve:`2017-17053`, :cve:`2017-17448`, :cve:`2017-17449`, :cve:`2017-17450`, :cve:`2017-17558`, :cve:`2017-17712`, :cve:`2017-17741`, :cve:`2017-17805`, :cve:`2017-17806`, :cve:`2017-17807`, :cve:`2017-17852`, :cve:`2017-17853`, :cve:`2017-17854`, :cve:`2017-17855`, :cve:`2017-17856`, :cve:`2017-17857`, :cve:`2017-17862`, :cve:`2017-17863`, :cve:`2017-17864`, :cve:`2017-17975`, :cve:`2017-18017`, :cve:`2017-18075`, :cve:`2017-18079`, :cve:`2017-18174`, :cve:`2017-18193`, :cve:`2017-18200`, :cve:`2017-18202`, :cve:`2017-18203`, :cve:`2017-18204`, :cve:`2017-18208`, :cve:`2017-18216`, :cve:`2017-18218`, :cve:`2017-18221`, :cve:`2017-18222`, :cve:`2017-18224`, :cve:`2017-18232`, :cve:`2017-18241`, :cve:`2017-18249`, :cve:`2017-18255`, :cve:`2017-18257`, :cve:`2017-18261`, :cve:`2017-18270`, :cve:`2017-18344`, :cve:`2017-18360`, :cve:`2017-18379`, :cve:`2017-18509`, :cve:`2017-18549`, :cve:`2017-18550`, :cve:`2017-18551`, :cve:`2017-18552`, :cve:`2017-18595`, :cve:`2017-2583`, :cve:`2017-2584`, :cve:`2017-2596`, :cve:`2017-2618`, :cve:`2017-2634`, :cve:`2017-2636`, :cve:`2017-2647`, :cve:`2017-2671`, :cve:`2017-5123`, :cve:`2017-5546`, :cve:`2017-5547`, :cve:`2017-5548`, :cve:`2017-5549`, :cve:`2017-5550`, :cve:`2017-5551`, :cve:`2017-5576`, :cve:`2017-5577`, :cve:`2017-5669`, :cve:`2017-5715`, :cve:`2017-5753`, :cve:`2017-5754`, :cve:`2017-5897`, :cve:`2017-5967`, :cve:`2017-5970`, :cve:`2017-5972`, :cve:`2017-5986`, :cve:`2017-6001`, :cve:`2017-6074`, :cve:`2017-6214`, :cve:`2017-6345`, :cve:`2017-6346`, :cve:`2017-6347`, :cve:`2017-6348`, :cve:`2017-6353`, :cve:`2017-6874`, :cve:`2017-6951`, :cve:`2017-7184`, :cve:`2017-7187`, :cve:`2017-7261`, :cve:`2017-7273`, :cve:`2017-7277`, :cve:`2017-7294`, :cve:`2017-7308`, :cve:`2017-7346`, :cve:`2017-7374`, :cve:`2017-7472`, :cve:`2017-7477`, :cve:`2017-7482`, :cve:`2017-7487`, :cve:`2017-7495`, :cve:`2017-7518`, :cve:`2017-7533`, :cve:`2017-7541`, :cve:`2017-7542`, :cve:`2017-7558`, :cve:`2017-7616`, :cve:`2017-7618`, :cve:`2017-7645`, :cve:`2017-7889`, :cve:`2017-7895`, :cve:`2017-7979`, :cve:`2017-8061`, :cve:`2017-8062`, :cve:`2017-8063`, :cve:`2017-8064`, :cve:`2017-8065`, :cve:`2017-8066`, :cve:`2017-8067`, :cve:`2017-8068`, :cve:`2017-8069`, :cve:`2017-8070`, :cve:`2017-8071`, :cve:`2017-8072`, :cve:`2017-8106`, :cve:`2017-8240`, :cve:`2017-8797`, :cve:`2017-8824`, :cve:`2017-8831`, :cve:`2017-8890`, :cve:`2017-8924`, :cve:`2017-8925`, :cve:`2017-9059`, :cve:`2017-9074`, :cve:`2017-9075`, :cve:`2017-9076`, :cve:`2017-9077`, :cve:`2017-9150`, :cve:`2017-9211`, :cve:`2017-9242`, :cve:`2017-9605`, :cve:`2017-9725`, :cve:`2017-9984`, :cve:`2017-9985`, :cve:`2017-9986`, :cve:`2018-1000004`, :cve:`2018-1000026`, :cve:`2018-1000028`, :cve:`2018-1000199`, :cve:`2018-1000200`, :cve:`2018-1000204`, :cve:`2018-10021`, :cve:`2018-10074`, :cve:`2018-10087`, :cve:`2018-10124`, :cve:`2018-10322`, :cve:`2018-10323`, :cve:`2018-1065`, :cve:`2018-1066`, :cve:`2018-10675`, :cve:`2018-1068`, :cve:`2018-10840`, :cve:`2018-10853`, :cve:`2018-1087`, :cve:`2018-10876`, :cve:`2018-10877`, :cve:`2018-10878`, :cve:`2018-10879`, :cve:`2018-10880`, :cve:`2018-10881`, :cve:`2018-10882`, :cve:`2018-10883`, :cve:`2018-10901`, :cve:`2018-10902`, :cve:`2018-1091`, :cve:`2018-1092`, :cve:`2018-1093`, :cve:`2018-10938`, :cve:`2018-1094`, :cve:`2018-10940`, :cve:`2018-1095`, :cve:`2018-1108`, :cve:`2018-1118`, :cve:`2018-1120`, :cve:`2018-11232`, :cve:`2018-1128`, :cve:`2018-1129`, :cve:`2018-1130`, :cve:`2018-11412`, :cve:`2018-11506`, :cve:`2018-11508`, :cve:`2018-12126`, :cve:`2018-12127`, :cve:`2018-12130`, :cve:`2018-12207`, :cve:`2018-12232`, :cve:`2018-12233`, :cve:`2018-12633`, :cve:`2018-12714`, :cve:`2018-12896`, :cve:`2018-12904`, :cve:`2018-13053`, :cve:`2018-13093`, :cve:`2018-13094`, :cve:`2018-13095`, :cve:`2018-13096`, :cve:`2018-13097`, :cve:`2018-13098`, :cve:`2018-13099`, :cve:`2018-13100`, :cve:`2018-13405`, :cve:`2018-13406`, :cve:`2018-14609`, :cve:`2018-14610`, :cve:`2018-14611`, :cve:`2018-14612`, :cve:`2018-14613`, :cve:`2018-14614`, :cve:`2018-14615`, :cve:`2018-14616`, :cve:`2018-14617`, :cve:`2018-14619`, :cve:`2018-14625`, :cve:`2018-14633`, :cve:`2018-14634`, :cve:`2018-14641`, :cve:`2018-14646`, :cve:`2018-14656`, :cve:`2018-14678`, :cve:`2018-14734`, :cve:`2018-15471`, :cve:`2018-15572`, :cve:`2018-15594`, :cve:`2018-16276`, :cve:`2018-16597`, :cve:`2018-16658`, :cve:`2018-16862`, :cve:`2018-16871`, :cve:`2018-16880`, :cve:`2018-16882`, :cve:`2018-16884`, :cve:`2018-17182`, :cve:`2018-17972`, :cve:`2018-18021`, :cve:`2018-18281`, :cve:`2018-18386`, :cve:`2018-18397`, :cve:`2018-18445`, :cve:`2018-18559`, :cve:`2018-18690`, :cve:`2018-18710`, :cve:`2018-18955`, :cve:`2018-19406`, :cve:`2018-19407`, :cve:`2018-19824`, :cve:`2018-19854`, :cve:`2018-19985`, :cve:`2018-20169`, :cve:`2018-20449`, :cve:`2018-20509`, :cve:`2018-20510`, :cve:`2018-20511`, :cve:`2018-20669`, :cve:`2018-20784`, :cve:`2018-20836`, :cve:`2018-20854`, :cve:`2018-20855`, :cve:`2018-20856`, :cve:`2018-20961`, :cve:`2018-20976`, :cve:`2018-21008`, :cve:`2018-25015`, :cve:`2018-25020`, :cve:`2018-3620`, :cve:`2018-3639`, :cve:`2018-3646`, :cve:`2018-3665`, :cve:`2018-3693`, :cve:`2018-5332`, :cve:`2018-5333`, :cve:`2018-5344`, :cve:`2018-5390`, :cve:`2018-5391`, :cve:`2018-5703`, :cve:`2018-5750`, :cve:`2018-5803`, :cve:`2018-5814`, :cve:`2018-5848`, :cve:`2018-5873`, :cve:`2018-5953`, :cve:`2018-5995`, :cve:`2018-6412`, :cve:`2018-6554`, :cve:`2018-6555`, :cve:`2018-6927`, :cve:`2018-7191`, :cve:`2018-7273`, :cve:`2018-7480`, :cve:`2018-7492`, :cve:`2018-7566`, :cve:`2018-7740`, :cve:`2018-7754`, :cve:`2018-7755`, :cve:`2018-7757`, :cve:`2018-7995`, :cve:`2018-8043`, :cve:`2018-8087`, :cve:`2018-8781`, :cve:`2018-8822`, :cve:`2018-8897`, :cve:`2018-9363`, :cve:`2018-9385`, :cve:`2018-9415`, :cve:`2018-9422`, :cve:`2018-9465`, :cve:`2018-9516`, :cve:`2018-9517`, :cve:`2018-9518`, :cve:`2018-9568`, :cve:`2019-0136`, :cve:`2019-0145`, :cve:`2019-0146`, :cve:`2019-0147`, :cve:`2019-0148`, :cve:`2019-0149`, :cve:`2019-0154`, :cve:`2019-0155`, :cve:`2019-10124`, :cve:`2019-10125`, :cve:`2019-10126`, :cve:`2019-10142`, :cve:`2019-10207`, :cve:`2019-10220`, :cve:`2019-10638`, :cve:`2019-10639`, :cve:`2019-11085`, :cve:`2019-11091`, :cve:`2019-11135`, :cve:`2019-11190`, :cve:`2019-11191`, :cve:`2019-1125`, :cve:`2019-11477`, :cve:`2019-11478`, :cve:`2019-11479`, :cve:`2019-11486`, :cve:`2019-11487`, :cve:`2019-11599`, :cve:`2019-11683`, :cve:`2019-11810`, :cve:`2019-11811`, :cve:`2019-11815`, :cve:`2019-11833`, :cve:`2019-11884`, :cve:`2019-12378`, :cve:`2019-12379`, :cve:`2019-12380`, :cve:`2019-12381`, :cve:`2019-12382`, :cve:`2019-12454`, :cve:`2019-12455`, :cve:`2019-12614`, :cve:`2019-12615`, :cve:`2019-12817`, :cve:`2019-12818`, :cve:`2019-12819`, :cve:`2019-12881`, :cve:`2019-12984`, :cve:`2019-13233`, :cve:`2019-13272`, :cve:`2019-13631`, :cve:`2019-13648`, :cve:`2019-14283`, :cve:`2019-14284`, :cve:`2019-14615`, :cve:`2019-14763`, :cve:`2019-14814`, :cve:`2019-14815`, :cve:`2019-14816`, :cve:`2019-14821`, :cve:`2019-14835`, :cve:`2019-14895`, :cve:`2019-14896`, :cve:`2019-14897`, :cve:`2019-14901`, :cve:`2019-15030`, :cve:`2019-15031`, :cve:`2019-15090`, :cve:`2019-15098`, :cve:`2019-15099`, :cve:`2019-15117`, :cve:`2019-15118`, :cve:`2019-15211`, :cve:`2019-15212`, :cve:`2019-15213`, :cve:`2019-15214`, :cve:`2019-15215`, :cve:`2019-15216`, :cve:`2019-15217`, :cve:`2019-15218`, :cve:`2019-15219`, :cve:`2019-15220`, :cve:`2019-15221`, :cve:`2019-15222`, :cve:`2019-15223`, :cve:`2019-15291`, :cve:`2019-15292`, :cve:`2019-15504`, :cve:`2019-15505`, :cve:`2019-15538`, :cve:`2019-15666`, :cve:`2019-15794`, :cve:`2019-15807`, :cve:`2019-15916`, :cve:`2019-15917`, :cve:`2019-15918`, :cve:`2019-15919`, :cve:`2019-15920`, :cve:`2019-15921`, :cve:`2019-15922`, :cve:`2019-15923`, :cve:`2019-15924`, :cve:`2019-15925`, :cve:`2019-15926`, :cve:`2019-15927`, :cve:`2019-16229`, :cve:`2019-16230`, :cve:`2019-16231`, :cve:`2019-16232`, :cve:`2019-16233`, :cve:`2019-16234`, :cve:`2019-16413`, :cve:`2019-16714`, :cve:`2019-16746`, :cve:`2019-16921`, :cve:`2019-16994`, :cve:`2019-16995`, :cve:`2019-17052`, :cve:`2019-17053`, :cve:`2019-17054`, :cve:`2019-17055`, :cve:`2019-17056`, :cve:`2019-17075`, :cve:`2019-17133`, :cve:`2019-17351`, :cve:`2019-17666`, :cve:`2019-18198`, :cve:`2019-18282`, :cve:`2019-18660`, :cve:`2019-18675`, :cve:`2019-18683`, :cve:`2019-18786`, :cve:`2019-18805`, :cve:`2019-18806`, :cve:`2019-18807`, :cve:`2019-18808`, :cve:`2019-18809`, :cve:`2019-18810`, :cve:`2019-18811`, :cve:`2019-18812`, :cve:`2019-18813`, :cve:`2019-18814`, :cve:`2019-18885`, :cve:`2019-19036`, :cve:`2019-19037`, :cve:`2019-19039`, :cve:`2019-19043`, :cve:`2019-19044`, :cve:`2019-19045`, :cve:`2019-19046`, :cve:`2019-19047`, :cve:`2019-19048`, :cve:`2019-19049`, :cve:`2019-19050`, :cve:`2019-19051`, :cve:`2019-19052`, :cve:`2019-19053`, :cve:`2019-19054`, :cve:`2019-19055`, :cve:`2019-19056`, :cve:`2019-19057`, :cve:`2019-19058`, :cve:`2019-19059`, :cve:`2019-19060`, :cve:`2019-19061`, :cve:`2019-19062`, :cve:`2019-19063`, :cve:`2019-19064`, :cve:`2019-19065`, :cve:`2019-19066`, :cve:`2019-19067`, :cve:`2019-19068`, :cve:`2019-19069`, :cve:`2019-19070`, :cve:`2019-19071`, :cve:`2019-19072`, :cve:`2019-19073`, :cve:`2019-19074`, :cve:`2019-19075`, :cve:`2019-19076`, :cve:`2019-19077`, :cve:`2019-19078`, :cve:`2019-19079`, :cve:`2019-19080`, :cve:`2019-19081`, :cve:`2019-19082`, :cve:`2019-19083`, :cve:`2019-19227`, :cve:`2019-19241`, :cve:`2019-19252`, :cve:`2019-19318`, :cve:`2019-19319`, :cve:`2019-19332`, :cve:`2019-19338`, :cve:`2019-19377`, :cve:`2019-19447`, :cve:`2019-19448`, :cve:`2019-19449`, :cve:`2019-19462`, :cve:`2019-19523`, :cve:`2019-19524`, :cve:`2019-19525`, :cve:`2019-19526`, :cve:`2019-19527`, :cve:`2019-19528`, :cve:`2019-19529`, :cve:`2019-19530`, :cve:`2019-19531`, :cve:`2019-19532`, :cve:`2019-19533`, :cve:`2019-19534`, :cve:`2019-19535`, :cve:`2019-19536`, :cve:`2019-19537`, :cve:`2019-19543`, :cve:`2019-19602`, :cve:`2019-19767`, :cve:`2019-19768`, :cve:`2019-19769`, :cve:`2019-19770`, :cve:`2019-19807`, :cve:`2019-19813`, :cve:`2019-19815`, :cve:`2019-19816`, :cve:`2019-19922`, :cve:`2019-19927`, :cve:`2019-19947`, :cve:`2019-19965` and :cve:`2019-1999`
--  nasm: Fix :cve:`2020-21528`
--  ncurses: Fix :cve:`2023-29491`
--  nghttp2: Fix :cve:`2023-35945`
--  procps: Fix :cve:`2023-4016`
--  python3-certifi: Fix :cve:`2023-37920`
--  python3-git: Fix :cve:`2022-24439` and :cve:`2023-40267`
--  python3-pygments: Fix :cve:`2022-40896`
--  python3: Fix :cve:`2023-40217`
--  qemu: Fix :cve:`2020-14394`, :cve:`2021-3638`, :cve_mitre:`2023-2861`, :cve:`2023-3180` and :cve:`2023-3354`
--  tiff: fix :cve:`2023-2908`, :cve:`2023-3316` and :cve:`2023-3618`
--  vim: Fix :cve:`2023-3896`, :cve:`2023-4733`, :cve:`2023-4734`, :cve:`2023-4735`, :cve:`2023-4736`, :cve:`2023-4738`, :cve:`2023-4750` and :cve:`2023-4752`
--  webkitgtk: fix :cve:`2022-48503` and :cve:`2023-23529`
+-  inetutils: Fix :cve_nist:`2023-40303`
+-  json-c: Fix :cve_nist:`2021-32292`
+-  librsvg: Fix :cve_nist:`2023-38633`
+-  libssh2: Fix :cve_nist:`2020-22218`
+-  libtiff: Fix :cve_nist:`2023-26966`
+-  libxml2: Fix :cve_nist:`2023-39615`
+-  linux-yocto/5.15: Ignore :cve_nist:`2003-1604`, :cve_nist:`2004-0230`, :cve_nist:`2006-3635`, :cve_nist:`2006-5331`, :cve_nist:`2006-6128`, :cve_nist:`2007-4774`, :cve_nist:`2007-6761`, :cve_nist:`2007-6762`, :cve_nist:`2008-7316`, :cve_nist:`2009-2692`, :cve_nist:`2010-0008`, :cve_nist:`2010-3432`, :cve_nist:`2010-4648`, :cve_nist:`2010-5313`, :cve_nist:`2010-5328`, :cve_nist:`2010-5329`, :cve_nist:`2010-5331`, :cve_nist:`2010-5332`, :cve_nist:`2011-4098`, :cve_nist:`2011-4131`, :cve_nist:`2011-4915`, :cve_nist:`2011-5321`, :cve_nist:`2011-5327`, :cve_nist:`2012-0957`, :cve_nist:`2012-2119`, :cve_nist:`2012-2136`, :cve_nist:`2012-2137`, :cve_nist:`2012-2313`, :cve_nist:`2012-2319`, :cve_nist:`2012-2372`, :cve_nist:`2012-2375`, :cve_nist:`2012-2390`, :cve_nist:`2012-2669`, :cve_nist:`2012-2744`, :cve_nist:`2012-2745`, :cve_nist:`2012-3364`, :cve_nist:`2012-3375`, :cve_nist:`2012-3400`, :cve_nist:`2012-3412`, :cve_nist:`2012-3430`, :cve_nist:`2012-3510`, :cve_nist:`2012-3511`, :cve_nist:`2012-3520`, :cve_nist:`2012-3552`, :cve_nist:`2012-4398`, :cve_nist:`2012-4444`, :cve_nist:`2012-4461`, :cve_nist:`2012-4467`, :cve_nist:`2012-4508`, :cve_nist:`2012-4530`, :cve_nist:`2012-4565`, :cve_nist:`2012-5374`, :cve_nist:`2012-5375`, :cve_nist:`2012-5517`, :cve_nist:`2012-6536`, :cve_nist:`2012-6537`, :cve_nist:`2012-6538`, :cve_nist:`2012-6539`, :cve_nist:`2012-6540`, :cve_nist:`2012-6541`, :cve_nist:`2012-6542`, :cve_nist:`2012-6543`, :cve_nist:`2012-6544`, :cve_nist:`2012-6545`, :cve_nist:`2012-6546`, :cve_nist:`2012-6547`, :cve_nist:`2012-6548`, :cve_nist:`2012-6549`, :cve_nist:`2012-6638`, :cve_nist:`2012-6647`, :cve_nist:`2012-6657`, :cve_nist:`2012-6689`, :cve_nist:`2012-6701`, :cve_nist:`2012-6703`, :cve_nist:`2012-6704`, :cve_nist:`2012-6712`, :cve_nist:`2013-0160`, :cve_nist:`2013-0190`, :cve_nist:`2013-0216`, :cve_nist:`2013-0217`, :cve_nist:`2013-0228`, :cve_nist:`2013-0231`, :cve_nist:`2013-0268`, :cve_nist:`2013-0290`, :cve_nist:`2013-0309`, :cve_nist:`2013-0310`, :cve_nist:`2013-0311`, :cve_nist:`2013-0313`, :cve_nist:`2013-0343`, :cve_nist:`2013-0349`, :cve_nist:`2013-0871`, :cve_nist:`2013-0913`, :cve_nist:`2013-0914`, :cve_nist:`2013-1059`, :cve_nist:`2013-1763`, :cve_nist:`2013-1767`, :cve_nist:`2013-1772`, :cve_nist:`2013-1773`, :cve_nist:`2013-1774`, :cve_nist:`2013-1792`, :cve_nist:`2013-1796`, :cve_nist:`2013-1797`, :cve_nist:`2013-1798`, :cve_nist:`2013-1819`, :cve_nist:`2013-1826`, :cve_nist:`2013-1827`, :cve_nist:`2013-1828`, :cve_nist:`2013-1848`, :cve_nist:`2013-1858`, :cve_nist:`2013-1860`, :cve_nist:`2013-1928`, :cve_nist:`2013-1929`, :cve_nist:`2013-1943`, :cve_nist:`2013-1956`, :cve_nist:`2013-1957`, :cve_nist:`2013-1958`, :cve_nist:`2013-1959`, :cve_nist:`2013-1979`, :cve_nist:`2013-2015`, :cve_nist:`2013-2017`, :cve_nist:`2013-2058`, :cve_nist:`2013-2094`, :cve_nist:`2013-2128`, :cve_nist:`2013-2140`, :cve_nist:`2013-2141`, :cve_nist:`2013-2146`, :cve_nist:`2013-2147`, :cve_nist:`2013-2148`, :cve_nist:`2013-2164`, :cve_nist:`2013-2206`, :cve_nist:`2013-2232`, :cve_nist:`2013-2234`, :cve_nist:`2013-2237`, :cve_nist:`2013-2546`, :cve_nist:`2013-2547`, :cve_nist:`2013-2548`, :cve_nist:`2013-2596`, :cve_nist:`2013-2634`, :cve_nist:`2013-2635`, :cve_nist:`2013-2636`, :cve_nist:`2013-2850`, :cve_nist:`2013-2851`, :cve_nist:`2013-2852`, :cve_nist:`2013-2888`, :cve_nist:`2013-2889`, :cve_nist:`2013-2890`, :cve_nist:`2013-2891`, :cve_nist:`2013-2892`, :cve_nist:`2013-2893`, :cve_nist:`2013-2894`, :cve_nist:`2013-2895`, :cve_nist:`2013-2896`, :cve_nist:`2013-2897`, :cve_nist:`2013-2898`, :cve_nist:`2013-2899`, :cve_nist:`2013-2929`, :cve_nist:`2013-2930`, :cve_nist:`2013-3076`, :cve_nist:`2013-3222`, :cve_nist:`2013-3223`, :cve_nist:`2013-3224`, :cve_nist:`2013-3225`, :cve_nist:`2013-3226`, :cve_nist:`2013-3227`, :cve_nist:`2013-3228`, :cve_nist:`2013-3229`, :cve_nist:`2013-3230`, :cve_nist:`2013-3231`, :cve_nist:`2013-3232`, :cve_nist:`2013-3233`, :cve_nist:`2013-3234`, :cve_nist:`2013-3235`, :cve_nist:`2013-3236`, :cve_nist:`2013-3237`, :cve_nist:`2013-3301`, :cve_nist:`2013-3302`, :cve_nist:`2013-4125`, :cve_nist:`2013-4127`, :cve_nist:`2013-4129`, :cve_nist:`2013-4162`, :cve_nist:`2013-4163`, :cve_nist:`2013-4205`, :cve_nist:`2013-4220`, :cve_nist:`2013-4247`, :cve_nist:`2013-4254`, :cve_nist:`2013-4270`, :cve_nist:`2013-4299`, :cve_nist:`2013-4300`, :cve_nist:`2013-4312`, :cve_nist:`2013-4343`, :cve_nist:`2013-4345`, :cve_nist:`2013-4348`, :cve_nist:`2013-4350`, :cve_nist:`2013-4387`, :cve_nist:`2013-4470`, :cve_nist:`2013-4483`, :cve_nist:`2013-4511`, :cve_nist:`2013-4512`, :cve_nist:`2013-4513`, :cve_nist:`2013-4514`, :cve_nist:`2013-4515`, :cve_nist:`2013-4516`, :cve_nist:`2013-4563`, :cve_nist:`2013-4579`, :cve_nist:`2013-4587`, :cve_nist:`2013-4588`, :cve_nist:`2013-4591`, :cve_nist:`2013-4592`, :cve_nist:`2013-5634`, :cve_nist:`2013-6282`, :cve_nist:`2013-6367`, :cve_nist:`2013-6368`, :cve_nist:`2013-6376`, :cve_nist:`2013-6378`, :cve_nist:`2013-6380`, :cve_nist:`2013-6381`, :cve_nist:`2013-6382`, :cve_nist:`2013-6383`, :cve_nist:`2013-6431`, :cve_nist:`2013-6432`, :cve_nist:`2013-6885`, :cve_nist:`2013-7026`, :cve_nist:`2013-7027`, :cve_nist:`2013-7263`, :cve_nist:`2013-7264`, :cve_nist:`2013-7265`, :cve_nist:`2013-7266`, :cve_nist:`2013-7267`, :cve_nist:`2013-7268`, :cve_nist:`2013-7269`, :cve_nist:`2013-7270`, :cve_nist:`2013-7271`, :cve_nist:`2013-7281`, :cve_nist:`2013-7339`, :cve_nist:`2013-7348`, :cve_nist:`2013-7421`, :cve_nist:`2013-7446`, :cve_nist:`2013-7470`, :cve_nist:`2014-0038`, :cve_nist:`2014-0049`, :cve_nist:`2014-0055`, :cve_nist:`2014-0069`, :cve_nist:`2014-0077`, :cve_nist:`2014-0100`, :cve_nist:`2014-0101`, :cve_nist:`2014-0102`, :cve_nist:`2014-0131`, :cve_nist:`2014-0155`, :cve_nist:`2014-0181`, :cve_nist:`2014-0196`, :cve_nist:`2014-0203`, :cve_nist:`2014-0205`, :cve_nist:`2014-0206`, :cve_nist:`2014-1438`, :cve_nist:`2014-1444`, :cve_nist:`2014-1445`, :cve_nist:`2014-1446`, :cve_nist:`2014-1690`, :cve_nist:`2014-1737`, :cve_nist:`2014-1738`, :cve_nist:`2014-1739`, :cve_nist:`2014-1874`, :cve_nist:`2014-2038`, :cve_nist:`2014-2039`, :cve_nist:`2014-2309`, :cve_nist:`2014-2523`, :cve_nist:`2014-2568`, :cve_nist:`2014-2580`, :cve_nist:`2014-2672`, :cve_nist:`2014-2673`, :cve_nist:`2014-2678`, :cve_nist:`2014-2706`, :cve_nist:`2014-2739`, :cve_nist:`2014-2851`, :cve_nist:`2014-2889`, :cve_nist:`2014-3122`, :cve_nist:`2014-3144`, :cve_nist:`2014-3145`, :cve_nist:`2014-3153`, :cve_nist:`2014-3180`, :cve_nist:`2014-3181`, :cve_nist:`2014-3182`, :cve_nist:`2014-3183`, :cve_nist:`2014-3184`, :cve_nist:`2014-3185`, :cve_nist:`2014-3186`, :cve_nist:`2014-3534`, :cve_nist:`2014-3535`, :cve_nist:`2014-3601`, :cve_nist:`2014-3610`, :cve_nist:`2014-3611`, :cve_nist:`2014-3631`, :cve_nist:`2014-3645`, :cve_nist:`2014-3646`, :cve_nist:`2014-3647`, :cve_nist:`2014-3673`, :cve_nist:`2014-3687`, :cve_nist:`2014-3688`, :cve_nist:`2014-3690`, :cve_nist:`2014-3917`, :cve_nist:`2014-3940`, :cve_nist:`2014-4014`, :cve_nist:`2014-4027`, :cve_nist:`2014-4157`, :cve_nist:`2014-4171`, :cve_nist:`2014-4508`, :cve_nist:`2014-4608`, :cve_nist:`2014-4611`, :cve_nist:`2014-4652`, :cve_nist:`2014-4653`, :cve_nist:`2014-4654`, :cve_nist:`2014-4655`, :cve_nist:`2014-4656`, :cve_nist:`2014-4667`, :cve_nist:`2014-4699`, :cve_nist:`2014-4943`, :cve_nist:`2014-5045`, :cve_nist:`2014-5077`, :cve_nist:`2014-5206`, :cve_nist:`2014-5207`, :cve_nist:`2014-5471`, :cve_nist:`2014-5472`, :cve_nist:`2014-6410`, :cve_nist:`2014-6416`, :cve_nist:`2014-6417`, :cve_nist:`2014-6418`, :cve_nist:`2014-7145`, :cve_nist:`2014-7283`, :cve_nist:`2014-7284`, :cve_nist:`2014-7822`, :cve_nist:`2014-7825`, :cve_nist:`2014-7826`, :cve_nist:`2014-7841`, :cve_nist:`2014-7842`, :cve_nist:`2014-7843`, :cve_nist:`2014-7970`, :cve_nist:`2014-7975`, :cve_nist:`2014-8086`, :cve_nist:`2014-8133`, :cve_nist:`2014-8134`, :cve_nist:`2014-8159`, :cve_nist:`2014-8160`, :cve_nist:`2014-8171`, :cve_nist:`2014-8172`, :cve_nist:`2014-8173`, :cve_nist:`2014-8369`, :cve_nist:`2014-8480`, :cve_nist:`2014-8481`, :cve_nist:`2014-8559`, :cve_nist:`2014-8709`, :cve_nist:`2014-8884`, :cve_nist:`2014-8989`, :cve_nist:`2014-9090`, :cve_nist:`2014-9322`, :cve_nist:`2014-9419`, :cve_nist:`2014-9420`, :cve_nist:`2014-9428`, :cve_nist:`2014-9529`, :cve_nist:`2014-9584`, :cve_nist:`2014-9585`, :cve_nist:`2014-9644`, :cve_nist:`2014-9683`, :cve_nist:`2014-9710`, :cve_nist:`2014-9715`, :cve_nist:`2014-9717`, :cve_nist:`2014-9728`, :cve_nist:`2014-9729`, :cve_nist:`2014-9730`, :cve_nist:`2014-9731`, :cve_nist:`2014-9803`, :cve_nist:`2014-9870`, :cve_nist:`2014-9888`, :cve_nist:`2014-9895`, :cve_nist:`2014-9903`, :cve_nist:`2014-9904`, :cve_nist:`2014-9914`, :cve_nist:`2014-9922`, :cve_nist:`2014-9940`, :cve_nist:`2015-0239`, :cve_nist:`2015-0274`, :cve_nist:`2015-0275`, :cve_nist:`2015-1333`, :cve_nist:`2015-1339`, :cve_nist:`2015-1350`, :cve_nist:`2015-1420`, :cve_nist:`2015-1421`, :cve_nist:`2015-1465`, :cve_nist:`2015-1573`, :cve_nist:`2015-1593`, :cve_nist:`2015-1805`, :cve_nist:`2015-2041`, :cve_nist:`2015-2042`, :cve_nist:`2015-2150`, :cve_nist:`2015-2666`, :cve_nist:`2015-2672`, :cve_nist:`2015-2686`, :cve_nist:`2015-2830`, :cve_nist:`2015-2922`, :cve_nist:`2015-2925`, :cve_nist:`2015-3212`, :cve_nist:`2015-3214`, :cve_nist:`2015-3288`, :cve_nist:`2015-3290`, :cve_nist:`2015-3291`, :cve_nist:`2015-3331`, :cve_nist:`2015-3339`, :cve_nist:`2015-3636`, :cve_nist:`2015-4001`, :cve_nist:`2015-4002`, :cve_nist:`2015-4003`, :cve_nist:`2015-4004`, :cve_nist:`2015-4036`, :cve_nist:`2015-4167`, :cve_nist:`2015-4170`, :cve_nist:`2015-4176`, :cve_nist:`2015-4177`, :cve_nist:`2015-4178`, :cve_nist:`2015-4692`, :cve_nist:`2015-4700`, :cve_nist:`2015-5156`, :cve_nist:`2015-5157`, :cve_nist:`2015-5257`, :cve_nist:`2015-5283`, :cve_nist:`2015-5307`, :cve_nist:`2015-5327`, :cve_nist:`2015-5364`, :cve_nist:`2015-5366`, :cve_nist:`2015-5697`, :cve_nist:`2015-5706`, :cve_nist:`2015-5707`, :cve_nist:`2015-6252`, :cve_nist:`2015-6526`, :cve_nist:`2015-6937`, :cve_nist:`2015-7509`, :cve_nist:`2015-7513`, :cve_nist:`2015-7515`, :cve_nist:`2015-7550`, :cve_nist:`2015-7566`, :cve_nist:`2015-7613`, :cve_nist:`2015-7799`, :cve_nist:`2015-7833`, :cve_nist:`2015-7872`, :cve_nist:`2015-7884`, :cve_nist:`2015-7885`, :cve_nist:`2015-7990`, :cve_nist:`2015-8104`, :cve_nist:`2015-8215`, :cve_nist:`2015-8324`, :cve_nist:`2015-8374`, :cve_nist:`2015-8539`, :cve_nist:`2015-8543`, :cve_nist:`2015-8550`, :cve_nist:`2015-8551`, :cve_nist:`2015-8552`, :cve_nist:`2015-8553`, :cve_nist:`2015-8569`, :cve_nist:`2015-8575`, :cve_nist:`2015-8660`, :cve_nist:`2015-8709`, :cve_nist:`2015-8746`, :cve_nist:`2015-8767`, :cve_nist:`2015-8785`, :cve_nist:`2015-8787`, :cve_nist:`2015-8812`, :cve_nist:`2015-8816`, :cve_nist:`2015-8830`, :cve_nist:`2015-8839`, :cve_nist:`2015-8844`, :cve_nist:`2015-8845`, :cve_nist:`2015-8950`, :cve_nist:`2015-8952`, :cve_nist:`2015-8953`, :cve_nist:`2015-8955`, :cve_nist:`2015-8956`, :cve_nist:`2015-8961`, :cve_nist:`2015-8962`, :cve_nist:`2015-8963`, :cve_nist:`2015-8964`, :cve_nist:`2015-8966`, :cve_nist:`2015-8967`, :cve_nist:`2015-8970`, :cve_nist:`2015-9004`, :cve_nist:`2015-9016`, :cve_nist:`2015-9289`, :cve_nist:`2016-0617`, :cve_nist:`2016-0723`, :cve_nist:`2016-0728`, :cve_nist:`2016-0758`, :cve_nist:`2016-0821`, :cve_nist:`2016-0823`, :cve_nist:`2016-10044`, :cve_nist:`2016-10088`, :cve_nist:`2016-10147`, :cve_nist:`2016-10150`, :cve_nist:`2016-10153`, :cve_nist:`2016-10154`, :cve_nist:`2016-10200`, :cve_nist:`2016-10208`, :cve_nist:`2016-10229`, :cve_nist:`2016-10318`, :cve_nist:`2016-10723`, :cve_nist:`2016-10741`, :cve_nist:`2016-10764`, :cve_nist:`2016-10905`, :cve_nist:`2016-10906`, :cve_nist:`2016-10907`, :cve_nist:`2016-1237`, :cve_nist:`2016-1575`, :cve_nist:`2016-1576`, :cve_nist:`2016-1583`, :cve_nist:`2016-2053`, :cve_nist:`2016-2069`, :cve_nist:`2016-2070`, :cve_nist:`2016-2085`, :cve_nist:`2016-2117`, :cve_nist:`2016-2143`, :cve_nist:`2016-2184`, :cve_nist:`2016-2185`, :cve_nist:`2016-2186`, :cve_nist:`2016-2187`, :cve_nist:`2016-2188`, :cve_nist:`2016-2383`, :cve_nist:`2016-2384`, :cve_nist:`2016-2543`, :cve_nist:`2016-2544`, :cve_nist:`2016-2545`, :cve_nist:`2016-2546`, :cve_nist:`2016-2547`, :cve_nist:`2016-2548`, :cve_nist:`2016-2549`, :cve_nist:`2016-2550`, :cve_nist:`2016-2782`, :cve_nist:`2016-2847`, :cve_nist:`2016-3044`, :cve_nist:`2016-3070`, :cve_nist:`2016-3134`, :cve_nist:`2016-3135`, :cve_nist:`2016-3136`, :cve_nist:`2016-3137`, :cve_nist:`2016-3138`, :cve_nist:`2016-3139`, :cve_nist:`2016-3140`, :cve_nist:`2016-3156`, :cve_nist:`2016-3157`, :cve_nist:`2016-3672`, :cve_nist:`2016-3689`, :cve_nist:`2016-3713`, :cve_nist:`2016-3841`, :cve_nist:`2016-3857`, :cve_nist:`2016-3951`, :cve_nist:`2016-3955`, :cve_nist:`2016-3961`, :cve_nist:`2016-4440`, :cve_nist:`2016-4470`, :cve_nist:`2016-4482`, :cve_nist:`2016-4485`, :cve_nist:`2016-4486`, :cve_nist:`2016-4557`, :cve_nist:`2016-4558`, :cve_nist:`2016-4565`, :cve_nist:`2016-4568`, :cve_nist:`2016-4569`, :cve_nist:`2016-4578`, :cve_nist:`2016-4580`, :cve_nist:`2016-4581`, :cve_nist:`2016-4794`, :cve_nist:`2016-4805`, :cve_nist:`2016-4913`, :cve_nist:`2016-4951`, :cve_nist:`2016-4997`, :cve_nist:`2016-4998`, :cve_nist:`2016-5195`, :cve_nist:`2016-5243`, :cve_nist:`2016-5244`, :cve_nist:`2016-5400`, :cve_nist:`2016-5412`, :cve_nist:`2016-5696`, :cve_nist:`2016-5728`, :cve_nist:`2016-5828`, :cve_nist:`2016-5829`, :cve_nist:`2016-6130`, :cve_nist:`2016-6136`, :cve_nist:`2016-6156`, :cve_nist:`2016-6162`, :cve_nist:`2016-6187`, :cve_nist:`2016-6197`, :cve_nist:`2016-6198`, :cve_nist:`2016-6213`, :cve_nist:`2016-6327`, :cve_nist:`2016-6480`, :cve_nist:`2016-6516`, :cve_nist:`2016-6786`, :cve_nist:`2016-6787`, :cve_nist:`2016-6828`, :cve_nist:`2016-7039`, :cve_nist:`2016-7042`, :cve_nist:`2016-7097`, :cve_nist:`2016-7117`, :cve_nist:`2016-7425`, :cve_nist:`2016-7910`, :cve_nist:`2016-7911`, :cve_nist:`2016-7912`, :cve_nist:`2016-7913`, :cve_nist:`2016-7914`, :cve_nist:`2016-7915`, :cve_nist:`2016-7916`, :cve_nist:`2016-7917`, :cve_nist:`2016-8399`, :cve_nist:`2016-8405`, :cve_nist:`2016-8630`, :cve_nist:`2016-8632`, :cve_nist:`2016-8633`, :cve_nist:`2016-8636`, :cve_nist:`2016-8645`, :cve_nist:`2016-8646`, :cve_nist:`2016-8650`, :cve_nist:`2016-8655`, :cve_nist:`2016-8658`, :cve_nist:`2016-8666`, :cve_nist:`2016-9083`, :cve_nist:`2016-9084`, :cve_nist:`2016-9120`, :cve_nist:`2016-9178`, :cve_nist:`2016-9191`, :cve_nist:`2016-9313`, :cve_nist:`2016-9555`, :cve_nist:`2016-9576`, :cve_nist:`2016-9588`, :cve_nist:`2016-9604`, :cve_nist:`2016-9685`, :cve_nist:`2016-9754`, :cve_nist:`2016-9755`, :cve_nist:`2016-9756`, :cve_nist:`2016-9777`, :cve_nist:`2016-9793`, :cve_nist:`2016-9794`, :cve_nist:`2016-9806`, :cve_nist:`2016-9919`, :cve_nist:`2017-0605`, :cve_nist:`2017-0627`, :cve_nist:`2017-0750`, :cve_nist:`2017-0786`, :cve_nist:`2017-0861`, :cve_nist:`2017-1000`, :cve_nist:`2017-1000111`, :cve_nist:`2017-1000112`, :cve_nist:`2017-1000251`, :cve_nist:`2017-1000252`, :cve_nist:`2017-1000253`, :cve_nist:`2017-1000255`, :cve_nist:`2017-1000363`, :cve_nist:`2017-1000364`, :cve_nist:`2017-1000365`, :cve_nist:`2017-1000370`, :cve_nist:`2017-1000371`, :cve_nist:`2017-1000379`, :cve_nist:`2017-1000380`, :cve_nist:`2017-1000405`, :cve_nist:`2017-1000407`, :cve_nist:`2017-1000410`, :cve_nist:`2017-10661`, :cve_nist:`2017-10662`, :cve_nist:`2017-10663`, :cve_nist:`2017-10810`, :cve_nist:`2017-10911`, :cve_nist:`2017-11089`, :cve_nist:`2017-11176`, :cve_nist:`2017-11472`, :cve_nist:`2017-11473`, :cve_nist:`2017-11600`, :cve_nist:`2017-12134`, :cve_nist:`2017-12146`, :cve_nist:`2017-12153`, :cve_nist:`2017-12154`, :cve_nist:`2017-12168`, :cve_nist:`2017-12188`, :cve_nist:`2017-12190`, :cve_nist:`2017-12192`, :cve_nist:`2017-12193`, :cve_nist:`2017-12762`, :cve_nist:`2017-13080`, :cve_nist:`2017-13166`, :cve_nist:`2017-13167`, :cve_nist:`2017-13168`, :cve_nist:`2017-13215`, :cve_nist:`2017-13216`, :cve_nist:`2017-13220`, :cve_nist:`2017-13305`, :cve_nist:`2017-13686`, :cve_nist:`2017-13695`, :cve_nist:`2017-13715`, :cve_nist:`2017-14051`, :cve_nist:`2017-14106`, :cve_nist:`2017-14140`, :cve_nist:`2017-14156`, :cve_nist:`2017-14340`, :cve_nist:`2017-14489`, :cve_nist:`2017-14497`, :cve_nist:`2017-14954`, :cve_nist:`2017-14991`, :cve_nist:`2017-15102`, :cve_nist:`2017-15115`, :cve_nist:`2017-15116`, :cve_nist:`2017-15121`, :cve_nist:`2017-15126`, :cve_nist:`2017-15127`, :cve_nist:`2017-15128`, :cve_nist:`2017-15129`, :cve_nist:`2017-15265`, :cve_nist:`2017-15274`, :cve_nist:`2017-15299`, :cve_nist:`2017-15306`, :cve_nist:`2017-15537`, :cve_nist:`2017-15649`, :cve_nist:`2017-15868`, :cve_nist:`2017-15951`, :cve_nist:`2017-16525`, :cve_nist:`2017-16526`, :cve_nist:`2017-16527`, :cve_nist:`2017-16528`, :cve_nist:`2017-16529`, :cve_nist:`2017-16530`, :cve_nist:`2017-16531`, :cve_nist:`2017-16532`, :cve_nist:`2017-16533`, :cve_nist:`2017-16534`, :cve_nist:`2017-16535`, :cve_nist:`2017-16536`, :cve_nist:`2017-16537`, :cve_nist:`2017-16538`, :cve_nist:`2017-16643`, :cve_nist:`2017-16644`, :cve_nist:`2017-16645`, :cve_nist:`2017-16646`, :cve_nist:`2017-16647`, :cve_nist:`2017-16648`, :cve_nist:`2017-16649`, :cve_nist:`2017-16650`, :cve_nist:`2017-16911`, :cve_nist:`2017-16912`, :cve_nist:`2017-16913`, :cve_nist:`2017-16914`, :cve_nist:`2017-16939`, :cve_nist:`2017-16994`, :cve_nist:`2017-16995`, :cve_nist:`2017-16996`, :cve_nist:`2017-17052`, :cve_nist:`2017-17053`, :cve_nist:`2017-17448`, :cve_nist:`2017-17449`, :cve_nist:`2017-17450`, :cve_nist:`2017-17558`, :cve_nist:`2017-17712`, :cve_nist:`2017-17741`, :cve_nist:`2017-17805`, :cve_nist:`2017-17806`, :cve_nist:`2017-17807`, :cve_nist:`2017-17852`, :cve_nist:`2017-17853`, :cve_nist:`2017-17854`, :cve_nist:`2017-17855`, :cve_nist:`2017-17856`, :cve_nist:`2017-17857`, :cve_nist:`2017-17862`, :cve_nist:`2017-17863`, :cve_nist:`2017-17864`, :cve_nist:`2017-17975`, :cve_nist:`2017-18017`, :cve_nist:`2017-18075`, :cve_nist:`2017-18079`, :cve_nist:`2017-18174`, :cve_nist:`2017-18193`, :cve_nist:`2017-18200`, :cve_nist:`2017-18202`, :cve_nist:`2017-18203`, :cve_nist:`2017-18204`, :cve_nist:`2017-18208`, :cve_nist:`2017-18216`, :cve_nist:`2017-18218`, :cve_nist:`2017-18221`, :cve_nist:`2017-18222`, :cve_nist:`2017-18224`, :cve_nist:`2017-18232`, :cve_nist:`2017-18241`, :cve_nist:`2017-18249`, :cve_nist:`2017-18255`, :cve_nist:`2017-18257`, :cve_nist:`2017-18261`, :cve_nist:`2017-18270`, :cve_nist:`2017-18344`, :cve_nist:`2017-18360`, :cve_nist:`2017-18379`, :cve_nist:`2017-18509`, :cve_nist:`2017-18549`, :cve_nist:`2017-18550`, :cve_nist:`2017-18551`, :cve_nist:`2017-18552`, :cve_nist:`2017-18595`, :cve_nist:`2017-2583`, :cve_nist:`2017-2584`, :cve_nist:`2017-2596`, :cve_nist:`2017-2618`, :cve_nist:`2017-2634`, :cve_nist:`2017-2636`, :cve_nist:`2017-2647`, :cve_nist:`2017-2671`, :cve_nist:`2017-5123`, :cve_nist:`2017-5546`, :cve_nist:`2017-5547`, :cve_nist:`2017-5548`, :cve_nist:`2017-5549`, :cve_nist:`2017-5550`, :cve_nist:`2017-5551`, :cve_nist:`2017-5576`, :cve_nist:`2017-5577`, :cve_nist:`2017-5669`, :cve_nist:`2017-5715`, :cve_nist:`2017-5753`, :cve_nist:`2017-5754`, :cve_nist:`2017-5897`, :cve_nist:`2017-5967`, :cve_nist:`2017-5970`, :cve_nist:`2017-5972`, :cve_nist:`2017-5986`, :cve_nist:`2017-6001`, :cve_nist:`2017-6074`, :cve_nist:`2017-6214`, :cve_nist:`2017-6345`, :cve_nist:`2017-6346`, :cve_nist:`2017-6347`, :cve_nist:`2017-6348`, :cve_nist:`2017-6353`, :cve_nist:`2017-6874`, :cve_nist:`2017-6951`, :cve_nist:`2017-7184`, :cve_nist:`2017-7187`, :cve_nist:`2017-7261`, :cve_nist:`2017-7273`, :cve_nist:`2017-7277`, :cve_nist:`2017-7294`, :cve_nist:`2017-7308`, :cve_nist:`2017-7346`, :cve_nist:`2017-7374`, :cve_nist:`2017-7472`, :cve_nist:`2017-7477`, :cve_nist:`2017-7482`, :cve_nist:`2017-7487`, :cve_nist:`2017-7495`, :cve_nist:`2017-7518`, :cve_nist:`2017-7533`, :cve_nist:`2017-7541`, :cve_nist:`2017-7542`, :cve_nist:`2017-7558`, :cve_nist:`2017-7616`, :cve_nist:`2017-7618`, :cve_nist:`2017-7645`, :cve_nist:`2017-7889`, :cve_nist:`2017-7895`, :cve_nist:`2017-7979`, :cve_nist:`2017-8061`, :cve_nist:`2017-8062`, :cve_nist:`2017-8063`, :cve_nist:`2017-8064`, :cve_nist:`2017-8065`, :cve_nist:`2017-8066`, :cve_nist:`2017-8067`, :cve_nist:`2017-8068`, :cve_nist:`2017-8069`, :cve_nist:`2017-8070`, :cve_nist:`2017-8071`, :cve_nist:`2017-8072`, :cve_nist:`2017-8106`, :cve_nist:`2017-8240`, :cve_nist:`2017-8797`, :cve_nist:`2017-8824`, :cve_nist:`2017-8831`, :cve_nist:`2017-8890`, :cve_nist:`2017-8924`, :cve_nist:`2017-8925`, :cve_nist:`2017-9059`, :cve_nist:`2017-9074`, :cve_nist:`2017-9075`, :cve_nist:`2017-9076`, :cve_nist:`2017-9077`, :cve_nist:`2017-9150`, :cve_nist:`2017-9211`, :cve_nist:`2017-9242`, :cve_nist:`2017-9605`, :cve_nist:`2017-9725`, :cve_nist:`2017-9984`, :cve_nist:`2017-9985`, :cve_nist:`2017-9986`, :cve_nist:`2018-1000004`, :cve_nist:`2018-1000026`, :cve_nist:`2018-1000028`, :cve_nist:`2018-1000199`, :cve_nist:`2018-1000200`, :cve_nist:`2018-1000204`, :cve_nist:`2018-10021`, :cve_nist:`2018-10074`, :cve_nist:`2018-10087`, :cve_nist:`2018-10124`, :cve_nist:`2018-10322`, :cve_nist:`2018-10323`, :cve_nist:`2018-1065`, :cve_nist:`2018-1066`, :cve_nist:`2018-10675`, :cve_nist:`2018-1068`, :cve_nist:`2018-10840`, :cve_nist:`2018-10853`, :cve_nist:`2018-1087`, :cve_nist:`2018-10876`, :cve_nist:`2018-10877`, :cve_nist:`2018-10878`, :cve_nist:`2018-10879`, :cve_nist:`2018-10880`, :cve_nist:`2018-10881`, :cve_nist:`2018-10882`, :cve_nist:`2018-10883`, :cve_nist:`2018-10901`, :cve_nist:`2018-10902`, :cve_nist:`2018-1091`, :cve_nist:`2018-1092`, :cve_nist:`2018-1093`, :cve_nist:`2018-10938`, :cve_nist:`2018-1094`, :cve_nist:`2018-10940`, :cve_nist:`2018-1095`, :cve_nist:`2018-1108`, :cve_nist:`2018-1118`, :cve_nist:`2018-1120`, :cve_nist:`2018-11232`, :cve_nist:`2018-1128`, :cve_nist:`2018-1129`, :cve_nist:`2018-1130`, :cve_nist:`2018-11412`, :cve_nist:`2018-11506`, :cve_nist:`2018-11508`, :cve_nist:`2018-12126`, :cve_nist:`2018-12127`, :cve_nist:`2018-12130`, :cve_nist:`2018-12207`, :cve_nist:`2018-12232`, :cve_nist:`2018-12233`, :cve_nist:`2018-12633`, :cve_nist:`2018-12714`, :cve_nist:`2018-12896`, :cve_nist:`2018-12904`, :cve_nist:`2018-13053`, :cve_nist:`2018-13093`, :cve_nist:`2018-13094`, :cve_nist:`2018-13095`, :cve_nist:`2018-13096`, :cve_nist:`2018-13097`, :cve_nist:`2018-13098`, :cve_nist:`2018-13099`, :cve_nist:`2018-13100`, :cve_nist:`2018-13405`, :cve_nist:`2018-13406`, :cve_nist:`2018-14609`, :cve_nist:`2018-14610`, :cve_nist:`2018-14611`, :cve_nist:`2018-14612`, :cve_nist:`2018-14613`, :cve_nist:`2018-14614`, :cve_nist:`2018-14615`, :cve_nist:`2018-14616`, :cve_nist:`2018-14617`, :cve_nist:`2018-14619`, :cve_nist:`2018-14625`, :cve_nist:`2018-14633`, :cve_nist:`2018-14634`, :cve_nist:`2018-14641`, :cve_nist:`2018-14646`, :cve_nist:`2018-14656`, :cve_nist:`2018-14678`, :cve_nist:`2018-14734`, :cve_nist:`2018-15471`, :cve_nist:`2018-15572`, :cve_nist:`2018-15594`, :cve_nist:`2018-16276`, :cve_nist:`2018-16597`, :cve_nist:`2018-16658`, :cve_nist:`2018-16862`, :cve_nist:`2018-16871`, :cve_nist:`2018-16880`, :cve_nist:`2018-16882`, :cve_nist:`2018-16884`, :cve_nist:`2018-17182`, :cve_nist:`2018-17972`, :cve_nist:`2018-18021`, :cve_nist:`2018-18281`, :cve_nist:`2018-18386`, :cve_nist:`2018-18397`, :cve_nist:`2018-18445`, :cve_nist:`2018-18559`, :cve_nist:`2018-18690`, :cve_nist:`2018-18710`, :cve_nist:`2018-18955`, :cve_nist:`2018-19406`, :cve_nist:`2018-19407`, :cve_nist:`2018-19824`, :cve_nist:`2018-19854`, :cve_nist:`2018-19985`, :cve_nist:`2018-20169`, :cve_nist:`2018-20449`, :cve_nist:`2018-20509`, :cve_nist:`2018-20510`, :cve_nist:`2018-20511`, :cve_nist:`2018-20669`, :cve_nist:`2018-20784`, :cve_nist:`2018-20836`, :cve_nist:`2018-20854`, :cve_nist:`2018-20855`, :cve_nist:`2018-20856`, :cve_nist:`2018-20961`, :cve_nist:`2018-20976`, :cve_nist:`2018-21008`, :cve_nist:`2018-25015`, :cve_nist:`2018-25020`, :cve_nist:`2018-3620`, :cve_nist:`2018-3639`, :cve_nist:`2018-3646`, :cve_nist:`2018-3665`, :cve_nist:`2018-3693`, :cve_nist:`2018-5332`, :cve_nist:`2018-5333`, :cve_nist:`2018-5344`, :cve_nist:`2018-5390`, :cve_nist:`2018-5391`, :cve_nist:`2018-5703`, :cve_nist:`2018-5750`, :cve_nist:`2018-5803`, :cve_nist:`2018-5814`, :cve_nist:`2018-5848`, :cve_nist:`2018-5873`, :cve_nist:`2018-5953`, :cve_nist:`2018-5995`, :cve_nist:`2018-6412`, :cve_nist:`2018-6554`, :cve_nist:`2018-6555`, :cve_nist:`2018-6927`, :cve_nist:`2018-7191`, :cve_nist:`2018-7273`, :cve_nist:`2018-7480`, :cve_nist:`2018-7492`, :cve_nist:`2018-7566`, :cve_nist:`2018-7740`, :cve_nist:`2018-7754`, :cve_nist:`2018-7755`, :cve_nist:`2018-7757`, :cve_nist:`2018-7995`, :cve_nist:`2018-8043`, :cve_nist:`2018-8087`, :cve_nist:`2018-8781`, :cve_nist:`2018-8822`, :cve_nist:`2018-8897`, :cve_nist:`2018-9363`, :cve_nist:`2018-9385`, :cve_nist:`2018-9415`, :cve_nist:`2018-9422`, :cve_nist:`2018-9465`, :cve_nist:`2018-9516`, :cve_nist:`2018-9517`, :cve_nist:`2018-9518`, :cve_nist:`2018-9568`, :cve_nist:`2019-0136`, :cve_nist:`2019-0145`, :cve_nist:`2019-0146`, :cve_nist:`2019-0147`, :cve_nist:`2019-0148`, :cve_nist:`2019-0149`, :cve_nist:`2019-0154`, :cve_nist:`2019-0155`, :cve_nist:`2019-10124`, :cve_nist:`2019-10125`, :cve_nist:`2019-10126`, :cve_nist:`2019-10142`, :cve_nist:`2019-10207`, :cve_nist:`2019-10220`, :cve_nist:`2019-10638`, :cve_nist:`2019-10639`, :cve_nist:`2019-11085`, :cve_nist:`2019-11091`, :cve_nist:`2019-11135`, :cve_nist:`2019-11190`, :cve_nist:`2019-11191`, :cve_nist:`2019-1125`, :cve_nist:`2019-11477`, :cve_nist:`2019-11478`, :cve_nist:`2019-11479`, :cve_nist:`2019-11486`, :cve_nist:`2019-11487`, :cve_nist:`2019-11599`, :cve_nist:`2019-11683`, :cve_nist:`2019-11810`, :cve_nist:`2019-11811`, :cve_nist:`2019-11815`, :cve_nist:`2019-11833`, :cve_nist:`2019-11884`, :cve_nist:`2019-12378`, :cve_nist:`2019-12379`, :cve_nist:`2019-12380`, :cve_nist:`2019-12381`, :cve_nist:`2019-12382`, :cve_nist:`2019-12454`, :cve_nist:`2019-12455`, :cve_nist:`2019-12614`, :cve_nist:`2019-12615`, :cve_nist:`2019-12817`, :cve_nist:`2019-12818`, :cve_nist:`2019-12819`, :cve_nist:`2019-12881`, :cve_nist:`2019-12984`, :cve_nist:`2019-13233`, :cve_nist:`2019-13272`, :cve_nist:`2019-13631`, :cve_nist:`2019-13648`, :cve_nist:`2019-14283`, :cve_nist:`2019-14284`, :cve_nist:`2019-14615`, :cve_nist:`2019-14763`, :cve_nist:`2019-14814`, :cve_nist:`2019-14815`, :cve_nist:`2019-14816`, :cve_nist:`2019-14821`, :cve_nist:`2019-14835`, :cve_nist:`2019-14895`, :cve_nist:`2019-14896`, :cve_nist:`2019-14897`, :cve_nist:`2019-14901`, :cve_nist:`2019-15030`, :cve_nist:`2019-15031`, :cve_nist:`2019-15090`, :cve_nist:`2019-15098`, :cve_nist:`2019-15099`, :cve_nist:`2019-15117`, :cve_nist:`2019-15118`, :cve_nist:`2019-15211`, :cve_nist:`2019-15212`, :cve_nist:`2019-15213`, :cve_nist:`2019-15214`, :cve_nist:`2019-15215`, :cve_nist:`2019-15216`, :cve_nist:`2019-15217`, :cve_nist:`2019-15218`, :cve_nist:`2019-15219`, :cve_nist:`2019-15220`, :cve_nist:`2019-15221`, :cve_nist:`2019-15222`, :cve_nist:`2019-15223`, :cve_nist:`2019-15291`, :cve_nist:`2019-15292`, :cve_nist:`2019-15504`, :cve_nist:`2019-15505`, :cve_nist:`2019-15538`, :cve_nist:`2019-15666`, :cve_nist:`2019-15794`, :cve_nist:`2019-15807`, :cve_nist:`2019-15916`, :cve_nist:`2019-15917`, :cve_nist:`2019-15918`, :cve_nist:`2019-15919`, :cve_nist:`2019-15920`, :cve_nist:`2019-15921`, :cve_nist:`2019-15922`, :cve_nist:`2019-15923`, :cve_nist:`2019-15924`, :cve_nist:`2019-15925`, :cve_nist:`2019-15926`, :cve_nist:`2019-15927`, :cve_nist:`2019-16229`, :cve_nist:`2019-16230`, :cve_nist:`2019-16231`, :cve_nist:`2019-16232`, :cve_nist:`2019-16233`, :cve_nist:`2019-16234`, :cve_nist:`2019-16413`, :cve_nist:`2019-16714`, :cve_nist:`2019-16746`, :cve_nist:`2019-16921`, :cve_nist:`2019-16994`, :cve_nist:`2019-16995`, :cve_nist:`2019-17052`, :cve_nist:`2019-17053`, :cve_nist:`2019-17054`, :cve_nist:`2019-17055`, :cve_nist:`2019-17056`, :cve_nist:`2019-17075`, :cve_nist:`2019-17133`, :cve_nist:`2019-17351`, :cve_nist:`2019-17666`, :cve_nist:`2019-18198`, :cve_nist:`2019-18282`, :cve_nist:`2019-18660`, :cve_nist:`2019-18675`, :cve_nist:`2019-18683`, :cve_nist:`2019-18786`, :cve_nist:`2019-18805`, :cve_nist:`2019-18806`, :cve_nist:`2019-18807`, :cve_nist:`2019-18808`, :cve_nist:`2019-18809`, :cve_nist:`2019-18810`, :cve_nist:`2019-18811`, :cve_nist:`2019-18812`, :cve_nist:`2019-18813`, :cve_nist:`2019-18814`, :cve_nist:`2019-18885`, :cve_nist:`2019-19036`, :cve_nist:`2019-19037`, :cve_nist:`2019-19039`, :cve_nist:`2019-19043`, :cve_nist:`2019-19044`, :cve_nist:`2019-19045`, :cve_nist:`2019-19046`, :cve_nist:`2019-19047`, :cve_nist:`2019-19048`, :cve_nist:`2019-19049`, :cve_nist:`2019-19050`, :cve_nist:`2019-19051`, :cve_nist:`2019-19052`, :cve_nist:`2019-19053`, :cve_nist:`2019-19054`, :cve_nist:`2019-19055`, :cve_nist:`2019-19056`, :cve_nist:`2019-19057`, :cve_nist:`2019-19058`, :cve_nist:`2019-19059`, :cve_nist:`2019-19060`, :cve_nist:`2019-19061`, :cve_nist:`2019-19062`, :cve_nist:`2019-19063`, :cve_nist:`2019-19064`, :cve_nist:`2019-19065`, :cve_nist:`2019-19066`, :cve_nist:`2019-19067`, :cve_nist:`2019-19068`, :cve_nist:`2019-19069`, :cve_nist:`2019-19070`, :cve_nist:`2019-19071`, :cve_nist:`2019-19072`, :cve_nist:`2019-19073`, :cve_nist:`2019-19074`, :cve_nist:`2019-19075`, :cve_nist:`2019-19076`, :cve_nist:`2019-19077`, :cve_nist:`2019-19078`, :cve_nist:`2019-19079`, :cve_nist:`2019-19080`, :cve_nist:`2019-19081`, :cve_nist:`2019-19082`, :cve_nist:`2019-19083`, :cve_nist:`2019-19227`, :cve_nist:`2019-19241`, :cve_nist:`2019-19252`, :cve_nist:`2019-19318`, :cve_nist:`2019-19319`, :cve_nist:`2019-19332`, :cve_nist:`2019-19338`, :cve_nist:`2019-19377`, :cve_nist:`2019-19447`, :cve_nist:`2019-19448`, :cve_nist:`2019-19449`, :cve_nist:`2019-19462`, :cve_nist:`2019-19523`, :cve_nist:`2019-19524`, :cve_nist:`2019-19525`, :cve_nist:`2019-19526`, :cve_nist:`2019-19527`, :cve_nist:`2019-19528`, :cve_nist:`2019-19529`, :cve_nist:`2019-19530`, :cve_nist:`2019-19531`, :cve_nist:`2019-19532`, :cve_nist:`2019-19533`, :cve_nist:`2019-19534`, :cve_nist:`2019-19535`, :cve_nist:`2019-19536`, :cve_nist:`2019-19537`, :cve_nist:`2019-19543`, :cve_nist:`2019-19602`, :cve_nist:`2019-19767`, :cve_nist:`2019-19768`, :cve_nist:`2019-19769`, :cve_nist:`2019-19770`, :cve_nist:`2019-19807`, :cve_nist:`2019-19813`, :cve_nist:`2019-19815`, :cve_nist:`2019-19816`, :cve_nist:`2019-19922`, :cve_nist:`2019-19927`, :cve_nist:`2019-19947`, :cve_nist:`2019-19965` and :cve_nist:`2019-1999`
+-  nasm: Fix :cve_nist:`2020-21528`
+-  ncurses: Fix :cve_nist:`2023-29491`
+-  nghttp2: Fix :cve_nist:`2023-35945`
+-  procps: Fix :cve_nist:`2023-4016`
+-  python3-certifi: Fix :cve_nist:`2023-37920`
+-  python3-git: Fix :cve_nist:`2022-24439` and :cve_nist:`2023-40267`
+-  python3-pygments: Fix :cve_nist:`2022-40896`
+-  python3: Fix :cve_nist:`2023-40217`
+-  qemu: Fix :cve_nist:`2020-14394`, :cve_nist:`2021-3638`, :cve_mitre:`2023-2861`, :cve_nist:`2023-3180` and :cve_nist:`2023-3354`
+-  tiff: fix :cve_nist:`2023-2908`, :cve_nist:`2023-3316` and :cve_nist:`2023-3618`
+-  vim: Fix :cve_nist:`2023-3896`, :cve_nist:`2023-4733`, :cve_nist:`2023-4734`, :cve_nist:`2023-4735`, :cve_nist:`2023-4736`, :cve_nist:`2023-4738`, :cve_nist:`2023-4750` and :cve_nist:`2023-4752`
+-  webkitgtk: fix :cve_nist:`2022-48503` and :cve_nist:`2023-23529`
 
 
 
diff --git a/documentation/migration-guides/release-notes-4.0.14.rst b/documentation/migration-guides/release-notes-4.0.14.rst
index 02253f33f7..ad6590a887 100644
--- a/documentation/migration-guides/release-notes-4.0.14.rst
+++ b/documentation/migration-guides/release-notes-4.0.14.rst
@@ -6,37 +6,37 @@ Release notes for Yocto-4.0.14 (Kirkstone)
 Security Fixes in Yocto-4.0.14
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bind: Fix :cve:`2023-3341` and :cve:`2023-4236`
--  binutils: Fix :cve:`2022-44840`, :cve:`2022-45703`, :cve:`2022-47008`, :cve:`2022-47011`, :cve:`2022-47673`, :cve:`2022-47695`, :cve:`2022-47696` and :cve:`2022-48063`
--  cups: Fix :cve:`2023-4504`
--  curl: Fix :cve:`2023-38545` and :cve:`2023-38546`
--  gawk: Fix :cve:`2023-4156`
--  ghostscript: Fix :cve:`2023-43115`
--  glibc: Fix :cve:`2023-4806`, :cve:`2023-4813`, :cve:`2023-4911` and :cve:`2023-5156`
--  glibc: Ignore :cve:`2023-4527`
--  go: Fix :cve:`2023-24538` and :cve:`2023-39318`
+-  bind: Fix :cve_nist:`2023-3341` and :cve_nist:`2023-4236`
+-  binutils: Fix :cve_nist:`2022-44840`, :cve_nist:`2022-45703`, :cve_nist:`2022-47008`, :cve_nist:`2022-47011`, :cve_nist:`2022-47673`, :cve_nist:`2022-47695`, :cve_nist:`2022-47696` and :cve_nist:`2022-48063`
+-  cups: Fix :cve_nist:`2023-4504`
+-  curl: Fix :cve_nist:`2023-38545` and :cve_nist:`2023-38546`
+-  gawk: Fix :cve_nist:`2023-4156`
+-  ghostscript: Fix :cve_nist:`2023-43115`
+-  glibc: Fix :cve_nist:`2023-4806`, :cve_nist:`2023-4813`, :cve_nist:`2023-4911` and :cve_nist:`2023-5156`
+-  glibc: Ignore :cve_nist:`2023-4527`
+-  go: Fix :cve_nist:`2023-24538` and :cve_nist:`2023-39318`
 -  gstreamer1.0-plugins-bad: fix :cve_mitre:`2023-40474`, :cve_mitre:`2023-40475` and :cve_mitre:`2023-40476`
--  libtiff: Fix :cve:`2022-40090` and :cve:`2023-1916`
--  libwebp: Fix :cve:`2023-5129`
--  libx11: Fix :cve:`2023-43785`, :cve:`2023-43786` and :cve:`2023-43787`
--  libxml2: Fix :cve:`2023-45322`
--  libxpm: Fix :cve:`2023-43788` and :cve:`2023-43789`
--  linux-firmware: Fix :cve:`2022-40982`, :cve:`2023-20569` and :cve:`2023-20593`
+-  libtiff: Fix :cve_nist:`2022-40090` and :cve_nist:`2023-1916`
+-  libwebp: Fix :cve_nist:`2023-5129`
+-  libx11: Fix :cve_nist:`2023-43785`, :cve_nist:`2023-43786` and :cve_nist:`2023-43787`
+-  libxml2: Fix :cve_nist:`2023-45322`
+-  libxpm: Fix :cve_nist:`2023-43788` and :cve_nist:`2023-43789`
+-  linux-firmware: Fix :cve_nist:`2022-40982`, :cve_nist:`2023-20569` and :cve_nist:`2023-20593`
 -  linux-yocto: update CVE exclusions
--  linux-yocto/5.10: Ignore :cve:`2003-1604`, :cve:`2004-0230`, :cve:`2006-3635`, :cve:`2006-5331`, :cve:`2006-6128`, :cve:`2007-4774`, :cve:`2007-6761`, :cve:`2007-6762`, :cve:`2008-7316`, :cve:`2009-2692`, :cve:`2010-0008`, :cve:`2010-3432`, :cve:`2010-4648`, :cve:`2010-5313`, :cve:`2010-5328`, :cve:`2010-5329`, :cve:`2010-5331`, :cve:`2010-5332`, :cve:`2011-4098`, :cve:`2011-4131`, :cve:`2011-4915`, :cve:`2011-5321`, :cve:`2011-5327`, :cve:`2012-0957`, :cve:`2012-2119`, :cve:`2012-2136`, :cve:`2012-2137`, :cve:`2012-2313`, :cve:`2012-2319`, :cve:`2012-2372`, :cve:`2012-2375`, :cve:`2012-2390`, :cve:`2012-2669`, :cve:`2012-2744`, :cve:`2012-2745`, :cve:`2012-3364`, :cve:`2012-3375`, :cve:`2012-3400`, :cve:`2012-3412`, :cve:`2012-3430`, :cve:`2012-3510`, :cve:`2012-3511`, :cve:`2012-3520`, :cve:`2012-3552`, :cve:`2012-4398`, :cve:`2012-4444`, :cve:`2012-4461`, :cve:`2012-4467`, :cve:`2012-4508`, :cve:`2012-4530`, :cve:`2012-4565`, :cve:`2012-5374`, :cve:`2012-5375`, :cve:`2012-5517`, :cve:`2012-6536`, :cve:`2012-6537`, :cve:`2012-6538`, :cve:`2012-6539`, :cve:`2012-6540`, :cve:`2012-6541`, :cve:`2012-6542`, :cve:`2012-6543`, :cve:`2012-6544`, :cve:`2012-6545`, :cve:`2012-6546`, :cve:`2012-6547`, :cve:`2012-6548`, :cve:`2012-6549`, :cve:`2012-6638`, :cve:`2012-6647`, :cve:`2012-6657`, :cve:`2012-6689`, :cve:`2012-6701`, :cve:`2012-6703`, :cve:`2012-6704`, :cve:`2012-6712`, :cve:`2013-0160`, :cve:`2013-0190`, :cve:`2013-0216`, :cve:`2013-0217`, :cve:`2013-0228`, :cve:`2013-0231`, :cve:`2013-0268`, :cve:`2013-0290`, :cve:`2013-0309`, :cve:`2013-0310`, :cve:`2013-0311`, :cve:`2013-0313`, :cve:`2013-0343`, :cve:`2013-0349`, :cve:`2013-0871`, :cve:`2013-0913`, :cve:`2013-0914`, :cve:`2013-1059`, :cve:`2013-1763`, :cve:`2013-1767`, :cve:`2013-1772`, :cve:`2013-1773`, :cve:`2013-1774`, :cve:`2013-1792`, :cve:`2013-1796`, :cve:`2013-1797`, :cve:`2013-1798`, :cve:`2013-1819`, :cve:`2013-1826`, :cve:`2013-1827`, :cve:`2013-1828`, :cve:`2013-1848`, :cve:`2013-1858`, :cve:`2013-1860`, :cve:`2013-1928`, :cve:`2013-1929`, :cve:`2013-1943`, :cve:`2013-1956`, :cve:`2013-1957`, :cve:`2013-1958`, :cve:`2013-1959`, :cve:`2013-1979`, :cve:`2013-2015`, :cve:`2013-2017`, :cve:`2013-2058`, :cve:`2013-2094`, :cve:`2013-2128`, :cve:`2013-2140`, :cve:`2013-2141`, :cve:`2013-2146`, :cve:`2013-2147`, :cve:`2013-2148`, :cve:`2013-2164`, :cve:`2013-2206`, :cve:`2013-2232`, :cve:`2013-2234`, :cve:`2013-2237`, :cve:`2013-2546`, :cve:`2013-2547`, :cve:`2013-2548`, :cve:`2013-2596`, :cve:`2013-2634`, :cve:`2013-2635`, :cve:`2013-2636`, :cve:`2013-2850`, :cve:`2013-2851`, :cve:`2013-2852`, :cve:`2013-2888`, :cve:`2013-2889`, :cve:`2013-2890`, :cve:`2013-2891`, :cve:`2013-2892`, :cve:`2013-2893`, :cve:`2013-2894`, :cve:`2013-2895`, :cve:`2013-2896`, :cve:`2013-2897`, :cve:`2013-2898`, :cve:`2013-2899`, :cve:`2013-2929`, :cve:`2013-2930`, :cve:`2013-3076`, :cve:`2013-3222`, :cve:`2013-3223`, :cve:`2013-3224`, :cve:`2013-3225`, :cve:`2013-3226`, :cve:`2013-3227`, :cve:`2013-3228`, :cve:`2013-3229`, :cve:`2013-3230`, :cve:`2013-3231`, :cve:`2013-3232`, :cve:`2013-3233`, :cve:`2013-3234`, :cve:`2013-3235`, :cve:`2013-3236`, :cve:`2013-3237`, :cve:`2013-3301`, :cve:`2013-3302`, :cve:`2013-4125`, :cve:`2013-4127`, :cve:`2013-4129`, :cve:`2013-4162`, :cve:`2013-4163`, :cve:`2013-4205`, :cve:`2013-4220`, :cve:`2013-4247`, :cve:`2013-4254`, :cve:`2013-4270`, :cve:`2013-4299`, :cve:`2013-4300`, :cve:`2013-4312`, :cve:`2013-4343`, :cve:`2013-4345`, :cve:`2013-4348`, :cve:`2013-4350`, :cve:`2013-4387`, :cve:`2013-4470`, :cve:`2013-4483`, :cve:`2013-4511`, :cve:`2013-4512`, :cve:`2013-4513`, :cve:`2013-4514`, :cve:`2013-4515`, :cve:`2013-4516`, :cve:`2013-4563`, :cve:`2013-4579`, :cve:`2013-4587`, :cve:`2013-4588`, :cve:`2013-4591`, :cve:`2013-4592`, :cve:`2013-5634`, :cve:`2013-6282`, :cve:`2013-6367`, :cve:`2013-6368`, :cve:`2013-6376`, :cve:`2013-6378`, :cve:`2013-6380`, :cve:`2013-6381`, :cve:`2013-6382`, :cve:`2013-6383`, :cve:`2013-6431`, :cve:`2013-6432`, :cve:`2013-6885`, :cve:`2013-7026`, :cve:`2013-7027`, :cve:`2013-7263`, :cve:`2013-7264`, :cve:`2013-7265`, :cve:`2013-7266`, :cve:`2013-7267`, :cve:`2013-7268`, :cve:`2013-7269`, :cve:`2013-7270`, :cve:`2013-7271`, :cve:`2013-7281`, :cve:`2013-7339`, :cve:`2013-7348`, :cve:`2013-7421`, :cve:`2013-7446`, :cve:`2013-7470`, :cve:`2014-0038`, :cve:`2014-0049`, :cve:`2014-0055`, :cve:`2014-0069`, :cve:`2014-0077`, :cve:`2014-0100`, :cve:`2014-0101`, :cve:`2014-0102`, :cve:`2014-0131`, :cve:`2014-0155`, :cve:`2014-0181`, :cve:`2014-0196`, :cve:`2014-0203`, :cve:`2014-0205`, :cve:`2014-0206`, :cve:`2014-1438`, :cve:`2014-1444`, :cve:`2014-1445`, :cve:`2014-1446`, :cve:`2014-1690`, :cve:`2014-1737`, :cve:`2014-1738`, :cve:`2014-1739`, :cve:`2014-1874`, :cve:`2014-2038`, :cve:`2014-2039`, :cve:`2014-2309`, :cve:`2014-2523`, :cve:`2014-2568`, :cve:`2014-2580`, :cve:`2014-2672`, :cve:`2014-2673`, :cve:`2014-2678`, :cve:`2014-2706`, :cve:`2014-2739`, :cve:`2014-2851`, :cve:`2014-2889`, :cve:`2014-3122`, :cve:`2014-3144`, :cve:`2014-3145`, :cve:`2014-3153`, :cve:`2014-3180`, :cve:`2014-3181`, :cve:`2014-3182`, :cve:`2014-3183`, :cve:`2014-3184`, :cve:`2014-3185`, :cve:`2014-3186`, :cve:`2014-3534`, :cve:`2014-3535`, :cve:`2014-3601`, :cve:`2014-3610`, :cve:`2014-3611`, :cve:`2014-3631`, :cve:`2014-3645`, :cve:`2014-3646`, :cve:`2014-3647`, :cve:`2014-3673`, :cve:`2014-3687`, :cve:`2014-3688`, :cve:`2014-3690`, :cve:`2014-3917`, :cve:`2014-3940`, :cve:`2014-4014`, :cve:`2014-4027`, :cve:`2014-4157`, :cve:`2014-4171`, :cve:`2014-4508`, :cve:`2014-4608`, :cve:`2014-4611`, :cve:`2014-4652`, :cve:`2014-4653`, :cve:`2014-4654`, :cve:`2014-4655`, :cve:`2014-4656`, :cve:`2014-4667`, :cve:`2014-4699`, :cve:`2014-4943`, :cve:`2014-5045`, :cve:`2014-5077`, :cve:`2014-5206`, :cve:`2014-5207`, :cve:`2014-5471`, :cve:`2014-5472`, :cve:`2014-6410`, :cve:`2014-6416`, :cve:`2014-6417`, :cve:`2014-6418`, :cve:`2014-7145`, :cve:`2014-7283`, :cve:`2014-7284`, :cve:`2014-7822`, :cve:`2014-7825`, :cve:`2014-7826`, :cve:`2014-7841`, :cve:`2014-7842`, :cve:`2014-7843`, :cve:`2014-7970`, :cve:`2014-7975`, :cve:`2014-8086`, :cve:`2014-8133`, :cve:`2014-8134`, :cve:`2014-8159`, :cve:`2014-8160`, :cve:`2014-8171`, :cve:`2014-8172`, :cve:`2014-8173`, :cve:`2014-8369`, :cve:`2014-8480`, :cve:`2014-8481`, :cve:`2014-8559`, :cve:`2014-8709`, :cve:`2014-8884`, :cve:`2014-8989`, :cve:`2014-9090`, :cve:`2014-9322`, :cve:`2014-9419`, :cve:`2014-9420`, :cve:`2014-9428`, :cve:`2014-9529`, :cve:`2014-9584`, :cve:`2014-9585`, :cve:`2014-9644`, :cve:`2014-9683`, :cve:`2014-9710`, :cve:`2014-9715`, :cve:`2014-9717`, :cve:`2014-9728`, :cve:`2014-9729`, :cve:`2014-9730`, :cve:`2014-9731`, :cve:`2014-9803`, :cve:`2014-9870`, :cve:`2014-9888`, :cve:`2014-9895`, :cve:`2014-9903`, :cve:`2014-9904`, :cve:`2014-9914`, :cve:`2014-9922`, :cve:`2014-9940`, :cve:`2015-0239`, :cve:`2015-0274`, :cve:`2015-0275`, :cve:`2015-1333`, :cve:`2015-1339`, :cve:`2015-1350`, :cve:`2015-1420`, :cve:`2015-1421`, :cve:`2015-1465`, :cve:`2015-1573`, :cve:`2015-1593`, :cve:`2015-1805`, :cve:`2015-2041`, :cve:`2015-2042`, :cve:`2015-2150`, :cve:`2015-2666`, :cve:`2015-2672`, :cve:`2015-2686`, :cve:`2015-2830`, :cve:`2015-2922`, :cve:`2015-2925`, :cve:`2015-3212`, :cve:`2015-3214`, :cve:`2015-3288`, :cve:`2015-3290`, :cve:`2015-3291`, :cve:`2015-3331`, :cve:`2015-3339`, :cve:`2015-3636`, :cve:`2015-4001`, :cve:`2015-4002`, :cve:`2015-4003`, :cve:`2015-4004`, :cve:`2015-4036`, :cve:`2015-4167`, :cve:`2015-4170`, :cve:`2015-4176`, :cve:`2015-4177`, :cve:`2015-4178`, :cve:`2015-4692`, :cve:`2015-4700`, :cve:`2015-5156`, :cve:`2015-5157`, :cve:`2015-5257`, :cve:`2015-5283`, :cve:`2015-5307`, :cve:`2015-5327`, :cve:`2015-5364`, :cve:`2015-5366`, :cve:`2015-5697`, :cve:`2015-5706`, :cve:`2015-5707`, :cve:`2015-6252`, :cve:`2015-6526`, :cve:`2015-6937`, :cve:`2015-7509`, :cve:`2015-7513`, :cve:`2015-7515`, :cve:`2015-7550`, :cve:`2015-7566`, :cve:`2015-7613`, :cve:`2015-7799`, :cve:`2015-7833`, :cve:`2015-7872`, :cve:`2015-7884`, :cve:`2015-7885`, :cve:`2015-7990`, :cve:`2015-8104`, :cve:`2015-8215`, :cve:`2015-8324`, :cve:`2015-8374`, :cve:`2015-8539`, :cve:`2015-8543`, :cve:`2015-8550`, :cve:`2015-8551`, :cve:`2015-8552`, :cve:`2015-8553`, :cve:`2015-8569`, :cve:`2015-8575`, :cve:`2015-8660`, :cve:`2015-8709`, :cve:`2015-8746`, :cve:`2015-8767`, :cve:`2015-8785`, :cve:`2015-8787`, :cve:`2015-8812`, :cve:`2015-8816`, :cve:`2015-8830`, :cve:`2015-8839`, :cve:`2015-8844`, :cve:`2015-8845`, :cve:`2015-8950`, :cve:`2015-8952`, :cve:`2015-8953`, :cve:`2015-8955`, :cve:`2015-8956`, :cve:`2015-8961`, :cve:`2015-8962`, :cve:`2015-8963`, :cve:`2015-8964`, :cve:`2015-8966`, :cve:`2015-8967`, :cve:`2015-8970`, :cve:`2015-9004`, :cve:`2015-9016`, :cve:`2015-9289`, :cve:`2016-0617`, :cve:`2016-0723`, :cve:`2016-0728`, :cve:`2016-0758`, :cve:`2016-0821`, :cve:`2016-0823`, :cve:`2016-10044`, :cve:`2016-10088`, :cve:`2016-10147`, :cve:`2016-10150`, :cve:`2016-10153`, :cve:`2016-10154`, :cve:`2016-10200`, :cve:`2016-10208`, :cve:`2016-10229`, :cve:`2016-10318`, :cve:`2016-10723`, :cve:`2016-10741`, :cve:`2016-10764`, :cve:`2016-10905`, :cve:`2016-10906`, :cve:`2016-10907`, :cve:`2016-1237`, :cve:`2016-1575`, :cve:`2016-1576`, :cve:`2016-1583`, :cve:`2016-2053`, :cve:`2016-2069`, :cve:`2016-2070`, :cve:`2016-2085`, :cve:`2016-2117`, :cve:`2016-2143`, :cve:`2016-2184`, :cve:`2016-2185`, :cve:`2016-2186`, :cve:`2016-2187`, :cve:`2016-2188`, :cve:`2016-2383`, :cve:`2016-2384`, :cve:`2016-2543`, :cve:`2016-2544`, :cve:`2016-2545`, :cve:`2016-2546`, :cve:`2016-2547`, :cve:`2016-2548`, :cve:`2016-2549`, :cve:`2016-2550`, :cve:`2016-2782`, :cve:`2016-2847`, :cve:`2016-3044`, :cve:`2016-3070`, :cve:`2016-3134`, :cve:`2016-3135`, :cve:`2016-3136`, :cve:`2016-3137`, :cve:`2016-3138`, :cve:`2016-3139`, :cve:`2016-3140`, :cve:`2016-3156`, :cve:`2016-3157`, :cve:`2016-3672`, :cve:`2016-3689`, :cve:`2016-3713`, :cve:`2016-3841`, :cve:`2016-3857`, :cve:`2016-3951`, :cve:`2016-3955`, :cve:`2016-3961`, :cve:`2016-4440`, :cve:`2016-4470`, :cve:`2016-4482`, :cve:`2016-4485`, :cve:`2016-4486`, :cve:`2016-4557`, :cve:`2016-4558`, :cve:`2016-4565`, :cve:`2016-4568`, :cve:`2016-4569`, :cve:`2016-4578`, :cve:`2016-4580`, :cve:`2016-4581`, :cve:`2016-4794`, :cve:`2016-4805`, :cve:`2016-4913`, :cve:`2016-4951`, :cve:`2016-4997`, :cve:`2016-4998`, :cve:`2016-5195`, :cve:`2016-5243`, :cve:`2016-5244`, :cve:`2016-5400`, :cve:`2016-5412`, :cve:`2016-5696`, :cve:`2016-5728`, :cve:`2016-5828`, :cve:`2016-5829`, :cve:`2016-6130`, :cve:`2016-6136`, :cve:`2016-6156`, :cve:`2016-6162`, :cve:`2016-6187`, :cve:`2016-6197`, :cve:`2016-6198`, :cve:`2016-6213`, :cve:`2016-6327`, :cve:`2016-6480`, :cve:`2016-6516`, :cve:`2016-6786`, :cve:`2016-6787`, :cve:`2016-6828`, :cve:`2016-7039`, :cve:`2016-7042`, :cve:`2016-7097`, :cve:`2016-7117`, :cve:`2016-7425`, :cve:`2016-7910`, :cve:`2016-7911`, :cve:`2016-7912`, :cve:`2016-7913`, :cve:`2016-7914`, :cve:`2016-7915`, :cve:`2016-7916`, :cve:`2016-7917`, :cve:`2016-8399`, :cve:`2016-8405`, :cve:`2016-8630`, :cve:`2016-8632`, :cve:`2016-8633`, :cve:`2016-8636`, :cve:`2016-8645`, :cve:`2016-8646`, :cve:`2016-8650`, :cve:`2016-8655`, :cve:`2016-8658`, :cve:`2016-8666`, :cve:`2016-9083`, :cve:`2016-9084`, :cve:`2016-9120`, :cve:`2016-9178`, :cve:`2016-9191`, :cve:`2016-9313`, :cve:`2016-9555`, :cve:`2016-9576`, :cve:`2016-9588`, :cve:`2016-9604`, :cve:`2016-9685`, :cve:`2016-9754`, :cve:`2016-9755`, :cve:`2016-9756`, :cve:`2016-9777`, :cve:`2016-9793`, :cve:`2016-9794`, :cve:`2016-9806`, :cve:`2016-9919`, :cve:`2017-0605`, :cve:`2017-0627`, :cve:`2017-0750`, :cve:`2017-0786`, :cve:`2017-0861`, :cve:`2017-1000`, :cve:`2017-1000111`, :cve:`2017-1000112`, :cve:`2017-1000251`, :cve:`2017-1000252`, :cve:`2017-1000253`, :cve:`2017-1000255`, :cve:`2017-1000363`, :cve:`2017-1000364`, :cve:`2017-1000365`, :cve:`2017-1000370`, :cve:`2017-1000371`, :cve:`2017-1000379`, :cve:`2017-1000380`, :cve:`2017-1000405`, :cve:`2017-1000407`, :cve:`2017-1000410`, :cve:`2017-10661`, :cve:`2017-10662`, :cve:`2017-10663`, :cve:`2017-10810`, :cve:`2017-10911`, :cve:`2017-11089`, :cve:`2017-11176`, :cve:`2017-11472`, :cve:`2017-11473`, :cve:`2017-11600`, :cve:`2017-12134`, :cve:`2017-12146`, :cve:`2017-12153`, :cve:`2017-12154`, :cve:`2017-12168`, :cve:`2017-12188`, :cve:`2017-12190`, :cve:`2017-12192`, :cve:`2017-12193`, :cve:`2017-12762`, :cve:`2017-13080`, :cve:`2017-13166`, :cve:`2017-13167`, :cve:`2017-13168`, :cve:`2017-13215`, :cve:`2017-13216`, :cve:`2017-13220`, :cve:`2017-13305`, :cve:`2017-13686`, :cve:`2017-13695`, :cve:`2017-13715`, :cve:`2017-14051`, :cve:`2017-14106`, :cve:`2017-14140`, :cve:`2017-14156`, :cve:`2017-14340`, :cve:`2017-14489`, :cve:`2017-14497`, :cve:`2017-14954`, :cve:`2017-14991`, :cve:`2017-15102`, :cve:`2017-15115`, :cve:`2017-15116`, :cve:`2017-15121`, :cve:`2017-15126`, :cve:`2017-15127`, :cve:`2017-15128`, :cve:`2017-15129`, :cve:`2017-15265`, :cve:`2017-15274`, :cve:`2017-15299`, :cve:`2017-15306`, :cve:`2017-15537`, :cve:`2017-15649`, :cve:`2017-15868`, :cve:`2017-15951`, :cve:`2017-16525`, :cve:`2017-16526`, :cve:`2017-16527`, :cve:`2017-16528`, :cve:`2017-16529`, :cve:`2017-16530`, :cve:`2017-16531`, :cve:`2017-16532`, :cve:`2017-16533`, :cve:`2017-16534`, :cve:`2017-16535`, :cve:`2017-16536`, :cve:`2017-16537`, :cve:`2017-16538`, :cve:`2017-16643`, :cve:`2017-16644`, :cve:`2017-16645`, :cve:`2017-16646`, :cve:`2017-16647`, :cve:`2017-16648`, :cve:`2017-16649`, :cve:`2017-16650`, :cve:`2017-16911`, :cve:`2017-16912`, :cve:`2017-16913`, :cve:`2017-16914`, :cve:`2017-16939`, :cve:`2017-16994`, :cve:`2017-16995`, :cve:`2017-16996`, :cve:`2017-17052`, :cve:`2017-17053`, :cve:`2017-17448`, :cve:`2017-17449`, :cve:`2017-17450`, :cve:`2017-17558`, :cve:`2017-17712`, :cve:`2017-17741`, :cve:`2017-17805`, :cve:`2017-17806`, :cve:`2017-17807`, :cve:`2017-17852`, :cve:`2017-17853`, :cve:`2017-17854`, :cve:`2017-17855`, :cve:`2017-17856`, :cve:`2017-17857`, :cve:`2017-17862`, :cve:`2017-17863`, :cve:`2017-17864`, :cve:`2017-17975`, :cve:`2017-18017`, :cve:`2017-18075`, :cve:`2017-18079`, :cve:`2017-18174`, :cve:`2017-18193`, :cve:`2017-18200`, :cve:`2017-18202`, :cve:`2017-18203`, :cve:`2017-18204`, :cve:`2017-18208`, :cve:`2017-18216`, :cve:`2017-18218`, :cve:`2017-18221`, :cve:`2017-18222`, :cve:`2017-18224`, :cve:`2017-18232`, :cve:`2017-18241`, :cve:`2017-18249`, :cve:`2017-18255`, :cve:`2017-18257`, :cve:`2017-18261`, :cve:`2017-18270`, :cve:`2017-18344`, :cve:`2017-18360`, :cve:`2017-18379`, :cve:`2017-18509`, :cve:`2017-18549`, :cve:`2017-18550`, :cve:`2017-18551`, :cve:`2017-18552`, :cve:`2017-18595`, :cve:`2017-2583`, :cve:`2017-2584`, :cve:`2017-2596`, :cve:`2017-2618`, :cve:`2017-2634`, :cve:`2017-2636`, :cve:`2017-2647`, :cve:`2017-2671`, :cve:`2017-5123`, :cve:`2017-5546`, :cve:`2017-5547`, :cve:`2017-5548`, :cve:`2017-5549`, :cve:`2017-5550`, :cve:`2017-5551`, :cve:`2017-5576`, :cve:`2017-5577`, :cve:`2017-5669`, :cve:`2017-5715`, :cve:`2017-5753`, :cve:`2017-5754`, :cve:`2017-5897`, :cve:`2017-5967`, :cve:`2017-5970`, :cve:`2017-5972`, :cve:`2017-5986`, :cve:`2017-6001`, :cve:`2017-6074`, :cve:`2017-6214`, :cve:`2017-6345`, :cve:`2017-6346`, :cve:`2017-6347`, :cve:`2017-6348`, :cve:`2017-6353`, :cve:`2017-6874`, :cve:`2017-6951`, :cve:`2017-7184`, :cve:`2017-7187`, :cve:`2017-7261`, :cve:`2017-7273`, :cve:`2017-7277`, :cve:`2017-7294`, :cve:`2017-7308`, :cve:`2017-7346`, :cve:`2017-7374`, :cve:`2017-7472`, :cve:`2017-7477`, :cve:`2017-7482`, :cve:`2017-7487`, :cve:`2017-7495`, :cve:`2017-7518`, :cve:`2017-7533`, :cve:`2017-7541`, :cve:`2017-7542`, :cve:`2017-7558`, :cve:`2017-7616`, :cve:`2017-7618`, :cve:`2017-7645`, :cve:`2017-7889`, :cve:`2017-7895`, :cve:`2017-7979`, :cve:`2017-8061`, :cve:`2017-8062`, :cve:`2017-8063`, :cve:`2017-8064`, :cve:`2017-8065`, :cve:`2017-8066`, :cve:`2017-8067`, :cve:`2017-8068`, :cve:`2017-8069`, :cve:`2017-8070`, :cve:`2017-8071`, :cve:`2017-8072`, :cve:`2017-8106`, :cve:`2017-8240`, :cve:`2017-8797`, :cve:`2017-8824`, :cve:`2017-8831`, :cve:`2017-8890`, :cve:`2017-8924`, :cve:`2017-8925`, :cve:`2017-9059`, :cve:`2017-9074`, :cve:`2017-9075`, :cve:`2017-9076`, :cve:`2017-9077`, :cve:`2017-9150`, :cve:`2017-9211`, :cve:`2017-9242`, :cve:`2017-9605`, :cve:`2017-9725`, :cve:`2017-9984`, :cve:`2017-9985`, :cve:`2017-9986`, :cve:`2018-1000004`, :cve:`2018-1000026`, :cve:`2018-1000028`, :cve:`2018-1000199`, :cve:`2018-1000200`, :cve:`2018-1000204`, :cve:`2018-10021`, :cve:`2018-10074`, :cve:`2018-10087`, :cve:`2018-10124`, :cve:`2018-10322`, :cve:`2018-10323`, :cve:`2018-1065`, :cve:`2018-1066`, :cve:`2018-10675`, :cve:`2018-1068`, :cve:`2018-10840`, :cve:`2018-10853`, :cve:`2018-1087`, :cve:`2018-10876`, :cve:`2018-10877`, :cve:`2018-10878`, :cve:`2018-10879`, :cve:`2018-10880`, :cve:`2018-10881`, :cve:`2018-10882`, :cve:`2018-10883`, :cve:`2018-10901`, :cve:`2018-10902`, :cve:`2018-1091`, :cve:`2018-1092`, :cve:`2018-1093`, :cve:`2018-10938`, :cve:`2018-1094`, :cve:`2018-10940`, :cve:`2018-1095`, :cve:`2018-1108`, :cve:`2018-1118`, :cve:`2018-1120`, :cve:`2018-11232`, :cve:`2018-1128`, :cve:`2018-1129`, :cve:`2018-1130`, :cve:`2018-11412`, :cve:`2018-11506`, :cve:`2018-11508`, :cve:`2018-12126`, :cve:`2018-12127`, :cve:`2018-12130`, :cve:`2018-12207`, :cve:`2018-12232`, :cve:`2018-12233`, :cve:`2018-12633`, :cve:`2018-12714`, :cve:`2018-12896`, :cve:`2018-12904`, :cve:`2018-13053`, :cve:`2018-13093`, :cve:`2018-13094`, :cve:`2018-13095`, :cve:`2018-13096`, :cve:`2018-13097`, :cve:`2018-13098`, :cve:`2018-13099`, :cve:`2018-13100`, :cve:`2018-13405`, :cve:`2018-13406`, :cve:`2018-14609`, :cve:`2018-14610`, :cve:`2018-14611`, :cve:`2018-14612`, :cve:`2018-14613`, :cve:`2018-14614`, :cve:`2018-14615`, :cve:`2018-14616`, :cve:`2018-14617`, :cve:`2018-14619`, :cve:`2018-14625`, :cve:`2018-14633`, :cve:`2018-14634`, :cve:`2018-14641`, :cve:`2018-14646`, :cve:`2018-14656`, :cve:`2018-14678`, :cve:`2018-14734`, :cve:`2018-15471`, :cve:`2018-15572`, :cve:`2018-15594`, :cve:`2018-16276`, :cve:`2018-16597`, :cve:`2018-16658`, :cve:`2018-16862`, :cve:`2018-16871`, :cve:`2018-16880`, :cve:`2018-16882`, :cve:`2018-16884`, :cve:`2018-17182`, :cve:`2018-17972`, :cve:`2018-18021`, :cve:`2018-18281`, :cve:`2018-18386`, :cve:`2018-18397`, :cve:`2018-18445`, :cve:`2018-18559`, :cve:`2018-18690`, :cve:`2018-18710`, :cve:`2018-18955`, :cve:`2018-19406`, :cve:`2018-19407`, :cve:`2018-19824`, :cve:`2018-19854`, :cve:`2018-19985`, :cve:`2018-20169`, :cve:`2018-20449`, :cve:`2018-20509`, :cve:`2018-20510`, :cve:`2018-20511`, :cve:`2018-20669`, :cve:`2018-20784`, :cve:`2018-20836`, :cve:`2018-20854`, :cve:`2018-20855`, :cve:`2018-20856`, :cve:`2018-20961`, :cve:`2018-20976`, :cve:`2018-21008`, :cve:`2018-25015`, :cve:`2018-25020`, :cve:`2018-3620`, :cve:`2018-3639`, :cve:`2018-3646`, :cve:`2018-3665`, :cve:`2018-3693`, :cve:`2018-5332`, :cve:`2018-5333`, :cve:`2018-5344`, :cve:`2018-5390`, :cve:`2018-5391`, :cve:`2018-5703`, :cve:`2018-5750`, :cve:`2018-5803`, :cve:`2018-5814`, :cve:`2018-5848`, :cve:`2018-5873`, :cve:`2018-5953`, :cve:`2018-5995`, :cve:`2018-6412`, :cve:`2018-6554`, :cve:`2018-6555`, :cve:`2018-6927`, :cve:`2018-7191`, :cve:`2018-7273`, :cve:`2018-7480`, :cve:`2018-7492`, :cve:`2018-7566`, :cve:`2018-7740`, :cve:`2018-7754`, :cve:`2018-7755`, :cve:`2018-7757`, :cve:`2018-7995`, :cve:`2018-8043`, :cve:`2018-8087`, :cve:`2018-8781`, :cve:`2018-8822`, :cve:`2018-8897`, :cve:`2018-9363`, :cve:`2018-9385`, :cve:`2018-9415`, :cve:`2018-9422`, :cve:`2018-9465`, :cve:`2018-9516`, :cve:`2018-9517`, :cve:`2018-9518`, :cve:`2018-9568`, :cve:`2019-0136`, :cve:`2019-0145`, :cve:`2019-0146`, :cve:`2019-0147`, :cve:`2019-0148`, :cve:`2019-0149`, :cve:`2019-0154`, :cve:`2019-0155`, :cve:`2019-10124`, :cve:`2019-10125`, :cve:`2019-10126`, :cve:`2019-10142`, :cve:`2019-10207`, :cve:`2019-10220`, :cve:`2019-10638`, :cve:`2019-10639`, :cve:`2019-11085`, :cve:`2019-11091`, :cve:`2019-11135`, :cve:`2019-11190`, :cve:`2019-11191`, :cve:`2019-1125`, :cve:`2019-11477`, :cve:`2019-11478`, :cve:`2019-11479`, :cve:`2019-11486`, :cve:`2019-11487`, :cve:`2019-11599`, :cve:`2019-11683`, :cve:`2019-11810`, :cve:`2019-11811`, :cve:`2019-11815`, :cve:`2019-11833`, :cve:`2019-11884`, :cve:`2019-12378`, :cve:`2019-12379`, :cve:`2019-12380`, :cve:`2019-12381`, :cve:`2019-12382`, :cve:`2019-12454`, :cve:`2019-12455`, :cve:`2019-12614`, :cve:`2019-12615`, :cve:`2019-12817`, :cve:`2019-12818`, :cve:`2019-12819`, :cve:`2019-12881`, :cve:`2019-12984`, :cve:`2019-13233`, :cve:`2019-13272`, :cve:`2019-13631`, :cve:`2019-13648`, :cve:`2019-14283`, :cve:`2019-14284`, :cve:`2019-14615`, :cve:`2019-14763`, :cve:`2019-14814`, :cve:`2019-14815`, :cve:`2019-14816`, :cve:`2019-14821`, :cve:`2019-14835`, :cve:`2019-14895`, :cve:`2019-14896`, :cve:`2019-14897`, :cve:`2019-14901`, :cve:`2019-15030`, :cve:`2019-15031`, :cve:`2019-15090`, :cve:`2019-15098`, :cve:`2019-15099`, :cve:`2019-15117`, :cve:`2019-15118`, :cve:`2019-15211`, :cve:`2019-15212`, :cve:`2019-15213`, :cve:`2019-15214`, :cve:`2019-15215`, :cve:`2019-15216`, :cve:`2019-15217`, :cve:`2019-15218`, :cve:`2019-15219`, :cve:`2019-15220`, :cve:`2019-15221`, :cve:`2019-15222`, :cve:`2019-15223`, :cve:`2019-15291`, :cve:`2019-15292`, :cve:`2019-15504`, :cve:`2019-15505`, :cve:`2019-15538`, :cve:`2019-15666`, :cve:`2019-15807`, :cve:`2019-15916`, :cve:`2019-15917`, :cve:`2019-15918`, :cve:`2019-15919`, :cve:`2019-15920`, :cve:`2019-15921`, :cve:`2019-15922`, :cve:`2019-15923`, :cve:`2019-15924`, :cve:`2019-15925`, :cve:`2019-15926`, :cve:`2019-15927`, :cve:`2019-16229`, :cve:`2019-16230`, :cve:`2019-16231`, :cve:`2019-16232`, :cve:`2019-16233`, :cve:`2019-16234`, :cve:`2019-16413`, :cve:`2019-16714`, :cve:`2019-16746`, :cve:`2019-16921`, :cve:`2019-16994`, :cve:`2019-16995`, :cve:`2019-17052`, :cve:`2019-17053`, :cve:`2019-17054`, :cve:`2019-17055`, :cve:`2019-17056`, :cve:`2019-17075`, :cve:`2019-17133`, :cve:`2019-17351`, :cve:`2019-17666`, :cve:`2019-18198`, :cve:`2019-18282`, :cve:`2019-18660`, :cve:`2019-18675`, :cve:`2019-18683`, :cve:`2019-18786`, :cve:`2019-18805`, :cve:`2019-18806`, :cve:`2019-18807`, :cve:`2019-18808`, :cve:`2019-18809`, :cve:`2019-18810`, :cve:`2019-18811`, :cve:`2019-18812`, :cve:`2019-18813`, :cve:`2019-18814`, :cve:`2019-18885`, :cve:`2019-19036`, :cve:`2019-19037`, :cve:`2019-19039`, :cve:`2019-19043`, :cve:`2019-19044`, :cve:`2019-19045`, :cve:`2019-19046`, :cve:`2019-19047`, :cve:`2019-19048`, :cve:`2019-19049`, :cve:`2019-19050`, :cve:`2019-19051`, :cve:`2019-19052`, :cve:`2019-19053`, :cve:`2019-19054`, :cve:`2019-19055`, :cve:`2019-19056`, :cve:`2019-19057`, :cve:`2019-19058`, :cve:`2019-19059`, :cve:`2019-19060`, :cve:`2019-19061`, :cve:`2019-19062`, :cve:`2019-19063`, :cve:`2019-19064`, :cve:`2019-19065`, :cve:`2019-19066`, :cve:`2019-19067`, :cve:`2019-19068`, :cve:`2019-19069`, :cve:`2019-19070`, :cve:`2019-19071`, :cve:`2019-19072`, :cve:`2019-19073`, :cve:`2019-19074`, :cve:`2019-19075`, :cve:`2019-19076`, :cve:`2019-19077`, :cve:`2019-19078`, :cve:`2019-19079`, :cve:`2019-19080`, :cve:`2019-19081`, :cve:`2019-19082`, :cve:`2019-19083`, :cve:`2019-19227`, :cve:`2019-19241`, :cve:`2019-19252`, :cve:`2019-19318`, :cve:`2019-19319`, :cve:`2019-19332`, :cve:`2019-19338`, :cve:`2019-19377`, :cve:`2019-19447`, :cve:`2019-19448`, :cve:`2019-19449`, :cve:`2019-19462`, :cve:`2019-19523`, :cve:`2019-19524`, :cve:`2019-19525`, :cve:`2019-19526`, :cve:`2019-19527`, :cve:`2019-19528`, :cve:`2019-19529`, :cve:`2019-19530`, :cve:`2019-19531`, :cve:`2019-19532`, :cve:`2019-19533`, :cve:`2019-19534`, :cve:`2019-19535`, :cve:`2019-19536`, :cve:`2019-19537`, :cve:`2019-19543`, :cve:`2019-19602`, :cve:`2019-19767`, :cve:`2019-19768`, :cve:`2019-19769`, :cve:`2019-19770`, :cve:`2019-19807`, :cve:`2019-19813`, :cve:`2019-19815`, :cve:`2019-19816`, :cve:`2019-19922`, :cve:`2019-19927`, :cve:`2019-19947`, :cve:`2019-19965`, :cve:`2019-19966`, :cve:`2019-1999`, :cve:`2019-20054`, :cve:`2019-20095`, :cve:`2019-20096`, :cve:`2019-2024`, :cve:`2019-2025`, :cve:`2019-20422`, :cve:`2019-2054`, :cve:`2019-20636`, :cve:`2019-20806`, :cve:`2019-20810`, :cve:`2019-20811`, :cve:`2019-20812`, :cve:`2019-20908`, :cve:`2019-20934`, :cve:`2019-2101`, :cve:`2019-2181`, :cve:`2019-2182`, :cve:`2019-2213`, :cve:`2019-2214`, :cve:`2019-2215`, :cve:`2019-25044`, :cve:`2019-25045`, :cve:`2019-3016`, :cve:`2019-3459`, :cve:`2019-3460`, :cve:`2019-3701`, :cve:`2019-3819`, :cve:`2019-3837`, :cve:`2019-3846`, :cve:`2019-3874`, :cve:`2019-3882`, :cve:`2019-3887`, :cve:`2019-3892`, :cve:`2019-3896`, :cve:`2019-3900`, :cve:`2019-3901`, :cve:`2019-5108`, :cve:`2019-6133`, :cve:`2019-6974`, :cve:`2019-7221`, :cve:`2019-7222`, :cve:`2019-7308`, :cve:`2019-8912`, :cve:`2019-8956`, :cve:`2019-8980`, :cve:`2019-9003`, :cve:`2019-9162`, :cve:`2019-9213`, :cve:`2019-9245`, :cve:`2019-9444`, :cve:`2019-9445`, :cve:`2019-9453`, :cve:`2019-9454`, :cve:`2019-9455`, :cve:`2019-9456`, :cve:`2019-9457`, :cve:`2019-9458`, :cve:`2019-9466`, :cve:`2019-9500`, :cve:`2019-9503`, :cve:`2019-9506`, :cve:`2019-9857`, :cve:`2020-0009`, :cve:`2020-0030`, :cve:`2020-0041`, :cve:`2020-0066`, :cve:`2020-0067`, :cve:`2020-0110`, :cve:`2020-0255`, :cve:`2020-0305`, :cve:`2020-0404`, :cve:`2020-0423`, :cve:`2020-0427`, :cve:`2020-0429`, :cve:`2020-0430`, :cve:`2020-0431`, :cve:`2020-0432`, :cve:`2020-0433`, :cve:`2020-0435`, :cve:`2020-0444`, :cve:`2020-0465`, :cve:`2020-0466`, :cve:`2020-0543`, :cve:`2020-10135`, :cve:`2020-10690`, :cve:`2020-10711`, :cve:`2020-10720`, :cve:`2020-10732`, :cve:`2020-10742`, :cve:`2020-10751`, :cve:`2020-10757`, :cve:`2020-10766`, :cve:`2020-10767`, :cve:`2020-10768`, :cve:`2020-10769`, :cve:`2020-10773`, :cve:`2020-10781`, :cve:`2020-10942`, :cve:`2020-11494`, :cve:`2020-11565`, :cve:`2020-11608`, :cve:`2020-11609`, :cve:`2020-11668`, :cve:`2020-11669`, :cve:`2020-11884`, :cve:`2020-12114`, :cve:`2020-12351`, :cve:`2020-12352`, :cve:`2020-12464`, :cve:`2020-12465`, :cve:`2020-12652`, :cve:`2020-12653`, :cve:`2020-12654`, :cve:`2020-12655`, :cve:`2020-12656`, :cve:`2020-12657`, :cve:`2020-12659`, :cve:`2020-12768`, :cve:`2020-12769`, :cve:`2020-12770`, :cve:`2020-12771`, :cve:`2020-12826`, :cve:`2020-12888`, :cve:`2020-12912`, :cve:`2020-13143`, :cve:`2020-13974`, :cve:`2020-14305`, :cve:`2020-14314`, :cve:`2020-14331`, :cve:`2020-14351`, :cve:`2020-14353`, :cve:`2020-14356`, :cve:`2020-14381`, :cve:`2020-14385`, :cve:`2020-14386`, :cve:`2020-14390`, :cve:`2020-14416`, :cve:`2020-15393`, :cve:`2020-15436`, :cve:`2020-15437`, :cve:`2020-15780`, :cve:`2020-15852`, :cve:`2020-16119`, :cve:`2020-16120`, :cve:`2020-16166`, :cve:`2020-1749`, :cve:`2020-24394`, :cve:`2020-24490`, :cve:`2020-24586`, :cve:`2020-24587`, :cve:`2020-24588`, :cve:`2020-25211`, :cve:`2020-25212`, :cve:`2020-25221`, :cve:`2020-25284`, :cve:`2020-25285`, :cve:`2020-25639`, :cve:`2020-25641`, :cve:`2020-25643`, :cve:`2020-25645`, :cve:`2020-25656`, :cve:`2020-25668`, :cve:`2020-25669`, :cve:`2020-25670`, :cve:`2020-25671`, :cve:`2020-25672`, :cve:`2020-25673`, :cve:`2020-25704`, :cve:`2020-25705`, :cve:`2020-26088`, :cve:`2020-26139`, :cve:`2020-26141`, :cve:`2020-26145`, :cve:`2020-26147`, :cve:`2020-26541`, :cve:`2020-26555`, :cve:`2020-26558`, :cve:`2020-27066`, :cve:`2020-27067`, :cve:`2020-27068`, :cve:`2020-27152`, :cve:`2020-27170`, :cve:`2020-27171`, :cve:`2020-27194`, :cve:`2020-2732`, :cve:`2020-27418`, :cve:`2020-27673`, :cve:`2020-27675`, :cve:`2020-27777`, :cve:`2020-27784`, :cve:`2020-27786`, :cve:`2020-27815`, :cve:`2020-27820`, :cve:`2020-27825`, :cve:`2020-27830`, :cve:`2020-27835`, :cve:`2020-28097`, :cve:`2020-28374`, :cve:`2020-28588`, :cve:`2020-28915`, :cve:`2020-28941`, :cve:`2020-28974`, :cve:`2020-29368`, :cve:`2020-29369`, :cve:`2020-29370`, :cve:`2020-29371`, :cve:`2020-29372`, :cve:`2020-29373`, :cve:`2020-29374`, :cve:`2020-29534`, :cve:`2020-29568`, :cve:`2020-29569`, :cve:`2020-29660`, :cve:`2020-29661`, :cve:`2020-35499`, :cve:`2020-35508`, :cve:`2020-35513`, :cve:`2020-35519`, :cve:`2020-36158`, :cve:`2020-36310`, :cve:`2020-36311`, :cve:`2020-36312`, :cve:`2020-36313`, :cve:`2020-36322`, :cve:`2020-36385`, :cve:`2020-36386`, :cve:`2020-36387`, :cve:`2020-36516`, :cve:`2020-36557`, :cve:`2020-36558`, :cve:`2020-36691`, :cve:`2020-36694`, :cve:`2020-36766`, :cve:`2020-3702`, :cve:`2020-4788`, :cve:`2020-7053`, :cve:`2020-8428`, :cve:`2020-8647`, :cve:`2020-8648`, :cve:`2020-8649`, :cve:`2020-8694`, :cve:`2020-8834`, :cve:`2020-8835`, :cve:`2020-8992`, :cve:`2020-9383`, :cve:`2020-9391`, :cve:`2021-0129`, :cve:`2021-0342`, :cve_mitre:`2021-0447`, :cve_mitre:`2021-0448`, :cve:`2021-0512`, :cve:`2021-0605`, :cve:`2021-0707`, :cve:`2021-0920`, :cve:`2021-0929`, :cve:`2021-0935`, :cve_mitre:`2021-0937`, :cve:`2021-0938`, :cve:`2021-0941`, :cve:`2021-1048`, :cve:`2021-20177`, :cve:`2021-20194`, :cve:`2021-20226`, :cve:`2021-20239`, :cve:`2021-20261`, :cve:`2021-20265`, :cve:`2021-20268`, :cve:`2021-20292`, :cve:`2021-20317`, :cve:`2021-20320`, :cve:`2021-20321`, :cve:`2021-20322`, :cve:`2021-21781`, :cve:`2021-22543`, :cve:`2021-22555`, :cve:`2021-22600`, :cve:`2021-23133`, :cve:`2021-23134`, :cve:`2021-26401`, :cve:`2021-26708`, :cve:`2021-26930`, :cve:`2021-26931`, :cve:`2021-26932`, :cve:`2021-27363`, :cve:`2021-27364`, :cve:`2021-27365`, :cve:`2021-28038`, :cve:`2021-28039`, :cve:`2021-28375`, :cve:`2021-28660`, :cve:`2021-28688`, :cve:`2021-28691`, :cve:`2021-28711`, :cve:`2021-28712`, :cve:`2021-28713`, :cve:`2021-28714`, :cve:`2021-28715`, :cve:`2021-28950`, :cve:`2021-28951`, :cve:`2021-28952`, :cve:`2021-28964`, :cve:`2021-28971`, :cve:`2021-28972`, :cve:`2021-29154`, :cve:`2021-29155`, :cve:`2021-29264`, :cve:`2021-29265`, :cve:`2021-29266`, :cve:`2021-29646`, :cve:`2021-29647`, :cve:`2021-29648`, :cve:`2021-29649`, :cve:`2021-29650`, :cve:`2021-29657`, :cve:`2021-30002`, :cve:`2021-30178`, :cve:`2021-31440`, :cve:`2021-3178`, :cve:`2021-31829`, :cve:`2021-31916`, :cve:`2021-32399`, :cve:`2021-32606`, :cve:`2021-33033`, :cve:`2021-33034`, :cve:`2021-33098`, :cve:`2021-33135`, :cve:`2021-33200`, :cve:`2021-3347`, :cve:`2021-3348`, :cve:`2021-33624`, :cve:`2021-33655`, :cve:`2021-33656`, :cve:`2021-33909`, :cve:`2021-3411`, :cve:`2021-3428`, :cve:`2021-3444`, :cve:`2021-34556`, :cve:`2021-34693`, :cve:`2021-3483`, :cve:`2021-34866`, :cve:`2021-3489`, :cve:`2021-3490`, :cve:`2021-3491`, :cve_mitre:`2021-34981`, :cve:`2021-3501`, :cve:`2021-35039`, :cve:`2021-3506`, :cve:`2021-3543`, :cve:`2021-35477`, :cve:`2021-3564`, :cve:`2021-3573`, :cve:`2021-3587`, :cve_mitre:`2021-3600`, :cve:`2021-3609`, :cve:`2021-3612`, :cve:`2021-3635`, :cve:`2021-3640`, :cve:`2021-3653`, :cve:`2021-3655`, :cve:`2021-3656`, :cve:`2021-3659`, :cve:`2021-3679`, :cve:`2021-3715`, :cve:`2021-37159`, :cve:`2021-3732`, :cve:`2021-3736`, :cve:`2021-3739`, :cve:`2021-3743`, :cve:`2021-3744`, :cve:`2021-3752`, :cve:`2021-3753`, :cve:`2021-37576`, :cve:`2021-3759`, :cve:`2021-3760`, :cve:`2021-3764`, :cve:`2021-3772`, :cve:`2021-38160`, :cve:`2021-38166`, :cve:`2021-38198`, :cve:`2021-38199`, :cve:`2021-38200`, :cve:`2021-38201`, :cve:`2021-38202`, :cve:`2021-38203`, :cve:`2021-38204`, :cve:`2021-38205`, :cve:`2021-38206`, :cve:`2021-38207`, :cve:`2021-38208`, :cve:`2021-38209`, :cve:`2021-38300`, :cve:`2021-3894`, :cve:`2021-3896`, :cve:`2021-3923`, :cve:`2021-39633`, :cve:`2021-39634`, :cve:`2021-39636`, :cve:`2021-39648`, :cve:`2021-39656`, :cve:`2021-39657`, :cve:`2021-39685`, :cve:`2021-39686`, :cve:`2021-39698`, :cve:`2021-39711`, :cve:`2021-39713`, :cve:`2021-39714`, :cve:`2021-4001`, :cve:`2021-4002`, :cve:`2021-4028`, :cve:`2021-4032`, :cve:`2021-4037`, :cve:`2021-40490`, :cve:`2021-4083`, :cve:`2021-4090`, :cve:`2021-4093`, :cve:`2021-4095`, :cve:`2021-41073`, :cve:`2021-4135`, :cve:`2021-4148`, :cve:`2021-4149`, :cve:`2021-4154`, :cve:`2021-4155`, :cve:`2021-4157`, :cve:`2021-4159`, :cve:`2021-41864`, :cve:`2021-4197`, :cve:`2021-42008`, :cve:`2021-4202`, :cve:`2021-4203`, :cve:`2021-4218`, :cve:`2021-42252`, :cve:`2021-42327`, :cve:`2021-42739`, :cve:`2021-43056`, :cve:`2021-43057`, :cve:`2021-43267`, :cve:`2021-43389`, :cve:`2021-43975`, :cve:`2021-43976`, :cve:`2021-44733`, :cve:`2021-45095`, :cve:`2021-45100`, :cve:`2021-45402`, :cve:`2021-45469`, :cve:`2021-45480`, :cve:`2021-45485`, :cve:`2021-45486`, :cve:`2021-45868`, :cve:`2021-46283`, :cve:`2022-0001`, :cve:`2022-0002`, :cve:`2022-0168`, :cve:`2022-0171`, :cve:`2022-0185`, :cve:`2022-0264`, :cve:`2022-0286`, :cve:`2022-0322`, :cve:`2022-0330`, :cve:`2022-0433`, :cve:`2022-0435`, :cve:`2022-0487`, :cve:`2022-0492`, :cve:`2022-0494`, :cve:`2022-0516`, :cve:`2022-0617`, :cve:`2022-0644`, :cve:`2022-0646`, :cve:`2022-0742`, :cve:`2022-0812`, :cve:`2022-0847`, :cve:`2022-0850`, :cve:`2022-0854`, :cve:`2022-0995`, :cve:`2022-1011`, :cve:`2022-1012`, :cve:`2022-1015`, :cve:`2022-1016`, :cve:`2022-1043`, :cve:`2022-1048`, :cve:`2022-1055`, :cve:`2022-1158`, :cve:`2022-1184`, :cve:`2022-1195`, :cve:`2022-1198`, :cve:`2022-1199`, :cve:`2022-1204`, :cve:`2022-1205`, :cve:`2022-1353`, :cve:`2022-1419`, :cve:`2022-1462`, :cve:`2022-1516`, :cve:`2022-1651`, :cve:`2022-1652`, :cve:`2022-1671`, :cve:`2022-1678`, :cve:`2022-1679`, :cve:`2022-1729`, :cve:`2022-1734`, :cve:`2022-1786`, :cve:`2022-1789`, :cve:`2022-1836`, :cve:`2022-1852`, :cve:`2022-1882`, :cve:`2022-1943`, :cve:`2022-1966`, :cve:`2022-1972`, :cve:`2022-1973`, :cve:`2022-1974`, :cve:`2022-1975`, :cve:`2022-1976`, :cve:`2022-1998`, :cve:`2022-20008`, :cve:`2022-20132`, :cve:`2022-20141`, :cve:`2022-20153`, :cve:`2022-20154`, :cve:`2022-20158`, :cve:`2022-20166`, :cve:`2022-20368`, :cve:`2022-20369`, :cve:`2022-20421`, :cve:`2022-20422`, :cve:`2022-20423`, :cve_mitre:`2022-20565`, :cve:`2022-20566`, :cve:`2022-20567`, :cve:`2022-20572`, :cve:`2022-2078`, :cve:`2022-21123`, :cve:`2022-21125`, :cve:`2022-21166`, :cve:`2022-21385`, :cve:`2022-21499`, :cve_mitre:`2022-21505`, :cve:`2022-2153`, :cve:`2022-2196`, :cve_mitre:`2022-22942`, :cve:`2022-23036`, :cve:`2022-23037`, :cve:`2022-23038`, :cve:`2022-23039`, :cve:`2022-23040`, :cve:`2022-23041`, :cve:`2022-23042`, :cve:`2022-2308`, :cve:`2022-2318`, :cve:`2022-2380`, :cve:`2022-23816`, :cve:`2022-23960`, :cve:`2022-24122`, :cve:`2022-24448`, :cve:`2022-24958`, :cve:`2022-24959`, :cve:`2022-2503`, :cve:`2022-25258`, :cve:`2022-25375`, :cve:`2022-25636`, :cve_mitre:`2022-2585`, :cve_mitre:`2022-2586`, :cve_mitre:`2022-2588`, :cve:`2022-2590`, :cve_mitre:`2022-2602`, :cve:`2022-26365`, :cve:`2022-26373`, :cve:`2022-2639`, :cve:`2022-26490`, :cve:`2022-2663`, :cve:`2022-26966`, :cve:`2022-27223`, :cve:`2022-27666`, :cve:`2022-2785`, :cve:`2022-27950`, :cve:`2022-28356`, :cve:`2022-28388`, :cve:`2022-28389`, :cve:`2022-28390`, :cve:`2022-2873`, :cve:`2022-28796`, :cve:`2022-28893`, :cve:`2022-2905`, :cve:`2022-29156`, :cve:`2022-2938`, :cve:`2022-29581`, :cve:`2022-29582`, :cve:`2022-2959`, :cve:`2022-2964`, :cve:`2022-2977`, :cve:`2022-2978`, :cve:`2022-29900`, :cve:`2022-29901`, :cve:`2022-29968`, :cve:`2022-3028`, :cve:`2022-30594`, :cve:`2022-3061`, :cve:`2022-3077`, :cve:`2022-3078`, :cve:`2022-3103`, :cve:`2022-3104`, :cve:`2022-3105`, :cve:`2022-3106`, :cve:`2022-3107`, :cve:`2022-3110`, :cve:`2022-3111`, :cve:`2022-3112`, :cve:`2022-3113`, :cve:`2022-3114`, :cve:`2022-3115`, :cve:`2022-3169`, :cve:`2022-3170`, :cve:`2022-3202`, :cve:`2022-32250`, :cve:`2022-32296`, :cve:`2022-3239`, :cve:`2022-32981`, :cve:`2022-3303`, :cve:`2022-33740`, :cve:`2022-33741`, :cve:`2022-33742`, :cve:`2022-33743`, :cve:`2022-33744`, :cve:`2022-33981`, :cve:`2022-3424`, :cve:`2022-3435`, :cve:`2022-34494`, :cve:`2022-34495`, :cve:`2022-34918`, :cve:`2022-3521`, :cve:`2022-3524`, :cve:`2022-3526`, :cve:`2022-3531`, :cve:`2022-3532`, :cve:`2022-3534`, :cve:`2022-3535`, :cve:`2022-3541`, :cve:`2022-3542`, :cve:`2022-3543`, :cve:`2022-3545`, :cve:`2022-3564`, :cve:`2022-3565`, :cve:`2022-3577`, :cve:`2022-3586`, :cve:`2022-3594`, :cve:`2022-36123`, :cve:`2022-3619`, :cve:`2022-3621`, :cve:`2022-3623`, :cve:`2022-3625`, :cve:`2022-3628`, :cve:`2022-36280`, :cve:`2022-3629`, :cve:`2022-3630`, :cve:`2022-3633`, :cve:`2022-3635`, :cve:`2022-3640`, :cve:`2022-3643`, :cve:`2022-3646`, :cve:`2022-3649`, :cve:`2022-36879`, :cve:`2022-36946`, :cve:`2022-3707`, :cve:`2022-3910`, :cve:`2022-39189`, :cve:`2022-39190`, :cve:`2022-3977`, :cve:`2022-39842`, :cve:`2022-40307`, :cve:`2022-40476`, :cve:`2022-40768`, :cve:`2022-4095`, :cve:`2022-40982`, :cve:`2022-41218`, :cve:`2022-41222`, :cve:`2022-4127`, :cve:`2022-4128`, :cve:`2022-4129`, :cve:`2022-4139`, :cve:`2022-41674`, :cve:`2022-41849`, :cve:`2022-41850`, :cve:`2022-41858`, :cve:`2022-42328`, :cve:`2022-42329`, :cve:`2022-42432`, :cve:`2022-4269`, :cve:`2022-42703`, :cve:`2022-42719`, :cve:`2022-42720`, :cve:`2022-42721`, :cve:`2022-42722`, :cve:`2022-42895`, :cve:`2022-42896`, :cve:`2022-43750`, :cve:`2022-4378`, :cve:`2022-4379`, :cve:`2022-4382`, :cve:`2022-43945`, :cve:`2022-45869`, :cve:`2022-45886`, :cve:`2022-45887`, :cve:`2022-45888`, :cve:`2022-45919`, :cve:`2022-45934`, :cve:`2022-4662`, :cve:`2022-4744`, :cve:`2022-47518`, :cve:`2022-47519`, :cve:`2022-47520`, :cve:`2022-47521`, :cve:`2022-47929`, :cve:`2022-47938`, :cve:`2022-47939`, :cve:`2022-47940`, :cve:`2022-47941`, :cve:`2022-47942`, :cve:`2022-47943`, :cve:`2022-4842`, :cve:`2022-48423`, :cve:`2022-48424`, :cve:`2022-48425`, :cve:`2022-48502`, :cve:`2023-0030`, :cve:`2023-0045`, :cve:`2023-0047`, :cve:`2023-0122`, :cve:`2023-0160`, :cve:`2023-0179`, :cve:`2023-0210`, :cve:`2023-0240`, :cve:`2023-0266`, :cve:`2023-0394`, :cve:`2023-0458`, :cve:`2023-0459`, :cve:`2023-0461`, :cve:`2023-0468`, :cve:`2023-0469`, :cve:`2023-0590`, :cve:`2023-0615`, :cve_mitre:`2023-1032`, :cve:`2023-1073`, :cve:`2023-1074`, :cve:`2023-1076`, :cve:`2023-1077`, :cve:`2023-1078`, :cve:`2023-1079`, :cve:`2023-1095`, :cve:`2023-1118`, :cve:`2023-1192`, :cve:`2023-1194`, :cve:`2023-1195`, :cve:`2023-1206`, :cve:`2023-1249`, :cve:`2023-1252`, :cve:`2023-1281`, :cve:`2023-1380`, :cve:`2023-1382`, :cve:`2023-1390`, :cve:`2023-1513`, :cve:`2023-1582`, :cve:`2023-1583`, :cve:`2023-1611`, :cve:`2023-1637`, :cve:`2023-1652`, :cve:`2023-1670`, :cve:`2023-1829`, :cve:`2023-1838`, :cve:`2023-1855`, :cve:`2023-1859`, :cve:`2023-1989`, :cve:`2023-1990`, :cve:`2023-1998`, :cve:`2023-2002`, :cve:`2023-2006`, :cve:`2023-2008`, :cve:`2023-2019`, :cve:`2023-20569`, :cve:`2023-20588`, :cve:`2023-20593`, :cve:`2023-20938`, :cve:`2023-21102`, :cve:`2023-21106`, :cve:`2023-2124`, :cve:`2023-21255`, :cve:`2023-21264`, :cve:`2023-2156`, :cve:`2023-2162`, :cve:`2023-2163`, :cve:`2023-2166`, :cve:`2023-2177`, :cve:`2023-2194`, :cve:`2023-2235`, :cve:`2023-2236`, :cve:`2023-2248`, :cve:`2023-2269`, :cve:`2023-22996`, :cve:`2023-22997`, :cve:`2023-22998`, :cve:`2023-22999`, :cve:`2023-23001`, :cve:`2023-23002`, :cve:`2023-23003`, :cve:`2023-23004`, :cve:`2023-23005`, :cve:`2023-23006`, :cve:`2023-23454`, :cve:`2023-23455`, :cve:`2023-23559`, :cve:`2023-2483`, :cve:`2023-25012`, :cve:`2023-2513`, :cve:`2023-25775`, :cve:`2023-2598`, :cve:`2023-26544`, :cve:`2023-26545`, :cve:`2023-26605`, :cve:`2023-26606`, :cve:`2023-26607`, :cve:`2023-28327`, :cve:`2023-28328`, :cve:`2023-28410`, :cve:`2023-28464`, :cve:`2023-28466`, :cve:`2023-2860`, :cve:`2023-28772`, :cve:`2023-28866`, :cve:`2023-2898`, :cve:`2023-2985`, :cve:`2023-3006`, :cve:`2023-30456`, :cve:`2023-30772`, :cve:`2023-3090`, :cve:`2023-3106`, :cve:`2023-3111`, :cve:`2023-3117`, :cve:`2023-31248`, :cve:`2023-3141`, :cve:`2023-31436`, :cve:`2023-3159`, :cve:`2023-3161`, :cve:`2023-3212`, :cve:`2023-3220`, :cve:`2023-32233`, :cve:`2023-32247`, :cve:`2023-32248`, :cve:`2023-32250`, :cve:`2023-32252`, :cve:`2023-32254`, :cve:`2023-32257`, :cve:`2023-32258`, :cve:`2023-32269`, :cve:`2023-3268`, :cve:`2023-3269`, :cve:`2023-3312`, :cve:`2023-3317`, :cve:`2023-33203`, :cve:`2023-33250`, :cve:`2023-33288`, :cve:`2023-3338`, :cve:`2023-3355`, :cve:`2023-3357`, :cve:`2023-3358`, :cve:`2023-3359`, :cve:`2023-3390`, :cve:`2023-33951`, :cve:`2023-33952`, :cve:`2023-34255`, :cve:`2023-34256`, :cve:`2023-34319`, :cve:`2023-3439`, :cve:`2023-35001`, :cve:`2023-3567`, :cve:`2023-35788`, :cve:`2023-35823`, :cve:`2023-35824`, :cve:`2023-35826`, :cve:`2023-35828`, :cve:`2023-35829`, :cve:`2023-3609`, :cve:`2023-3610`, :cve:`2023-3611`, :cve:`2023-37453`, :cve:`2023-3772`, :cve:`2023-3773`, :cve:`2023-3776`, :cve:`2023-3777`, :cve:`2023-3812`, :cve:`2023-38409`, :cve:`2023-38426`, :cve:`2023-38427`, :cve:`2023-38428`, :cve:`2023-38429`, :cve:`2023-38430`, :cve:`2023-38431`, :cve:`2023-38432`, :cve:`2023-3863`, :cve_mitre:`2023-3865`, :cve_mitre:`2023-3866`, :cve_mitre:`2023-3867`, :cve:`2023-39189`, :cve:`2023-39192`, :cve:`2023-39193`, :cve:`2023-39194`, :cve:`2023-4004`, :cve:`2023-4015`, :cve:`2023-40283`, :cve:`2023-4128`, :cve:`2023-4132`, :cve:`2023-4147`, :cve:`2023-4155`, :cve:`2023-4194`, :cve:`2023-4206`, :cve:`2023-4207`, :cve:`2023-4208`, :cve:`2023-4273`, :cve:`2023-42752`, :cve:`2023-42753`, :cve:`2023-42755`, :cve:`2023-42756`, :cve:`2023-4385`, :cve:`2023-4387`, :cve:`2023-4389`, :cve:`2023-4394`, :cve:`2023-44466`, :cve:`2023-4459`, :cve:`2023-4569`, :cve:`2023-45862`, :cve:`2023-45871`, :cve:`2023-4611`, :cve:`2023-4623`, :cve:`2023-4732`, :cve:`2023-4921` and :cve:`2023-5345`
--  linux-yocto/5.15: Ignore :cve:`2022-45886`, :cve:`2022-45887`, :cve:`2022-45919`, :cve:`2022-48502`, :cve:`2023-0160`, :cve:`2023-1206`, :cve:`2023-20593`, :cve:`2023-21264`, :cve:`2023-2898`, :cve:`2023-31248`, :cve:`2023-33250`, :cve:`2023-34319`, :cve:`2023-35001`, :cve:`2023-3611`, :cve:`2023-37453`, :cve:`2023-3773`, :cve:`2023-3776`, :cve:`2023-3777`, :cve:`2023-38432`, :cve:`2023-3863`, :cve_mitre:`2023-3865`, :cve_mitre:`2023-3866`, :cve:`2023-4004`, :cve:`2023-4015`, :cve:`2023-4132`, :cve:`2023-4147`, :cve:`2023-4194`, :cve:`2023-4385`, :cve:`2023-4387`, :cve:`2023-4389`, :cve:`2023-4394`, :cve:`2023-4459` and :cve:`2023-4611`
--  openssl: Fix :cve:`2023-4807` and :cve:`2023-5363`
--  python3-git: Fix :cve:`2023-40590` and :cve:`2023-41040`
--  python3-urllib3: Fix :cve:`2023-43804`
--  qemu: Ignore :cve:`2023-2680`
--  ruby: Fix :cve:`2023-36617`
+-  linux-yocto/5.10: Ignore :cve_nist:`2003-1604`, :cve_nist:`2004-0230`, :cve_nist:`2006-3635`, :cve_nist:`2006-5331`, :cve_nist:`2006-6128`, :cve_nist:`2007-4774`, :cve_nist:`2007-6761`, :cve_nist:`2007-6762`, :cve_nist:`2008-7316`, :cve_nist:`2009-2692`, :cve_nist:`2010-0008`, :cve_nist:`2010-3432`, :cve_nist:`2010-4648`, :cve_nist:`2010-5313`, :cve_nist:`2010-5328`, :cve_nist:`2010-5329`, :cve_nist:`2010-5331`, :cve_nist:`2010-5332`, :cve_nist:`2011-4098`, :cve_nist:`2011-4131`, :cve_nist:`2011-4915`, :cve_nist:`2011-5321`, :cve_nist:`2011-5327`, :cve_nist:`2012-0957`, :cve_nist:`2012-2119`, :cve_nist:`2012-2136`, :cve_nist:`2012-2137`, :cve_nist:`2012-2313`, :cve_nist:`2012-2319`, :cve_nist:`2012-2372`, :cve_nist:`2012-2375`, :cve_nist:`2012-2390`, :cve_nist:`2012-2669`, :cve_nist:`2012-2744`, :cve_nist:`2012-2745`, :cve_nist:`2012-3364`, :cve_nist:`2012-3375`, :cve_nist:`2012-3400`, :cve_nist:`2012-3412`, :cve_nist:`2012-3430`, :cve_nist:`2012-3510`, :cve_nist:`2012-3511`, :cve_nist:`2012-3520`, :cve_nist:`2012-3552`, :cve_nist:`2012-4398`, :cve_nist:`2012-4444`, :cve_nist:`2012-4461`, :cve_nist:`2012-4467`, :cve_nist:`2012-4508`, :cve_nist:`2012-4530`, :cve_nist:`2012-4565`, :cve_nist:`2012-5374`, :cve_nist:`2012-5375`, :cve_nist:`2012-5517`, :cve_nist:`2012-6536`, :cve_nist:`2012-6537`, :cve_nist:`2012-6538`, :cve_nist:`2012-6539`, :cve_nist:`2012-6540`, :cve_nist:`2012-6541`, :cve_nist:`2012-6542`, :cve_nist:`2012-6543`, :cve_nist:`2012-6544`, :cve_nist:`2012-6545`, :cve_nist:`2012-6546`, :cve_nist:`2012-6547`, :cve_nist:`2012-6548`, :cve_nist:`2012-6549`, :cve_nist:`2012-6638`, :cve_nist:`2012-6647`, :cve_nist:`2012-6657`, :cve_nist:`2012-6689`, :cve_nist:`2012-6701`, :cve_nist:`2012-6703`, :cve_nist:`2012-6704`, :cve_nist:`2012-6712`, :cve_nist:`2013-0160`, :cve_nist:`2013-0190`, :cve_nist:`2013-0216`, :cve_nist:`2013-0217`, :cve_nist:`2013-0228`, :cve_nist:`2013-0231`, :cve_nist:`2013-0268`, :cve_nist:`2013-0290`, :cve_nist:`2013-0309`, :cve_nist:`2013-0310`, :cve_nist:`2013-0311`, :cve_nist:`2013-0313`, :cve_nist:`2013-0343`, :cve_nist:`2013-0349`, :cve_nist:`2013-0871`, :cve_nist:`2013-0913`, :cve_nist:`2013-0914`, :cve_nist:`2013-1059`, :cve_nist:`2013-1763`, :cve_nist:`2013-1767`, :cve_nist:`2013-1772`, :cve_nist:`2013-1773`, :cve_nist:`2013-1774`, :cve_nist:`2013-1792`, :cve_nist:`2013-1796`, :cve_nist:`2013-1797`, :cve_nist:`2013-1798`, :cve_nist:`2013-1819`, :cve_nist:`2013-1826`, :cve_nist:`2013-1827`, :cve_nist:`2013-1828`, :cve_nist:`2013-1848`, :cve_nist:`2013-1858`, :cve_nist:`2013-1860`, :cve_nist:`2013-1928`, :cve_nist:`2013-1929`, :cve_nist:`2013-1943`, :cve_nist:`2013-1956`, :cve_nist:`2013-1957`, :cve_nist:`2013-1958`, :cve_nist:`2013-1959`, :cve_nist:`2013-1979`, :cve_nist:`2013-2015`, :cve_nist:`2013-2017`, :cve_nist:`2013-2058`, :cve_nist:`2013-2094`, :cve_nist:`2013-2128`, :cve_nist:`2013-2140`, :cve_nist:`2013-2141`, :cve_nist:`2013-2146`, :cve_nist:`2013-2147`, :cve_nist:`2013-2148`, :cve_nist:`2013-2164`, :cve_nist:`2013-2206`, :cve_nist:`2013-2232`, :cve_nist:`2013-2234`, :cve_nist:`2013-2237`, :cve_nist:`2013-2546`, :cve_nist:`2013-2547`, :cve_nist:`2013-2548`, :cve_nist:`2013-2596`, :cve_nist:`2013-2634`, :cve_nist:`2013-2635`, :cve_nist:`2013-2636`, :cve_nist:`2013-2850`, :cve_nist:`2013-2851`, :cve_nist:`2013-2852`, :cve_nist:`2013-2888`, :cve_nist:`2013-2889`, :cve_nist:`2013-2890`, :cve_nist:`2013-2891`, :cve_nist:`2013-2892`, :cve_nist:`2013-2893`, :cve_nist:`2013-2894`, :cve_nist:`2013-2895`, :cve_nist:`2013-2896`, :cve_nist:`2013-2897`, :cve_nist:`2013-2898`, :cve_nist:`2013-2899`, :cve_nist:`2013-2929`, :cve_nist:`2013-2930`, :cve_nist:`2013-3076`, :cve_nist:`2013-3222`, :cve_nist:`2013-3223`, :cve_nist:`2013-3224`, :cve_nist:`2013-3225`, :cve_nist:`2013-3226`, :cve_nist:`2013-3227`, :cve_nist:`2013-3228`, :cve_nist:`2013-3229`, :cve_nist:`2013-3230`, :cve_nist:`2013-3231`, :cve_nist:`2013-3232`, :cve_nist:`2013-3233`, :cve_nist:`2013-3234`, :cve_nist:`2013-3235`, :cve_nist:`2013-3236`, :cve_nist:`2013-3237`, :cve_nist:`2013-3301`, :cve_nist:`2013-3302`, :cve_nist:`2013-4125`, :cve_nist:`2013-4127`, :cve_nist:`2013-4129`, :cve_nist:`2013-4162`, :cve_nist:`2013-4163`, :cve_nist:`2013-4205`, :cve_nist:`2013-4220`, :cve_nist:`2013-4247`, :cve_nist:`2013-4254`, :cve_nist:`2013-4270`, :cve_nist:`2013-4299`, :cve_nist:`2013-4300`, :cve_nist:`2013-4312`, :cve_nist:`2013-4343`, :cve_nist:`2013-4345`, :cve_nist:`2013-4348`, :cve_nist:`2013-4350`, :cve_nist:`2013-4387`, :cve_nist:`2013-4470`, :cve_nist:`2013-4483`, :cve_nist:`2013-4511`, :cve_nist:`2013-4512`, :cve_nist:`2013-4513`, :cve_nist:`2013-4514`, :cve_nist:`2013-4515`, :cve_nist:`2013-4516`, :cve_nist:`2013-4563`, :cve_nist:`2013-4579`, :cve_nist:`2013-4587`, :cve_nist:`2013-4588`, :cve_nist:`2013-4591`, :cve_nist:`2013-4592`, :cve_nist:`2013-5634`, :cve_nist:`2013-6282`, :cve_nist:`2013-6367`, :cve_nist:`2013-6368`, :cve_nist:`2013-6376`, :cve_nist:`2013-6378`, :cve_nist:`2013-6380`, :cve_nist:`2013-6381`, :cve_nist:`2013-6382`, :cve_nist:`2013-6383`, :cve_nist:`2013-6431`, :cve_nist:`2013-6432`, :cve_nist:`2013-6885`, :cve_nist:`2013-7026`, :cve_nist:`2013-7027`, :cve_nist:`2013-7263`, :cve_nist:`2013-7264`, :cve_nist:`2013-7265`, :cve_nist:`2013-7266`, :cve_nist:`2013-7267`, :cve_nist:`2013-7268`, :cve_nist:`2013-7269`, :cve_nist:`2013-7270`, :cve_nist:`2013-7271`, :cve_nist:`2013-7281`, :cve_nist:`2013-7339`, :cve_nist:`2013-7348`, :cve_nist:`2013-7421`, :cve_nist:`2013-7446`, :cve_nist:`2013-7470`, :cve_nist:`2014-0038`, :cve_nist:`2014-0049`, :cve_nist:`2014-0055`, :cve_nist:`2014-0069`, :cve_nist:`2014-0077`, :cve_nist:`2014-0100`, :cve_nist:`2014-0101`, :cve_nist:`2014-0102`, :cve_nist:`2014-0131`, :cve_nist:`2014-0155`, :cve_nist:`2014-0181`, :cve_nist:`2014-0196`, :cve_nist:`2014-0203`, :cve_nist:`2014-0205`, :cve_nist:`2014-0206`, :cve_nist:`2014-1438`, :cve_nist:`2014-1444`, :cve_nist:`2014-1445`, :cve_nist:`2014-1446`, :cve_nist:`2014-1690`, :cve_nist:`2014-1737`, :cve_nist:`2014-1738`, :cve_nist:`2014-1739`, :cve_nist:`2014-1874`, :cve_nist:`2014-2038`, :cve_nist:`2014-2039`, :cve_nist:`2014-2309`, :cve_nist:`2014-2523`, :cve_nist:`2014-2568`, :cve_nist:`2014-2580`, :cve_nist:`2014-2672`, :cve_nist:`2014-2673`, :cve_nist:`2014-2678`, :cve_nist:`2014-2706`, :cve_nist:`2014-2739`, :cve_nist:`2014-2851`, :cve_nist:`2014-2889`, :cve_nist:`2014-3122`, :cve_nist:`2014-3144`, :cve_nist:`2014-3145`, :cve_nist:`2014-3153`, :cve_nist:`2014-3180`, :cve_nist:`2014-3181`, :cve_nist:`2014-3182`, :cve_nist:`2014-3183`, :cve_nist:`2014-3184`, :cve_nist:`2014-3185`, :cve_nist:`2014-3186`, :cve_nist:`2014-3534`, :cve_nist:`2014-3535`, :cve_nist:`2014-3601`, :cve_nist:`2014-3610`, :cve_nist:`2014-3611`, :cve_nist:`2014-3631`, :cve_nist:`2014-3645`, :cve_nist:`2014-3646`, :cve_nist:`2014-3647`, :cve_nist:`2014-3673`, :cve_nist:`2014-3687`, :cve_nist:`2014-3688`, :cve_nist:`2014-3690`, :cve_nist:`2014-3917`, :cve_nist:`2014-3940`, :cve_nist:`2014-4014`, :cve_nist:`2014-4027`, :cve_nist:`2014-4157`, :cve_nist:`2014-4171`, :cve_nist:`2014-4508`, :cve_nist:`2014-4608`, :cve_nist:`2014-4611`, :cve_nist:`2014-4652`, :cve_nist:`2014-4653`, :cve_nist:`2014-4654`, :cve_nist:`2014-4655`, :cve_nist:`2014-4656`, :cve_nist:`2014-4667`, :cve_nist:`2014-4699`, :cve_nist:`2014-4943`, :cve_nist:`2014-5045`, :cve_nist:`2014-5077`, :cve_nist:`2014-5206`, :cve_nist:`2014-5207`, :cve_nist:`2014-5471`, :cve_nist:`2014-5472`, :cve_nist:`2014-6410`, :cve_nist:`2014-6416`, :cve_nist:`2014-6417`, :cve_nist:`2014-6418`, :cve_nist:`2014-7145`, :cve_nist:`2014-7283`, :cve_nist:`2014-7284`, :cve_nist:`2014-7822`, :cve_nist:`2014-7825`, :cve_nist:`2014-7826`, :cve_nist:`2014-7841`, :cve_nist:`2014-7842`, :cve_nist:`2014-7843`, :cve_nist:`2014-7970`, :cve_nist:`2014-7975`, :cve_nist:`2014-8086`, :cve_nist:`2014-8133`, :cve_nist:`2014-8134`, :cve_nist:`2014-8159`, :cve_nist:`2014-8160`, :cve_nist:`2014-8171`, :cve_nist:`2014-8172`, :cve_nist:`2014-8173`, :cve_nist:`2014-8369`, :cve_nist:`2014-8480`, :cve_nist:`2014-8481`, :cve_nist:`2014-8559`, :cve_nist:`2014-8709`, :cve_nist:`2014-8884`, :cve_nist:`2014-8989`, :cve_nist:`2014-9090`, :cve_nist:`2014-9322`, :cve_nist:`2014-9419`, :cve_nist:`2014-9420`, :cve_nist:`2014-9428`, :cve_nist:`2014-9529`, :cve_nist:`2014-9584`, :cve_nist:`2014-9585`, :cve_nist:`2014-9644`, :cve_nist:`2014-9683`, :cve_nist:`2014-9710`, :cve_nist:`2014-9715`, :cve_nist:`2014-9717`, :cve_nist:`2014-9728`, :cve_nist:`2014-9729`, :cve_nist:`2014-9730`, :cve_nist:`2014-9731`, :cve_nist:`2014-9803`, :cve_nist:`2014-9870`, :cve_nist:`2014-9888`, :cve_nist:`2014-9895`, :cve_nist:`2014-9903`, :cve_nist:`2014-9904`, :cve_nist:`2014-9914`, :cve_nist:`2014-9922`, :cve_nist:`2014-9940`, :cve_nist:`2015-0239`, :cve_nist:`2015-0274`, :cve_nist:`2015-0275`, :cve_nist:`2015-1333`, :cve_nist:`2015-1339`, :cve_nist:`2015-1350`, :cve_nist:`2015-1420`, :cve_nist:`2015-1421`, :cve_nist:`2015-1465`, :cve_nist:`2015-1573`, :cve_nist:`2015-1593`, :cve_nist:`2015-1805`, :cve_nist:`2015-2041`, :cve_nist:`2015-2042`, :cve_nist:`2015-2150`, :cve_nist:`2015-2666`, :cve_nist:`2015-2672`, :cve_nist:`2015-2686`, :cve_nist:`2015-2830`, :cve_nist:`2015-2922`, :cve_nist:`2015-2925`, :cve_nist:`2015-3212`, :cve_nist:`2015-3214`, :cve_nist:`2015-3288`, :cve_nist:`2015-3290`, :cve_nist:`2015-3291`, :cve_nist:`2015-3331`, :cve_nist:`2015-3339`, :cve_nist:`2015-3636`, :cve_nist:`2015-4001`, :cve_nist:`2015-4002`, :cve_nist:`2015-4003`, :cve_nist:`2015-4004`, :cve_nist:`2015-4036`, :cve_nist:`2015-4167`, :cve_nist:`2015-4170`, :cve_nist:`2015-4176`, :cve_nist:`2015-4177`, :cve_nist:`2015-4178`, :cve_nist:`2015-4692`, :cve_nist:`2015-4700`, :cve_nist:`2015-5156`, :cve_nist:`2015-5157`, :cve_nist:`2015-5257`, :cve_nist:`2015-5283`, :cve_nist:`2015-5307`, :cve_nist:`2015-5327`, :cve_nist:`2015-5364`, :cve_nist:`2015-5366`, :cve_nist:`2015-5697`, :cve_nist:`2015-5706`, :cve_nist:`2015-5707`, :cve_nist:`2015-6252`, :cve_nist:`2015-6526`, :cve_nist:`2015-6937`, :cve_nist:`2015-7509`, :cve_nist:`2015-7513`, :cve_nist:`2015-7515`, :cve_nist:`2015-7550`, :cve_nist:`2015-7566`, :cve_nist:`2015-7613`, :cve_nist:`2015-7799`, :cve_nist:`2015-7833`, :cve_nist:`2015-7872`, :cve_nist:`2015-7884`, :cve_nist:`2015-7885`, :cve_nist:`2015-7990`, :cve_nist:`2015-8104`, :cve_nist:`2015-8215`, :cve_nist:`2015-8324`, :cve_nist:`2015-8374`, :cve_nist:`2015-8539`, :cve_nist:`2015-8543`, :cve_nist:`2015-8550`, :cve_nist:`2015-8551`, :cve_nist:`2015-8552`, :cve_nist:`2015-8553`, :cve_nist:`2015-8569`, :cve_nist:`2015-8575`, :cve_nist:`2015-8660`, :cve_nist:`2015-8709`, :cve_nist:`2015-8746`, :cve_nist:`2015-8767`, :cve_nist:`2015-8785`, :cve_nist:`2015-8787`, :cve_nist:`2015-8812`, :cve_nist:`2015-8816`, :cve_nist:`2015-8830`, :cve_nist:`2015-8839`, :cve_nist:`2015-8844`, :cve_nist:`2015-8845`, :cve_nist:`2015-8950`, :cve_nist:`2015-8952`, :cve_nist:`2015-8953`, :cve_nist:`2015-8955`, :cve_nist:`2015-8956`, :cve_nist:`2015-8961`, :cve_nist:`2015-8962`, :cve_nist:`2015-8963`, :cve_nist:`2015-8964`, :cve_nist:`2015-8966`, :cve_nist:`2015-8967`, :cve_nist:`2015-8970`, :cve_nist:`2015-9004`, :cve_nist:`2015-9016`, :cve_nist:`2015-9289`, :cve_nist:`2016-0617`, :cve_nist:`2016-0723`, :cve_nist:`2016-0728`, :cve_nist:`2016-0758`, :cve_nist:`2016-0821`, :cve_nist:`2016-0823`, :cve_nist:`2016-10044`, :cve_nist:`2016-10088`, :cve_nist:`2016-10147`, :cve_nist:`2016-10150`, :cve_nist:`2016-10153`, :cve_nist:`2016-10154`, :cve_nist:`2016-10200`, :cve_nist:`2016-10208`, :cve_nist:`2016-10229`, :cve_nist:`2016-10318`, :cve_nist:`2016-10723`, :cve_nist:`2016-10741`, :cve_nist:`2016-10764`, :cve_nist:`2016-10905`, :cve_nist:`2016-10906`, :cve_nist:`2016-10907`, :cve_nist:`2016-1237`, :cve_nist:`2016-1575`, :cve_nist:`2016-1576`, :cve_nist:`2016-1583`, :cve_nist:`2016-2053`, :cve_nist:`2016-2069`, :cve_nist:`2016-2070`, :cve_nist:`2016-2085`, :cve_nist:`2016-2117`, :cve_nist:`2016-2143`, :cve_nist:`2016-2184`, :cve_nist:`2016-2185`, :cve_nist:`2016-2186`, :cve_nist:`2016-2187`, :cve_nist:`2016-2188`, :cve_nist:`2016-2383`, :cve_nist:`2016-2384`, :cve_nist:`2016-2543`, :cve_nist:`2016-2544`, :cve_nist:`2016-2545`, :cve_nist:`2016-2546`, :cve_nist:`2016-2547`, :cve_nist:`2016-2548`, :cve_nist:`2016-2549`, :cve_nist:`2016-2550`, :cve_nist:`2016-2782`, :cve_nist:`2016-2847`, :cve_nist:`2016-3044`, :cve_nist:`2016-3070`, :cve_nist:`2016-3134`, :cve_nist:`2016-3135`, :cve_nist:`2016-3136`, :cve_nist:`2016-3137`, :cve_nist:`2016-3138`, :cve_nist:`2016-3139`, :cve_nist:`2016-3140`, :cve_nist:`2016-3156`, :cve_nist:`2016-3157`, :cve_nist:`2016-3672`, :cve_nist:`2016-3689`, :cve_nist:`2016-3713`, :cve_nist:`2016-3841`, :cve_nist:`2016-3857`, :cve_nist:`2016-3951`, :cve_nist:`2016-3955`, :cve_nist:`2016-3961`, :cve_nist:`2016-4440`, :cve_nist:`2016-4470`, :cve_nist:`2016-4482`, :cve_nist:`2016-4485`, :cve_nist:`2016-4486`, :cve_nist:`2016-4557`, :cve_nist:`2016-4558`, :cve_nist:`2016-4565`, :cve_nist:`2016-4568`, :cve_nist:`2016-4569`, :cve_nist:`2016-4578`, :cve_nist:`2016-4580`, :cve_nist:`2016-4581`, :cve_nist:`2016-4794`, :cve_nist:`2016-4805`, :cve_nist:`2016-4913`, :cve_nist:`2016-4951`, :cve_nist:`2016-4997`, :cve_nist:`2016-4998`, :cve_nist:`2016-5195`, :cve_nist:`2016-5243`, :cve_nist:`2016-5244`, :cve_nist:`2016-5400`, :cve_nist:`2016-5412`, :cve_nist:`2016-5696`, :cve_nist:`2016-5728`, :cve_nist:`2016-5828`, :cve_nist:`2016-5829`, :cve_nist:`2016-6130`, :cve_nist:`2016-6136`, :cve_nist:`2016-6156`, :cve_nist:`2016-6162`, :cve_nist:`2016-6187`, :cve_nist:`2016-6197`, :cve_nist:`2016-6198`, :cve_nist:`2016-6213`, :cve_nist:`2016-6327`, :cve_nist:`2016-6480`, :cve_nist:`2016-6516`, :cve_nist:`2016-6786`, :cve_nist:`2016-6787`, :cve_nist:`2016-6828`, :cve_nist:`2016-7039`, :cve_nist:`2016-7042`, :cve_nist:`2016-7097`, :cve_nist:`2016-7117`, :cve_nist:`2016-7425`, :cve_nist:`2016-7910`, :cve_nist:`2016-7911`, :cve_nist:`2016-7912`, :cve_nist:`2016-7913`, :cve_nist:`2016-7914`, :cve_nist:`2016-7915`, :cve_nist:`2016-7916`, :cve_nist:`2016-7917`, :cve_nist:`2016-8399`, :cve_nist:`2016-8405`, :cve_nist:`2016-8630`, :cve_nist:`2016-8632`, :cve_nist:`2016-8633`, :cve_nist:`2016-8636`, :cve_nist:`2016-8645`, :cve_nist:`2016-8646`, :cve_nist:`2016-8650`, :cve_nist:`2016-8655`, :cve_nist:`2016-8658`, :cve_nist:`2016-8666`, :cve_nist:`2016-9083`, :cve_nist:`2016-9084`, :cve_nist:`2016-9120`, :cve_nist:`2016-9178`, :cve_nist:`2016-9191`, :cve_nist:`2016-9313`, :cve_nist:`2016-9555`, :cve_nist:`2016-9576`, :cve_nist:`2016-9588`, :cve_nist:`2016-9604`, :cve_nist:`2016-9685`, :cve_nist:`2016-9754`, :cve_nist:`2016-9755`, :cve_nist:`2016-9756`, :cve_nist:`2016-9777`, :cve_nist:`2016-9793`, :cve_nist:`2016-9794`, :cve_nist:`2016-9806`, :cve_nist:`2016-9919`, :cve_nist:`2017-0605`, :cve_nist:`2017-0627`, :cve_nist:`2017-0750`, :cve_nist:`2017-0786`, :cve_nist:`2017-0861`, :cve_nist:`2017-1000`, :cve_nist:`2017-1000111`, :cve_nist:`2017-1000112`, :cve_nist:`2017-1000251`, :cve_nist:`2017-1000252`, :cve_nist:`2017-1000253`, :cve_nist:`2017-1000255`, :cve_nist:`2017-1000363`, :cve_nist:`2017-1000364`, :cve_nist:`2017-1000365`, :cve_nist:`2017-1000370`, :cve_nist:`2017-1000371`, :cve_nist:`2017-1000379`, :cve_nist:`2017-1000380`, :cve_nist:`2017-1000405`, :cve_nist:`2017-1000407`, :cve_nist:`2017-1000410`, :cve_nist:`2017-10661`, :cve_nist:`2017-10662`, :cve_nist:`2017-10663`, :cve_nist:`2017-10810`, :cve_nist:`2017-10911`, :cve_nist:`2017-11089`, :cve_nist:`2017-11176`, :cve_nist:`2017-11472`, :cve_nist:`2017-11473`, :cve_nist:`2017-11600`, :cve_nist:`2017-12134`, :cve_nist:`2017-12146`, :cve_nist:`2017-12153`, :cve_nist:`2017-12154`, :cve_nist:`2017-12168`, :cve_nist:`2017-12188`, :cve_nist:`2017-12190`, :cve_nist:`2017-12192`, :cve_nist:`2017-12193`, :cve_nist:`2017-12762`, :cve_nist:`2017-13080`, :cve_nist:`2017-13166`, :cve_nist:`2017-13167`, :cve_nist:`2017-13168`, :cve_nist:`2017-13215`, :cve_nist:`2017-13216`, :cve_nist:`2017-13220`, :cve_nist:`2017-13305`, :cve_nist:`2017-13686`, :cve_nist:`2017-13695`, :cve_nist:`2017-13715`, :cve_nist:`2017-14051`, :cve_nist:`2017-14106`, :cve_nist:`2017-14140`, :cve_nist:`2017-14156`, :cve_nist:`2017-14340`, :cve_nist:`2017-14489`, :cve_nist:`2017-14497`, :cve_nist:`2017-14954`, :cve_nist:`2017-14991`, :cve_nist:`2017-15102`, :cve_nist:`2017-15115`, :cve_nist:`2017-15116`, :cve_nist:`2017-15121`, :cve_nist:`2017-15126`, :cve_nist:`2017-15127`, :cve_nist:`2017-15128`, :cve_nist:`2017-15129`, :cve_nist:`2017-15265`, :cve_nist:`2017-15274`, :cve_nist:`2017-15299`, :cve_nist:`2017-15306`, :cve_nist:`2017-15537`, :cve_nist:`2017-15649`, :cve_nist:`2017-15868`, :cve_nist:`2017-15951`, :cve_nist:`2017-16525`, :cve_nist:`2017-16526`, :cve_nist:`2017-16527`, :cve_nist:`2017-16528`, :cve_nist:`2017-16529`, :cve_nist:`2017-16530`, :cve_nist:`2017-16531`, :cve_nist:`2017-16532`, :cve_nist:`2017-16533`, :cve_nist:`2017-16534`, :cve_nist:`2017-16535`, :cve_nist:`2017-16536`, :cve_nist:`2017-16537`, :cve_nist:`2017-16538`, :cve_nist:`2017-16643`, :cve_nist:`2017-16644`, :cve_nist:`2017-16645`, :cve_nist:`2017-16646`, :cve_nist:`2017-16647`, :cve_nist:`2017-16648`, :cve_nist:`2017-16649`, :cve_nist:`2017-16650`, :cve_nist:`2017-16911`, :cve_nist:`2017-16912`, :cve_nist:`2017-16913`, :cve_nist:`2017-16914`, :cve_nist:`2017-16939`, :cve_nist:`2017-16994`, :cve_nist:`2017-16995`, :cve_nist:`2017-16996`, :cve_nist:`2017-17052`, :cve_nist:`2017-17053`, :cve_nist:`2017-17448`, :cve_nist:`2017-17449`, :cve_nist:`2017-17450`, :cve_nist:`2017-17558`, :cve_nist:`2017-17712`, :cve_nist:`2017-17741`, :cve_nist:`2017-17805`, :cve_nist:`2017-17806`, :cve_nist:`2017-17807`, :cve_nist:`2017-17852`, :cve_nist:`2017-17853`, :cve_nist:`2017-17854`, :cve_nist:`2017-17855`, :cve_nist:`2017-17856`, :cve_nist:`2017-17857`, :cve_nist:`2017-17862`, :cve_nist:`2017-17863`, :cve_nist:`2017-17864`, :cve_nist:`2017-17975`, :cve_nist:`2017-18017`, :cve_nist:`2017-18075`, :cve_nist:`2017-18079`, :cve_nist:`2017-18174`, :cve_nist:`2017-18193`, :cve_nist:`2017-18200`, :cve_nist:`2017-18202`, :cve_nist:`2017-18203`, :cve_nist:`2017-18204`, :cve_nist:`2017-18208`, :cve_nist:`2017-18216`, :cve_nist:`2017-18218`, :cve_nist:`2017-18221`, :cve_nist:`2017-18222`, :cve_nist:`2017-18224`, :cve_nist:`2017-18232`, :cve_nist:`2017-18241`, :cve_nist:`2017-18249`, :cve_nist:`2017-18255`, :cve_nist:`2017-18257`, :cve_nist:`2017-18261`, :cve_nist:`2017-18270`, :cve_nist:`2017-18344`, :cve_nist:`2017-18360`, :cve_nist:`2017-18379`, :cve_nist:`2017-18509`, :cve_nist:`2017-18549`, :cve_nist:`2017-18550`, :cve_nist:`2017-18551`, :cve_nist:`2017-18552`, :cve_nist:`2017-18595`, :cve_nist:`2017-2583`, :cve_nist:`2017-2584`, :cve_nist:`2017-2596`, :cve_nist:`2017-2618`, :cve_nist:`2017-2634`, :cve_nist:`2017-2636`, :cve_nist:`2017-2647`, :cve_nist:`2017-2671`, :cve_nist:`2017-5123`, :cve_nist:`2017-5546`, :cve_nist:`2017-5547`, :cve_nist:`2017-5548`, :cve_nist:`2017-5549`, :cve_nist:`2017-5550`, :cve_nist:`2017-5551`, :cve_nist:`2017-5576`, :cve_nist:`2017-5577`, :cve_nist:`2017-5669`, :cve_nist:`2017-5715`, :cve_nist:`2017-5753`, :cve_nist:`2017-5754`, :cve_nist:`2017-5897`, :cve_nist:`2017-5967`, :cve_nist:`2017-5970`, :cve_nist:`2017-5972`, :cve_nist:`2017-5986`, :cve_nist:`2017-6001`, :cve_nist:`2017-6074`, :cve_nist:`2017-6214`, :cve_nist:`2017-6345`, :cve_nist:`2017-6346`, :cve_nist:`2017-6347`, :cve_nist:`2017-6348`, :cve_nist:`2017-6353`, :cve_nist:`2017-6874`, :cve_nist:`2017-6951`, :cve_nist:`2017-7184`, :cve_nist:`2017-7187`, :cve_nist:`2017-7261`, :cve_nist:`2017-7273`, :cve_nist:`2017-7277`, :cve_nist:`2017-7294`, :cve_nist:`2017-7308`, :cve_nist:`2017-7346`, :cve_nist:`2017-7374`, :cve_nist:`2017-7472`, :cve_nist:`2017-7477`, :cve_nist:`2017-7482`, :cve_nist:`2017-7487`, :cve_nist:`2017-7495`, :cve_nist:`2017-7518`, :cve_nist:`2017-7533`, :cve_nist:`2017-7541`, :cve_nist:`2017-7542`, :cve_nist:`2017-7558`, :cve_nist:`2017-7616`, :cve_nist:`2017-7618`, :cve_nist:`2017-7645`, :cve_nist:`2017-7889`, :cve_nist:`2017-7895`, :cve_nist:`2017-7979`, :cve_nist:`2017-8061`, :cve_nist:`2017-8062`, :cve_nist:`2017-8063`, :cve_nist:`2017-8064`, :cve_nist:`2017-8065`, :cve_nist:`2017-8066`, :cve_nist:`2017-8067`, :cve_nist:`2017-8068`, :cve_nist:`2017-8069`, :cve_nist:`2017-8070`, :cve_nist:`2017-8071`, :cve_nist:`2017-8072`, :cve_nist:`2017-8106`, :cve_nist:`2017-8240`, :cve_nist:`2017-8797`, :cve_nist:`2017-8824`, :cve_nist:`2017-8831`, :cve_nist:`2017-8890`, :cve_nist:`2017-8924`, :cve_nist:`2017-8925`, :cve_nist:`2017-9059`, :cve_nist:`2017-9074`, :cve_nist:`2017-9075`, :cve_nist:`2017-9076`, :cve_nist:`2017-9077`, :cve_nist:`2017-9150`, :cve_nist:`2017-9211`, :cve_nist:`2017-9242`, :cve_nist:`2017-9605`, :cve_nist:`2017-9725`, :cve_nist:`2017-9984`, :cve_nist:`2017-9985`, :cve_nist:`2017-9986`, :cve_nist:`2018-1000004`, :cve_nist:`2018-1000026`, :cve_nist:`2018-1000028`, :cve_nist:`2018-1000199`, :cve_nist:`2018-1000200`, :cve_nist:`2018-1000204`, :cve_nist:`2018-10021`, :cve_nist:`2018-10074`, :cve_nist:`2018-10087`, :cve_nist:`2018-10124`, :cve_nist:`2018-10322`, :cve_nist:`2018-10323`, :cve_nist:`2018-1065`, :cve_nist:`2018-1066`, :cve_nist:`2018-10675`, :cve_nist:`2018-1068`, :cve_nist:`2018-10840`, :cve_nist:`2018-10853`, :cve_nist:`2018-1087`, :cve_nist:`2018-10876`, :cve_nist:`2018-10877`, :cve_nist:`2018-10878`, :cve_nist:`2018-10879`, :cve_nist:`2018-10880`, :cve_nist:`2018-10881`, :cve_nist:`2018-10882`, :cve_nist:`2018-10883`, :cve_nist:`2018-10901`, :cve_nist:`2018-10902`, :cve_nist:`2018-1091`, :cve_nist:`2018-1092`, :cve_nist:`2018-1093`, :cve_nist:`2018-10938`, :cve_nist:`2018-1094`, :cve_nist:`2018-10940`, :cve_nist:`2018-1095`, :cve_nist:`2018-1108`, :cve_nist:`2018-1118`, :cve_nist:`2018-1120`, :cve_nist:`2018-11232`, :cve_nist:`2018-1128`, :cve_nist:`2018-1129`, :cve_nist:`2018-1130`, :cve_nist:`2018-11412`, :cve_nist:`2018-11506`, :cve_nist:`2018-11508`, :cve_nist:`2018-12126`, :cve_nist:`2018-12127`, :cve_nist:`2018-12130`, :cve_nist:`2018-12207`, :cve_nist:`2018-12232`, :cve_nist:`2018-12233`, :cve_nist:`2018-12633`, :cve_nist:`2018-12714`, :cve_nist:`2018-12896`, :cve_nist:`2018-12904`, :cve_nist:`2018-13053`, :cve_nist:`2018-13093`, :cve_nist:`2018-13094`, :cve_nist:`2018-13095`, :cve_nist:`2018-13096`, :cve_nist:`2018-13097`, :cve_nist:`2018-13098`, :cve_nist:`2018-13099`, :cve_nist:`2018-13100`, :cve_nist:`2018-13405`, :cve_nist:`2018-13406`, :cve_nist:`2018-14609`, :cve_nist:`2018-14610`, :cve_nist:`2018-14611`, :cve_nist:`2018-14612`, :cve_nist:`2018-14613`, :cve_nist:`2018-14614`, :cve_nist:`2018-14615`, :cve_nist:`2018-14616`, :cve_nist:`2018-14617`, :cve_nist:`2018-14619`, :cve_nist:`2018-14625`, :cve_nist:`2018-14633`, :cve_nist:`2018-14634`, :cve_nist:`2018-14641`, :cve_nist:`2018-14646`, :cve_nist:`2018-14656`, :cve_nist:`2018-14678`, :cve_nist:`2018-14734`, :cve_nist:`2018-15471`, :cve_nist:`2018-15572`, :cve_nist:`2018-15594`, :cve_nist:`2018-16276`, :cve_nist:`2018-16597`, :cve_nist:`2018-16658`, :cve_nist:`2018-16862`, :cve_nist:`2018-16871`, :cve_nist:`2018-16880`, :cve_nist:`2018-16882`, :cve_nist:`2018-16884`, :cve_nist:`2018-17182`, :cve_nist:`2018-17972`, :cve_nist:`2018-18021`, :cve_nist:`2018-18281`, :cve_nist:`2018-18386`, :cve_nist:`2018-18397`, :cve_nist:`2018-18445`, :cve_nist:`2018-18559`, :cve_nist:`2018-18690`, :cve_nist:`2018-18710`, :cve_nist:`2018-18955`, :cve_nist:`2018-19406`, :cve_nist:`2018-19407`, :cve_nist:`2018-19824`, :cve_nist:`2018-19854`, :cve_nist:`2018-19985`, :cve_nist:`2018-20169`, :cve_nist:`2018-20449`, :cve_nist:`2018-20509`, :cve_nist:`2018-20510`, :cve_nist:`2018-20511`, :cve_nist:`2018-20669`, :cve_nist:`2018-20784`, :cve_nist:`2018-20836`, :cve_nist:`2018-20854`, :cve_nist:`2018-20855`, :cve_nist:`2018-20856`, :cve_nist:`2018-20961`, :cve_nist:`2018-20976`, :cve_nist:`2018-21008`, :cve_nist:`2018-25015`, :cve_nist:`2018-25020`, :cve_nist:`2018-3620`, :cve_nist:`2018-3639`, :cve_nist:`2018-3646`, :cve_nist:`2018-3665`, :cve_nist:`2018-3693`, :cve_nist:`2018-5332`, :cve_nist:`2018-5333`, :cve_nist:`2018-5344`, :cve_nist:`2018-5390`, :cve_nist:`2018-5391`, :cve_nist:`2018-5703`, :cve_nist:`2018-5750`, :cve_nist:`2018-5803`, :cve_nist:`2018-5814`, :cve_nist:`2018-5848`, :cve_nist:`2018-5873`, :cve_nist:`2018-5953`, :cve_nist:`2018-5995`, :cve_nist:`2018-6412`, :cve_nist:`2018-6554`, :cve_nist:`2018-6555`, :cve_nist:`2018-6927`, :cve_nist:`2018-7191`, :cve_nist:`2018-7273`, :cve_nist:`2018-7480`, :cve_nist:`2018-7492`, :cve_nist:`2018-7566`, :cve_nist:`2018-7740`, :cve_nist:`2018-7754`, :cve_nist:`2018-7755`, :cve_nist:`2018-7757`, :cve_nist:`2018-7995`, :cve_nist:`2018-8043`, :cve_nist:`2018-8087`, :cve_nist:`2018-8781`, :cve_nist:`2018-8822`, :cve_nist:`2018-8897`, :cve_nist:`2018-9363`, :cve_nist:`2018-9385`, :cve_nist:`2018-9415`, :cve_nist:`2018-9422`, :cve_nist:`2018-9465`, :cve_nist:`2018-9516`, :cve_nist:`2018-9517`, :cve_nist:`2018-9518`, :cve_nist:`2018-9568`, :cve_nist:`2019-0136`, :cve_nist:`2019-0145`, :cve_nist:`2019-0146`, :cve_nist:`2019-0147`, :cve_nist:`2019-0148`, :cve_nist:`2019-0149`, :cve_nist:`2019-0154`, :cve_nist:`2019-0155`, :cve_nist:`2019-10124`, :cve_nist:`2019-10125`, :cve_nist:`2019-10126`, :cve_nist:`2019-10142`, :cve_nist:`2019-10207`, :cve_nist:`2019-10220`, :cve_nist:`2019-10638`, :cve_nist:`2019-10639`, :cve_nist:`2019-11085`, :cve_nist:`2019-11091`, :cve_nist:`2019-11135`, :cve_nist:`2019-11190`, :cve_nist:`2019-11191`, :cve_nist:`2019-1125`, :cve_nist:`2019-11477`, :cve_nist:`2019-11478`, :cve_nist:`2019-11479`, :cve_nist:`2019-11486`, :cve_nist:`2019-11487`, :cve_nist:`2019-11599`, :cve_nist:`2019-11683`, :cve_nist:`2019-11810`, :cve_nist:`2019-11811`, :cve_nist:`2019-11815`, :cve_nist:`2019-11833`, :cve_nist:`2019-11884`, :cve_nist:`2019-12378`, :cve_nist:`2019-12379`, :cve_nist:`2019-12380`, :cve_nist:`2019-12381`, :cve_nist:`2019-12382`, :cve_nist:`2019-12454`, :cve_nist:`2019-12455`, :cve_nist:`2019-12614`, :cve_nist:`2019-12615`, :cve_nist:`2019-12817`, :cve_nist:`2019-12818`, :cve_nist:`2019-12819`, :cve_nist:`2019-12881`, :cve_nist:`2019-12984`, :cve_nist:`2019-13233`, :cve_nist:`2019-13272`, :cve_nist:`2019-13631`, :cve_nist:`2019-13648`, :cve_nist:`2019-14283`, :cve_nist:`2019-14284`, :cve_nist:`2019-14615`, :cve_nist:`2019-14763`, :cve_nist:`2019-14814`, :cve_nist:`2019-14815`, :cve_nist:`2019-14816`, :cve_nist:`2019-14821`, :cve_nist:`2019-14835`, :cve_nist:`2019-14895`, :cve_nist:`2019-14896`, :cve_nist:`2019-14897`, :cve_nist:`2019-14901`, :cve_nist:`2019-15030`, :cve_nist:`2019-15031`, :cve_nist:`2019-15090`, :cve_nist:`2019-15098`, :cve_nist:`2019-15099`, :cve_nist:`2019-15117`, :cve_nist:`2019-15118`, :cve_nist:`2019-15211`, :cve_nist:`2019-15212`, :cve_nist:`2019-15213`, :cve_nist:`2019-15214`, :cve_nist:`2019-15215`, :cve_nist:`2019-15216`, :cve_nist:`2019-15217`, :cve_nist:`2019-15218`, :cve_nist:`2019-15219`, :cve_nist:`2019-15220`, :cve_nist:`2019-15221`, :cve_nist:`2019-15222`, :cve_nist:`2019-15223`, :cve_nist:`2019-15291`, :cve_nist:`2019-15292`, :cve_nist:`2019-15504`, :cve_nist:`2019-15505`, :cve_nist:`2019-15538`, :cve_nist:`2019-15666`, :cve_nist:`2019-15807`, :cve_nist:`2019-15916`, :cve_nist:`2019-15917`, :cve_nist:`2019-15918`, :cve_nist:`2019-15919`, :cve_nist:`2019-15920`, :cve_nist:`2019-15921`, :cve_nist:`2019-15922`, :cve_nist:`2019-15923`, :cve_nist:`2019-15924`, :cve_nist:`2019-15925`, :cve_nist:`2019-15926`, :cve_nist:`2019-15927`, :cve_nist:`2019-16229`, :cve_nist:`2019-16230`, :cve_nist:`2019-16231`, :cve_nist:`2019-16232`, :cve_nist:`2019-16233`, :cve_nist:`2019-16234`, :cve_nist:`2019-16413`, :cve_nist:`2019-16714`, :cve_nist:`2019-16746`, :cve_nist:`2019-16921`, :cve_nist:`2019-16994`, :cve_nist:`2019-16995`, :cve_nist:`2019-17052`, :cve_nist:`2019-17053`, :cve_nist:`2019-17054`, :cve_nist:`2019-17055`, :cve_nist:`2019-17056`, :cve_nist:`2019-17075`, :cve_nist:`2019-17133`, :cve_nist:`2019-17351`, :cve_nist:`2019-17666`, :cve_nist:`2019-18198`, :cve_nist:`2019-18282`, :cve_nist:`2019-18660`, :cve_nist:`2019-18675`, :cve_nist:`2019-18683`, :cve_nist:`2019-18786`, :cve_nist:`2019-18805`, :cve_nist:`2019-18806`, :cve_nist:`2019-18807`, :cve_nist:`2019-18808`, :cve_nist:`2019-18809`, :cve_nist:`2019-18810`, :cve_nist:`2019-18811`, :cve_nist:`2019-18812`, :cve_nist:`2019-18813`, :cve_nist:`2019-18814`, :cve_nist:`2019-18885`, :cve_nist:`2019-19036`, :cve_nist:`2019-19037`, :cve_nist:`2019-19039`, :cve_nist:`2019-19043`, :cve_nist:`2019-19044`, :cve_nist:`2019-19045`, :cve_nist:`2019-19046`, :cve_nist:`2019-19047`, :cve_nist:`2019-19048`, :cve_nist:`2019-19049`, :cve_nist:`2019-19050`, :cve_nist:`2019-19051`, :cve_nist:`2019-19052`, :cve_nist:`2019-19053`, :cve_nist:`2019-19054`, :cve_nist:`2019-19055`, :cve_nist:`2019-19056`, :cve_nist:`2019-19057`, :cve_nist:`2019-19058`, :cve_nist:`2019-19059`, :cve_nist:`2019-19060`, :cve_nist:`2019-19061`, :cve_nist:`2019-19062`, :cve_nist:`2019-19063`, :cve_nist:`2019-19064`, :cve_nist:`2019-19065`, :cve_nist:`2019-19066`, :cve_nist:`2019-19067`, :cve_nist:`2019-19068`, :cve_nist:`2019-19069`, :cve_nist:`2019-19070`, :cve_nist:`2019-19071`, :cve_nist:`2019-19072`, :cve_nist:`2019-19073`, :cve_nist:`2019-19074`, :cve_nist:`2019-19075`, :cve_nist:`2019-19076`, :cve_nist:`2019-19077`, :cve_nist:`2019-19078`, :cve_nist:`2019-19079`, :cve_nist:`2019-19080`, :cve_nist:`2019-19081`, :cve_nist:`2019-19082`, :cve_nist:`2019-19083`, :cve_nist:`2019-19227`, :cve_nist:`2019-19241`, :cve_nist:`2019-19252`, :cve_nist:`2019-19318`, :cve_nist:`2019-19319`, :cve_nist:`2019-19332`, :cve_nist:`2019-19338`, :cve_nist:`2019-19377`, :cve_nist:`2019-19447`, :cve_nist:`2019-19448`, :cve_nist:`2019-19449`, :cve_nist:`2019-19462`, :cve_nist:`2019-19523`, :cve_nist:`2019-19524`, :cve_nist:`2019-19525`, :cve_nist:`2019-19526`, :cve_nist:`2019-19527`, :cve_nist:`2019-19528`, :cve_nist:`2019-19529`, :cve_nist:`2019-19530`, :cve_nist:`2019-19531`, :cve_nist:`2019-19532`, :cve_nist:`2019-19533`, :cve_nist:`2019-19534`, :cve_nist:`2019-19535`, :cve_nist:`2019-19536`, :cve_nist:`2019-19537`, :cve_nist:`2019-19543`, :cve_nist:`2019-19602`, :cve_nist:`2019-19767`, :cve_nist:`2019-19768`, :cve_nist:`2019-19769`, :cve_nist:`2019-19770`, :cve_nist:`2019-19807`, :cve_nist:`2019-19813`, :cve_nist:`2019-19815`, :cve_nist:`2019-19816`, :cve_nist:`2019-19922`, :cve_nist:`2019-19927`, :cve_nist:`2019-19947`, :cve_nist:`2019-19965`, :cve_nist:`2019-19966`, :cve_nist:`2019-1999`, :cve_nist:`2019-20054`, :cve_nist:`2019-20095`, :cve_nist:`2019-20096`, :cve_nist:`2019-2024`, :cve_nist:`2019-2025`, :cve_nist:`2019-20422`, :cve_nist:`2019-2054`, :cve_nist:`2019-20636`, :cve_nist:`2019-20806`, :cve_nist:`2019-20810`, :cve_nist:`2019-20811`, :cve_nist:`2019-20812`, :cve_nist:`2019-20908`, :cve_nist:`2019-20934`, :cve_nist:`2019-2101`, :cve_nist:`2019-2181`, :cve_nist:`2019-2182`, :cve_nist:`2019-2213`, :cve_nist:`2019-2214`, :cve_nist:`2019-2215`, :cve_nist:`2019-25044`, :cve_nist:`2019-25045`, :cve_nist:`2019-3016`, :cve_nist:`2019-3459`, :cve_nist:`2019-3460`, :cve_nist:`2019-3701`, :cve_nist:`2019-3819`, :cve_nist:`2019-3837`, :cve_nist:`2019-3846`, :cve_nist:`2019-3874`, :cve_nist:`2019-3882`, :cve_nist:`2019-3887`, :cve_nist:`2019-3892`, :cve_nist:`2019-3896`, :cve_nist:`2019-3900`, :cve_nist:`2019-3901`, :cve_nist:`2019-5108`, :cve_nist:`2019-6133`, :cve_nist:`2019-6974`, :cve_nist:`2019-7221`, :cve_nist:`2019-7222`, :cve_nist:`2019-7308`, :cve_nist:`2019-8912`, :cve_nist:`2019-8956`, :cve_nist:`2019-8980`, :cve_nist:`2019-9003`, :cve_nist:`2019-9162`, :cve_nist:`2019-9213`, :cve_nist:`2019-9245`, :cve_nist:`2019-9444`, :cve_nist:`2019-9445`, :cve_nist:`2019-9453`, :cve_nist:`2019-9454`, :cve_nist:`2019-9455`, :cve_nist:`2019-9456`, :cve_nist:`2019-9457`, :cve_nist:`2019-9458`, :cve_nist:`2019-9466`, :cve_nist:`2019-9500`, :cve_nist:`2019-9503`, :cve_nist:`2019-9506`, :cve_nist:`2019-9857`, :cve_nist:`2020-0009`, :cve_nist:`2020-0030`, :cve_nist:`2020-0041`, :cve_nist:`2020-0066`, :cve_nist:`2020-0067`, :cve_nist:`2020-0110`, :cve_nist:`2020-0255`, :cve_nist:`2020-0305`, :cve_nist:`2020-0404`, :cve_nist:`2020-0423`, :cve_nist:`2020-0427`, :cve_nist:`2020-0429`, :cve_nist:`2020-0430`, :cve_nist:`2020-0431`, :cve_nist:`2020-0432`, :cve_nist:`2020-0433`, :cve_nist:`2020-0435`, :cve_nist:`2020-0444`, :cve_nist:`2020-0465`, :cve_nist:`2020-0466`, :cve_nist:`2020-0543`, :cve_nist:`2020-10135`, :cve_nist:`2020-10690`, :cve_nist:`2020-10711`, :cve_nist:`2020-10720`, :cve_nist:`2020-10732`, :cve_nist:`2020-10742`, :cve_nist:`2020-10751`, :cve_nist:`2020-10757`, :cve_nist:`2020-10766`, :cve_nist:`2020-10767`, :cve_nist:`2020-10768`, :cve_nist:`2020-10769`, :cve_nist:`2020-10773`, :cve_nist:`2020-10781`, :cve_nist:`2020-10942`, :cve_nist:`2020-11494`, :cve_nist:`2020-11565`, :cve_nist:`2020-11608`, :cve_nist:`2020-11609`, :cve_nist:`2020-11668`, :cve_nist:`2020-11669`, :cve_nist:`2020-11884`, :cve_nist:`2020-12114`, :cve_nist:`2020-12351`, :cve_nist:`2020-12352`, :cve_nist:`2020-12464`, :cve_nist:`2020-12465`, :cve_nist:`2020-12652`, :cve_nist:`2020-12653`, :cve_nist:`2020-12654`, :cve_nist:`2020-12655`, :cve_nist:`2020-12656`, :cve_nist:`2020-12657`, :cve_nist:`2020-12659`, :cve_nist:`2020-12768`, :cve_nist:`2020-12769`, :cve_nist:`2020-12770`, :cve_nist:`2020-12771`, :cve_nist:`2020-12826`, :cve_nist:`2020-12888`, :cve_nist:`2020-12912`, :cve_nist:`2020-13143`, :cve_nist:`2020-13974`, :cve_nist:`2020-14305`, :cve_nist:`2020-14314`, :cve_nist:`2020-14331`, :cve_nist:`2020-14351`, :cve_nist:`2020-14353`, :cve_nist:`2020-14356`, :cve_nist:`2020-14381`, :cve_nist:`2020-14385`, :cve_nist:`2020-14386`, :cve_nist:`2020-14390`, :cve_nist:`2020-14416`, :cve_nist:`2020-15393`, :cve_nist:`2020-15436`, :cve_nist:`2020-15437`, :cve_nist:`2020-15780`, :cve_nist:`2020-15852`, :cve_nist:`2020-16119`, :cve_nist:`2020-16120`, :cve_nist:`2020-16166`, :cve_nist:`2020-1749`, :cve_nist:`2020-24394`, :cve_nist:`2020-24490`, :cve_nist:`2020-24586`, :cve_nist:`2020-24587`, :cve_nist:`2020-24588`, :cve_nist:`2020-25211`, :cve_nist:`2020-25212`, :cve_nist:`2020-25221`, :cve_nist:`2020-25284`, :cve_nist:`2020-25285`, :cve_nist:`2020-25639`, :cve_nist:`2020-25641`, :cve_nist:`2020-25643`, :cve_nist:`2020-25645`, :cve_nist:`2020-25656`, :cve_nist:`2020-25668`, :cve_nist:`2020-25669`, :cve_nist:`2020-25670`, :cve_nist:`2020-25671`, :cve_nist:`2020-25672`, :cve_nist:`2020-25673`, :cve_nist:`2020-25704`, :cve_nist:`2020-25705`, :cve_nist:`2020-26088`, :cve_nist:`2020-26139`, :cve_nist:`2020-26141`, :cve_nist:`2020-26145`, :cve_nist:`2020-26147`, :cve_nist:`2020-26541`, :cve_nist:`2020-26555`, :cve_nist:`2020-26558`, :cve_nist:`2020-27066`, :cve_nist:`2020-27067`, :cve_nist:`2020-27068`, :cve_nist:`2020-27152`, :cve_nist:`2020-27170`, :cve_nist:`2020-27171`, :cve_nist:`2020-27194`, :cve_nist:`2020-2732`, :cve_nist:`2020-27418`, :cve_nist:`2020-27673`, :cve_nist:`2020-27675`, :cve_nist:`2020-27777`, :cve_nist:`2020-27784`, :cve_nist:`2020-27786`, :cve_nist:`2020-27815`, :cve_nist:`2020-27820`, :cve_nist:`2020-27825`, :cve_nist:`2020-27830`, :cve_nist:`2020-27835`, :cve_nist:`2020-28097`, :cve_nist:`2020-28374`, :cve_nist:`2020-28588`, :cve_nist:`2020-28915`, :cve_nist:`2020-28941`, :cve_nist:`2020-28974`, :cve_nist:`2020-29368`, :cve_nist:`2020-29369`, :cve_nist:`2020-29370`, :cve_nist:`2020-29371`, :cve_nist:`2020-29372`, :cve_nist:`2020-29373`, :cve_nist:`2020-29374`, :cve_nist:`2020-29534`, :cve_nist:`2020-29568`, :cve_nist:`2020-29569`, :cve_nist:`2020-29660`, :cve_nist:`2020-29661`, :cve_nist:`2020-35499`, :cve_nist:`2020-35508`, :cve_nist:`2020-35513`, :cve_nist:`2020-35519`, :cve_nist:`2020-36158`, :cve_nist:`2020-36310`, :cve_nist:`2020-36311`, :cve_nist:`2020-36312`, :cve_nist:`2020-36313`, :cve_nist:`2020-36322`, :cve_nist:`2020-36385`, :cve_nist:`2020-36386`, :cve_nist:`2020-36387`, :cve_nist:`2020-36516`, :cve_nist:`2020-36557`, :cve_nist:`2020-36558`, :cve_nist:`2020-36691`, :cve_nist:`2020-36694`, :cve_nist:`2020-36766`, :cve_nist:`2020-3702`, :cve_nist:`2020-4788`, :cve_nist:`2020-7053`, :cve_nist:`2020-8428`, :cve_nist:`2020-8647`, :cve_nist:`2020-8648`, :cve_nist:`2020-8649`, :cve_nist:`2020-8694`, :cve_nist:`2020-8834`, :cve_nist:`2020-8835`, :cve_nist:`2020-8992`, :cve_nist:`2020-9383`, :cve_nist:`2020-9391`, :cve_nist:`2021-0129`, :cve_nist:`2021-0342`, :cve_mitre:`2021-0447`, :cve_mitre:`2021-0448`, :cve_nist:`2021-0512`, :cve_nist:`2021-0605`, :cve_nist:`2021-0707`, :cve_nist:`2021-0920`, :cve_nist:`2021-0929`, :cve_nist:`2021-0935`, :cve_mitre:`2021-0937`, :cve_nist:`2021-0938`, :cve_nist:`2021-0941`, :cve_nist:`2021-1048`, :cve_nist:`2021-20177`, :cve_nist:`2021-20194`, :cve_nist:`2021-20226`, :cve_nist:`2021-20239`, :cve_nist:`2021-20261`, :cve_nist:`2021-20265`, :cve_nist:`2021-20268`, :cve_nist:`2021-20292`, :cve_nist:`2021-20317`, :cve_nist:`2021-20320`, :cve_nist:`2021-20321`, :cve_nist:`2021-20322`, :cve_nist:`2021-21781`, :cve_nist:`2021-22543`, :cve_nist:`2021-22555`, :cve_nist:`2021-22600`, :cve_nist:`2021-23133`, :cve_nist:`2021-23134`, :cve_nist:`2021-26401`, :cve_nist:`2021-26708`, :cve_nist:`2021-26930`, :cve_nist:`2021-26931`, :cve_nist:`2021-26932`, :cve_nist:`2021-27363`, :cve_nist:`2021-27364`, :cve_nist:`2021-27365`, :cve_nist:`2021-28038`, :cve_nist:`2021-28039`, :cve_nist:`2021-28375`, :cve_nist:`2021-28660`, :cve_nist:`2021-28688`, :cve_nist:`2021-28691`, :cve_nist:`2021-28711`, :cve_nist:`2021-28712`, :cve_nist:`2021-28713`, :cve_nist:`2021-28714`, :cve_nist:`2021-28715`, :cve_nist:`2021-28950`, :cve_nist:`2021-28951`, :cve_nist:`2021-28952`, :cve_nist:`2021-28964`, :cve_nist:`2021-28971`, :cve_nist:`2021-28972`, :cve_nist:`2021-29154`, :cve_nist:`2021-29155`, :cve_nist:`2021-29264`, :cve_nist:`2021-29265`, :cve_nist:`2021-29266`, :cve_nist:`2021-29646`, :cve_nist:`2021-29647`, :cve_nist:`2021-29648`, :cve_nist:`2021-29649`, :cve_nist:`2021-29650`, :cve_nist:`2021-29657`, :cve_nist:`2021-30002`, :cve_nist:`2021-30178`, :cve_nist:`2021-31440`, :cve_nist:`2021-3178`, :cve_nist:`2021-31829`, :cve_nist:`2021-31916`, :cve_nist:`2021-32399`, :cve_nist:`2021-32606`, :cve_nist:`2021-33033`, :cve_nist:`2021-33034`, :cve_nist:`2021-33098`, :cve_nist:`2021-33135`, :cve_nist:`2021-33200`, :cve_nist:`2021-3347`, :cve_nist:`2021-3348`, :cve_nist:`2021-33624`, :cve_nist:`2021-33655`, :cve_nist:`2021-33656`, :cve_nist:`2021-33909`, :cve_nist:`2021-3411`, :cve_nist:`2021-3428`, :cve_nist:`2021-3444`, :cve_nist:`2021-34556`, :cve_nist:`2021-34693`, :cve_nist:`2021-3483`, :cve_nist:`2021-34866`, :cve_nist:`2021-3489`, :cve_nist:`2021-3490`, :cve_nist:`2021-3491`, :cve_mitre:`2021-34981`, :cve_nist:`2021-3501`, :cve_nist:`2021-35039`, :cve_nist:`2021-3506`, :cve_nist:`2021-3543`, :cve_nist:`2021-35477`, :cve_nist:`2021-3564`, :cve_nist:`2021-3573`, :cve_nist:`2021-3587`, :cve_mitre:`2021-3600`, :cve_nist:`2021-3609`, :cve_nist:`2021-3612`, :cve_nist:`2021-3635`, :cve_nist:`2021-3640`, :cve_nist:`2021-3653`, :cve_nist:`2021-3655`, :cve_nist:`2021-3656`, :cve_nist:`2021-3659`, :cve_nist:`2021-3679`, :cve_nist:`2021-3715`, :cve_nist:`2021-37159`, :cve_nist:`2021-3732`, :cve_nist:`2021-3736`, :cve_nist:`2021-3739`, :cve_nist:`2021-3743`, :cve_nist:`2021-3744`, :cve_nist:`2021-3752`, :cve_nist:`2021-3753`, :cve_nist:`2021-37576`, :cve_nist:`2021-3759`, :cve_nist:`2021-3760`, :cve_nist:`2021-3764`, :cve_nist:`2021-3772`, :cve_nist:`2021-38160`, :cve_nist:`2021-38166`, :cve_nist:`2021-38198`, :cve_nist:`2021-38199`, :cve_nist:`2021-38200`, :cve_nist:`2021-38201`, :cve_nist:`2021-38202`, :cve_nist:`2021-38203`, :cve_nist:`2021-38204`, :cve_nist:`2021-38205`, :cve_nist:`2021-38206`, :cve_nist:`2021-38207`, :cve_nist:`2021-38208`, :cve_nist:`2021-38209`, :cve_nist:`2021-38300`, :cve_nist:`2021-3894`, :cve_nist:`2021-3896`, :cve_nist:`2021-3923`, :cve_nist:`2021-39633`, :cve_nist:`2021-39634`, :cve_nist:`2021-39636`, :cve_nist:`2021-39648`, :cve_nist:`2021-39656`, :cve_nist:`2021-39657`, :cve_nist:`2021-39685`, :cve_nist:`2021-39686`, :cve_nist:`2021-39698`, :cve_nist:`2021-39711`, :cve_nist:`2021-39713`, :cve_nist:`2021-39714`, :cve_nist:`2021-4001`, :cve_nist:`2021-4002`, :cve_nist:`2021-4028`, :cve_nist:`2021-4032`, :cve_nist:`2021-4037`, :cve_nist:`2021-40490`, :cve_nist:`2021-4083`, :cve_nist:`2021-4090`, :cve_nist:`2021-4093`, :cve_nist:`2021-4095`, :cve_nist:`2021-41073`, :cve_nist:`2021-4135`, :cve_nist:`2021-4148`, :cve_nist:`2021-4149`, :cve_nist:`2021-4154`, :cve_nist:`2021-4155`, :cve_nist:`2021-4157`, :cve_nist:`2021-4159`, :cve_nist:`2021-41864`, :cve_nist:`2021-4197`, :cve_nist:`2021-42008`, :cve_nist:`2021-4202`, :cve_nist:`2021-4203`, :cve_nist:`2021-4218`, :cve_nist:`2021-42252`, :cve_nist:`2021-42327`, :cve_nist:`2021-42739`, :cve_nist:`2021-43056`, :cve_nist:`2021-43057`, :cve_nist:`2021-43267`, :cve_nist:`2021-43389`, :cve_nist:`2021-43975`, :cve_nist:`2021-43976`, :cve_nist:`2021-44733`, :cve_nist:`2021-45095`, :cve_nist:`2021-45100`, :cve_nist:`2021-45402`, :cve_nist:`2021-45469`, :cve_nist:`2021-45480`, :cve_nist:`2021-45485`, :cve_nist:`2021-45486`, :cve_nist:`2021-45868`, :cve_nist:`2021-46283`, :cve_nist:`2022-0001`, :cve_nist:`2022-0002`, :cve_nist:`2022-0168`, :cve_nist:`2022-0171`, :cve_nist:`2022-0185`, :cve_nist:`2022-0264`, :cve_nist:`2022-0286`, :cve_nist:`2022-0322`, :cve_nist:`2022-0330`, :cve_nist:`2022-0433`, :cve_nist:`2022-0435`, :cve_nist:`2022-0487`, :cve_nist:`2022-0492`, :cve_nist:`2022-0494`, :cve_nist:`2022-0516`, :cve_nist:`2022-0617`, :cve_nist:`2022-0644`, :cve_nist:`2022-0646`, :cve_nist:`2022-0742`, :cve_nist:`2022-0812`, :cve_nist:`2022-0847`, :cve_nist:`2022-0850`, :cve_nist:`2022-0854`, :cve_nist:`2022-0995`, :cve_nist:`2022-1011`, :cve_nist:`2022-1012`, :cve_nist:`2022-1015`, :cve_nist:`2022-1016`, :cve_nist:`2022-1043`, :cve_nist:`2022-1048`, :cve_nist:`2022-1055`, :cve_nist:`2022-1158`, :cve_nist:`2022-1184`, :cve_nist:`2022-1195`, :cve_nist:`2022-1198`, :cve_nist:`2022-1199`, :cve_nist:`2022-1204`, :cve_nist:`2022-1205`, :cve_nist:`2022-1353`, :cve_nist:`2022-1419`, :cve_nist:`2022-1462`, :cve_nist:`2022-1516`, :cve_nist:`2022-1651`, :cve_nist:`2022-1652`, :cve_nist:`2022-1671`, :cve_nist:`2022-1678`, :cve_nist:`2022-1679`, :cve_nist:`2022-1729`, :cve_nist:`2022-1734`, :cve_nist:`2022-1786`, :cve_nist:`2022-1789`, :cve_nist:`2022-1836`, :cve_nist:`2022-1852`, :cve_nist:`2022-1882`, :cve_nist:`2022-1943`, :cve_nist:`2022-1966`, :cve_nist:`2022-1972`, :cve_nist:`2022-1973`, :cve_nist:`2022-1974`, :cve_nist:`2022-1975`, :cve_nist:`2022-1976`, :cve_nist:`2022-1998`, :cve_nist:`2022-20008`, :cve_nist:`2022-20132`, :cve_nist:`2022-20141`, :cve_nist:`2022-20153`, :cve_nist:`2022-20154`, :cve_nist:`2022-20158`, :cve_nist:`2022-20166`, :cve_nist:`2022-20368`, :cve_nist:`2022-20369`, :cve_nist:`2022-20421`, :cve_nist:`2022-20422`, :cve_nist:`2022-20423`, :cve_mitre:`2022-20565`, :cve_nist:`2022-20566`, :cve_nist:`2022-20567`, :cve_nist:`2022-20572`, :cve_nist:`2022-2078`, :cve_nist:`2022-21123`, :cve_nist:`2022-21125`, :cve_nist:`2022-21166`, :cve_nist:`2022-21385`, :cve_nist:`2022-21499`, :cve_mitre:`2022-21505`, :cve_nist:`2022-2153`, :cve_nist:`2022-2196`, :cve_mitre:`2022-22942`, :cve_nist:`2022-23036`, :cve_nist:`2022-23037`, :cve_nist:`2022-23038`, :cve_nist:`2022-23039`, :cve_nist:`2022-23040`, :cve_nist:`2022-23041`, :cve_nist:`2022-23042`, :cve_nist:`2022-2308`, :cve_nist:`2022-2318`, :cve_nist:`2022-2380`, :cve_nist:`2022-23816`, :cve_nist:`2022-23960`, :cve_nist:`2022-24122`, :cve_nist:`2022-24448`, :cve_nist:`2022-24958`, :cve_nist:`2022-24959`, :cve_nist:`2022-2503`, :cve_nist:`2022-25258`, :cve_nist:`2022-25375`, :cve_nist:`2022-25636`, :cve_mitre:`2022-2585`, :cve_mitre:`2022-2586`, :cve_mitre:`2022-2588`, :cve_nist:`2022-2590`, :cve_mitre:`2022-2602`, :cve_nist:`2022-26365`, :cve_nist:`2022-26373`, :cve_nist:`2022-2639`, :cve_nist:`2022-26490`, :cve_nist:`2022-2663`, :cve_nist:`2022-26966`, :cve_nist:`2022-27223`, :cve_nist:`2022-27666`, :cve_nist:`2022-2785`, :cve_nist:`2022-27950`, :cve_nist:`2022-28356`, :cve_nist:`2022-28388`, :cve_nist:`2022-28389`, :cve_nist:`2022-28390`, :cve_nist:`2022-2873`, :cve_nist:`2022-28796`, :cve_nist:`2022-28893`, :cve_nist:`2022-2905`, :cve_nist:`2022-29156`, :cve_nist:`2022-2938`, :cve_nist:`2022-29581`, :cve_nist:`2022-29582`, :cve_nist:`2022-2959`, :cve_nist:`2022-2964`, :cve_nist:`2022-2977`, :cve_nist:`2022-2978`, :cve_nist:`2022-29900`, :cve_nist:`2022-29901`, :cve_nist:`2022-29968`, :cve_nist:`2022-3028`, :cve_nist:`2022-30594`, :cve_nist:`2022-3061`, :cve_nist:`2022-3077`, :cve_nist:`2022-3078`, :cve_nist:`2022-3103`, :cve_nist:`2022-3104`, :cve_nist:`2022-3105`, :cve_nist:`2022-3106`, :cve_nist:`2022-3107`, :cve_nist:`2022-3110`, :cve_nist:`2022-3111`, :cve_nist:`2022-3112`, :cve_nist:`2022-3113`, :cve_nist:`2022-3114`, :cve_nist:`2022-3115`, :cve_nist:`2022-3169`, :cve_nist:`2022-3170`, :cve_nist:`2022-3202`, :cve_nist:`2022-32250`, :cve_nist:`2022-32296`, :cve_nist:`2022-3239`, :cve_nist:`2022-32981`, :cve_nist:`2022-3303`, :cve_nist:`2022-33740`, :cve_nist:`2022-33741`, :cve_nist:`2022-33742`, :cve_nist:`2022-33743`, :cve_nist:`2022-33744`, :cve_nist:`2022-33981`, :cve_nist:`2022-3424`, :cve_nist:`2022-3435`, :cve_nist:`2022-34494`, :cve_nist:`2022-34495`, :cve_nist:`2022-34918`, :cve_nist:`2022-3521`, :cve_nist:`2022-3524`, :cve_nist:`2022-3526`, :cve_nist:`2022-3531`, :cve_nist:`2022-3532`, :cve_nist:`2022-3534`, :cve_nist:`2022-3535`, :cve_nist:`2022-3541`, :cve_nist:`2022-3542`, :cve_nist:`2022-3543`, :cve_nist:`2022-3545`, :cve_nist:`2022-3564`, :cve_nist:`2022-3565`, :cve_nist:`2022-3577`, :cve_nist:`2022-3586`, :cve_nist:`2022-3594`, :cve_nist:`2022-36123`, :cve_nist:`2022-3619`, :cve_nist:`2022-3621`, :cve_nist:`2022-3623`, :cve_nist:`2022-3625`, :cve_nist:`2022-3628`, :cve_nist:`2022-36280`, :cve_nist:`2022-3629`, :cve_nist:`2022-3630`, :cve_nist:`2022-3633`, :cve_nist:`2022-3635`, :cve_nist:`2022-3640`, :cve_nist:`2022-3643`, :cve_nist:`2022-3646`, :cve_nist:`2022-3649`, :cve_nist:`2022-36879`, :cve_nist:`2022-36946`, :cve_nist:`2022-3707`, :cve_nist:`2022-3910`, :cve_nist:`2022-39189`, :cve_nist:`2022-39190`, :cve_nist:`2022-3977`, :cve_nist:`2022-39842`, :cve_nist:`2022-40307`, :cve_nist:`2022-40476`, :cve_nist:`2022-40768`, :cve_nist:`2022-4095`, :cve_nist:`2022-40982`, :cve_nist:`2022-41218`, :cve_nist:`2022-41222`, :cve_nist:`2022-4127`, :cve_nist:`2022-4128`, :cve_nist:`2022-4129`, :cve_nist:`2022-4139`, :cve_nist:`2022-41674`, :cve_nist:`2022-41849`, :cve_nist:`2022-41850`, :cve_nist:`2022-41858`, :cve_nist:`2022-42328`, :cve_nist:`2022-42329`, :cve_nist:`2022-42432`, :cve_nist:`2022-4269`, :cve_nist:`2022-42703`, :cve_nist:`2022-42719`, :cve_nist:`2022-42720`, :cve_nist:`2022-42721`, :cve_nist:`2022-42722`, :cve_nist:`2022-42895`, :cve_nist:`2022-42896`, :cve_nist:`2022-43750`, :cve_nist:`2022-4378`, :cve_nist:`2022-4379`, :cve_nist:`2022-4382`, :cve_nist:`2022-43945`, :cve_nist:`2022-45869`, :cve_nist:`2022-45886`, :cve_nist:`2022-45887`, :cve_nist:`2022-45888`, :cve_nist:`2022-45919`, :cve_nist:`2022-45934`, :cve_nist:`2022-4662`, :cve_nist:`2022-4744`, :cve_nist:`2022-47518`, :cve_nist:`2022-47519`, :cve_nist:`2022-47520`, :cve_nist:`2022-47521`, :cve_nist:`2022-47929`, :cve_nist:`2022-47938`, :cve_nist:`2022-47939`, :cve_nist:`2022-47940`, :cve_nist:`2022-47941`, :cve_nist:`2022-47942`, :cve_nist:`2022-47943`, :cve_nist:`2022-4842`, :cve_nist:`2022-48423`, :cve_nist:`2022-48424`, :cve_nist:`2022-48425`, :cve_nist:`2022-48502`, :cve_nist:`2023-0030`, :cve_nist:`2023-0045`, :cve_nist:`2023-0047`, :cve_nist:`2023-0122`, :cve_nist:`2023-0160`, :cve_nist:`2023-0179`, :cve_nist:`2023-0210`, :cve_nist:`2023-0240`, :cve_nist:`2023-0266`, :cve_nist:`2023-0394`, :cve_nist:`2023-0458`, :cve_nist:`2023-0459`, :cve_nist:`2023-0461`, :cve_nist:`2023-0468`, :cve_nist:`2023-0469`, :cve_nist:`2023-0590`, :cve_nist:`2023-0615`, :cve_mitre:`2023-1032`, :cve_nist:`2023-1073`, :cve_nist:`2023-1074`, :cve_nist:`2023-1076`, :cve_nist:`2023-1077`, :cve_nist:`2023-1078`, :cve_nist:`2023-1079`, :cve_nist:`2023-1095`, :cve_nist:`2023-1118`, :cve_nist:`2023-1192`, :cve_nist:`2023-1194`, :cve_nist:`2023-1195`, :cve_nist:`2023-1206`, :cve_nist:`2023-1249`, :cve_nist:`2023-1252`, :cve_nist:`2023-1281`, :cve_nist:`2023-1380`, :cve_nist:`2023-1382`, :cve_nist:`2023-1390`, :cve_nist:`2023-1513`, :cve_nist:`2023-1582`, :cve_nist:`2023-1583`, :cve_nist:`2023-1611`, :cve_nist:`2023-1637`, :cve_nist:`2023-1652`, :cve_nist:`2023-1670`, :cve_nist:`2023-1829`, :cve_nist:`2023-1838`, :cve_nist:`2023-1855`, :cve_nist:`2023-1859`, :cve_nist:`2023-1989`, :cve_nist:`2023-1990`, :cve_nist:`2023-1998`, :cve_nist:`2023-2002`, :cve_nist:`2023-2006`, :cve_nist:`2023-2008`, :cve_nist:`2023-2019`, :cve_nist:`2023-20569`, :cve_nist:`2023-20588`, :cve_nist:`2023-20593`, :cve_nist:`2023-20938`, :cve_nist:`2023-21102`, :cve_nist:`2023-21106`, :cve_nist:`2023-2124`, :cve_nist:`2023-21255`, :cve_nist:`2023-21264`, :cve_nist:`2023-2156`, :cve_nist:`2023-2162`, :cve_nist:`2023-2163`, :cve_nist:`2023-2166`, :cve_nist:`2023-2177`, :cve_nist:`2023-2194`, :cve_nist:`2023-2235`, :cve_nist:`2023-2236`, :cve_nist:`2023-2248`, :cve_nist:`2023-2269`, :cve_nist:`2023-22996`, :cve_nist:`2023-22997`, :cve_nist:`2023-22998`, :cve_nist:`2023-22999`, :cve_nist:`2023-23001`, :cve_nist:`2023-23002`, :cve_nist:`2023-23003`, :cve_nist:`2023-23004`, :cve_nist:`2023-23005`, :cve_nist:`2023-23006`, :cve_nist:`2023-23454`, :cve_nist:`2023-23455`, :cve_nist:`2023-23559`, :cve_nist:`2023-2483`, :cve_nist:`2023-25012`, :cve_nist:`2023-2513`, :cve_nist:`2023-25775`, :cve_nist:`2023-2598`, :cve_nist:`2023-26544`, :cve_nist:`2023-26545`, :cve_nist:`2023-26605`, :cve_nist:`2023-26606`, :cve_nist:`2023-26607`, :cve_nist:`2023-28327`, :cve_nist:`2023-28328`, :cve_nist:`2023-28410`, :cve_nist:`2023-28464`, :cve_nist:`2023-28466`, :cve_nist:`2023-2860`, :cve_nist:`2023-28772`, :cve_nist:`2023-28866`, :cve_nist:`2023-2898`, :cve_nist:`2023-2985`, :cve_nist:`2023-3006`, :cve_nist:`2023-30456`, :cve_nist:`2023-30772`, :cve_nist:`2023-3090`, :cve_nist:`2023-3106`, :cve_nist:`2023-3111`, :cve_nist:`2023-3117`, :cve_nist:`2023-31248`, :cve_nist:`2023-3141`, :cve_nist:`2023-31436`, :cve_nist:`2023-3159`, :cve_nist:`2023-3161`, :cve_nist:`2023-3212`, :cve_nist:`2023-3220`, :cve_nist:`2023-32233`, :cve_nist:`2023-32247`, :cve_nist:`2023-32248`, :cve_nist:`2023-32250`, :cve_nist:`2023-32252`, :cve_nist:`2023-32254`, :cve_nist:`2023-32257`, :cve_nist:`2023-32258`, :cve_nist:`2023-32269`, :cve_nist:`2023-3268`, :cve_nist:`2023-3269`, :cve_nist:`2023-3312`, :cve_nist:`2023-3317`, :cve_nist:`2023-33203`, :cve_nist:`2023-33250`, :cve_nist:`2023-33288`, :cve_nist:`2023-3338`, :cve_nist:`2023-3355`, :cve_nist:`2023-3357`, :cve_nist:`2023-3358`, :cve_nist:`2023-3359`, :cve_nist:`2023-3390`, :cve_nist:`2023-33951`, :cve_nist:`2023-33952`, :cve_nist:`2023-34255`, :cve_nist:`2023-34256`, :cve_nist:`2023-34319`, :cve_nist:`2023-3439`, :cve_nist:`2023-35001`, :cve_nist:`2023-3567`, :cve_nist:`2023-35788`, :cve_nist:`2023-35823`, :cve_nist:`2023-35824`, :cve_nist:`2023-35826`, :cve_nist:`2023-35828`, :cve_nist:`2023-35829`, :cve_nist:`2023-3609`, :cve_nist:`2023-3610`, :cve_nist:`2023-3611`, :cve_nist:`2023-37453`, :cve_nist:`2023-3772`, :cve_nist:`2023-3773`, :cve_nist:`2023-3776`, :cve_nist:`2023-3777`, :cve_nist:`2023-3812`, :cve_nist:`2023-38409`, :cve_nist:`2023-38426`, :cve_nist:`2023-38427`, :cve_nist:`2023-38428`, :cve_nist:`2023-38429`, :cve_nist:`2023-38430`, :cve_nist:`2023-38431`, :cve_nist:`2023-38432`, :cve_nist:`2023-3863`, :cve_mitre:`2023-3865`, :cve_mitre:`2023-3866`, :cve_mitre:`2023-3867`, :cve_nist:`2023-39189`, :cve_nist:`2023-39192`, :cve_nist:`2023-39193`, :cve_nist:`2023-39194`, :cve_nist:`2023-4004`, :cve_nist:`2023-4015`, :cve_nist:`2023-40283`, :cve_nist:`2023-4128`, :cve_nist:`2023-4132`, :cve_nist:`2023-4147`, :cve_nist:`2023-4155`, :cve_nist:`2023-4194`, :cve_nist:`2023-4206`, :cve_nist:`2023-4207`, :cve_nist:`2023-4208`, :cve_nist:`2023-4273`, :cve_nist:`2023-42752`, :cve_nist:`2023-42753`, :cve_nist:`2023-42755`, :cve_nist:`2023-42756`, :cve_nist:`2023-4385`, :cve_nist:`2023-4387`, :cve_nist:`2023-4389`, :cve_nist:`2023-4394`, :cve_nist:`2023-44466`, :cve_nist:`2023-4459`, :cve_nist:`2023-4569`, :cve_nist:`2023-45862`, :cve_nist:`2023-45871`, :cve_nist:`2023-4611`, :cve_nist:`2023-4623`, :cve_nist:`2023-4732`, :cve_nist:`2023-4921` and :cve_nist:`2023-5345`
+-  linux-yocto/5.15: Ignore :cve_nist:`2022-45886`, :cve_nist:`2022-45887`, :cve_nist:`2022-45919`, :cve_nist:`2022-48502`, :cve_nist:`2023-0160`, :cve_nist:`2023-1206`, :cve_nist:`2023-20593`, :cve_nist:`2023-21264`, :cve_nist:`2023-2898`, :cve_nist:`2023-31248`, :cve_nist:`2023-33250`, :cve_nist:`2023-34319`, :cve_nist:`2023-35001`, :cve_nist:`2023-3611`, :cve_nist:`2023-37453`, :cve_nist:`2023-3773`, :cve_nist:`2023-3776`, :cve_nist:`2023-3777`, :cve_nist:`2023-38432`, :cve_nist:`2023-3863`, :cve_mitre:`2023-3865`, :cve_mitre:`2023-3866`, :cve_nist:`2023-4004`, :cve_nist:`2023-4015`, :cve_nist:`2023-4132`, :cve_nist:`2023-4147`, :cve_nist:`2023-4194`, :cve_nist:`2023-4385`, :cve_nist:`2023-4387`, :cve_nist:`2023-4389`, :cve_nist:`2023-4394`, :cve_nist:`2023-4459` and :cve_nist:`2023-4611`
+-  openssl: Fix :cve_nist:`2023-4807` and :cve_nist:`2023-5363`
+-  python3-git: Fix :cve_nist:`2023-40590` and :cve_nist:`2023-41040`
+-  python3-urllib3: Fix :cve_nist:`2023-43804`
+-  qemu: Ignore :cve_nist:`2023-2680`
+-  ruby: Fix :cve_nist:`2023-36617`
 -  shadow: Fix :cve_mitre:`2023-4641`
--  tiff: Fix :cve:`2023-3576` and :cve:`2023-40745`
--  vim: Fix :cve:`2023-5441` and :cve:`2023-5535`
--  webkitgtk: Fix :cve:`2023-32439`
--  xdg-utils: Fix :cve:`2022-4055`
--  xserver-xorg: ignore :cve:`2022-3553` (XQuartz-specific)
--  zlib: Fix :cve:`2023-45853`
+-  tiff: Fix :cve_nist:`2023-3576` and :cve_nist:`2023-40745`
+-  vim: Fix :cve_nist:`2023-5441` and :cve_nist:`2023-5535`
+-  webkitgtk: Fix :cve_nist:`2023-32439`
+-  xdg-utils: Fix :cve_nist:`2022-4055`
+-  xserver-xorg: ignore :cve_nist:`2022-3553` (XQuartz-specific)
+-  zlib: Fix :cve_nist:`2023-45853`
 
 
 
diff --git a/documentation/migration-guides/release-notes-4.0.15.rst b/documentation/migration-guides/release-notes-4.0.15.rst
index b2731530e8..e05cd6f143 100644
--- a/documentation/migration-guides/release-notes-4.0.15.rst
+++ b/documentation/migration-guides/release-notes-4.0.15.rst
@@ -6,24 +6,24 @@ Release notes for Yocto-4.0.15 (Kirkstone)
 Security Fixes in Yocto-4.0.15
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  avahi: Fix :cve:`2023-1981`, :cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`, :cve:`2023-38472` and :cve:`2023-38473`
--  binutils: Fix :cve:`2022-47007`, :cve:`2022-47010` and :cve:`2022-48064`
--  bluez5: Fix :cve:`2023-45866`
--  ghostscript: Ignore GhostPCL :cve:`2023-38560`
--  gnutls: Fix :cve:`2023-5981`
--  go: Ignore :cve:`2023-45283` and :cve:`2023-45284`
--  grub: Fix :cve:`2023-4692` and :cve:`2023-4693`
+-  avahi: Fix :cve_nist:`2023-1981`, :cve_nist:`2023-38469`, :cve_nist:`2023-38470`, :cve_nist:`2023-38471`, :cve_nist:`2023-38472` and :cve_nist:`2023-38473`
+-  binutils: Fix :cve_nist:`2022-47007`, :cve_nist:`2022-47010` and :cve_nist:`2022-48064`
+-  bluez5: Fix :cve_nist:`2023-45866`
+-  ghostscript: Ignore GhostPCL :cve_nist:`2023-38560`
+-  gnutls: Fix :cve_nist:`2023-5981`
+-  go: Ignore :cve_nist:`2023-45283` and :cve_nist:`2023-45284`
+-  grub: Fix :cve_nist:`2023-4692` and :cve_nist:`2023-4693`
 -  gstreamer1.0-plugins-bad: Fix :cve_mitre:`2023-44429`
--  libsndfile: Fix :cve:`2022-33065`
--  libwebp: Fix :cve:`2023-4863`
--  openssl: Fix :cve:`2023-5678`
--  python3-cryptography: Fix :cve:`2023-49083`
--  qemu: Fix :cve:`2023-1544`
--  sudo: :cve:`2023-42456` and :cve_mitre:`2023-42465`
--  tiff: Fix :cve:`2023-41175`
--  vim: Fix :cve:`2023-46246`, :cve:`2023-48231`, :cve:`2023-48232`, :cve:`2023-48233`, :cve:`2023-48234`, :cve:`2023-48235`, :cve:`2023-48236`, :cve:`2023-48237` and :cve:`2023-48706`
--  xserver-xorg: Fix :cve:`2023-5367` and :cve:`2023-5380`
--  xwayland: Fix :cve:`2023-5367`
+-  libsndfile: Fix :cve_nist:`2022-33065`
+-  libwebp: Fix :cve_nist:`2023-4863`
+-  openssl: Fix :cve_nist:`2023-5678`
+-  python3-cryptography: Fix :cve_nist:`2023-49083`
+-  qemu: Fix :cve_nist:`2023-1544`
+-  sudo: :cve_nist:`2023-42456` and :cve_mitre:`2023-42465`
+-  tiff: Fix :cve_nist:`2023-41175`
+-  vim: Fix :cve_nist:`2023-46246`, :cve_nist:`2023-48231`, :cve_nist:`2023-48232`, :cve_nist:`2023-48233`, :cve_nist:`2023-48234`, :cve_nist:`2023-48235`, :cve_nist:`2023-48236`, :cve_nist:`2023-48237` and :cve_nist:`2023-48706`
+-  xserver-xorg: Fix :cve_nist:`2023-5367` and :cve_nist:`2023-5380`
+-  xwayland: Fix :cve_nist:`2023-5367`
 
 
 Fixes in Yocto-4.0.15
diff --git a/documentation/migration-guides/release-notes-4.0.16.rst b/documentation/migration-guides/release-notes-4.0.16.rst
index 0eb31832ab..dea5b4c2bf 100644
--- a/documentation/migration-guides/release-notes-4.0.16.rst
+++ b/documentation/migration-guides/release-notes-4.0.16.rst
@@ -8,22 +8,22 @@ Security Fixes in Yocto-4.0.16
 
 -  cpio: Fix :cve_mitre:`2023-7207`
 -  curl: Revert "curl: Backport fix CVE-2023-32001"
--  curl: Fix :cve:`2023-46218`
--  dropbear:Fix :cve:`2023-48795`
--  ffmpeg: Fix :cve:`2022-3964` and :cve:`2022-3965`
--  ghostscript: Fix :cve:`2023-46751`
--  gnutls: Fix :cve:`2024-0553` and :cve:`2024-0567`
--  go: Fix :cve:`2023-39326`
--  openssh: Fix :cve:`2023-48795`, :cve:`2023-51384` and :cve:`2023-51385`
--  openssl: Fix :cve:`2023-6129` and :cve_mitre:`2023-6237`
+-  curl: Fix :cve_nist:`2023-46218`
+-  dropbear:Fix :cve_nist:`2023-48795`
+-  ffmpeg: Fix :cve_nist:`2022-3964` and :cve_nist:`2022-3965`
+-  ghostscript: Fix :cve_nist:`2023-46751`
+-  gnutls: Fix :cve_nist:`2024-0553` and :cve_nist:`2024-0567`
+-  go: Fix :cve_nist:`2023-39326`
+-  openssh: Fix :cve_nist:`2023-48795`, :cve_nist:`2023-51384` and :cve_nist:`2023-51385`
+-  openssl: Fix :cve_nist:`2023-6129` and :cve_mitre:`2023-6237`
 -  pam: Fix :cve_mitre:`2024-22365`
--  perl: Fix :cve:`2023-47038`
--  qemu: Fix :cve:`2023-5088`
--  sqlite3: Fix :cve:`2023-7104`
--  systemd: Fix :cve:`2023-7008`
--  tiff: Fix :cve:`2023-6228`
--  xserver-xorg: Fix :cve:`2023-6377`, :cve:`2023-6478`, :cve:`2023-6816`, :cve_mitre:`2024-0229`, :cve:`2024-0408`, :cve:`2024-0409`, :cve_mitre:`2024-21885` and :cve_mitre:`2024-21886`
--  zlib: Ignore :cve:`2023-6992`
+-  perl: Fix :cve_nist:`2023-47038`
+-  qemu: Fix :cve_nist:`2023-5088`
+-  sqlite3: Fix :cve_nist:`2023-7104`
+-  systemd: Fix :cve_nist:`2023-7008`
+-  tiff: Fix :cve_nist:`2023-6228`
+-  xserver-xorg: Fix :cve_nist:`2023-6377`, :cve_nist:`2023-6478`, :cve_nist:`2023-6816`, :cve_mitre:`2024-0229`, :cve_nist:`2024-0408`, :cve_nist:`2024-0409`, :cve_mitre:`2024-21885` and :cve_mitre:`2024-21886`
+-  zlib: Ignore :cve_nist:`2023-6992`
 
 
 Fixes in Yocto-4.0.16
diff --git a/documentation/migration-guides/release-notes-4.0.17.rst b/documentation/migration-guides/release-notes-4.0.17.rst
index 07242584b8..e917dc9bf8 100644
--- a/documentation/migration-guides/release-notes-4.0.17.rst
+++ b/documentation/migration-guides/release-notes-4.0.17.rst
@@ -6,27 +6,27 @@ Release notes for Yocto-4.0.17 (Kirkstone)
 Security Fixes in Yocto-4.0.17
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bind: Fix :cve:`2023-4408`, :cve:`2023-5517`, :cve:`2023-5679`, :cve:`2023-50868` and :cve:`2023-50387`
--  binutils: Fix :cve:`2023-39129` and :cve:`2023-39130`
--  curl: Fix :cve:`2023-46219`
--  curl: Ignore :cve:`2023-42915`
--  gcc: Ignore :cve:`2023-4039`
--  gdb: Fix :cve:`2023-39129` and :cve:`2023-39130`
--  glibc: Ignore :cve:`2023-0687`
--  go: Fix :cve:`2023-29406`, :cve:`2023-45285`, :cve:`2023-45287`, :cve:`2023-45289`, :cve:`2023-45290`, :cve:`2024-24784` and :cve:`2024-24785`
--  less: Fix :cve:`2022-48624`
--  libgit2: Fix :cve:`2024-24575` and :cve:`2024-24577`
--  libuv: fix :cve:`2024-24806`
--  libxml2: Fix for :cve:`2024-25062`
--  linux-yocto/5.15: Fix :cve:`2022-36402`, :cve:`2022-40982`, :cve:`2022-47940`, :cve:`2023-1193`, :cve:`2023-1194`, :cve:`2023-3772`, :cve_mitre:`2023-3867`, :cve:`2023-4128`, :cve:`2023-4206`, :cve:`2023-4207`, :cve:`2023-4208`, :cve:`2023-4244`, :cve:`2023-4273`, :cve:`2023-4563`, :cve:`2023-4569`, :cve:`2023-4623`, :cve:`2023-4881`, :cve:`2023-4921`, :cve:`2023-5158`, :cve:`2023-5717`, :cve:`2023-6040`, :cve:`2023-6121`, :cve:`2023-6176`, :cve:`2023-6546`, :cve:`2023-6606`, :cve:`2023-6622`, :cve:`2023-6817`, :cve:`2023-6915`, :cve:`2023-6931`, :cve:`2023-6932`, :cve:`2023-20569`, :cve:`2023-20588`, :cve:`2023-25775`, :cve:`2023-31085`, :cve:`2023-32247`, :cve:`2023-32250`, :cve:`2023-32252`, :cve:`2023-32254`, :cve:`2023-32257`, :cve:`2023-32258`, :cve:`2023-34324`, :cve:`2023-35827`, :cve:`2023-38427`, :cve:`2023-38430`, :cve:`2023-38431`, :cve:`2023-39189`, :cve:`2023-39192`, :cve:`2023-39193`, :cve:`2023-39194`, :cve:`2023-39198`, :cve:`2023-40283`, :cve:`2023-42752`, :cve:`2023-42753`, :cve:`2023-42754`, :cve:`2023-42755`, :cve:`2023-45871`, :cve:`2023-46343`, :cve:`2023-46813`, :cve:`2023-46838`, :cve:`2023-46862`, :cve:`2023-51042`, :cve:`2023-51779`, :cve_mitre:`2023-52340`, :cve:`2023-52429`, :cve:`2023-52435`, :cve:`2023-52436`, :cve:`2023-52438`, :cve:`2023-52439`, :cve:`2023-52441`, :cve:`2023-52442`, :cve:`2023-52443`, :cve:`2023-52444`, :cve:`2023-52445`, :cve:`2023-52448`, :cve:`2023-52449`, :cve:`2023-52451`, :cve:`2023-52454`, :cve:`2023-52456`, :cve:`2023-52457`, :cve:`2023-52458`, :cve:`2023-52463`, :cve:`2023-52464`, :cve:`2024-0340`, :cve:`2024-0584`, :cve:`2024-0607`, :cve:`2024-0641`, :cve:`2024-0646`, :cve:`2024-1085`, :cve:`2024-1086`, :cve:`2024-1151`, :cve:`2024-22705`, :cve:`2024-23849`, :cve:`2024-23850`, :cve:`2024-23851`, :cve:`2024-24860`, :cve:`2024-26586`, :cve:`2024-26589`, :cve:`2024-26591`, :cve:`2024-26592`, :cve:`2024-26593`, :cve:`2024-26594`, :cve:`2024-26597` and :cve:`2024-26598`
--  linux-yocto/5.15: Ignore :cve:`2020-27418`, :cve:`2020-36766`, :cve:`2021-33630`, :cve:`2021-33631`, :cve:`2022-48619`, :cve:`2023-2430`, :cve:`2023-4610`, :cve:`2023-4732`, :cve:`2023-5090`, :cve:`2023-5178`, :cve:`2023-5197`, :cve:`2023-5345`, :cve:`2023-5633`, :cve:`2023-5972`, :cve:`2023-6111`, :cve:`2023-6200`, :cve:`2023-6531`, :cve:`2023-6679`, :cve:`2023-7192`, :cve:`2023-40791`, :cve:`2023-42756`, :cve:`2023-44466`, :cve:`2023-45862`, :cve:`2023-45863`, :cve:`2023-45898`, :cve:`2023-51043`, :cve:`2023-51780`, :cve:`2023-51781`, :cve:`2023-51782`, :cve:`2023-52433`, :cve:`2023-52440`, :cve:`2023-52446`, :cve:`2023-52450`, :cve:`2023-52453`, :cve:`2023-52455`, :cve:`2023-52459`, :cve:`2023-52460`, :cve:`2023-52461`, :cve:`2023-52462`, :cve:`2024-0193`, :cve:`2024-0443`, :cve:`2024-0562`, :cve:`2024-0582`, :cve:`2024-0639`, :cve:`2024-0775`, :cve:`2024-26581`, :cve:`2024-26582`, :cve:`2024-26590`, :cve:`2024-26596` and :cve:`2024-26599`
--  linux-yocto/5.10: Fix :cve:`2023-6040`, :cve:`2023-6121`, :cve:`2023-6606`, :cve:`2023-6817`, :cve:`2023-6915`, :cve:`2023-6931`, :cve:`2023-6932`, :cve:`2023-39198`, :cve:`2023-46838`, :cve:`2023-51779`, :cve:`2023-51780`, :cve:`2023-51781`, :cve:`2023-51782`, :cve_mitre:`2023-52340`, :cve:`2024-0584` and :cve:`2024-0646`
--  linux-yocto/5.10: Ignore :cve:`2021-33630`, :cve:`2021-33631`, :cve:`2022-1508`, :cve:`2022-36402`, :cve:`2022-48619`, :cve:`2023-2430`, :cve:`2023-4610`, :cve:`2023-5972`, :cve:`2023-6039`, :cve:`2023-6200`, :cve:`2023-6531`, :cve:`2023-6546`, :cve:`2023-6622`, :cve:`2023-6679`, :cve:`2023-7192`, :cve:`2023-46343`, :cve:`2023-51042`, :cve:`2023-51043`, :cve:`2024-0193`, :cve:`2024-0443`, :cve:`2024-0562`, :cve:`2024-0582`, :cve:`2024-0639`, :cve:`2024-0641`, :cve:`2024-0775`, :cve:`2024-1085` and :cve:`2024-22705`
--  openssl: Fix :cve:`2024-0727`
--  python3-pycryptodome: Fix :cve:`2023-52323`
--  qemu: Fix :cve:`2023-6693`, :cve:`2023-42467` and :cve:`2024-24474`
--  vim: Fix :cve:`2024-22667`
--  xwayland: Fix :cve:`2023-6377` and :cve:`2023-6478`
+-  bind: Fix :cve_nist:`2023-4408`, :cve_nist:`2023-5517`, :cve_nist:`2023-5679`, :cve_nist:`2023-50868` and :cve_nist:`2023-50387`
+-  binutils: Fix :cve_nist:`2023-39129` and :cve_nist:`2023-39130`
+-  curl: Fix :cve_nist:`2023-46219`
+-  curl: Ignore :cve_nist:`2023-42915`
+-  gcc: Ignore :cve_nist:`2023-4039`
+-  gdb: Fix :cve_nist:`2023-39129` and :cve_nist:`2023-39130`
+-  glibc: Ignore :cve_nist:`2023-0687`
+-  go: Fix :cve_nist:`2023-29406`, :cve_nist:`2023-45285`, :cve_nist:`2023-45287`, :cve_nist:`2023-45289`, :cve_nist:`2023-45290`, :cve_nist:`2024-24784` and :cve_nist:`2024-24785`
+-  less: Fix :cve_nist:`2022-48624`
+-  libgit2: Fix :cve_nist:`2024-24575` and :cve_nist:`2024-24577`
+-  libuv: fix :cve_nist:`2024-24806`
+-  libxml2: Fix for :cve_nist:`2024-25062`
+-  linux-yocto/5.15: Fix :cve_nist:`2022-36402`, :cve_nist:`2022-40982`, :cve_nist:`2022-47940`, :cve_nist:`2023-1193`, :cve_nist:`2023-1194`, :cve_nist:`2023-3772`, :cve_mitre:`2023-3867`, :cve_nist:`2023-4128`, :cve_nist:`2023-4206`, :cve_nist:`2023-4207`, :cve_nist:`2023-4208`, :cve_nist:`2023-4244`, :cve_nist:`2023-4273`, :cve_nist:`2023-4563`, :cve_nist:`2023-4569`, :cve_nist:`2023-4623`, :cve_nist:`2023-4881`, :cve_nist:`2023-4921`, :cve_nist:`2023-5158`, :cve_nist:`2023-5717`, :cve_nist:`2023-6040`, :cve_nist:`2023-6121`, :cve_nist:`2023-6176`, :cve_nist:`2023-6546`, :cve_nist:`2023-6606`, :cve_nist:`2023-6622`, :cve_nist:`2023-6817`, :cve_nist:`2023-6915`, :cve_nist:`2023-6931`, :cve_nist:`2023-6932`, :cve_nist:`2023-20569`, :cve_nist:`2023-20588`, :cve_nist:`2023-25775`, :cve_nist:`2023-31085`, :cve_nist:`2023-32247`, :cve_nist:`2023-32250`, :cve_nist:`2023-32252`, :cve_nist:`2023-32254`, :cve_nist:`2023-32257`, :cve_nist:`2023-32258`, :cve_nist:`2023-34324`, :cve_nist:`2023-35827`, :cve_nist:`2023-38427`, :cve_nist:`2023-38430`, :cve_nist:`2023-38431`, :cve_nist:`2023-39189`, :cve_nist:`2023-39192`, :cve_nist:`2023-39193`, :cve_nist:`2023-39194`, :cve_nist:`2023-39198`, :cve_nist:`2023-40283`, :cve_nist:`2023-42752`, :cve_nist:`2023-42753`, :cve_nist:`2023-42754`, :cve_nist:`2023-42755`, :cve_nist:`2023-45871`, :cve_nist:`2023-46343`, :cve_nist:`2023-46813`, :cve_nist:`2023-46838`, :cve_nist:`2023-46862`, :cve_nist:`2023-51042`, :cve_nist:`2023-51779`, :cve_mitre:`2023-52340`, :cve_nist:`2023-52429`, :cve_nist:`2023-52435`, :cve_nist:`2023-52436`, :cve_nist:`2023-52438`, :cve_nist:`2023-52439`, :cve_nist:`2023-52441`, :cve_nist:`2023-52442`, :cve_nist:`2023-52443`, :cve_nist:`2023-52444`, :cve_nist:`2023-52445`, :cve_nist:`2023-52448`, :cve_nist:`2023-52449`, :cve_nist:`2023-52451`, :cve_nist:`2023-52454`, :cve_nist:`2023-52456`, :cve_nist:`2023-52457`, :cve_nist:`2023-52458`, :cve_nist:`2023-52463`, :cve_nist:`2023-52464`, :cve_nist:`2024-0340`, :cve_nist:`2024-0584`, :cve_nist:`2024-0607`, :cve_nist:`2024-0641`, :cve_nist:`2024-0646`, :cve_nist:`2024-1085`, :cve_nist:`2024-1086`, :cve_nist:`2024-1151`, :cve_nist:`2024-22705`, :cve_nist:`2024-23849`, :cve_nist:`2024-23850`, :cve_nist:`2024-23851`, :cve_nist:`2024-24860`, :cve_nist:`2024-26586`, :cve_nist:`2024-26589`, :cve_nist:`2024-26591`, :cve_nist:`2024-26592`, :cve_nist:`2024-26593`, :cve_nist:`2024-26594`, :cve_nist:`2024-26597` and :cve_nist:`2024-26598`
+-  linux-yocto/5.15: Ignore :cve_nist:`2020-27418`, :cve_nist:`2020-36766`, :cve_nist:`2021-33630`, :cve_nist:`2021-33631`, :cve_nist:`2022-48619`, :cve_nist:`2023-2430`, :cve_nist:`2023-4610`, :cve_nist:`2023-4732`, :cve_nist:`2023-5090`, :cve_nist:`2023-5178`, :cve_nist:`2023-5197`, :cve_nist:`2023-5345`, :cve_nist:`2023-5633`, :cve_nist:`2023-5972`, :cve_nist:`2023-6111`, :cve_nist:`2023-6200`, :cve_nist:`2023-6531`, :cve_nist:`2023-6679`, :cve_nist:`2023-7192`, :cve_nist:`2023-40791`, :cve_nist:`2023-42756`, :cve_nist:`2023-44466`, :cve_nist:`2023-45862`, :cve_nist:`2023-45863`, :cve_nist:`2023-45898`, :cve_nist:`2023-51043`, :cve_nist:`2023-51780`, :cve_nist:`2023-51781`, :cve_nist:`2023-51782`, :cve_nist:`2023-52433`, :cve_nist:`2023-52440`, :cve_nist:`2023-52446`, :cve_nist:`2023-52450`, :cve_nist:`2023-52453`, :cve_nist:`2023-52455`, :cve_nist:`2023-52459`, :cve_nist:`2023-52460`, :cve_nist:`2023-52461`, :cve_nist:`2023-52462`, :cve_nist:`2024-0193`, :cve_nist:`2024-0443`, :cve_nist:`2024-0562`, :cve_nist:`2024-0582`, :cve_nist:`2024-0639`, :cve_nist:`2024-0775`, :cve_nist:`2024-26581`, :cve_nist:`2024-26582`, :cve_nist:`2024-26590`, :cve_nist:`2024-26596` and :cve_nist:`2024-26599`
+-  linux-yocto/5.10: Fix :cve_nist:`2023-6040`, :cve_nist:`2023-6121`, :cve_nist:`2023-6606`, :cve_nist:`2023-6817`, :cve_nist:`2023-6915`, :cve_nist:`2023-6931`, :cve_nist:`2023-6932`, :cve_nist:`2023-39198`, :cve_nist:`2023-46838`, :cve_nist:`2023-51779`, :cve_nist:`2023-51780`, :cve_nist:`2023-51781`, :cve_nist:`2023-51782`, :cve_mitre:`2023-52340`, :cve_nist:`2024-0584` and :cve_nist:`2024-0646`
+-  linux-yocto/5.10: Ignore :cve_nist:`2021-33630`, :cve_nist:`2021-33631`, :cve_nist:`2022-1508`, :cve_nist:`2022-36402`, :cve_nist:`2022-48619`, :cve_nist:`2023-2430`, :cve_nist:`2023-4610`, :cve_nist:`2023-5972`, :cve_nist:`2023-6039`, :cve_nist:`2023-6200`, :cve_nist:`2023-6531`, :cve_nist:`2023-6546`, :cve_nist:`2023-6622`, :cve_nist:`2023-6679`, :cve_nist:`2023-7192`, :cve_nist:`2023-46343`, :cve_nist:`2023-51042`, :cve_nist:`2023-51043`, :cve_nist:`2024-0193`, :cve_nist:`2024-0443`, :cve_nist:`2024-0562`, :cve_nist:`2024-0582`, :cve_nist:`2024-0639`, :cve_nist:`2024-0641`, :cve_nist:`2024-0775`, :cve_nist:`2024-1085` and :cve_nist:`2024-22705`
+-  openssl: Fix :cve_nist:`2024-0727`
+-  python3-pycryptodome: Fix :cve_nist:`2023-52323`
+-  qemu: Fix :cve_nist:`2023-6693`, :cve_nist:`2023-42467` and :cve_nist:`2024-24474`
+-  vim: Fix :cve_nist:`2024-22667`
+-  xwayland: Fix :cve_nist:`2023-6377` and :cve_nist:`2023-6478`
 
 
 Fixes in Yocto-4.0.17
diff --git a/documentation/migration-guides/release-notes-4.0.18.rst b/documentation/migration-guides/release-notes-4.0.18.rst
index fc8cd83c02..890148b5d6 100644
--- a/documentation/migration-guides/release-notes-4.0.18.rst
+++ b/documentation/migration-guides/release-notes-4.0.18.rst
@@ -6,22 +6,22 @@ Release notes for Yocto-4.0.18 (Kirkstone)
 Security Fixes in Yocto-4.0.18
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  curl: Fix :cve:`2024-2398`
--  expat: fix :cve:`2023-52426` and :cve:`2024-28757`
--  libssh2: fix :cve:`2023-48795`
--  ncurses: Fix :cve:`2023-50495`
--  nghttp2: Fix :cve:`2024-28182` and :cve:`2023-44487`
--  openssh: Ignore :cve:`2023-51767`
--  openssl: Fix :cve:`2024-2511`
--  perl: Ignore :cve:`2023-47100`
--  python3-cryptography: Fix :cve:`2024-26130`
--  python3-urllib3: Fix :cve:`2023-45803`
--  qemu: Fix :cve:`2023-6683`
+-  curl: Fix :cve_nist:`2024-2398`
+-  expat: fix :cve_nist:`2023-52426` and :cve_nist:`2024-28757`
+-  libssh2: fix :cve_nist:`2023-48795`
+-  ncurses: Fix :cve_nist:`2023-50495`
+-  nghttp2: Fix :cve_nist:`2024-28182` and :cve_nist:`2023-44487`
+-  openssh: Ignore :cve_nist:`2023-51767`
+-  openssl: Fix :cve_nist:`2024-2511`
+-  perl: Ignore :cve_nist:`2023-47100`
+-  python3-cryptography: Fix :cve_nist:`2024-26130`
+-  python3-urllib3: Fix :cve_nist:`2023-45803`
+-  qemu: Fix :cve_nist:`2023-6683`
 -  ruby: fix :cve_mitre:`2024-27281`
--  rust: Ignore :cve:`2024-24576`
--  tiff: Fix :cve:`2023-52356` and :cve:`2023-6277`
--  xserver-xorg: Fix :cve:`2024-31080` and :cve:`2024-31081`
--  xwayland: Fix :cve:`2023-6816`, :cve:`2024-0408` and :cve:`2024-0409`
+-  rust: Ignore :cve_nist:`2024-24576`
+-  tiff: Fix :cve_nist:`2023-52356` and :cve_nist:`2023-6277`
+-  xserver-xorg: Fix :cve_nist:`2024-31080` and :cve_nist:`2024-31081`
+-  xwayland: Fix :cve_nist:`2023-6816`, :cve_nist:`2024-0408` and :cve_nist:`2024-0409`
 
 
 Fixes in Yocto-4.0.18
@@ -31,7 +31,7 @@ Fixes in Yocto-4.0.18
 -  common-licenses: Backport missing license
 -  contributor-guide: add notes for tests
 -  contributor-guide: be more specific about meta-* trees
--  cups: fix typo in :cve:`2023-32360` backport patch
+-  cups: fix typo in :cve_nist:`2023-32360` backport patch
 -  cve-update-nvd2-native: Add an age threshold for incremental update
 -  cve-update-nvd2-native: Fix CVE configuration update
 -  cve-update-nvd2-native: Fix typo in comment
diff --git a/documentation/migration-guides/release-notes-4.0.19.rst b/documentation/migration-guides/release-notes-4.0.19.rst
index 5dcc977252..e363f05d7d 100644
--- a/documentation/migration-guides/release-notes-4.0.19.rst
+++ b/documentation/migration-guides/release-notes-4.0.19.rst
@@ -6,30 +6,30 @@ Release notes for Yocto-4.0.19 (Kirkstone)
 Security Fixes in Yocto-4.0.19
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bluez5: Fix :cve:`2023-27349`, :cve:`2023-50229` and :cve:`2023-50230`
--  ghostscript: Fix :cve:`2023-52722`, :cve_mitre:`2024-29510`, :cve_mitre:`2024-33869`, :cve_mitre:`2024-33870` and :cve_mitre:`2024-33871`
--  git: Fix :cve:`2024-32002`, :cve:`2024-32004`, :cve:`2024-32020`, :cve:`2024-32021` and :cve:`2024-32465`
--  glibc: Fix :cve:`2024-2961`, :cve:`2024-33599`, :cve:`2024-33600`, :cve:`2024-33601` and :cve:`2024-33602`
--  gnutls: Fix :cve:`2024-28834` and :cve:`2024-28835`
--  go: Fix :cve:`2023-45288`
--  gstreamer1.0-plugins-bad: Fix :cve:`2023-44446`, :cve:`2023-50186` and :cve_mitre:`2024-0444`
--  less: Fix :cve:`2024-32487`
--  libarchive: Fix :cve:`2024-26256`
+-  bluez5: Fix :cve_nist:`2023-27349`, :cve_nist:`2023-50229` and :cve_nist:`2023-50230`
+-  ghostscript: Fix :cve_nist:`2023-52722`, :cve_mitre:`2024-29510`, :cve_mitre:`2024-33869`, :cve_mitre:`2024-33870` and :cve_mitre:`2024-33871`
+-  git: Fix :cve_nist:`2024-32002`, :cve_nist:`2024-32004`, :cve_nist:`2024-32020`, :cve_nist:`2024-32021` and :cve_nist:`2024-32465`
+-  glibc: Fix :cve_nist:`2024-2961`, :cve_nist:`2024-33599`, :cve_nist:`2024-33600`, :cve_nist:`2024-33601` and :cve_nist:`2024-33602`
+-  gnutls: Fix :cve_nist:`2024-28834` and :cve_nist:`2024-28835`
+-  go: Fix :cve_nist:`2023-45288`
+-  gstreamer1.0-plugins-bad: Fix :cve_nist:`2023-44446`, :cve_nist:`2023-50186` and :cve_mitre:`2024-0444`
+-  less: Fix :cve_nist:`2024-32487`
+-  libarchive: Fix :cve_nist:`2024-26256`
 -  libarchive: Fix multiple null deference and heap overflow in pax writer (no CVE assigned)
--  linux-yocto/5.15: Fix :cve:`2023-6270`, :cve:`2023-7042`, :cve:`2023-52447`, :cve:`2023-52620`, :cve:`2024-22099`, :cve:`2024-26622`, :cve:`2024-26651`, :cve:`2024-26659`, :cve:`2024-26688`, :cve:`2024-26782`, :cve:`2024-26787`, :cve:`2024-26788`, :cve:`2024-26790`, :cve:`2024-26791`, :cve:`2024-26793`, :cve:`2024-26795`, :cve:`2024-26798`, :cve:`2024-26801`, :cve:`2024-26802`, :cve:`2024-26803`, :cve:`2024-26804`, :cve:`2024-26805` and :cve:`2024-26809`
--  linux-yocto/5.15: Ignore :cve:`2019-25160`, :cve:`2019-25162`, :cve:`2020-36775`, :cve:`2020-36776`, :cve:`2020-36777`, :cve:`2020-36778`, :cve:`2020-36779`, :cve:`2020-36780`, :cve:`2020-36781`, :cve:`2020-36782`, :cve:`2020-36783`, :cve:`2020-36784`, :cve:`2020-36785`, :cve:`2020-36786`, :cve:`2020-36787`, :cve:`2021-46904`, :cve:`2021-46905`, :cve:`2021-46906`, :cve:`2021-46908`, :cve:`2021-46909`, :cve:`2021-46910`, :cve:`2021-46911`, :cve:`2021-46912`, :cve:`2021-46913`, :cve:`2021-46914`, :cve:`2021-46915`, :cve:`2021-46916`, :cve:`2021-46917`, :cve:`2021-46918`, :cve:`2021-46919`, :cve:`2021-46920`, :cve:`2021-46921`, :cve:`2021-46922`, :cve:`2021-46923`, :cve:`2021-46924`, :cve:`2021-46925`, :cve:`2021-46926`, :cve:`2021-46927`, :cve:`2021-46928`, :cve:`2021-46929`, :cve:`2021-46930`, :cve:`2021-46931`, :cve:`2021-46932`, :cve:`2021-46933`, :cve:`2021-46934`, :cve:`2021-46935`, :cve:`2021-46936`, :cve:`2021-46937`, :cve:`2021-46938`, :cve:`2021-46939`, :cve:`2021-46940`, :cve:`2021-46941`, :cve:`2021-46942`, :cve:`2021-46943`, :cve:`2021-46944`, :cve:`2021-46945`, :cve:`2021-46947`, :cve:`2021-46948`, :cve:`2021-46949`, :cve:`2021-46950`, :cve:`2021-46951`, :cve:`2021-46952`, :cve:`2021-46953`, :cve:`2021-46954`, :cve:`2021-46955`, :cve:`2021-46956`, :cve:`2021-46957`, :cve:`2021-46958`, :cve:`2021-46959`, :cve:`2021-46960`, :cve:`2021-46961`, :cve:`2021-46962`, :cve:`2021-46963`, :cve:`2021-46964`, :cve:`2021-46965`, :cve:`2021-46966`, :cve:`2021-46967`, :cve:`2021-46968`, :cve:`2021-46969`, :cve:`2021-46970`, :cve:`2021-46971`, :cve:`2021-46972`, :cve:`2021-46973`, :cve:`2021-46974`, :cve:`2021-46976`, :cve:`2021-46977`, :cve:`2021-46978`, :cve:`2021-46979`, :cve:`2021-46980`, :cve:`2021-46981`, :cve:`2021-46982`, :cve:`2021-46983`, :cve:`2021-46984`, :cve:`2021-46985`, :cve:`2021-46986`, :cve:`2021-46987`, :cve:`2021-46988`, :cve:`2021-46989`, :cve:`2021-46990`, :cve:`2021-46991`, :cve:`2021-46992`, :cve:`2021-46993`, :cve:`2021-46994`, :cve:`2021-46995`, :cve:`2021-46996`, :cve:`2021-46997`, :cve:`2021-46998`, :cve:`2021-46999`, :cve:`2021-47000`, :cve:`2021-47001`, :cve:`2021-47002`, :cve:`2021-47003`, :cve:`2021-47004`, :cve:`2021-47005`, :cve:`2021-47006`, :cve:`2021-47007`, :cve:`2021-47008`, :cve:`2021-47009`, :cve:`2021-47010`, :cve:`2021-47011`, :cve:`2021-47012`, :cve:`2021-47013`, :cve:`2021-47014`, :cve:`2021-47015`, :cve:`2021-47016`, :cve:`2021-47017`, :cve:`2021-47018`, :cve:`2021-47019`, :cve:`2021-47020`, :cve:`2021-47021`, :cve:`2021-47022`, :cve:`2021-47023`, :cve:`2021-47024`, :cve:`2021-47025`, :cve:`2021-47026`, :cve:`2021-47027`, :cve:`2021-47028`, :cve:`2021-47029`, :cve:`2021-47030`, :cve:`2021-47031`, :cve:`2021-47032`, :cve:`2021-47033`, :cve:`2021-47034`, :cve:`2021-47035`, :cve:`2021-47036`, :cve:`2021-47037`, :cve:`2021-47038`, :cve:`2021-47039`, :cve:`2021-47040`, :cve:`2021-47041`, :cve:`2021-47042`, :cve:`2021-47043`, :cve:`2021-47044`, :cve:`2021-47045`, :cve:`2021-47046`, :cve:`2021-47047`, :cve:`2021-47048`, :cve:`2021-47049`, :cve:`2021-47050`, :cve:`2021-47051`, :cve:`2021-47052`, :cve:`2021-47053`, :cve:`2021-47054`, :cve:`2021-47055`, :cve:`2021-47056`, :cve:`2021-47057`, :cve:`2021-47058`, :cve:`2021-47059`, :cve:`2021-47060`, :cve:`2021-47061`, :cve:`2021-47062`, :cve:`2021-47063`, :cve:`2021-47064`, :cve:`2021-47065`, :cve:`2021-47066`, :cve:`2021-47067`, :cve:`2021-47068`, :cve:`2021-47069`, :cve:`2021-47070`, :cve:`2021-47071`, :cve:`2021-47072`, :cve:`2021-47073`, :cve:`2021-47074`, :cve:`2021-47075`, :cve:`2021-47076`, :cve:`2021-47077`, :cve:`2021-47078`, :cve:`2021-47079`, :cve:`2021-47080`, :cve:`2021-47081`, :cve:`2021-47082`, :cve:`2021-47083`, :cve:`2021-47086`, :cve:`2021-47087`, :cve:`2021-47088`, :cve:`2021-47089`, :cve:`2021-47090`, :cve:`2021-47091`, :cve:`2021-47092`, :cve:`2021-47093`, :cve:`2021-47094`, :cve:`2021-47095`, :cve:`2021-47096`, :cve:`2021-47097`, :cve:`2021-47098`, :cve:`2021-47099`, :cve:`2021-47100`, :cve:`2021-47101`, :cve:`2021-47102`, :cve:`2021-47103`, :cve:`2021-47104`, :cve:`2021-47105`, :cve:`2021-47106`, :cve:`2021-47107`, :cve:`2021-47108`, :cve:`2021-47109`, :cve:`2021-47110`, :cve:`2021-47111`, :cve:`2021-47112`, :cve:`2021-47113`, :cve:`2021-47114`, :cve:`2021-47116`, :cve:`2021-47117`, :cve:`2021-47118`, :cve:`2021-47119`, :cve:`2021-47120`, :cve:`2021-47121`, :cve:`2021-47122`, :cve:`2021-47123`, :cve:`2021-47124`, :cve:`2021-47125`, :cve:`2021-47126`, :cve:`2021-47127`, :cve:`2021-47128`, :cve:`2021-47129`, :cve:`2021-47130`, :cve:`2021-47131`, :cve:`2021-47132`, :cve:`2021-47133`, :cve:`2021-47134`, :cve:`2021-47135`, :cve:`2021-47136`, :cve:`2021-47137`, :cve:`2021-47138`, :cve:`2021-47139`, :cve:`2021-47140`, :cve:`2021-47141`, :cve:`2021-47142`, :cve:`2021-47143`, :cve:`2021-47144`, :cve:`2021-47145`, :cve:`2021-47146`, :cve:`2021-47147`, :cve:`2021-47148`, :cve:`2021-47149`, :cve:`2021-47150`, :cve:`2021-47151`, :cve:`2021-47152`, :cve:`2021-47153`, :cve:`2021-47158`, :cve:`2021-47159`, :cve:`2021-47160`, :cve:`2021-47161`, :cve:`2021-47162`, :cve:`2021-47163`, :cve:`2021-47164`, :cve:`2021-47165`, :cve:`2021-47166`, :cve:`2021-47167`, :cve:`2021-47168`, :cve:`2021-47169`, :cve:`2021-47170`, :cve:`2021-47171`, :cve:`2021-47172`, :cve:`2021-47173`, :cve:`2021-47174`, :cve:`2021-47175`, :cve:`2021-47176`, :cve:`2021-47177`, :cve:`2021-47178`, :cve:`2021-47179` and :cve:`2021-47180`
--  linux-yocto/5.15 (cont.): Ignore :cve:`2022-48626`, :cve:`2022-48627`, :cve:`2022-48629`, :cve:`2022-48630`, :cve:`2023-6356`, :cve:`2023-6536`, :cve:`2023-52434`, :cve:`2023-52465`, :cve:`2023-52467`, :cve:`2023-52468`, :cve:`2023-52469`, :cve:`2023-52470`, :cve:`2023-52471`, :cve:`2023-52472`, :cve:`2023-52473`, :cve:`2023-52474`, :cve:`2023-52475`, :cve:`2023-52476`, :cve:`2023-52477`, :cve:`2023-52478`, :cve:`2023-52479`, :cve:`2023-52480`, :cve:`2023-52482`, :cve:`2023-52483`, :cve:`2023-52484`, :cve:`2023-52486`, :cve:`2023-52487`, :cve:`2023-52489`, :cve:`2023-52490`, :cve:`2023-52491`, :cve:`2023-52492`, :cve:`2023-52493`, :cve:`2023-52494`, :cve:`2023-52495`, :cve:`2023-52497`, :cve:`2023-52498`, :cve:`2023-52499`, :cve:`2023-52500`, :cve:`2023-52501`, :cve:`2023-52502`, :cve:`2023-52503`, :cve:`2023-52504`, :cve:`2023-52505`, :cve:`2023-52507`, :cve:`2023-52509`, :cve:`2023-52510`, :cve:`2023-52511`, :cve:`2023-52512`, :cve:`2023-52513`, :cve:`2023-52515`, :cve:`2023-52516`, :cve:`2023-52517`, :cve:`2023-52518`, :cve:`2023-52519`, :cve:`2023-52520`, :cve:`2023-52522`, :cve:`2023-52523`, :cve:`2023-52524`, :cve:`2023-52525`, :cve:`2023-52526`, :cve:`2023-52527`, :cve:`2023-52528`, :cve:`2023-52529`, :cve:`2023-52531`, :cve:`2023-52559`, :cve:`2023-52560`, :cve:`2023-52562`, :cve:`2023-52563`, :cve:`2023-52564`, :cve:`2023-52566`, :cve:`2023-52567`, :cve:`2023-52570`, :cve:`2023-52573`, :cve:`2023-52574`, :cve:`2023-52575`, :cve:`2023-52577`, :cve:`2023-52578`, :cve:`2023-52580`, :cve:`2023-52581`, :cve:`2023-52583`, :cve:`2023-52587`, :cve:`2023-52588`, :cve:`2023-52594`, :cve:`2023-52595`, :cve:`2023-52597`, :cve:`2023-52598`, :cve:`2023-52599`, :cve:`2023-52600`, :cve:`2023-52601`, :cve:`2023-52602`, :cve:`2023-52603`, :cve:`2023-52604`, :cve:`2023-52606`, :cve:`2023-52607`, :cve:`2023-52608`, :cve:`2023-52609`, :cve:`2023-52610`, :cve:`2023-52611`, :cve:`2023-52612`, :cve:`2023-52613`, :cve:`2023-52614`, :cve:`2023-52615`, :cve:`2023-52616`, :cve:`2023-52617`, :cve:`2023-52618`, :cve:`2023-52619`, :cve:`2023-52622`, :cve:`2023-52623`, :cve:`2023-52626`, :cve:`2023-52627`, :cve:`2023-52628`, :cve:`2023-52630`, :cve:`2023-52631`, :cve:`2023-52633`, :cve:`2023-52635`, :cve:`2023-52636`, :cve:`2023-52637`, :cve:`2023-52638`, :cve:`2023-52640`, :cve:`2023-52641`, :cve:`2024-0565`, :cve:`2024-0841`, :cve:`2024-23196`, :cve:`2024-26587`, :cve:`2024-26588`, :cve:`2024-26600`, :cve:`2024-26601`, :cve:`2024-26602`, :cve:`2024-26603`, :cve:`2024-26604`, :cve:`2024-26605`, :cve:`2024-26606`, :cve:`2024-26608`, :cve:`2024-26610`, :cve:`2024-26611`, :cve:`2024-26612`, :cve:`2024-26614`, :cve:`2024-26615`, :cve:`2024-26616`, :cve:`2024-26617`, :cve:`2024-26618`, :cve:`2024-26619`, :cve:`2024-26620`, :cve:`2024-26621`, :cve:`2024-26625`, :cve:`2024-26626`, :cve:`2024-26627`, :cve:`2024-26629`, :cve:`2024-26630`, :cve:`2024-26631`, :cve:`2024-26632`, :cve:`2024-26633`, :cve:`2024-26634`, :cve:`2024-26635`, :cve:`2024-26636`, :cve:`2024-26637`, :cve:`2024-26638`, :cve:`2024-26639`, :cve:`2024-26640`, :cve:`2024-26641`, :cve:`2024-26643`, :cve:`2024-26644`, :cve:`2024-26645`, :cve:`2024-26649`, :cve:`2024-26652`, :cve:`2024-26653`, :cve:`2024-26657`, :cve:`2024-26660`, :cve:`2024-26663`, :cve:`2024-26664`, :cve:`2024-26665`, :cve:`2024-26666`, :cve:`2024-26667`, :cve:`2024-26668`, :cve:`2024-26670`, :cve:`2024-26671`, :cve:`2024-26673`, :cve:`2024-26674`, :cve:`2024-26675`, :cve:`2024-26676`, :cve:`2024-26678`, :cve:`2024-26679`, :cve:`2024-26681`, :cve:`2024-26682`, :cve:`2024-26683`, :cve:`2024-26684`, :cve:`2024-26685`, :cve:`2024-26689`, :cve:`2024-26690`, :cve:`2024-26692`, :cve:`2024-26693`, :cve:`2024-26694`, :cve:`2024-26695`, :cve:`2024-26696`, :cve:`2024-26697`, :cve:`2024-26698`, :cve:`2024-26702`, :cve:`2024-26703`, :cve:`2024-26704`, :cve:`2024-26705`, :cve:`2024-26707`, :cve:`2024-26708`, :cve:`2024-26709`, :cve:`2024-26710`, :cve:`2024-26711`, :cve:`2024-26712`, :cve:`2024-26715`, :cve:`2024-26716`, :cve:`2024-26717`, :cve:`2024-26720`, :cve:`2024-26721`, :cve:`2024-26722`, :cve:`2024-26723`, :cve:`2024-26724`, :cve:`2024-26725`, :cve:`2024-26727`, :cve:`2024-26728`, :cve:`2024-26729`, :cve:`2024-26730`, :cve:`2024-26731`, :cve:`2024-26732`, :cve:`2024-26733`, :cve:`2024-26734`, :cve:`2024-26735`, :cve:`2024-26736`, :cve:`2024-26737`, :cve:`2024-26741`, :cve:`2024-26742`, :cve:`2024-26743`, :cve:`2024-26744`, :cve:`2024-26746`, :cve:`2024-26747`, :cve:`2024-26748`, :cve:`2024-26749`, :cve:`2024-26750`, :cve:`2024-26751`, :cve:`2024-26752`, :cve:`2024-26753`, :cve:`2024-26754`, :cve:`2024-26755`, :cve:`2024-26760`, :cve:`2024-26761`, :cve:`2024-26762`, :cve:`2024-26763`, :cve:`2024-26764`, :cve:`2024-26766`, :cve:`2024-26769`, :cve:`2024-26771`, :cve:`2024-26772`, :cve:`2024-26773`, :cve:`2024-26774`, :cve:`2024-26776`, :cve:`2024-26777`, :cve:`2024-26778`, :cve:`2024-26779`, :cve:`2024-26780`, :cve:`2024-26781`, :cve:`2024-26783`, :cve:`2024-26785`, :cve:`2024-26786`, :cve:`2024-26792`, :cve:`2024-26794`, :cve:`2024-26796`, :cve:`2024-26799`, :cve:`2024-26800`, :cve:`2024-26807` and :cve:`2024-26808`
--  ncurses: Fix :cve:`2023-45918`
--  ofono: Fix :cve:`2023-4233` and :cve:`2023-4234`
--  openssl: Fix :cve:`2024-4603`
--  util-linux: Fix :cve:`2024-28085`
--  xserver-xorg: Fix :cve:`2024-31082` and :cve:`2024-31083`
+-  linux-yocto/5.15: Fix :cve_nist:`2023-6270`, :cve_nist:`2023-7042`, :cve_nist:`2023-52447`, :cve_nist:`2023-52620`, :cve_nist:`2024-22099`, :cve_nist:`2024-26622`, :cve_nist:`2024-26651`, :cve_nist:`2024-26659`, :cve_nist:`2024-26688`, :cve_nist:`2024-26782`, :cve_nist:`2024-26787`, :cve_nist:`2024-26788`, :cve_nist:`2024-26790`, :cve_nist:`2024-26791`, :cve_nist:`2024-26793`, :cve_nist:`2024-26795`, :cve_nist:`2024-26798`, :cve_nist:`2024-26801`, :cve_nist:`2024-26802`, :cve_nist:`2024-26803`, :cve_nist:`2024-26804`, :cve_nist:`2024-26805` and :cve_nist:`2024-26809`
+-  linux-yocto/5.15: Ignore :cve_nist:`2019-25160`, :cve_nist:`2019-25162`, :cve_nist:`2020-36775`, :cve_nist:`2020-36776`, :cve_nist:`2020-36777`, :cve_nist:`2020-36778`, :cve_nist:`2020-36779`, :cve_nist:`2020-36780`, :cve_nist:`2020-36781`, :cve_nist:`2020-36782`, :cve_nist:`2020-36783`, :cve_nist:`2020-36784`, :cve_nist:`2020-36785`, :cve_nist:`2020-36786`, :cve_nist:`2020-36787`, :cve_nist:`2021-46904`, :cve_nist:`2021-46905`, :cve_nist:`2021-46906`, :cve_nist:`2021-46908`, :cve_nist:`2021-46909`, :cve_nist:`2021-46910`, :cve_nist:`2021-46911`, :cve_nist:`2021-46912`, :cve_nist:`2021-46913`, :cve_nist:`2021-46914`, :cve_nist:`2021-46915`, :cve_nist:`2021-46916`, :cve_nist:`2021-46917`, :cve_nist:`2021-46918`, :cve_nist:`2021-46919`, :cve_nist:`2021-46920`, :cve_nist:`2021-46921`, :cve_nist:`2021-46922`, :cve_nist:`2021-46923`, :cve_nist:`2021-46924`, :cve_nist:`2021-46925`, :cve_nist:`2021-46926`, :cve_nist:`2021-46927`, :cve_nist:`2021-46928`, :cve_nist:`2021-46929`, :cve_nist:`2021-46930`, :cve_nist:`2021-46931`, :cve_nist:`2021-46932`, :cve_nist:`2021-46933`, :cve_nist:`2021-46934`, :cve_nist:`2021-46935`, :cve_nist:`2021-46936`, :cve_nist:`2021-46937`, :cve_nist:`2021-46938`, :cve_nist:`2021-46939`, :cve_nist:`2021-46940`, :cve_nist:`2021-46941`, :cve_nist:`2021-46942`, :cve_nist:`2021-46943`, :cve_nist:`2021-46944`, :cve_nist:`2021-46945`, :cve_nist:`2021-46947`, :cve_nist:`2021-46948`, :cve_nist:`2021-46949`, :cve_nist:`2021-46950`, :cve_nist:`2021-46951`, :cve_nist:`2021-46952`, :cve_nist:`2021-46953`, :cve_nist:`2021-46954`, :cve_nist:`2021-46955`, :cve_nist:`2021-46956`, :cve_nist:`2021-46957`, :cve_nist:`2021-46958`, :cve_nist:`2021-46959`, :cve_nist:`2021-46960`, :cve_nist:`2021-46961`, :cve_nist:`2021-46962`, :cve_nist:`2021-46963`, :cve_nist:`2021-46964`, :cve_nist:`2021-46965`, :cve_nist:`2021-46966`, :cve_nist:`2021-46967`, :cve_nist:`2021-46968`, :cve_nist:`2021-46969`, :cve_nist:`2021-46970`, :cve_nist:`2021-46971`, :cve_nist:`2021-46972`, :cve_nist:`2021-46973`, :cve_nist:`2021-46974`, :cve_nist:`2021-46976`, :cve_nist:`2021-46977`, :cve_nist:`2021-46978`, :cve_nist:`2021-46979`, :cve_nist:`2021-46980`, :cve_nist:`2021-46981`, :cve_nist:`2021-46982`, :cve_nist:`2021-46983`, :cve_nist:`2021-46984`, :cve_nist:`2021-46985`, :cve_nist:`2021-46986`, :cve_nist:`2021-46987`, :cve_nist:`2021-46988`, :cve_nist:`2021-46989`, :cve_nist:`2021-46990`, :cve_nist:`2021-46991`, :cve_nist:`2021-46992`, :cve_nist:`2021-46993`, :cve_nist:`2021-46994`, :cve_nist:`2021-46995`, :cve_nist:`2021-46996`, :cve_nist:`2021-46997`, :cve_nist:`2021-46998`, :cve_nist:`2021-46999`, :cve_nist:`2021-47000`, :cve_nist:`2021-47001`, :cve_nist:`2021-47002`, :cve_nist:`2021-47003`, :cve_nist:`2021-47004`, :cve_nist:`2021-47005`, :cve_nist:`2021-47006`, :cve_nist:`2021-47007`, :cve_nist:`2021-47008`, :cve_nist:`2021-47009`, :cve_nist:`2021-47010`, :cve_nist:`2021-47011`, :cve_nist:`2021-47012`, :cve_nist:`2021-47013`, :cve_nist:`2021-47014`, :cve_nist:`2021-47015`, :cve_nist:`2021-47016`, :cve_nist:`2021-47017`, :cve_nist:`2021-47018`, :cve_nist:`2021-47019`, :cve_nist:`2021-47020`, :cve_nist:`2021-47021`, :cve_nist:`2021-47022`, :cve_nist:`2021-47023`, :cve_nist:`2021-47024`, :cve_nist:`2021-47025`, :cve_nist:`2021-47026`, :cve_nist:`2021-47027`, :cve_nist:`2021-47028`, :cve_nist:`2021-47029`, :cve_nist:`2021-47030`, :cve_nist:`2021-47031`, :cve_nist:`2021-47032`, :cve_nist:`2021-47033`, :cve_nist:`2021-47034`, :cve_nist:`2021-47035`, :cve_nist:`2021-47036`, :cve_nist:`2021-47037`, :cve_nist:`2021-47038`, :cve_nist:`2021-47039`, :cve_nist:`2021-47040`, :cve_nist:`2021-47041`, :cve_nist:`2021-47042`, :cve_nist:`2021-47043`, :cve_nist:`2021-47044`, :cve_nist:`2021-47045`, :cve_nist:`2021-47046`, :cve_nist:`2021-47047`, :cve_nist:`2021-47048`, :cve_nist:`2021-47049`, :cve_nist:`2021-47050`, :cve_nist:`2021-47051`, :cve_nist:`2021-47052`, :cve_nist:`2021-47053`, :cve_nist:`2021-47054`, :cve_nist:`2021-47055`, :cve_nist:`2021-47056`, :cve_nist:`2021-47057`, :cve_nist:`2021-47058`, :cve_nist:`2021-47059`, :cve_nist:`2021-47060`, :cve_nist:`2021-47061`, :cve_nist:`2021-47062`, :cve_nist:`2021-47063`, :cve_nist:`2021-47064`, :cve_nist:`2021-47065`, :cve_nist:`2021-47066`, :cve_nist:`2021-47067`, :cve_nist:`2021-47068`, :cve_nist:`2021-47069`, :cve_nist:`2021-47070`, :cve_nist:`2021-47071`, :cve_nist:`2021-47072`, :cve_nist:`2021-47073`, :cve_nist:`2021-47074`, :cve_nist:`2021-47075`, :cve_nist:`2021-47076`, :cve_nist:`2021-47077`, :cve_nist:`2021-47078`, :cve_nist:`2021-47079`, :cve_nist:`2021-47080`, :cve_nist:`2021-47081`, :cve_nist:`2021-47082`, :cve_nist:`2021-47083`, :cve_nist:`2021-47086`, :cve_nist:`2021-47087`, :cve_nist:`2021-47088`, :cve_nist:`2021-47089`, :cve_nist:`2021-47090`, :cve_nist:`2021-47091`, :cve_nist:`2021-47092`, :cve_nist:`2021-47093`, :cve_nist:`2021-47094`, :cve_nist:`2021-47095`, :cve_nist:`2021-47096`, :cve_nist:`2021-47097`, :cve_nist:`2021-47098`, :cve_nist:`2021-47099`, :cve_nist:`2021-47100`, :cve_nist:`2021-47101`, :cve_nist:`2021-47102`, :cve_nist:`2021-47103`, :cve_nist:`2021-47104`, :cve_nist:`2021-47105`, :cve_nist:`2021-47106`, :cve_nist:`2021-47107`, :cve_nist:`2021-47108`, :cve_nist:`2021-47109`, :cve_nist:`2021-47110`, :cve_nist:`2021-47111`, :cve_nist:`2021-47112`, :cve_nist:`2021-47113`, :cve_nist:`2021-47114`, :cve_nist:`2021-47116`, :cve_nist:`2021-47117`, :cve_nist:`2021-47118`, :cve_nist:`2021-47119`, :cve_nist:`2021-47120`, :cve_nist:`2021-47121`, :cve_nist:`2021-47122`, :cve_nist:`2021-47123`, :cve_nist:`2021-47124`, :cve_nist:`2021-47125`, :cve_nist:`2021-47126`, :cve_nist:`2021-47127`, :cve_nist:`2021-47128`, :cve_nist:`2021-47129`, :cve_nist:`2021-47130`, :cve_nist:`2021-47131`, :cve_nist:`2021-47132`, :cve_nist:`2021-47133`, :cve_nist:`2021-47134`, :cve_nist:`2021-47135`, :cve_nist:`2021-47136`, :cve_nist:`2021-47137`, :cve_nist:`2021-47138`, :cve_nist:`2021-47139`, :cve_nist:`2021-47140`, :cve_nist:`2021-47141`, :cve_nist:`2021-47142`, :cve_nist:`2021-47143`, :cve_nist:`2021-47144`, :cve_nist:`2021-47145`, :cve_nist:`2021-47146`, :cve_nist:`2021-47147`, :cve_nist:`2021-47148`, :cve_nist:`2021-47149`, :cve_nist:`2021-47150`, :cve_nist:`2021-47151`, :cve_nist:`2021-47152`, :cve_nist:`2021-47153`, :cve_nist:`2021-47158`, :cve_nist:`2021-47159`, :cve_nist:`2021-47160`, :cve_nist:`2021-47161`, :cve_nist:`2021-47162`, :cve_nist:`2021-47163`, :cve_nist:`2021-47164`, :cve_nist:`2021-47165`, :cve_nist:`2021-47166`, :cve_nist:`2021-47167`, :cve_nist:`2021-47168`, :cve_nist:`2021-47169`, :cve_nist:`2021-47170`, :cve_nist:`2021-47171`, :cve_nist:`2021-47172`, :cve_nist:`2021-47173`, :cve_nist:`2021-47174`, :cve_nist:`2021-47175`, :cve_nist:`2021-47176`, :cve_nist:`2021-47177`, :cve_nist:`2021-47178`, :cve_nist:`2021-47179` and :cve_nist:`2021-47180`
+-  linux-yocto/5.15 (cont.): Ignore :cve_nist:`2022-48626`, :cve_nist:`2022-48627`, :cve_nist:`2022-48629`, :cve_nist:`2022-48630`, :cve_nist:`2023-6356`, :cve_nist:`2023-6536`, :cve_nist:`2023-52434`, :cve_nist:`2023-52465`, :cve_nist:`2023-52467`, :cve_nist:`2023-52468`, :cve_nist:`2023-52469`, :cve_nist:`2023-52470`, :cve_nist:`2023-52471`, :cve_nist:`2023-52472`, :cve_nist:`2023-52473`, :cve_nist:`2023-52474`, :cve_nist:`2023-52475`, :cve_nist:`2023-52476`, :cve_nist:`2023-52477`, :cve_nist:`2023-52478`, :cve_nist:`2023-52479`, :cve_nist:`2023-52480`, :cve_nist:`2023-52482`, :cve_nist:`2023-52483`, :cve_nist:`2023-52484`, :cve_nist:`2023-52486`, :cve_nist:`2023-52487`, :cve_nist:`2023-52489`, :cve_nist:`2023-52490`, :cve_nist:`2023-52491`, :cve_nist:`2023-52492`, :cve_nist:`2023-52493`, :cve_nist:`2023-52494`, :cve_nist:`2023-52495`, :cve_nist:`2023-52497`, :cve_nist:`2023-52498`, :cve_nist:`2023-52499`, :cve_nist:`2023-52500`, :cve_nist:`2023-52501`, :cve_nist:`2023-52502`, :cve_nist:`2023-52503`, :cve_nist:`2023-52504`, :cve_nist:`2023-52505`, :cve_nist:`2023-52507`, :cve_nist:`2023-52509`, :cve_nist:`2023-52510`, :cve_nist:`2023-52511`, :cve_nist:`2023-52512`, :cve_nist:`2023-52513`, :cve_nist:`2023-52515`, :cve_nist:`2023-52516`, :cve_nist:`2023-52517`, :cve_nist:`2023-52518`, :cve_nist:`2023-52519`, :cve_nist:`2023-52520`, :cve_nist:`2023-52522`, :cve_nist:`2023-52523`, :cve_nist:`2023-52524`, :cve_nist:`2023-52525`, :cve_nist:`2023-52526`, :cve_nist:`2023-52527`, :cve_nist:`2023-52528`, :cve_nist:`2023-52529`, :cve_nist:`2023-52531`, :cve_nist:`2023-52559`, :cve_nist:`2023-52560`, :cve_nist:`2023-52562`, :cve_nist:`2023-52563`, :cve_nist:`2023-52564`, :cve_nist:`2023-52566`, :cve_nist:`2023-52567`, :cve_nist:`2023-52570`, :cve_nist:`2023-52573`, :cve_nist:`2023-52574`, :cve_nist:`2023-52575`, :cve_nist:`2023-52577`, :cve_nist:`2023-52578`, :cve_nist:`2023-52580`, :cve_nist:`2023-52581`, :cve_nist:`2023-52583`, :cve_nist:`2023-52587`, :cve_nist:`2023-52588`, :cve_nist:`2023-52594`, :cve_nist:`2023-52595`, :cve_nist:`2023-52597`, :cve_nist:`2023-52598`, :cve_nist:`2023-52599`, :cve_nist:`2023-52600`, :cve_nist:`2023-52601`, :cve_nist:`2023-52602`, :cve_nist:`2023-52603`, :cve_nist:`2023-52604`, :cve_nist:`2023-52606`, :cve_nist:`2023-52607`, :cve_nist:`2023-52608`, :cve_nist:`2023-52609`, :cve_nist:`2023-52610`, :cve_nist:`2023-52611`, :cve_nist:`2023-52612`, :cve_nist:`2023-52613`, :cve_nist:`2023-52614`, :cve_nist:`2023-52615`, :cve_nist:`2023-52616`, :cve_nist:`2023-52617`, :cve_nist:`2023-52618`, :cve_nist:`2023-52619`, :cve_nist:`2023-52622`, :cve_nist:`2023-52623`, :cve_nist:`2023-52626`, :cve_nist:`2023-52627`, :cve_nist:`2023-52628`, :cve_nist:`2023-52630`, :cve_nist:`2023-52631`, :cve_nist:`2023-52633`, :cve_nist:`2023-52635`, :cve_nist:`2023-52636`, :cve_nist:`2023-52637`, :cve_nist:`2023-52638`, :cve_nist:`2023-52640`, :cve_nist:`2023-52641`, :cve_nist:`2024-0565`, :cve_nist:`2024-0841`, :cve_nist:`2024-23196`, :cve_nist:`2024-26587`, :cve_nist:`2024-26588`, :cve_nist:`2024-26600`, :cve_nist:`2024-26601`, :cve_nist:`2024-26602`, :cve_nist:`2024-26603`, :cve_nist:`2024-26604`, :cve_nist:`2024-26605`, :cve_nist:`2024-26606`, :cve_nist:`2024-26608`, :cve_nist:`2024-26610`, :cve_nist:`2024-26611`, :cve_nist:`2024-26612`, :cve_nist:`2024-26614`, :cve_nist:`2024-26615`, :cve_nist:`2024-26616`, :cve_nist:`2024-26617`, :cve_nist:`2024-26618`, :cve_nist:`2024-26619`, :cve_nist:`2024-26620`, :cve_nist:`2024-26621`, :cve_nist:`2024-26625`, :cve_nist:`2024-26626`, :cve_nist:`2024-26627`, :cve_nist:`2024-26629`, :cve_nist:`2024-26630`, :cve_nist:`2024-26631`, :cve_nist:`2024-26632`, :cve_nist:`2024-26633`, :cve_nist:`2024-26634`, :cve_nist:`2024-26635`, :cve_nist:`2024-26636`, :cve_nist:`2024-26637`, :cve_nist:`2024-26638`, :cve_nist:`2024-26639`, :cve_nist:`2024-26640`, :cve_nist:`2024-26641`, :cve_nist:`2024-26643`, :cve_nist:`2024-26644`, :cve_nist:`2024-26645`, :cve_nist:`2024-26649`, :cve_nist:`2024-26652`, :cve_nist:`2024-26653`, :cve_nist:`2024-26657`, :cve_nist:`2024-26660`, :cve_nist:`2024-26663`, :cve_nist:`2024-26664`, :cve_nist:`2024-26665`, :cve_nist:`2024-26666`, :cve_nist:`2024-26667`, :cve_nist:`2024-26668`, :cve_nist:`2024-26670`, :cve_nist:`2024-26671`, :cve_nist:`2024-26673`, :cve_nist:`2024-26674`, :cve_nist:`2024-26675`, :cve_nist:`2024-26676`, :cve_nist:`2024-26678`, :cve_nist:`2024-26679`, :cve_nist:`2024-26681`, :cve_nist:`2024-26682`, :cve_nist:`2024-26683`, :cve_nist:`2024-26684`, :cve_nist:`2024-26685`, :cve_nist:`2024-26689`, :cve_nist:`2024-26690`, :cve_nist:`2024-26692`, :cve_nist:`2024-26693`, :cve_nist:`2024-26694`, :cve_nist:`2024-26695`, :cve_nist:`2024-26696`, :cve_nist:`2024-26697`, :cve_nist:`2024-26698`, :cve_nist:`2024-26702`, :cve_nist:`2024-26703`, :cve_nist:`2024-26704`, :cve_nist:`2024-26705`, :cve_nist:`2024-26707`, :cve_nist:`2024-26708`, :cve_nist:`2024-26709`, :cve_nist:`2024-26710`, :cve_nist:`2024-26711`, :cve_nist:`2024-26712`, :cve_nist:`2024-26715`, :cve_nist:`2024-26716`, :cve_nist:`2024-26717`, :cve_nist:`2024-26720`, :cve_nist:`2024-26721`, :cve_nist:`2024-26722`, :cve_nist:`2024-26723`, :cve_nist:`2024-26724`, :cve_nist:`2024-26725`, :cve_nist:`2024-26727`, :cve_nist:`2024-26728`, :cve_nist:`2024-26729`, :cve_nist:`2024-26730`, :cve_nist:`2024-26731`, :cve_nist:`2024-26732`, :cve_nist:`2024-26733`, :cve_nist:`2024-26734`, :cve_nist:`2024-26735`, :cve_nist:`2024-26736`, :cve_nist:`2024-26737`, :cve_nist:`2024-26741`, :cve_nist:`2024-26742`, :cve_nist:`2024-26743`, :cve_nist:`2024-26744`, :cve_nist:`2024-26746`, :cve_nist:`2024-26747`, :cve_nist:`2024-26748`, :cve_nist:`2024-26749`, :cve_nist:`2024-26750`, :cve_nist:`2024-26751`, :cve_nist:`2024-26752`, :cve_nist:`2024-26753`, :cve_nist:`2024-26754`, :cve_nist:`2024-26755`, :cve_nist:`2024-26760`, :cve_nist:`2024-26761`, :cve_nist:`2024-26762`, :cve_nist:`2024-26763`, :cve_nist:`2024-26764`, :cve_nist:`2024-26766`, :cve_nist:`2024-26769`, :cve_nist:`2024-26771`, :cve_nist:`2024-26772`, :cve_nist:`2024-26773`, :cve_nist:`2024-26774`, :cve_nist:`2024-26776`, :cve_nist:`2024-26777`, :cve_nist:`2024-26778`, :cve_nist:`2024-26779`, :cve_nist:`2024-26780`, :cve_nist:`2024-26781`, :cve_nist:`2024-26783`, :cve_nist:`2024-26785`, :cve_nist:`2024-26786`, :cve_nist:`2024-26792`, :cve_nist:`2024-26794`, :cve_nist:`2024-26796`, :cve_nist:`2024-26799`, :cve_nist:`2024-26800`, :cve_nist:`2024-26807` and :cve_nist:`2024-26808`
+-  ncurses: Fix :cve_nist:`2023-45918`
+-  ofono: Fix :cve_nist:`2023-4233` and :cve_nist:`2023-4234`
+-  openssl: Fix :cve_nist:`2024-4603`
+-  util-linux: Fix :cve_nist:`2024-28085`
+-  xserver-xorg: Fix :cve_nist:`2024-31082` and :cve_nist:`2024-31083`
 
 
 Fixes in Yocto-4.0.19
 ~~~~~~~~~~~~~~~~~~~~~
 
--  binutils: Rename CVE-2022-38126 patch to :cve:`2022-35205`
+-  binutils: Rename CVE-2022-38126 patch to :cve_nist:`2022-35205`
 -  bitbake: parse: Improve/fix cache invalidation via mtime
 -  build-appliance-image: Update to kirkstone head revision
 -  go-mod.bbclass: do not pack go mod cache
diff --git a/documentation/migration-guides/release-notes-4.0.2.rst b/documentation/migration-guides/release-notes-4.0.2.rst
index 2f724e33c4..57881fa359 100644
--- a/documentation/migration-guides/release-notes-4.0.2.rst
+++ b/documentation/migration-guides/release-notes-4.0.2.rst
@@ -6,13 +6,13 @@ Release notes for Yocto-4.0.2 (Kirkstone)
 Security Fixes in Yocto-4.0.2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  libxslt: Mark :cve:`2022-29824` as not applying
--  tiff: Add jbig :term:`PACKAGECONFIG` and clarify IGNORE :cve:`2022-1210`
--  tiff: mark :cve:`2022-1622` and :cve:`2022-1623` as invalid
--  pcre2:fix :cve:`2022-1586` Out-of-bounds read
--  curl: fix :cve:`2022-22576`, :cve:`2022-27775`, :cve:`2022-27776`, :cve:`2022-27774`, :cve:`2022-30115`, :cve:`2022-27780`, :cve:`2022-27781`, :cve:`2022-27779` and :cve:`2022-27782`
--  qemu: fix :cve:`2021-4206` and :cve:`2021-4207`
--  freetype: fix :cve:`2022-27404`, :cve:`2022-27405` and :cve:`2022-27406`
+-  libxslt: Mark :cve_nist:`2022-29824` as not applying
+-  tiff: Add jbig :term:`PACKAGECONFIG` and clarify IGNORE :cve_nist:`2022-1210`
+-  tiff: mark :cve_nist:`2022-1622` and :cve_nist:`2022-1623` as invalid
+-  pcre2:fix :cve_nist:`2022-1586` Out-of-bounds read
+-  curl: fix :cve_nist:`2022-22576`, :cve_nist:`2022-27775`, :cve_nist:`2022-27776`, :cve_nist:`2022-27774`, :cve_nist:`2022-30115`, :cve_nist:`2022-27780`, :cve_nist:`2022-27781`, :cve_nist:`2022-27779` and :cve_nist:`2022-27782`
+-  qemu: fix :cve_nist:`2021-4206` and :cve_nist:`2021-4207`
+-  freetype: fix :cve_nist:`2022-27404`, :cve_nist:`2022-27405` and :cve_nist:`2022-27406`
 
 Fixes in Yocto-4.0.2
 ~~~~~~~~~~~~~~~~~~~~
diff --git a/documentation/migration-guides/release-notes-4.0.20.rst b/documentation/migration-guides/release-notes-4.0.20.rst
index 97e0a3e91d..d0f95fff50 100644
--- a/documentation/migration-guides/release-notes-4.0.20.rst
+++ b/documentation/migration-guides/release-notes-4.0.20.rst
@@ -6,14 +6,14 @@ Release notes for Yocto-4.0.20 (Kirkstone)
 Security Fixes in Yocto-4.0.20
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  acpica: Fix :cve:`2024-24856`
--  glib-2.0: Fix :cve:`2024-34397`
--  gstreamer1.0-plugins-base: Fix :cve:`2024-4453`
--  libxml2: Fix :cve:`2024-34459`
--  openssh: fix :cve:`2024-6387`
--  openssl: Fix :cve_mitre:`2024-4741` and :cve:`2024-5535`
--  ruby: fix :cve:`2024-27280`
--  wget: Fix for :cve:`2024-38428`
+-  acpica: Fix :cve_nist:`2024-24856`
+-  glib-2.0: Fix :cve_nist:`2024-34397`
+-  gstreamer1.0-plugins-base: Fix :cve_nist:`2024-4453`
+-  libxml2: Fix :cve_nist:`2024-34459`
+-  openssh: fix :cve_nist:`2024-6387`
+-  openssl: Fix :cve_mitre:`2024-4741` and :cve_nist:`2024-5535`
+-  ruby: fix :cve_nist:`2024-27280`
+-  wget: Fix for :cve_nist:`2024-38428`
 
 
 Fixes in Yocto-4.0.20
diff --git a/documentation/migration-guides/release-notes-4.0.21.rst b/documentation/migration-guides/release-notes-4.0.21.rst
new file mode 100644
index 0000000000..abf2199ee5
--- /dev/null
+++ b/documentation/migration-guides/release-notes-4.0.21.rst
@@ -0,0 +1,166 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.21 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.21
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  bind: Fix :cve_nist:`2024-4076`, :cve_nist:`2024-1737`, :cve_nist:`2024-0760` and :cve_nist:`2024-1975`
+-  apr: Fix :cve_nist:`2023-49582`
+-  busybox: Fix :cve_nist:`2023-42363`, :cve_nist:`2023-42364`, :cve_nist:`2023-42365`, :cve_nist:`2023-42366` and :cve_nist:`2021-42380`
+-  curl: Ignore :cve_nist:`2024-32928`
+-  curl: Fix :cve_nist:`2024-7264`
+-  ghostscript: Fix :cve_nist:`2024-29506`, :cve_nist:`2024-29509` and :cve_nist:`2024-29511`
+-  go: Fix :cve_nist:`2024-24789` and :cve_nist:`2024-24791`
+-  gtk+3: Fix :cve_nist:`2024-6655`
+-  libarchive: Ignore :cve_nist:`2024-37407`
+-  libyaml: Ignore :cve_nist:`2024-35325`, :cve_nist:`2024-35326` and :cve_nist:`2024-35328`
+-  linux-yocto/5.15: Fix :cve_nist:`2022-48772`, :cve_nist:`2024-35972`, :cve_nist:`2024-35984`, :cve_nist:`2024-35990`, :cve_nist:`2024-35997`, :cve_nist:`2024-36008`, :cve_nist:`2024-36270`, :cve_nist:`2024-36489`, :cve_nist:`2024-36897`, :cve_nist:`2024-36938`, :cve_nist:`2024-36965`, :cve_nist:`2024-36967`, :cve_nist:`2024-36969`, :cve_nist:`2024-36971`, :cve_nist:`2024-36978`, :cve_nist:`2024-38546`, :cve_nist:`2024-38547`, :cve_nist:`2024-38549`, :cve_nist:`2024-38552`, :cve_nist:`2024-38555`, :cve_nist:`2024-38571`, :cve_nist:`2024-38583`, :cve_nist:`2024-38591`, :cve_nist:`2024-38597`, :cve_nist:`2024-38598`, :cve_nist:`2024-38600`, :cve_nist:`2024-38627`, :cve_nist:`2024-38633`, :cve_nist:`2024-38661`, :cve_nist:`2024-38662`, :cve_nist:`2024-38780`, :cve_nist:`2024-39277`, :cve_nist:`2024-39292`, :cve_nist:`2024-39301`, :cve_nist:`2024-39466`, :cve_nist:`2024-39468`, :cve_nist:`2024-39471`, :cve_nist:`2024-39475`, :cve_nist:`2024-39476`, :cve_nist:`2024-39480`, :cve_nist:`2024-39482`, :cve_nist:`2024-39484`, :cve_nist:`2024-39487`, :cve_nist:`2024-39489`, :cve_nist:`2024-39493`, :cve_nist:`2024-39495`, :cve_nist:`2024-39506`, :cve_nist:`2024-40902`, :cve_nist:`2024-40911`, :cve_nist:`2024-40912`, :cve_nist:`2024-40932`, :cve_nist:`2024-40934`, :cve_nist:`2024-40954`, :cve_nist:`2024-40956`, :cve_nist:`2024-40957`, :cve_nist:`2024-40958`, :cve_nist:`2024-40959`, :cve_nist:`2024-40960`, :cve_nist:`2024-40961`, :cve_nist:`2024-40967`, :cve_nist:`2024-40970`, :cve_nist:`2024-40980`, :cve_nist:`2024-40981`, :cve_nist:`2024-40994`, :cve_nist:`2024-40995`, :cve_nist:`2024-41000`, :cve_nist:`2024-41002`, :cve_nist:`2024-41006`, :cve_nist:`2024-41007`, :cve_nist:`2024-41046`, :cve_nist:`2024-41049`, :cve_nist:`2024-41055`, :cve_nist:`2024-41064`, :cve_nist:`2024-41070`, :cve_nist:`2024-41073`, :cve_nist:`2024-41087`, :cve_nist:`2024-41089`, :cve_nist:`2024-41092`, :cve_nist:`2024-41093`, :cve_nist:`2024-41095`, :cve_nist:`2024-41097`, :cve_nist:`2024-42068`, :cve_nist:`2024-42070`, :cve_nist:`2024-42076`, :cve_nist:`2024-42077`, :cve_nist:`2024-42080`, :cve_nist:`2024-42082`, :cve_nist:`2024-42085`, :cve_nist:`2024-42090`, :cve_nist:`2024-42093`, :cve_nist:`2024-42094`, :cve_nist:`2024-42101`, :cve_nist:`2024-42102`, :cve_nist:`2024-42104`, :cve_nist:`2024-42109`, :cve_nist:`2024-42140`, :cve_nist:`2024-42148`, :cve_nist:`2024-42152`, :cve_nist:`2024-42153`, :cve_nist:`2024-42154`, :cve_nist:`2024-42157`, :cve_nist:`2024-42161`, :cve_nist:`2024-42223`, :cve_nist:`2024-42224`, :cve_nist:`2024-42225`, :cve_nist:`2024-42229`, :cve_nist:`2024-42232`, :cve_nist:`2024-42236`, :cve_nist:`2024-42244` and :cve_nist:`2024-42247`
+-  llvm: Fix :cve_nist:`2023-46049` and :cve_nist:`2024-31852`
+-  ofono: fix :cve_nist:`2023-2794`
+-  orc: Fix :cve_nist:`2024-40897`
+-  python3-certifi: Fix :cve_nist:`2024-39689`
+-  python3-jinja2: Fix :cve_nist:`2024-34064`
+-  python3: Fix :cve_nist:`2024-8088`
+-  qemu: Fix :cve_nist:`2024-7409`
+-  ruby: Fix for :cve_nist:`2024-27282`
+-  tiff: Fix :cve_nist:`2024-7006`
+-  vim: Fix :cve_nist:`2024-22667`, :cve_nist:`2024-41957`, :cve_nist:`2024-41965` and :cve_nist:`2024-43374`
+-  wpa-supplicant: Fix :cve_nist:`2023-52160`
+
+
+Fixes in Yocto-4.0.21
+~~~~~~~~~~~~~~~~~~~~~
+
+-  apr: upgrade to 1.7.5
+-  bind: Upgrade to 9.18.28
+-  bitbake: data_smart: Improve performance for VariableHistory
+-  build-appliance-image: Update to kirkstone head revision
+-  cryptodev-module: Fix build for linux 5.10.220
+-  gcc-runtime: remove bashism
+-  grub: fs/fat: Don't error when mtime is 0
+-  image_types.bbclass: Use --force also with lz4,lzop
+-  libsoup: fix compile error on centos7
+-  linux-yocto/5.15: upgrade to v5.15.164
+-  lttng-modules: Upgrade to 2.13.14
+-  migration-guide: add release notes for 4.0.20
+-  orc: upgrade to 0.4.39
+-  poky.conf: bump version for 4.0.21
+-  python3-jinja2: upgrade to 3.1.4
+-  python3-pycryptodome(x): use python_setuptools_build_meta build class
+-  python3: add PACKAGECONFIG[editline]
+-  ref-manual: fix typo and move :term:`SYSROOT_DIRS` example
+-  sqlite3: CVE_ID correction for :cve_nist:`2023-7104` as patched
+-  sqlite3: Rename patch for :cve_nist:`2022-35737`
+-  uboot-sign: Fix index error in concat_dtb_helper() with multiple configs
+-  vim: upgrade to 9.1.0682
+-  wireless-regdb: upgrade to 2024.07.04
+
+
+Known Issues in Yocto-4.0.21
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.21
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Archana Polampalli
+-  Ashish Sharma
+-  Bruce Ashfield
+-  Deepthi Hemraj
+-  Divya Chellam
+-  Florian Amstutz
+-  Guocai He
+-  Hitendra Prajapati
+-  Hugo SIMELIERE
+-  Lee Chee Yang
+-  Leon Anavi
+-  Matthias Pritschet
+-  Ming Liu
+-  Niko Mauno
+-  Peter Marko
+-  Robert Yang
+-  Rohini Sangam
+-  Ross Burton
+-  Siddharth Doshi
+-  Soumya Sambu
+-  Steve Sakoman
+-  Vijay Anusuri
+-  Vrushti Dabhi
+-  Wang Mingyu
+-  Yogita Urade
+
+
+Repositories / Downloads for Yocto-4.0.21
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.21 </poky/log/?h=yocto-4.0.21>`
+-  Git Revision: :yocto_git:`4cdc553814640851cce85f84ee9c0b58646cd33b </poky/commit/?id=4cdc553814640851cce85f84ee9c0b58646cd33b>`
+-  Release Artefact: poky-4cdc553814640851cce85f84ee9c0b58646cd33b
+-  sha: 460e3a4ede491a9b66c5d262cd9498d5bcca1f2d880885342b08dc32b967f33d
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.21/poky-4cdc553814640851cce85f84ee9c0b58646cd33b.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.21/poky-4cdc553814640851cce85f84ee9c0b58646cd33b.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.21 </openembedded-core/log/?h=yocto-4.0.21>`
+-  Git Revision: :oe_git:`c40a3fec49942ac6d25ba33e57e801a550e252c9 </openembedded-core/commit/?id=c40a3fec49942ac6d25ba33e57e801a550e252c9>`
+-  Release Artefact: oecore-c40a3fec49942ac6d25ba33e57e801a550e252c9
+-  sha: afc2aaf312f9fb2590ae006615557ec605c98eff42bc380a1b2d6e39cfdf8930
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.21/oecore-c40a3fec49942ac6d25ba33e57e801a550e252c9.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.21/oecore-c40a3fec49942ac6d25ba33e57e801a550e252c9.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.21 </meta-mingw/log/?h=yocto-4.0.21>`
+-  Git Revision: :yocto_git:`f6b38ce3c90e1600d41c2ebb41e152936a0357d7 </meta-mingw/commit/?id=f6b38ce3c90e1600d41c2ebb41e152936a0357d7>`
+-  Release Artefact: meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7
+-  sha: 7d57167c19077f4ab95623d55a24c2267a3a3fb5ed83688659b4c03586373b25
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.21/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.21/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.21 </meta-gplv2/log/?h=yocto-4.0.21>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.21/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.21/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.21 </bitbake/log/?h=yocto-4.0.21>`
+-  Git Revision: :oe_git:`ec2a99a077da9aa0e99e8b05e0c65dcbd45864b1 </bitbake/commit/?id=ec2a99a077da9aa0e99e8b05e0c65dcbd45864b1>`
+-  Release Artefact: bitbake-ec2a99a077da9aa0e99e8b05e0c65dcbd45864b1
+-  sha: 1cb102f4c8dbd067f0262072e4e629ec7cb423103111ccdde75a09fcb8f55e5f
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.21/bitbake-ec2a99a077da9aa0e99e8b05e0c65dcbd45864b1.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.21/bitbake-ec2a99a077da9aa0e99e8b05e0c65dcbd45864b1.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag: :yocto_git:`yocto-4.0.21 </yocto-docs/log/?h=yocto-4.0.21>`
+-  Git Revision: :yocto_git:`512025edd9b3b6b8d0938b35bb6188c9f3b7f17d </yocto-docs/commit/?id=512025edd9b3b6b8d0938b35bb6188c9f3b7f17d>`
+
diff --git a/documentation/migration-guides/release-notes-4.0.22.rst b/documentation/migration-guides/release-notes-4.0.22.rst
new file mode 100644
index 0000000000..b2b98bd907
--- /dev/null
+++ b/documentation/migration-guides/release-notes-4.0.22.rst
@@ -0,0 +1,196 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.22 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.22
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  cups: Fix :cve_nist:`2024-35235` and :cve_nist:`2024-47175`
+-  curl: Fix :cve_nist:`2024-8096`
+-  expat: Fix :cve_nist:`2024-45490`, :cve_nist:`2024-45491` and :cve_nist:`2024-45492`
+-  gnupg: Ignore :cve_nist:`2022-3219`
+-  libpcap: Fix :cve_nist:`2023-7256` and :cve_nist:`2024-8006`
+-  linux-yocto/5.10: Fix :cve_nist:`2022-48772`, :cve_nist:`2023-52434`, :cve_nist:`2023-52447`, :cve_nist:`2023-52458`, :cve_nist:`2024-0841`, :cve_nist:`2024-26601`, :cve_nist:`2024-26882`, :cve_nist:`2024-26883`, :cve_nist:`2024-26884`, :cve_nist:`2024-26885`, :cve_nist:`2024-26898`, :cve_nist:`2024-26901`, :cve_nist:`2024-26903`, :cve_nist:`2024-26907`, :cve_nist:`2024-26934`, :cve_nist:`2024-26978`, :cve_nist:`2024-27013`, :cve_nist:`2024-27020`, :cve_nist:`2024-35972`, :cve_nist:`2024-35978`, :cve_nist:`2024-35982`, :cve_nist:`2024-35984`, :cve_nist:`2024-35990`, :cve_nist:`2024-35997`, :cve_nist:`2024-36008`, :cve_nist:`2024-36270`, :cve_nist:`2024-36489`, :cve_nist:`2024-36902`, :cve_nist:`2024-36971`, :cve_nist:`2024-36978`, :cve_nist:`2024-38546`, :cve_nist:`2024-38547`, :cve_nist:`2024-38549`, :cve_nist:`2024-38552`, :cve_nist:`2024-38555`, :cve_nist:`2024-38583`, :cve_nist:`2024-38590`, :cve_nist:`2024-38597`, :cve_nist:`2024-38598`, :cve_nist:`2024-38627`, :cve_nist:`2024-38633`, :cve_nist:`2024-38661`, :cve_nist:`2024-38662`, :cve_nist:`2024-38780`, :cve_nist:`2024-39292`, :cve_nist:`2024-39301`, :cve_nist:`2024-39468`, :cve_nist:`2024-39471`, :cve_nist:`2024-39475`, :cve_nist:`2024-39476`, :cve_nist:`2024-39480`, :cve_nist:`2024-39482`, :cve_nist:`2024-39484`, :cve_nist:`2024-39487`, :cve_nist:`2024-39489`, :cve_nist:`2024-39495`, :cve_nist:`2024-39506`, :cve_nist:`2024-40902`, :cve_nist:`2024-40904`, :cve_nist:`2024-40905`, :cve_nist:`2024-40912`, :cve_nist:`2024-40932`, :cve_nist:`2024-40934`, :cve_nist:`2024-40958`, :cve_nist:`2024-40959`, :cve_nist:`2024-40960`, :cve_nist:`2024-40961`, :cve_nist:`2024-40980`, :cve_nist:`2024-40981`, :cve_nist:`2024-40995`, :cve_nist:`2024-41000`, :cve_nist:`2024-41006`, :cve_nist:`2024-41007`, :cve_nist:`2024-41012`, :cve_nist:`2024-41040`, :cve_nist:`2024-41046`, :cve_nist:`2024-41049`, :cve_nist:`2024-41059`, :cve_nist:`2024-41063`, :cve_nist:`2024-41064`, :cve_nist:`2024-41070`, :cve_nist:`2024-41087`, :cve_nist:`2024-41089`, :cve_nist:`2024-41092`, :cve_nist:`2024-41095`, :cve_nist:`2024-41097`, :cve_nist:`2024-42070`, :cve_nist:`2024-42076`, :cve_nist:`2024-42077`, :cve_nist:`2024-42082`, :cve_nist:`2024-42090`, :cve_nist:`2024-42093`, :cve_nist:`2024-42094`, :cve_nist:`2024-42101`, :cve_nist:`2024-42102`, :cve_nist:`2024-42104`, :cve_nist:`2024-42131`, :cve_nist:`2024-42137`, :cve_nist:`2024-42148`, :cve_nist:`2024-42152`, :cve_nist:`2024-42153`, :cve_nist:`2024-42154`, :cve_nist:`2024-42157`, :cve_nist:`2024-42161`, :cve_nist:`2024-42223`, :cve_nist:`2024-42224`, :cve_nist:`2024-42229`, :cve_nist:`2024-42232`, :cve_nist:`2024-42236`, :cve_nist:`2024-42244` and :cve_nist:`2024-42247`
+-  linux-yocto/5.15: Fix :cve_nist:`2023-52889`, :cve_nist:`2024-41011`, :cve_nist:`2024-42114`, :cve_nist:`2024-42259`, :cve_nist:`2024-42271`, :cve_nist:`2024-42272`, :cve_nist:`2024-42277`, :cve_nist:`2024-42280`, :cve_nist:`2024-42283`, :cve_nist:`2024-42284`, :cve_nist:`2024-42285`, :cve_nist:`2024-42286`, :cve_nist:`2024-42287`, :cve_nist:`2024-42288`, :cve_nist:`2024-42289`, :cve_nist:`2024-42301`, :cve_nist:`2024-42302`, :cve_nist:`2024-42309`, :cve_nist:`2024-42310`, :cve_nist:`2024-42311`, :cve_nist:`2024-42313`, :cve_nist:`2024-43817`, :cve_nist:`2024-43828`, :cve_nist:`2024-43854`, :cve_nist:`2024-43856`, :cve_nist:`2024-43858`, :cve_nist:`2024-43860`, :cve_nist:`2024-43861`, :cve_nist:`2024-43863`, :cve_nist:`2024-43871`, :cve_nist:`2024-43873`, :cve_nist:`2024-43882`, :cve_nist:`2024-43889`, :cve_nist:`2024-43890`, :cve_nist:`2024-43893`, :cve_nist:`2024-43894`, :cve_nist:`2024-43902`, :cve_nist:`2024-43907`, :cve_nist:`2024-43908`, :cve_nist:`2024-43909`, :cve_nist:`2024-43914`, :cve_nist:`2024-44934`, :cve_nist:`2024-44935`, :cve_nist:`2024-44944`, :cve_nist:`2024-44947`, :cve_nist:`2024-44952`, :cve_nist:`2024-44954`, :cve_nist:`2024-44958`, :cve_nist:`2024-44960`, :cve_nist:`2024-44965`, :cve_nist:`2024-44966`, :cve_nist:`2024-44969`, :cve_nist:`2024-44971`, :cve_nist:`2024-44982`, :cve_nist:`2024-44983`, :cve_nist:`2024-44985`, :cve_nist:`2024-44986`, :cve_nist:`2024-44987`, :cve_nist:`2024-44988`, :cve_nist:`2024-44989`, :cve_nist:`2024-44990`, :cve_nist:`2024-44995`, :cve_nist:`2024-44998`, :cve_nist:`2024-44999`, :cve_nist:`2024-45003`, :cve_nist:`2024-45006`, :cve_nist:`2024-45011`, :cve_nist:`2024-45016`, :cve_nist:`2024-45018`, :cve_nist:`2024-45021`, :cve_nist:`2024-45025`, :cve_nist:`2024-45026`, :cve_nist:`2024-45028`, :cve_nist:`2024-46673`, :cve_nist:`2024-46674`, :cve_nist:`2024-46675`, :cve_nist:`2024-46676`, :cve_nist:`2024-46677`, :cve_nist:`2024-46679`, :cve_nist:`2024-46685`, :cve_nist:`2024-46689`, :cve_nist:`2024-46702` and :cve_nist:`2024-46707`
+-  openssl: Fix :cve_nist:`2024-6119`
+-  procps: Fix :cve_nist:`2023-4016`
+-  python3: Fix :cve_nist:`2023-27043`, :cve_nist:`2024-4030`, :cve_nist:`2024-4032`, :cve_nist:`2024-6923`, :cve_nist:`2024-6232`, :cve_nist:`2024-7592` and :cve_nist:`2024-8088`
+-  qemu: Fix :cve_nist:`2024-4467`
+-  rust: Ignore :cve_nist:`2024-43402`
+-  webkitgtk: Fix :cve_nist:`2024-40779`
+-  wpa-supplicant: Ignore :cve_nist:`2024-5290`
+-  wpa-supplicant: Fix :cve_nist:`2024-3596`
+
+
+Fixes in Yocto-4.0.22
+~~~~~~~~~~~~~~~~~~~~~
+
+-  bintuils: stable 2.38 branch update
+-  bitbake: fetch2/wget: Canonicalize :term:`DL_DIR` paths for wget2 compatibility
+-  bitbake: fetch/wget: Move files into place atomically
+-  bitbake: hashserv: tests: Omit client in slow server start test
+-  bitbake: tests/fetch: Tweak to work on Fedora40
+-  bitbake: wget: Make wget --passive-ftp option conditional on ftp/ftps
+-  build-appliance-image: Update to kirkstone head revision
+-  buildhistory: Fix intermittent package file list creation
+-  buildhistory: Restoring files from preserve list
+-  buildhistory: Simplify intercept call sites and drop SSTATEPOSTINSTFUNC usage
+-  busybox: Fix cut with "-s" flag
+-  cdrtools-native: fix build with gcc-14
+-  curl: free old conn better on reuse
+-  cve-exclusion: Drop the version comparision/warning
+-  dejagnu: Fix :term:`LICENSE` (change to GPL-3.0-only)
+-  doc/features: remove duplicate word in distribution feature ext2
+-  gcc: upgrade to v11.5
+-  gcr: Fix :term:`LICENSE` (change to LGPL-2.0-only)
+-  glibc: stable 2.35 branch updates
+-  install-buildtools: fix "test installation" step
+-  install-buildtools: remove md5 checksum validation
+-  install-buildtools: support buildtools-make-tarball and update to 4.1
+-  iw: Fix :term:`LICENSE` (change to ISC)
+-  kmscube: Add patch to fix -int-conversion build error
+-  lib/oeqa: rename assertRaisesRegexp to assertRaisesRegex
+-  libedit: Make docs generation deterministic
+-  linux-yocto/5.10: fix NFSV3 config warning
+-  linux-yocto/5.10: remove obsolete options
+-  linux-yocto/5.10: update to v5.10.223
+-  linux-yocto/5.15: update to v5.15.166
+-  meta-world-pkgdata: Inherit nopackages
+-  migration-guide: add release notes for 4.0.21
+-  openssl: Upgrade to 3.0.15
+-  poky.conf: bump version for 4.0.22
+-  populate_sdk_base: inherit nopackages
+-  python3: Upgrade to 3.10.15
+-  ruby: Make docs generation deterministic
+-  runqemu: keep generating tap devices
+-  scripts/install-buildtools: Update to 4.0.21
+-  selftest/runtime_test/virgl: Disable for all fedora
+-  testexport: fallback for empty :term:`IMAGE_LINK_NAME`
+-  testimage: fallback for empty :term:`IMAGE_LINK_NAME`
+-  tiff: Fix :term:`LICENSE` (change to libtiff)
+-  udev-extraconf: Add collect flag to mount
+-  unzip: Fix :term:`LICENSE` (change to Info-ZIP)
+-  valgrind: disable avx_estimate_insn.vgtest
+-  wpa-supplicant: Patch security advisory 2024-2
+-  yocto-uninative: Update to 4.5 for gcc 14
+-  yocto-uninative: Update to 4.6 for glibc 2.40
+-  zip: Fix :term:`LICENSE` (change to Info-ZIP)
+-  zstd: fix :term:`LICENSE` statement (change to "BSD-3-Clause | GPL-2.0-only")
+
+
+Known Issues in Yocto-4.0.22
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  ``oeqa/runtime``: the ``beaglebone-yocto`` target fails the ``parselogs``
+   runtime test due to unexpected kernel error messages in the log (see
+   :yocto_bugs:`bug 15624 </show_bug.cgi?id=15624>` on Bugzilla).
+
+
+Contributors to Yocto-4.0.22
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Aleksandar Nikolic
+-  Alexandre Belloni
+-  Archana Polampalli
+-  Bruce Ashfield
+-  Colin McAllister
+-  Deepthi Hemraj
+-  Divya Chellam
+-  Hitendra Prajapati
+-  Hugo SIMELIERE
+-  Jinfeng Wang
+-  Joshua Watt
+-  Jörg Sommer
+-  Konrad Weihmann
+-  Lee Chee Yang
+-  Martin Jansa
+-  Massimiliano Minella
+-  Michael Halstead
+-  Mingli Yu
+-  Niko Mauno
+-  Paul Eggleton
+-  Pedro Ferreira
+-  Peter Marko
+-  Purushottam Choudhary
+-  Richard Purdie
+-  Rob Woolley
+-  Rohini Sangam
+-  Ross Burton
+-  Rudolf J Streif
+-  Siddharth Doshi
+-  Steve Sakoman
+-  Vijay Anusuri
+-  Vivek Kumbhar
+
+
+Repositories / Downloads for Yocto-4.0.22
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.22 </poky/log/?h=yocto-4.0.22>`
+-  Git Revision: :yocto_git:`7e87dc422d972e0dc98372318fcdc63a76347d16 </poky/commit/?id=7e87dc422d972e0dc98372318fcdc63a76347d16>`
+-  Release Artefact: poky-7e87dc422d972e0dc98372318fcdc63a76347d16
+-  sha: 5058e7b2474f8cb73c19e776ef58d9784321ef42109d5982747c8c432531239f
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.22/poky-7e87dc422d972e0dc98372318fcdc63a76347d16.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.22/poky-7e87dc422d972e0dc98372318fcdc63a76347d16.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.22 </openembedded-core/log/?h=yocto-4.0.22>`
+-  Git Revision: :oe_git:`f09fca692f96c9c428e89c5ef53fbcb92ac0c9bf </openembedded-core/commit/?id=f09fca692f96c9c428e89c5ef53fbcb92ac0c9bf>`
+-  Release Artefact: oecore-f09fca692f96c9c428e89c5ef53fbcb92ac0c9bf
+-  sha: 378bcc840ba9fbf06a15fea1b5dacdd446f3ad4d85115d708e7bbb20629cdeb4
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.22/oecore-f09fca692f96c9c428e89c5ef53fbcb92ac0c9bf.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.22/oecore-f09fca692f96c9c428e89c5ef53fbcb92ac0c9bf.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.22 </meta-mingw/log/?h=yocto-4.0.22>`
+-  Git Revision: :yocto_git:`f6b38ce3c90e1600d41c2ebb41e152936a0357d7 </meta-mingw/commit/?id=f6b38ce3c90e1600d41c2ebb41e152936a0357d7>`
+-  Release Artefact: meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7
+-  sha: 7d57167c19077f4ab95623d55a24c2267a3a3fb5ed83688659b4c03586373b25
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.22/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.22/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.22 </meta-gplv2/log/?h=yocto-4.0.22>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.22/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.22/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.22 </bitbake/log/?h=yocto-4.0.22>`
+-  Git Revision: :oe_git:`eb5c1ce6b1b8f33535ff7b9263ec7648044163ea </bitbake/commit/?id=eb5c1ce6b1b8f33535ff7b9263ec7648044163ea>`
+-  Release Artefact: bitbake-eb5c1ce6b1b8f33535ff7b9263ec7648044163ea
+-  sha: 473d3e9539160633f3de9d88cce69123f6c623e4c8ab35beb7875868564593cf
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.22/bitbake-eb5c1ce6b1b8f33535ff7b9263ec7648044163ea.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.22/bitbake-eb5c1ce6b1b8f33535ff7b9263ec7648044163ea.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag: :yocto_git:`yocto-4.0.22 </yocto-docs/log/?h=yocto-4.0.22>`
+-  Git Revision: :yocto_git:`2169a52a24ebd1906039c42632bae6c4285a3aca </yocto-docs/commit/?id=2169a52a24ebd1906039c42632bae6c4285a3aca>`
+
diff --git a/documentation/migration-guides/release-notes-4.0.23.rst b/documentation/migration-guides/release-notes-4.0.23.rst
new file mode 100644
index 0000000000..abf7c69759
--- /dev/null
+++ b/documentation/migration-guides/release-notes-4.0.23.rst
@@ -0,0 +1,209 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.23 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.23
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  ``curl``: Fix :cve_nist:`2024-9681`
+-  ``expat``: Fix :cve_nist:`2024-50602`
+-  ``gcc``: Ignore :cve_nist:`2023-4039`
+-  ``ghostscript``: Fix :cve_nist:`2023-46361` and :cve_nist:`2024-29508`
+-  ``gstreamer1.0``: Ignore :cve_nist:`2024-0444`
+-  ``libarchive``: Fix :cve_nist:`2024-48957` and :cve_nist:`2024-48958`
+-  ``openssl``: Fix :cve_nist:`2024-9143`
+-  ``orc``: Fix :cve_nist:`2024-40897`
+-  ``python3``: Ignore :cve_nist:`2023-27043`, :cve_nist:`2024-6232` and :cve_nist:`2024-7592`
+-  ``qemu``: Fix :cve_nist:`2023-3019`
+-  ``vim``: Fix :cve_nist:`2024-43790`, :cve_nist:`2024-43802`, :cve_nist:`2024-45306` and :cve_nist:`2024-47814`
+-  ``zstd``: Fix :cve_nist:`2022-4899`
+
+
+Fixes in Yocto-4.0.23
+~~~~~~~~~~~~~~~~~~~~~
+
+-  at-spi2-core: backport a patch to fix build with gcc-14 on host
+-  bitbake: bitbake: doc/user-manual: Update the BB_HASHSERVE_UPSTREAM
+-  bitbake: codeparser: Fix handling of string AST nodes with older Python versions
+-  bitbake: fetch2/git: Use quote from shlex, not pipes
+-  bitbake: gitsm: Add call_process_submodules() to remove duplicated code
+-  bitbake: gitsm: Remove downloads/tmpdir when failed
+-  bitbake: tests/fetch: Use our own mirror of mobile-broadband-provider to decouple from gnome gitlab
+-  bitbake: tests/fetch: Use our own mirror of sysprof to decouple from gnome gitlab
+-  bmap-tools: update :term:`HOMEPAGE` and :term:`SRC_URI`
+-  build-appliance-image: Update to kirkstone head revision
+-  cmake: Fix sporadic issues when determining compiler internals
+-  cracklib: Modify patch to compile with GCC 14
+-  cve-check: add CVSS vector string to CVE database and reports
+-  cve-check: add support for cvss v4.0
+-  cve_check: Use a local copy of the database during builds
+-  dev-manual: document how to provide confs from layer.conf
+-  documentation: Makefile: add SPHINXLINTDOCS to specify subset to sphinx-lint
+-  documentation: Makefile: fix epub and latexpdf targets
+-  documentation: README: add instruction to run Vale on a subset
+-  documentation: brief-yoctoprojectqs: update BB_HASHSERVE_UPSTREAM for new infrastructure
+-  documentation: conf.py: add a bitbake_git extlink
+-  documentation: rename :cve: role to :cve_nist:
+-  documentation: styles: vocabularies: Yocto: add sstate
+-  documnetation: contributor-guide: Remove duplicated words
+-  gcc: restore a patch for Neoverse N2 core
+-  glib-2.0: patch regression of :cve_nist:`2023-32665`
+-  kmscube: create_framebuffer: backport modifier fix
+-  libffi: backport a fix to build libffi-native with gcc-14
+-  linux-firmware: Upgrade to 20240909
+-  local.conf.sample: update BB_HASHSERVE_UPSTREAM for new infrastructure
+-  migration-guide: add release notes for 4.0.22
+-  migration-guide: release-notes-4.0: update BB_HASHSERVE_UPSTREAM for new infrastructure
+-  nativesdk-intercept: Fix bad intercept chgrp/chown logic
+-  orc: Upgrade to  0.4.40
+-  overlayfs-etc: add option to skip creation of mount dirs
+-  overview-manual: concepts: add details on package splitting
+-  package: Switch debug source handling to use prefix map
+-  patch.py: Use shlex instead of deprecated pipe
+-  poky.conf: bump version for 4.0.23
+-  pseudo: Disable LFS on 32bit arches
+-  pseudo: Fix envp bug and add posix_spawn wrapper
+-  pseudo: Fix to work with glibc 2.40
+-  pseudo: Switch back to the master branch
+-  pseudo: Update to include logic fix
+-  pseudo: Update to include open symlink handling bugfix
+-  pseudo: Update to pull in fchmodat fix
+-  pseudo: Update to pull in fd leak fix
+-  pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept
+-  pseudo: Update to pull in linux-libc-headers race fix
+-  pseudo: Update to pull in python 3.12+ fix
+-  pseudo: Update to pull in syncfs probe fix
+-  ref-manual: add description for the "sysroot" term
+-  ref-manual: add missing CVE_CHECK manifest variables
+-  ref-manual: add missing :term:`EXTERNAL_KERNEL_DEVICETREE` variable
+-  ref-manual: add missing :term:`OPKGBUILDCMD` variable
+-  ref-manual: devtool-reference: document missing commands
+-  ref-manual: devtool-reference: refresh example outputs
+-  ref-manual: introduce :term:`CVE_CHECK_REPORT_PATCHED` variable
+-  ref-manual: release-process: add a reference to the doc's release
+-  ref-manual: release-process: refresh the current LTS releases
+-  ref-manual: release-process: update releases.svg
+-  ref-manual: release-process: update releases.svg with month after "Current"
+-  ref-manual: structure.rst: document missing tmp/ dirs
+-  ref-manual: variables: add SIGGEN_LOCKEDSIGS* variables
+-  syslinux: Disable error on implicit-function-declaration
+-  util-linux: Define pidfd_* function signatures
+-  vala: add -Wno-error=incompatible-pointer-types work around
+-  vim: Upgrade to 9.1.0764
+-  xmlto: backport a patch to fix build with gcc-14 on host
+-  zip: Fix build with gcc-14
+-  zip: Make configure checks to be more robust
+
+
+Known Issues in Yocto-4.0.23
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-N/A
+
+
+Contributors to Yocto-4.0.23
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Aleksandar Nikolic
+-  Alexandre Belloni
+-  Antoine Lubineau
+-  Antonin Godard
+-  Archana Polampalli
+-  Ashish Sharma
+-  Baruch Siach
+-  Eilís 'pidge' Ní Fhlannagáin
+-  Jose Quaresma
+-  Julien Stephan
+-  Khem Raj
+-  Lee Chee Yang
+-  Macpaul Lin
+-  Martin Jansa
+-  Michael Opdenacker
+-  Ola x Nilsson
+-  Peter Marko
+-  Philip Lorenz
+-  Randolph Sapp
+-  Richard Purdie
+-  Robert Yang
+-  Rohini Sangam
+-  Ruiqiang Hao
+-  Siddharth Doshi
+-  Steve Sakoman
+-  Talel BELHAJSALEM
+-  Wang Mingyu
+-  Yogita Urade
+-  Zoltan Boszormenyi
+
+
+Repositories / Downloads for Yocto-4.0.23
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.23 </poky/log/?h=yocto-4.0.23>`
+-  Git Revision: :yocto_git:`8e092852b63e998d990b8f8e1aa91297dec4430f </poky/commit/?id=8e092852b63e998d990b8f8e1aa91297dec4430f>`
+-  Release Artefact: poky-8e092852b63e998d990b8f8e1aa91297dec4430f
+-  sha: 339d34d8432070dac948449e732ebf06a888eeb27ff548958b2395c9446b029d
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/poky-8e092852b63e998d990b8f8e1aa91297dec4430f.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/poky-8e092852b63e998d990b8f8e1aa91297dec4430f.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.23 </openembedded-core/log/?h=yocto-4.0.23>`
+-  Git Revision: :oe_git:`fb45c5cf8c2b663af293acb069d446610f77ff1a </openembedded-core/commit/?id=fb45c5cf8c2b663af293acb069d446610f77ff1a>`
+-  Release Artefact: oecore-fb45c5cf8c2b663af293acb069d446610f77ff1a
+-  sha: 1d394370ea7d43fb885ab8a952d6d1e43f1a850745a5152d5ead5565a283a0f5
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/oecore-fb45c5cf8c2b663af293acb069d446610f77ff1a.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/oecore-fb45c5cf8c2b663af293acb069d446610f77ff1a.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.23 </meta-mingw/log/?h=yocto-4.0.23>`
+-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
+-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
+-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.23 </meta-gplv2/log/?h=yocto-4.0.23>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.23 </bitbake/log/?h=yocto-4.0.23>`
+-  Git Revision: :oe_git:`fb73c495c45d1d4107cfd60b67a5b4f11a99647b </bitbake/commit/?id=fb73c495c45d1d4107cfd60b67a5b4f11a99647b>`
+-  Release Artefact: bitbake-fb73c495c45d1d4107cfd60b67a5b4f11a99647b
+-  sha: 5cd271299951f25912a2e8d4de6d8769a4c0bb3bbcfc90815be41f23fd299a0b
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/bitbake-fb73c495c45d1d4107cfd60b67a5b4f11a99647b.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/bitbake-fb73c495c45d1d4107cfd60b67a5b4f11a99647b.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag: :yocto_git:`yocto-4.0.23 </yocto-docs/log/?h=yocto-4.0.23>`
+-  Git Revision: :yocto_git:`TBD </yocto-docs/commit/?id=TBD>`
+
+
diff --git a/documentation/migration-guides/release-notes-4.0.24.rst b/documentation/migration-guides/release-notes-4.0.24.rst
new file mode 100644
index 0000000000..33372dc89e
--- /dev/null
+++ b/documentation/migration-guides/release-notes-4.0.24.rst
@@ -0,0 +1,383 @@
+Release notes for Yocto-4.0.24 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.24
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  coreutils: Fix :cve_nist:`2024-0684`
+-  cpio: Ignore :cve_nist:`2023-7216`
+-  diffoscope: Fix :cve_nist:`2024-25711`
+-  ffmpeg: fix :cve_mitre:`2023-47342`, :cve_nist:`2023-50007`, :cve_nist:`2023-50008`,
+   :cve_nist:`2023-51793`, :cve_nist:`2023-51794`, :cve_nist:`2023-51796`, :cve_nist:`2023-51798`,
+   :cve_nist:`2024-7055`, :cve_nist:`2024-31578`, :cve_nist:`2024-31582`, :cve_nist:`2024-32230`,
+   :cve_nist:`2024-35366`, :cve_nist:`2024-35367` and :cve_nist:`2024-35368`
+-  ghostscript: Fix :cve_nist:`2024-46951`, :cve_nist:`2024-46952`, :cve_nist:`2024-46953`,
+   :cve_nist:`2024-46955` and :cve_nist:`2024-46956`
+-  ghostscript: Ignore :cve_nist:`2024-46954`
+-  glib-2.0: Fix :cve_nist:`2024-52533`
+-  gnupg: Ignore :cve_nist:`2022-3515`
+-  grub: Ignore :cve_nist:`2024-1048` and :cve_nist:`2023-4001`
+-  gstreame1.0: Ignore :cve_nist:`2023-40474`, :cve_nist:`2023-40475`, :cve_nist:`2023-40476`,
+   :cve_nist:`2023-44429`, :cve_nist:`2023-44446`, :cve_nist:`2023-50186` and :cve_nist:`2024-0444`
+-  gstreamer1.0-plugins-base: Fix :cve_nist:`2024-47538`, :cve_nist:`2024-47541`,
+   :cve_nist:`2024-47542`, :cve_nist:`2024-47600`, :cve_nist:`2024-47607`, :cve_nist:`2024-47615`
+   and :cve_nist:`2024-47835`
+-  gstreamer1.0-plugins-good: Fix :cve_nist:`2024-47537`, :cve_nist:`2024-47539`,
+   :cve_nist:`2024-47540`, :cve_nist:`2024-47543`, :cve_nist:`2024-47544`, :cve_nist:`2024-47545`,
+   :cve_nist:`2024-47546`, :cve_nist:`2024-47596`, :cve_nist:`2024-47597`, :cve_nist:`2024-47598`,
+   :cve_nist:`2024-47599`, :cve_nist:`2024-47601`, :cve_nist:`2024-47602`, :cve_nist:`2024-47603`,
+   :cve_nist:`2024-47606`, :cve_nist:`2024-47613`, :cve_nist:`2024-47774`, :cve_nist:`2024-47775`,
+   :cve_nist:`2024-47776`, :cve_nist:`2024-47777`, :cve_nist:`2024-47778` and :cve_nist:`2024-47834`
+-  gstreamer1.0: Fix :cve_nist:`2024-47606`
+-  libarchive: Fix :cve_nist:`2024-20696`
+-  libpam: Fix :cve_nist:`2024-10041`
+-  libsdl2: Ignore :cve_nist:`2020-14409` and :cve_nist:`2020-14410`
+-  libsndfile1: Fix :cve_nist:`2022-33065` and :cve_nist:`2024-50612`
+-  libsoup-2.4: Fix :cve_nist:`2024-52530`, :cve_nist:`2024-52531` and :cve_nist:`2024-52532`
+-  libsoup: Fix :cve_nist:`2024-52530`, :cve_nist:`2024-52531` and :cve_nist:`2024-52532`
+-  linux-yocto/5.10: Fix :cve_nist:`2023-52889`, :cve_nist:`2023-52917`, :cve_nist:`2023-52918`,
+   :cve_nist:`2024-41011`, :cve_nist:`2024-42259`, :cve_nist:`2024-42271`, :cve_nist:`2024-42272`,
+   :cve_nist:`2024-42280`, :cve_nist:`2024-42283`, :cve_nist:`2024-42284`, :cve_nist:`2024-42285`,
+   :cve_nist:`2024-42286`, :cve_nist:`2024-42287`, :cve_nist:`2024-42288`, :cve_nist:`2024-42289`,
+   :cve_nist:`2024-42301`, :cve_nist:`2024-42302`, :cve_nist:`2024-42309`, :cve_nist:`2024-42310`,
+   :cve_nist:`2024-42311`, :cve_nist:`2024-42313`, :cve_nist:`2024-43828`, :cve_nist:`2024-43856`,
+   :cve_nist:`2024-43858`, :cve_nist:`2024-43860`, :cve_nist:`2024-43861`, :cve_nist:`2024-43871`,
+   :cve_nist:`2024-43882`, :cve_nist:`2024-43889`, :cve_nist:`2024-43890`, :cve_nist:`2024-43893`,
+   :cve_nist:`2024-43894`, :cve_nist:`2024-43907`, :cve_nist:`2024-43908`, :cve_nist:`2024-43914`,
+   :cve_nist:`2024-44935`, :cve_nist:`2024-44944`, :cve_nist:`2024-44947`, :cve_nist:`2024-44954`,
+   :cve_nist:`2024-44960`, :cve_nist:`2024-44965`, :cve_nist:`2024-44969`, :cve_nist:`2024-44971`,
+   :cve_nist:`2024-44987`, :cve_nist:`2024-44988`, :cve_nist:`2024-44989`, :cve_nist:`2024-44990`,
+   :cve_nist:`2024-44995`, :cve_nist:`2024-44998`, :cve_nist:`2024-44999`, :cve_nist:`2024-45003`,
+   :cve_nist:`2024-45006`, :cve_nist:`2024-45016`, :cve_nist:`2024-45018`, :cve_nist:`2024-45021`,
+   :cve_nist:`2024-45025`, :cve_nist:`2024-45026`, :cve_nist:`2024-45028`, :cve_nist:`2024-46673`,
+   :cve_nist:`2024-46674`, :cve_nist:`2024-46675`, :cve_nist:`2024-46676`, :cve_nist:`2024-46677`,
+   :cve_nist:`2024-46679`, :cve_nist:`2024-46685`, :cve_nist:`2024-46689`, :cve_nist:`2024-46702`,
+   :cve_nist:`2024-46707`, :cve_nist:`2024-46714`, :cve_nist:`2024-46719`, :cve_nist:`2024-46721`,
+   :cve_nist:`2024-46722`, :cve_nist:`2024-46723`, :cve_nist:`2024-46724`, :cve_nist:`2024-46725`,
+   :cve_nist:`2024-46731`, :cve_nist:`2024-46737`, :cve_nist:`2024-46738`, :cve_nist:`2024-46739`,
+   :cve_nist:`2024-46740`, :cve_nist:`2024-46743`, :cve_nist:`2024-46744`, :cve_nist:`2024-46747`,
+   :cve_nist:`2024-46750`, :cve_nist:`2024-46755`, :cve_nist:`2024-46759`, :cve_nist:`2024-46761`,
+   :cve_nist:`2024-46763`, :cve_nist:`2024-46771`, :cve_nist:`2024-46777`, :cve_nist:`2024-46780`,
+   :cve_nist:`2024-46781`, :cve_nist:`2024-46782`, :cve_nist:`2024-46783`, :cve_nist:`2024-46791`,
+   :cve_nist:`2024-46798`, :cve_nist:`2024-46800`, :cve_nist:`2024-46804`, :cve_nist:`2024-46814`,
+   :cve_nist:`2024-46815`, :cve_nist:`2024-46817`, :cve_nist:`2024-46818`, :cve_nist:`2024-46819`,
+   :cve_nist:`2024-46822`, :cve_nist:`2024-46828`, :cve_nist:`2024-46829`, :cve_nist:`2024-46832`,
+   :cve_nist:`2024-46840`, :cve_nist:`2024-46844`, :cve_nist:`2024-47659`, :cve_nist:`2024-47660`,
+   :cve_nist:`2024-47663`, :cve_nist:`2024-47667`, :cve_nist:`2024-47668`, :cve_nist:`2024-47669`,
+   :cve_nist:`2024-47679`, :cve_nist:`2024-47684`, :cve_nist:`2024-47685`, :cve_nist:`2024-47692`,
+   :cve_nist:`2024-47697`, :cve_nist:`2024-47698`, :cve_nist:`2024-47699`, :cve_nist:`2024-47701`,
+   :cve_nist:`2024-47705`, :cve_nist:`2024-47706`, :cve_nist:`2024-47710`, :cve_nist:`2024-47712`,
+   :cve_nist:`2024-47713`, :cve_nist:`2024-47718`, :cve_nist:`2024-47723`, :cve_nist:`2024-47735`,
+   :cve_nist:`2024-47737`, :cve_nist:`2024-47739`, :cve_nist:`2024-47742`, :cve_nist:`2024-47747`,
+   :cve_nist:`2024-47748`, :cve_nist:`2024-47749`, :cve_nist:`2024-47757`, :cve_nist:`2024-49851`,
+   :cve_nist:`2024-49858`, :cve_nist:`2024-49860`, :cve_nist:`2024-49863`, :cve_nist:`2024-49867`,
+   :cve_nist:`2024-49868`, :cve_nist:`2024-49875`, :cve_nist:`2024-49877`, :cve_nist:`2024-49878`,
+   :cve_nist:`2024-49879`, :cve_nist:`2024-49881`, :cve_nist:`2024-49882`, :cve_nist:`2024-49883`,
+   :cve_nist:`2024-49884`, :cve_nist:`2024-49889`, :cve_nist:`2024-49890`, :cve_nist:`2024-49892`,
+   :cve_nist:`2024-49894`, :cve_nist:`2024-49895`, :cve_nist:`2024-49896`, :cve_nist:`2024-49900`,
+   :cve_nist:`2024-49902`, :cve_nist:`2024-49903`, :cve_nist:`2024-49907`, :cve_nist:`2024-49913`,
+   :cve_nist:`2024-49924`, :cve_nist:`2024-49930`, :cve_nist:`2024-49933`, :cve_nist:`2024-49936`,
+   :cve_nist:`2024-49938`, :cve_nist:`2024-49944`, :cve_nist:`2024-49948`, :cve_nist:`2024-49949`,
+   :cve_nist:`2024-49952`, :cve_nist:`2024-49955`, :cve_nist:`2024-49957`, :cve_nist:`2024-49958`,
+   :cve_nist:`2024-49959`, :cve_nist:`2024-49962`, :cve_nist:`2024-49963`, :cve_nist:`2024-49965`,
+   :cve_nist:`2024-49966`, :cve_nist:`2024-49969`, :cve_nist:`2024-49973`, :cve_nist:`2024-49975`,
+   :cve_nist:`2024-49977`, :cve_nist:`2024-49981`, :cve_nist:`2024-49982`, :cve_nist:`2024-49983`,
+   :cve_nist:`2024-49985`, :cve_nist:`2024-49995`, :cve_nist:`2024-49997`, :cve_nist:`2024-50001`,
+   :cve_nist:`2024-50006`, :cve_nist:`2024-50007`, :cve_nist:`2024-50008`, :cve_nist:`2024-50013`,
+   :cve_nist:`2024-50015`, :cve_nist:`2024-50024`, :cve_nist:`2024-50033`, :cve_nist:`2024-50035`,
+   :cve_nist:`2024-50039`, :cve_nist:`2024-50040`, :cve_nist:`2024-50044`, :cve_nist:`2024-50045`,
+   :cve_nist:`2024-50046`, :cve_nist:`2024-50049`, :cve_nist:`2024-50059`, :cve_nist:`2024-50095`,
+   :cve_nist:`2024-50096`, :cve_nist:`2024-50179`, :cve_nist:`2024-50180`, :cve_nist:`2024-50181`,
+   :cve_nist:`2024-50184` and :cve_nist:`2024-50188`
+-  linux-yocto/5.15: Fix :cve_nist:`2022-48695`, :cve_nist:`2023-52530`, :cve_nist:`2023-52917`,
+   :cve_nist:`2024-45009`, :cve_nist:`2024-46714`, :cve_nist:`2024-46719`, :cve_nist:`2024-46721`,
+   :cve_nist:`2024-46722`, :cve_nist:`2024-46723`, :cve_nist:`2024-46724`, :cve_nist:`2024-46725`,
+   :cve_nist:`2024-46731`, :cve_nist:`2024-46732`, :cve_nist:`2024-46737`, :cve_nist:`2024-46738`,
+   :cve_nist:`2024-46739`, :cve_nist:`2024-46740`, :cve_nist:`2024-46743`, :cve_nist:`2024-46744`,
+   :cve_nist:`2024-46746`, :cve_nist:`2024-46747`, :cve_nist:`2024-46750`, :cve_nist:`2024-46755`,
+   :cve_nist:`2024-46759`, :cve_nist:`2024-46761`, :cve_nist:`2024-46763`, :cve_nist:`2024-46771`,
+   :cve_nist:`2024-46777`, :cve_nist:`2024-46780`, :cve_nist:`2024-46781`, :cve_nist:`2024-46782`,
+   :cve_nist:`2024-46783`, :cve_nist:`2024-46791`, :cve_nist:`2024-46795`, :cve_nist:`2024-46798`,
+   :cve_nist:`2024-46800`, :cve_nist:`2024-46804`, :cve_nist:`2024-46805`, :cve_nist:`2024-46807`,
+   :cve_nist:`2024-46810`, :cve_nist:`2024-46814`, :cve_nist:`2024-46815`, :cve_nist:`2024-46817`,
+   :cve_nist:`2024-46818`, :cve_nist:`2024-46819`, :cve_nist:`2024-46822`, :cve_nist:`2024-46828`,
+   :cve_nist:`2024-46829`, :cve_nist:`2024-46832`, :cve_nist:`2024-46840`, :cve_nist:`2024-46844`,
+   :cve_nist:`2024-47659`, :cve_nist:`2024-47660`, :cve_nist:`2024-47663`, :cve_nist:`2024-47665`,
+   :cve_nist:`2024-47667`, :cve_nist:`2024-47668`, :cve_nist:`2024-47669`, :cve_nist:`2024-47674`,
+   :cve_nist:`2024-47679`, :cve_nist:`2024-47684`, :cve_nist:`2024-47685`, :cve_nist:`2024-47690`,
+   :cve_nist:`2024-47692`, :cve_nist:`2024-47693`, :cve_nist:`2024-47695`, :cve_nist:`2024-47696`,
+   :cve_nist:`2024-47697`, :cve_nist:`2024-47698`, :cve_nist:`2024-47699`, :cve_nist:`2024-47701`,
+   :cve_nist:`2024-47705`, :cve_nist:`2024-47706`, :cve_nist:`2024-47710`, :cve_nist:`2024-47712`,
+   :cve_nist:`2024-47713`, :cve_nist:`2024-47718`, :cve_nist:`2024-47720`, :cve_nist:`2024-47723`,
+   :cve_nist:`2024-47734`, :cve_nist:`2024-47735`, :cve_nist:`2024-47737`, :cve_nist:`2024-47739`,
+   :cve_nist:`2024-47742`, :cve_nist:`2024-47747`, :cve_nist:`2024-47748`, :cve_nist:`2024-47749`,
+   :cve_nist:`2024-47757`, :cve_nist:`2024-49851`, :cve_nist:`2024-49852`, :cve_nist:`2024-49854`,
+   :cve_nist:`2024-49856`, :cve_nist:`2024-49858`, :cve_nist:`2024-49860`, :cve_nist:`2024-49863`,
+   :cve_nist:`2024-49866`, :cve_nist:`2024-49867`, :cve_nist:`2024-49868`, :cve_nist:`2024-49871`,
+   :cve_nist:`2024-49875`, :cve_nist:`2024-49877`, :cve_nist:`2024-49878`, :cve_nist:`2024-49879`,
+   :cve_nist:`2024-49881`, :cve_nist:`2024-49882`, :cve_nist:`2024-49883`, :cve_nist:`2024-49884`,
+   :cve_nist:`2024-49886`, :cve_nist:`2024-49889`, :cve_nist:`2024-49890`, :cve_nist:`2024-49892`,
+   :cve_nist:`2024-49894`, :cve_nist:`2024-49895`, :cve_nist:`2024-49896`, :cve_nist:`2024-49900`,
+   :cve_nist:`2024-49902`, :cve_nist:`2024-49903`, :cve_nist:`2024-49907`, :cve_nist:`2024-49913`,
+   :cve_nist:`2024-49924`, :cve_nist:`2024-49927`, :cve_nist:`2024-49930`, :cve_nist:`2024-49933`,
+   :cve_nist:`2024-49935`, :cve_nist:`2024-49936`, :cve_nist:`2024-49938`, :cve_nist:`2024-49944`,
+   :cve_nist:`2024-49946`, :cve_nist:`2024-49948`, :cve_nist:`2024-49949`, :cve_nist:`2024-49952`,
+   :cve_nist:`2024-49954`, :cve_nist:`2024-49955`, :cve_nist:`2024-49957`, :cve_nist:`2024-49958`,
+   :cve_nist:`2024-49959`, :cve_nist:`2024-49962`, :cve_nist:`2024-49963`, :cve_nist:`2024-49965`,
+   :cve_nist:`2024-49966`, :cve_nist:`2024-49969`, :cve_nist:`2024-49973`, :cve_nist:`2024-49975`,
+   :cve_nist:`2024-49977`, :cve_nist:`2024-49981`, :cve_nist:`2024-49982`, :cve_nist:`2024-49983`,
+   :cve_nist:`2024-49985`, :cve_nist:`2024-49995`, :cve_nist:`2024-49997`, :cve_nist:`2024-50000`,
+   :cve_nist:`2024-50001`, :cve_nist:`2024-50002`, :cve_nist:`2024-50003`, :cve_nist:`2024-50006`,
+   :cve_nist:`2024-50007`, :cve_nist:`2024-50008`, :cve_nist:`2024-50013`, :cve_nist:`2024-50015`,
+   :cve_nist:`2024-50019`, :cve_nist:`2024-50024`, :cve_nist:`2024-50031`, :cve_nist:`2024-50033`,
+   :cve_nist:`2024-50035`, :cve_nist:`2024-50038`, :cve_nist:`2024-50039`, :cve_nist:`2024-50040`,
+   :cve_nist:`2024-50041`, :cve_nist:`2024-50044`, :cve_nist:`2024-50045`, :cve_nist:`2024-50046`,
+   :cve_nist:`2024-50049`, :cve_nist:`2024-50059`, :cve_nist:`2024-50062`, :cve_nist:`2024-50074`,
+   :cve_nist:`2024-50082`, :cve_nist:`2024-50083`, :cve_nist:`2024-50093`, :cve_nist:`2024-50095`,
+   :cve_nist:`2024-50096`, :cve_nist:`2024-50099`, :cve_nist:`2024-50101`, :cve_nist:`2024-50103`,
+   :cve_nist:`2024-50110`, :cve_nist:`2024-50115`, :cve_nist:`2024-50116`, :cve_nist:`2024-50117`,
+   :cve_nist:`2024-50127`, :cve_nist:`2024-50128`, :cve_nist:`2024-50131`, :cve_nist:`2024-50134`,
+   :cve_nist:`2024-50141`, :cve_nist:`2024-50142`, :cve_nist:`2024-50143`, :cve_nist:`2024-50148`,
+   :cve_nist:`2024-50150`, :cve_nist:`2024-50151`, :cve_nist:`2024-50153`, :cve_nist:`2024-50154`,
+   :cve_nist:`2024-50156`, :cve_nist:`2024-50160`, :cve_nist:`2024-50162`, :cve_nist:`2024-50163`,
+   :cve_nist:`2024-50167`, :cve_nist:`2024-50168`, :cve_nist:`2024-50171`, :cve_nist:`2024-50179`,
+   :cve_nist:`2024-50180`, :cve_nist:`2024-50181`, :cve_nist:`2024-50182`, :cve_nist:`2024-50184`,
+   :cve_nist:`2024-50185`, :cve_nist:`2024-50186`, :cve_nist:`2024-50188`, :cve_nist:`2024-50189`,
+   :cve_nist:`2024-50191`, :cve_nist:`2024-50192`, :cve_nist:`2024-50193`, :cve_nist:`2024-50194`,
+   :cve_nist:`2024-50195`, :cve_nist:`2024-50196`, :cve_nist:`2024-50198`, :cve_nist:`2024-50201`,
+   :cve_nist:`2024-50202`, :cve_nist:`2024-50205`, :cve_nist:`2024-50208`, :cve_nist:`2024-50209`,
+   :cve_nist:`2024-50229`, :cve_nist:`2024-50230`, :cve_nist:`2024-50232`, :cve_nist:`2024-50233`,
+   :cve_nist:`2024-50234`, :cve_nist:`2024-50236`, :cve_nist:`2024-50237`, :cve_nist:`2024-50244`,
+   :cve_nist:`2024-50245`, :cve_nist:`2024-50247`, :cve_nist:`2024-50251`, :cve_nist:`2024-50257`,
+   :cve_nist:`2024-50259`, :cve_nist:`2024-50262`, :cve_nist:`2024-50264`, :cve_nist:`2024-50265`,
+   :cve_nist:`2024-50267`, :cve_nist:`2024-50268`, :cve_nist:`2024-50269`, :cve_nist:`2024-50273`,
+   :cve_nist:`2024-50278`, :cve_nist:`2024-50279`, :cve_nist:`2024-50282`, :cve_nist:`2024-50287`,
+   :cve_nist:`2024-50292`, :cve_nist:`2024-50296`, :cve_nist:`2024-50299`, :cve_nist:`2024-50301`,
+   :cve_nist:`2024-50302`, :cve_nist:`2024-53052`, :cve_nist:`2024-53055`, :cve_nist:`2024-53057`,
+   :cve_nist:`2024-53058`, :cve_nist:`2024-53059`, :cve_nist:`2024-53060`, :cve_nist:`2024-53061`,
+   :cve_nist:`2024-53063`, :cve_nist:`2024-53066`, :cve_nist:`2024-53088`, :cve_nist:`2024-53096`,
+   :cve_nist:`2024-53101`, :cve_nist:`2024-53103`, :cve_nist:`2024-53145`, :cve_nist:`2024-53146`,
+   :cve_nist:`2024-53150`, :cve_nist:`2024-53151`, :cve_nist:`2024-53155`, :cve_nist:`2024-53156`,
+   :cve_nist:`2024-53157`, :cve_nist:`2024-53165`, :cve_nist:`2024-53171`, :cve_nist:`2024-53173`,
+   :cve_nist:`2024-53226`, :cve_nist:`2024-53227`, :cve_nist:`2024-53237`, :cve_nist:`2024-56567`,
+   :cve_nist:`2024-56572`, :cve_nist:`2024-56574`, :cve_nist:`2024-56578`, :cve_nist:`2024-56581`,
+   :cve_nist:`2024-56593`, :cve_nist:`2024-56600`, :cve_nist:`2024-56601`, :cve_nist:`2024-56602`,
+   :cve_nist:`2024-56603`, :cve_nist:`2024-56605`, :cve_nist:`2024-56606`, :cve_nist:`2024-56614`,
+   :cve_nist:`2024-56622`, :cve_nist:`2024-56623`, :cve_nist:`2024-56629`, :cve_nist:`2024-56634`,
+   :cve_nist:`2024-56640`, :cve_nist:`2024-56642`, :cve_nist:`2024-56643`, :cve_nist:`2024-56648`,
+   :cve_nist:`2024-56650`, :cve_nist:`2024-56659`, :cve_nist:`2024-56662`, :cve_nist:`2024-56670`,
+   :cve_nist:`2024-56688`, :cve_nist:`2024-56694`, :cve_nist:`2024-56704`, :cve_nist:`2024-56708`,
+   :cve_nist:`2024-56720`, :cve_nist:`2024-56723`, :cve_nist:`2024-56724`, :cve_nist:`2024-56726`,
+   :cve_nist:`2024-56728`, :cve_nist:`2024-56739`, :cve_nist:`2024-56741`, :cve_nist:`2024-56745`,
+   :cve_nist:`2024-56746`, :cve_nist:`2024-56747`, :cve_nist:`2024-56748`, :cve_nist:`2024-56754`,
+   :cve_nist:`2024-56756`, :cve_nist:`2024-56770`, :cve_nist:`2024-56774`, :cve_nist:`2024-56776`,
+   :cve_nist:`2024-56777`, :cve_nist:`2024-56778`, :cve_nist:`2024-56779`, :cve_nist:`2024-56780`,
+   :cve_nist:`2024-56781`, :cve_nist:`2024-56785` and :cve_nist:`2024-56787`
+-  ovmf: Fix :cve_nist:`2022-36763`, :cve_nist:`2022-36764`, :cve_nist:`2022-36765`,
+   :cve_nist:`2023-45229`, :cve_nist:`2023-45230`, :cve_nist:`2023-45231`, :cve_nist:`2023-45232`,
+   :cve_nist:`2023-45233`, :cve_nist:`2023-45234`, :cve_nist:`2023-45235`, :cve_nist:`2023-45236`,
+   :cve_nist:`2023-45237`, :cve_nist:`2024-1298` and :cve_nist:`2024-38796`
+-  pixman: Ignore :cve_nist:`2023-37769`
+-  python3: Fix :cve_nist:`2024-9287`, :cve_nist:`2024-11168` and :cve_nist:`2024-50602`
+-  python3-pip: Fix :cve_nist:`2023-5752`
+-  python3-requests: Fix :cve_nist:`2024-35195`
+-  python3-zipp: Fix :cve_nist:`2024-5569`
+-  qemu: Fix :cve_nist:`2024-3446`, :cve_nist:`2024-3447` and :cve_nist:`2024-6505`
+-  qemu: Ignore :cve_nist:`2022-36648`
+-  subversion: Fix :cve_nist:`2024-46901`
+-  tiff: Fix :cve_nist:`2023-3164`
+-  tiff: Ignore :cve_nist:`2023-2731`
+-  webkitgtk: Fix :cve_nist:`2024-40776` and :cve_nist:`2024-40780`
+-  xserver-xorg: Fix :cve_nist:`2024-9632`
+-  xwayland: Fix :cve_nist:`2023-5380` and :cve_nist:`2024-0229`
+
+
+Fixes in Yocto-4.0.24
+~~~~~~~~~~~~~~~~~~~~~
+
+-  base-passwd: Add the sgx group
+-  base-passwd: Regenerate the patches
+-  base-passwd: Update the status for two patches
+-  base-passwd: Update to 3.5.52
+-  base-passwd: add the wheel group
+-  base-passwd: fix patchreview warning
+-  bitbake: fetch2: use persist_data context managers
+-  bitbake: fetch/wget: Increase timeout to 100s from 30s
+-  bitbake: persist_data: close connection in SQLTable __exit__
+-  build-appliance-image: Update to kirkstone head revision
+-  builder: set :term:`CVE_PRODUCT`
+-  contributor-guide: submit-changes.rst: suggest to remove the git signature
+-  cve-update-nvd2-native: Tweak to work better with NFS :term:`DL_DIR`
+-  dbus: disable assertions and enable only modular tests
+-  do_package/sstate/sstatesig: Change timestamp clamping to hash output only
+-  docs: Gather dependencies in poky.yaml.in
+-  docs: standards.md: add a section on admonitions
+-  gstreamer1.0: improve test reliability
+-  linux-yocto/5.10: update to v5.10.227
+-  linux-yocto/5.15: update to v5.15.175
+-  llvm: reduce size of -dbg package
+-  lttng-modules: fix build error after kernel update to 5.15.171
+-  migration-guides: add release notes for 4.0.23
+-  ninja: fix build with python 3.13
+-  oeqa/utils/gitarchive: Return tag name and improve exclude handling
+-  ovmf-native: remove .pyc files from install
+-  package.bbclass: Use shlex instead of deprecated pipes
+-  package_rpm: restrict rpm to 4 threads
+-  package_rpm: use zstd's default compression level
+-  poky.conf: add new tested distros
+-  poky.conf: bump version for 4.0.24
+-  poky.yaml.in: add missing locales dependency
+-  python3: upgrade to 3.10.16
+-  ref-manual: SSTATE_MIRRORS/SOURCE_MIRROR_URL: add instructions for mirror authentication
+-  ref-manual: classes: fix bin_package description
+-  ref-manual: devtool-reference: add warning note on deploy-target and shared objects
+-  ref-manual: move runtime-testing section to the test-manual
+-  ref-manual: packages: move ptest section to the test-manual
+-  ref-manual: system-requirements: update list of supported distros
+-  ref-manual: use standardized method accross both ubuntu and debian for locale install
+-  resulttool: Add --logfile-archive option to store mode
+-  resulttool: Allow store to filter to specific revisions
+-  resulttool: Clean up repoducible build logs
+-  resulttool: Fix passthrough of --all files in store mode
+-  resulttool: Handle ltp rawlogs as well as ptest
+-  resulttool: Improve repo layout for oeselftest results
+-  resulttool: Trim the precision of duration information
+-  resulttool: Use single space indentation in json output
+-  rootfs-postcommands.bbclass: make opkg status reproducible
+-  rxvt-unicode.inc: disable the terminfo installation by setting TIC to :
+-  sanity: check for working user namespaces
+-  scripts/install-buildtools: Update to 4.0.22
+-  selftest/reproducible: Clean up pathnames
+-  selftest/reproducible: Drop rawlogs
+-  test-manual: reproducible-builds.rst: document :term:`OEQA_REPRODUCIBLE_TEST_TARGET` and
+   :term:`OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS`
+-  test-manual: reproducible-builds.rst: show how to build a single package
+-  toolchain-shar-extract.sh: exit when post-relocate-setup.sh fails
+-  tzdata & tzcode-native: upgrade 2024b
+-  udev-extraconf: fix network.sh script did not configure hotplugged interfaces
+-  unzip: Fix configure tests to use modern C
+-  webkitgtk: Fix build on 32bit arm
+-  webkitgtk: fix perl-native dependency
+-  webkitgtk: reduce size of -dbg package
+-  wireless-regdb: upgrade to 2024.10.07
+
+
+Known Issues in Yocto-4.0.24
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+Contributors to Yocto-4.0.24
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Aleksandar Nikolic
+-  Alex Kiernan
+-  Alexander Kanavin
+-  Alexandre Belloni
+-  Antonin Godard
+-  Archana Polampalli
+-  Bruce Ashfield
+-  Changqing Li
+-  Chen Qi
+-  Chris Laplante
+-  Divya Chellam
+-  Ernst Persson
+-  Guénaël Muller
+-  Hitendra Prajapati
+-  Hongxu Jia
+-  Jiaying Song
+-  Jinfeng Wang
+-  Khem Raj
+-  Lee Chee Yang
+-  Liyin Zhang
+-  Louis Rannou
+-  Markus Volk
+-  Mikko Rapeli
+-  Ovidiu Panait
+-  Peter Kjellerstedt
+-  Peter Marko
+-  Regis Dargent
+-  Richard Purdie
+-  Rohini Sangam
+-  Ross Burton
+-  Soumya Sambu
+-  Steve Sakoman
+-  Trevor Gamblin
+-  Vijay Anusuri
+-  Wang Mingyu
+-  Yogita Urade
+-  Zahir Hussain
+
+
+Repositories / Downloads for Yocto-4.0.24
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.24 </poky/log/?h=yocto-4.0.24>`
+-  Git Revision: :yocto_git:`f50532593651dff82bc952288d786c55038c2c86 </poky/commit/?id=f50532593651dff82bc952288d786c55038c2c86>`
+-  Release Artefact: poky-f50532593651dff82bc952288d786c55038c2c86
+-  sha: 0aa062d19510394748db9a2d6ded2d764f435383296d9c94fb6b25755280556e
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.24/poky-f50532593651dff82bc952288d786c55038c2c86.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.24/poky-f50532593651dff82bc952288d786c55038c2c86.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.24 </openembedded-core/log/?h=yocto-4.0.24>`
+-  Git Revision: :oe_git:`a270d4c957259761bcc7382fcc54642a02f9fc7d </openembedded-core/commit/?id=a270d4c957259761bcc7382fcc54642a02f9fc7d>`
+-  Release Artefact: oecore-a270d4c957259761bcc7382fcc54642a02f9fc7d
+-  sha: b08b9b16c8ffa587d521ad28e24e38c79d757a6f0839d18165ebac3081a34b68
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.24/oecore-a270d4c957259761bcc7382fcc54642a02f9fc7d.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.24/oecore-a270d4c957259761bcc7382fcc54642a02f9fc7d.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.24 </meta-mingw/log/?h=yocto-4.0.24>`
+-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
+-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
+-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.24/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.24/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.24 </meta-gplv2/log/?h=yocto-4.0.24>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.24/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.24/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.24 </bitbake/log/?h=yocto-4.0.24>`
+-  Git Revision: :oe_git:`3f88b005244a0afb5d5c7260e54a94a453ec9b3e </bitbake/commit/?id=3f88b005244a0afb5d5c7260e54a94a453ec9b3e>`
+-  Release Artefact: bitbake-3f88b005244a0afb5d5c7260e54a94a453ec9b3e
+-  sha: 31f442b72ec7d81ca75509b1a7179c3fe3942528b1e31c823b21a413244bd15b
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.24/bitbake-3f88b005244a0afb5d5c7260e54a94a453ec9b3e.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.24/bitbake-3f88b005244a0afb5d5c7260e54a94a453ec9b3e.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag: :yocto_git:`yocto-4.0.24 </yocto-docs/log/?h=yocto-4.0.24>`
+-  Git Revision: :yocto_git:`3128bf149f40928e6c2a3e264590a0c6c9778c6a </yocto-docs/commit/?id=3128bf149f40928e6c2a3e264590a0c6c9778c6a>`
+
diff --git a/documentation/migration-guides/release-notes-4.0.25.rst b/documentation/migration-guides/release-notes-4.0.25.rst
new file mode 100644
index 0000000000..e52f57913f
--- /dev/null
+++ b/documentation/migration-guides/release-notes-4.0.25.rst
@@ -0,0 +1,167 @@
+Release notes for Yocto-4.0.25 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.25
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  avahi: Fix :cve_nist:`2024-52616`
+-  binutils: Fix :cve_nist:`2024-53589`
+-  gdb: Fix :cve_nist:`2024-53589`
+-  go: Fix :cve_nist:`2024-34155`, :cve_nist:`2024-34156`, :cve_nist:`2024-34158` and
+   :cve_nist:`2024-45336`
+-  gstreamer1.0: Ignore :cve_nist:`2024-47537`, :cve_nist:`2024-47539`, :cve_nist:`2024-47540`,
+   :cve_nist:`2024-47543`, :cve_nist:`2024-47544`, :cve_nist:`2024-47545`, :cve_nist:`2024-47538`,
+   :cve_nist:`2024-47541`, :cve_nist:`2024-47542`, :cve_nist:`2024-47600`, :cve_nist:`2024-47607`,
+   :cve_nist:`2024-47615`, :cve_nist:`2024-47835`, :cve_nist:`2024-47546`, :cve_nist:`2024-47596`,
+   :cve_nist:`2024-47597`, :cve_nist:`2024-47598`, :cve_nist:`2024-47599`, :cve_nist:`2024-47601`,
+   :cve_nist:`2024-47777`, :cve_nist:`2024-47778`, :cve_nist:`2024-47834`, :cve_nist:`2024-47602`,
+   :cve_nist:`2024-47603`, :cve_nist:`2024-47613`, :cve_nist:`2024-47774`, :cve_nist:`2024-47775`
+   and :cve_nist:`2024-47776`
+-  linux-yocto/5.15: Fix :cve_nist:`2024-36476`, :cve_nist:`2024-55916`, :cve_nist:`2024-56369`,
+   :cve_nist:`2024-56626`, :cve_nist:`2024-56627`, :cve_nist:`2024-56715`, :cve_nist:`2024-56716`,
+   :cve_nist:`2024-57802`, :cve_nist:`2024-57807`, :cve_nist:`2024-57841`, :cve_nist:`2024-57890`,
+   :cve_nist:`2024-57896`, :cve_nist:`2024-57900`, :cve_nist:`2024-57910`, :cve_nist:`2024-57911`,
+   :cve_nist:`2024-57938`, :cve_nist:`2024-57951`, :cve_nist:`2025-21631`, :cve_nist:`2025-21665`,
+   :cve_nist:`2025-21666`, :cve_nist:`2025-21669`, :cve_nist:`2025-21680`, :cve_nist:`2025-21683`,
+   :cve_nist:`2025-21694`, :cve_nist:`2025-21697` and :cve_nist:`2025-21699`
+-  ofono: Fix :cve_nist:`2024-7539`, :cve_nist:`2024-7540`, :cve_nist:`2024-7541`,
+   :cve_nist:`2024-7542`, :cve_nist:`2024-7543`, :cve_nist:`2024-7544`, :cve_nist:`2024-7545`,
+   :cve_nist:`2024-7546` and :cve_nist:`2024-7547`
+-  openssl: Fix :cve_nist:`2024-13176`
+-  rsync: Fix :cve_nist:`2024-12084`, :cve_nist:`2024-12085`, :cve_nist:`2024-12086`,
+   :cve_nist:`2024-12087`, :cve_nist:`2024-12088` and :cve_nist:`2024-12747`
+-  ruby: Fix :cve_nist:`2024-49761`
+-  socat: Fix :cve_nist:`2024-54661`
+-  vte: Fix :cve_nist:`2024-37535`
+-  wget: Fix :cve_nist:`2024-10524`
+
+
+Fixes in Yocto-4.0.25
+~~~~~~~~~~~~~~~~~~~~~
+
+-  bitbake: tests/fetch: Fix git shallow test failure with git >= 2.48
+-  build-appliance-image: Update to kirkstone head revision
+-  classes-global/insane: Look up all runtime providers for file-rdeps
+-  classes/nativesdk: also override :term:`TUNE_PKGARCH`
+-  classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture
+-  cmake: apply parallel build settings to ptest tasks
+-  dev-manual/building: document the initramfs-framework recipe
+-  docs: Update autobuilder URLs to valkyrie
+-  documentation: Fix typo in standards.md
+-  glibc: Suppress GCC -Os warning on user2netname for sunrpc
+-  glibc: stable 2.35 branch updates
+-  lib/packagedata.py: Add API to iterate over rprovides
+-  linux-yocto/5.15: upgrade to v5.15.178
+-  migration-guides: add release notes for 4.0.24
+-  openssl: upgrade to 3.0.16
+-  poky.conf: bump version for 4.0.25
+-  python3: Treat UID/GID overflow as failure
+-  rsync: Delete pedantic errors re-ordering patch
+-  rsync: upgrade to 3.2.7
+-  rust-common.bbclass: soft assignment for RUSTLIB path
+-  scripts/install-buildtools: Update to 4.0.23
+-  test-manual/reproducible-builds: fix reproducible links
+
+
+Known Issues in Yocto-4.0.25
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.25
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Aleksandar Nikolic
+-  Alexander Kanavin
+-  Antonin Godard
+-  Archana Polampalli
+-  Bruce Ashfield
+-  Deepesh Varatharajan
+-  Divya Chellam
+-  Joshua Watt
+-  Khem Raj
+-  Lee Chee Yang
+-  Nikhil R
+-  Pedro Ferreira
+-  Peter Marko
+-  Praveen Kumar
+-  Richard Purdie
+-  Ross Burton
+-  Simon A. Eugster
+-  Steve Sakoman
+-  Yash Shinde
+-  Yogita Urade
+-  Zhang Peng
+
+
+Repositories / Downloads for Yocto-4.0.25
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.25 </poky/log/?h=yocto-4.0.25>`
+-  Git Revision: :yocto_git:`b5aa03f336c121269551f9e7baed4c677c76bb39 </poky/commit/?id=b5aa03f336c121269551f9e7baed4c677c76bb39>`
+-  Release Artefact: poky-b5aa03f336c121269551f9e7baed4c677c76bb39
+-  sha: 7afbcb25f0dd89a4fb6dd4c5945061705ef9ce79a6863806278603273c2b3b4a
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.25/poky-b5aa03f336c121269551f9e7baed4c677c76bb39.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.25/poky-b5aa03f336c121269551f9e7baed4c677c76bb39.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.25 </openembedded-core/log/?h=yocto-4.0.25>`
+-  Git Revision: :oe_git:`5a794fd244f7fdeb426bd5e3def6b4effc0e8c62 </openembedded-core/commit/?id=5a794fd244f7fdeb426bd5e3def6b4effc0e8c62>`
+-  Release Artefact: oecore-5a794fd244f7fdeb426bd5e3def6b4effc0e8c62
+-  sha: 8fc93109693e5f4702b3fe0633b6be833605291b3d595dc8bdeb6379f40cd2de
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.25/oecore-5a794fd244f7fdeb426bd5e3def6b4effc0e8c62.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.25/oecore-5a794fd244f7fdeb426bd5e3def6b4effc0e8c62.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.25 </meta-mingw/log/?h=yocto-4.0.25>`
+-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
+-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
+-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.25/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.25/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.25 </meta-gplv2/log/?h=yocto-4.0.25>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.25/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.25/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.25 </bitbake/log/?h=yocto-4.0.25>`
+-  Git Revision: :oe_git:`e71f1ce53cf3b8320caa481ae62d1ce2900c4670 </bitbake/commit/?id=e71f1ce53cf3b8320caa481ae62d1ce2900c4670>`
+-  Release Artefact: bitbake-e71f1ce53cf3b8320caa481ae62d1ce2900c4670
+-  sha: 007eef35174586c85b233f4ec91578956fe21e0236f7ca2c3f90f9d034f94b5b
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.25/bitbake-e71f1ce53cf3b8320caa481ae62d1ce2900c4670.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.25/bitbake-e71f1ce53cf3b8320caa481ae62d1ce2900c4670.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag: :yocto_git:`yocto-4.0.25 </yocto-docs/log/?h=yocto-4.0.25>`
+-  Git Revision: :yocto_git:`c6dce0c77481dee7b0a0fcdc803f755ceccef234 </yocto-docs/commit/?id=c6dce0c77481dee7b0a0fcdc803f755ceccef234>`
+
diff --git a/documentation/migration-guides/release-notes-4.0.26.rst b/documentation/migration-guides/release-notes-4.0.26.rst
new file mode 100644
index 0000000000..42ff28c6a2
--- /dev/null
+++ b/documentation/migration-guides/release-notes-4.0.26.rst
@@ -0,0 +1,263 @@
+Release notes for Yocto-4.0.26 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.26
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+
+-  bind: Fix :cve_nist:`2024-11187` and :cve_nist:`2024-12705`
+-  binutils: Fix :cve_nist:`2025-0840`
+-  elfutils: Fix :cve_nist:`2025-1352` and :cve_nist:`2025-1372`
+-  ffmpeg: Fix CVE-2024-28661, :cve_nist:`2024-35369`, :cve_nist:`2024-36613`, :cve_nist:`2024-36616`,
+   :cve_nist:`2024-36617`, :cve_nist:`2024-36618`, :cve_nist:`2025-0518` and :cve_nist:`2025-25473`
+-  ffmpeg: Ignore :cve_nist:`2023-46407`, :cve_nist:`2023-47470`, :cve_nist:`2024-7272`,
+   :cve_nist:`2024-22860`, :cve_nist:`2024-22861` and :cve_nist:`2024-22862`
+-  freetype: Fix :cve_nist:`2025-27363`
+-  gnutls: Fix :cve_nist:`2024-12243`
+-  grub: Fix :cve_nist:`2024-45774`, :cve_nist:`2024-45775`, :cve_nist:`2024-45776`,
+   :cve_nist:`2024-45777`, :cve_nist:`2024-45778`, :cve_nist:`2024-45779`, :cve_nist:`2024-45780`,
+   :cve_nist:`2024-45781`, :cve_nist:`2024-45782`, :cve_nist:`2024-45783`, :cve_nist:`2024-56737`,
+   :cve_nist:`2025-0622`, :cve_nist:`2025-0624`, :cve_nist:`2025-0677`, :cve_nist:`2025-0684`,
+   :cve_nist:`2025-0685`, :cve_nist:`2025-0686`, :cve_nist:`2025-0689`, :cve_nist:`2025-0678`,
+   :cve_nist:`2025-0690`, :cve_nist:`2025-1118` and :cve_nist:`2025-1125`
+-  gstreamer1.0-rtsp-server: fix :cve_nist:`2024-44331`
+-  libarchive: Fix :cve_nist:`2025-25724`
+-  libarchive: Ignore :cve_nist:`2025-1632`
+-  libcap: Fix :cve_nist:`2025-1390`
+-  linux-yocto/5.10: Fix :cve_nist:`2024-36476`, :cve_nist:`2024-43098`, :cve_nist:`2024-47143`,
+   :cve_nist:`2024-48881`, :cve_nist:`2024-50051`, :cve_nist:`2024-50074`, :cve_nist:`2024-50082`,
+   :cve_nist:`2024-50083`, :cve_nist:`2024-50099`, :cve_nist:`2024-50115`, :cve_nist:`2024-50116`,
+   :cve_nist:`2024-50117`, :cve_nist:`2024-50142`, :cve_nist:`2024-50148`, :cve_nist:`2024-50150`,
+   :cve_nist:`2024-50151`, :cve_nist:`2024-50167`, :cve_nist:`2024-50168`, :cve_nist:`2024-50171`,
+   :cve_nist:`2024-50185`, :cve_nist:`2024-50192`, :cve_nist:`2024-50193`, :cve_nist:`2024-50194`,
+   :cve_nist:`2024-50195`, :cve_nist:`2024-50198`, :cve_nist:`2024-50201`, :cve_nist:`2024-50202`,
+   :cve_nist:`2024-50205`, :cve_nist:`2024-50208`, :cve_nist:`2024-50209`, :cve_nist:`2024-50229`,
+   :cve_nist:`2024-50230`, :cve_nist:`2024-50233`, :cve_nist:`2024-50234`, :cve_nist:`2024-50236`,
+   :cve_nist:`2024-50237`, :cve_nist:`2024-50251`, :cve_nist:`2024-50262`, :cve_nist:`2024-50264`,
+   :cve_nist:`2024-50265`, :cve_nist:`2024-50267`, :cve_nist:`2024-50268`, :cve_nist:`2024-50269`,
+   :cve_nist:`2024-50273`, :cve_nist:`2024-50278`, :cve_nist:`2024-50279`, :cve_nist:`2024-50282`,
+   :cve_nist:`2024-50287`, :cve_nist:`2024-50292`, :cve_nist:`2024-50296`, :cve_nist:`2024-50299`,
+   :cve_nist:`2024-50301`, :cve_nist:`2024-50302`, :cve_nist:`2024-53042`, :cve_nist:`2024-53052`,
+   :cve_nist:`2024-53057`, :cve_nist:`2024-53059`, :cve_nist:`2024-53060`, :cve_nist:`2024-53061`,
+   :cve_nist:`2024-53063`, :cve_nist:`2024-53066`, :cve_nist:`2024-53096`, :cve_nist:`2024-53097`,
+   :cve_nist:`2024-53101`, :cve_nist:`2024-53103`, :cve_nist:`2024-53104`, :cve_nist:`2024-53145`,
+   :cve_nist:`2024-53146`, :cve_nist:`2024-53150`, :cve_nist:`2024-53155`, :cve_nist:`2024-53156`,
+   :cve_nist:`2024-53157`, :cve_nist:`2024-53161`, :cve_nist:`2024-53165`, :cve_nist:`2024-53171`,
+   :cve_nist:`2024-53173`, :cve_nist:`2024-53174`, :cve_nist:`2024-53194`, :cve_nist:`2024-53197`,
+   :cve_nist:`2024-53217`, :cve_nist:`2024-53226`, :cve_nist:`2024-53227`, :cve_nist:`2024-53237`,
+   :cve_nist:`2024-53239`, :cve_nist:`2024-55916`, :cve_nist:`2024-56548`, :cve_nist:`2024-56558`,
+   :cve_nist:`2024-56567`, :cve_nist:`2024-56568`, :cve_nist:`2024-56569`, :cve_nist:`2024-56572`,
+   :cve_nist:`2024-56574`, :cve_nist:`2024-56581`, :cve_nist:`2024-56587`, :cve_nist:`2024-56593`,
+   :cve_nist:`2024-56595`, :cve_nist:`2024-56596`, :cve_nist:`2024-56598`, :cve_nist:`2024-56600`,
+   :cve_nist:`2024-56601`, :cve_nist:`2024-56602`, :cve_nist:`2024-56603`, :cve_nist:`2024-56605`,
+   :cve_nist:`2024-56606`, :cve_nist:`2024-56615`, :cve_nist:`2024-56619`, :cve_nist:`2024-56623`,
+   :cve_nist:`2024-56629`, :cve_nist:`2024-56634`, :cve_nist:`2024-56642`, :cve_nist:`2024-56643`,
+   :cve_nist:`2024-56648`, :cve_nist:`2024-56650`, :cve_nist:`2024-56659`, :cve_nist:`2024-56662`,
+   :cve_nist:`2024-56670`, :cve_nist:`2024-56688`, :cve_nist:`2024-56698`, :cve_nist:`2024-56704`,
+   :cve_nist:`2024-56716`, :cve_nist:`2024-56720`, :cve_nist:`2024-56723`, :cve_nist:`2024-56724`,
+   :cve_nist:`2024-56728`, :cve_nist:`2024-56739`, :cve_nist:`2024-56746`, :cve_nist:`2024-56747`,
+   :cve_nist:`2024-56748`, :cve_nist:`2024-56754`, :cve_nist:`2024-56756`, :cve_nist:`2024-56770`,
+   :cve_nist:`2024-56779`, :cve_nist:`2024-56780`, :cve_nist:`2024-56781`, :cve_nist:`2024-56785`,
+   :cve_nist:`2024-57802`, :cve_nist:`2024-57807`, :cve_nist:`2024-57850`, :cve_nist:`2024-57874`,
+   :cve_nist:`2024-57890`, :cve_nist:`2024-57896`, :cve_nist:`2024-57900`, :cve_nist:`2024-57901`,
+   :cve_nist:`2024-57902`, :cve_nist:`2024-57910`, :cve_nist:`2024-57911`, :cve_nist:`2024-57913`,
+   :cve_nist:`2024-57922`, :cve_nist:`2024-57938`, :cve_nist:`2024-57939`, :cve_nist:`2024-57946`,
+   :cve_nist:`2024-57951`, :cve_nist:`2025-21638`, :cve_nist:`2025-21687`, :cve_nist:`2025-21689`,
+   :cve_nist:`2025-21692`, :cve_nist:`2025-21694`, :cve_nist:`2025-21697` and :cve_nist:`2025-21699`
+-  linux-yocto/5.15: Fix :cve_nist:`2024-57979`, :cve_nist:`2024-58034`, :cve_nist:`2024-58052`,
+   :cve_nist:`2024-58055`, :cve_nist:`2024-58058`, :cve_nist:`2024-58063`, :cve_nist:`2024-58069`,
+   :cve_nist:`2024-58071`, :cve_nist:`2024-58076`, :cve_nist:`2024-58083`, :cve_nist:`2025-21700`,
+   :cve_nist:`2025-21703`, :cve_nist:`2025-21715`, :cve_nist:`2025-21722`, :cve_nist:`2025-21727`,
+   :cve_nist:`2025-21731`, :cve_nist:`2025-21753`, :cve_nist:`2025-21756`, :cve_nist:`2025-21760`,
+   :cve_nist:`2025-21761`, :cve_nist:`2025-21762`, :cve_nist:`2025-21763`, :cve_nist:`2025-21764`,
+   :cve_nist:`2025-21796`, :cve_nist:`2025-21811`, :cve_nist:`2025-21887`, :cve_nist:`2025-21898`,
+   :cve_nist:`2025-21904`, :cve_nist:`2025-21905`, :cve_nist:`2025-21912`, :cve_nist:`2025-21917`,
+   :cve_nist:`2025-21919`, :cve_nist:`2025-21920`, :cve_nist:`2025-21922`, :cve_nist:`2025-21934`,
+   :cve_nist:`2025-21943`, :cve_nist:`2025-21948` and :cve_nist:`2025-21951`
+-  libpcre2: Ignore :cve_nist:`2022-1586`
+-  libtasn1: Fix :cve_nist:`2024-12133`
+-  libxml2: Fix :cve_nist:`2022-49043`, :cve_nist:`2024-56171`, :cve_nist:`2025-24928` and
+   :cve_nist:`2025-27113`
+-  libxslt: Fix :cve_nist:`2024-55549` and :cve_nist:`2025-24855`
+-  llvm: Fix :cve_nist:`2024-0151`
+-  mpg123: Fix :cve_nist:`2024-10573`
+-  openssh: Fix :cve_nist:`2025-26465`
+-  ovmf: Revert Fix for CVE-2023-45236 :cve_nist:`2023-45237`
+-  perl: Ignore :cve_nist:`2023-47038`
+-  puzzles: Ignore :cve_nist:`2024-13769`, :cve_nist:`2024-13770` and :cve_nist:`2025-0837`
+-  python3: Fix :cve_nist:`2025-0938`
+-  ruby: Fix :cve_nist:`2024-41946`, :cve_nist:`2025-27219` and :cve_nist:`2025-27220`
+-  subversion: Ignore :cve_nist:`2024-45720`
+-  systemd: Fix :cve_nist:`2022-3821`, :cve_nist:`2022-4415`, :cve_nist:`2022-45873` and
+   :cve_nist:`2023-7008`
+-  tiff: mark :cve_nist:`2023-30774` as patched with existing patch
+-  u-boot: Fix :cve_nist:`2022-2347`, :cve_nist:`2022-30767`, :cve_nist:`2022-30790`,
+   :cve_nist:`2024-57254`, :cve_nist:`2024-57255`, :cve_nist:`2024-57256`, :cve_nist:`2024-57257`,
+   :cve_nist:`2024-57258` and :cve_nist:`2024-57259`
+-  vim: Fix :cve_nist:`2025-1215`, :cve_nist:`2025-22134`, :cve_nist:`2025-24014`,
+   :cve_nist:`2025-26603`, :cve_nist:`2025-27423` and :cve_nist:`2025-29768`
+-  xserver-xorg: Fix :cve_nist:`2022-49737`, :cve_nist:`2025-26594`, :cve_nist:`2025-26595`,
+   :cve_nist:`2025-26596`, :cve_nist:`2025-26597`, :cve_nist:`2025-26598`, :cve_nist:`2025-26599`,
+   :cve_nist:`2025-26600` and :cve_nist:`2025-26601`
+-  xwayland: Fix :cve_nist:`2022-49737`, :cve_nist:`2024-9632`, :cve_nist:`2024-21885`,
+   :cve_nist:`2024-21886`, :cve_nist:`2024-31080`, :cve_nist:`2024-31081`, :cve_nist:`2024-31083`,
+   :cve_nist:`2025-26594`, :cve_nist:`2025-26595`, :cve_nist:`2025-26596`, :cve_nist:`2025-26597`,
+   :cve_nist:`2025-26598`, :cve_nist:`2025-26599`, :cve_nist:`2025-26600` and :cve_nist:`2025-26601`
+-  zlib: Fix :cve_nist:`2014-9485`
+
+
+
+Fixes in Yocto-4.0.26
+~~~~~~~~~~~~~~~~~~~~~
+
+-  bind: Upgrade to 9.18.33
+-  bitbake: cache: bump cache version
+-  bitbake: siggen.py: Improve taskhash reproducibility
+-  boost: fix do_fetch error
+-  build-appliance-image: Update to kirkstone head revision
+-  contributor-guide/submit-changes: add policy on AI generated code
+-  cve-update-nvd2-native: handle missing vulnStatus
+-  docs: Add favicon for the documentation html
+-  docs: Remove all mention of core-image-lsb
+-  libtasn1: upgrade to 4.20.0
+-  libxcrypt-compat: Remove libcrypt.so to fix conflict with libcrypt
+-  libxml2: fix compilation of explicit child axis in pattern
+-  linux-yocto/5.10: update to v5.10.234
+-  linux-yocto/5.15: update to v5.15.179
+-  mesa: Fix missing GLES3 headers in SDK sysroot
+-  mesa: Update :term:`SRC_URI`
+-  meta: Enable '-o pipefail' for the SDK installer
+-  migration-guides: add release notes for 4.0.25
+-  poky.conf: add ubuntu2404 to :term:`SANITY_TESTED_DISTROS`
+-  poky.conf: bump version for 4.0.26
+-  procps: replaced one use of fputs(3) with a write(2) call
+-  ref-manual: don't refer to poky-lsb
+-  scripts/install-buildtools: Update to 4.0.24
+-  scritps/runqemu: Ensure we only have two serial ports
+-  systemd: upgrade to 250.14
+-  tzcode-native: Fix compiler setting from 2023d version
+-  tzcode: Update :term:`SRC_URI`
+-  tzdata/tzcode-native: upgrade 2025a
+-  vim: Upgrade to 9.1.1198
+-  virglrenderer: fix do_fetch error
+-  vulnerabilities/classes: remove references to cve-check text format
+-  xz: Update :term:`SRC_URI`
+-  yocto-uninative: Update to 4.7 for glibc 2.41
+
+
+Known Issues in Yocto-4.0.26
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.26
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Aleksandar Nikolic
+-  Alessio Cascone
+-  Antonin Godard
+-  Archana Polampalli
+-  Ashish Sharma
+-  Bruce Ashfield
+-  Carlos Dominguez
+-  Deepesh Varatharajan
+-  Divya Chellam
+-  Guocai He
+-  Hitendra Prajapati
+-  Hongxu Jia
+-  Jiaying Song
+-  Johannes Kauffmann
+-  Kai Kang
+-  Lee Chee Yang
+-  Libo Chen
+-  Marta Rybczynska
+-  Michael Halstead
+-  Mingli Yu
+-  Moritz Haase
+-  Narpat Mali
+-  Paulo Neves
+-  Peter Marko
+-  Priyal Doshi
+-  Richard Purdie
+-  Robert Yang
+-  Ross Burton
+-  Sakib Sajal
+-  Steve Sakoman
+-  Vijay Anusuri
+-  Yogita Urade
+-  Zhang Peng
+
+
+Repositories / Downloads for Yocto-4.0.26
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.26 </poky/log/?h=yocto-4.0.26>`
+-  Git Revision: :yocto_git:`d70d287a77d5026b698ac237ab865b2dafd36bb8 </poky/commit/?id=d70d287a77d5026b698ac237ab865b2dafd36bb8>`
+-  Release Artefact: poky-d70d287a77d5026b698ac237ab865b2dafd36bb8
+-  sha: 3ebfadb8bff4c1ca12b3cf3e4ef6e3ac2ce52b73570266daa98436c9959249f2
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.26/poky-d70d287a77d5026b698ac237ab865b2dafd36bb8.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.26/poky-d70d287a77d5026b698ac237ab865b2dafd36bb8.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.26 </openembedded-core/log/?h=yocto-4.0.26>`
+-  Git Revision: :oe_git:`1efbe1004bc82e7c14c1e8bd4ce644f5015c3346 </openembedded-core/commit/?id=1efbe1004bc82e7c14c1e8bd4ce644f5015c3346>`
+-  Release Artefact: oecore-1efbe1004bc82e7c14c1e8bd4ce644f5015c3346
+-  sha: d3805e034dabd0865dbf55488b2c16d4ea0351d37aa826f0054a6bfdde5a8be9
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.26/oecore-1efbe1004bc82e7c14c1e8bd4ce644f5015c3346.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.26/oecore-1efbe1004bc82e7c14c1e8bd4ce644f5015c3346.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.26 </meta-mingw/log/?h=yocto-4.0.26>`
+-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
+-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
+-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.26/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.26/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.26 </meta-gplv2/log/?h=yocto-4.0.26>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.26/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.26/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.26 </bitbake/log/?h=yocto-4.0.26>`
+-  Git Revision: :oe_git:`046871d9fd76efdca7b72718b328d8f545523f7e </bitbake/commit/?id=046871d9fd76efdca7b72718b328d8f545523f7e>`
+-  Release Artefact: bitbake-046871d9fd76efdca7b72718b328d8f545523f7e
+-  sha: e9df0a9f5921b583b539188d66b23f120e1751000e7822e76c3391d5c76ee21a
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.26/bitbake-046871d9fd76efdca7b72718b328d8f545523f7e.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.26/bitbake-046871d9fd76efdca7b72718b328d8f545523f7e.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag: :yocto_git:`yocto-4.0.26 </yocto-docs/log/?h=yocto-4.0.26>`
+-  Git Revision: :yocto_git:`9b4c36f7b02dd4bedfec90206744a1e90e37733c </yocto-docs/commit/?id=9b4c36f7b02dd4bedfec90206744a1e90e37733c>`
+
diff --git a/documentation/migration-guides/release-notes-4.0.27.rst b/documentation/migration-guides/release-notes-4.0.27.rst
new file mode 100644
index 0000000000..e37e2f78b6
--- /dev/null
+++ b/documentation/migration-guides/release-notes-4.0.27.rst
@@ -0,0 +1,153 @@
+Release notes for Yocto-4.0.27 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.27
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: Fix :cve_nist:`2025-1178`
+-  busybox: fix :cve_nist:`2023-39810`
+-  connman :fix :cve_nist:`2025-32743`
+-  curl: Ignore :cve_nist:`2025-0725`
+-  ghostscript: Fix :cve_nist:`2025-27830`, :cve_nist:`2025-27831`, :cve_nist:`2025-27832`,
+   :cve_nist:`2025-27834`, :cve_nist:`2025-27835` and :cve_nist:`2025-27836`
+-  ghostscript: Ignore :cve_nist:`2024-29507`, :cve_nist:`2025-27833` and :cve_nist:`2025-27837`
+-  glib-2.0: Fix :cve_nist:`2025-3360`
+-  go: Fix :cve_nist:`2025-22871`
+-  libarchive: Ignore :cve_nist:`2024-48615`
+-  libpam: Fix :cve_nist:`2024-10041`
+-  libsoup-2.4: Fix :cve_nist:`2024-52532`, :cve_nist:`2025-32906` and :cve_nist:`2025-32909`
+-  libsoup: Fix :cve_nist:`2024-52532`, :cve_nist:`2025-32906`, :cve_nist:`2025-32909`,
+   :cve_nist:`2025-32910`, :cve_nist:`2025-32911`, :cve_nist:`2025-32912`, :cve_nist:`2025-32913`
+   and :cve_nist:`2025-32914`
+-  libxml2: Fix :cve_nist:`2025-32414` and :cve_nist:`2025-32415`
+-  ofono: Fix :cve_nist:`2024-7537`
+-  perl: Fix :cve_nist:`2024-56406`
+-  ppp: Fix :cve_nist:`2024-58250`
+-  python3-setuptools: Fix :cve_nist:`2024-6345`
+-  qemu: Ignore :cve_nist:`2023-1386`
+-  ruby: Fix :cve_nist:`2024-43398`
+-  sqlite3: Fix :cve_nist:`2025-29088`
+-  systemd: Ignore :cve_nist:`2022-3821`, :cve_nist:`2022-4415` and :cve_nist:`2022-45873`
+
+
+Fixes in Yocto-4.0.27
+~~~~~~~~~~~~~~~~~~~~~
+
+-  Revert "cve-update-nvd2-native: Tweak to work better with NFS DL_DIR"
+-  build-appliance-image: Update to kirkstone head revision
+-  cve-update-nvd2-native: add workaround for json5 style list
+-  docs: Fix dead links that use the :term:`DISTRO` macro
+-  docs: manuals: remove repeated word
+-  docs: poky.yaml: introduce DISTRO_LATEST_TAG
+-  glibc: Add single-threaded fast path to rand()
+-  glibc: stable 2.35 branch updates
+-  module.bbclass: add KBUILD_EXTRA_SYMBOLS to install
+-  perl: enable _GNU_SOURCE define via d_gnulibc
+-  poky.conf: bump version for 4.0.27
+-  ref-manual/variables.rst: document autotools class related variables
+-  scripts/install-buildtools: Update to 4.0.26
+-  systemd: backport patch to fix journal issue
+-  systemd: systemd-journald fails to setup LogNamespace
+-  tzdata/tzcode-native: upgrade to 2025b
+
+
+Known Issues in Yocto-4.0.27
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.27
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Aleksandar Nikolic
+-  Alexander Kanavin
+-  Alon Bar-Lev
+-  Andrew Kreimer
+-  Antonin Godard
+-  Chen Qi
+-  Deepesh Varatharajan
+-  Divya Chellam
+-  Haitao Liu
+-  Haixiao Yan
+-  Hitendra Prajapati
+-  Peter Marko
+-  Praveen Kumar
+-  Priyal Doshi
+-  Shubham Kulkarni
+-  Soumya Sambu
+-  Steve Sakoman
+-  Vijay Anusuri
+-  Yogita Urade
+
+
+Repositories / Downloads for Yocto-4.0.27
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.27 </poky/log/?h=yocto-4.0.27>`
+-  Git Revision: :yocto_git:`ab9a994a8cd8e06b519a693db444030999d273b7 </poky/commit/?id=ab9a994a8cd8e06b519a693db444030999d273b7>`
+-  Release Artefact: poky-ab9a994a8cd8e06b519a693db444030999d273b7
+-  sha: 77a366c17cf29eef15c6ff3f44e73f81c07288c723fd4a6dbd8c7ee9b79933f3
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.27/poky-ab9a994a8cd8e06b519a693db444030999d273b7.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.27/poky-ab9a994a8cd8e06b519a693db444030999d273b7.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.27 </openembedded-core/log/?h=yocto-4.0.27>`
+-  Git Revision: :oe_git:`e8be08a624b2d024715a5c8b0c37f2345a02336b </openembedded-core/commit/?id=e8be08a624b2d024715a5c8b0c37f2345a02336b>`
+-  Release Artefact: oecore-e8be08a624b2d024715a5c8b0c37f2345a02336b
+-  sha: cc5b0fadab021c6dc61f37fc4ff01a1cf657e7c219488ce264bede42f7f6212f
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.27/oecore-e8be08a624b2d024715a5c8b0c37f2345a02336b.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.27/oecore-e8be08a624b2d024715a5c8b0c37f2345a02336b.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.27 </meta-mingw/log/?h=yocto-4.0.27>`
+-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
+-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
+-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.27/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.27/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.27 </meta-gplv2/log/?h=yocto-4.0.27>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.27/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.27/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.27 </bitbake/log/?h=yocto-4.0.27>`
+-  Git Revision: :oe_git:`046871d9fd76efdca7b72718b328d8f545523f7e </bitbake/commit/?id=046871d9fd76efdca7b72718b328d8f545523f7e>`
+-  Release Artefact: bitbake-046871d9fd76efdca7b72718b328d8f545523f7e
+-  sha: e9df0a9f5921b583b539188d66b23f120e1751000e7822e76c3391d5c76ee21a
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.27/bitbake-046871d9fd76efdca7b72718b328d8f545523f7e.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.27/bitbake-046871d9fd76efdca7b72718b328d8f545523f7e.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag: :yocto_git:`yocto-4.0.27 </yocto-docs/log/?h=yocto-4.0.27>`
+-  Git Revision: :yocto_git:`0d51e553d5f83eea6634e03ddc9c7740bf72fcea </yocto-docs/commit/?id=0d51e553d5f83eea6634e03ddc9c7740bf72fcea>`
+
diff --git a/documentation/migration-guides/release-notes-4.0.3.rst b/documentation/migration-guides/release-notes-4.0.3.rst
index 46fe858cb7..1b9559a962 100644
--- a/documentation/migration-guides/release-notes-4.0.3.rst
+++ b/documentation/migration-guides/release-notes-4.0.3.rst
@@ -6,21 +6,21 @@ Release notes for Yocto-4.0.3 (Kirkstone)
 Security Fixes in Yocto-4.0.3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  binutils: fix :cve:`2019-1010204`
--  busybox: fix :cve:`2022-30065`
--  cups: ignore :cve:`2022-26691`
--  curl: Fix :cve:`2022-32205`, :cve:`2022-32206`, :cve:`2022-32207` and :cve:`2022-32208`
--  dpkg: fix :cve:`2022-1664`
--  ghostscript: fix :cve:`2022-2085`
--  harfbuzz: fix :cve:`2022-33068`
--  libtirpc: fix :cve:`2021-46828`
--  lua: fix :cve:`2022-33099`
--  nasm: ignore :cve:`2020-18974`
--  qemu: fix :cve:`2022-35414`
--  qemu: ignore :cve:`2021-20255` and :cve:`2019-12067`
--  tiff: fix :cve:`2022-1354`, :cve:`2022-1355`, :cve:`2022-2056`, :cve:`2022-2057` and :cve:`2022-2058`
--  u-boot: fix :cve:`2022-34835`
--  unzip: fix :cve:`2022-0529` and :cve:`2022-0530`
+-  binutils: fix :cve_nist:`2019-1010204`
+-  busybox: fix :cve_nist:`2022-30065`
+-  cups: ignore :cve_nist:`2022-26691`
+-  curl: Fix :cve_nist:`2022-32205`, :cve_nist:`2022-32206`, :cve_nist:`2022-32207` and :cve_nist:`2022-32208`
+-  dpkg: fix :cve_nist:`2022-1664`
+-  ghostscript: fix :cve_nist:`2022-2085`
+-  harfbuzz: fix :cve_nist:`2022-33068`
+-  libtirpc: fix :cve_nist:`2021-46828`
+-  lua: fix :cve_nist:`2022-33099`
+-  nasm: ignore :cve_nist:`2020-18974`
+-  qemu: fix :cve_nist:`2022-35414`
+-  qemu: ignore :cve_nist:`2021-20255` and :cve_nist:`2019-12067`
+-  tiff: fix :cve_nist:`2022-1354`, :cve_nist:`2022-1355`, :cve_nist:`2022-2056`, :cve_nist:`2022-2057` and :cve_nist:`2022-2058`
+-  u-boot: fix :cve_nist:`2022-34835`
+-  unzip: fix :cve_nist:`2022-0529` and :cve_nist:`2022-0530`
 
 
 Fixes in Yocto-4.0.3
diff --git a/documentation/migration-guides/release-notes-4.0.4.rst b/documentation/migration-guides/release-notes-4.0.4.rst
index 1d6e525bbc..41ef095c45 100644
--- a/documentation/migration-guides/release-notes-4.0.4.rst
+++ b/documentation/migration-guides/release-notes-4.0.4.rst
@@ -6,17 +6,17 @@ Release notes for Yocto-4.0.4 (Kirkstone)
 Security Fixes in Yocto-4.0.4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  binutils : fix :cve:`2022-38533`
--  curl: fix :cve:`2022-35252`
--  sqlite: fix :cve:`2022-35737`
--  grub2: fix :cve:`2021-3695`, :cve:`2021-3696`, :cve:`2021-3697`, :cve:`2022-28733`, :cve:`2022-28734` and :cve:`2022-28735`
--  u-boot: fix :cve:`2022-30552` and :cve:`2022-33967`
--  libxml2: Ignore :cve:`2016-3709`
--  libtiff: fix :cve:`2022-34526`
--  zlib: fix :cve:`2022-37434`
--  gnutls: fix :cve:`2022-2509`
--  u-boot: fix :cve:`2022-33103`
--  qemu: fix :cve:`2021-3507`, :cve:`2021-3929`, :cve:`2021-4158`, :cve:`2022-0216` and :cve:`2022-0358`
+-  binutils : fix :cve_nist:`2022-38533`
+-  curl: fix :cve_nist:`2022-35252`
+-  sqlite: fix :cve_nist:`2022-35737`
+-  grub2: fix :cve_nist:`2021-3695`, :cve_nist:`2021-3696`, :cve_nist:`2021-3697`, :cve_nist:`2022-28733`, :cve_nist:`2022-28734` and :cve_nist:`2022-28735`
+-  u-boot: fix :cve_nist:`2022-30552` and :cve_nist:`2022-33967`
+-  libxml2: Ignore :cve_nist:`2016-3709`
+-  libtiff: fix :cve_nist:`2022-34526`
+-  zlib: fix :cve_nist:`2022-37434`
+-  gnutls: fix :cve_nist:`2022-2509`
+-  u-boot: fix :cve_nist:`2022-33103`
+-  qemu: fix :cve_nist:`2021-3507`, :cve_nist:`2021-3929`, :cve_nist:`2021-4158`, :cve_nist:`2022-0216` and :cve_nist:`2022-0358`
 
 
 Fixes in Yocto-4.0.4
diff --git a/documentation/migration-guides/release-notes-4.0.5.rst b/documentation/migration-guides/release-notes-4.0.5.rst
index cdfe85b750..ae061ed633 100644
--- a/documentation/migration-guides/release-notes-4.0.5.rst
+++ b/documentation/migration-guides/release-notes-4.0.5.rst
@@ -6,11 +6,11 @@ Release notes for Yocto-4.0.5 (Kirkstone)
 Security Fixes in Yocto-4.0.5
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  qemu: fix :cve:`2021-3750`, :cve:`2021-3611` and :cve:`2022-2962`
--  binutils : fix :cve:`2022-38126`, :cve:`2022-38127` and :cve:`2022-38128`
--  tff: fix :cve:`2022-2867`, :cve:`2022-2868` and :cve:`2022-2869`
--  inetutils: fix :cve:`2022-39028`
--  go: fix :cve:`2022-27664`
+-  qemu: fix :cve_nist:`2021-3750`, :cve_nist:`2021-3611` and :cve_nist:`2022-2962`
+-  binutils : fix :cve_nist:`2022-38126`, :cve_nist:`2022-38127` and :cve_nist:`2022-38128`
+-  tff: fix :cve_nist:`2022-2867`, :cve_nist:`2022-2868` and :cve_nist:`2022-2869`
+-  inetutils: fix :cve_nist:`2022-39028`
+-  go: fix :cve_nist:`2022-27664`
 
 Fixes in Yocto-4.0.5
 ~~~~~~~~~~~~~~~~~~~~
diff --git a/documentation/migration-guides/release-notes-4.0.6.rst b/documentation/migration-guides/release-notes-4.0.6.rst
index 76d23fcf0c..e0c0cc09b9 100644
--- a/documentation/migration-guides/release-notes-4.0.6.rst
+++ b/documentation/migration-guides/release-notes-4.0.6.rst
@@ -6,28 +6,28 @@ Release notes for Yocto-4.0.6 (Kirkstone)
 Security Fixes in Yocto-4.0.6
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bash: Fix :cve:`2022-3715`
--  curl: Fix :cve:`2022-32221`, :cve:`2022-42915` and :cve:`2022-42916`
--  dbus: Fix :cve:`2022-42010`, :cve:`2022-42011` and :cve:`2022-42012`
--  dropbear: Fix :cve:`2021-36369`
--  ffmpeg: Fix :cve:`2022-3964`, :cve:`2022-3965`
--  go: Fix :cve:`2022-2880`
--  grub2: Fix :cve:`2022-2601`, :cve:`2022-3775` and :cve:`2022-28736`
--  libarchive: Fix :cve:`2022-36227`
--  libpam: Fix :cve:`2022-28321`
--  libsndfile1: Fix :cve:`2021-4156`
--  lighttpd: Fix :cve:`2022-41556`
--  openssl: Fix :cve:`2022-3358`
--  pixman: Fix :cve:`2022-44638`
--  python3-mako: Fix :cve:`2022-40023`
--  python3: Fix :cve:`2022-42919`
--  qemu: Fix :cve:`2022-3165`
--  sysstat: Fix :cve:`2022-39377`
--  systemd: Fix :cve:`2022-3821`
--  tiff: Fix :cve:`2022-2953`, :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570`, :cve:`2022-3598` and :cve:`2022-3970`
--  vim: Fix :cve:`2022-3352`, :cve:`2022-3705` and :cve:`2022-4141`
--  wayland: Fix :cve:`2021-3782`
--  xserver-xorg: Fix :cve:`2022-3550` and :cve:`2022-3551`
+-  bash: Fix :cve_nist:`2022-3715`
+-  curl: Fix :cve_nist:`2022-32221`, :cve_nist:`2022-42915` and :cve_nist:`2022-42916`
+-  dbus: Fix :cve_nist:`2022-42010`, :cve_nist:`2022-42011` and :cve_nist:`2022-42012`
+-  dropbear: Fix :cve_nist:`2021-36369`
+-  ffmpeg: Fix :cve_nist:`2022-3964`, :cve_nist:`2022-3965`
+-  go: Fix :cve_nist:`2022-2880`
+-  grub2: Fix :cve_nist:`2022-2601`, :cve_nist:`2022-3775` and :cve_nist:`2022-28736`
+-  libarchive: Fix :cve_nist:`2022-36227`
+-  libpam: Fix :cve_nist:`2022-28321`
+-  libsndfile1: Fix :cve_nist:`2021-4156`
+-  lighttpd: Fix :cve_nist:`2022-41556`
+-  openssl: Fix :cve_nist:`2022-3358`
+-  pixman: Fix :cve_nist:`2022-44638`
+-  python3-mako: Fix :cve_nist:`2022-40023`
+-  python3: Fix :cve_nist:`2022-42919`
+-  qemu: Fix :cve_nist:`2022-3165`
+-  sysstat: Fix :cve_nist:`2022-39377`
+-  systemd: Fix :cve_nist:`2022-3821`
+-  tiff: Fix :cve_nist:`2022-2953`, :cve_nist:`2022-3599`, :cve_nist:`2022-3597`, :cve_nist:`2022-3626`, :cve_nist:`2022-3627`, :cve_nist:`2022-3570`, :cve_nist:`2022-3598` and :cve_nist:`2022-3970`
+-  vim: Fix :cve_nist:`2022-3352`, :cve_nist:`2022-3705` and :cve_nist:`2022-4141`
+-  wayland: Fix :cve_nist:`2021-3782`
+-  xserver-xorg: Fix :cve_nist:`2022-3550` and :cve_nist:`2022-3551`
 
 
 Fixes in Yocto-4.0.6
diff --git a/documentation/migration-guides/release-notes-4.0.7.rst b/documentation/migration-guides/release-notes-4.0.7.rst
index c3885d9e0e..a11a29889d 100644
--- a/documentation/migration-guides/release-notes-4.0.7.rst
+++ b/documentation/migration-guides/release-notes-4.0.7.rst
@@ -6,25 +6,25 @@ Release notes for Yocto-4.0.7 (Kirkstone)
 Security Fixes in Yocto-4.0.7
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  binutils: Fix :cve:`2022-4285`
--  curl: Fix :cve:`2022-43551` and :cve_mitre:`2022-43552`
--  ffmpeg: Fix :cve:`2022-3109` and :cve:`2022-3341`
--  go: Fix :cve:`2022-41715` and :cve:`2022-41717`
--  libX11: Fix :cve:`2022-3554` and :cve:`2022-3555`
--  libarchive: Fix :cve:`2022-36227`
--  libksba: Fix :cve:`2022-47629`
--  libpng: Fix :cve:`2019-6129`
--  libxml2: Fix :cve:`2022-40303` and :cve:`2022-40304`
--  openssl: Fix :cve:`2022-3996`
--  python3: Fix :cve:`2022-45061`
--  python3-git: Fix :cve:`2022-24439`
--  python3-setuptools: Fix :cve:`2022-40897`
--  python3-wheel: Fix :cve:`2022-40898`
--  qemu: Fix :cve:`2022-4144`
--  sqlite: Fix :cve:`2022-46908`
--  systemd: Fix :cve:`2022-45873`
--  vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054` and :cve:`2023-0088`
--  webkitgtk: Fix :cve:`2022-32886`, :cve_mitre:`2022-32891` and :cve:`2022-32912`
+-  binutils: Fix :cve_nist:`2022-4285`
+-  curl: Fix :cve_nist:`2022-43551` and :cve_mitre:`2022-43552`
+-  ffmpeg: Fix :cve_nist:`2022-3109` and :cve_nist:`2022-3341`
+-  go: Fix :cve_nist:`2022-41715` and :cve_nist:`2022-41717`
+-  libX11: Fix :cve_nist:`2022-3554` and :cve_nist:`2022-3555`
+-  libarchive: Fix :cve_nist:`2022-36227`
+-  libksba: Fix :cve_nist:`2022-47629`
+-  libpng: Fix :cve_nist:`2019-6129`
+-  libxml2: Fix :cve_nist:`2022-40303` and :cve_nist:`2022-40304`
+-  openssl: Fix :cve_nist:`2022-3996`
+-  python3: Fix :cve_nist:`2022-45061`
+-  python3-git: Fix :cve_nist:`2022-24439`
+-  python3-setuptools: Fix :cve_nist:`2022-40897`
+-  python3-wheel: Fix :cve_nist:`2022-40898`
+-  qemu: Fix :cve_nist:`2022-4144`
+-  sqlite: Fix :cve_nist:`2022-46908`
+-  systemd: Fix :cve_nist:`2022-45873`
+-  vim: Fix :cve_nist:`2023-0049`, :cve_nist:`2023-0051`, :cve_nist:`2023-0054` and :cve_nist:`2023-0088`
+-  webkitgtk: Fix :cve_nist:`2022-32886`, :cve_mitre:`2022-32891` and :cve_nist:`2022-32912`
 
 
 Fixes in Yocto-4.0.7
@@ -39,7 +39,7 @@ Fixes in Yocto-4.0.7
 -  busybox: always start do_compile with orig config files
 -  busybox: rm temporary files if do_compile was interrupted
 -  cairo: fix CVE patches assigned wrong CVE number
--  cairo: update patch for :cve:`2019-6461` with upstream solution
+-  cairo: update patch for :cve_nist:`2019-6461` with upstream solution
 -  classes/create-spdx: Add SPDX_PRETTY option
 -  classes: image: Set empty weak default IMAGE_LINGUAS
 -  combo-layer: add sync-revs command
diff --git a/documentation/migration-guides/release-notes-4.0.8.rst b/documentation/migration-guides/release-notes-4.0.8.rst
index 223b74fbaf..af58d0462c 100644
--- a/documentation/migration-guides/release-notes-4.0.8.rst
+++ b/documentation/migration-guides/release-notes-4.0.8.rst
@@ -6,16 +6,16 @@ Release notes for Yocto-4.0.8 (Kirkstone)
 Security Fixes in Yocto-4.0.8
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  apr-util: Fix :cve:`2022-25147`
--  apr: Fix :cve:`2022-24963`, :cve:`2022-28331` and :cve:`2021-35940`
--  bind: Fix :cve:`2022-3094`, :cve:`2022-3736` and :cve:`2022-3924`
--  git: Ignore :cve:`2022-41953`
--  git: Fix :cve:`2022-23521` and :cve:`2022-41903`
--  libgit2: Fix :cve:`2023-22742`
--  ppp: Fix :cve:`2022-4603`
--  python3-certifi: Fix :cve:`2022-23491`
--  sudo: Fix :cve:`2023-22809`
--  tar: Fix :cve:`2022-48303`
+-  apr-util: Fix :cve_nist:`2022-25147`
+-  apr: Fix :cve_nist:`2022-24963`, :cve_nist:`2022-28331` and :cve_nist:`2021-35940`
+-  bind: Fix :cve_nist:`2022-3094`, :cve_nist:`2022-3736` and :cve_nist:`2022-3924`
+-  git: Ignore :cve_nist:`2022-41953`
+-  git: Fix :cve_nist:`2022-23521` and :cve_nist:`2022-41903`
+-  libgit2: Fix :cve_nist:`2023-22742`
+-  ppp: Fix :cve_nist:`2022-4603`
+-  python3-certifi: Fix :cve_nist:`2022-23491`
+-  sudo: Fix :cve_nist:`2023-22809`
+-  tar: Fix :cve_nist:`2022-48303`
 
 
 Fixes in Yocto-4.0.8
diff --git a/documentation/migration-guides/release-notes-4.0.9.rst b/documentation/migration-guides/release-notes-4.0.9.rst
index 236477443a..a571e95724 100644
--- a/documentation/migration-guides/release-notes-4.0.9.rst
+++ b/documentation/migration-guides/release-notes-4.0.9.rst
@@ -6,26 +6,26 @@ Release notes for Yocto-4.0.9 (Kirkstone)
 Security Fixes in Yocto-4.0.9
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  binutils: Fix :cve:`2023-22608`
--  curl: Fix :cve:`2023-23914`, :cve:`2023-23915` and :cve:`2023-23916`
--  epiphany: Fix :cve:`2023-26081`
--  git: Ignore :cve:`2023-22743`
--  glibc: Fix  :cve:`2023-0687`
--  gnutls: Fix :cve:`2023-0361`
--  go: Fix :cve:`2022-2879`, :cve:`2022-41720` and :cve:`2022-41723`
--  harfbuzz: Fix :cve:`2023-25193`
--  less: Fix :cve:`2022-46663`
--  libmicrohttpd: Fix :cve:`2023-27371`
--  libsdl2: Fix :cve:`2022-4743`
--  openssl: Fix :cve:`2022-3996`, :cve:`2023-0464`, :cve:`2023-0465` and :cve:`2023-0466`
--  pkgconf: Fix :cve:`2023-24056`
--  python3: Fix :cve:`2023-24329`
--  shadow: Ignore :cve:`2016-15024`
--  systemd: Fix :cve:`2022-4415`
--  tiff: Fix :cve:`2023-0800`, :cve:`2023-0801`, :cve:`2023-0802`, :cve:`2023-0803` and :cve:`2023-0804`
--  vim: Fix :cve:`2023-0433`, :cve:`2023-0512`, :cve:`2023-1127`, :cve:`2023-1170`, :cve:`2023-1175`, :cve:`2023-1264` and :cve:`2023-1355`
--  xserver-xorg: Fix :cve:`2023-0494`
--  xwayland: Fix :cve:`2023-0494`
+-  binutils: Fix :cve_nist:`2023-22608`
+-  curl: Fix :cve_nist:`2023-23914`, :cve_nist:`2023-23915` and :cve_nist:`2023-23916`
+-  epiphany: Fix :cve_nist:`2023-26081`
+-  git: Ignore :cve_nist:`2023-22743`
+-  glibc: Fix  :cve_nist:`2023-0687`
+-  gnutls: Fix :cve_nist:`2023-0361`
+-  go: Fix :cve_nist:`2022-2879`, :cve_nist:`2022-41720` and :cve_nist:`2022-41723`
+-  harfbuzz: Fix :cve_nist:`2023-25193`
+-  less: Fix :cve_nist:`2022-46663`
+-  libmicrohttpd: Fix :cve_nist:`2023-27371`
+-  libsdl2: Fix :cve_nist:`2022-4743`
+-  openssl: Fix :cve_nist:`2022-3996`, :cve_nist:`2023-0464`, :cve_nist:`2023-0465` and :cve_nist:`2023-0466`
+-  pkgconf: Fix :cve_nist:`2023-24056`
+-  python3: Fix :cve_nist:`2023-24329`
+-  shadow: Ignore :cve_nist:`2016-15024`
+-  systemd: Fix :cve_nist:`2022-4415`
+-  tiff: Fix :cve_nist:`2023-0800`, :cve_nist:`2023-0801`, :cve_nist:`2023-0802`, :cve_nist:`2023-0803` and :cve_nist:`2023-0804`
+-  vim: Fix :cve_nist:`2023-0433`, :cve_nist:`2023-0512`, :cve_nist:`2023-1127`, :cve_nist:`2023-1170`, :cve_nist:`2023-1175`, :cve_nist:`2023-1264` and :cve_nist:`2023-1355`
+-  xserver-xorg: Fix :cve_nist:`2023-0494`
+-  xwayland: Fix :cve_nist:`2023-0494`
 
 
 Fixes in Yocto-4.0.9
@@ -90,7 +90,7 @@ Fixes in Yocto-4.0.9
 -  pybootchartui: Fix python syntax issue
 -  python3-git: fix indent error
 -  python3-setuptools-rust-native: Add direct dependency of native python3 modules
--  qemu: Revert "fix :cve:`2021-3507`" as not applicable for qemu 6.2
+-  qemu: Revert "fix :cve_nist:`2021-3507`" as not applicable for qemu 6.2
 -  rsync: Add missing prototypes to function declarations
 -  rsync: Turn on -pedantic-errors at the end of 'configure'
 -  runqemu: kill qemu if it hangs
diff --git a/documentation/migration-guides/release-notes-4.0.rst b/documentation/migration-guides/release-notes-4.0.rst
index a5d66c0410..e9e6949527 100644
--- a/documentation/migration-guides/release-notes-4.0.rst
+++ b/documentation/migration-guides/release-notes-4.0.rst
@@ -25,7 +25,7 @@ New Features / Enhancements in 4.0
 
      BB_SIGNATURE_HANDLER = "OEEquivHash"
      BB_HASHSERVE = "auto"
-     BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"
+     BB_HASHSERVE_UPSTREAM = "hashserv.yoctoproject.org:8686"
      SSTATE_MIRRORS ?= "file://.* https://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
 
 - The Python package build process is now based on `wheels <https://pythonwheels.com/>`__
@@ -337,37 +337,37 @@ Other license-related notes:
 Security Fixes in 4.0
 ~~~~~~~~~~~~~~~~~~~~~
 
-- binutils: :cve:`2021-42574`, :cve:`2021-45078`
-- curl: :cve:`2021-22945`, :cve:`2021-22946`, :cve:`2021-22947`
-- epiphany: :cve:`2021-45085`, :cve:`2021-45086`, :cve:`2021-45087`, :cve:`2021-45088`
-- expat: :cve:`2021-45960`, :cve:`2021-46143`, :cve:`2022-22822`, :cve:`2022-22823`, :cve:`2022-22824`, :cve:`2022-22825`, :cve:`2022-22826`, :cve:`2022-22827`, :cve:`2022-23852`, :cve:`2022-23990`, :cve:`2022-25235`, :cve:`2022-25236`, :cve:`2022-25313`, :cve:`2022-25314`, :cve:`2022-25315`
-- ffmpeg: :cve:`2021-38114`
-- gcc: :cve:`2021-35465`, :cve:`2021-42574`, :cve:`2021-46195`, :cve:`2022-24765`
-- glibc: :cve:`2021-3998`, :cve:`2021-3999`, :cve:`2021-43396`, :cve:`2022-23218`, :cve:`2022-23219`
-- gmp: :cve:`2021-43618`
-- go: :cve:`2021-41771` and :cve:`2021-41772`
-- grub2: :cve:`2021-3981`
-- gzip: :cve:`2022-1271`
-- libarchive : :cve:`2021-31566`, :cve:`2021-36976`
-- libxml2: :cve:`2022-23308`
-- libxslt: :cve:`2021-30560`
-- lighttpd: :cve:`2022-22707`
-- linux-yocto/5.10: amdgpu: :cve:`2021-42327`
-- lua: :cve:`2021-43396`
-- openssl: :cve:`2021-4044`, :cve:`2022-0778`
-- qemu: :cve:`2022-1050`, :cve:`2022-26353`, :cve:`2022-26354`
-- rpm: :cve:`2021-3521`
-- seatd: :cve:`2022-25643`
-- speex: :cve:`2020-23903`
-- squashfs-tools: :cve:`2021-41072`
-- systemd: :cve:`2021-4034`
-- tiff: :cve:`2022-0561`, :cve:`2022-0562`, :cve:`2022-0865`, :cve:`2022-0891`, :cve:`2022-0907`, :cve:`2022-0908`, :cve:`2022-0909`, :cve:`2022-0924`, :cve:`2022-1056`, :cve:`2022-22844`
-- unzip: :cve:`2021-4217`
-- vim: :cve:`2021-3796`, :cve:`2021-3872`, :cve:`2021-3875`, :cve:`2021-3927`, :cve:`2021-3928`, :cve:`2021-3968`, :cve:`2021-3973`, :cve:`2021-4187`, :cve:`2022-0128`, :cve:`2022-0156`, :cve:`2022-0158`, :cve:`2022-0261`, :cve:`2022-0318`, :cve:`2022-0319`, :cve:`2022-0554`, :cve:`2022-0696`, :cve:`2022-0714`, :cve:`2022-0729`, :cve:`2022-0943`
-- virglrenderer: :cve:`2022-0135`, :cve:`2022-0175`
-- webkitgtk: :cve:`2022-22589`, :cve:`2022-22590`, :cve:`2022-22592`
-- xz: :cve:`2022-1271`
-- zlib: :cve:`2018-25032`
+- binutils: :cve_nist:`2021-42574`, :cve_nist:`2021-45078`
+- curl: :cve_nist:`2021-22945`, :cve_nist:`2021-22946`, :cve_nist:`2021-22947`
+- epiphany: :cve_nist:`2021-45085`, :cve_nist:`2021-45086`, :cve_nist:`2021-45087`, :cve_nist:`2021-45088`
+- expat: :cve_nist:`2021-45960`, :cve_nist:`2021-46143`, :cve_nist:`2022-22822`, :cve_nist:`2022-22823`, :cve_nist:`2022-22824`, :cve_nist:`2022-22825`, :cve_nist:`2022-22826`, :cve_nist:`2022-22827`, :cve_nist:`2022-23852`, :cve_nist:`2022-23990`, :cve_nist:`2022-25235`, :cve_nist:`2022-25236`, :cve_nist:`2022-25313`, :cve_nist:`2022-25314`, :cve_nist:`2022-25315`
+- ffmpeg: :cve_nist:`2021-38114`
+- gcc: :cve_nist:`2021-35465`, :cve_nist:`2021-42574`, :cve_nist:`2021-46195`, :cve_nist:`2022-24765`
+- glibc: :cve_nist:`2021-3998`, :cve_nist:`2021-3999`, :cve_nist:`2021-43396`, :cve_nist:`2022-23218`, :cve_nist:`2022-23219`
+- gmp: :cve_nist:`2021-43618`
+- go: :cve_nist:`2021-41771` and :cve_nist:`2021-41772`
+- grub2: :cve_nist:`2021-3981`
+- gzip: :cve_nist:`2022-1271`
+- libarchive : :cve_nist:`2021-31566`, :cve_nist:`2021-36976`
+- libxml2: :cve_nist:`2022-23308`
+- libxslt: :cve_nist:`2021-30560`
+- lighttpd: :cve_nist:`2022-22707`
+- linux-yocto/5.10: amdgpu: :cve_nist:`2021-42327`
+- lua: :cve_nist:`2021-43396`
+- openssl: :cve_nist:`2021-4044`, :cve_nist:`2022-0778`
+- qemu: :cve_nist:`2022-1050`, :cve_nist:`2022-26353`, :cve_nist:`2022-26354`
+- rpm: :cve_nist:`2021-3521`
+- seatd: :cve_nist:`2022-25643`
+- speex: :cve_nist:`2020-23903`
+- squashfs-tools: :cve_nist:`2021-41072`
+- systemd: :cve_nist:`2021-4034`
+- tiff: :cve_nist:`2022-0561`, :cve_nist:`2022-0562`, :cve_nist:`2022-0865`, :cve_nist:`2022-0891`, :cve_nist:`2022-0907`, :cve_nist:`2022-0908`, :cve_nist:`2022-0909`, :cve_nist:`2022-0924`, :cve_nist:`2022-1056`, :cve_nist:`2022-22844`
+- unzip: :cve_nist:`2021-4217`
+- vim: :cve_nist:`2021-3796`, :cve_nist:`2021-3872`, :cve_nist:`2021-3875`, :cve_nist:`2021-3927`, :cve_nist:`2021-3928`, :cve_nist:`2021-3968`, :cve_nist:`2021-3973`, :cve_nist:`2021-4187`, :cve_nist:`2022-0128`, :cve_nist:`2022-0156`, :cve_nist:`2022-0158`, :cve_nist:`2022-0261`, :cve_nist:`2022-0318`, :cve_nist:`2022-0319`, :cve_nist:`2022-0554`, :cve_nist:`2022-0696`, :cve_nist:`2022-0714`, :cve_nist:`2022-0729`, :cve_nist:`2022-0943`
+- virglrenderer: :cve_nist:`2022-0135`, :cve_nist:`2022-0175`
+- webkitgtk: :cve_nist:`2022-22589`, :cve_nist:`2022-22590`, :cve_nist:`2022-22592`
+- xz: :cve_nist:`2022-1271`
+- zlib: :cve_nist:`2018-25032`
 
 
 
diff --git a/documentation/migration-guides/release-notes-4.1.1.rst b/documentation/migration-guides/release-notes-4.1.1.rst
index 4f31fbf1c7..8393bc5320 100644
--- a/documentation/migration-guides/release-notes-4.1.1.rst
+++ b/documentation/migration-guides/release-notes-4.1.1.rst
@@ -6,16 +6,16 @@ Release notes for Yocto-4.1.1 (Langdale)
 Security Fixes in Yocto-4.1.1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  curl: Fix :cve:`2022-32221`, :cve:`2022-35260`, :cve:`2022-42915` and :cve:`2022-42916`
--  libx11: Fix :cve:`2022-3554`
--  lighttpd: Fix :cve:`2022-41556`
--  openssl: Fix :cve:`2022-3358`, :cve:`2022-3602` and :cve:`2022-3786`
--  pixman: Fix :cve:`2022-44638`
--  qemu: Fix :cve:`2022-3165`
--  sudo: Fix :cve:`2022-43995`
--  tiff: Fix :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570` and :cve:`2022-3598`
--  xserver-xorg: Fix :cve:`2022-3550` and :cve:`2022-3551`
--  xserver-xorg: Ignore :cve:`2022-3553`
+-  curl: Fix :cve_nist:`2022-32221`, :cve_nist:`2022-35260`, :cve_nist:`2022-42915` and :cve_nist:`2022-42916`
+-  libx11: Fix :cve_nist:`2022-3554`
+-  lighttpd: Fix :cve_nist:`2022-41556`
+-  openssl: Fix :cve_nist:`2022-3358`, :cve_nist:`2022-3602` and :cve_nist:`2022-3786`
+-  pixman: Fix :cve_nist:`2022-44638`
+-  qemu: Fix :cve_nist:`2022-3165`
+-  sudo: Fix :cve_nist:`2022-43995`
+-  tiff: Fix :cve_nist:`2022-3599`, :cve_nist:`2022-3597`, :cve_nist:`2022-3626`, :cve_nist:`2022-3627`, :cve_nist:`2022-3570` and :cve_nist:`2022-3598`
+-  xserver-xorg: Fix :cve_nist:`2022-3550` and :cve_nist:`2022-3551`
+-  xserver-xorg: Ignore :cve_nist:`2022-3553`
 
 
 Fixes in Yocto-4.1.1
@@ -179,7 +179,7 @@ Fixes in Yocto-4.1.1
 -  shadow: update 4.12.1 -> 4.12.3
 -  systemd: add systemd-creds and systemd-cryptenroll to systemd-extra-utils
 -  test-manual: fix typo in machine name
--  tiff: fix a typo for :cve:`2022-2953`.patch
+-  tiff: fix a typo for :cve_nist:`2022-2953`.patch
 -  u-boot: Add savedefconfig task
 -  u-boot: Remove duplicate inherit of cml1
 -  uboot-sign: Fix using wrong KEY_REQ_ARGS
diff --git a/documentation/migration-guides/release-notes-4.1.2.rst b/documentation/migration-guides/release-notes-4.1.2.rst
index ee5d4ccc51..ea20ced1be 100644
--- a/documentation/migration-guides/release-notes-4.1.2.rst
+++ b/documentation/migration-guides/release-notes-4.1.2.rst
@@ -6,18 +6,18 @@ Release notes for Yocto-4.1.2 (Langdale)
 Security Fixes in Yocto-4.1.2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  sudo: Fix :cve:`2022-43995`
--  binutils: Fix :cve:`2022-4285`
--  cairo: update patch for :cve:`2019-6461` with upstream solution
--  expat: Fix :cve:`2022-43680`
--  ffmpeg: Fix :cve:`2022-3964` and :cve:`2022-3965`
--  grub: Fix :cve:`2022-28736`
--  libarchive: Fix :cve:`2022-36227`
--  libpam: Fix :cve:`2022-28321`
--  libpng: Fix :cve:`2019-6129`
--  ruby: Fix :cve:`2022-28738` and :cve:`2022-28739`
--  tiff: Fix :cve:`2022-3970`
--  vim: Fix :cve:`2022-4141`
+-  sudo: Fix :cve_nist:`2022-43995`
+-  binutils: Fix :cve_nist:`2022-4285`
+-  cairo: update patch for :cve_nist:`2019-6461` with upstream solution
+-  expat: Fix :cve_nist:`2022-43680`
+-  ffmpeg: Fix :cve_nist:`2022-3964` and :cve_nist:`2022-3965`
+-  grub: Fix :cve_nist:`2022-28736`
+-  libarchive: Fix :cve_nist:`2022-36227`
+-  libpam: Fix :cve_nist:`2022-28321`
+-  libpng: Fix :cve_nist:`2019-6129`
+-  ruby: Fix :cve_nist:`2022-28738` and :cve_nist:`2022-28739`
+-  tiff: Fix :cve_nist:`2022-3970`
+-  vim: Fix :cve_nist:`2022-4141`
 
 
 Fixes in Yocto-4.1.2
diff --git a/documentation/migration-guides/release-notes-4.1.3.rst b/documentation/migration-guides/release-notes-4.1.3.rst
index d8474cda68..b07cfa4689 100644
--- a/documentation/migration-guides/release-notes-4.1.3.rst
+++ b/documentation/migration-guides/release-notes-4.1.3.rst
@@ -6,24 +6,24 @@ Release notes for Yocto-4.1.3 (Langdale)
 Security Fixes in Yocto-4.1.3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  apr-util: Fix :cve:`2022-25147`
--  apr: Fix :cve:`2022-24963` and :cve:`2022-28331`
--  bind: Fix :cve:`2022-3094`, :cve:`2022-3736` and :cve:`2022-3924`
--  curl: Fix :cve:`2022-43551` and :cve:`2022-43552`
--  dbus: Fix :cve:`2022-42010`, :cve:`2022-42011` and :cve:`2022-42012`
--  git: Fix  :cve:`2022-23521`, :cve:`2022-39253`, :cve:`2022-39260` and :cve:`2022-41903`
--  git: Ignore :cve:`2022-41953`
--  go: Fix :cve:`2022-41717` and :cve:`2022-41720`
--  grub2: Fix :cve:`2022-2601` and :cve:`2022-3775`
--  less: Fix :cve:`2022-46663`
--  libarchive: Fix :cve:`2022-36227`
--  libksba: Fix :cve:`2022-47629`
--  openssl: Fix :cve:`2022-3996`
--  pkgconf: Fix :cve:`2023-24056`
--  ppp: Fix :cve:`2022-4603`
--  sudo: Fix :cve:`2023-22809`
--  tar: Fix :cve:`2022-48303`
--  vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054`, :cve:`2023-0288`, :cve:`2023-0433` and :cve:`2023-0512`
+-  apr-util: Fix :cve_nist:`2022-25147`
+-  apr: Fix :cve_nist:`2022-24963` and :cve_nist:`2022-28331`
+-  bind: Fix :cve_nist:`2022-3094`, :cve_nist:`2022-3736` and :cve_nist:`2022-3924`
+-  curl: Fix :cve_nist:`2022-43551` and :cve_nist:`2022-43552`
+-  dbus: Fix :cve_nist:`2022-42010`, :cve_nist:`2022-42011` and :cve_nist:`2022-42012`
+-  git: Fix  :cve_nist:`2022-23521`, :cve_nist:`2022-39253`, :cve_nist:`2022-39260` and :cve_nist:`2022-41903`
+-  git: Ignore :cve_nist:`2022-41953`
+-  go: Fix :cve_nist:`2022-41717` and :cve_nist:`2022-41720`
+-  grub2: Fix :cve_nist:`2022-2601` and :cve_nist:`2022-3775`
+-  less: Fix :cve_nist:`2022-46663`
+-  libarchive: Fix :cve_nist:`2022-36227`
+-  libksba: Fix :cve_nist:`2022-47629`
+-  openssl: Fix :cve_nist:`2022-3996`
+-  pkgconf: Fix :cve_nist:`2023-24056`
+-  ppp: Fix :cve_nist:`2022-4603`
+-  sudo: Fix :cve_nist:`2023-22809`
+-  tar: Fix :cve_nist:`2022-48303`
+-  vim: Fix :cve_nist:`2023-0049`, :cve_nist:`2023-0051`, :cve_nist:`2023-0054`, :cve_nist:`2023-0288`, :cve_nist:`2023-0433` and :cve_nist:`2023-0512`
 -  xserver-xorg: Fix :cve_mitre:`2023-0494`
 -  xwayland: Fix :cve_mitre:`2023-0494`
 
diff --git a/documentation/migration-guides/release-notes-4.1.4.rst b/documentation/migration-guides/release-notes-4.1.4.rst
index de469f4bee..147dd371b1 100644
--- a/documentation/migration-guides/release-notes-4.1.4.rst
+++ b/documentation/migration-guides/release-notes-4.1.4.rst
@@ -6,23 +6,23 @@ Release notes for Yocto-4.1.4 (Langdale)
 Security Fixes in Yocto-4.1.4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  cve-extra-exclusions/linux-yocto: Ignore :cve:`2020-27784`, :cve:`2021-3669`, :cve:`2021-3759`, :cve:`2021-4218`, :cve:`2022-0480`, :cve:`2022-1184`, :cve:`2022-1462`, :cve:`2022-2308`, :cve:`2022-2327`, :cve:`2022-26365`, :cve:`2022-2663`, :cve:`2022-2785`, :cve:`2022-3176`, :cve:`2022-33740`, :cve:`2022-33741`, :cve:`2022-33742`, :cve:`2022-3526`, :cve:`2022-3563`, :cve:`2022-3621`, :cve:`2022-3623`, :cve:`2022-3624`, :cve:`2022-3625`, :cve:`2022-3629`, :cve:`2022-3630`, :cve:`2022-3633`, :cve:`2022-3635`, :cve:`2022-3636`, :cve:`2022-3637`, :cve:`2022-3646` and :cve:`2022-3649`
--  cve-extra-exclusions/linux-yocto 5.15: Ignore :cve:`2022-3435`, :cve:`2022-3534`, :cve:`2022-3564`, :cve:`2022-3564`, :cve:`2022-3619`, :cve:`2022-3640`, :cve:`2022-42895`, :cve:`2022-42896`, :cve:`2022-4382`, :cve:`2023-0266` and :cve:`2023-0394`
--  epiphany: Fix :cve:`2023-26081`
--  git: Ignore :cve:`2023-22743`
--  go: Fix :cve:`2022-41722`, :cve:`2022-41723`, :cve:`2022-41724`, :cve:`2022-41725` and :cve:`2023-24532`
--  harfbuzz: Fix :cve:`2023-25193`
--  libmicrohttpd: Fix :cve:`2023-27371`
--  libxml2: Fix :cve:`2022-40303` and :cve:`2022-40304`
--  openssl: Fix :cve:`2023-0464`, :cve:`2023-0465` and :cve:`2023-0466`
--  python3-setuptools: Fix :cve:`2022-40897`
--  qemu: Fix :cve:`2022-4144`
--  screen: Fix :cve:`2023-24626`
--  shadow: Ignore :cve:`2016-15024`
--  tiff: Fix :cve:`2022-48281`, :cve:`2023-0795`, :cve:`2023-0796`, :cve:`2023-0797`, :cve:`2023-0798`, :cve:`2023-0799`, :cve:`2023-0800`, :cve:`2023-0801`, :cve:`2023-0802`, :cve:`2023-0803` and :cve:`2023-0804`
--  vim: Fix :cve:`2023-1127`, :cve:`2023-1170`, :cve:`2023-1175`, :cve:`2023-1264` and :cve:`2023-1355`
--  xdg-utils: Fix :cve:`2022-4055`
--  xserver-xorg: Fix for :cve:`2023-1393`
+-  cve-extra-exclusions/linux-yocto: Ignore :cve_nist:`2020-27784`, :cve_nist:`2021-3669`, :cve_nist:`2021-3759`, :cve_nist:`2021-4218`, :cve_nist:`2022-0480`, :cve_nist:`2022-1184`, :cve_nist:`2022-1462`, :cve_nist:`2022-2308`, :cve_nist:`2022-2327`, :cve_nist:`2022-26365`, :cve_nist:`2022-2663`, :cve_nist:`2022-2785`, :cve_nist:`2022-3176`, :cve_nist:`2022-33740`, :cve_nist:`2022-33741`, :cve_nist:`2022-33742`, :cve_nist:`2022-3526`, :cve_nist:`2022-3563`, :cve_nist:`2022-3621`, :cve_nist:`2022-3623`, :cve_nist:`2022-3624`, :cve_nist:`2022-3625`, :cve_nist:`2022-3629`, :cve_nist:`2022-3630`, :cve_nist:`2022-3633`, :cve_nist:`2022-3635`, :cve_nist:`2022-3636`, :cve_nist:`2022-3637`, :cve_nist:`2022-3646` and :cve_nist:`2022-3649`
+-  cve-extra-exclusions/linux-yocto 5.15: Ignore :cve_nist:`2022-3435`, :cve_nist:`2022-3534`, :cve_nist:`2022-3564`, :cve_nist:`2022-3564`, :cve_nist:`2022-3619`, :cve_nist:`2022-3640`, :cve_nist:`2022-42895`, :cve_nist:`2022-42896`, :cve_nist:`2022-4382`, :cve_nist:`2023-0266` and :cve_nist:`2023-0394`
+-  epiphany: Fix :cve_nist:`2023-26081`
+-  git: Ignore :cve_nist:`2023-22743`
+-  go: Fix :cve_nist:`2022-41722`, :cve_nist:`2022-41723`, :cve_nist:`2022-41724`, :cve_nist:`2022-41725` and :cve_nist:`2023-24532`
+-  harfbuzz: Fix :cve_nist:`2023-25193`
+-  libmicrohttpd: Fix :cve_nist:`2023-27371`
+-  libxml2: Fix :cve_nist:`2022-40303` and :cve_nist:`2022-40304`
+-  openssl: Fix :cve_nist:`2023-0464`, :cve_nist:`2023-0465` and :cve_nist:`2023-0466`
+-  python3-setuptools: Fix :cve_nist:`2022-40897`
+-  qemu: Fix :cve_nist:`2022-4144`
+-  screen: Fix :cve_nist:`2023-24626`
+-  shadow: Ignore :cve_nist:`2016-15024`
+-  tiff: Fix :cve_nist:`2022-48281`, :cve_nist:`2023-0795`, :cve_nist:`2023-0796`, :cve_nist:`2023-0797`, :cve_nist:`2023-0798`, :cve_nist:`2023-0799`, :cve_nist:`2023-0800`, :cve_nist:`2023-0801`, :cve_nist:`2023-0802`, :cve_nist:`2023-0803` and :cve_nist:`2023-0804`
+-  vim: Fix :cve_nist:`2023-1127`, :cve_nist:`2023-1170`, :cve_nist:`2023-1175`, :cve_nist:`2023-1264` and :cve_nist:`2023-1355`
+-  xdg-utils: Fix :cve_nist:`2022-4055`
+-  xserver-xorg: Fix for :cve_nist:`2023-1393`
 
 
 Fixes in Yocto-4.1.4
diff --git a/documentation/migration-guides/release-notes-4.1.rst b/documentation/migration-guides/release-notes-4.1.rst
index a0d5196128..3ad3611b80 100644
--- a/documentation/migration-guides/release-notes-4.1.rst
+++ b/documentation/migration-guides/release-notes-4.1.rst
@@ -225,36 +225,36 @@ The following corrections have been made to the :term:`LICENSE` values set by re
 Security Fixes in 4.1
 ~~~~~~~~~~~~~~~~~~~~~
 
-- bind: :cve:`2022-1183`, :cve:`2022-2795`, :cve:`2022-2881`, :cve:`2022-2906`, :cve:`2022-3080`, :cve:`2022-38178`
-- binutils: :cve:`2019-1010204`, :cve:`2022-38126`, :cve:`2022-38127`, :cve:`2022-38128`, :cve:`2022-38533`
-- busybox: :cve:`2022-30065`
-- connman: :cve:`2022-32292`, :cve:`2022-32293`
-- cups: :cve:`2022-26691`
-- e2fsprogs: :cve:`2022-1304`
-- expat: :cve:`2022-40674`
-- freetype: :cve:`2022-27404`
-- glibc: :cve:`2022-39046`
-- gnupg: :cve:`2022-34903`
-- grub2: :cve:`2021-3695`, :cve:`2021-3696`, :cve:`2021-3697`, :cve:`2022-28733`, :cve:`2022-28734`, :cve:`2022-28735`
-- inetutils: :cve:`2022-39028`
-- libtirpc: :cve:`2021-46828`
-- libxml2: :cve:`2016-3709` (ignored)
-- libxslt: :cve:`2022-29824` (not applicable)
-- linux-yocto/5.15: :cve:`2022-28796`
-- logrotate: :cve:`2022-1348`
-- lua: :cve:`2022-33099`
-- nasm: :cve:`2020-18974` (ignored)
-- ncurses: :cve:`2022-29458`
-- openssl: :cve:`2022-1292`, :cve:`2022-1343`, :cve:`2022-1434`, :cve:`2022-1473`, :cve:`2022-2068`, :cve:`2022-2274`, :cve:`2022-2097`
-- python3: :cve:`2015-20107` (ignored)
-- qemu: :cve:`2021-20255` (ignored), :cve:`2019-12067` (ignored), :cve:`2021-3507`, :cve:`2022-0216`, :cve:`2022-2962`, :cve:`2022-35414`
-- rpm: :cve:`2021-35937`, :cve:`2021-35938`, :cve:`2021-35939`
-- rsync: :cve:`2022-29154`
-- subversion: :cve:`2021-28544`, :cve:`2022-24070`
-- tiff: :cve:`2022-1210` (not applicable), :cve:`2022-1622`, :cve:`2022-1623` (invalid), :cve:`2022-2056`, :cve:`2022-2057`, :cve:`2022-2058`, :cve:`2022-2953`, :cve:`2022-34526`
-- unzip: :cve:`2022-0529`, :cve:`2022-0530`
-- vim: :cve:`2022-1381`, :cve:`2022-1420`, :cve:`2022-1621`, :cve:`2022-1629`, :cve:`2022-1674`, :cve:`2022-1733`, :cve:`2022-1735`, :cve:`2022-1769`, :cve:`2022-1771`, :cve:`2022-1785`, :cve:`2022-1796`, :cve:`2022-1927`, :cve:`2022-1942`, :cve:`2022-2257`, :cve:`2022-2264`, :cve:`2022-2284`, :cve:`2022-2285`, :cve:`2022-2286`, :cve:`2022-2287`, :cve:`2022-2816`, :cve:`2022-2817`, :cve:`2022-2819`, :cve:`2022-2845`, :cve:`2022-2849`, :cve:`2022-2862`, :cve:`2022-2874`, :cve:`2022-2889`, :cve:`2022-2980`, :cve:`2022-2946`, :cve:`2022-2982`, :cve:`2022-3099`, :cve:`2022-3134`, :cve:`2022-3234`, :cve:`2022-3278`
-- zlib: :cve:`2022-37434`
+- bind: :cve_nist:`2022-1183`, :cve_nist:`2022-2795`, :cve_nist:`2022-2881`, :cve_nist:`2022-2906`, :cve_nist:`2022-3080`, :cve_nist:`2022-38178`
+- binutils: :cve_nist:`2019-1010204`, :cve_nist:`2022-38126`, :cve_nist:`2022-38127`, :cve_nist:`2022-38128`, :cve_nist:`2022-38533`
+- busybox: :cve_nist:`2022-30065`
+- connman: :cve_nist:`2022-32292`, :cve_nist:`2022-32293`
+- cups: :cve_nist:`2022-26691`
+- e2fsprogs: :cve_nist:`2022-1304`
+- expat: :cve_nist:`2022-40674`
+- freetype: :cve_nist:`2022-27404`
+- glibc: :cve_nist:`2022-39046`
+- gnupg: :cve_nist:`2022-34903`
+- grub2: :cve_nist:`2021-3695`, :cve_nist:`2021-3696`, :cve_nist:`2021-3697`, :cve_nist:`2022-28733`, :cve_nist:`2022-28734`, :cve_nist:`2022-28735`
+- inetutils: :cve_nist:`2022-39028`
+- libtirpc: :cve_nist:`2021-46828`
+- libxml2: :cve_nist:`2016-3709` (ignored)
+- libxslt: :cve_nist:`2022-29824` (not applicable)
+- linux-yocto/5.15: :cve_nist:`2022-28796`
+- logrotate: :cve_nist:`2022-1348`
+- lua: :cve_nist:`2022-33099`
+- nasm: :cve_nist:`2020-18974` (ignored)
+- ncurses: :cve_nist:`2022-29458`
+- openssl: :cve_nist:`2022-1292`, :cve_nist:`2022-1343`, :cve_nist:`2022-1434`, :cve_nist:`2022-1473`, :cve_nist:`2022-2068`, :cve_nist:`2022-2274`, :cve_nist:`2022-2097`
+- python3: :cve_nist:`2015-20107` (ignored)
+- qemu: :cve_nist:`2021-20255` (ignored), :cve_nist:`2019-12067` (ignored), :cve_nist:`2021-3507`, :cve_nist:`2022-0216`, :cve_nist:`2022-2962`, :cve_nist:`2022-35414`
+- rpm: :cve_nist:`2021-35937`, :cve_nist:`2021-35938`, :cve_nist:`2021-35939`
+- rsync: :cve_nist:`2022-29154`
+- subversion: :cve_nist:`2021-28544`, :cve_nist:`2022-24070`
+- tiff: :cve_nist:`2022-1210` (not applicable), :cve_nist:`2022-1622`, :cve_nist:`2022-1623` (invalid), :cve_nist:`2022-2056`, :cve_nist:`2022-2057`, :cve_nist:`2022-2058`, :cve_nist:`2022-2953`, :cve_nist:`2022-34526`
+- unzip: :cve_nist:`2022-0529`, :cve_nist:`2022-0530`
+- vim: :cve_nist:`2022-1381`, :cve_nist:`2022-1420`, :cve_nist:`2022-1621`, :cve_nist:`2022-1629`, :cve_nist:`2022-1674`, :cve_nist:`2022-1733`, :cve_nist:`2022-1735`, :cve_nist:`2022-1769`, :cve_nist:`2022-1771`, :cve_nist:`2022-1785`, :cve_nist:`2022-1796`, :cve_nist:`2022-1927`, :cve_nist:`2022-1942`, :cve_nist:`2022-2257`, :cve_nist:`2022-2264`, :cve_nist:`2022-2284`, :cve_nist:`2022-2285`, :cve_nist:`2022-2286`, :cve_nist:`2022-2287`, :cve_nist:`2022-2816`, :cve_nist:`2022-2817`, :cve_nist:`2022-2819`, :cve_nist:`2022-2845`, :cve_nist:`2022-2849`, :cve_nist:`2022-2862`, :cve_nist:`2022-2874`, :cve_nist:`2022-2889`, :cve_nist:`2022-2980`, :cve_nist:`2022-2946`, :cve_nist:`2022-2982`, :cve_nist:`2022-3099`, :cve_nist:`2022-3134`, :cve_nist:`2022-3234`, :cve_nist:`2022-3278`
+- zlib: :cve_nist:`2022-37434`
 
 
 
diff --git a/documentation/migration-guides/release-notes-4.2.1.rst b/documentation/migration-guides/release-notes-4.2.1.rst
index 948c35fd67..0b2ef060fc 100644
--- a/documentation/migration-guides/release-notes-4.2.1.rst
+++ b/documentation/migration-guides/release-notes-4.2.1.rst
@@ -6,13 +6,13 @@ Release notes for Yocto-4.2.1 (Mickledore)
 Security Fixes in Yocto-4.2.1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  connman: Fix :cve:`2023-28488`
--  linux-yocto: Ignore :cve:`2023-1652` and :cve:`2023-1829`
--  ghostscript: Fix :cve:`2023-28879`
--  qemu: Ignore :cve:`2023-0664`
--  ruby: Fix :cve:`2022-28738` and :cve:`2022-28739`
--  tiff: Fix :cve:`2022-4645`
--  xwayland: Fix :cve:`2023-1393`
+-  connman: Fix :cve_nist:`2023-28488`
+-  linux-yocto: Ignore :cve_nist:`2023-1652` and :cve_nist:`2023-1829`
+-  ghostscript: Fix :cve_nist:`2023-28879`
+-  qemu: Ignore :cve_nist:`2023-0664`
+-  ruby: Fix :cve_nist:`2022-28738` and :cve_nist:`2022-28739`
+-  tiff: Fix :cve_nist:`2022-4645`
+-  xwayland: Fix :cve_nist:`2023-1393`
 
 
 Fixes in Yocto-4.2.1
diff --git a/documentation/migration-guides/release-notes-4.2.2.rst b/documentation/migration-guides/release-notes-4.2.2.rst
index 74f2d0e82a..0795c8e938 100644
--- a/documentation/migration-guides/release-notes-4.2.2.rst
+++ b/documentation/migration-guides/release-notes-4.2.2.rst
@@ -6,21 +6,21 @@ Release notes for Yocto-4.2.2 (Mickledore)
 Security Fixes in Yocto-4.2.2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  binutils: Fix :cve:`2023-1972`
--  cups: Fix :cve:`2023-32324`
--  curl: Fix :cve:`2023-28319`, :cve:`2023-28320`, :cve:`2023-28321` and :cve:`2023-28322`
--  dbus: Fix :cve:`2023-34969`
--  git: Fix :cve:`2023-25652` and :cve:`2023-29007`
--  git: Ignore :cve:`2023-25815`
--  libwebp: Fix :cve:`2023-1999`
--  libxml2: Fix :cve:`2023-28484` and :cve:`2023-29469`
--  libxpm: Fix :cve:`2022-44617`
--  ninja: Ignore :cve:`2021-4336`
--  openssl: Fix :cve:`2023-0464`, :cve:`2023-0465`, :cve:`2023-0466`, :cve:`2023-1255` and :cve:`2023-2650`
--  perl: Fix :cve:`2023-31484` and :cve:`2023-31486`
--  sysstat: Fix :cve:`2023-33204`
--  tiff: Fix :cve_mitre:`2023-25434`, :cve:`2023-26965` and :cve:`2023-2731`
--  vim: Fix :cve:`2023-2426`
+-  binutils: Fix :cve_nist:`2023-1972`
+-  cups: Fix :cve_nist:`2023-32324`
+-  curl: Fix :cve_nist:`2023-28319`, :cve_nist:`2023-28320`, :cve_nist:`2023-28321` and :cve_nist:`2023-28322`
+-  dbus: Fix :cve_nist:`2023-34969`
+-  git: Fix :cve_nist:`2023-25652` and :cve_nist:`2023-29007`
+-  git: Ignore :cve_nist:`2023-25815`
+-  libwebp: Fix :cve_nist:`2023-1999`
+-  libxml2: Fix :cve_nist:`2023-28484` and :cve_nist:`2023-29469`
+-  libxpm: Fix :cve_nist:`2022-44617`
+-  ninja: Ignore :cve_nist:`2021-4336`
+-  openssl: Fix :cve_nist:`2023-0464`, :cve_nist:`2023-0465`, :cve_nist:`2023-0466`, :cve_nist:`2023-1255` and :cve_nist:`2023-2650`
+-  perl: Fix :cve_nist:`2023-31484` and :cve_nist:`2023-31486`
+-  sysstat: Fix :cve_nist:`2023-33204`
+-  tiff: Fix :cve_mitre:`2023-25434`, :cve_nist:`2023-26965` and :cve_nist:`2023-2731`
+-  vim: Fix :cve_nist:`2023-2426`
 
 
 Fixes in Yocto-4.2.2
diff --git a/documentation/migration-guides/release-notes-4.2.3.rst b/documentation/migration-guides/release-notes-4.2.3.rst
index 3b568a1c29..86ce5b7025 100644
--- a/documentation/migration-guides/release-notes-4.2.3.rst
+++ b/documentation/migration-guides/release-notes-4.2.3.rst
@@ -6,24 +6,24 @@ Release notes for Yocto-4.2.3 (Mickledore)
 Security Fixes in Yocto-4.2.3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bind: Fix :cve:`2023-2828` and :cve:`2023-2911`
--  cups: Fix :cve:`2023-34241`
--  dmidecode: Fix :cve:`2023-30630`
--  erofs-utils: Fix :cve:`2023-33551` and :cve:`2023-33552`
--  ghostscript: Fix :cve:`2023-36664`
+-  bind: Fix :cve_nist:`2023-2828` and :cve_nist:`2023-2911`
+-  cups: Fix :cve_nist:`2023-34241`
+-  dmidecode: Fix :cve_nist:`2023-30630`
+-  erofs-utils: Fix :cve_nist:`2023-33551` and :cve_nist:`2023-33552`
+-  ghostscript: Fix :cve_nist:`2023-36664`
 -  go: Fix :cve_mitre:`2023-24531`
--  libarchive: ignore :cve:`2023-30571`
--  libjpeg-turbo: Fix :cve:`2023-2804`
--  libx11: Fix :cve:`2023-3138`
--  ncurses: Fix :cve:`2023-29491`
--  openssh: Fix :cve:`2023-38408`
--  python3-certifi: Fix :cve:`2023-37920`
--  python3-requests: Fix :cve:`2023-32681`
--  python3: Ignore :cve:`2023-36632`
--  qemu: fix :cve:`2023-0330`, :cve_mitre:`2023-2861`, :cve_mitre:`2023-3255` and :cve_mitre:`2023-3301`
--  ruby: Fix :cve:`2023-36617`
--  vim: Fix :cve:`2023-2609` and :cve:`2023-2610`
--  webkitgtk: Fix :cve:`2023-27932` and :cve:`2023-27954`
+-  libarchive: ignore :cve_nist:`2023-30571`
+-  libjpeg-turbo: Fix :cve_nist:`2023-2804`
+-  libx11: Fix :cve_nist:`2023-3138`
+-  ncurses: Fix :cve_nist:`2023-29491`
+-  openssh: Fix :cve_nist:`2023-38408`
+-  python3-certifi: Fix :cve_nist:`2023-37920`
+-  python3-requests: Fix :cve_nist:`2023-32681`
+-  python3: Ignore :cve_nist:`2023-36632`
+-  qemu: fix :cve_nist:`2023-0330`, :cve_mitre:`2023-2861`, :cve_mitre:`2023-3255` and :cve_mitre:`2023-3301`
+-  ruby: Fix :cve_nist:`2023-36617`
+-  vim: Fix :cve_nist:`2023-2609` and :cve_nist:`2023-2610`
+-  webkitgtk: Fix :cve_nist:`2023-27932` and :cve_nist:`2023-27954`
 
 
 Fixes in Yocto-4.2.3
diff --git a/documentation/migration-guides/release-notes-4.2.4.rst b/documentation/migration-guides/release-notes-4.2.4.rst
index 3c20140e29..60f878c3b0 100644
--- a/documentation/migration-guides/release-notes-4.2.4.rst
+++ b/documentation/migration-guides/release-notes-4.2.4.rst
@@ -6,44 +6,44 @@ Release notes for Yocto-4.2.4 (Mickledore)
 Security Fixes in Yocto-4.2.4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bind: Fix :cve:`2023-3341` and :cve:`2023-4236`
--  binutils: Fix :cve:`2023-39128`
--  cups: fix :cve:`2023-4504`
--  curl: Fix :cve:`2023-28320`, :cve:`2023-32001`, :cve:`2023-38039`, :cve:`2023-38545` and :cve:`2023-38546`
--  dmidecode: fix for :cve:`2023-30630`
--  dropbear: fix :cve:`2023-36328`
--  ffmpeg: Ignore :cve:`2023-39018`
--  gcc: Fix :cve:`2023-4039`
--  gdb: Fix :cve:`2023-39128`
--  ghostscript: Fix :cve:`2023-38559` and :cve:`2023-43115`
--  glibc: Fix :cve:`2023-4527` and :cve:`2023-4806`
--  go: Fix :cve:`2023-29409` and :cve:`2023-39533`
--  grub: Fix :cve:`2023-4692` and :cve:`2023-4693`
+-  bind: Fix :cve_nist:`2023-3341` and :cve_nist:`2023-4236`
+-  binutils: Fix :cve_nist:`2023-39128`
+-  cups: fix :cve_nist:`2023-4504`
+-  curl: Fix :cve_nist:`2023-28320`, :cve_nist:`2023-32001`, :cve_nist:`2023-38039`, :cve_nist:`2023-38545` and :cve_nist:`2023-38546`
+-  dmidecode: fix for :cve_nist:`2023-30630`
+-  dropbear: fix :cve_nist:`2023-36328`
+-  ffmpeg: Ignore :cve_nist:`2023-39018`
+-  gcc: Fix :cve_nist:`2023-4039`
+-  gdb: Fix :cve_nist:`2023-39128`
+-  ghostscript: Fix :cve_nist:`2023-38559` and :cve_nist:`2023-43115`
+-  glibc: Fix :cve_nist:`2023-4527` and :cve_nist:`2023-4806`
+-  go: Fix :cve_nist:`2023-29409` and :cve_nist:`2023-39533`
+-  grub: Fix :cve_nist:`2023-4692` and :cve_nist:`2023-4693`
 -  gstreamer: Fix :cve_mitre:`2023-40474`, :cve_mitre:`2023-40475` and :cve_mitre:`2023-40476`
--  inetutils: fix :cve:`2023-40303`
--  librsvg: Fix :cve:`2023-38633`
--  libssh2: Fix :cve:`2020-22218`
--  libwebp: Fix :cve:`2023-4863` and :cve:`2023-5129`
--  libx11: Fix :cve:`2023-43785`, :cve:`2023-43786` and :cve:`2023-43787`
--  libxpm: Fix :cve:`2023-43788` and :cve:`2023-43789`
--  linux-yocto/6.1: Ignore :cve:`2003-1604`, :cve:`2004-0230`, :cve:`2006-3635`, :cve:`2006-5331`, :cve:`2006-6128`, :cve:`2007-4774`, :cve:`2007-6761`, :cve:`2007-6762`, :cve:`2008-7316`, :cve:`2009-2692`, :cve:`2010-0008`, :cve:`2010-3432`, :cve:`2010-4648`, :cve:`2010-5313`, :cve:`2010-5328`, :cve:`2010-5329`, :cve:`2010-5331`, :cve:`2010-5332`, :cve:`2011-4098`, :cve:`2011-4131`, :cve:`2011-4915`, :cve:`2011-5321`, :cve:`2011-5327`, :cve:`2012-0957`, :cve:`2012-2119`, :cve:`2012-2136`, :cve:`2012-2137`, :cve:`2012-2313`, :cve:`2012-2319`, :cve:`2012-2372`, :cve:`2012-2375`, :cve:`2012-2390`, :cve:`2012-2669`, :cve:`2012-2744`, :cve:`2012-2745`, :cve:`2012-3364`, :cve:`2012-3375`, :cve:`2012-3400`, :cve:`2012-3412`, :cve:`2012-3430`, :cve:`2012-3510`, :cve:`2012-3511`, :cve:`2012-3520`, :cve:`2012-3552`, :cve:`2012-4398`, :cve:`2012-4444`, :cve:`2012-4461`, :cve:`2012-4467`, :cve:`2012-4508`, :cve:`2012-4530`, :cve:`2012-4565`, :cve:`2012-5374`, :cve:`2012-5375`, :cve:`2012-5517`, :cve:`2012-6536`, :cve:`2012-6537`, :cve:`2012-6538`, :cve:`2012-6539`, :cve:`2012-6540`, :cve:`2012-6541`, :cve:`2012-6542`, :cve:`2012-6543`, :cve:`2012-6544`, :cve:`2012-6545`, :cve:`2012-6546`, :cve:`2012-6547`, :cve:`2012-6548`, :cve:`2012-6549`, :cve:`2012-6638`, :cve:`2012-6647`, :cve:`2012-6657`, :cve:`2012-6689`, :cve:`2012-6701`, :cve:`2012-6703`, :cve:`2012-6704`, :cve:`2012-6712`, :cve:`2013-0160`, :cve:`2013-0190`, :cve:`2013-0216`, :cve:`2013-0217`, :cve:`2013-0228`, :cve:`2013-0231`, :cve:`2013-0268`, :cve:`2013-0290`, :cve:`2013-0309`, :cve:`2013-0310`, :cve:`2013-0311`, :cve:`2013-0313`, :cve:`2013-0343`, :cve:`2013-0349`, :cve:`2013-0871`, :cve:`2013-0913`, :cve:`2013-0914`, :cve:`2013-1059`, :cve:`2013-1763`, :cve:`2013-1767`, :cve:`2013-1772`, :cve:`2013-1773`, :cve:`2013-1774`, :cve:`2013-1792`, :cve:`2013-1796`, :cve:`2013-1797`, :cve:`2013-1798`, :cve:`2013-1819`, :cve:`2013-1826`, :cve:`2013-1827`, :cve:`2013-1828`, :cve:`2013-1848`, :cve:`2013-1858`, :cve:`2013-1860`, :cve:`2013-1928`, :cve:`2013-1929`, :cve:`2013-1943`, :cve:`2013-1956`, :cve:`2013-1957`, :cve:`2013-1958`, :cve:`2013-1959`, :cve:`2013-1979`, :cve:`2013-2015`, :cve:`2013-2017`, :cve:`2013-2058`, :cve:`2013-2094`, :cve:`2013-2128`, :cve:`2013-2140`, :cve:`2013-2141`, :cve:`2013-2146`, :cve:`2013-2147`, :cve:`2013-2148`, :cve:`2013-2164`, :cve:`2013-2206`, :cve:`2013-2232`, :cve:`2013-2234`, :cve:`2013-2237`, :cve:`2013-2546`, :cve:`2013-2547`, :cve:`2013-2548`, :cve:`2013-2596`, :cve:`2013-2634`, :cve:`2013-2635`, :cve:`2013-2636`, :cve:`2013-2850`, :cve:`2013-2851`, :cve:`2013-2852`, :cve:`2013-2888`, :cve:`2013-2889`, :cve:`2013-2890`, :cve:`2013-2891`, :cve:`2013-2892`, :cve:`2013-2893`, :cve:`2013-2894`, :cve:`2013-2895`, :cve:`2013-2896`, :cve:`2013-2897`, :cve:`2013-2898`, :cve:`2013-2899`, :cve:`2013-2929`, :cve:`2013-2930`, :cve:`2013-3076`, :cve:`2013-3222`, :cve:`2013-3223`, :cve:`2013-3224`, :cve:`2013-3225`, :cve:`2013-3226`, :cve:`2013-3227`, :cve:`2013-3228`, :cve:`2013-3229`, :cve:`2013-3230`, :cve:`2013-3231`, :cve:`2013-3232`, :cve:`2013-3233`, :cve:`2013-3234`, :cve:`2013-3235`, :cve:`2013-3236`, :cve:`2013-3237`, :cve:`2013-3301`, :cve:`2013-3302`, :cve:`2013-4125`, :cve:`2013-4127`, :cve:`2013-4129`, :cve:`2013-4162`, :cve:`2013-4163`, :cve:`2013-4205`, :cve:`2013-4220`, :cve:`2013-4247`, :cve:`2013-4254`, :cve:`2013-4270`, :cve:`2013-4299`, :cve:`2013-4300`, :cve:`2013-4312`, :cve:`2013-4343`, :cve:`2013-4345`, :cve:`2013-4348`, :cve:`2013-4350`, :cve:`2013-4387`, :cve:`2013-4470`, :cve:`2013-4483`, :cve:`2013-4511`, :cve:`2013-4512`, :cve:`2013-4513`, :cve:`2013-4514`, :cve:`2013-4515`, :cve:`2013-4516`, :cve:`2013-4563`, :cve:`2013-4579`, :cve:`2013-4587`, :cve:`2013-4588`, :cve:`2013-4591`, :cve:`2013-4592`, :cve:`2013-5634`, :cve:`2013-6282`, :cve:`2013-6367`, :cve:`2013-6368`, :cve:`2013-6376`, :cve:`2013-6378`, :cve:`2013-6380`, :cve:`2013-6381`, :cve:`2013-6382`, :cve:`2013-6383`, :cve:`2013-6431`, :cve:`2013-6432`, :cve:`2013-6885`, :cve:`2013-7026`, :cve:`2013-7027`, :cve:`2013-7263`, :cve:`2013-7264`, :cve:`2013-7265`, :cve:`2013-7266`, :cve:`2013-7267`, :cve:`2013-7268`, :cve:`2013-7269`, :cve:`2013-7270`, :cve:`2013-7271`, :cve:`2013-7281`, :cve:`2013-7339`, :cve:`2013-7348`, :cve:`2013-7421`, :cve:`2013-7446`, :cve:`2013-7470`, :cve:`2014-0038`, :cve:`2014-0049`, :cve:`2014-0055`, :cve:`2014-0069`, :cve:`2014-0077`, :cve:`2014-0100`, :cve:`2014-0101`, :cve:`2014-0102`, :cve:`2014-0131`, :cve:`2014-0155`, :cve:`2014-0181`, :cve:`2014-0196`, :cve:`2014-0203`, :cve:`2014-0205`, :cve:`2014-0206`, :cve:`2014-1438`, :cve:`2014-1444`, :cve:`2014-1445`, :cve:`2014-1446`, :cve:`2014-1690`, :cve:`2014-1737`, :cve:`2014-1738`, :cve:`2014-1739`, :cve:`2014-1874`, :cve:`2014-2038`, :cve:`2014-2039`, :cve:`2014-2309`, :cve:`2014-2523`, :cve:`2014-2568`, :cve:`2014-2580`, :cve:`2014-2672`, :cve:`2014-2673`, :cve:`2014-2678`, :cve:`2014-2706`, :cve:`2014-2739`, :cve:`2014-2851`, :cve:`2014-2889`, :cve:`2014-3122`, :cve:`2014-3144`, :cve:`2014-3145`, :cve:`2014-3153`, :cve:`2014-3180`, :cve:`2014-3181`, :cve:`2014-3182`, :cve:`2014-3183`, :cve:`2014-3184`, :cve:`2014-3185`, :cve:`2014-3186`, :cve:`2014-3534`, :cve:`2014-3535`, :cve:`2014-3601`, :cve:`2014-3610`, :cve:`2014-3611`, :cve:`2014-3631`, :cve:`2014-3645`, :cve:`2014-3646`, :cve:`2014-3647`, :cve:`2014-3673`, :cve:`2014-3687`, :cve:`2014-3688`, :cve:`2014-3690`, :cve:`2014-3917`, :cve:`2014-3940`, :cve:`2014-4014`, :cve:`2014-4027`, :cve:`2014-4157`, :cve:`2014-4171`, :cve:`2014-4508`, :cve:`2014-4608`, :cve:`2014-4611`, :cve:`2014-4652`, :cve:`2014-4653`, :cve:`2014-4654`, :cve:`2014-4655`, :cve:`2014-4656`, :cve:`2014-4667`, :cve:`2014-4699`, :cve:`2014-4943`, :cve:`2014-5045`, :cve:`2014-5077`, :cve:`2014-5206`, :cve:`2014-5207`, :cve:`2014-5471`, :cve:`2014-5472`, :cve:`2014-6410`, :cve:`2014-6416`, :cve:`2014-6417`, :cve:`2014-6418`, :cve:`2014-7145`, :cve:`2014-7283`, :cve:`2014-7284`, :cve:`2014-7822`, :cve:`2014-7825`, :cve:`2014-7826`, :cve:`2014-7841`, :cve:`2014-7842`, :cve:`2014-7843`, :cve:`2014-7970`, :cve:`2014-7975`, :cve:`2014-8086`, :cve:`2014-8133`, :cve:`2014-8134`, :cve:`2014-8159`, :cve:`2014-8160`, :cve:`2014-8171`, :cve:`2014-8172`, :cve:`2014-8173`, :cve:`2014-8369`, :cve:`2014-8480`, :cve:`2014-8481`, :cve:`2014-8559`, :cve:`2014-8709`, :cve:`2014-8884`, :cve:`2014-8989`, :cve:`2014-9090`, :cve:`2014-9322`, :cve:`2014-9419`, :cve:`2014-9420`, :cve:`2014-9428`, :cve:`2014-9529`, :cve:`2014-9584`, :cve:`2014-9585`, :cve:`2014-9644`, :cve:`2014-9683`, :cve:`2014-9710`, :cve:`2014-9715`, :cve:`2014-9717`, :cve:`2014-9728`, :cve:`2014-9729`, :cve:`2014-9730`, :cve:`2014-9731`, :cve:`2014-9803`, :cve:`2014-9870`, :cve:`2014-9888`, :cve:`2014-9895`, :cve:`2014-9903`, :cve:`2014-9904`, :cve:`2014-9914`, :cve:`2014-9922`, :cve:`2014-9940`, :cve:`2015-0239`, :cve:`2015-0274`, :cve:`2015-0275`, :cve:`2015-1333`, :cve:`2015-1339`, :cve:`2015-1350`, :cve:`2015-1420`, :cve:`2015-1421`, :cve:`2015-1465`, :cve:`2015-1573`, :cve:`2015-1593`, :cve:`2015-1805`, :cve:`2015-2041`, :cve:`2015-2042`, :cve:`2015-2150`, :cve:`2015-2666`, :cve:`2015-2672`, :cve:`2015-2686`, :cve:`2015-2830`, :cve:`2015-2922`, :cve:`2015-2925`, :cve:`2015-3212`, :cve:`2015-3214`, :cve:`2015-3288`, :cve:`2015-3290`, :cve:`2015-3291`, :cve:`2015-3331`, :cve:`2015-3339`, :cve:`2015-3636`, :cve:`2015-4001`, :cve:`2015-4002`, :cve:`2015-4003`, :cve:`2015-4004`, :cve:`2015-4036`, :cve:`2015-4167`, :cve:`2015-4170`, :cve:`2015-4176`, :cve:`2015-4177`, :cve:`2015-4178`, :cve:`2015-4692`, :cve:`2015-4700`, :cve:`2015-5156`, :cve:`2015-5157`, :cve:`2015-5257`, :cve:`2015-5283`, :cve:`2015-5307`, :cve:`2015-5327`, :cve:`2015-5364`, :cve:`2015-5366`, :cve:`2015-5697`, :cve:`2015-5706`, :cve:`2015-5707`, :cve:`2015-6252`, :cve:`2015-6526`, :cve:`2015-6937`, :cve:`2015-7509`, :cve:`2015-7513`, :cve:`2015-7515`, :cve:`2015-7550`, :cve:`2015-7566`, :cve:`2015-7613`, :cve:`2015-7799`, :cve:`2015-7833`, :cve:`2015-7872`, :cve:`2015-7884`, :cve:`2015-7885`, :cve:`2015-7990`, :cve:`2015-8104`, :cve:`2015-8215`, :cve:`2015-8324`, :cve:`2015-8374`, :cve:`2015-8539`, :cve:`2015-8543`, :cve:`2015-8550`, :cve:`2015-8551`, :cve:`2015-8552`, :cve:`2015-8553`, :cve:`2015-8569`, :cve:`2015-8575`, :cve:`2015-8660`, :cve:`2015-8709`, :cve:`2015-8746`, :cve:`2015-8767`, :cve:`2015-8785`, :cve:`2015-8787`, :cve:`2015-8812`, :cve:`2015-8816`, :cve:`2015-8830`, :cve:`2015-8839`, :cve:`2015-8844`, :cve:`2015-8845`, :cve:`2015-8950`, :cve:`2015-8952`, :cve:`2015-8953`, :cve:`2015-8955`, :cve:`2015-8956`, :cve:`2015-8961`, :cve:`2015-8962`, :cve:`2015-8963`, :cve:`2015-8964`, :cve:`2015-8966`, :cve:`2015-8967`, :cve:`2015-8970`, :cve:`2015-9004`, :cve:`2015-9016`, :cve:`2015-9289`, :cve:`2016-0617`, :cve:`2016-0723`, :cve:`2016-0728`, :cve:`2016-0758`, :cve:`2016-0821`, :cve:`2016-0823`, :cve:`2016-10044`, :cve:`2016-10088`, :cve:`2016-10147`, :cve:`2016-10150`, :cve:`2016-10153`, :cve:`2016-10154`, :cve:`2016-10200`, :cve:`2016-10208`, :cve:`2016-10229`, :cve:`2016-10318`, :cve:`2016-10723`, :cve:`2016-10741`, :cve:`2016-10764`, :cve:`2016-10905`, :cve:`2016-10906`, :cve:`2016-10907`, :cve:`2016-1237`, :cve:`2016-1575`, :cve:`2016-1576`, :cve:`2016-1583`, :cve:`2016-2053`, :cve:`2016-2069`, :cve:`2016-2070`, :cve:`2016-2085`, :cve:`2016-2117`, :cve:`2016-2143`, :cve:`2016-2184`, :cve:`2016-2185`, :cve:`2016-2186`, :cve:`2016-2187`, :cve:`2016-2188`, :cve:`2016-2383`, :cve:`2016-2384`, :cve:`2016-2543`, :cve:`2016-2544`, :cve:`2016-2545`, :cve:`2016-2546`, :cve:`2016-2547`, :cve:`2016-2548`, :cve:`2016-2549`, :cve:`2016-2550`, :cve:`2016-2782`, :cve:`2016-2847`, :cve:`2016-3044`, :cve:`2016-3070`, :cve:`2016-3134`, :cve:`2016-3135`, :cve:`2016-3136`, :cve:`2016-3137`, :cve:`2016-3138`, :cve:`2016-3139`, :cve:`2016-3140`, :cve:`2016-3156`, :cve:`2016-3157`, :cve:`2016-3672`, :cve:`2016-3689`, :cve:`2016-3713`, :cve:`2016-3841`, :cve:`2016-3857`, :cve:`2016-3951`, :cve:`2016-3955`, :cve:`2016-3961`, :cve:`2016-4440`, :cve:`2016-4470`, :cve:`2016-4482`, :cve:`2016-4485`, :cve:`2016-4486`, :cve:`2016-4557`, :cve:`2016-4558`, :cve:`2016-4565`, :cve:`2016-4568`, :cve:`2016-4569`, :cve:`2016-4578`, :cve:`2016-4580`, :cve:`2016-4581`, :cve:`2016-4794`, :cve:`2016-4805`, :cve:`2016-4913`, :cve:`2016-4951`, :cve:`2016-4997`, :cve:`2016-4998`, :cve:`2016-5195`, :cve:`2016-5243`, :cve:`2016-5244`, :cve:`2016-5400`, :cve:`2016-5412`, :cve:`2016-5696`, :cve:`2016-5728`, :cve:`2016-5828`, :cve:`2016-5829`, :cve:`2016-6130`, :cve:`2016-6136`, :cve:`2016-6156`, :cve:`2016-6162`, :cve:`2016-6187`, :cve:`2016-6197`, :cve:`2016-6198`, :cve:`2016-6213`, :cve:`2016-6327`, :cve:`2016-6480`, :cve:`2016-6516`, :cve:`2016-6786`, :cve:`2016-6787`, :cve:`2016-6828`, :cve:`2016-7039`, :cve:`2016-7042`, :cve:`2016-7097`, :cve:`2016-7117`, :cve:`2016-7425`, :cve:`2016-7910`, :cve:`2016-7911`, :cve:`2016-7912`, :cve:`2016-7913`, :cve:`2016-7914`, :cve:`2016-7915`, :cve:`2016-7916`, :cve:`2016-7917`, :cve:`2016-8399`, :cve:`2016-8405`, :cve:`2016-8630`, :cve:`2016-8632`, :cve:`2016-8633`, :cve:`2016-8636`, :cve:`2016-8645`, :cve:`2016-8646`, :cve:`2016-8650`, :cve:`2016-8655`, :cve:`2016-8658`, :cve:`2016-8666`, :cve:`2016-9083`, :cve:`2016-9084`, :cve:`2016-9120`, :cve:`2016-9178`, :cve:`2016-9191`, :cve:`2016-9313`, :cve:`2016-9555`, :cve:`2016-9576`, :cve:`2016-9588`, :cve:`2016-9604`, :cve:`2016-9685`, :cve:`2016-9754`, :cve:`2016-9755`, :cve:`2016-9756`, :cve:`2016-9777`, :cve:`2016-9793`, :cve:`2016-9794`, :cve:`2016-9806`, :cve:`2016-9919`, :cve:`2017-0605`, :cve:`2017-0627`, :cve:`2017-0750`, :cve:`2017-0786`, :cve:`2017-0861`, :cve:`2017-1000`, :cve:`2017-1000111`, :cve:`2017-1000112`, :cve:`2017-1000251`, :cve:`2017-1000252`, :cve:`2017-1000253`, :cve:`2017-1000255`, :cve:`2017-1000363`, :cve:`2017-1000364`, :cve:`2017-1000365`, :cve:`2017-1000370`, :cve:`2017-1000371`, :cve:`2017-1000379`, :cve:`2017-1000380`, :cve:`2017-1000405`, :cve:`2017-1000407`, :cve:`2017-1000410`, :cve:`2017-10661`, :cve:`2017-10662`, :cve:`2017-10663`, :cve:`2017-10810`, :cve:`2017-10911`, :cve:`2017-11089`, :cve:`2017-11176`, :cve:`2017-11472`, :cve:`2017-11473`, :cve:`2017-11600`, :cve:`2017-12134`, :cve:`2017-12146`, :cve:`2017-12153`, :cve:`2017-12154`, :cve:`2017-12168`, :cve:`2017-12188`, :cve:`2017-12190`, :cve:`2017-12192`, :cve:`2017-12193`, :cve:`2017-12762`, :cve:`2017-13080`, :cve:`2017-13166`, :cve:`2017-13167`, :cve:`2017-13168`, :cve:`2017-13215`, :cve:`2017-13216`, :cve:`2017-13220`, :cve:`2017-13305`, :cve:`2017-13686`, :cve:`2017-13695`, :cve:`2017-13715`, :cve:`2017-14051`, :cve:`2017-14106`, :cve:`2017-14140`, :cve:`2017-14156`, :cve:`2017-14340`, :cve:`2017-14489`, :cve:`2017-14497`, :cve:`2017-14954`, :cve:`2017-14991`, :cve:`2017-15102`, :cve:`2017-15115`, :cve:`2017-15116`, :cve:`2017-15121`, :cve:`2017-15126`, :cve:`2017-15127`, :cve:`2017-15128`, :cve:`2017-15129`, :cve:`2017-15265`, :cve:`2017-15274`, :cve:`2017-15299`, :cve:`2017-15306`, :cve:`2017-15537`, :cve:`2017-15649`, :cve:`2017-15868`, :cve:`2017-15951`, :cve:`2017-16525`, :cve:`2017-16526`, :cve:`2017-16527`, :cve:`2017-16528`, :cve:`2017-16529`, :cve:`2017-16530`, :cve:`2017-16531`, :cve:`2017-16532`, :cve:`2017-16533`, :cve:`2017-16534`, :cve:`2017-16535`, :cve:`2017-16536`, :cve:`2017-16537`, :cve:`2017-16538`, :cve:`2017-16643`, :cve:`2017-16644`, :cve:`2017-16645`, :cve:`2017-16646`, :cve:`2017-16647`, :cve:`2017-16648`, :cve:`2017-16649`, :cve:`2017-16650`, :cve:`2017-16911`, :cve:`2017-16912`, :cve:`2017-16913`, :cve:`2017-16914`, :cve:`2017-16939`, :cve:`2017-16994`, :cve:`2017-16995`, :cve:`2017-16996`, :cve:`2017-17052`, :cve:`2017-17053`, :cve:`2017-17448`, :cve:`2017-17449`, :cve:`2017-17450`, :cve:`2017-17558`, :cve:`2017-17712`, :cve:`2017-17741`, :cve:`2017-17805`, :cve:`2017-17806`, :cve:`2017-17807`, :cve:`2017-17852`, :cve:`2017-17853`, :cve:`2017-17854`, :cve:`2017-17855`, :cve:`2017-17856`, :cve:`2017-17857`, :cve:`2017-17862`, :cve:`2017-17863`, :cve:`2017-17864`, :cve:`2017-17975`, :cve:`2017-18017`, :cve:`2017-18075`, :cve:`2017-18079`, :cve:`2017-18174`, :cve:`2017-18193`, :cve:`2017-18200`, :cve:`2017-18202`, :cve:`2017-18203`, :cve:`2017-18204`, :cve:`2017-18208`, :cve:`2017-18216`, :cve:`2017-18218`, :cve:`2017-18221`, :cve:`2017-18222`, :cve:`2017-18224`, :cve:`2017-18232`, :cve:`2017-18241`, :cve:`2017-18249`, :cve:`2017-18255`, :cve:`2017-18257`, :cve:`2017-18261`, :cve:`2017-18270`, :cve:`2017-18344`, :cve:`2017-18360`, :cve:`2017-18379`, :cve:`2017-18509`, :cve:`2017-18549`, :cve:`2017-18550`, :cve:`2017-18551`, :cve:`2017-18552`, :cve:`2017-18595`, :cve:`2017-2583`, :cve:`2017-2584`, :cve:`2017-2596`, :cve:`2017-2618`, :cve:`2017-2634`, :cve:`2017-2636`, :cve:`2017-2647`, :cve:`2017-2671`, :cve:`2017-5123`, :cve:`2017-5546`, :cve:`2017-5547`, :cve:`2017-5548`, :cve:`2017-5549`, :cve:`2017-5550`, :cve:`2017-5551`, :cve:`2017-5576`, :cve:`2017-5577`, :cve:`2017-5669`, :cve:`2017-5715`, :cve:`2017-5753`, :cve:`2017-5754`, :cve:`2017-5897`, :cve:`2017-5967`, :cve:`2017-5970`, :cve:`2017-5972`, :cve:`2017-5986`, :cve:`2017-6001`, :cve:`2017-6074`, :cve:`2017-6214`, :cve:`2017-6345`, :cve:`2017-6346`, :cve:`2017-6347`, :cve:`2017-6348`, :cve:`2017-6353`, :cve:`2017-6874`, :cve:`2017-6951`, :cve:`2017-7184`, :cve:`2017-7187`, :cve:`2017-7261`, :cve:`2017-7273`, :cve:`2017-7277`, :cve:`2017-7294`, :cve:`2017-7308`, :cve:`2017-7346`, :cve:`2017-7374`, :cve:`2017-7472`, :cve:`2017-7477`, :cve:`2017-7482`, :cve:`2017-7487`, :cve:`2017-7495`, :cve:`2017-7518`, :cve:`2017-7533`, :cve:`2017-7541`, :cve:`2017-7542`, :cve:`2017-7558`, :cve:`2017-7616`, :cve:`2017-7618`, :cve:`2017-7645`, :cve:`2017-7889`, :cve:`2017-7895`, :cve:`2017-7979`, :cve:`2017-8061`, :cve:`2017-8062`, :cve:`2017-8063`, :cve:`2017-8064`, :cve:`2017-8065`, :cve:`2017-8066`, :cve:`2017-8067`, :cve:`2017-8068`, :cve:`2017-8069`, :cve:`2017-8070`, :cve:`2017-8071`, :cve:`2017-8072`, :cve:`2017-8106`, :cve:`2017-8240`, :cve:`2017-8797`, :cve:`2017-8824`, :cve:`2017-8831`, :cve:`2017-8890`, :cve:`2017-8924`, :cve:`2017-8925`, :cve:`2017-9059`, :cve:`2017-9074`, :cve:`2017-9075`, :cve:`2017-9076`, :cve:`2017-9077`, :cve:`2017-9150`, :cve:`2017-9211`, :cve:`2017-9242`, :cve:`2017-9605`, :cve:`2017-9725`, :cve:`2017-9984`, :cve:`2017-9985`, :cve:`2017-9986`, :cve:`2018-1000004`, :cve:`2018-1000026`, :cve:`2018-1000028`, :cve:`2018-1000199`, :cve:`2018-1000200`, :cve:`2018-1000204`, :cve:`2018-10021`, :cve:`2018-10074`, :cve:`2018-10087`, :cve:`2018-10124`, :cve:`2018-10322`, :cve:`2018-10323`, :cve:`2018-1065`, :cve:`2018-1066`, :cve:`2018-10675`, :cve:`2018-1068`, :cve:`2018-10840`, :cve:`2018-10853`, :cve:`2018-1087`, :cve:`2018-10876`, :cve:`2018-10877`, :cve:`2018-10878`, :cve:`2018-10879`, :cve:`2018-10880`, :cve:`2018-10881`, :cve:`2018-10882`, :cve:`2018-10883`, :cve:`2018-10901`, :cve:`2018-10902`, :cve:`2018-1091`, :cve:`2018-1092`, :cve:`2018-1093`, :cve:`2018-10938`, :cve:`2018-1094`, :cve:`2018-10940`, :cve:`2018-1095`, :cve:`2018-1108`, :cve:`2018-1118`, :cve:`2018-1120`, :cve:`2018-11232`, :cve:`2018-1128`, :cve:`2018-1129`, :cve:`2018-1130`, :cve:`2018-11412`, :cve:`2018-11506`, :cve:`2018-11508`, :cve:`2018-12126`, :cve:`2018-12127`, :cve:`2018-12130`, :cve:`2018-12207`, :cve:`2018-12232`, :cve:`2018-12233`, :cve:`2018-12633`, :cve:`2018-12714`, :cve:`2018-12896`, :cve:`2018-12904`, :cve:`2018-13053`, :cve:`2018-13093`, :cve:`2018-13094`, :cve:`2018-13095`, :cve:`2018-13096`, :cve:`2018-13097`, :cve:`2018-13098`, :cve:`2018-13099`, :cve:`2018-13100`, :cve:`2018-13405`, :cve:`2018-13406`, :cve:`2018-14609`, :cve:`2018-14610`, :cve:`2018-14611`, :cve:`2018-14612`, :cve:`2018-14613`, :cve:`2018-14614`, :cve:`2018-14615`, :cve:`2018-14616`, :cve:`2018-14617`, :cve:`2018-14619`, :cve:`2018-14625`, :cve:`2018-14633`, :cve:`2018-14634`, :cve:`2018-14641`, :cve:`2018-14646`, :cve:`2018-14656`, :cve:`2018-14678`, :cve:`2018-14734`, :cve:`2018-15471`, :cve:`2018-15572`, :cve:`2018-15594`, :cve:`2018-16276`, :cve:`2018-16597`, :cve:`2018-16658`, :cve:`2018-16862`, :cve:`2018-16871`, :cve:`2018-16880`, :cve:`2018-16882`, :cve:`2018-16884`, :cve:`2018-17182`, :cve:`2018-17972`, :cve:`2018-18021`, :cve:`2018-18281`, :cve:`2018-18386`, :cve:`2018-18397`, :cve:`2018-18445`, :cve:`2018-18559`, :cve:`2018-18690`, :cve:`2018-18710`, :cve:`2018-18955`, :cve:`2018-19406`, :cve:`2018-19407`, :cve:`2018-19824`, :cve:`2018-19854`, :cve:`2018-19985`, :cve:`2018-20169`, :cve:`2018-20449`, :cve:`2018-20509`, :cve:`2018-20510`, :cve:`2018-20511`, :cve:`2018-20669`, :cve:`2018-20784`, :cve:`2018-20836`, :cve:`2018-20854`, :cve:`2018-20855`, :cve:`2018-20856`, :cve:`2018-20961`, :cve:`2018-20976`, :cve:`2018-21008`, :cve:`2018-25015`, :cve:`2018-25020`, :cve:`2018-3620`, :cve:`2018-3639`, :cve:`2018-3646`, :cve:`2018-3665`, :cve:`2018-3693`, :cve:`2018-5332`, :cve:`2018-5333`, :cve:`2018-5344`, :cve:`2018-5390`, :cve:`2018-5391`, :cve:`2018-5703`, :cve:`2018-5750`, :cve:`2018-5803`, :cve:`2018-5814`, :cve:`2018-5848`, :cve:`2018-5873`, :cve:`2018-5953`, :cve:`2018-5995`, :cve:`2018-6412`, :cve:`2018-6554`, :cve:`2018-6555`, :cve:`2018-6927`, :cve:`2018-7191`, :cve:`2018-7273`, :cve:`2018-7480`, :cve:`2018-7492`, :cve:`2018-7566`, :cve:`2018-7740`, :cve:`2018-7754`, :cve:`2018-7755`, :cve:`2018-7757`, :cve:`2018-7995`, :cve:`2018-8043`, :cve_mitre:`2018-8087`, :cve_mitre:`2018-8781`, :cve_mitre:`2018-8822`, :cve_mitre:`2018-8897`, :cve_mitre:`2018-9363`, :cve_mitre:`2018-9385`, :cve_mitre:`2018-9415`, :cve_mitre:`2018-9422`, :cve_mitre:`2018-9465`, :cve_mitre:`2018-9516`, :cve_mitre:`2018-9517`, :cve_mitre:`2018-9518` and :cve_mitre:`2018-9568`
--  linux-yocto/6.1 (Continued): Ignore :cve:`2019-0136`, :cve:`2019-0145`, :cve:`2019-0146`, :cve:`2019-0147`, :cve:`2019-0148`, :cve:`2019-0149`, :cve:`2019-0154`, :cve:`2019-0155`, :cve:`2019-10124`, :cve:`2019-10125`, :cve:`2019-10126`, :cve:`2019-10142`, :cve:`2019-10207`, :cve:`2019-10220`, :cve:`2019-10638`, :cve:`2019-10639`, :cve:`2019-11085`, :cve:`2019-11091`, :cve:`2019-11135`, :cve:`2019-11190`, :cve:`2019-11191`, :cve:`2019-1125`, :cve:`2019-11477`, :cve:`2019-11478`, :cve:`2019-11479`, :cve:`2019-11486`, :cve:`2019-11487`, :cve:`2019-11599`, :cve:`2019-11683`, :cve:`2019-11810`, :cve:`2019-11811`, :cve:`2019-11815`, :cve:`2019-11833`, :cve:`2019-11884`, :cve:`2019-12378`, :cve:`2019-12379`, :cve:`2019-12380`, :cve:`2019-12381`, :cve:`2019-12382`, :cve:`2019-12454`, :cve:`2019-12455`, :cve:`2019-12614`, :cve:`2019-12615`, :cve:`2019-12817`, :cve:`2019-12818`, :cve:`2019-12819`, :cve:`2019-12881`, :cve:`2019-12984`, :cve:`2019-13233`, :cve:`2019-13272`, :cve:`2019-13631`, :cve:`2019-13648`, :cve:`2019-14283`, :cve:`2019-14284`, :cve:`2019-14615`, :cve:`2019-14763`, :cve:`2019-14814`, :cve:`2019-14815`, :cve:`2019-14816`, :cve:`2019-14821`, :cve:`2019-14835`, :cve:`2019-14895`, :cve:`2019-14896`, :cve:`2019-14897`, :cve:`2019-14901`, :cve:`2019-15030`, :cve:`2019-15031`, :cve:`2019-15090`, :cve:`2019-15098`, :cve:`2019-15099`, :cve:`2019-15117`, :cve:`2019-15118`, :cve:`2019-15211`, :cve:`2019-15212`, :cve:`2019-15213`, :cve:`2019-15214`, :cve:`2019-15215`, :cve:`2019-15216`, :cve:`2019-15217`, :cve:`2019-15218`, :cve:`2019-15219`, :cve:`2019-15220`, :cve:`2019-15221`, :cve:`2019-15222`, :cve:`2019-15223`, :cve:`2019-15291`, :cve:`2019-15292`, :cve:`2019-15504`, :cve:`2019-15505`, :cve:`2019-15538`, :cve:`2019-15666`, :cve:`2019-15794`, :cve:`2019-15807`, :cve:`2019-15916`, :cve:`2019-15917`, :cve:`2019-15918`, :cve:`2019-15919`, :cve:`2019-15920`, :cve:`2019-15921`, :cve:`2019-15922`, :cve:`2019-15923`, :cve:`2019-15924`, :cve:`2019-15925`, :cve:`2019-15926`, :cve:`2019-15927`, :cve:`2019-16229`, :cve:`2019-16230`, :cve:`2019-16231`, :cve:`2019-16232`, :cve:`2019-16233`, :cve:`2019-16234`, :cve:`2019-16413`, :cve:`2019-16714`, :cve:`2019-16746`, :cve:`2019-16921`, :cve:`2019-16994`, :cve:`2019-16995`, :cve:`2019-17052`, :cve:`2019-17053`, :cve:`2019-17054`, :cve:`2019-17055`, :cve:`2019-17056`, :cve:`2019-17075`, :cve:`2019-17133`, :cve:`2019-17351`, :cve:`2019-17666`, :cve:`2019-18198`, :cve:`2019-18282`, :cve:`2019-18660`, :cve:`2019-18675`, :cve:`2019-18683`, :cve:`2019-18786`, :cve:`2019-18805`, :cve:`2019-18806`, :cve:`2019-18807`, :cve:`2019-18808`, :cve:`2019-18809`, :cve:`2019-18810`, :cve:`2019-18811`, :cve:`2019-18812`, :cve:`2019-18813`, :cve:`2019-18814`, :cve:`2019-18885`, :cve:`2019-19036`, :cve:`2019-19037`, :cve:`2019-19039`, :cve:`2019-19043`, :cve:`2019-19044`, :cve:`2019-19045`, :cve:`2019-19046`, :cve:`2019-19047`, :cve:`2019-19048`, :cve:`2019-19049`, :cve:`2019-19050`, :cve:`2019-19051`, :cve:`2019-19052`, :cve:`2019-19053`, :cve:`2019-19054`, :cve:`2019-19055`, :cve:`2019-19056`, :cve:`2019-19057`, :cve:`2019-19058`, :cve:`2019-19059`, :cve:`2019-19060`, :cve:`2019-19061`, :cve:`2019-19062`, :cve:`2019-19063`, :cve:`2019-19064`, :cve:`2019-19065`, :cve:`2019-19066`, :cve:`2019-19067`, :cve:`2019-19068`, :cve:`2019-19069`, :cve:`2019-19070`, :cve:`2019-19071`, :cve:`2019-19072`, :cve:`2019-19073`, :cve:`2019-19074`, :cve:`2019-19075`, :cve:`2019-19076`, :cve:`2019-19077`, :cve:`2019-19078`, :cve:`2019-19079`, :cve:`2019-19080`, :cve:`2019-19081`, :cve:`2019-19082`, :cve:`2019-19083`, :cve:`2019-19227`, :cve:`2019-19241`, :cve:`2019-19252`, :cve:`2019-19318`, :cve:`2019-19319`, :cve:`2019-19332`, :cve:`2019-19338`, :cve:`2019-19377`, :cve:`2019-19447`, :cve:`2019-19448`, :cve:`2019-19449`, :cve:`2019-19462`, :cve:`2019-19523`, :cve:`2019-19524`, :cve:`2019-19525`, :cve:`2019-19526`, :cve:`2019-19527`, :cve:`2019-19528`, :cve:`2019-19529`, :cve:`2019-19530`, :cve:`2019-19531`, :cve:`2019-19532`, :cve:`2019-19533`, :cve:`2019-19534`, :cve:`2019-19535`, :cve:`2019-19536`, :cve:`2019-19537`, :cve:`2019-19543`, :cve:`2019-19602`, :cve:`2019-19767`, :cve:`2019-19768`, :cve:`2019-19769`, :cve:`2019-19770`, :cve:`2019-19807`, :cve:`2019-19813`, :cve:`2019-19815`, :cve:`2019-19816`, :cve:`2019-19922`, :cve:`2019-19927`, :cve:`2019-19947`, :cve:`2019-19965`, :cve:`2019-19966`, :cve:`2019-1999`, :cve:`2019-20054`, :cve:`2019-20095`, :cve:`2019-20096`, :cve:`2019-2024`, :cve:`2019-2025`, :cve:`2019-20422`, :cve:`2019-2054`, :cve:`2019-20636`, :cve:`2019-20806`, :cve:`2019-20810`, :cve:`2019-20811`, :cve:`2019-20812`, :cve:`2019-20908`, :cve:`2019-20934`, :cve:`2019-2101`, :cve:`2019-2181`, :cve:`2019-2182`, :cve:`2019-2213`, :cve:`2019-2214`, :cve:`2019-2215`, :cve:`2019-25044`, :cve:`2019-25045`, :cve:`2019-3016`, :cve:`2019-3459`, :cve:`2019-3460`, :cve:`2019-3701`, :cve:`2019-3819`, :cve:`2019-3837`, :cve:`2019-3846`, :cve:`2019-3874`, :cve:`2019-3882`, :cve:`2019-3887`, :cve:`2019-3892`, :cve:`2019-3896`, :cve:`2019-3900`, :cve:`2019-3901`, :cve:`2019-5108`, :cve:`2019-6133`, :cve:`2019-6974`, :cve:`2019-7221`, :cve:`2019-7222`, :cve:`2019-7308`, :cve:`2019-8912`, :cve:`2019-8956`, :cve:`2019-8980`, :cve:`2019-9003`, :cve:`2019-9162`, :cve:`2019-9213`, :cve:`2019-9245`, :cve:`2019-9444`, :cve:`2019-9445`, :cve:`2019-9453`, :cve:`2019-9454`, :cve:`2019-9455`, :cve:`2019-9456`, :cve:`2019-9457`, :cve:`2019-9458`, :cve:`2019-9466`, :cve:`2019-9500`, :cve:`2019-9503`, :cve:`2019-9506`, :cve:`2019-9857`, :cve:`2020-0009`, :cve:`2020-0030`, :cve:`2020-0041`, :cve:`2020-0066`, :cve:`2020-0067`, :cve:`2020-0110`, :cve:`2020-0255`, :cve:`2020-0305`, :cve:`2020-0404`, :cve:`2020-0423`, :cve:`2020-0427`, :cve:`2020-0429`, :cve:`2020-0430`, :cve:`2020-0431`, :cve:`2020-0432`, :cve:`2020-0433`, :cve:`2020-0435`, :cve:`2020-0444`, :cve:`2020-0465`, :cve:`2020-0466`, :cve:`2020-0543`, :cve:`2020-10135`, :cve:`2020-10690`, :cve:`2020-10711`, :cve:`2020-10720`, :cve:`2020-10732`, :cve:`2020-10742`, :cve:`2020-10751`, :cve:`2020-10757`, :cve:`2020-10766`, :cve:`2020-10767`, :cve:`2020-10768`, :cve:`2020-10769`, :cve:`2020-10773`, :cve:`2020-10781`, :cve:`2020-10942`, :cve:`2020-11494`, :cve:`2020-11565`, :cve:`2020-11608`, :cve:`2020-11609`, :cve:`2020-11668`, :cve:`2020-11669`, :cve:`2020-11884`, :cve:`2020-12114`, :cve:`2020-12351`, :cve:`2020-12352`, :cve:`2020-12362`, :cve:`2020-12363`, :cve:`2020-12364`, :cve:`2020-12464`, :cve:`2020-12465`, :cve:`2020-12652`, :cve:`2020-12653`, :cve:`2020-12654`, :cve:`2020-12655`, :cve:`2020-12656`, :cve:`2020-12657`, :cve:`2020-12659`, :cve:`2020-12768`, :cve:`2020-12769`, :cve:`2020-12770`, :cve:`2020-12771`, :cve:`2020-12826`, :cve:`2020-12888`, :cve:`2020-12912`, :cve:`2020-13143`, :cve:`2020-13974`, :cve:`2020-14305`, :cve:`2020-14314`, :cve:`2020-14331`, :cve:`2020-14351`, :cve:`2020-14353`, :cve:`2020-14356`, :cve:`2020-14381`, :cve:`2020-14385`, :cve:`2020-14386`, :cve:`2020-14390`, :cve:`2020-14416`, :cve:`2020-15393`, :cve:`2020-15436`, :cve:`2020-15437`, :cve:`2020-15780`, :cve:`2020-15852`, :cve:`2020-16119`, :cve:`2020-16120`, :cve:`2020-16166`, :cve:`2020-1749`, :cve:`2020-24394`, :cve:`2020-24490`, :cve:`2020-24504`, :cve:`2020-24586`, :cve:`2020-24587`, :cve:`2020-24588`, :cve:`2020-25211`, :cve:`2020-25212`, :cve:`2020-25221`, :cve:`2020-25284`, :cve:`2020-25285`, :cve:`2020-25639`, :cve:`2020-25641`, :cve:`2020-25643`, :cve:`2020-25645`, :cve:`2020-25656`, :cve:`2020-25668`, :cve:`2020-25669`, :cve:`2020-25670`, :cve:`2020-25671`, :cve:`2020-25672`, :cve:`2020-25673`, :cve:`2020-25704`, :cve:`2020-25705`, :cve:`2020-26088`, :cve:`2020-26139`, :cve:`2020-26141`, :cve:`2020-26145`, :cve:`2020-26147`, :cve:`2020-26541`, :cve:`2020-26555`, :cve:`2020-26558`, :cve:`2020-27066`, :cve:`2020-27067`, :cve:`2020-27068`, :cve:`2020-27152`, :cve:`2020-27170`, :cve:`2020-27171`, :cve:`2020-27194`, :cve:`2020-2732`, :cve:`2020-27673`, :cve:`2020-27675`, :cve:`2020-27777`, :cve:`2020-27784`, :cve:`2020-27786`, :cve:`2020-27815`, :cve:`2020-27820`, :cve:`2020-27825`, :cve:`2020-27830`, :cve:`2020-27835`, :cve:`2020-28097`, :cve:`2020-28374`, :cve:`2020-28588`, :cve:`2020-28915`, :cve:`2020-28941`, :cve:`2020-28974`, :cve:`2020-29368`, :cve:`2020-29369`, :cve:`2020-29370`, :cve:`2020-29371`, :cve:`2020-29372`, :cve:`2020-29373`, :cve:`2020-29374`, :cve:`2020-29534`, :cve:`2020-29568`, :cve:`2020-29569`, :cve:`2020-29660`, :cve:`2020-29661`, :cve:`2020-35499`, :cve:`2020-35508`, :cve:`2020-35513`, :cve:`2020-35519`, :cve:`2020-36158`, :cve:`2020-36310`, :cve:`2020-36311`, :cve:`2020-36312`, :cve:`2020-36313`, :cve:`2020-36322`, :cve:`2020-36385`, :cve:`2020-36386`, :cve:`2020-36387`, :cve:`2020-36516`, :cve:`2020-36557`, :cve:`2020-36558`, :cve:`2020-36691`, :cve:`2020-36694`, :cve:`2020-36766`, :cve:`2020-3702`, :cve:`2020-4788`, :cve:`2020-7053`, :cve:`2020-8428`, :cve:`2020-8647`, :cve:`2020-8648`, :cve:`2020-8649`, :cve:`2020-8694`, :cve:`2020-8834`, :cve:`2020-8835`, :cve:`2020-8992`, :cve:`2020-9383`, :cve:`2020-9391`, :cve:`2021-0129`, :cve:`2021-0342`, :cve_mitre:`2021-0447`, :cve_mitre:`2021-0448`, :cve:`2021-0512`, :cve:`2021-0605`, :cve:`2021-0707`, :cve:`2021-0920`, :cve:`2021-0929`, :cve:`2021-0935`, :cve_mitre:`2021-0937`, :cve:`2021-0938`, :cve:`2021-0941`, :cve:`2021-1048`, :cve:`2021-20177`, :cve:`2021-20194`, :cve:`2021-20226`, :cve:`2021-20239`, :cve:`2021-20261`, :cve:`2021-20265`, :cve:`2021-20268`, :cve:`2021-20292`, :cve:`2021-20317`, :cve:`2021-20320`, :cve:`2021-20321`, :cve:`2021-20322`, :cve:`2021-21781`, :cve:`2021-22543`, :cve:`2021-22555`, :cve:`2021-22600`, :cve:`2021-23133`, :cve:`2021-23134`, :cve:`2021-26401`, :cve:`2021-26708`, :cve:`2021-26930`, :cve:`2021-26931`, :cve:`2021-26932`, :cve:`2021-27363`, :cve:`2021-27364`, :cve:`2021-27365`, :cve:`2021-28038`, :cve:`2021-28039`, :cve:`2021-28375`, :cve:`2021-28660`, :cve:`2021-28688`, :cve:`2021-28691`, :cve:`2021-28711`, :cve:`2021-28712`, :cve:`2021-28713`, :cve:`2021-28714`, :cve:`2021-28715`, :cve:`2021-28950`, :cve:`2021-28951`, :cve:`2021-28952`, :cve:`2021-28964`, :cve:`2021-28971`, :cve:`2021-28972`, :cve:`2021-29154`, :cve:`2021-29155`, :cve:`2021-29264`, :cve:`2021-29265`, :cve:`2021-29266`, :cve:`2021-29646`, :cve:`2021-29647`, :cve:`2021-29648`, :cve:`2021-29649`, :cve:`2021-29650`, :cve:`2021-29657`, :cve:`2021-30002`, :cve:`2021-30178`, :cve:`2021-31440`, :cve:`2021-3178`, :cve:`2021-31829`, :cve:`2021-31916`, :cve:`2021-32078`, :cve:`2021-32399`, :cve:`2021-32606`, :cve:`2021-33033`, :cve:`2021-33034`, :cve:`2021-33061`, :cve:`2021-33098`, :cve:`2021-33135`, :cve:`2021-33200`, :cve:`2021-3347`, :cve:`2021-3348`, :cve:`2021-33624`, :cve:`2021-33655`, :cve:`2021-33656`, :cve:`2021-33909`, :cve:`2021-3411`, :cve:`2021-3428`, :cve:`2021-3444`, :cve:`2021-34556`, :cve:`2021-34693`, :cve:`2021-3483`, :cve:`2021-34866`, :cve:`2021-3489`, :cve:`2021-3490`, :cve:`2021-3491`, :cve:`2021-3493`, :cve_mitre:`2021-34981`, :cve:`2021-3501`, :cve:`2021-35039`, :cve:`2021-3506`, :cve:`2021-3543`, :cve:`2021-35477`, :cve:`2021-3564`, :cve:`2021-3573`, :cve:`2021-3587`, :cve_mitre:`2021-3600`, :cve:`2021-3609`, :cve:`2021-3612`, :cve:`2021-3635`, :cve:`2021-3640`, :cve:`2021-3653`, :cve:`2021-3655`, :cve:`2021-3656`, :cve:`2021-3659`, :cve:`2021-3669`, :cve:`2021-3679`, :cve:`2021-3715`, :cve:`2021-37159`, :cve:`2021-3732`, :cve:`2021-3736`, :cve:`2021-3739`, :cve:`2021-3743`, :cve:`2021-3744`, :cve:`2021-3752`, :cve:`2021-3753`, :cve:`2021-37576`, :cve:`2021-3759`, :cve:`2021-3760`, :cve:`2021-3764`, :cve:`2021-3772`, :cve:`2021-38160`, :cve:`2021-38166`, :cve:`2021-38198`, :cve:`2021-38199`, :cve:`2021-38200`, :cve:`2021-38201`, :cve:`2021-38202`, :cve:`2021-38203`, :cve:`2021-38204`, :cve:`2021-38205`, :cve:`2021-38206`, :cve:`2021-38207`, :cve:`2021-38208`, :cve:`2021-38209`, :cve:`2021-38300`, :cve:`2021-3894`, :cve:`2021-3896`, :cve:`2021-3923`, :cve:`2021-39633`, :cve:`2021-39634`, :cve:`2021-39636`, :cve:`2021-39648`, :cve:`2021-39656`, :cve:`2021-39657`, :cve:`2021-39685`, :cve:`2021-39686`, :cve:`2021-39698`, :cve:`2021-39711`, :cve:`2021-39713`, :cve:`2021-39714`, :cve:`2021-4001`, :cve:`2021-4002`, :cve:`2021-4023`, :cve:`2021-4028`, :cve:`2021-4032`, :cve:`2021-4037`, :cve:`2021-40490`, :cve:`2021-4083`, :cve:`2021-4090`, :cve:`2021-4093`, :cve:`2021-4095`, :cve:`2021-41073`, :cve:`2021-4135`, :cve:`2021-4148`, :cve:`2021-4149`, :cve:`2021-4150`, :cve:`2021-4154`, :cve:`2021-4155`, :cve:`2021-4157`, :cve:`2021-4159`, :cve:`2021-41864`, :cve:`2021-4197`, :cve:`2021-42008`, :cve:`2021-4202`, :cve:`2021-4203`, :cve:`2021-4204`, :cve:`2021-4218`, :cve:`2021-42252`, :cve:`2021-42327`, :cve:`2021-42739`, :cve:`2021-43056`, :cve:`2021-43057`, :cve:`2021-43267`, :cve:`2021-43389`, :cve:`2021-43975`, :cve:`2021-43976`, :cve:`2021-44733`, :cve:`2021-44879`, :cve:`2021-45095`, :cve:`2021-45100`, :cve:`2021-45402`, :cve:`2021-45469`, :cve:`2021-45480`, :cve:`2021-45485`, :cve:`2021-45486`, :cve:`2021-45868`, :cve:`2021-46283`, :cve:`2022-0001`, :cve:`2022-0002`, :cve:`2022-0168`, :cve:`2022-0171`, :cve:`2022-0185`, :cve:`2022-0264`, :cve:`2022-0286`, :cve:`2022-0322`, :cve:`2022-0330`, :cve:`2022-0382`, :cve:`2022-0433`, :cve:`2022-0435`, :cve:`2022-0480`, :cve:`2022-0487`, :cve:`2022-0492`, :cve:`2022-0494`, :cve:`2022-0500`, :cve:`2022-0516`, :cve:`2022-0617`, :cve:`2022-0644`, :cve:`2022-0646`, :cve:`2022-0742`, :cve:`2022-0812`, :cve:`2022-0847`, :cve:`2022-0850`, :cve:`2022-0854`, :cve:`2022-0995`, :cve:`2022-0998`, :cve:`2022-1011`, :cve:`2022-1012`, :cve:`2022-1015`, :cve:`2022-1016`, :cve:`2022-1043`, :cve:`2022-1048`, :cve:`2022-1055`, :cve:`2022-1158`, :cve:`2022-1184`, :cve:`2022-1195`, :cve:`2022-1198`, :cve:`2022-1199`, :cve:`2022-1204`, :cve:`2022-1205`, :cve:`2022-1263`, :cve:`2022-1280`, :cve:`2022-1353`, :cve:`2022-1419`, :cve:`2022-1462`, :cve:`2022-1508`, :cve:`2022-1516`, :cve:`2022-1651`, :cve:`2022-1652`, :cve:`2022-1671`, :cve:`2022-1678`, :cve:`2022-1679`, :cve:`2022-1729`, :cve:`2022-1734`, :cve:`2022-1786`, :cve:`2022-1789`, :cve:`2022-1836`, :cve:`2022-1852`, :cve:`2022-1882`, :cve:`2022-1943`, :cve:`2022-1966`, :cve:`2022-1972`, :cve:`2022-1973`, :cve:`2022-1974`, :cve:`2022-1975`, :cve:`2022-1976`, :cve:`2022-1998`, :cve:`2022-20008`, :cve:`2022-20132`, :cve:`2022-20141`, :cve:`2022-20148`, :cve:`2022-20153`, :cve:`2022-20154`, :cve:`2022-20158`, :cve:`2022-20166`, :cve:`2022-20368`, :cve:`2022-20369`, :cve:`2022-20409`, :cve:`2022-20421`, :cve:`2022-20422`, :cve:`2022-20423`, :cve:`2022-20424`, :cve_mitre:`2022-20565`, :cve:`2022-20566`, :cve:`2022-20567`, :cve:`2022-20568`, :cve:`2022-20572`, :cve:`2022-2078`, :cve:`2022-21123`, :cve:`2022-21125`, :cve:`2022-21166`, :cve:`2022-21385`, :cve:`2022-21499`, :cve_mitre:`2022-21505`, :cve:`2022-2153`, :cve:`2022-2196`, :cve_mitre:`2022-22942`, :cve:`2022-23036`, :cve:`2022-23037`, :cve:`2022-23038`, :cve:`2022-23039`, :cve:`2022-23040`, :cve:`2022-23041`, :cve:`2022-23042`, :cve:`2022-2308`, :cve:`2022-2318`, :cve:`2022-23222`, :cve:`2022-2327`, :cve:`2022-2380`, :cve:`2022-23816`, :cve:`2022-23960`, :cve:`2022-24122`, :cve:`2022-24448`, :cve:`2022-24958`, :cve:`2022-24959`, :cve:`2022-2503`, :cve:`2022-25258`, :cve:`2022-25375`, :cve:`2022-25636`, :cve_mitre:`2022-2585`, :cve_mitre:`2022-2586`, :cve_mitre:`2022-2588`, :cve:`2022-2590`, :cve_mitre:`2022-2602`, :cve:`2022-26365`, :cve:`2022-26373`, :cve:`2022-2639`, :cve:`2022-26490`, :cve:`2022-2663`, :cve:`2022-26966`, :cve:`2022-27223`, :cve:`2022-27666`, :cve:`2022-27672`, :cve:`2022-2785`, :cve:`2022-27950`, :cve:`2022-28356`, :cve:`2022-28388`, :cve:`2022-28389`, :cve:`2022-28390`, :cve:`2022-2873`, :cve:`2022-28796`, :cve:`2022-28893`, :cve:`2022-2905`, :cve:`2022-29156`, :cve:`2022-2938`, :cve:`2022-29581`, :cve:`2022-29582`, :cve:`2022-2959`, :cve:`2022-2964`, :cve:`2022-2977`, :cve:`2022-2978`, :cve:`2022-29900`, :cve:`2022-29901`, :cve:`2022-2991`, :cve:`2022-29968`, :cve:`2022-3028`, :cve:`2022-30594`, :cve:`2022-3061`, :cve:`2022-3077`, :cve:`2022-3078`, :cve:`2022-3103`, :cve:`2022-3104`, :cve:`2022-3105`, :cve:`2022-3106`, :cve:`2022-3107`, :cve:`2022-3108`, :cve:`2022-3110`, :cve:`2022-3111`, :cve:`2022-3112`, :cve:`2022-3113`, :cve:`2022-3114`, :cve:`2022-3115`, :cve:`2022-3169`, :cve:`2022-3170`, :cve:`2022-3176`, :cve:`2022-3202`, :cve:`2022-32250`, :cve:`2022-32296`, :cve:`2022-3239`, :cve:`2022-32981`, :cve:`2022-3303`, :cve:`2022-3344`, :cve:`2022-33740`, :cve:`2022-33741`, :cve:`2022-33742`, :cve:`2022-33743`, :cve:`2022-33744`, :cve:`2022-33981`, :cve:`2022-3424`, :cve:`2022-3435`, :cve:`2022-34494`, :cve:`2022-34495`, :cve:`2022-34918`, :cve:`2022-3521`, :cve:`2022-3522`, :cve:`2022-3524`, :cve:`2022-3526`, :cve:`2022-3531`, :cve:`2022-3532`, :cve:`2022-3534`, :cve:`2022-3535`, :cve:`2022-3541`, :cve:`2022-3542`, :cve:`2022-3543`, :cve:`2022-3545`, :cve:`2022-3564`, :cve:`2022-3565`, :cve:`2022-3577`, :cve:`2022-3586`, :cve:`2022-3594`, :cve:`2022-3595`, :cve:`2022-36123`, :cve:`2022-3619`, :cve:`2022-3621`, :cve:`2022-3623`, :cve:`2022-3624`, :cve:`2022-3625`, :cve:`2022-3628`, :cve:`2022-36280`, :cve:`2022-3629`, :cve:`2022-3630`, :cve:`2022-3633`, :cve:`2022-3635`, :cve:`2022-3636`, :cve:`2022-3640`, :cve:`2022-3643`, :cve:`2022-3646`, :cve:`2022-3649`, :cve:`2022-36879`, :cve:`2022-36946`, :cve:`2022-3707`, :cve:`2022-38457`, :cve:`2022-3903`, :cve:`2022-3910`, :cve:`2022-39188`, :cve:`2022-39189`, :cve:`2022-39190`, :cve:`2022-3977`, :cve:`2022-39842`, :cve:`2022-40133`, :cve:`2022-40307`, :cve:`2022-40476`, :cve:`2022-40768`, :cve:`2022-4095`, :cve:`2022-40982`, :cve:`2022-41218`, :cve:`2022-41222`, :cve:`2022-4127`, :cve:`2022-4128`, :cve:`2022-4129`, :cve:`2022-4139`, :cve:`2022-41674`, :cve:`2022-41849`, :cve:`2022-41850`, :cve:`2022-41858`, :cve:`2022-42328`, :cve:`2022-42329`, :cve:`2022-42432`, :cve:`2022-4269`, :cve:`2022-42703`, :cve:`2022-42719`, :cve:`2022-42720`, :cve:`2022-42721`, :cve:`2022-42722`, :cve:`2022-42895`, :cve:`2022-42896`, :cve:`2022-43750`, :cve:`2022-4378`, :cve:`2022-4379`, :cve:`2022-4382`, :cve:`2022-43945`, :cve:`2022-45869`, :cve:`2022-45886`, :cve:`2022-45887`, :cve:`2022-45919`, :cve:`2022-45934`, :cve:`2022-4662`, :cve:`2022-4696`, :cve:`2022-4744`, :cve:`2022-47518`, :cve:`2022-47519`, :cve:`2022-47520`, :cve:`2022-47521`, :cve:`2022-47929`, :cve:`2022-47938`, :cve:`2022-47939`, :cve:`2022-47940`, :cve:`2022-47941`, :cve:`2022-47942`, :cve:`2022-47943`, :cve:`2022-47946`, :cve:`2022-4842`, :cve:`2022-48423`, :cve:`2022-48424`, :cve:`2022-48425`, :cve:`2022-48502`, :cve:`2023-0030`, :cve:`2023-0045`, :cve:`2023-0047`, :cve:`2023-0122`, :cve:`2023-0160`, :cve:`2023-0179`, :cve:`2023-0210`, :cve:`2023-0240`, :cve:`2023-0266`, :cve:`2023-0386`, :cve:`2023-0394`, :cve:`2023-0458`, :cve:`2023-0459`, :cve:`2023-0461`, :cve:`2023-0468`, :cve:`2023-0469`, :cve:`2023-0590`, :cve:`2023-0615`, :cve_mitre:`2023-1032`, :cve:`2023-1073`, :cve:`2023-1074`, :cve:`2023-1076`, :cve:`2023-1077`, :cve:`2023-1078`, :cve:`2023-1079`, :cve:`2023-1095`, :cve:`2023-1118`, :cve:`2023-1192`, :cve:`2023-1194`, :cve:`2023-1195`, :cve:`2023-1206`, :cve:`2023-1249`, :cve:`2023-1252`, :cve:`2023-1281`, :cve:`2023-1295`, :cve:`2023-1380`, :cve:`2023-1382`, :cve:`2023-1390`, :cve:`2023-1513`, :cve:`2023-1582`, :cve:`2023-1583`, :cve:`2023-1611`, :cve:`2023-1637`, :cve:`2023-1652`, :cve:`2023-1670`, :cve:`2023-1829`, :cve:`2023-1838`, :cve:`2023-1855`, :cve:`2023-1859`, :cve:`2023-1872`, :cve:`2023-1989`, :cve:`2023-1990`, :cve:`2023-1998`, :cve:`2023-2002`, :cve:`2023-2006`, :cve:`2023-2007`, :cve:`2023-2008`, :cve:`2023-2019`, :cve:`2023-20569`, :cve:`2023-20588`, :cve:`2023-20593`, :cve:`2023-20928`, :cve:`2023-20938`, :cve:`2023-21102`, :cve:`2023-21106`, :cve:`2023-2124`, :cve:`2023-21255`, :cve:`2023-2156`, :cve:`2023-2162`, :cve:`2023-2163`, :cve:`2023-2166`, :cve:`2023-2177`, :cve:`2023-2194`, :cve:`2023-2235`, :cve:`2023-2236`, :cve:`2023-2248`, :cve:`2023-2269`, :cve:`2023-22995`, :cve:`2023-22996`, :cve:`2023-22997`, :cve:`2023-22998`, :cve:`2023-22999`, :cve:`2023-23000`, :cve:`2023-23001`, :cve:`2023-23002`, :cve:`2023-23003`, :cve:`2023-23004`, :cve:`2023-23006`, :cve:`2023-23454`, :cve:`2023-23455`, :cve:`2023-23559`, :cve:`2023-23586`, :cve:`2023-2430`, :cve:`2023-2483`, :cve:`2023-25012`, :cve:`2023-2513`, :cve:`2023-25775`, :cve:`2023-2598`, :cve:`2023-26544`, :cve:`2023-26545`, :cve:`2023-26605`, :cve:`2023-26606`, :cve:`2023-26607`, :cve:`2023-28327`, :cve:`2023-28328`, :cve:`2023-28410`, :cve:`2023-28464`, :cve:`2023-28466`, :cve:`2023-2860`, :cve:`2023-28772`, :cve:`2023-28866`, :cve:`2023-2898`, :cve:`2023-2985`, :cve:`2023-3006`, :cve:`2023-30456`, :cve:`2023-30772`, :cve:`2023-3090`, :cve:`2023-3106`, :cve:`2023-3111`, :cve:`2023-3117`, :cve:`2023-31248`, :cve:`2023-3141`, :cve:`2023-31436`, :cve:`2023-3159`, :cve:`2023-3161`, :cve:`2023-3212`, :cve:`2023-3220`, :cve:`2023-32233`, :cve:`2023-32247`, :cve:`2023-32248`, :cve:`2023-32250`, :cve:`2023-32252`, :cve:`2023-32254`, :cve:`2023-32257`, :cve:`2023-32258`, :cve:`2023-32269`, :cve:`2023-3268`, :cve:`2023-3269`, :cve:`2023-3312`, :cve:`2023-3317`, :cve:`2023-33203`, :cve:`2023-33250`, :cve:`2023-33288`, :cve:`2023-3338`, :cve:`2023-3355`, :cve:`2023-3357`, :cve:`2023-3358`, :cve:`2023-3359`, :cve:`2023-3389`, :cve:`2023-3390`, :cve:`2023-33951`, :cve:`2023-33952`, :cve:`2023-34255`, :cve:`2023-34256`, :cve:`2023-34319`, :cve:`2023-3439`, :cve:`2023-35001`, :cve:`2023-3567`, :cve:`2023-35788`, :cve:`2023-35823`, :cve:`2023-35824`, :cve:`2023-35826`, :cve:`2023-35828`, :cve:`2023-35829`, :cve:`2023-3609`, :cve:`2023-3610`, :cve:`2023-3611`, :cve:`2023-37453`, :cve:`2023-3772`, :cve:`2023-3773`, :cve:`2023-3776`, :cve:`2023-3777`, :cve:`2023-3812`, :cve:`2023-38409`, :cve:`2023-38426`, :cve:`2023-38427`, :cve:`2023-38428`, :cve:`2023-38429`, :cve:`2023-38430`, :cve:`2023-38431`, :cve:`2023-38432`, :cve:`2023-3863`, :cve_mitre:`2023-3865`, :cve_mitre:`2023-3866`, :cve_mitre:`2023-3867`, :cve:`2023-4004`, :cve:`2023-4015`, :cve:`2023-40283`, :cve:`2023-4128`, :cve:`2023-4132`, :cve:`2023-4147`, :cve:`2023-4155`, :cve:`2023-4194`, :cve:`2023-4206`, :cve:`2023-4207`, :cve:`2023-4208`, :cve:`2023-4273`, :cve:`2023-42752`, :cve:`2023-42753`, :cve:`2023-4385`, :cve:`2023-4387`, :cve:`2023-4389`, :cve:`2023-4394`, :cve:`2023-4459`, :cve:`2023-4569`, :cve:`2023-4611` and :cve:`2023-4623`
--  nghttp2: Fix :cve:`2023-35945`
--  openssl: Fix :cve:`2023-2975`, :cve:`2023-3446`, :cve:`2023-3817`, :cve:`2023-4807` and :cve:`2023-5363`
--  pixman: Ignore :cve:`2023-37769`
--  procps: Fix :cve:`2023-4016`
--  python3-git: Fix :cve:`2023-40267`, :cve:`2023-40590` and :cve:`2023-41040`
--  python3-pygments: Fix :cve:`2022-40896`
--  python3-urllib3: Fix :cve:`2023-43804` and :cve:`2023-45803`
--  python3: Fix :cve:`2023-24329` and :cve:`2023-40217`
--  qemu: Fix :cve:`2023-3180`, :cve:`2023-3354` and :cve:`2023-42467`
--  qemu: Ignore :cve:`2023-2680`
--  screen: Fix :cve:`2023-24626`
+-  inetutils: fix :cve_nist:`2023-40303`
+-  librsvg: Fix :cve_nist:`2023-38633`
+-  libssh2: Fix :cve_nist:`2020-22218`
+-  libwebp: Fix :cve_nist:`2023-4863` and :cve_nist:`2023-5129`
+-  libx11: Fix :cve_nist:`2023-43785`, :cve_nist:`2023-43786` and :cve_nist:`2023-43787`
+-  libxpm: Fix :cve_nist:`2023-43788` and :cve_nist:`2023-43789`
+-  linux-yocto/6.1: Ignore :cve_nist:`2003-1604`, :cve_nist:`2004-0230`, :cve_nist:`2006-3635`, :cve_nist:`2006-5331`, :cve_nist:`2006-6128`, :cve_nist:`2007-4774`, :cve_nist:`2007-6761`, :cve_nist:`2007-6762`, :cve_nist:`2008-7316`, :cve_nist:`2009-2692`, :cve_nist:`2010-0008`, :cve_nist:`2010-3432`, :cve_nist:`2010-4648`, :cve_nist:`2010-5313`, :cve_nist:`2010-5328`, :cve_nist:`2010-5329`, :cve_nist:`2010-5331`, :cve_nist:`2010-5332`, :cve_nist:`2011-4098`, :cve_nist:`2011-4131`, :cve_nist:`2011-4915`, :cve_nist:`2011-5321`, :cve_nist:`2011-5327`, :cve_nist:`2012-0957`, :cve_nist:`2012-2119`, :cve_nist:`2012-2136`, :cve_nist:`2012-2137`, :cve_nist:`2012-2313`, :cve_nist:`2012-2319`, :cve_nist:`2012-2372`, :cve_nist:`2012-2375`, :cve_nist:`2012-2390`, :cve_nist:`2012-2669`, :cve_nist:`2012-2744`, :cve_nist:`2012-2745`, :cve_nist:`2012-3364`, :cve_nist:`2012-3375`, :cve_nist:`2012-3400`, :cve_nist:`2012-3412`, :cve_nist:`2012-3430`, :cve_nist:`2012-3510`, :cve_nist:`2012-3511`, :cve_nist:`2012-3520`, :cve_nist:`2012-3552`, :cve_nist:`2012-4398`, :cve_nist:`2012-4444`, :cve_nist:`2012-4461`, :cve_nist:`2012-4467`, :cve_nist:`2012-4508`, :cve_nist:`2012-4530`, :cve_nist:`2012-4565`, :cve_nist:`2012-5374`, :cve_nist:`2012-5375`, :cve_nist:`2012-5517`, :cve_nist:`2012-6536`, :cve_nist:`2012-6537`, :cve_nist:`2012-6538`, :cve_nist:`2012-6539`, :cve_nist:`2012-6540`, :cve_nist:`2012-6541`, :cve_nist:`2012-6542`, :cve_nist:`2012-6543`, :cve_nist:`2012-6544`, :cve_nist:`2012-6545`, :cve_nist:`2012-6546`, :cve_nist:`2012-6547`, :cve_nist:`2012-6548`, :cve_nist:`2012-6549`, :cve_nist:`2012-6638`, :cve_nist:`2012-6647`, :cve_nist:`2012-6657`, :cve_nist:`2012-6689`, :cve_nist:`2012-6701`, :cve_nist:`2012-6703`, :cve_nist:`2012-6704`, :cve_nist:`2012-6712`, :cve_nist:`2013-0160`, :cve_nist:`2013-0190`, :cve_nist:`2013-0216`, :cve_nist:`2013-0217`, :cve_nist:`2013-0228`, :cve_nist:`2013-0231`, :cve_nist:`2013-0268`, :cve_nist:`2013-0290`, :cve_nist:`2013-0309`, :cve_nist:`2013-0310`, :cve_nist:`2013-0311`, :cve_nist:`2013-0313`, :cve_nist:`2013-0343`, :cve_nist:`2013-0349`, :cve_nist:`2013-0871`, :cve_nist:`2013-0913`, :cve_nist:`2013-0914`, :cve_nist:`2013-1059`, :cve_nist:`2013-1763`, :cve_nist:`2013-1767`, :cve_nist:`2013-1772`, :cve_nist:`2013-1773`, :cve_nist:`2013-1774`, :cve_nist:`2013-1792`, :cve_nist:`2013-1796`, :cve_nist:`2013-1797`, :cve_nist:`2013-1798`, :cve_nist:`2013-1819`, :cve_nist:`2013-1826`, :cve_nist:`2013-1827`, :cve_nist:`2013-1828`, :cve_nist:`2013-1848`, :cve_nist:`2013-1858`, :cve_nist:`2013-1860`, :cve_nist:`2013-1928`, :cve_nist:`2013-1929`, :cve_nist:`2013-1943`, :cve_nist:`2013-1956`, :cve_nist:`2013-1957`, :cve_nist:`2013-1958`, :cve_nist:`2013-1959`, :cve_nist:`2013-1979`, :cve_nist:`2013-2015`, :cve_nist:`2013-2017`, :cve_nist:`2013-2058`, :cve_nist:`2013-2094`, :cve_nist:`2013-2128`, :cve_nist:`2013-2140`, :cve_nist:`2013-2141`, :cve_nist:`2013-2146`, :cve_nist:`2013-2147`, :cve_nist:`2013-2148`, :cve_nist:`2013-2164`, :cve_nist:`2013-2206`, :cve_nist:`2013-2232`, :cve_nist:`2013-2234`, :cve_nist:`2013-2237`, :cve_nist:`2013-2546`, :cve_nist:`2013-2547`, :cve_nist:`2013-2548`, :cve_nist:`2013-2596`, :cve_nist:`2013-2634`, :cve_nist:`2013-2635`, :cve_nist:`2013-2636`, :cve_nist:`2013-2850`, :cve_nist:`2013-2851`, :cve_nist:`2013-2852`, :cve_nist:`2013-2888`, :cve_nist:`2013-2889`, :cve_nist:`2013-2890`, :cve_nist:`2013-2891`, :cve_nist:`2013-2892`, :cve_nist:`2013-2893`, :cve_nist:`2013-2894`, :cve_nist:`2013-2895`, :cve_nist:`2013-2896`, :cve_nist:`2013-2897`, :cve_nist:`2013-2898`, :cve_nist:`2013-2899`, :cve_nist:`2013-2929`, :cve_nist:`2013-2930`, :cve_nist:`2013-3076`, :cve_nist:`2013-3222`, :cve_nist:`2013-3223`, :cve_nist:`2013-3224`, :cve_nist:`2013-3225`, :cve_nist:`2013-3226`, :cve_nist:`2013-3227`, :cve_nist:`2013-3228`, :cve_nist:`2013-3229`, :cve_nist:`2013-3230`, :cve_nist:`2013-3231`, :cve_nist:`2013-3232`, :cve_nist:`2013-3233`, :cve_nist:`2013-3234`, :cve_nist:`2013-3235`, :cve_nist:`2013-3236`, :cve_nist:`2013-3237`, :cve_nist:`2013-3301`, :cve_nist:`2013-3302`, :cve_nist:`2013-4125`, :cve_nist:`2013-4127`, :cve_nist:`2013-4129`, :cve_nist:`2013-4162`, :cve_nist:`2013-4163`, :cve_nist:`2013-4205`, :cve_nist:`2013-4220`, :cve_nist:`2013-4247`, :cve_nist:`2013-4254`, :cve_nist:`2013-4270`, :cve_nist:`2013-4299`, :cve_nist:`2013-4300`, :cve_nist:`2013-4312`, :cve_nist:`2013-4343`, :cve_nist:`2013-4345`, :cve_nist:`2013-4348`, :cve_nist:`2013-4350`, :cve_nist:`2013-4387`, :cve_nist:`2013-4470`, :cve_nist:`2013-4483`, :cve_nist:`2013-4511`, :cve_nist:`2013-4512`, :cve_nist:`2013-4513`, :cve_nist:`2013-4514`, :cve_nist:`2013-4515`, :cve_nist:`2013-4516`, :cve_nist:`2013-4563`, :cve_nist:`2013-4579`, :cve_nist:`2013-4587`, :cve_nist:`2013-4588`, :cve_nist:`2013-4591`, :cve_nist:`2013-4592`, :cve_nist:`2013-5634`, :cve_nist:`2013-6282`, :cve_nist:`2013-6367`, :cve_nist:`2013-6368`, :cve_nist:`2013-6376`, :cve_nist:`2013-6378`, :cve_nist:`2013-6380`, :cve_nist:`2013-6381`, :cve_nist:`2013-6382`, :cve_nist:`2013-6383`, :cve_nist:`2013-6431`, :cve_nist:`2013-6432`, :cve_nist:`2013-6885`, :cve_nist:`2013-7026`, :cve_nist:`2013-7027`, :cve_nist:`2013-7263`, :cve_nist:`2013-7264`, :cve_nist:`2013-7265`, :cve_nist:`2013-7266`, :cve_nist:`2013-7267`, :cve_nist:`2013-7268`, :cve_nist:`2013-7269`, :cve_nist:`2013-7270`, :cve_nist:`2013-7271`, :cve_nist:`2013-7281`, :cve_nist:`2013-7339`, :cve_nist:`2013-7348`, :cve_nist:`2013-7421`, :cve_nist:`2013-7446`, :cve_nist:`2013-7470`, :cve_nist:`2014-0038`, :cve_nist:`2014-0049`, :cve_nist:`2014-0055`, :cve_nist:`2014-0069`, :cve_nist:`2014-0077`, :cve_nist:`2014-0100`, :cve_nist:`2014-0101`, :cve_nist:`2014-0102`, :cve_nist:`2014-0131`, :cve_nist:`2014-0155`, :cve_nist:`2014-0181`, :cve_nist:`2014-0196`, :cve_nist:`2014-0203`, :cve_nist:`2014-0205`, :cve_nist:`2014-0206`, :cve_nist:`2014-1438`, :cve_nist:`2014-1444`, :cve_nist:`2014-1445`, :cve_nist:`2014-1446`, :cve_nist:`2014-1690`, :cve_nist:`2014-1737`, :cve_nist:`2014-1738`, :cve_nist:`2014-1739`, :cve_nist:`2014-1874`, :cve_nist:`2014-2038`, :cve_nist:`2014-2039`, :cve_nist:`2014-2309`, :cve_nist:`2014-2523`, :cve_nist:`2014-2568`, :cve_nist:`2014-2580`, :cve_nist:`2014-2672`, :cve_nist:`2014-2673`, :cve_nist:`2014-2678`, :cve_nist:`2014-2706`, :cve_nist:`2014-2739`, :cve_nist:`2014-2851`, :cve_nist:`2014-2889`, :cve_nist:`2014-3122`, :cve_nist:`2014-3144`, :cve_nist:`2014-3145`, :cve_nist:`2014-3153`, :cve_nist:`2014-3180`, :cve_nist:`2014-3181`, :cve_nist:`2014-3182`, :cve_nist:`2014-3183`, :cve_nist:`2014-3184`, :cve_nist:`2014-3185`, :cve_nist:`2014-3186`, :cve_nist:`2014-3534`, :cve_nist:`2014-3535`, :cve_nist:`2014-3601`, :cve_nist:`2014-3610`, :cve_nist:`2014-3611`, :cve_nist:`2014-3631`, :cve_nist:`2014-3645`, :cve_nist:`2014-3646`, :cve_nist:`2014-3647`, :cve_nist:`2014-3673`, :cve_nist:`2014-3687`, :cve_nist:`2014-3688`, :cve_nist:`2014-3690`, :cve_nist:`2014-3917`, :cve_nist:`2014-3940`, :cve_nist:`2014-4014`, :cve_nist:`2014-4027`, :cve_nist:`2014-4157`, :cve_nist:`2014-4171`, :cve_nist:`2014-4508`, :cve_nist:`2014-4608`, :cve_nist:`2014-4611`, :cve_nist:`2014-4652`, :cve_nist:`2014-4653`, :cve_nist:`2014-4654`, :cve_nist:`2014-4655`, :cve_nist:`2014-4656`, :cve_nist:`2014-4667`, :cve_nist:`2014-4699`, :cve_nist:`2014-4943`, :cve_nist:`2014-5045`, :cve_nist:`2014-5077`, :cve_nist:`2014-5206`, :cve_nist:`2014-5207`, :cve_nist:`2014-5471`, :cve_nist:`2014-5472`, :cve_nist:`2014-6410`, :cve_nist:`2014-6416`, :cve_nist:`2014-6417`, :cve_nist:`2014-6418`, :cve_nist:`2014-7145`, :cve_nist:`2014-7283`, :cve_nist:`2014-7284`, :cve_nist:`2014-7822`, :cve_nist:`2014-7825`, :cve_nist:`2014-7826`, :cve_nist:`2014-7841`, :cve_nist:`2014-7842`, :cve_nist:`2014-7843`, :cve_nist:`2014-7970`, :cve_nist:`2014-7975`, :cve_nist:`2014-8086`, :cve_nist:`2014-8133`, :cve_nist:`2014-8134`, :cve_nist:`2014-8159`, :cve_nist:`2014-8160`, :cve_nist:`2014-8171`, :cve_nist:`2014-8172`, :cve_nist:`2014-8173`, :cve_nist:`2014-8369`, :cve_nist:`2014-8480`, :cve_nist:`2014-8481`, :cve_nist:`2014-8559`, :cve_nist:`2014-8709`, :cve_nist:`2014-8884`, :cve_nist:`2014-8989`, :cve_nist:`2014-9090`, :cve_nist:`2014-9322`, :cve_nist:`2014-9419`, :cve_nist:`2014-9420`, :cve_nist:`2014-9428`, :cve_nist:`2014-9529`, :cve_nist:`2014-9584`, :cve_nist:`2014-9585`, :cve_nist:`2014-9644`, :cve_nist:`2014-9683`, :cve_nist:`2014-9710`, :cve_nist:`2014-9715`, :cve_nist:`2014-9717`, :cve_nist:`2014-9728`, :cve_nist:`2014-9729`, :cve_nist:`2014-9730`, :cve_nist:`2014-9731`, :cve_nist:`2014-9803`, :cve_nist:`2014-9870`, :cve_nist:`2014-9888`, :cve_nist:`2014-9895`, :cve_nist:`2014-9903`, :cve_nist:`2014-9904`, :cve_nist:`2014-9914`, :cve_nist:`2014-9922`, :cve_nist:`2014-9940`, :cve_nist:`2015-0239`, :cve_nist:`2015-0274`, :cve_nist:`2015-0275`, :cve_nist:`2015-1333`, :cve_nist:`2015-1339`, :cve_nist:`2015-1350`, :cve_nist:`2015-1420`, :cve_nist:`2015-1421`, :cve_nist:`2015-1465`, :cve_nist:`2015-1573`, :cve_nist:`2015-1593`, :cve_nist:`2015-1805`, :cve_nist:`2015-2041`, :cve_nist:`2015-2042`, :cve_nist:`2015-2150`, :cve_nist:`2015-2666`, :cve_nist:`2015-2672`, :cve_nist:`2015-2686`, :cve_nist:`2015-2830`, :cve_nist:`2015-2922`, :cve_nist:`2015-2925`, :cve_nist:`2015-3212`, :cve_nist:`2015-3214`, :cve_nist:`2015-3288`, :cve_nist:`2015-3290`, :cve_nist:`2015-3291`, :cve_nist:`2015-3331`, :cve_nist:`2015-3339`, :cve_nist:`2015-3636`, :cve_nist:`2015-4001`, :cve_nist:`2015-4002`, :cve_nist:`2015-4003`, :cve_nist:`2015-4004`, :cve_nist:`2015-4036`, :cve_nist:`2015-4167`, :cve_nist:`2015-4170`, :cve_nist:`2015-4176`, :cve_nist:`2015-4177`, :cve_nist:`2015-4178`, :cve_nist:`2015-4692`, :cve_nist:`2015-4700`, :cve_nist:`2015-5156`, :cve_nist:`2015-5157`, :cve_nist:`2015-5257`, :cve_nist:`2015-5283`, :cve_nist:`2015-5307`, :cve_nist:`2015-5327`, :cve_nist:`2015-5364`, :cve_nist:`2015-5366`, :cve_nist:`2015-5697`, :cve_nist:`2015-5706`, :cve_nist:`2015-5707`, :cve_nist:`2015-6252`, :cve_nist:`2015-6526`, :cve_nist:`2015-6937`, :cve_nist:`2015-7509`, :cve_nist:`2015-7513`, :cve_nist:`2015-7515`, :cve_nist:`2015-7550`, :cve_nist:`2015-7566`, :cve_nist:`2015-7613`, :cve_nist:`2015-7799`, :cve_nist:`2015-7833`, :cve_nist:`2015-7872`, :cve_nist:`2015-7884`, :cve_nist:`2015-7885`, :cve_nist:`2015-7990`, :cve_nist:`2015-8104`, :cve_nist:`2015-8215`, :cve_nist:`2015-8324`, :cve_nist:`2015-8374`, :cve_nist:`2015-8539`, :cve_nist:`2015-8543`, :cve_nist:`2015-8550`, :cve_nist:`2015-8551`, :cve_nist:`2015-8552`, :cve_nist:`2015-8553`, :cve_nist:`2015-8569`, :cve_nist:`2015-8575`, :cve_nist:`2015-8660`, :cve_nist:`2015-8709`, :cve_nist:`2015-8746`, :cve_nist:`2015-8767`, :cve_nist:`2015-8785`, :cve_nist:`2015-8787`, :cve_nist:`2015-8812`, :cve_nist:`2015-8816`, :cve_nist:`2015-8830`, :cve_nist:`2015-8839`, :cve_nist:`2015-8844`, :cve_nist:`2015-8845`, :cve_nist:`2015-8950`, :cve_nist:`2015-8952`, :cve_nist:`2015-8953`, :cve_nist:`2015-8955`, :cve_nist:`2015-8956`, :cve_nist:`2015-8961`, :cve_nist:`2015-8962`, :cve_nist:`2015-8963`, :cve_nist:`2015-8964`, :cve_nist:`2015-8966`, :cve_nist:`2015-8967`, :cve_nist:`2015-8970`, :cve_nist:`2015-9004`, :cve_nist:`2015-9016`, :cve_nist:`2015-9289`, :cve_nist:`2016-0617`, :cve_nist:`2016-0723`, :cve_nist:`2016-0728`, :cve_nist:`2016-0758`, :cve_nist:`2016-0821`, :cve_nist:`2016-0823`, :cve_nist:`2016-10044`, :cve_nist:`2016-10088`, :cve_nist:`2016-10147`, :cve_nist:`2016-10150`, :cve_nist:`2016-10153`, :cve_nist:`2016-10154`, :cve_nist:`2016-10200`, :cve_nist:`2016-10208`, :cve_nist:`2016-10229`, :cve_nist:`2016-10318`, :cve_nist:`2016-10723`, :cve_nist:`2016-10741`, :cve_nist:`2016-10764`, :cve_nist:`2016-10905`, :cve_nist:`2016-10906`, :cve_nist:`2016-10907`, :cve_nist:`2016-1237`, :cve_nist:`2016-1575`, :cve_nist:`2016-1576`, :cve_nist:`2016-1583`, :cve_nist:`2016-2053`, :cve_nist:`2016-2069`, :cve_nist:`2016-2070`, :cve_nist:`2016-2085`, :cve_nist:`2016-2117`, :cve_nist:`2016-2143`, :cve_nist:`2016-2184`, :cve_nist:`2016-2185`, :cve_nist:`2016-2186`, :cve_nist:`2016-2187`, :cve_nist:`2016-2188`, :cve_nist:`2016-2383`, :cve_nist:`2016-2384`, :cve_nist:`2016-2543`, :cve_nist:`2016-2544`, :cve_nist:`2016-2545`, :cve_nist:`2016-2546`, :cve_nist:`2016-2547`, :cve_nist:`2016-2548`, :cve_nist:`2016-2549`, :cve_nist:`2016-2550`, :cve_nist:`2016-2782`, :cve_nist:`2016-2847`, :cve_nist:`2016-3044`, :cve_nist:`2016-3070`, :cve_nist:`2016-3134`, :cve_nist:`2016-3135`, :cve_nist:`2016-3136`, :cve_nist:`2016-3137`, :cve_nist:`2016-3138`, :cve_nist:`2016-3139`, :cve_nist:`2016-3140`, :cve_nist:`2016-3156`, :cve_nist:`2016-3157`, :cve_nist:`2016-3672`, :cve_nist:`2016-3689`, :cve_nist:`2016-3713`, :cve_nist:`2016-3841`, :cve_nist:`2016-3857`, :cve_nist:`2016-3951`, :cve_nist:`2016-3955`, :cve_nist:`2016-3961`, :cve_nist:`2016-4440`, :cve_nist:`2016-4470`, :cve_nist:`2016-4482`, :cve_nist:`2016-4485`, :cve_nist:`2016-4486`, :cve_nist:`2016-4557`, :cve_nist:`2016-4558`, :cve_nist:`2016-4565`, :cve_nist:`2016-4568`, :cve_nist:`2016-4569`, :cve_nist:`2016-4578`, :cve_nist:`2016-4580`, :cve_nist:`2016-4581`, :cve_nist:`2016-4794`, :cve_nist:`2016-4805`, :cve_nist:`2016-4913`, :cve_nist:`2016-4951`, :cve_nist:`2016-4997`, :cve_nist:`2016-4998`, :cve_nist:`2016-5195`, :cve_nist:`2016-5243`, :cve_nist:`2016-5244`, :cve_nist:`2016-5400`, :cve_nist:`2016-5412`, :cve_nist:`2016-5696`, :cve_nist:`2016-5728`, :cve_nist:`2016-5828`, :cve_nist:`2016-5829`, :cve_nist:`2016-6130`, :cve_nist:`2016-6136`, :cve_nist:`2016-6156`, :cve_nist:`2016-6162`, :cve_nist:`2016-6187`, :cve_nist:`2016-6197`, :cve_nist:`2016-6198`, :cve_nist:`2016-6213`, :cve_nist:`2016-6327`, :cve_nist:`2016-6480`, :cve_nist:`2016-6516`, :cve_nist:`2016-6786`, :cve_nist:`2016-6787`, :cve_nist:`2016-6828`, :cve_nist:`2016-7039`, :cve_nist:`2016-7042`, :cve_nist:`2016-7097`, :cve_nist:`2016-7117`, :cve_nist:`2016-7425`, :cve_nist:`2016-7910`, :cve_nist:`2016-7911`, :cve_nist:`2016-7912`, :cve_nist:`2016-7913`, :cve_nist:`2016-7914`, :cve_nist:`2016-7915`, :cve_nist:`2016-7916`, :cve_nist:`2016-7917`, :cve_nist:`2016-8399`, :cve_nist:`2016-8405`, :cve_nist:`2016-8630`, :cve_nist:`2016-8632`, :cve_nist:`2016-8633`, :cve_nist:`2016-8636`, :cve_nist:`2016-8645`, :cve_nist:`2016-8646`, :cve_nist:`2016-8650`, :cve_nist:`2016-8655`, :cve_nist:`2016-8658`, :cve_nist:`2016-8666`, :cve_nist:`2016-9083`, :cve_nist:`2016-9084`, :cve_nist:`2016-9120`, :cve_nist:`2016-9178`, :cve_nist:`2016-9191`, :cve_nist:`2016-9313`, :cve_nist:`2016-9555`, :cve_nist:`2016-9576`, :cve_nist:`2016-9588`, :cve_nist:`2016-9604`, :cve_nist:`2016-9685`, :cve_nist:`2016-9754`, :cve_nist:`2016-9755`, :cve_nist:`2016-9756`, :cve_nist:`2016-9777`, :cve_nist:`2016-9793`, :cve_nist:`2016-9794`, :cve_nist:`2016-9806`, :cve_nist:`2016-9919`, :cve_nist:`2017-0605`, :cve_nist:`2017-0627`, :cve_nist:`2017-0750`, :cve_nist:`2017-0786`, :cve_nist:`2017-0861`, :cve_nist:`2017-1000`, :cve_nist:`2017-1000111`, :cve_nist:`2017-1000112`, :cve_nist:`2017-1000251`, :cve_nist:`2017-1000252`, :cve_nist:`2017-1000253`, :cve_nist:`2017-1000255`, :cve_nist:`2017-1000363`, :cve_nist:`2017-1000364`, :cve_nist:`2017-1000365`, :cve_nist:`2017-1000370`, :cve_nist:`2017-1000371`, :cve_nist:`2017-1000379`, :cve_nist:`2017-1000380`, :cve_nist:`2017-1000405`, :cve_nist:`2017-1000407`, :cve_nist:`2017-1000410`, :cve_nist:`2017-10661`, :cve_nist:`2017-10662`, :cve_nist:`2017-10663`, :cve_nist:`2017-10810`, :cve_nist:`2017-10911`, :cve_nist:`2017-11089`, :cve_nist:`2017-11176`, :cve_nist:`2017-11472`, :cve_nist:`2017-11473`, :cve_nist:`2017-11600`, :cve_nist:`2017-12134`, :cve_nist:`2017-12146`, :cve_nist:`2017-12153`, :cve_nist:`2017-12154`, :cve_nist:`2017-12168`, :cve_nist:`2017-12188`, :cve_nist:`2017-12190`, :cve_nist:`2017-12192`, :cve_nist:`2017-12193`, :cve_nist:`2017-12762`, :cve_nist:`2017-13080`, :cve_nist:`2017-13166`, :cve_nist:`2017-13167`, :cve_nist:`2017-13168`, :cve_nist:`2017-13215`, :cve_nist:`2017-13216`, :cve_nist:`2017-13220`, :cve_nist:`2017-13305`, :cve_nist:`2017-13686`, :cve_nist:`2017-13695`, :cve_nist:`2017-13715`, :cve_nist:`2017-14051`, :cve_nist:`2017-14106`, :cve_nist:`2017-14140`, :cve_nist:`2017-14156`, :cve_nist:`2017-14340`, :cve_nist:`2017-14489`, :cve_nist:`2017-14497`, :cve_nist:`2017-14954`, :cve_nist:`2017-14991`, :cve_nist:`2017-15102`, :cve_nist:`2017-15115`, :cve_nist:`2017-15116`, :cve_nist:`2017-15121`, :cve_nist:`2017-15126`, :cve_nist:`2017-15127`, :cve_nist:`2017-15128`, :cve_nist:`2017-15129`, :cve_nist:`2017-15265`, :cve_nist:`2017-15274`, :cve_nist:`2017-15299`, :cve_nist:`2017-15306`, :cve_nist:`2017-15537`, :cve_nist:`2017-15649`, :cve_nist:`2017-15868`, :cve_nist:`2017-15951`, :cve_nist:`2017-16525`, :cve_nist:`2017-16526`, :cve_nist:`2017-16527`, :cve_nist:`2017-16528`, :cve_nist:`2017-16529`, :cve_nist:`2017-16530`, :cve_nist:`2017-16531`, :cve_nist:`2017-16532`, :cve_nist:`2017-16533`, :cve_nist:`2017-16534`, :cve_nist:`2017-16535`, :cve_nist:`2017-16536`, :cve_nist:`2017-16537`, :cve_nist:`2017-16538`, :cve_nist:`2017-16643`, :cve_nist:`2017-16644`, :cve_nist:`2017-16645`, :cve_nist:`2017-16646`, :cve_nist:`2017-16647`, :cve_nist:`2017-16648`, :cve_nist:`2017-16649`, :cve_nist:`2017-16650`, :cve_nist:`2017-16911`, :cve_nist:`2017-16912`, :cve_nist:`2017-16913`, :cve_nist:`2017-16914`, :cve_nist:`2017-16939`, :cve_nist:`2017-16994`, :cve_nist:`2017-16995`, :cve_nist:`2017-16996`, :cve_nist:`2017-17052`, :cve_nist:`2017-17053`, :cve_nist:`2017-17448`, :cve_nist:`2017-17449`, :cve_nist:`2017-17450`, :cve_nist:`2017-17558`, :cve_nist:`2017-17712`, :cve_nist:`2017-17741`, :cve_nist:`2017-17805`, :cve_nist:`2017-17806`, :cve_nist:`2017-17807`, :cve_nist:`2017-17852`, :cve_nist:`2017-17853`, :cve_nist:`2017-17854`, :cve_nist:`2017-17855`, :cve_nist:`2017-17856`, :cve_nist:`2017-17857`, :cve_nist:`2017-17862`, :cve_nist:`2017-17863`, :cve_nist:`2017-17864`, :cve_nist:`2017-17975`, :cve_nist:`2017-18017`, :cve_nist:`2017-18075`, :cve_nist:`2017-18079`, :cve_nist:`2017-18174`, :cve_nist:`2017-18193`, :cve_nist:`2017-18200`, :cve_nist:`2017-18202`, :cve_nist:`2017-18203`, :cve_nist:`2017-18204`, :cve_nist:`2017-18208`, :cve_nist:`2017-18216`, :cve_nist:`2017-18218`, :cve_nist:`2017-18221`, :cve_nist:`2017-18222`, :cve_nist:`2017-18224`, :cve_nist:`2017-18232`, :cve_nist:`2017-18241`, :cve_nist:`2017-18249`, :cve_nist:`2017-18255`, :cve_nist:`2017-18257`, :cve_nist:`2017-18261`, :cve_nist:`2017-18270`, :cve_nist:`2017-18344`, :cve_nist:`2017-18360`, :cve_nist:`2017-18379`, :cve_nist:`2017-18509`, :cve_nist:`2017-18549`, :cve_nist:`2017-18550`, :cve_nist:`2017-18551`, :cve_nist:`2017-18552`, :cve_nist:`2017-18595`, :cve_nist:`2017-2583`, :cve_nist:`2017-2584`, :cve_nist:`2017-2596`, :cve_nist:`2017-2618`, :cve_nist:`2017-2634`, :cve_nist:`2017-2636`, :cve_nist:`2017-2647`, :cve_nist:`2017-2671`, :cve_nist:`2017-5123`, :cve_nist:`2017-5546`, :cve_nist:`2017-5547`, :cve_nist:`2017-5548`, :cve_nist:`2017-5549`, :cve_nist:`2017-5550`, :cve_nist:`2017-5551`, :cve_nist:`2017-5576`, :cve_nist:`2017-5577`, :cve_nist:`2017-5669`, :cve_nist:`2017-5715`, :cve_nist:`2017-5753`, :cve_nist:`2017-5754`, :cve_nist:`2017-5897`, :cve_nist:`2017-5967`, :cve_nist:`2017-5970`, :cve_nist:`2017-5972`, :cve_nist:`2017-5986`, :cve_nist:`2017-6001`, :cve_nist:`2017-6074`, :cve_nist:`2017-6214`, :cve_nist:`2017-6345`, :cve_nist:`2017-6346`, :cve_nist:`2017-6347`, :cve_nist:`2017-6348`, :cve_nist:`2017-6353`, :cve_nist:`2017-6874`, :cve_nist:`2017-6951`, :cve_nist:`2017-7184`, :cve_nist:`2017-7187`, :cve_nist:`2017-7261`, :cve_nist:`2017-7273`, :cve_nist:`2017-7277`, :cve_nist:`2017-7294`, :cve_nist:`2017-7308`, :cve_nist:`2017-7346`, :cve_nist:`2017-7374`, :cve_nist:`2017-7472`, :cve_nist:`2017-7477`, :cve_nist:`2017-7482`, :cve_nist:`2017-7487`, :cve_nist:`2017-7495`, :cve_nist:`2017-7518`, :cve_nist:`2017-7533`, :cve_nist:`2017-7541`, :cve_nist:`2017-7542`, :cve_nist:`2017-7558`, :cve_nist:`2017-7616`, :cve_nist:`2017-7618`, :cve_nist:`2017-7645`, :cve_nist:`2017-7889`, :cve_nist:`2017-7895`, :cve_nist:`2017-7979`, :cve_nist:`2017-8061`, :cve_nist:`2017-8062`, :cve_nist:`2017-8063`, :cve_nist:`2017-8064`, :cve_nist:`2017-8065`, :cve_nist:`2017-8066`, :cve_nist:`2017-8067`, :cve_nist:`2017-8068`, :cve_nist:`2017-8069`, :cve_nist:`2017-8070`, :cve_nist:`2017-8071`, :cve_nist:`2017-8072`, :cve_nist:`2017-8106`, :cve_nist:`2017-8240`, :cve_nist:`2017-8797`, :cve_nist:`2017-8824`, :cve_nist:`2017-8831`, :cve_nist:`2017-8890`, :cve_nist:`2017-8924`, :cve_nist:`2017-8925`, :cve_nist:`2017-9059`, :cve_nist:`2017-9074`, :cve_nist:`2017-9075`, :cve_nist:`2017-9076`, :cve_nist:`2017-9077`, :cve_nist:`2017-9150`, :cve_nist:`2017-9211`, :cve_nist:`2017-9242`, :cve_nist:`2017-9605`, :cve_nist:`2017-9725`, :cve_nist:`2017-9984`, :cve_nist:`2017-9985`, :cve_nist:`2017-9986`, :cve_nist:`2018-1000004`, :cve_nist:`2018-1000026`, :cve_nist:`2018-1000028`, :cve_nist:`2018-1000199`, :cve_nist:`2018-1000200`, :cve_nist:`2018-1000204`, :cve_nist:`2018-10021`, :cve_nist:`2018-10074`, :cve_nist:`2018-10087`, :cve_nist:`2018-10124`, :cve_nist:`2018-10322`, :cve_nist:`2018-10323`, :cve_nist:`2018-1065`, :cve_nist:`2018-1066`, :cve_nist:`2018-10675`, :cve_nist:`2018-1068`, :cve_nist:`2018-10840`, :cve_nist:`2018-10853`, :cve_nist:`2018-1087`, :cve_nist:`2018-10876`, :cve_nist:`2018-10877`, :cve_nist:`2018-10878`, :cve_nist:`2018-10879`, :cve_nist:`2018-10880`, :cve_nist:`2018-10881`, :cve_nist:`2018-10882`, :cve_nist:`2018-10883`, :cve_nist:`2018-10901`, :cve_nist:`2018-10902`, :cve_nist:`2018-1091`, :cve_nist:`2018-1092`, :cve_nist:`2018-1093`, :cve_nist:`2018-10938`, :cve_nist:`2018-1094`, :cve_nist:`2018-10940`, :cve_nist:`2018-1095`, :cve_nist:`2018-1108`, :cve_nist:`2018-1118`, :cve_nist:`2018-1120`, :cve_nist:`2018-11232`, :cve_nist:`2018-1128`, :cve_nist:`2018-1129`, :cve_nist:`2018-1130`, :cve_nist:`2018-11412`, :cve_nist:`2018-11506`, :cve_nist:`2018-11508`, :cve_nist:`2018-12126`, :cve_nist:`2018-12127`, :cve_nist:`2018-12130`, :cve_nist:`2018-12207`, :cve_nist:`2018-12232`, :cve_nist:`2018-12233`, :cve_nist:`2018-12633`, :cve_nist:`2018-12714`, :cve_nist:`2018-12896`, :cve_nist:`2018-12904`, :cve_nist:`2018-13053`, :cve_nist:`2018-13093`, :cve_nist:`2018-13094`, :cve_nist:`2018-13095`, :cve_nist:`2018-13096`, :cve_nist:`2018-13097`, :cve_nist:`2018-13098`, :cve_nist:`2018-13099`, :cve_nist:`2018-13100`, :cve_nist:`2018-13405`, :cve_nist:`2018-13406`, :cve_nist:`2018-14609`, :cve_nist:`2018-14610`, :cve_nist:`2018-14611`, :cve_nist:`2018-14612`, :cve_nist:`2018-14613`, :cve_nist:`2018-14614`, :cve_nist:`2018-14615`, :cve_nist:`2018-14616`, :cve_nist:`2018-14617`, :cve_nist:`2018-14619`, :cve_nist:`2018-14625`, :cve_nist:`2018-14633`, :cve_nist:`2018-14634`, :cve_nist:`2018-14641`, :cve_nist:`2018-14646`, :cve_nist:`2018-14656`, :cve_nist:`2018-14678`, :cve_nist:`2018-14734`, :cve_nist:`2018-15471`, :cve_nist:`2018-15572`, :cve_nist:`2018-15594`, :cve_nist:`2018-16276`, :cve_nist:`2018-16597`, :cve_nist:`2018-16658`, :cve_nist:`2018-16862`, :cve_nist:`2018-16871`, :cve_nist:`2018-16880`, :cve_nist:`2018-16882`, :cve_nist:`2018-16884`, :cve_nist:`2018-17182`, :cve_nist:`2018-17972`, :cve_nist:`2018-18021`, :cve_nist:`2018-18281`, :cve_nist:`2018-18386`, :cve_nist:`2018-18397`, :cve_nist:`2018-18445`, :cve_nist:`2018-18559`, :cve_nist:`2018-18690`, :cve_nist:`2018-18710`, :cve_nist:`2018-18955`, :cve_nist:`2018-19406`, :cve_nist:`2018-19407`, :cve_nist:`2018-19824`, :cve_nist:`2018-19854`, :cve_nist:`2018-19985`, :cve_nist:`2018-20169`, :cve_nist:`2018-20449`, :cve_nist:`2018-20509`, :cve_nist:`2018-20510`, :cve_nist:`2018-20511`, :cve_nist:`2018-20669`, :cve_nist:`2018-20784`, :cve_nist:`2018-20836`, :cve_nist:`2018-20854`, :cve_nist:`2018-20855`, :cve_nist:`2018-20856`, :cve_nist:`2018-20961`, :cve_nist:`2018-20976`, :cve_nist:`2018-21008`, :cve_nist:`2018-25015`, :cve_nist:`2018-25020`, :cve_nist:`2018-3620`, :cve_nist:`2018-3639`, :cve_nist:`2018-3646`, :cve_nist:`2018-3665`, :cve_nist:`2018-3693`, :cve_nist:`2018-5332`, :cve_nist:`2018-5333`, :cve_nist:`2018-5344`, :cve_nist:`2018-5390`, :cve_nist:`2018-5391`, :cve_nist:`2018-5703`, :cve_nist:`2018-5750`, :cve_nist:`2018-5803`, :cve_nist:`2018-5814`, :cve_nist:`2018-5848`, :cve_nist:`2018-5873`, :cve_nist:`2018-5953`, :cve_nist:`2018-5995`, :cve_nist:`2018-6412`, :cve_nist:`2018-6554`, :cve_nist:`2018-6555`, :cve_nist:`2018-6927`, :cve_nist:`2018-7191`, :cve_nist:`2018-7273`, :cve_nist:`2018-7480`, :cve_nist:`2018-7492`, :cve_nist:`2018-7566`, :cve_nist:`2018-7740`, :cve_nist:`2018-7754`, :cve_nist:`2018-7755`, :cve_nist:`2018-7757`, :cve_nist:`2018-7995`, :cve_nist:`2018-8043`, :cve_mitre:`2018-8087`, :cve_mitre:`2018-8781`, :cve_mitre:`2018-8822`, :cve_mitre:`2018-8897`, :cve_mitre:`2018-9363`, :cve_mitre:`2018-9385`, :cve_mitre:`2018-9415`, :cve_mitre:`2018-9422`, :cve_mitre:`2018-9465`, :cve_mitre:`2018-9516`, :cve_mitre:`2018-9517`, :cve_mitre:`2018-9518` and :cve_mitre:`2018-9568`
+-  linux-yocto/6.1 (Continued): Ignore :cve_nist:`2019-0136`, :cve_nist:`2019-0145`, :cve_nist:`2019-0146`, :cve_nist:`2019-0147`, :cve_nist:`2019-0148`, :cve_nist:`2019-0149`, :cve_nist:`2019-0154`, :cve_nist:`2019-0155`, :cve_nist:`2019-10124`, :cve_nist:`2019-10125`, :cve_nist:`2019-10126`, :cve_nist:`2019-10142`, :cve_nist:`2019-10207`, :cve_nist:`2019-10220`, :cve_nist:`2019-10638`, :cve_nist:`2019-10639`, :cve_nist:`2019-11085`, :cve_nist:`2019-11091`, :cve_nist:`2019-11135`, :cve_nist:`2019-11190`, :cve_nist:`2019-11191`, :cve_nist:`2019-1125`, :cve_nist:`2019-11477`, :cve_nist:`2019-11478`, :cve_nist:`2019-11479`, :cve_nist:`2019-11486`, :cve_nist:`2019-11487`, :cve_nist:`2019-11599`, :cve_nist:`2019-11683`, :cve_nist:`2019-11810`, :cve_nist:`2019-11811`, :cve_nist:`2019-11815`, :cve_nist:`2019-11833`, :cve_nist:`2019-11884`, :cve_nist:`2019-12378`, :cve_nist:`2019-12379`, :cve_nist:`2019-12380`, :cve_nist:`2019-12381`, :cve_nist:`2019-12382`, :cve_nist:`2019-12454`, :cve_nist:`2019-12455`, :cve_nist:`2019-12614`, :cve_nist:`2019-12615`, :cve_nist:`2019-12817`, :cve_nist:`2019-12818`, :cve_nist:`2019-12819`, :cve_nist:`2019-12881`, :cve_nist:`2019-12984`, :cve_nist:`2019-13233`, :cve_nist:`2019-13272`, :cve_nist:`2019-13631`, :cve_nist:`2019-13648`, :cve_nist:`2019-14283`, :cve_nist:`2019-14284`, :cve_nist:`2019-14615`, :cve_nist:`2019-14763`, :cve_nist:`2019-14814`, :cve_nist:`2019-14815`, :cve_nist:`2019-14816`, :cve_nist:`2019-14821`, :cve_nist:`2019-14835`, :cve_nist:`2019-14895`, :cve_nist:`2019-14896`, :cve_nist:`2019-14897`, :cve_nist:`2019-14901`, :cve_nist:`2019-15030`, :cve_nist:`2019-15031`, :cve_nist:`2019-15090`, :cve_nist:`2019-15098`, :cve_nist:`2019-15099`, :cve_nist:`2019-15117`, :cve_nist:`2019-15118`, :cve_nist:`2019-15211`, :cve_nist:`2019-15212`, :cve_nist:`2019-15213`, :cve_nist:`2019-15214`, :cve_nist:`2019-15215`, :cve_nist:`2019-15216`, :cve_nist:`2019-15217`, :cve_nist:`2019-15218`, :cve_nist:`2019-15219`, :cve_nist:`2019-15220`, :cve_nist:`2019-15221`, :cve_nist:`2019-15222`, :cve_nist:`2019-15223`, :cve_nist:`2019-15291`, :cve_nist:`2019-15292`, :cve_nist:`2019-15504`, :cve_nist:`2019-15505`, :cve_nist:`2019-15538`, :cve_nist:`2019-15666`, :cve_nist:`2019-15794`, :cve_nist:`2019-15807`, :cve_nist:`2019-15916`, :cve_nist:`2019-15917`, :cve_nist:`2019-15918`, :cve_nist:`2019-15919`, :cve_nist:`2019-15920`, :cve_nist:`2019-15921`, :cve_nist:`2019-15922`, :cve_nist:`2019-15923`, :cve_nist:`2019-15924`, :cve_nist:`2019-15925`, :cve_nist:`2019-15926`, :cve_nist:`2019-15927`, :cve_nist:`2019-16229`, :cve_nist:`2019-16230`, :cve_nist:`2019-16231`, :cve_nist:`2019-16232`, :cve_nist:`2019-16233`, :cve_nist:`2019-16234`, :cve_nist:`2019-16413`, :cve_nist:`2019-16714`, :cve_nist:`2019-16746`, :cve_nist:`2019-16921`, :cve_nist:`2019-16994`, :cve_nist:`2019-16995`, :cve_nist:`2019-17052`, :cve_nist:`2019-17053`, :cve_nist:`2019-17054`, :cve_nist:`2019-17055`, :cve_nist:`2019-17056`, :cve_nist:`2019-17075`, :cve_nist:`2019-17133`, :cve_nist:`2019-17351`, :cve_nist:`2019-17666`, :cve_nist:`2019-18198`, :cve_nist:`2019-18282`, :cve_nist:`2019-18660`, :cve_nist:`2019-18675`, :cve_nist:`2019-18683`, :cve_nist:`2019-18786`, :cve_nist:`2019-18805`, :cve_nist:`2019-18806`, :cve_nist:`2019-18807`, :cve_nist:`2019-18808`, :cve_nist:`2019-18809`, :cve_nist:`2019-18810`, :cve_nist:`2019-18811`, :cve_nist:`2019-18812`, :cve_nist:`2019-18813`, :cve_nist:`2019-18814`, :cve_nist:`2019-18885`, :cve_nist:`2019-19036`, :cve_nist:`2019-19037`, :cve_nist:`2019-19039`, :cve_nist:`2019-19043`, :cve_nist:`2019-19044`, :cve_nist:`2019-19045`, :cve_nist:`2019-19046`, :cve_nist:`2019-19047`, :cve_nist:`2019-19048`, :cve_nist:`2019-19049`, :cve_nist:`2019-19050`, :cve_nist:`2019-19051`, :cve_nist:`2019-19052`, :cve_nist:`2019-19053`, :cve_nist:`2019-19054`, :cve_nist:`2019-19055`, :cve_nist:`2019-19056`, :cve_nist:`2019-19057`, :cve_nist:`2019-19058`, :cve_nist:`2019-19059`, :cve_nist:`2019-19060`, :cve_nist:`2019-19061`, :cve_nist:`2019-19062`, :cve_nist:`2019-19063`, :cve_nist:`2019-19064`, :cve_nist:`2019-19065`, :cve_nist:`2019-19066`, :cve_nist:`2019-19067`, :cve_nist:`2019-19068`, :cve_nist:`2019-19069`, :cve_nist:`2019-19070`, :cve_nist:`2019-19071`, :cve_nist:`2019-19072`, :cve_nist:`2019-19073`, :cve_nist:`2019-19074`, :cve_nist:`2019-19075`, :cve_nist:`2019-19076`, :cve_nist:`2019-19077`, :cve_nist:`2019-19078`, :cve_nist:`2019-19079`, :cve_nist:`2019-19080`, :cve_nist:`2019-19081`, :cve_nist:`2019-19082`, :cve_nist:`2019-19083`, :cve_nist:`2019-19227`, :cve_nist:`2019-19241`, :cve_nist:`2019-19252`, :cve_nist:`2019-19318`, :cve_nist:`2019-19319`, :cve_nist:`2019-19332`, :cve_nist:`2019-19338`, :cve_nist:`2019-19377`, :cve_nist:`2019-19447`, :cve_nist:`2019-19448`, :cve_nist:`2019-19449`, :cve_nist:`2019-19462`, :cve_nist:`2019-19523`, :cve_nist:`2019-19524`, :cve_nist:`2019-19525`, :cve_nist:`2019-19526`, :cve_nist:`2019-19527`, :cve_nist:`2019-19528`, :cve_nist:`2019-19529`, :cve_nist:`2019-19530`, :cve_nist:`2019-19531`, :cve_nist:`2019-19532`, :cve_nist:`2019-19533`, :cve_nist:`2019-19534`, :cve_nist:`2019-19535`, :cve_nist:`2019-19536`, :cve_nist:`2019-19537`, :cve_nist:`2019-19543`, :cve_nist:`2019-19602`, :cve_nist:`2019-19767`, :cve_nist:`2019-19768`, :cve_nist:`2019-19769`, :cve_nist:`2019-19770`, :cve_nist:`2019-19807`, :cve_nist:`2019-19813`, :cve_nist:`2019-19815`, :cve_nist:`2019-19816`, :cve_nist:`2019-19922`, :cve_nist:`2019-19927`, :cve_nist:`2019-19947`, :cve_nist:`2019-19965`, :cve_nist:`2019-19966`, :cve_nist:`2019-1999`, :cve_nist:`2019-20054`, :cve_nist:`2019-20095`, :cve_nist:`2019-20096`, :cve_nist:`2019-2024`, :cve_nist:`2019-2025`, :cve_nist:`2019-20422`, :cve_nist:`2019-2054`, :cve_nist:`2019-20636`, :cve_nist:`2019-20806`, :cve_nist:`2019-20810`, :cve_nist:`2019-20811`, :cve_nist:`2019-20812`, :cve_nist:`2019-20908`, :cve_nist:`2019-20934`, :cve_nist:`2019-2101`, :cve_nist:`2019-2181`, :cve_nist:`2019-2182`, :cve_nist:`2019-2213`, :cve_nist:`2019-2214`, :cve_nist:`2019-2215`, :cve_nist:`2019-25044`, :cve_nist:`2019-25045`, :cve_nist:`2019-3016`, :cve_nist:`2019-3459`, :cve_nist:`2019-3460`, :cve_nist:`2019-3701`, :cve_nist:`2019-3819`, :cve_nist:`2019-3837`, :cve_nist:`2019-3846`, :cve_nist:`2019-3874`, :cve_nist:`2019-3882`, :cve_nist:`2019-3887`, :cve_nist:`2019-3892`, :cve_nist:`2019-3896`, :cve_nist:`2019-3900`, :cve_nist:`2019-3901`, :cve_nist:`2019-5108`, :cve_nist:`2019-6133`, :cve_nist:`2019-6974`, :cve_nist:`2019-7221`, :cve_nist:`2019-7222`, :cve_nist:`2019-7308`, :cve_nist:`2019-8912`, :cve_nist:`2019-8956`, :cve_nist:`2019-8980`, :cve_nist:`2019-9003`, :cve_nist:`2019-9162`, :cve_nist:`2019-9213`, :cve_nist:`2019-9245`, :cve_nist:`2019-9444`, :cve_nist:`2019-9445`, :cve_nist:`2019-9453`, :cve_nist:`2019-9454`, :cve_nist:`2019-9455`, :cve_nist:`2019-9456`, :cve_nist:`2019-9457`, :cve_nist:`2019-9458`, :cve_nist:`2019-9466`, :cve_nist:`2019-9500`, :cve_nist:`2019-9503`, :cve_nist:`2019-9506`, :cve_nist:`2019-9857`, :cve_nist:`2020-0009`, :cve_nist:`2020-0030`, :cve_nist:`2020-0041`, :cve_nist:`2020-0066`, :cve_nist:`2020-0067`, :cve_nist:`2020-0110`, :cve_nist:`2020-0255`, :cve_nist:`2020-0305`, :cve_nist:`2020-0404`, :cve_nist:`2020-0423`, :cve_nist:`2020-0427`, :cve_nist:`2020-0429`, :cve_nist:`2020-0430`, :cve_nist:`2020-0431`, :cve_nist:`2020-0432`, :cve_nist:`2020-0433`, :cve_nist:`2020-0435`, :cve_nist:`2020-0444`, :cve_nist:`2020-0465`, :cve_nist:`2020-0466`, :cve_nist:`2020-0543`, :cve_nist:`2020-10135`, :cve_nist:`2020-10690`, :cve_nist:`2020-10711`, :cve_nist:`2020-10720`, :cve_nist:`2020-10732`, :cve_nist:`2020-10742`, :cve_nist:`2020-10751`, :cve_nist:`2020-10757`, :cve_nist:`2020-10766`, :cve_nist:`2020-10767`, :cve_nist:`2020-10768`, :cve_nist:`2020-10769`, :cve_nist:`2020-10773`, :cve_nist:`2020-10781`, :cve_nist:`2020-10942`, :cve_nist:`2020-11494`, :cve_nist:`2020-11565`, :cve_nist:`2020-11608`, :cve_nist:`2020-11609`, :cve_nist:`2020-11668`, :cve_nist:`2020-11669`, :cve_nist:`2020-11884`, :cve_nist:`2020-12114`, :cve_nist:`2020-12351`, :cve_nist:`2020-12352`, :cve_nist:`2020-12362`, :cve_nist:`2020-12363`, :cve_nist:`2020-12364`, :cve_nist:`2020-12464`, :cve_nist:`2020-12465`, :cve_nist:`2020-12652`, :cve_nist:`2020-12653`, :cve_nist:`2020-12654`, :cve_nist:`2020-12655`, :cve_nist:`2020-12656`, :cve_nist:`2020-12657`, :cve_nist:`2020-12659`, :cve_nist:`2020-12768`, :cve_nist:`2020-12769`, :cve_nist:`2020-12770`, :cve_nist:`2020-12771`, :cve_nist:`2020-12826`, :cve_nist:`2020-12888`, :cve_nist:`2020-12912`, :cve_nist:`2020-13143`, :cve_nist:`2020-13974`, :cve_nist:`2020-14305`, :cve_nist:`2020-14314`, :cve_nist:`2020-14331`, :cve_nist:`2020-14351`, :cve_nist:`2020-14353`, :cve_nist:`2020-14356`, :cve_nist:`2020-14381`, :cve_nist:`2020-14385`, :cve_nist:`2020-14386`, :cve_nist:`2020-14390`, :cve_nist:`2020-14416`, :cve_nist:`2020-15393`, :cve_nist:`2020-15436`, :cve_nist:`2020-15437`, :cve_nist:`2020-15780`, :cve_nist:`2020-15852`, :cve_nist:`2020-16119`, :cve_nist:`2020-16120`, :cve_nist:`2020-16166`, :cve_nist:`2020-1749`, :cve_nist:`2020-24394`, :cve_nist:`2020-24490`, :cve_nist:`2020-24504`, :cve_nist:`2020-24586`, :cve_nist:`2020-24587`, :cve_nist:`2020-24588`, :cve_nist:`2020-25211`, :cve_nist:`2020-25212`, :cve_nist:`2020-25221`, :cve_nist:`2020-25284`, :cve_nist:`2020-25285`, :cve_nist:`2020-25639`, :cve_nist:`2020-25641`, :cve_nist:`2020-25643`, :cve_nist:`2020-25645`, :cve_nist:`2020-25656`, :cve_nist:`2020-25668`, :cve_nist:`2020-25669`, :cve_nist:`2020-25670`, :cve_nist:`2020-25671`, :cve_nist:`2020-25672`, :cve_nist:`2020-25673`, :cve_nist:`2020-25704`, :cve_nist:`2020-25705`, :cve_nist:`2020-26088`, :cve_nist:`2020-26139`, :cve_nist:`2020-26141`, :cve_nist:`2020-26145`, :cve_nist:`2020-26147`, :cve_nist:`2020-26541`, :cve_nist:`2020-26555`, :cve_nist:`2020-26558`, :cve_nist:`2020-27066`, :cve_nist:`2020-27067`, :cve_nist:`2020-27068`, :cve_nist:`2020-27152`, :cve_nist:`2020-27170`, :cve_nist:`2020-27171`, :cve_nist:`2020-27194`, :cve_nist:`2020-2732`, :cve_nist:`2020-27673`, :cve_nist:`2020-27675`, :cve_nist:`2020-27777`, :cve_nist:`2020-27784`, :cve_nist:`2020-27786`, :cve_nist:`2020-27815`, :cve_nist:`2020-27820`, :cve_nist:`2020-27825`, :cve_nist:`2020-27830`, :cve_nist:`2020-27835`, :cve_nist:`2020-28097`, :cve_nist:`2020-28374`, :cve_nist:`2020-28588`, :cve_nist:`2020-28915`, :cve_nist:`2020-28941`, :cve_nist:`2020-28974`, :cve_nist:`2020-29368`, :cve_nist:`2020-29369`, :cve_nist:`2020-29370`, :cve_nist:`2020-29371`, :cve_nist:`2020-29372`, :cve_nist:`2020-29373`, :cve_nist:`2020-29374`, :cve_nist:`2020-29534`, :cve_nist:`2020-29568`, :cve_nist:`2020-29569`, :cve_nist:`2020-29660`, :cve_nist:`2020-29661`, :cve_nist:`2020-35499`, :cve_nist:`2020-35508`, :cve_nist:`2020-35513`, :cve_nist:`2020-35519`, :cve_nist:`2020-36158`, :cve_nist:`2020-36310`, :cve_nist:`2020-36311`, :cve_nist:`2020-36312`, :cve_nist:`2020-36313`, :cve_nist:`2020-36322`, :cve_nist:`2020-36385`, :cve_nist:`2020-36386`, :cve_nist:`2020-36387`, :cve_nist:`2020-36516`, :cve_nist:`2020-36557`, :cve_nist:`2020-36558`, :cve_nist:`2020-36691`, :cve_nist:`2020-36694`, :cve_nist:`2020-36766`, :cve_nist:`2020-3702`, :cve_nist:`2020-4788`, :cve_nist:`2020-7053`, :cve_nist:`2020-8428`, :cve_nist:`2020-8647`, :cve_nist:`2020-8648`, :cve_nist:`2020-8649`, :cve_nist:`2020-8694`, :cve_nist:`2020-8834`, :cve_nist:`2020-8835`, :cve_nist:`2020-8992`, :cve_nist:`2020-9383`, :cve_nist:`2020-9391`, :cve_nist:`2021-0129`, :cve_nist:`2021-0342`, :cve_mitre:`2021-0447`, :cve_mitre:`2021-0448`, :cve_nist:`2021-0512`, :cve_nist:`2021-0605`, :cve_nist:`2021-0707`, :cve_nist:`2021-0920`, :cve_nist:`2021-0929`, :cve_nist:`2021-0935`, :cve_mitre:`2021-0937`, :cve_nist:`2021-0938`, :cve_nist:`2021-0941`, :cve_nist:`2021-1048`, :cve_nist:`2021-20177`, :cve_nist:`2021-20194`, :cve_nist:`2021-20226`, :cve_nist:`2021-20239`, :cve_nist:`2021-20261`, :cve_nist:`2021-20265`, :cve_nist:`2021-20268`, :cve_nist:`2021-20292`, :cve_nist:`2021-20317`, :cve_nist:`2021-20320`, :cve_nist:`2021-20321`, :cve_nist:`2021-20322`, :cve_nist:`2021-21781`, :cve_nist:`2021-22543`, :cve_nist:`2021-22555`, :cve_nist:`2021-22600`, :cve_nist:`2021-23133`, :cve_nist:`2021-23134`, :cve_nist:`2021-26401`, :cve_nist:`2021-26708`, :cve_nist:`2021-26930`, :cve_nist:`2021-26931`, :cve_nist:`2021-26932`, :cve_nist:`2021-27363`, :cve_nist:`2021-27364`, :cve_nist:`2021-27365`, :cve_nist:`2021-28038`, :cve_nist:`2021-28039`, :cve_nist:`2021-28375`, :cve_nist:`2021-28660`, :cve_nist:`2021-28688`, :cve_nist:`2021-28691`, :cve_nist:`2021-28711`, :cve_nist:`2021-28712`, :cve_nist:`2021-28713`, :cve_nist:`2021-28714`, :cve_nist:`2021-28715`, :cve_nist:`2021-28950`, :cve_nist:`2021-28951`, :cve_nist:`2021-28952`, :cve_nist:`2021-28964`, :cve_nist:`2021-28971`, :cve_nist:`2021-28972`, :cve_nist:`2021-29154`, :cve_nist:`2021-29155`, :cve_nist:`2021-29264`, :cve_nist:`2021-29265`, :cve_nist:`2021-29266`, :cve_nist:`2021-29646`, :cve_nist:`2021-29647`, :cve_nist:`2021-29648`, :cve_nist:`2021-29649`, :cve_nist:`2021-29650`, :cve_nist:`2021-29657`, :cve_nist:`2021-30002`, :cve_nist:`2021-30178`, :cve_nist:`2021-31440`, :cve_nist:`2021-3178`, :cve_nist:`2021-31829`, :cve_nist:`2021-31916`, :cve_nist:`2021-32078`, :cve_nist:`2021-32399`, :cve_nist:`2021-32606`, :cve_nist:`2021-33033`, :cve_nist:`2021-33034`, :cve_nist:`2021-33061`, :cve_nist:`2021-33098`, :cve_nist:`2021-33135`, :cve_nist:`2021-33200`, :cve_nist:`2021-3347`, :cve_nist:`2021-3348`, :cve_nist:`2021-33624`, :cve_nist:`2021-33655`, :cve_nist:`2021-33656`, :cve_nist:`2021-33909`, :cve_nist:`2021-3411`, :cve_nist:`2021-3428`, :cve_nist:`2021-3444`, :cve_nist:`2021-34556`, :cve_nist:`2021-34693`, :cve_nist:`2021-3483`, :cve_nist:`2021-34866`, :cve_nist:`2021-3489`, :cve_nist:`2021-3490`, :cve_nist:`2021-3491`, :cve_nist:`2021-3493`, :cve_mitre:`2021-34981`, :cve_nist:`2021-3501`, :cve_nist:`2021-35039`, :cve_nist:`2021-3506`, :cve_nist:`2021-3543`, :cve_nist:`2021-35477`, :cve_nist:`2021-3564`, :cve_nist:`2021-3573`, :cve_nist:`2021-3587`, :cve_mitre:`2021-3600`, :cve_nist:`2021-3609`, :cve_nist:`2021-3612`, :cve_nist:`2021-3635`, :cve_nist:`2021-3640`, :cve_nist:`2021-3653`, :cve_nist:`2021-3655`, :cve_nist:`2021-3656`, :cve_nist:`2021-3659`, :cve_nist:`2021-3669`, :cve_nist:`2021-3679`, :cve_nist:`2021-3715`, :cve_nist:`2021-37159`, :cve_nist:`2021-3732`, :cve_nist:`2021-3736`, :cve_nist:`2021-3739`, :cve_nist:`2021-3743`, :cve_nist:`2021-3744`, :cve_nist:`2021-3752`, :cve_nist:`2021-3753`, :cve_nist:`2021-37576`, :cve_nist:`2021-3759`, :cve_nist:`2021-3760`, :cve_nist:`2021-3764`, :cve_nist:`2021-3772`, :cve_nist:`2021-38160`, :cve_nist:`2021-38166`, :cve_nist:`2021-38198`, :cve_nist:`2021-38199`, :cve_nist:`2021-38200`, :cve_nist:`2021-38201`, :cve_nist:`2021-38202`, :cve_nist:`2021-38203`, :cve_nist:`2021-38204`, :cve_nist:`2021-38205`, :cve_nist:`2021-38206`, :cve_nist:`2021-38207`, :cve_nist:`2021-38208`, :cve_nist:`2021-38209`, :cve_nist:`2021-38300`, :cve_nist:`2021-3894`, :cve_nist:`2021-3896`, :cve_nist:`2021-3923`, :cve_nist:`2021-39633`, :cve_nist:`2021-39634`, :cve_nist:`2021-39636`, :cve_nist:`2021-39648`, :cve_nist:`2021-39656`, :cve_nist:`2021-39657`, :cve_nist:`2021-39685`, :cve_nist:`2021-39686`, :cve_nist:`2021-39698`, :cve_nist:`2021-39711`, :cve_nist:`2021-39713`, :cve_nist:`2021-39714`, :cve_nist:`2021-4001`, :cve_nist:`2021-4002`, :cve_nist:`2021-4023`, :cve_nist:`2021-4028`, :cve_nist:`2021-4032`, :cve_nist:`2021-4037`, :cve_nist:`2021-40490`, :cve_nist:`2021-4083`, :cve_nist:`2021-4090`, :cve_nist:`2021-4093`, :cve_nist:`2021-4095`, :cve_nist:`2021-41073`, :cve_nist:`2021-4135`, :cve_nist:`2021-4148`, :cve_nist:`2021-4149`, :cve_nist:`2021-4150`, :cve_nist:`2021-4154`, :cve_nist:`2021-4155`, :cve_nist:`2021-4157`, :cve_nist:`2021-4159`, :cve_nist:`2021-41864`, :cve_nist:`2021-4197`, :cve_nist:`2021-42008`, :cve_nist:`2021-4202`, :cve_nist:`2021-4203`, :cve_nist:`2021-4204`, :cve_nist:`2021-4218`, :cve_nist:`2021-42252`, :cve_nist:`2021-42327`, :cve_nist:`2021-42739`, :cve_nist:`2021-43056`, :cve_nist:`2021-43057`, :cve_nist:`2021-43267`, :cve_nist:`2021-43389`, :cve_nist:`2021-43975`, :cve_nist:`2021-43976`, :cve_nist:`2021-44733`, :cve_nist:`2021-44879`, :cve_nist:`2021-45095`, :cve_nist:`2021-45100`, :cve_nist:`2021-45402`, :cve_nist:`2021-45469`, :cve_nist:`2021-45480`, :cve_nist:`2021-45485`, :cve_nist:`2021-45486`, :cve_nist:`2021-45868`, :cve_nist:`2021-46283`, :cve_nist:`2022-0001`, :cve_nist:`2022-0002`, :cve_nist:`2022-0168`, :cve_nist:`2022-0171`, :cve_nist:`2022-0185`, :cve_nist:`2022-0264`, :cve_nist:`2022-0286`, :cve_nist:`2022-0322`, :cve_nist:`2022-0330`, :cve_nist:`2022-0382`, :cve_nist:`2022-0433`, :cve_nist:`2022-0435`, :cve_nist:`2022-0480`, :cve_nist:`2022-0487`, :cve_nist:`2022-0492`, :cve_nist:`2022-0494`, :cve_nist:`2022-0500`, :cve_nist:`2022-0516`, :cve_nist:`2022-0617`, :cve_nist:`2022-0644`, :cve_nist:`2022-0646`, :cve_nist:`2022-0742`, :cve_nist:`2022-0812`, :cve_nist:`2022-0847`, :cve_nist:`2022-0850`, :cve_nist:`2022-0854`, :cve_nist:`2022-0995`, :cve_nist:`2022-0998`, :cve_nist:`2022-1011`, :cve_nist:`2022-1012`, :cve_nist:`2022-1015`, :cve_nist:`2022-1016`, :cve_nist:`2022-1043`, :cve_nist:`2022-1048`, :cve_nist:`2022-1055`, :cve_nist:`2022-1158`, :cve_nist:`2022-1184`, :cve_nist:`2022-1195`, :cve_nist:`2022-1198`, :cve_nist:`2022-1199`, :cve_nist:`2022-1204`, :cve_nist:`2022-1205`, :cve_nist:`2022-1263`, :cve_nist:`2022-1280`, :cve_nist:`2022-1353`, :cve_nist:`2022-1419`, :cve_nist:`2022-1462`, :cve_nist:`2022-1508`, :cve_nist:`2022-1516`, :cve_nist:`2022-1651`, :cve_nist:`2022-1652`, :cve_nist:`2022-1671`, :cve_nist:`2022-1678`, :cve_nist:`2022-1679`, :cve_nist:`2022-1729`, :cve_nist:`2022-1734`, :cve_nist:`2022-1786`, :cve_nist:`2022-1789`, :cve_nist:`2022-1836`, :cve_nist:`2022-1852`, :cve_nist:`2022-1882`, :cve_nist:`2022-1943`, :cve_nist:`2022-1966`, :cve_nist:`2022-1972`, :cve_nist:`2022-1973`, :cve_nist:`2022-1974`, :cve_nist:`2022-1975`, :cve_nist:`2022-1976`, :cve_nist:`2022-1998`, :cve_nist:`2022-20008`, :cve_nist:`2022-20132`, :cve_nist:`2022-20141`, :cve_nist:`2022-20148`, :cve_nist:`2022-20153`, :cve_nist:`2022-20154`, :cve_nist:`2022-20158`, :cve_nist:`2022-20166`, :cve_nist:`2022-20368`, :cve_nist:`2022-20369`, :cve_nist:`2022-20409`, :cve_nist:`2022-20421`, :cve_nist:`2022-20422`, :cve_nist:`2022-20423`, :cve_nist:`2022-20424`, :cve_mitre:`2022-20565`, :cve_nist:`2022-20566`, :cve_nist:`2022-20567`, :cve_nist:`2022-20568`, :cve_nist:`2022-20572`, :cve_nist:`2022-2078`, :cve_nist:`2022-21123`, :cve_nist:`2022-21125`, :cve_nist:`2022-21166`, :cve_nist:`2022-21385`, :cve_nist:`2022-21499`, :cve_mitre:`2022-21505`, :cve_nist:`2022-2153`, :cve_nist:`2022-2196`, :cve_mitre:`2022-22942`, :cve_nist:`2022-23036`, :cve_nist:`2022-23037`, :cve_nist:`2022-23038`, :cve_nist:`2022-23039`, :cve_nist:`2022-23040`, :cve_nist:`2022-23041`, :cve_nist:`2022-23042`, :cve_nist:`2022-2308`, :cve_nist:`2022-2318`, :cve_nist:`2022-23222`, :cve_nist:`2022-2327`, :cve_nist:`2022-2380`, :cve_nist:`2022-23816`, :cve_nist:`2022-23960`, :cve_nist:`2022-24122`, :cve_nist:`2022-24448`, :cve_nist:`2022-24958`, :cve_nist:`2022-24959`, :cve_nist:`2022-2503`, :cve_nist:`2022-25258`, :cve_nist:`2022-25375`, :cve_nist:`2022-25636`, :cve_mitre:`2022-2585`, :cve_mitre:`2022-2586`, :cve_mitre:`2022-2588`, :cve_nist:`2022-2590`, :cve_mitre:`2022-2602`, :cve_nist:`2022-26365`, :cve_nist:`2022-26373`, :cve_nist:`2022-2639`, :cve_nist:`2022-26490`, :cve_nist:`2022-2663`, :cve_nist:`2022-26966`, :cve_nist:`2022-27223`, :cve_nist:`2022-27666`, :cve_nist:`2022-27672`, :cve_nist:`2022-2785`, :cve_nist:`2022-27950`, :cve_nist:`2022-28356`, :cve_nist:`2022-28388`, :cve_nist:`2022-28389`, :cve_nist:`2022-28390`, :cve_nist:`2022-2873`, :cve_nist:`2022-28796`, :cve_nist:`2022-28893`, :cve_nist:`2022-2905`, :cve_nist:`2022-29156`, :cve_nist:`2022-2938`, :cve_nist:`2022-29581`, :cve_nist:`2022-29582`, :cve_nist:`2022-2959`, :cve_nist:`2022-2964`, :cve_nist:`2022-2977`, :cve_nist:`2022-2978`, :cve_nist:`2022-29900`, :cve_nist:`2022-29901`, :cve_nist:`2022-2991`, :cve_nist:`2022-29968`, :cve_nist:`2022-3028`, :cve_nist:`2022-30594`, :cve_nist:`2022-3061`, :cve_nist:`2022-3077`, :cve_nist:`2022-3078`, :cve_nist:`2022-3103`, :cve_nist:`2022-3104`, :cve_nist:`2022-3105`, :cve_nist:`2022-3106`, :cve_nist:`2022-3107`, :cve_nist:`2022-3108`, :cve_nist:`2022-3110`, :cve_nist:`2022-3111`, :cve_nist:`2022-3112`, :cve_nist:`2022-3113`, :cve_nist:`2022-3114`, :cve_nist:`2022-3115`, :cve_nist:`2022-3169`, :cve_nist:`2022-3170`, :cve_nist:`2022-3176`, :cve_nist:`2022-3202`, :cve_nist:`2022-32250`, :cve_nist:`2022-32296`, :cve_nist:`2022-3239`, :cve_nist:`2022-32981`, :cve_nist:`2022-3303`, :cve_nist:`2022-3344`, :cve_nist:`2022-33740`, :cve_nist:`2022-33741`, :cve_nist:`2022-33742`, :cve_nist:`2022-33743`, :cve_nist:`2022-33744`, :cve_nist:`2022-33981`, :cve_nist:`2022-3424`, :cve_nist:`2022-3435`, :cve_nist:`2022-34494`, :cve_nist:`2022-34495`, :cve_nist:`2022-34918`, :cve_nist:`2022-3521`, :cve_nist:`2022-3522`, :cve_nist:`2022-3524`, :cve_nist:`2022-3526`, :cve_nist:`2022-3531`, :cve_nist:`2022-3532`, :cve_nist:`2022-3534`, :cve_nist:`2022-3535`, :cve_nist:`2022-3541`, :cve_nist:`2022-3542`, :cve_nist:`2022-3543`, :cve_nist:`2022-3545`, :cve_nist:`2022-3564`, :cve_nist:`2022-3565`, :cve_nist:`2022-3577`, :cve_nist:`2022-3586`, :cve_nist:`2022-3594`, :cve_nist:`2022-3595`, :cve_nist:`2022-36123`, :cve_nist:`2022-3619`, :cve_nist:`2022-3621`, :cve_nist:`2022-3623`, :cve_nist:`2022-3624`, :cve_nist:`2022-3625`, :cve_nist:`2022-3628`, :cve_nist:`2022-36280`, :cve_nist:`2022-3629`, :cve_nist:`2022-3630`, :cve_nist:`2022-3633`, :cve_nist:`2022-3635`, :cve_nist:`2022-3636`, :cve_nist:`2022-3640`, :cve_nist:`2022-3643`, :cve_nist:`2022-3646`, :cve_nist:`2022-3649`, :cve_nist:`2022-36879`, :cve_nist:`2022-36946`, :cve_nist:`2022-3707`, :cve_nist:`2022-38457`, :cve_nist:`2022-3903`, :cve_nist:`2022-3910`, :cve_nist:`2022-39188`, :cve_nist:`2022-39189`, :cve_nist:`2022-39190`, :cve_nist:`2022-3977`, :cve_nist:`2022-39842`, :cve_nist:`2022-40133`, :cve_nist:`2022-40307`, :cve_nist:`2022-40476`, :cve_nist:`2022-40768`, :cve_nist:`2022-4095`, :cve_nist:`2022-40982`, :cve_nist:`2022-41218`, :cve_nist:`2022-41222`, :cve_nist:`2022-4127`, :cve_nist:`2022-4128`, :cve_nist:`2022-4129`, :cve_nist:`2022-4139`, :cve_nist:`2022-41674`, :cve_nist:`2022-41849`, :cve_nist:`2022-41850`, :cve_nist:`2022-41858`, :cve_nist:`2022-42328`, :cve_nist:`2022-42329`, :cve_nist:`2022-42432`, :cve_nist:`2022-4269`, :cve_nist:`2022-42703`, :cve_nist:`2022-42719`, :cve_nist:`2022-42720`, :cve_nist:`2022-42721`, :cve_nist:`2022-42722`, :cve_nist:`2022-42895`, :cve_nist:`2022-42896`, :cve_nist:`2022-43750`, :cve_nist:`2022-4378`, :cve_nist:`2022-4379`, :cve_nist:`2022-4382`, :cve_nist:`2022-43945`, :cve_nist:`2022-45869`, :cve_nist:`2022-45886`, :cve_nist:`2022-45887`, :cve_nist:`2022-45919`, :cve_nist:`2022-45934`, :cve_nist:`2022-4662`, :cve_nist:`2022-4696`, :cve_nist:`2022-4744`, :cve_nist:`2022-47518`, :cve_nist:`2022-47519`, :cve_nist:`2022-47520`, :cve_nist:`2022-47521`, :cve_nist:`2022-47929`, :cve_nist:`2022-47938`, :cve_nist:`2022-47939`, :cve_nist:`2022-47940`, :cve_nist:`2022-47941`, :cve_nist:`2022-47942`, :cve_nist:`2022-47943`, :cve_nist:`2022-47946`, :cve_nist:`2022-4842`, :cve_nist:`2022-48423`, :cve_nist:`2022-48424`, :cve_nist:`2022-48425`, :cve_nist:`2022-48502`, :cve_nist:`2023-0030`, :cve_nist:`2023-0045`, :cve_nist:`2023-0047`, :cve_nist:`2023-0122`, :cve_nist:`2023-0160`, :cve_nist:`2023-0179`, :cve_nist:`2023-0210`, :cve_nist:`2023-0240`, :cve_nist:`2023-0266`, :cve_nist:`2023-0386`, :cve_nist:`2023-0394`, :cve_nist:`2023-0458`, :cve_nist:`2023-0459`, :cve_nist:`2023-0461`, :cve_nist:`2023-0468`, :cve_nist:`2023-0469`, :cve_nist:`2023-0590`, :cve_nist:`2023-0615`, :cve_mitre:`2023-1032`, :cve_nist:`2023-1073`, :cve_nist:`2023-1074`, :cve_nist:`2023-1076`, :cve_nist:`2023-1077`, :cve_nist:`2023-1078`, :cve_nist:`2023-1079`, :cve_nist:`2023-1095`, :cve_nist:`2023-1118`, :cve_nist:`2023-1192`, :cve_nist:`2023-1194`, :cve_nist:`2023-1195`, :cve_nist:`2023-1206`, :cve_nist:`2023-1249`, :cve_nist:`2023-1252`, :cve_nist:`2023-1281`, :cve_nist:`2023-1295`, :cve_nist:`2023-1380`, :cve_nist:`2023-1382`, :cve_nist:`2023-1390`, :cve_nist:`2023-1513`, :cve_nist:`2023-1582`, :cve_nist:`2023-1583`, :cve_nist:`2023-1611`, :cve_nist:`2023-1637`, :cve_nist:`2023-1652`, :cve_nist:`2023-1670`, :cve_nist:`2023-1829`, :cve_nist:`2023-1838`, :cve_nist:`2023-1855`, :cve_nist:`2023-1859`, :cve_nist:`2023-1872`, :cve_nist:`2023-1989`, :cve_nist:`2023-1990`, :cve_nist:`2023-1998`, :cve_nist:`2023-2002`, :cve_nist:`2023-2006`, :cve_nist:`2023-2007`, :cve_nist:`2023-2008`, :cve_nist:`2023-2019`, :cve_nist:`2023-20569`, :cve_nist:`2023-20588`, :cve_nist:`2023-20593`, :cve_nist:`2023-20928`, :cve_nist:`2023-20938`, :cve_nist:`2023-21102`, :cve_nist:`2023-21106`, :cve_nist:`2023-2124`, :cve_nist:`2023-21255`, :cve_nist:`2023-2156`, :cve_nist:`2023-2162`, :cve_nist:`2023-2163`, :cve_nist:`2023-2166`, :cve_nist:`2023-2177`, :cve_nist:`2023-2194`, :cve_nist:`2023-2235`, :cve_nist:`2023-2236`, :cve_nist:`2023-2248`, :cve_nist:`2023-2269`, :cve_nist:`2023-22995`, :cve_nist:`2023-22996`, :cve_nist:`2023-22997`, :cve_nist:`2023-22998`, :cve_nist:`2023-22999`, :cve_nist:`2023-23000`, :cve_nist:`2023-23001`, :cve_nist:`2023-23002`, :cve_nist:`2023-23003`, :cve_nist:`2023-23004`, :cve_nist:`2023-23006`, :cve_nist:`2023-23454`, :cve_nist:`2023-23455`, :cve_nist:`2023-23559`, :cve_nist:`2023-23586`, :cve_nist:`2023-2430`, :cve_nist:`2023-2483`, :cve_nist:`2023-25012`, :cve_nist:`2023-2513`, :cve_nist:`2023-25775`, :cve_nist:`2023-2598`, :cve_nist:`2023-26544`, :cve_nist:`2023-26545`, :cve_nist:`2023-26605`, :cve_nist:`2023-26606`, :cve_nist:`2023-26607`, :cve_nist:`2023-28327`, :cve_nist:`2023-28328`, :cve_nist:`2023-28410`, :cve_nist:`2023-28464`, :cve_nist:`2023-28466`, :cve_nist:`2023-2860`, :cve_nist:`2023-28772`, :cve_nist:`2023-28866`, :cve_nist:`2023-2898`, :cve_nist:`2023-2985`, :cve_nist:`2023-3006`, :cve_nist:`2023-30456`, :cve_nist:`2023-30772`, :cve_nist:`2023-3090`, :cve_nist:`2023-3106`, :cve_nist:`2023-3111`, :cve_nist:`2023-3117`, :cve_nist:`2023-31248`, :cve_nist:`2023-3141`, :cve_nist:`2023-31436`, :cve_nist:`2023-3159`, :cve_nist:`2023-3161`, :cve_nist:`2023-3212`, :cve_nist:`2023-3220`, :cve_nist:`2023-32233`, :cve_nist:`2023-32247`, :cve_nist:`2023-32248`, :cve_nist:`2023-32250`, :cve_nist:`2023-32252`, :cve_nist:`2023-32254`, :cve_nist:`2023-32257`, :cve_nist:`2023-32258`, :cve_nist:`2023-32269`, :cve_nist:`2023-3268`, :cve_nist:`2023-3269`, :cve_nist:`2023-3312`, :cve_nist:`2023-3317`, :cve_nist:`2023-33203`, :cve_nist:`2023-33250`, :cve_nist:`2023-33288`, :cve_nist:`2023-3338`, :cve_nist:`2023-3355`, :cve_nist:`2023-3357`, :cve_nist:`2023-3358`, :cve_nist:`2023-3359`, :cve_nist:`2023-3389`, :cve_nist:`2023-3390`, :cve_nist:`2023-33951`, :cve_nist:`2023-33952`, :cve_nist:`2023-34255`, :cve_nist:`2023-34256`, :cve_nist:`2023-34319`, :cve_nist:`2023-3439`, :cve_nist:`2023-35001`, :cve_nist:`2023-3567`, :cve_nist:`2023-35788`, :cve_nist:`2023-35823`, :cve_nist:`2023-35824`, :cve_nist:`2023-35826`, :cve_nist:`2023-35828`, :cve_nist:`2023-35829`, :cve_nist:`2023-3609`, :cve_nist:`2023-3610`, :cve_nist:`2023-3611`, :cve_nist:`2023-37453`, :cve_nist:`2023-3772`, :cve_nist:`2023-3773`, :cve_nist:`2023-3776`, :cve_nist:`2023-3777`, :cve_nist:`2023-3812`, :cve_nist:`2023-38409`, :cve_nist:`2023-38426`, :cve_nist:`2023-38427`, :cve_nist:`2023-38428`, :cve_nist:`2023-38429`, :cve_nist:`2023-38430`, :cve_nist:`2023-38431`, :cve_nist:`2023-38432`, :cve_nist:`2023-3863`, :cve_mitre:`2023-3865`, :cve_mitre:`2023-3866`, :cve_mitre:`2023-3867`, :cve_nist:`2023-4004`, :cve_nist:`2023-4015`, :cve_nist:`2023-40283`, :cve_nist:`2023-4128`, :cve_nist:`2023-4132`, :cve_nist:`2023-4147`, :cve_nist:`2023-4155`, :cve_nist:`2023-4194`, :cve_nist:`2023-4206`, :cve_nist:`2023-4207`, :cve_nist:`2023-4208`, :cve_nist:`2023-4273`, :cve_nist:`2023-42752`, :cve_nist:`2023-42753`, :cve_nist:`2023-4385`, :cve_nist:`2023-4387`, :cve_nist:`2023-4389`, :cve_nist:`2023-4394`, :cve_nist:`2023-4459`, :cve_nist:`2023-4569`, :cve_nist:`2023-4611` and :cve_nist:`2023-4623`
+-  nghttp2: Fix :cve_nist:`2023-35945`
+-  openssl: Fix :cve_nist:`2023-2975`, :cve_nist:`2023-3446`, :cve_nist:`2023-3817`, :cve_nist:`2023-4807` and :cve_nist:`2023-5363`
+-  pixman: Ignore :cve_nist:`2023-37769`
+-  procps: Fix :cve_nist:`2023-4016`
+-  python3-git: Fix :cve_nist:`2023-40267`, :cve_nist:`2023-40590` and :cve_nist:`2023-41040`
+-  python3-pygments: Fix :cve_nist:`2022-40896`
+-  python3-urllib3: Fix :cve_nist:`2023-43804` and :cve_nist:`2023-45803`
+-  python3: Fix :cve_nist:`2023-24329` and :cve_nist:`2023-40217`
+-  qemu: Fix :cve_nist:`2023-3180`, :cve_nist:`2023-3354` and :cve_nist:`2023-42467`
+-  qemu: Ignore :cve_nist:`2023-2680`
+-  screen: Fix :cve_nist:`2023-24626`
 -  shadow: Fix :cve_mitre:`2023-4641`
--  tiff: Fix :cve:`2023-40745` and :cve:`2023-41175`
--  vim: Fix :cve:`2023-3896`, :cve:`2023-4733`, :cve:`2023-4734`, :cve:`2023-4735`, :cve:`2023-4736`, :cve:`2023-4738`, :cve:`2023-4750`, :cve:`2023-4752`, :cve:`2023-4781`, :cve:`2023-5441` and :cve:`2023-5535`
--  webkitgtk: Fix :cve:`2023-32435` and :cve:`2023-32439`
--  xserver-xorg: Fix :cve:`2023-5367` and :cve:`2023-5380`
+-  tiff: Fix :cve_nist:`2023-40745` and :cve_nist:`2023-41175`
+-  vim: Fix :cve_nist:`2023-3896`, :cve_nist:`2023-4733`, :cve_nist:`2023-4734`, :cve_nist:`2023-4735`, :cve_nist:`2023-4736`, :cve_nist:`2023-4738`, :cve_nist:`2023-4750`, :cve_nist:`2023-4752`, :cve_nist:`2023-4781`, :cve_nist:`2023-5441` and :cve_nist:`2023-5535`
+-  webkitgtk: Fix :cve_nist:`2023-32435` and :cve_nist:`2023-32439`
+-  xserver-xorg: Fix :cve_nist:`2023-5367` and :cve_nist:`2023-5380`
 
 
 Fixes in Yocto-4.2.4
diff --git a/documentation/migration-guides/release-notes-4.2.rst b/documentation/migration-guides/release-notes-4.2.rst
index 30049b89f6..81a052b413 100644
--- a/documentation/migration-guides/release-notes-4.2.rst
+++ b/documentation/migration-guides/release-notes-4.2.rst
@@ -348,39 +348,39 @@ The following corrections have been made to the :term:`LICENSE` values set by re
 Security Fixes in 4.2
 ~~~~~~~~~~~~~~~~~~~~~
 
-- binutils: :cve:`2022-4285`, :cve_mitre:`2023-25586`
-- curl: :cve:`2022-32221`, :cve:`2022-35260`, :cve:`2022-42915`, :cve:`2022-42916`
-- epiphany: :cve:`2023-26081`
-- expat: :cve:`2022-43680`
-- ffmpeg: :cve:`2022-3964`, :cve:`2022-3965`
-- git: :cve:`2022-39260`, :cve:`2022-41903`, :cve:`2022-23521`, :cve:`2022-41953` (ignored)
-- glibc: :cve:`2023-25139` (ignored)
-- go: :cve:`2023-24532`, :cve:`2023-24537`
-- grub2: :cve:`2022-2601`, :cve:`2022-3775`, :cve_mitre:`2022-28736`
-- inetutils: :cve:`2019-0053`
-- less: :cve:`2022-46663`
-- libarchive: :cve:`2022-36227`
-- libinput: :cve:`2022-1215`
-- libpam: :cve:`2022-28321`
-- libpng: :cve:`2019-6129`
-- libx11: :cve:`2022-3554`
-- openssh: :cve:`2023-28531`
-- openssl: :cve:`2022-3358`, :cve:`2022-3786`, :cve:`2022-3602`, :cve:`2022-3996`, :cve:`2023-0286`, :cve:`2022-4304`, :cve:`2022-4203`, :cve:`2023-0215`, :cve:`2022-4450`, :cve:`2023-0216`, :cve:`2023-0217`, :cve:`2023-0401`, :cve:`2023-0464`
-- ppp: :cve:`2022-4603`
-- python3-cryptography{-vectors}: :cve:`2022-3602`, :cve:`2022-3786`, :cve:`2023-23931`
+- binutils: :cve_nist:`2022-4285`, :cve_mitre:`2023-25586`
+- curl: :cve_nist:`2022-32221`, :cve_nist:`2022-35260`, :cve_nist:`2022-42915`, :cve_nist:`2022-42916`
+- epiphany: :cve_nist:`2023-26081`
+- expat: :cve_nist:`2022-43680`
+- ffmpeg: :cve_nist:`2022-3964`, :cve_nist:`2022-3965`
+- git: :cve_nist:`2022-39260`, :cve_nist:`2022-41903`, :cve_nist:`2022-23521`, :cve_nist:`2022-41953` (ignored)
+- glibc: :cve_nist:`2023-25139` (ignored)
+- go: :cve_nist:`2023-24532`, :cve_nist:`2023-24537`
+- grub2: :cve_nist:`2022-2601`, :cve_nist:`2022-3775`, :cve_mitre:`2022-28736`
+- inetutils: :cve_nist:`2019-0053`
+- less: :cve_nist:`2022-46663`
+- libarchive: :cve_nist:`2022-36227`
+- libinput: :cve_nist:`2022-1215`
+- libpam: :cve_nist:`2022-28321`
+- libpng: :cve_nist:`2019-6129`
+- libx11: :cve_nist:`2022-3554`
+- openssh: :cve_nist:`2023-28531`
+- openssl: :cve_nist:`2022-3358`, :cve_nist:`2022-3786`, :cve_nist:`2022-3602`, :cve_nist:`2022-3996`, :cve_nist:`2023-0286`, :cve_nist:`2022-4304`, :cve_nist:`2022-4203`, :cve_nist:`2023-0215`, :cve_nist:`2022-4450`, :cve_nist:`2023-0216`, :cve_nist:`2023-0217`, :cve_nist:`2023-0401`, :cve_nist:`2023-0464`
+- ppp: :cve_nist:`2022-4603`
+- python3-cryptography{-vectors}: :cve_nist:`2022-3602`, :cve_nist:`2022-3786`, :cve_nist:`2023-23931`
 - python3: :cve_mitre:`2022-37460`
-- qemu: :cve:`2022-3165`
-- rust: :cve:`2022-46176`
-- rxvt-unicode: :cve:`2022-4170`
-- screen: :cve:`2023-24626`
-- shadow: :cve:`2023-29383`, :cve:`2016-15024` (ignored)
-- sudo: :cve:`2022-43995`
-- systemd: :cve:`2022-4415` (ignored)
-- tar: :cve:`2022-48303`
-- tiff: :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570`, :cve:`2022-3598`, :cve:`2022-3970`, :cve:`2022-48281`
-- vim: :cve:`2022-3352`, :cve:`2022-4141`, :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054`, :cve:`2023-0288`, :cve:`2023-1127`, :cve:`2023-1170`, :cve:`2023-1175`, :cve:`2023-1127`, :cve:`2023-1170`, :cve:`2023-1175`, :cve:`2023-1264`, :cve:`2023-1355`, :cve:`2023-0433`, :cve:`2022-47024`, :cve:`2022-3705`
-- xdg-utils: :cve:`2022-4055`
-- xserver-xorg: :cve:`2022-3550`, :cve:`2022-3551`, :cve:`2023-1393`, :cve:`2023-0494`, :cve:`2022-3553` (ignored)
+- qemu: :cve_nist:`2022-3165`
+- rust: :cve_nist:`2022-46176`
+- rxvt-unicode: :cve_nist:`2022-4170`
+- screen: :cve_nist:`2023-24626`
+- shadow: :cve_nist:`2023-29383`, :cve_nist:`2016-15024` (ignored)
+- sudo: :cve_nist:`2022-43995`
+- systemd: :cve_nist:`2022-4415` (ignored)
+- tar: :cve_nist:`2022-48303`
+- tiff: :cve_nist:`2022-3599`, :cve_nist:`2022-3597`, :cve_nist:`2022-3626`, :cve_nist:`2022-3627`, :cve_nist:`2022-3570`, :cve_nist:`2022-3598`, :cve_nist:`2022-3970`, :cve_nist:`2022-48281`
+- vim: :cve_nist:`2022-3352`, :cve_nist:`2022-4141`, :cve_nist:`2023-0049`, :cve_nist:`2023-0051`, :cve_nist:`2023-0054`, :cve_nist:`2023-0288`, :cve_nist:`2023-1127`, :cve_nist:`2023-1170`, :cve_nist:`2023-1175`, :cve_nist:`2023-1127`, :cve_nist:`2023-1170`, :cve_nist:`2023-1175`, :cve_nist:`2023-1264`, :cve_nist:`2023-1355`, :cve_nist:`2023-0433`, :cve_nist:`2022-47024`, :cve_nist:`2022-3705`
+- xdg-utils: :cve_nist:`2022-4055`
+- xserver-xorg: :cve_nist:`2022-3550`, :cve_nist:`2022-3551`, :cve_nist:`2023-1393`, :cve_nist:`2023-0494`, :cve_nist:`2022-3553` (ignored)
 
 Recipe Upgrades in 4.2
 ~~~~~~~~~~~~~~~~~~~~~~
diff --git a/documentation/migration-guides/release-notes-4.3.1.rst b/documentation/migration-guides/release-notes-4.3.1.rst
index cea9c538a2..afde1e7942 100644
--- a/documentation/migration-guides/release-notes-4.3.1.rst
+++ b/documentation/migration-guides/release-notes-4.3.1.rst
@@ -6,14 +6,14 @@ Release notes for Yocto-4.3.1 (Nanbield)
 Security Fixes in Yocto-4.3.1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  libsndfile1: Fix :cve:`2022-33065`
--  libxml2: Ignore :cve:`2023-45322`
--  linux-yocto/6.1: Ignore :cve:`2020-27418`, :cve:`2023-31085`, :cve_mitre:`2023-34324`, :cve:`2023-39189`, :cve:`2023-39192`, :cve:`2023-39193`, :cve:`2023-39194`, :cve:`2023-4244`, :cve:`2023-42754`, :cve:`2023-42756`, :cve:`2023-44466`, :cve:`2023-4563`, :cve:`2023-45862`, :cve:`2023-45863`, :cve:`2023-45871`, :cve:`2023-45898`, :cve:`2023-4732`, :cve:`2023-5158`, :cve:`2023-5197` and :cve:`2023-5345`
--  linux-yocto/6.5: Ignore :cve:`2020-27418`, :cve:`2023-1193`, :cve:`2023-39191`, :cve:`2023-39194`, :cve:`2023-40791`, :cve:`2023-44466`, :cve:`2023-45862`, :cve:`2023-45863`, :cve:`2023-4610` and :cve:`2023-4732`
--  openssl: Fix :cve:`2023-5363`
--  pixman: Ignore :cve:`2023-37769`
--  vim: Fix :cve:`2023-46246`
--  zlib: Ignore :cve:`2023-45853`
+-  libsndfile1: Fix :cve_nist:`2022-33065`
+-  libxml2: Ignore :cve_nist:`2023-45322`
+-  linux-yocto/6.1: Ignore :cve_nist:`2020-27418`, :cve_nist:`2023-31085`, :cve_mitre:`2023-34324`, :cve_nist:`2023-39189`, :cve_nist:`2023-39192`, :cve_nist:`2023-39193`, :cve_nist:`2023-39194`, :cve_nist:`2023-4244`, :cve_nist:`2023-42754`, :cve_nist:`2023-42756`, :cve_nist:`2023-44466`, :cve_nist:`2023-4563`, :cve_nist:`2023-45862`, :cve_nist:`2023-45863`, :cve_nist:`2023-45871`, :cve_nist:`2023-45898`, :cve_nist:`2023-4732`, :cve_nist:`2023-5158`, :cve_nist:`2023-5197` and :cve_nist:`2023-5345`
+-  linux-yocto/6.5: Ignore :cve_nist:`2020-27418`, :cve_nist:`2023-1193`, :cve_nist:`2023-39191`, :cve_nist:`2023-39194`, :cve_nist:`2023-40791`, :cve_nist:`2023-44466`, :cve_nist:`2023-45862`, :cve_nist:`2023-45863`, :cve_nist:`2023-4610` and :cve_nist:`2023-4732`
+-  openssl: Fix :cve_nist:`2023-5363`
+-  pixman: Ignore :cve_nist:`2023-37769`
+-  vim: Fix :cve_nist:`2023-46246`
+-  zlib: Ignore :cve_nist:`2023-45853`
 
 
 Fixes in Yocto-4.3.1
diff --git a/documentation/migration-guides/release-notes-4.3.2.rst b/documentation/migration-guides/release-notes-4.3.2.rst
index 3a40d83bc2..c32cd83b2a 100644
--- a/documentation/migration-guides/release-notes-4.3.2.rst
+++ b/documentation/migration-guides/release-notes-4.3.2.rst
@@ -6,19 +6,19 @@ Release notes for Yocto-4.3.2 (Nanbield)
 Security Fixes in Yocto-4.3.2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  avahi: Fix :cve:`2023-1981`, :cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`, :cve:`2023-38472` and :cve:`2023-38473`
--  curl: Fix :cve:`2023-46218`
--  ghostscript: Fix :cve:`2023-46751`
--  grub: fix :cve:`2023-4692` and :cve:`2023-4693`
+-  avahi: Fix :cve_nist:`2023-1981`, :cve_nist:`2023-38469`, :cve_nist:`2023-38470`, :cve_nist:`2023-38471`, :cve_nist:`2023-38472` and :cve_nist:`2023-38473`
+-  curl: Fix :cve_nist:`2023-46218`
+-  ghostscript: Fix :cve_nist:`2023-46751`
+-  grub: fix :cve_nist:`2023-4692` and :cve_nist:`2023-4693`
 -  gstreamer1.0: Fix :cve_mitre:`2023-44446`
--  linux-yocto/6.1: Ignore :cve_mitre:`2023-39197`, :cve:`2023-39198`, :cve:`2023-5090`, :cve:`2023-5633`, :cve:`2023-6111`, :cve:`2023-6121` and :cve:`2023-6176`
--  linux-yocto/6.5: Ignore :cve:`2022-44034`, :cve_mitre:`2023-39197`, :cve:`2023-39198`, :cve:`2023-5972`, :cve:`2023-6039`, :cve:`2023-6111` and :cve:`2023-6176`
--  perl: fix :cve:`2023-47100`
--  python3-urllib3: Fix :cve:`2023-45803`
--  rust: Fix :cve:`2023-40030`
--  vim: Fix :cve:`2023-48231`, :cve:`2023-48232`, :cve:`2023-48233`, :cve:`2023-48234`, :cve:`2023-48235`, :cve:`2023-48236` and :cve:`2023-48237`
--  xserver-xorg: Fix :cve:`2023-5367` and :cve:`2023-5380`
--  xwayland: Fix :cve:`2023-5367`
+-  linux-yocto/6.1: Ignore :cve_mitre:`2023-39197`, :cve_nist:`2023-39198`, :cve_nist:`2023-5090`, :cve_nist:`2023-5633`, :cve_nist:`2023-6111`, :cve_nist:`2023-6121` and :cve_nist:`2023-6176`
+-  linux-yocto/6.5: Ignore :cve_nist:`2022-44034`, :cve_mitre:`2023-39197`, :cve_nist:`2023-39198`, :cve_nist:`2023-5972`, :cve_nist:`2023-6039`, :cve_nist:`2023-6111` and :cve_nist:`2023-6176`
+-  perl: fix :cve_nist:`2023-47100`
+-  python3-urllib3: Fix :cve_nist:`2023-45803`
+-  rust: Fix :cve_nist:`2023-40030`
+-  vim: Fix :cve_nist:`2023-48231`, :cve_nist:`2023-48232`, :cve_nist:`2023-48233`, :cve_nist:`2023-48234`, :cve_nist:`2023-48235`, :cve_nist:`2023-48236` and :cve_nist:`2023-48237`
+-  xserver-xorg: Fix :cve_nist:`2023-5367` and :cve_nist:`2023-5380`
+-  xwayland: Fix :cve_nist:`2023-5367`
 
 
 Fixes in Yocto-4.3.2
diff --git a/documentation/migration-guides/release-notes-4.3.3.rst b/documentation/migration-guides/release-notes-4.3.3.rst
index 2a0658a9c9..d30f4f5c2d 100644
--- a/documentation/migration-guides/release-notes-4.3.3.rst
+++ b/documentation/migration-guides/release-notes-4.3.3.rst
@@ -6,17 +6,17 @@ Release notes for Yocto-4.3.3 (Nanbield)
 Security Fixes in Yocto-4.3.3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  curl: Fix :cve:`2023-46219`
--  glibc: Ignore fixed :cve:`2023-0687` and :cve:`2023-5156`
--  linux-yocto/6.1: Ignore :cve:`2022-48619`, :cve:`2023-4610`, :cve:`2023-5178`, :cve:`2023-5972`, :cve:`2023-6040`, :cve:`2023-6531`, :cve:`2023-6546`, :cve:`2023-6622`, :cve:`2023-6679`, :cve:`2023-6817`, :cve:`2023-6931`, :cve:`2023-6932`, :cve:`2023-7192`, :cve:`2024-0193` and :cve:`2024-0443`
--  linux-yocto/6.1: Fix :cve:`2023-1193`, :cve_mitre:`2023-51779`, :cve:`2023-51780`, :cve:`2023-51781`, :cve:`2023-51782` and :cve:`2023-6606`
--  qemu: Fix :cve:`2023-3019`
--  shadow: Fix :cve:`2023-4641`
--  sqlite3: Fix :cve:`2024-0232`
--  sqlite3: drop obsolete CVE ignore :cve:`2023-36191`
--  sudo: Fix :cve:`2023-42456` and :cve:`2023-42465`
--  tiff: Fix :cve:`2023-6277`
--  xwayland: Fix :cve:`2023-6377` and :cve:`2023-6478`
+-  curl: Fix :cve_nist:`2023-46219`
+-  glibc: Ignore fixed :cve_nist:`2023-0687` and :cve_nist:`2023-5156`
+-  linux-yocto/6.1: Ignore :cve_nist:`2022-48619`, :cve_nist:`2023-4610`, :cve_nist:`2023-5178`, :cve_nist:`2023-5972`, :cve_nist:`2023-6040`, :cve_nist:`2023-6531`, :cve_nist:`2023-6546`, :cve_nist:`2023-6622`, :cve_nist:`2023-6679`, :cve_nist:`2023-6817`, :cve_nist:`2023-6931`, :cve_nist:`2023-6932`, :cve_nist:`2023-7192`, :cve_nist:`2024-0193` and :cve_nist:`2024-0443`
+-  linux-yocto/6.1: Fix :cve_nist:`2023-1193`, :cve_mitre:`2023-51779`, :cve_nist:`2023-51780`, :cve_nist:`2023-51781`, :cve_nist:`2023-51782` and :cve_nist:`2023-6606`
+-  qemu: Fix :cve_nist:`2023-3019`
+-  shadow: Fix :cve_nist:`2023-4641`
+-  sqlite3: Fix :cve_nist:`2024-0232`
+-  sqlite3: drop obsolete CVE ignore :cve_nist:`2023-36191`
+-  sudo: Fix :cve_nist:`2023-42456` and :cve_nist:`2023-42465`
+-  tiff: Fix :cve_nist:`2023-6277`
+-  xwayland: Fix :cve_nist:`2023-6377` and :cve_nist:`2023-6478`
 
 
 Fixes in Yocto-4.3.3
diff --git a/documentation/migration-guides/release-notes-4.3.4.rst b/documentation/migration-guides/release-notes-4.3.4.rst
index 4c9e67f2cb..b725ace369 100644
--- a/documentation/migration-guides/release-notes-4.3.4.rst
+++ b/documentation/migration-guides/release-notes-4.3.4.rst
@@ -6,23 +6,23 @@ Release notes for Yocto-4.3.4 (Nanbield)
 Security Fixes in Yocto-4.3.4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bind: Fix :cve:`2023-4408`, :cve:`2023-5517`, :cve:`2023-5679` and :cve:`2023-50387`
--  gcc: Update :term:`CVE_STATUS` for :cve:`2023-4039` as fixed
--  glibc: Fix :cve:`2023-6246`, :cve:`2023-6779` and :cve:`2023-6780`
--  gnutls: Fix :cve:`2024-0553` and :cve:`2024-0567`
+-  bind: Fix :cve_nist:`2023-4408`, :cve_nist:`2023-5517`, :cve_nist:`2023-5679` and :cve_nist:`2023-50387`
+-  gcc: Update :term:`CVE_STATUS` for :cve_nist:`2023-4039` as fixed
+-  glibc: Fix :cve_nist:`2023-6246`, :cve_nist:`2023-6779` and :cve_nist:`2023-6780`
+-  gnutls: Fix :cve_nist:`2024-0553` and :cve_nist:`2024-0567`
 -  gstreamer: Fix :cve_mitre:`2024-0444`
--  libssh2: fix :cve:`2023-48795`
--  libxml2: Fix :cve:`2024-25062`
--  linux-yocto/6.1: Fix :cve:`2023-6610`, :cve:`2023-6915`, :cve:`2023-46838`, :cve:`2023-50431`, :cve:`2024-1085`, :cve:`2024-1086` and :cve:`2024-23849`
--  linux-yocto/6.1: Ignore :cve:`2021-33630`, :cve:`2021-33631`, :cve:`2022-36402`, :cve:`2023-5717`, :cve:`2023-6200`, :cve:`2023-35827`, :cve:`2023-40791`, :cve:`2023-46343`, :cve:`2023-46813`, :cve:`2023-46862`, :cve:`2023-51042`, :cve:`2023-51043`, :cve_mitre:`2023-52340`, :cve:`2024-0562`, :cve:`2024-0565`, :cve:`2024-0582`, :cve:`2024-0584`, :cve:`2024-0607`, :cve:`2024-0639`, :cve:`2024-0641`, :cve:`2024-0646`, :cve:`2024-0775` and :cve:`2024-22705`
--  openssl: fix :cve:`2024-0727`
--  python3-jinja2: Fix :cve:`2024-22195`
--  tiff: Fix :cve:`2023-6228`, :cve:`2023-52355` and :cve:`2023-52356`
--  vim: Fix :cve:`2024-22667`
--  wpa-supplicant: Fix :cve:`2023-52160`
--  xserver-xorg: Fix :cve:`2023-6377`, :cve:`2023-6478`, :cve:`2023-6816`, :cve:`2024-0229`, :cve:`2024-0408`, :cve:`2024-0409`, :cve:`2024-21885` and :cve:`2024-21886`
--  xwayland: Fix :cve:`2023-6816`, :cve:`2024-0408` and :cve:`2024-0409`
--  zlib: Ignore :cve:`2023-6992`
+-  libssh2: fix :cve_nist:`2023-48795`
+-  libxml2: Fix :cve_nist:`2024-25062`
+-  linux-yocto/6.1: Fix :cve_nist:`2023-6610`, :cve_nist:`2023-6915`, :cve_nist:`2023-46838`, :cve_nist:`2023-50431`, :cve_nist:`2024-1085`, :cve_nist:`2024-1086` and :cve_nist:`2024-23849`
+-  linux-yocto/6.1: Ignore :cve_nist:`2021-33630`, :cve_nist:`2021-33631`, :cve_nist:`2022-36402`, :cve_nist:`2023-5717`, :cve_nist:`2023-6200`, :cve_nist:`2023-35827`, :cve_nist:`2023-40791`, :cve_nist:`2023-46343`, :cve_nist:`2023-46813`, :cve_nist:`2023-46862`, :cve_nist:`2023-51042`, :cve_nist:`2023-51043`, :cve_mitre:`2023-52340`, :cve_nist:`2024-0562`, :cve_nist:`2024-0565`, :cve_nist:`2024-0582`, :cve_nist:`2024-0584`, :cve_nist:`2024-0607`, :cve_nist:`2024-0639`, :cve_nist:`2024-0641`, :cve_nist:`2024-0646`, :cve_nist:`2024-0775` and :cve_nist:`2024-22705`
+-  openssl: fix :cve_nist:`2024-0727`
+-  python3-jinja2: Fix :cve_nist:`2024-22195`
+-  tiff: Fix :cve_nist:`2023-6228`, :cve_nist:`2023-52355` and :cve_nist:`2023-52356`
+-  vim: Fix :cve_nist:`2024-22667`
+-  wpa-supplicant: Fix :cve_nist:`2023-52160`
+-  xserver-xorg: Fix :cve_nist:`2023-6377`, :cve_nist:`2023-6478`, :cve_nist:`2023-6816`, :cve_nist:`2024-0229`, :cve_nist:`2024-0408`, :cve_nist:`2024-0409`, :cve_nist:`2024-21885` and :cve_nist:`2024-21886`
+-  xwayland: Fix :cve_nist:`2023-6816`, :cve_nist:`2024-0408` and :cve_nist:`2024-0409`
+-  zlib: Ignore :cve_nist:`2023-6992`
 
 
 Fixes in Yocto-4.3.4
@@ -59,7 +59,7 @@ Fixes in Yocto-4.3.4
 -  docs: use "manual page(s)"
 -  docs: Makefile: remove releases.rst in "make clean"
 -  externalsrc: fix task dependency for do_populate_lic
--  glibc: Remove duplicate :term:`CVE_STATUS` for :cve:`2023-4527`
+-  glibc: Remove duplicate :term:`CVE_STATUS` for :cve_nist:`2023-4527`
 -  glibc: stable 2.38 branch updates (2.38+gitd37c2b20a4)
 -  gnutls: Upgrade to 3.8.3
 -  gstreamer1.0: skip a test that is known to be flaky
diff --git a/documentation/migration-guides/release-notes-4.3.rst b/documentation/migration-guides/release-notes-4.3.rst
index 0e175067da..0103ac985e 100644
--- a/documentation/migration-guides/release-notes-4.3.rst
+++ b/documentation/migration-guides/release-notes-4.3.rst
@@ -295,7 +295,7 @@ New Features / Enhancements in 4.3
    -  Generation of :term:`SPDX` manifests is now enabled by default.
 
    -  Git based recipes in OE-Core which used the ``git``  protocol have been
-      changed to use `https`` where possible, as it is typically faster and
+      changed to use ``https`` where possible, as it is typically faster and
       more reliable.
 
    -  The ``os-release`` recipe added a ``CPE_NAME`` to the fields provided, with the
@@ -337,47 +337,47 @@ The following corrections have been made to the :term:`LICENSE` values set by re
 Security Fixes in 4.3
 ~~~~~~~~~~~~~~~~~~~~~
 
--  bind: :cve:`2023-2911`, :cve:`2023-2828`, :cve:`2023-3341`, :cve:`2023-4236`
--  binutils: :cve:`2023-1972`
--  connman: :cve:`2023-28488`
--  cups: :cve:`2023-32324`, :cve:`2023-34241`, :cve:`2023-4504`
--  dbus: :cve:`2023-34969`
--  dmidecode: :cve:`2023-30630`
--  dropbear: :cve:`2023-36328`
--  erofs-utils: :cve:`2023-33551`, :cve:`2023-33552`
--  gcc: :cve:`2023-4039`
--  ghostscript: :cve:`2023-28879`, :cve:`2023-36664`, :cve:`2023-38559;` ignore :cve:`2023-38560`
--  git: :cve:`2023-25652`, :cve:`2023-29007`
--  glibc: :cve:`2023-4527`, :cve:`2023-4806`
--  go: :cve:`2023-24537`, :cve:`2023-39325`
--  gstreamer: :cve:`2023-40475`, :cve:`2023-40476`
--  inetutils: :cve:`2023-40303`
--  libarchive: ignore :cve:`2023-30571`
--  librsvg: :cve:`2023-38633`
--  libwebp: :cve:`2023-1999`, :cve:`2023-4863`
--  libx11: :cve:`2023-3138`, :cve:`2023-43785`, :cve:`2023-43786`, :cve:`2023-43787`
--  libxml2: :cve:`2023-28484`, :cve:`2023-29469;` ignore disputed :cve:`2023-45322`
--  libxpm: :cve:`2023-43788`, :cve:`2023-43789`, :cve:`2022-44617`
+-  bind: :cve_nist:`2023-2911`, :cve_nist:`2023-2828`, :cve_nist:`2023-3341`, :cve_nist:`2023-4236`
+-  binutils: :cve_nist:`2023-1972`
+-  connman: :cve_nist:`2023-28488`
+-  cups: :cve_nist:`2023-32324`, :cve_nist:`2023-34241`, :cve_nist:`2023-4504`
+-  dbus: :cve_nist:`2023-34969`
+-  dmidecode: :cve_nist:`2023-30630`
+-  dropbear: :cve_nist:`2023-36328`
+-  erofs-utils: :cve_nist:`2023-33551`, :cve_nist:`2023-33552`
+-  gcc: :cve_nist:`2023-4039`
+-  ghostscript: :cve_nist:`2023-28879`, :cve_nist:`2023-36664`, :cve_nist:`2023-38559;` ignore :cve_nist:`2023-38560`
+-  git: :cve_nist:`2023-25652`, :cve_nist:`2023-29007`
+-  glibc: :cve_nist:`2023-4527`, :cve_nist:`2023-4806`
+-  go: :cve_nist:`2023-24537`, :cve_nist:`2023-39325`
+-  gstreamer: :cve_nist:`2023-40475`, :cve_nist:`2023-40476`
+-  inetutils: :cve_nist:`2023-40303`
+-  libarchive: ignore :cve_nist:`2023-30571`
+-  librsvg: :cve_nist:`2023-38633`
+-  libwebp: :cve_nist:`2023-1999`, :cve_nist:`2023-4863`
+-  libx11: :cve_nist:`2023-3138`, :cve_nist:`2023-43785`, :cve_nist:`2023-43786`, :cve_nist:`2023-43787`
+-  libxml2: :cve_nist:`2023-28484`, :cve_nist:`2023-29469;` ignore disputed :cve_nist:`2023-45322`
+-  libxpm: :cve_nist:`2023-43788`, :cve_nist:`2023-43789`, :cve_nist:`2022-44617`
 -  linux: update CVE exclusions
--  ncurses: :cve:`2023-29491`
--  nghttp2: :cve:`2023-44487`
--  ninja: ignore :cve:`2021-4336`, wrong ninja
--  openssh: :cve:`2023-38408`
--  openssl: :cve:`2023-2650`, :cve:`2023-1255`, :cve:`2023-0466`, :cve:`2023-0465`, :cve:`2023-0464`, :cve:`2023-3817`, :cve:`2023-3446`, :cve:`2023-2975`, :cve:`2023-4807`
--  perl: :cve:`2023-31484`, :cve:`2023-31486`
--  pixman: ignore :cve:`2023-37769`
--  procps: :cve:`2023-4016`
--  python3-git: :cve:`2023-41040`
--  python3: ignore :cve:`2023-36632`
--  python3-urllib3: :cve:`2023-43804`
--  qemu: :cve:`2023-40360`, :cve:`2023-42467;` ignore :cve:`2023-0664` (Windows-specific), ignore :cve:`2023-2680` (RHEL specific)
--  screen: :cve:`2023-24626`
--  shadow: :cve:`2023-29383`
--  sqlite3: ignore :cve:`2023-36191`
--  sysstat: :cve:`2023-33204`
--  tiff: :cve:`2022-4645`, :cve:`2023-2731`, :cve:`2023-26965`, :cve:`2023-40745`, :cve:`2023-41175`
--  vim: :cve:`2023-2426`, :cve:`2023-2609`, :cve:`2023-2610`, :cve:`2023-3896`, :cve:`2023-5441`, :cve:`2023-5535`
--  zlib: ignore :cve:`2023-45853`
+-  ncurses: :cve_nist:`2023-29491`
+-  nghttp2: :cve_nist:`2023-44487`
+-  ninja: ignore :cve_nist:`2021-4336`, wrong ninja
+-  openssh: :cve_nist:`2023-38408`
+-  openssl: :cve_nist:`2023-2650`, :cve_nist:`2023-1255`, :cve_nist:`2023-0466`, :cve_nist:`2023-0465`, :cve_nist:`2023-0464`, :cve_nist:`2023-3817`, :cve_nist:`2023-3446`, :cve_nist:`2023-2975`, :cve_nist:`2023-4807`
+-  perl: :cve_nist:`2023-31484`, :cve_nist:`2023-31486`
+-  pixman: ignore :cve_nist:`2023-37769`
+-  procps: :cve_nist:`2023-4016`
+-  python3-git: :cve_nist:`2023-41040`
+-  python3: ignore :cve_nist:`2023-36632`
+-  python3-urllib3: :cve_nist:`2023-43804`
+-  qemu: :cve_nist:`2023-40360`, :cve_nist:`2023-42467;` ignore :cve_nist:`2023-0664` (Windows-specific), ignore :cve_nist:`2023-2680` (RHEL specific)
+-  screen: :cve_nist:`2023-24626`
+-  shadow: :cve_nist:`2023-29383`
+-  sqlite3: ignore :cve_nist:`2023-36191`
+-  sysstat: :cve_nist:`2023-33204`
+-  tiff: :cve_nist:`2022-4645`, :cve_nist:`2023-2731`, :cve_nist:`2023-26965`, :cve_nist:`2023-40745`, :cve_nist:`2023-41175`
+-  vim: :cve_nist:`2023-2426`, :cve_nist:`2023-2609`, :cve_nist:`2023-2610`, :cve_nist:`2023-3896`, :cve_nist:`2023-5441`, :cve_nist:`2023-5535`
+-  zlib: ignore :cve_nist:`2023-45853`
 
 
 Recipe Upgrades in 4.3
diff --git a/documentation/migration-guides/release-notes-5.0.10.rst b/documentation/migration-guides/release-notes-5.0.10.rst
new file mode 100644
index 0000000000..e9845aa315
--- /dev/null
+++ b/documentation/migration-guides/release-notes-5.0.10.rst
@@ -0,0 +1,208 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-5.0.10 (Scarthgap)
+------------------------------------------
+
+Security Fixes in Yocto-5.0.10
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: Fix :cve_nist:`2025-1153`, :cve_nist:`2025-1179`, :cve_nist:`2025-1180` and
+   :cve_nist:`2025-1182`
+-  connman: Fix :cve_nist:`2025-32366` and :cve_nist:`2025-32743`
+-  curl: Fix :cve_nist:`2024-11053` and :cve_nist:`2025-0167`
+-  elfutils: Fix :cve_nist:`2025-1371`
+-  ffmpeg: Fix :cve_nist:`2024-7055`, :cve_nist:`2024-32230`, :cve_nist:`2024-35366`,
+   :cve_nist:`2024-36613`, :cve_nist:`2024-36616`, :cve_nist:`2024-36617` and :cve_nist:`2024-36619`
+-  git: Fix :cve_nist:`2024-50349` and :cve_nist:`2024-52006`
+-  glib-2.0: fix :cve_nist:`2025-3360` and :cve_nist:`2025-4373`
+-  iputils: Fix :cve_nist:`2025-47268`
+-  libpam: Fix :cve_nist:`2024-10041`
+-  libsoup-2.4: Fix :cve_nist:`2024-52530`, :cve_nist:`2024-52531`, :cve_nist:`2024-52532`,
+   :cve_nist:`2025-32906`, :cve_nist:`2025-32909`, :cve_nist:`2025-32910`, :cve_nist:`2025-32911`,
+   :cve_nist:`2025-32912`, :cve_nist:`2025-32913`, :cve_nist:`2025-32914` and :cve_nist:`2025-46420`
+-  libsoup: Fix :cve_nist:`2025-4476`, :cve_nist:`2025-32906`, :cve_nist:`2025-32909`,
+   :cve_nist:`2025-32910`, :cve_nist:`2025-32911`, :cve_nist:`2025-32912`, :cve_nist:`2025-32913`,
+   :cve_nist:`2025-32914` and :cve_nist:`2025-46420`
+-  libxml2: Fix :cve_nist:`2025-32414` and :cve_nist:`2025-32415`
+-  openssh: Fix :cve_nist:`2025-32728`
+-  perl: Fix :cve_nist:`2024-56406`
+-  ppp: Fix :cve_nist:`2024-58250`
+-  python3-jinja2: Fix :cve_nist:`2024-56201`, :cve_nist:`2024-56326` and :cve_nist:`2025-27516`
+-  ruby: Fix :cve_nist:`2025-27221`
+-  sqlite3: Fix :cve_nist:`2025-3277`, :cve_nist:`2025-29087` and :cve_nist:`2025-29088`
+
+
+Fixes in Yocto-5.0.10
+~~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: stable 2.42 branch updates
+-  bluez5: add missing tools to noinst-tools package
+-  bluez5: backport a patch to fix btmgmt -i
+-  bluez5: make media control a :term:`PACKAGECONFIG` option
+-  build-appliance-image: Update to scarthgap head revision
+-  buildtools-tarball: Make buildtools respects host CA certificates
+-  buildtools-tarball: add envvars into :term:`BB_ENV_PASSTHROUGH_ADDITIONS`
+-  buildtools-tarball: move setting of envvars to respective envfile
+-  contributor-guide/submit-changes: encourage patch version changelogs
+-  cve-check.bbclass: Fix symlink handling also for text files
+-  cve-update-nvd2-native: Revert "cve-update-nvd2-native: Tweak to work better with NFS DL_DIR"
+-  dev-manual/sbom.rst: fix wrong build outputs
+-  docs: Fix dead links that use the :term:`DISTRO` macro
+-  docs: conf.py: tweak SearchEnglish to be hyphen-friendly
+-  docs:conf.py: define a manpage url
+-  ffmpeg: upgrade to 6.1.2
+-  git: upgrade to 2.44.3
+-  glibc-y2038-tests: remove glibc-y2038-tests_2.39.bb recipe
+-  glibc: Add single-threaded fast path to rand()
+-  glibc: stable 2.39 branch updates
+-  initscripts: add function log_success_msg/log_failure_msg/log_warning_msg
+-  libatomic-ops: Update :term:`GITHUB_BASE_URI`
+-  manuals: remove repeated word
+-  migration-guides: add release notes for 4.0.26, 5.0.8, 5.0.9
+-  module.bbclass: add KBUILD_EXTRA_SYMBOLS to install
+-  perl: upgrade to 5.38.4
+-  perlcross: upgrade to 1.6.2
+-  poky.conf: bump version for 5.0.10
+-  poky.yaml: introduce DISTRO_LATEST_TAG
+-  python3-jinja2: upgrade to 3.1.6
+-  ref-manual/release-process: update releases.svg
+-  ref-manual/variables.rst: HOST_CC_ARCH: fix wrong SDK reference
+-  ref-manual/variables.rst: WATCHDOG_TIMEOUT: fix recipe name
+-  ref-manual/variables.rst: add manpage links for toolchain variables
+-  ref-manual/variables.rst: add missing documentation for BUILD_* variables
+-  ref-manual/variables.rst: document HOST_*_ARCH variables
+-  ref-manual/variables.rst: document :term:`INHIBIT_DEFAULT_RUST_DEPS`
+-  ref-manual/variables.rst: document :term:`INHIBIT_UPDATERCD_BBCLASS`
+-  ref-manual/variables.rst: document :term:`SSTATE_SKIP_CREATION`
+-  ref-manual/variables.rst: document :term:`WIC_CREATE_EXTRA_ARGS`
+-  ref-manual/variables.rst: document autotools class related variables
+-  ref-manual/variables.rst: document missing SDK_*_ARCH variables
+-  ref-manual/variables.rst: document the :term:`IMAGE_ROOTFS_MAXSIZE` variable
+-  ref-manual/variables.rst: document the :term:`INITRAMFS_MAXSIZE` variable
+-  ref-manual/variables.rst: improve the :term:`PKGV` documentation
+-  ref-manual/variables.rst: update :term:`ROOT_HOME` documentation
+-  ref-manual: kernel-fitimage.bbclass does not use :term:`SPL_SIGN_KEYNAME`
+-  scripts/install-buildtools: Update to 5.0.9
+-  sphinx-lint: missing space after literal
+-  sphinx-lint: trailing whitespace
+-  sphinx-lint: unbalanced inline literal markup
+-  systemd: Password agents shouldn't be optional
+-  systemd: upgrade to 255.18
+-  test-manual/intro: remove Buildbot version used
+-  tzdata/tzcode-native: upgrade 2025a -> 2025b
+-  u-boot: ensure keys are generated before assembling U-Boot FIT image
+-  util-linux: Add fix to isolate test fstab entries using CUSTOM_FSTAB
+-  wic: bootimg-efi: Support + symbol in filenames
+
+
+Known Issues in Yocto-5.0.10
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  There is an issue where the target libsoup-2.4 build may fail if apachectl is present on the build
+   host. The issue only affects test binaries which aren't actually used. The issue can be fixed by
+   disabling the tests or updating to more recent changes on the scarthgap branch which fix this.
+
+
+Contributors to Yocto-5.0.10
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Adrian Freihofer
+-  Aleksandar Nikolic
+-  Alexander Kanavin
+-  Alon Bar-Lev
+-  Alper Ak
+-  Andrew Kreimer
+-  Antonin Godard
+-  Archana Polampalli
+-  Ashish Sharma
+-  Changqing Li
+-  Christos Gavros
+-  Deepesh Varatharajan
+-  Divya Chellam
+-  Divyanshu Rathore
+-  Enrico Jörns
+-  Etienne Cordonnier
+-  Guðni Már Gilbert
+-  Haixiao Yan
+-  Harish Sadineni
+-  Igor Opaniuk
+-  Jeroen Hofstee
+-  Lee Chee Yang
+-  Nguyen Dat Tho
+-  Niko Mauno
+-  Peter Marko
+-  Praveen Kumar
+-  Priyal Doshi
+-  Rogerio Guerra Borin
+-  Shubham Kulkarni
+-  Soumya Sambu
+-  Steve Sakoman
+-  Sunil Dora
+-  Trevor Woerner
+-  Vijay Anusuri
+-  Virendra Thakur
+-  Vyacheslav Yurkov
+-  Yi Zhao
+-  Yogita Urade
+-  rajmohan r
+
+Repositories / Downloads for Yocto-5.0.10
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.10 </poky/log/?h=yocto-5.0.10>`
+-  Git Revision: :yocto_git:`ac257900c33754957b2696529682029d997a8f28 </poky/commit/?id=ac257900c33754957b2696529682029d997a8f28>`
+-  Release Artefact: poky-ac257900c33754957b2696529682029d997a8f28
+-  sha: ddca7e54b331e78214bea65b346320d4fbcddf4b51103bfbbd9fc3960f32cdc7
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.10/poky-ac257900c33754957b2696529682029d997a8f28.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.10/poky-ac257900c33754957b2696529682029d997a8f28.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.10 </openembedded-core/log/?h=yocto-5.0.10>`
+-  Git Revision: :oe_git:`d5342ffc570d47a723b18297d75bd2f63c2088db </openembedded-core/commit/?id=d5342ffc570d47a723b18297d75bd2f63c2088db>`
+-  Release Artefact: oecore-d5342ffc570d47a723b18297d75bd2f63c2088db
+-  sha: daa62094f2327f4b3fbcc485e8964d1b86a4722f58fb37e0d8e8e9885094a262
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.10/oecore-d5342ffc570d47a723b18297d75bd2f63c2088db.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.10/oecore-d5342ffc570d47a723b18297d75bd2f63c2088db.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.10 </meta-mingw/log/?h=yocto-5.0.10>`
+-  Git Revision: :yocto_git:`bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f </meta-mingw/commit/?id=bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f>`
+-  Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
+-  sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.10/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.10/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.10 </bitbake/log/?h=yocto-5.0.10>`
+-  Git Revision: :oe_git:`696c2c1ef095f8b11c7d2eff36fae50f58c62e5e </bitbake/commit/?id=696c2c1ef095f8b11c7d2eff36fae50f58c62e5e>`
+-  Release Artefact: bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e
+-  sha: fc83f879cd6dd14b9b7eba0161fec23ecc191fed0fb00556ba729dceef6c145f
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.10/bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.10/bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag: :yocto_git:`yocto-5.0.10 </yocto-docs/log/?h=yocto-5.0.10>`
+-  Git Revision: :yocto_git:`3996388e337377bedc113d072a51fe9d68dd40c6 </yocto-docs/commit/?id=3996388e337377bedc113d072a51fe9d68dd40c6>`
+
diff --git a/documentation/migration-guides/release-notes-5.0.2.rst b/documentation/migration-guides/release-notes-5.0.2.rst
index 820e33189e..b60fd73190 100644
--- a/documentation/migration-guides/release-notes-5.0.2.rst
+++ b/documentation/migration-guides/release-notes-5.0.2.rst
@@ -6,17 +6,17 @@ Release notes for Yocto-5.0.2 (Scarthgap)
 Security Fixes in Yocto-5.0.2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  cups: Fix :cve:`2024-35235`
--  gcc: Fix :cve:`2024-0151`
--  gdk-pixbuf: Fix :cve:`2022-48622`
+-  cups: Fix :cve_nist:`2024-35235`
+-  gcc: Fix :cve_nist:`2024-0151`
+-  gdk-pixbuf: Fix :cve_nist:`2022-48622`
 -  ghostscript: fix :cve_mitre:`2024-29510`, :cve_mitre:`2024-33869`, :cve_mitre:`2024-33870` and :cve_mitre:`2024-33871`
--  git: Fix :cve:`2024-32002`, :cve:`2024-32004`, :cve:`2024-32020`, :cve:`2024-32021` and :cve:`2024-32465`
--  glib-2.0: Fix :cve:`2024-34397`
--  glibc: Fix :cve:`2024-2961`, :cve:`2024-33599`, :cve:`2024-33600`, :cve:`2024-33601` and :cve:`2024-33602`
--  ncurses: Fix :cve:`2023-45918` and :cve:`2023-50495`
--  openssl: Fix :cve:`2024-4603` and :cve_mitre:`2024-4741`
--  util-linux: Fix :cve:`2024-28085`
--  xserver-xorg: Fix :cve:`2024-31080`, :cve:`2024-31081`, :cve:`2024-31082` and :cve:`2024-31083`
+-  git: Fix :cve_nist:`2024-32002`, :cve_nist:`2024-32004`, :cve_nist:`2024-32020`, :cve_nist:`2024-32021` and :cve_nist:`2024-32465`
+-  glib-2.0: Fix :cve_nist:`2024-34397`
+-  glibc: Fix :cve_nist:`2024-2961`, :cve_nist:`2024-33599`, :cve_nist:`2024-33600`, :cve_nist:`2024-33601` and :cve_nist:`2024-33602`
+-  ncurses: Fix :cve_nist:`2023-45918` and :cve_nist:`2023-50495`
+-  openssl: Fix :cve_nist:`2024-4603` and :cve_mitre:`2024-4741`
+-  util-linux: Fix :cve_nist:`2024-28085`
+-  xserver-xorg: Fix :cve_nist:`2024-31080`, :cve_nist:`2024-31081`, :cve_nist:`2024-31082` and :cve_nist:`2024-31083`
 
 
 Fixes in Yocto-5.0.2
@@ -44,7 +44,7 @@ Fixes in Yocto-5.0.2
 -  bitbake: tests/fetch: Tweak test to match upstream repo url change
 -  bitbake: tests/fetch: Tweak to work on Fedora40
 -  build-appliance-image: Update to scarthgap head revision
--  busybox: update :cve:`2022-28391` patches upstream status
+-  busybox: update :cve_nist:`2022-28391` patches upstream status
 -  cdrtools-native: Fix build with GCC 14
 -  classes: image_types: apply EXTRA_IMAGECMD:squashfs* in oe_mksquashfs()
 -  classes: image_types: quote variable assignment needed by dash
diff --git a/documentation/migration-guides/release-notes-5.0.3.rst b/documentation/migration-guides/release-notes-5.0.3.rst
index 5ed660c9ec..caf33c7c3f 100644
--- a/documentation/migration-guides/release-notes-5.0.3.rst
+++ b/documentation/migration-guides/release-notes-5.0.3.rst
@@ -6,30 +6,30 @@ Release notes for Yocto-5.0.3 (Scarthgap)
 Security Fixes in Yocto-5.0.3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bind: Fix :cve:`2024-0760`, :cve:`2024-1737`, :cve:`2024-1975` and :cve:`2024-4076`
--  busybox: Fix :cve:`2023-42366`, :cve:`2023-42364`, :cve:`2023-42365`, :cve:`2021-42380` and :cve:`2023-42363`
--  cpio: Ignore :cve:`2023-7216`
--  curl: Fix :cve:`2024-6197`
--  ffmpeg: Fix :cve:`2023-49502`, :cve:`2024-31578` and :cve:`2024-31582`
--  ghostscript: Fix :cve:`2023-52722`
--  go: Fix :cve:`2024-24790`
--  gstreamer1.0-plugins-base: Fix :cve:`2024-4453`
--  less: Fix :cve:`2024-32487`
--  libxml2: Fix :cve:`2024-34459`
--  libyaml: Ignore :cve:`2024-35328`
--  linux-yocto/6.6: Fix :cve:`2024-23307`, :cve:`2024-24861`, :cve:`2024-26642`, :cve:`2024-26643`, :cve:`2024-26654`, :cve:`2024-26656` and :cve:`2023-47233`
--  linux-yocto/6.6: Ignore :cve:`2019-25160`, :cve:`2019-25162`, :cve:`2020-36775`, :cve:`2020-36776`, :cve:`2020-36777`, :cve:`2020-36778`, :cve:`2020-36779`, :cve:`2020-36780`, :cve:`2020-36781`, :cve:`2020-36782`, :cve:`2020-36783`, :cve:`2020-36784`, :cve:`2020-36785`, :cve:`2020-36786`, :cve:`2020-36787`, :cve:`2021-46904`, :cve:`2021-46905`, :cve:`2021-46906`, :cve:`2021-46908`, :cve:`2021-46909`, :cve:`2021-46910`, :cve:`2021-46911`, :cve:`2021-46912`, :cve:`2021-46913`, :cve:`2021-46914`, :cve:`2021-46915`, :cve:`2021-46916`, :cve:`2021-46917`, :cve:`2021-46918`, :cve:`2021-46919`, :cve:`2021-46920`, :cve:`2021-46921`, :cve:`2021-46922`, :cve:`2021-46923`, :cve:`2021-46924`, :cve:`2021-46925`, :cve:`2021-46926`, :cve:`2021-46927`, :cve:`2021-46928`, :cve:`2021-46929`, :cve:`2021-46930`, :cve:`2021-46931`, :cve:`2021-46932`, :cve:`2021-46933`, :cve:`2021-46934`, :cve:`2021-46935`, :cve:`2021-46936`, :cve:`2021-46937`, :cve:`2021-46938`, :cve:`2021-46939`, :cve:`2021-46940`, :cve:`2021-46941`, :cve:`2021-46942`, :cve:`2021-46943`, :cve:`2021-46944`, :cve:`2021-46945`, :cve:`2021-46947`, :cve:`2021-46948`, :cve:`2021-46949`, :cve:`2021-46950`, :cve:`2021-46951`, :cve:`2021-46952`, :cve:`2021-46953`, :cve:`2021-46954`, :cve:`2021-46955`, :cve:`2021-46956`, :cve:`2021-46957`, :cve:`2021-46958`, :cve:`2021-46959`, :cve:`2021-46960`, :cve:`2021-46961`, :cve:`2021-46962`, :cve:`2021-46963`, :cve:`2021-46964`, :cve:`2021-46965`, :cve:`2021-46966`, :cve:`2021-46967`, :cve:`2021-46968`, :cve:`2021-46969`, :cve:`2021-46970`, :cve:`2021-46971`, :cve:`2021-46972`, :cve:`2021-46973`, :cve:`2021-46974`, :cve:`2021-46976`, :cve:`2021-46977`, :cve:`2021-46978`, :cve:`2021-46979`, :cve:`2021-46980`, :cve:`2021-46981`, :cve:`2021-46982`, :cve:`2021-46983`, :cve:`2021-46984`, :cve:`2021-46985`, :cve:`2021-46986`, :cve:`2021-46987`, :cve:`2021-46988`, :cve:`2021-46989`, :cve:`2021-46990`, :cve:`2021-46991`, :cve:`2021-46992`, :cve:`2021-46993`, :cve:`2021-46994`, :cve:`2021-46995`, :cve:`2021-46996`, :cve:`2021-46997`, :cve:`2021-46998`, :cve:`2021-46999`, :cve:`2021-47000`, :cve:`2021-47001`, :cve:`2021-47002`, :cve:`2021-47003`, :cve:`2021-47004`, :cve:`2021-47005`, :cve:`2021-47006`, :cve:`2021-47007`, :cve:`2021-47008`, :cve:`2021-47009`, :cve:`2021-47010`, :cve:`2021-47011`, :cve:`2021-47012`, :cve:`2021-47013`, :cve:`2021-47014`, :cve:`2021-47015`, :cve:`2021-47016`, :cve:`2021-47017`, :cve:`2021-47018`, :cve:`2021-47019`, :cve:`2021-47020`, :cve:`2021-47021`, :cve:`2021-47022`, :cve:`2021-47023`, :cve:`2021-47024`, :cve:`2021-47025`, :cve:`2021-47026`, :cve:`2021-47027`, :cve:`2021-47028`, :cve:`2021-47029`, :cve:`2021-47030`, :cve:`2021-47031`, :cve:`2021-47032`, :cve:`2021-47033`, :cve:`2021-47034`, :cve:`2021-47035`, :cve:`2021-47036`, :cve:`2021-47037`, :cve:`2021-47038`, :cve:`2021-47039`, :cve:`2021-47040`, :cve:`2021-47041`, :cve:`2021-47042`, :cve:`2021-47043`, :cve:`2021-47044`, :cve:`2021-47045`, :cve:`2021-47046`, :cve:`2021-47047`, :cve:`2021-47048`, :cve:`2021-47049`, :cve:`2021-47050`, :cve:`2021-47051`, :cve:`2021-47052`, :cve:`2021-47053`, :cve:`2021-47054`, :cve:`2021-47055`, :cve:`2021-47056`, :cve:`2021-47057`, :cve:`2021-47058`, :cve:`2021-47059`, :cve:`2021-47060`, :cve:`2021-47061`, :cve:`2021-47062`, :cve:`2021-47063`, :cve:`2021-47064`, :cve:`2021-47065`, :cve:`2021-47066`, :cve:`2021-47067`, :cve:`2021-47068`, :cve:`2021-47069`, :cve:`2021-47070`, :cve:`2021-47071`, :cve:`2021-47072`, :cve:`2021-47073`, :cve:`2021-47074`, :cve:`2021-47075`, :cve:`2021-47076`, :cve:`2021-47077`, :cve:`2021-47078`, :cve:`2021-47079`, :cve:`2021-47080`, :cve:`2021-47081`, :cve:`2021-47082`, :cve:`2021-47083`, :cve:`2021-47086`, :cve:`2021-47087`, :cve:`2021-47088`, :cve:`2021-47089`, :cve:`2021-47090`, :cve:`2021-47091`, :cve:`2021-47092`, :cve:`2021-47093`, :cve:`2021-47094`, :cve:`2021-47095`, :cve:`2021-47096`, :cve:`2021-47097`, :cve:`2021-47098`, :cve:`2021-47099`, :cve:`2021-47100`, :cve:`2021-47101`, :cve:`2021-47102`, :cve:`2021-47103`, :cve:`2021-47104`, :cve:`2021-47105`, :cve:`2021-47106`, :cve:`2021-47107`, :cve:`2021-47108`, :cve:`2021-47109`, :cve:`2021-47110`, :cve:`2021-47111`, :cve:`2021-47112`, :cve:`2021-47113`, :cve:`2021-47114`, :cve:`2021-47116`, :cve:`2021-47117`, :cve:`2021-47118`, :cve:`2021-47119`, :cve:`2021-47120`, :cve:`2021-47121`, :cve:`2021-47122`, :cve:`2021-47123`, :cve:`2021-47124`, :cve:`2021-47125`, :cve:`2021-47126`, :cve:`2021-47127`, :cve:`2021-47128`, :cve:`2021-47129`, :cve:`2021-47130`, :cve:`2021-47131`, :cve:`2021-47132`, :cve:`2021-47133`, :cve:`2021-47134`, :cve:`2021-47135`, :cve:`2021-47136`, :cve:`2021-47137`, :cve:`2021-47138`, :cve:`2021-47139`, :cve:`2021-47140`, :cve:`2021-47141`, :cve:`2021-47142`, :cve:`2021-47143`, :cve:`2021-47144`, :cve:`2021-47145`, :cve:`2021-47146`, :cve:`2021-47147`, :cve:`2021-47148`, :cve:`2021-47149`, :cve:`2021-47150`, :cve:`2021-47151`, :cve:`2021-47152`, :cve:`2021-47153`, :cve:`2021-47158`, :cve:`2021-47159`, :cve:`2021-47160`, :cve:`2021-47161`, :cve:`2021-47162`, :cve:`2021-47163`, :cve:`2021-47164`, :cve:`2021-47165`, :cve:`2021-47166`, :cve:`2021-47167`, :cve:`2021-47168`, :cve:`2021-47169`, :cve:`2021-47170`, :cve:`2021-47171`, :cve:`2021-47172`, :cve:`2021-47173`, :cve:`2021-47174`, :cve:`2021-47175`, :cve:`2021-47176`, :cve:`2021-47177`, :cve:`2021-47178`, :cve:`2021-47179`, :cve:`2021-47180`, :cve:`2022-48626`, :cve:`2022-48627`, :cve:`2022-48628`, :cve:`2022-48629` and :cve:`2022-48630`
--  linux-yocto/6.6 (cont.): Ignore :cve:`2023-6270`, :cve:`2023-6356`, :cve:`2023-6536`, :cve:`2023-7042`, :cve:`2023-28746`, :cve:`2023-52465`, :cve:`2023-52467`, :cve:`2023-52468`, :cve:`2023-52469`, :cve:`2023-52470`, :cve:`2023-52471`, :cve:`2023-52472`, :cve:`2023-52473`, :cve:`2023-52474`, :cve:`2023-52475`, :cve:`2023-52476`, :cve:`2023-52477`, :cve:`2023-52478`, :cve:`2023-52479`, :cve:`2023-52480`, :cve:`2023-52481`, :cve:`2023-52482`, :cve:`2023-52483`, :cve:`2023-52484`, :cve:`2023-52486`, :cve:`2023-52487`, :cve:`2023-52488`, :cve:`2023-52489`, :cve:`2023-52490`, :cve:`2023-52491`, :cve:`2023-52492`, :cve:`2023-52493`, :cve:`2023-52494`, :cve:`2023-52495`, :cve:`2023-52497`, :cve:`2023-52498`, :cve:`2023-52499`, :cve:`2023-52500`, :cve:`2023-52501`, :cve:`2023-52502`, :cve:`2023-52503`, :cve:`2023-52504`, :cve:`2023-52505`, :cve:`2023-52506`, :cve:`2023-52507`, :cve:`2023-52508`, :cve:`2023-52509`, :cve:`2023-52510`, :cve:`2023-52511`, :cve:`2023-52512`, :cve:`2023-52513`, :cve:`2023-52515`, :cve:`2023-52516`, :cve:`2023-52517`, :cve:`2023-52518`, :cve:`2023-52519`, :cve:`2023-52520`, :cve:`2023-52522`, :cve:`2023-52523`, :cve:`2023-52524`, :cve:`2023-52525`, :cve:`2023-52526`, :cve:`2023-52527`, :cve:`2023-52528`, :cve:`2023-52529`, :cve:`2023-52530`, :cve:`2023-52531`, :cve:`2023-52532`, :cve:`2023-52559`, :cve:`2023-52560`, :cve:`2023-52561`, :cve:`2023-52562`, :cve:`2023-52563`, :cve:`2023-52564`, :cve:`2023-52565`, :cve:`2023-52566`, :cve:`2023-52567`, :cve:`2023-52568`, :cve:`2023-52569`, :cve:`2023-52570`, :cve:`2023-52571`, :cve:`2023-52572`, :cve:`2023-52573`, :cve:`2023-52574`, :cve:`2023-52575`, :cve:`2023-52576`, :cve:`2023-52577`, :cve:`2023-52578`, :cve:`2023-52580`, :cve:`2023-52581`, :cve:`2023-52582`, :cve:`2023-52583`, :cve:`2023-52584`, :cve:`2023-52587`, :cve:`2023-52588`, :cve:`2023-52589`, :cve:`2023-52591`, :cve:`2023-52593`, :cve:`2023-52594`, :cve:`2023-52595`, :cve:`2023-52596`, :cve:`2023-52597`, :cve:`2023-52598`, :cve:`2023-52599`, :cve:`2023-52600`, :cve:`2023-52601`, :cve:`2023-52602`, :cve:`2023-52603`, :cve:`2023-52604`, :cve:`2023-52606`, :cve:`2023-52607`, :cve:`2023-52608`, :cve:`2023-52609`, :cve:`2023-52610`, :cve:`2023-52611`, :cve:`2023-52612`, :cve:`2023-52613`, :cve:`2023-52614`, :cve:`2023-52615`, :cve:`2023-52616`, :cve:`2023-52617`, :cve:`2023-52618`, :cve:`2023-52619`, :cve:`2023-52620`, :cve:`2023-52621`, :cve:`2023-52622`, :cve:`2023-52623`, :cve:`2023-52626`, :cve:`2023-52627`, :cve:`2023-52628`, :cve:`2023-52629`, :cve:`2023-52630`, :cve:`2023-52631`, :cve:`2023-52632`, :cve:`2023-52633`, :cve:`2023-52635`, :cve:`2023-52636`, :cve:`2023-52637`, :cve:`2023-52638`, :cve:`2023-52639`, :cve:`2023-52640`, :cve:`2023-52641`, :cve:`2024-0841`, :cve:`2024-22099`, :cve:`2024-23196`, :cve:`2024-26600`, :cve:`2024-26601`, :cve:`2024-26602`, :cve:`2024-26603`, :cve:`2024-26604`, :cve:`2024-26605`, :cve:`2024-26606`, :cve:`2024-26607`, :cve:`2024-26608`, :cve:`2024-26610`, :cve:`2024-26611`, :cve:`2024-26612`, :cve:`2024-26614`, :cve:`2024-26615`, :cve:`2024-26616`, :cve:`2024-26617`, :cve:`2024-26618`, :cve:`2024-26619`, :cve:`2024-26620`, :cve:`2024-26621`, :cve:`2024-26622`, :cve:`2024-26623`, :cve:`2024-26625`, :cve:`2024-26626`, :cve:`2024-26627`, :cve:`2024-26629`, :cve:`2024-26630`, :cve:`2024-26631`, :cve:`2024-26632`, :cve:`2024-26633`, :cve:`2024-26634`, :cve:`2024-26635`, :cve:`2024-26636`, :cve:`2024-26637`, :cve:`2024-26638`, :cve:`2024-26639`, :cve:`2024-26640`, :cve:`2024-26641`, :cve:`2024-26644`, :cve:`2024-26645`, :cve:`2024-26646`, :cve:`2024-26647`, :cve:`2024-26648`, :cve:`2024-26649`, :cve:`2024-26650`, :cve:`2024-26651`, :cve:`2024-26652`, :cve:`2024-26653`, :cve:`2024-26657`, :cve:`2024-26659`, :cve:`2024-26660`, :cve:`2024-26661`, :cve:`2024-26662`, :cve:`2024-26663`, :cve:`2024-26664`, :cve:`2024-26665`, :cve:`2024-26666`, :cve:`2024-26667`, :cve:`2024-26668`, :cve:`2024-26669`, :cve:`2024-26670`, :cve:`2024-26671`, :cve:`2024-26673`, :cve:`2024-26674`, :cve:`2024-26675`, :cve:`2024-26676`, :cve:`2024-26677`, :cve:`2024-26678`, :cve:`2024-26679`, :cve:`2024-26680`, :cve:`2024-26681`, :cve:`2024-26682`, :cve:`2024-26683`, :cve:`2024-26684`, :cve:`2024-26685`, :cve:`2024-26687`, :cve:`2024-26688`, :cve:`2024-26689`, :cve:`2024-26690`, :cve:`2024-26691`, :cve:`2024-26692`, :cve:`2024-26693`, :cve:`2024-26694`, :cve:`2024-26695`, :cve:`2024-26696`, :cve:`2024-26697`, :cve:`2024-26698`, :cve:`2024-26700`, :cve:`2024-26702`, :cve:`2024-26703`, :cve:`2024-26704`, :cve:`2024-26705`, :cve:`2024-26706`, :cve:`2024-26707`, :cve:`2024-26708`, :cve:`2024-26709`, :cve:`2024-26710`, :cve:`2024-26711`, :cve:`2024-26712`, :cve:`2024-26713`, :cve:`2024-26714`, :cve:`2024-26715`, :cve:`2024-26716`, :cve:`2024-26717`, :cve:`2024-26718`, :cve:`2024-26719`, :cve:`2024-26720`, :cve:`2024-26721`, :cve:`2024-26722`, :cve:`2024-26723`, :cve:`2024-26724`, :cve:`2024-26725`, :cve:`2024-26726`, :cve:`2024-26727`, :cve:`2024-26728`, :cve:`2024-26729`, :cve:`2024-26730`, :cve:`2024-26731`, :cve:`2024-26732`, :cve:`2024-26733`, :cve:`2024-26734`, :cve:`2024-26735`, :cve:`2024-26736`, :cve:`2024-26737`, :cve:`2024-26738`, :cve:`2024-26739`, :cve:`2024-26740`, :cve:`2024-26741`, :cve:`2024-26742`, :cve:`2024-26743`, :cve:`2024-26744`, :cve:`2024-26745`, :cve:`2024-26746`, :cve:`2024-26747`, :cve:`2024-26748`, :cve:`2024-26749`, :cve:`2024-26750`, :cve:`2024-26751`, :cve:`2024-26752`, :cve:`2024-26753`, :cve:`2024-26754`, :cve:`2024-26755`, :cve:`2024-26759`, :cve:`2024-26760`, :cve:`2024-26761`, :cve:`2024-26762`, :cve:`2024-26763`, :cve:`2024-26764`, :cve:`2024-26765`, :cve:`2024-26766`, :cve:`2024-26767`, :cve:`2024-26768`, :cve:`2024-26769`, :cve:`2024-26770`, :cve:`2024-26771`, :cve:`2024-26772`, :cve:`2024-26773`, :cve:`2024-26774`, :cve:`2024-26775`, :cve:`2024-26776`, :cve:`2024-26777`, :cve:`2024-26778`, :cve:`2024-26779`, :cve:`2024-26780`, :cve:`2024-26781`, :cve:`2024-26782`, :cve:`2024-26783`, :cve:`2024-26786`, :cve:`2024-26787`, :cve:`2024-26788`, :cve:`2024-26789`, :cve:`2024-26790`, :cve:`2024-26791`, :cve:`2024-26792`, :cve:`2024-26793`, :cve:`2024-26794`, :cve:`2024-26795`, :cve:`2024-26796`, :cve:`2024-26798`, :cve:`2024-26799`, :cve:`2024-26800`, :cve:`2024-26801`, :cve:`2024-26802`, :cve:`2024-26803`, :cve:`2024-26804`, :cve:`2024-26805`, :cve:`2024-26807`, :cve:`2024-26808` and :cve:`2024-26809`
--  llvm: Fix :cve:`2024-0151`
--  ofono: Fix :cve:`2023-2794`
--  openssh: Fix :cve:`2024-6387` and :cve:`2024-39894`
--  openssl: Fix :cve:`2024-5535`
--  pam: Fix :cve:`2024-22365`
--  python3-idna: Fix :cve:`2024-3651`
--  qemu: Fix :cve:`2023-6683`, :cve:`2024-3446`, :cve_mitre:`2024-3447`, :cve:`2024-3567`, :cve:`2024-26327` and :cve:`2024-26328`
--  ruby: Fix :cve:`2023-36617` and :cve:`2024-27281`
--  vte: Fix :cve:`2024-37535`
--  wget: Fix for :cve:`2024-38428`
+-  bind: Fix :cve_nist:`2024-0760`, :cve_nist:`2024-1737`, :cve_nist:`2024-1975` and :cve_nist:`2024-4076`
+-  busybox: Fix :cve_nist:`2023-42366`, :cve_nist:`2023-42364`, :cve_nist:`2023-42365`, :cve_nist:`2021-42380` and :cve_nist:`2023-42363`
+-  cpio: Ignore :cve_nist:`2023-7216`
+-  curl: Fix :cve_nist:`2024-6197`
+-  ffmpeg: Fix :cve_nist:`2023-49502`, :cve_nist:`2024-31578` and :cve_nist:`2024-31582`
+-  ghostscript: Fix :cve_nist:`2023-52722`
+-  go: Fix :cve_nist:`2024-24790`
+-  gstreamer1.0-plugins-base: Fix :cve_nist:`2024-4453`
+-  less: Fix :cve_nist:`2024-32487`
+-  libxml2: Fix :cve_nist:`2024-34459`
+-  libyaml: Ignore :cve_nist:`2024-35328`
+-  linux-yocto/6.6: Fix :cve_nist:`2024-23307`, :cve_nist:`2024-24861`, :cve_nist:`2024-26642`, :cve_nist:`2024-26643`, :cve_nist:`2024-26654`, :cve_nist:`2024-26656` and :cve_nist:`2023-47233`
+-  linux-yocto/6.6: Ignore :cve_nist:`2019-25160`, :cve_nist:`2019-25162`, :cve_nist:`2020-36775`, :cve_nist:`2020-36776`, :cve_nist:`2020-36777`, :cve_nist:`2020-36778`, :cve_nist:`2020-36779`, :cve_nist:`2020-36780`, :cve_nist:`2020-36781`, :cve_nist:`2020-36782`, :cve_nist:`2020-36783`, :cve_nist:`2020-36784`, :cve_nist:`2020-36785`, :cve_nist:`2020-36786`, :cve_nist:`2020-36787`, :cve_nist:`2021-46904`, :cve_nist:`2021-46905`, :cve_nist:`2021-46906`, :cve_nist:`2021-46908`, :cve_nist:`2021-46909`, :cve_nist:`2021-46910`, :cve_nist:`2021-46911`, :cve_nist:`2021-46912`, :cve_nist:`2021-46913`, :cve_nist:`2021-46914`, :cve_nist:`2021-46915`, :cve_nist:`2021-46916`, :cve_nist:`2021-46917`, :cve_nist:`2021-46918`, :cve_nist:`2021-46919`, :cve_nist:`2021-46920`, :cve_nist:`2021-46921`, :cve_nist:`2021-46922`, :cve_nist:`2021-46923`, :cve_nist:`2021-46924`, :cve_nist:`2021-46925`, :cve_nist:`2021-46926`, :cve_nist:`2021-46927`, :cve_nist:`2021-46928`, :cve_nist:`2021-46929`, :cve_nist:`2021-46930`, :cve_nist:`2021-46931`, :cve_nist:`2021-46932`, :cve_nist:`2021-46933`, :cve_nist:`2021-46934`, :cve_nist:`2021-46935`, :cve_nist:`2021-46936`, :cve_nist:`2021-46937`, :cve_nist:`2021-46938`, :cve_nist:`2021-46939`, :cve_nist:`2021-46940`, :cve_nist:`2021-46941`, :cve_nist:`2021-46942`, :cve_nist:`2021-46943`, :cve_nist:`2021-46944`, :cve_nist:`2021-46945`, :cve_nist:`2021-46947`, :cve_nist:`2021-46948`, :cve_nist:`2021-46949`, :cve_nist:`2021-46950`, :cve_nist:`2021-46951`, :cve_nist:`2021-46952`, :cve_nist:`2021-46953`, :cve_nist:`2021-46954`, :cve_nist:`2021-46955`, :cve_nist:`2021-46956`, :cve_nist:`2021-46957`, :cve_nist:`2021-46958`, :cve_nist:`2021-46959`, :cve_nist:`2021-46960`, :cve_nist:`2021-46961`, :cve_nist:`2021-46962`, :cve_nist:`2021-46963`, :cve_nist:`2021-46964`, :cve_nist:`2021-46965`, :cve_nist:`2021-46966`, :cve_nist:`2021-46967`, :cve_nist:`2021-46968`, :cve_nist:`2021-46969`, :cve_nist:`2021-46970`, :cve_nist:`2021-46971`, :cve_nist:`2021-46972`, :cve_nist:`2021-46973`, :cve_nist:`2021-46974`, :cve_nist:`2021-46976`, :cve_nist:`2021-46977`, :cve_nist:`2021-46978`, :cve_nist:`2021-46979`, :cve_nist:`2021-46980`, :cve_nist:`2021-46981`, :cve_nist:`2021-46982`, :cve_nist:`2021-46983`, :cve_nist:`2021-46984`, :cve_nist:`2021-46985`, :cve_nist:`2021-46986`, :cve_nist:`2021-46987`, :cve_nist:`2021-46988`, :cve_nist:`2021-46989`, :cve_nist:`2021-46990`, :cve_nist:`2021-46991`, :cve_nist:`2021-46992`, :cve_nist:`2021-46993`, :cve_nist:`2021-46994`, :cve_nist:`2021-46995`, :cve_nist:`2021-46996`, :cve_nist:`2021-46997`, :cve_nist:`2021-46998`, :cve_nist:`2021-46999`, :cve_nist:`2021-47000`, :cve_nist:`2021-47001`, :cve_nist:`2021-47002`, :cve_nist:`2021-47003`, :cve_nist:`2021-47004`, :cve_nist:`2021-47005`, :cve_nist:`2021-47006`, :cve_nist:`2021-47007`, :cve_nist:`2021-47008`, :cve_nist:`2021-47009`, :cve_nist:`2021-47010`, :cve_nist:`2021-47011`, :cve_nist:`2021-47012`, :cve_nist:`2021-47013`, :cve_nist:`2021-47014`, :cve_nist:`2021-47015`, :cve_nist:`2021-47016`, :cve_nist:`2021-47017`, :cve_nist:`2021-47018`, :cve_nist:`2021-47019`, :cve_nist:`2021-47020`, :cve_nist:`2021-47021`, :cve_nist:`2021-47022`, :cve_nist:`2021-47023`, :cve_nist:`2021-47024`, :cve_nist:`2021-47025`, :cve_nist:`2021-47026`, :cve_nist:`2021-47027`, :cve_nist:`2021-47028`, :cve_nist:`2021-47029`, :cve_nist:`2021-47030`, :cve_nist:`2021-47031`, :cve_nist:`2021-47032`, :cve_nist:`2021-47033`, :cve_nist:`2021-47034`, :cve_nist:`2021-47035`, :cve_nist:`2021-47036`, :cve_nist:`2021-47037`, :cve_nist:`2021-47038`, :cve_nist:`2021-47039`, :cve_nist:`2021-47040`, :cve_nist:`2021-47041`, :cve_nist:`2021-47042`, :cve_nist:`2021-47043`, :cve_nist:`2021-47044`, :cve_nist:`2021-47045`, :cve_nist:`2021-47046`, :cve_nist:`2021-47047`, :cve_nist:`2021-47048`, :cve_nist:`2021-47049`, :cve_nist:`2021-47050`, :cve_nist:`2021-47051`, :cve_nist:`2021-47052`, :cve_nist:`2021-47053`, :cve_nist:`2021-47054`, :cve_nist:`2021-47055`, :cve_nist:`2021-47056`, :cve_nist:`2021-47057`, :cve_nist:`2021-47058`, :cve_nist:`2021-47059`, :cve_nist:`2021-47060`, :cve_nist:`2021-47061`, :cve_nist:`2021-47062`, :cve_nist:`2021-47063`, :cve_nist:`2021-47064`, :cve_nist:`2021-47065`, :cve_nist:`2021-47066`, :cve_nist:`2021-47067`, :cve_nist:`2021-47068`, :cve_nist:`2021-47069`, :cve_nist:`2021-47070`, :cve_nist:`2021-47071`, :cve_nist:`2021-47072`, :cve_nist:`2021-47073`, :cve_nist:`2021-47074`, :cve_nist:`2021-47075`, :cve_nist:`2021-47076`, :cve_nist:`2021-47077`, :cve_nist:`2021-47078`, :cve_nist:`2021-47079`, :cve_nist:`2021-47080`, :cve_nist:`2021-47081`, :cve_nist:`2021-47082`, :cve_nist:`2021-47083`, :cve_nist:`2021-47086`, :cve_nist:`2021-47087`, :cve_nist:`2021-47088`, :cve_nist:`2021-47089`, :cve_nist:`2021-47090`, :cve_nist:`2021-47091`, :cve_nist:`2021-47092`, :cve_nist:`2021-47093`, :cve_nist:`2021-47094`, :cve_nist:`2021-47095`, :cve_nist:`2021-47096`, :cve_nist:`2021-47097`, :cve_nist:`2021-47098`, :cve_nist:`2021-47099`, :cve_nist:`2021-47100`, :cve_nist:`2021-47101`, :cve_nist:`2021-47102`, :cve_nist:`2021-47103`, :cve_nist:`2021-47104`, :cve_nist:`2021-47105`, :cve_nist:`2021-47106`, :cve_nist:`2021-47107`, :cve_nist:`2021-47108`, :cve_nist:`2021-47109`, :cve_nist:`2021-47110`, :cve_nist:`2021-47111`, :cve_nist:`2021-47112`, :cve_nist:`2021-47113`, :cve_nist:`2021-47114`, :cve_nist:`2021-47116`, :cve_nist:`2021-47117`, :cve_nist:`2021-47118`, :cve_nist:`2021-47119`, :cve_nist:`2021-47120`, :cve_nist:`2021-47121`, :cve_nist:`2021-47122`, :cve_nist:`2021-47123`, :cve_nist:`2021-47124`, :cve_nist:`2021-47125`, :cve_nist:`2021-47126`, :cve_nist:`2021-47127`, :cve_nist:`2021-47128`, :cve_nist:`2021-47129`, :cve_nist:`2021-47130`, :cve_nist:`2021-47131`, :cve_nist:`2021-47132`, :cve_nist:`2021-47133`, :cve_nist:`2021-47134`, :cve_nist:`2021-47135`, :cve_nist:`2021-47136`, :cve_nist:`2021-47137`, :cve_nist:`2021-47138`, :cve_nist:`2021-47139`, :cve_nist:`2021-47140`, :cve_nist:`2021-47141`, :cve_nist:`2021-47142`, :cve_nist:`2021-47143`, :cve_nist:`2021-47144`, :cve_nist:`2021-47145`, :cve_nist:`2021-47146`, :cve_nist:`2021-47147`, :cve_nist:`2021-47148`, :cve_nist:`2021-47149`, :cve_nist:`2021-47150`, :cve_nist:`2021-47151`, :cve_nist:`2021-47152`, :cve_nist:`2021-47153`, :cve_nist:`2021-47158`, :cve_nist:`2021-47159`, :cve_nist:`2021-47160`, :cve_nist:`2021-47161`, :cve_nist:`2021-47162`, :cve_nist:`2021-47163`, :cve_nist:`2021-47164`, :cve_nist:`2021-47165`, :cve_nist:`2021-47166`, :cve_nist:`2021-47167`, :cve_nist:`2021-47168`, :cve_nist:`2021-47169`, :cve_nist:`2021-47170`, :cve_nist:`2021-47171`, :cve_nist:`2021-47172`, :cve_nist:`2021-47173`, :cve_nist:`2021-47174`, :cve_nist:`2021-47175`, :cve_nist:`2021-47176`, :cve_nist:`2021-47177`, :cve_nist:`2021-47178`, :cve_nist:`2021-47179`, :cve_nist:`2021-47180`, :cve_nist:`2022-48626`, :cve_nist:`2022-48627`, :cve_nist:`2022-48628`, :cve_nist:`2022-48629` and :cve_nist:`2022-48630`
+-  linux-yocto/6.6 (cont.): Ignore :cve_nist:`2023-6270`, :cve_nist:`2023-6356`, :cve_nist:`2023-6536`, :cve_nist:`2023-7042`, :cve_nist:`2023-28746`, :cve_nist:`2023-52465`, :cve_nist:`2023-52467`, :cve_nist:`2023-52468`, :cve_nist:`2023-52469`, :cve_nist:`2023-52470`, :cve_nist:`2023-52471`, :cve_nist:`2023-52472`, :cve_nist:`2023-52473`, :cve_nist:`2023-52474`, :cve_nist:`2023-52475`, :cve_nist:`2023-52476`, :cve_nist:`2023-52477`, :cve_nist:`2023-52478`, :cve_nist:`2023-52479`, :cve_nist:`2023-52480`, :cve_nist:`2023-52481`, :cve_nist:`2023-52482`, :cve_nist:`2023-52483`, :cve_nist:`2023-52484`, :cve_nist:`2023-52486`, :cve_nist:`2023-52487`, :cve_nist:`2023-52488`, :cve_nist:`2023-52489`, :cve_nist:`2023-52490`, :cve_nist:`2023-52491`, :cve_nist:`2023-52492`, :cve_nist:`2023-52493`, :cve_nist:`2023-52494`, :cve_nist:`2023-52495`, :cve_nist:`2023-52497`, :cve_nist:`2023-52498`, :cve_nist:`2023-52499`, :cve_nist:`2023-52500`, :cve_nist:`2023-52501`, :cve_nist:`2023-52502`, :cve_nist:`2023-52503`, :cve_nist:`2023-52504`, :cve_nist:`2023-52505`, :cve_nist:`2023-52506`, :cve_nist:`2023-52507`, :cve_nist:`2023-52508`, :cve_nist:`2023-52509`, :cve_nist:`2023-52510`, :cve_nist:`2023-52511`, :cve_nist:`2023-52512`, :cve_nist:`2023-52513`, :cve_nist:`2023-52515`, :cve_nist:`2023-52516`, :cve_nist:`2023-52517`, :cve_nist:`2023-52518`, :cve_nist:`2023-52519`, :cve_nist:`2023-52520`, :cve_nist:`2023-52522`, :cve_nist:`2023-52523`, :cve_nist:`2023-52524`, :cve_nist:`2023-52525`, :cve_nist:`2023-52526`, :cve_nist:`2023-52527`, :cve_nist:`2023-52528`, :cve_nist:`2023-52529`, :cve_nist:`2023-52530`, :cve_nist:`2023-52531`, :cve_nist:`2023-52532`, :cve_nist:`2023-52559`, :cve_nist:`2023-52560`, :cve_nist:`2023-52561`, :cve_nist:`2023-52562`, :cve_nist:`2023-52563`, :cve_nist:`2023-52564`, :cve_nist:`2023-52565`, :cve_nist:`2023-52566`, :cve_nist:`2023-52567`, :cve_nist:`2023-52568`, :cve_nist:`2023-52569`, :cve_nist:`2023-52570`, :cve_nist:`2023-52571`, :cve_nist:`2023-52572`, :cve_nist:`2023-52573`, :cve_nist:`2023-52574`, :cve_nist:`2023-52575`, :cve_nist:`2023-52576`, :cve_nist:`2023-52577`, :cve_nist:`2023-52578`, :cve_nist:`2023-52580`, :cve_nist:`2023-52581`, :cve_nist:`2023-52582`, :cve_nist:`2023-52583`, :cve_nist:`2023-52584`, :cve_nist:`2023-52587`, :cve_nist:`2023-52588`, :cve_nist:`2023-52589`, :cve_nist:`2023-52591`, :cve_nist:`2023-52593`, :cve_nist:`2023-52594`, :cve_nist:`2023-52595`, :cve_nist:`2023-52596`, :cve_nist:`2023-52597`, :cve_nist:`2023-52598`, :cve_nist:`2023-52599`, :cve_nist:`2023-52600`, :cve_nist:`2023-52601`, :cve_nist:`2023-52602`, :cve_nist:`2023-52603`, :cve_nist:`2023-52604`, :cve_nist:`2023-52606`, :cve_nist:`2023-52607`, :cve_nist:`2023-52608`, :cve_nist:`2023-52609`, :cve_nist:`2023-52610`, :cve_nist:`2023-52611`, :cve_nist:`2023-52612`, :cve_nist:`2023-52613`, :cve_nist:`2023-52614`, :cve_nist:`2023-52615`, :cve_nist:`2023-52616`, :cve_nist:`2023-52617`, :cve_nist:`2023-52618`, :cve_nist:`2023-52619`, :cve_nist:`2023-52620`, :cve_nist:`2023-52621`, :cve_nist:`2023-52622`, :cve_nist:`2023-52623`, :cve_nist:`2023-52626`, :cve_nist:`2023-52627`, :cve_nist:`2023-52628`, :cve_nist:`2023-52629`, :cve_nist:`2023-52630`, :cve_nist:`2023-52631`, :cve_nist:`2023-52632`, :cve_nist:`2023-52633`, :cve_nist:`2023-52635`, :cve_nist:`2023-52636`, :cve_nist:`2023-52637`, :cve_nist:`2023-52638`, :cve_nist:`2023-52639`, :cve_nist:`2023-52640`, :cve_nist:`2023-52641`, :cve_nist:`2024-0841`, :cve_nist:`2024-22099`, :cve_nist:`2024-23196`, :cve_nist:`2024-26600`, :cve_nist:`2024-26601`, :cve_nist:`2024-26602`, :cve_nist:`2024-26603`, :cve_nist:`2024-26604`, :cve_nist:`2024-26605`, :cve_nist:`2024-26606`, :cve_nist:`2024-26607`, :cve_nist:`2024-26608`, :cve_nist:`2024-26610`, :cve_nist:`2024-26611`, :cve_nist:`2024-26612`, :cve_nist:`2024-26614`, :cve_nist:`2024-26615`, :cve_nist:`2024-26616`, :cve_nist:`2024-26617`, :cve_nist:`2024-26618`, :cve_nist:`2024-26619`, :cve_nist:`2024-26620`, :cve_nist:`2024-26621`, :cve_nist:`2024-26622`, :cve_nist:`2024-26623`, :cve_nist:`2024-26625`, :cve_nist:`2024-26626`, :cve_nist:`2024-26627`, :cve_nist:`2024-26629`, :cve_nist:`2024-26630`, :cve_nist:`2024-26631`, :cve_nist:`2024-26632`, :cve_nist:`2024-26633`, :cve_nist:`2024-26634`, :cve_nist:`2024-26635`, :cve_nist:`2024-26636`, :cve_nist:`2024-26637`, :cve_nist:`2024-26638`, :cve_nist:`2024-26639`, :cve_nist:`2024-26640`, :cve_nist:`2024-26641`, :cve_nist:`2024-26644`, :cve_nist:`2024-26645`, :cve_nist:`2024-26646`, :cve_nist:`2024-26647`, :cve_nist:`2024-26648`, :cve_nist:`2024-26649`, :cve_nist:`2024-26650`, :cve_nist:`2024-26651`, :cve_nist:`2024-26652`, :cve_nist:`2024-26653`, :cve_nist:`2024-26657`, :cve_nist:`2024-26659`, :cve_nist:`2024-26660`, :cve_nist:`2024-26661`, :cve_nist:`2024-26662`, :cve_nist:`2024-26663`, :cve_nist:`2024-26664`, :cve_nist:`2024-26665`, :cve_nist:`2024-26666`, :cve_nist:`2024-26667`, :cve_nist:`2024-26668`, :cve_nist:`2024-26669`, :cve_nist:`2024-26670`, :cve_nist:`2024-26671`, :cve_nist:`2024-26673`, :cve_nist:`2024-26674`, :cve_nist:`2024-26675`, :cve_nist:`2024-26676`, :cve_nist:`2024-26677`, :cve_nist:`2024-26678`, :cve_nist:`2024-26679`, :cve_nist:`2024-26680`, :cve_nist:`2024-26681`, :cve_nist:`2024-26682`, :cve_nist:`2024-26683`, :cve_nist:`2024-26684`, :cve_nist:`2024-26685`, :cve_nist:`2024-26687`, :cve_nist:`2024-26688`, :cve_nist:`2024-26689`, :cve_nist:`2024-26690`, :cve_nist:`2024-26691`, :cve_nist:`2024-26692`, :cve_nist:`2024-26693`, :cve_nist:`2024-26694`, :cve_nist:`2024-26695`, :cve_nist:`2024-26696`, :cve_nist:`2024-26697`, :cve_nist:`2024-26698`, :cve_nist:`2024-26700`, :cve_nist:`2024-26702`, :cve_nist:`2024-26703`, :cve_nist:`2024-26704`, :cve_nist:`2024-26705`, :cve_nist:`2024-26706`, :cve_nist:`2024-26707`, :cve_nist:`2024-26708`, :cve_nist:`2024-26709`, :cve_nist:`2024-26710`, :cve_nist:`2024-26711`, :cve_nist:`2024-26712`, :cve_nist:`2024-26713`, :cve_nist:`2024-26714`, :cve_nist:`2024-26715`, :cve_nist:`2024-26716`, :cve_nist:`2024-26717`, :cve_nist:`2024-26718`, :cve_nist:`2024-26719`, :cve_nist:`2024-26720`, :cve_nist:`2024-26721`, :cve_nist:`2024-26722`, :cve_nist:`2024-26723`, :cve_nist:`2024-26724`, :cve_nist:`2024-26725`, :cve_nist:`2024-26726`, :cve_nist:`2024-26727`, :cve_nist:`2024-26728`, :cve_nist:`2024-26729`, :cve_nist:`2024-26730`, :cve_nist:`2024-26731`, :cve_nist:`2024-26732`, :cve_nist:`2024-26733`, :cve_nist:`2024-26734`, :cve_nist:`2024-26735`, :cve_nist:`2024-26736`, :cve_nist:`2024-26737`, :cve_nist:`2024-26738`, :cve_nist:`2024-26739`, :cve_nist:`2024-26740`, :cve_nist:`2024-26741`, :cve_nist:`2024-26742`, :cve_nist:`2024-26743`, :cve_nist:`2024-26744`, :cve_nist:`2024-26745`, :cve_nist:`2024-26746`, :cve_nist:`2024-26747`, :cve_nist:`2024-26748`, :cve_nist:`2024-26749`, :cve_nist:`2024-26750`, :cve_nist:`2024-26751`, :cve_nist:`2024-26752`, :cve_nist:`2024-26753`, :cve_nist:`2024-26754`, :cve_nist:`2024-26755`, :cve_nist:`2024-26759`, :cve_nist:`2024-26760`, :cve_nist:`2024-26761`, :cve_nist:`2024-26762`, :cve_nist:`2024-26763`, :cve_nist:`2024-26764`, :cve_nist:`2024-26765`, :cve_nist:`2024-26766`, :cve_nist:`2024-26767`, :cve_nist:`2024-26768`, :cve_nist:`2024-26769`, :cve_nist:`2024-26770`, :cve_nist:`2024-26771`, :cve_nist:`2024-26772`, :cve_nist:`2024-26773`, :cve_nist:`2024-26774`, :cve_nist:`2024-26775`, :cve_nist:`2024-26776`, :cve_nist:`2024-26777`, :cve_nist:`2024-26778`, :cve_nist:`2024-26779`, :cve_nist:`2024-26780`, :cve_nist:`2024-26781`, :cve_nist:`2024-26782`, :cve_nist:`2024-26783`, :cve_nist:`2024-26786`, :cve_nist:`2024-26787`, :cve_nist:`2024-26788`, :cve_nist:`2024-26789`, :cve_nist:`2024-26790`, :cve_nist:`2024-26791`, :cve_nist:`2024-26792`, :cve_nist:`2024-26793`, :cve_nist:`2024-26794`, :cve_nist:`2024-26795`, :cve_nist:`2024-26796`, :cve_nist:`2024-26798`, :cve_nist:`2024-26799`, :cve_nist:`2024-26800`, :cve_nist:`2024-26801`, :cve_nist:`2024-26802`, :cve_nist:`2024-26803`, :cve_nist:`2024-26804`, :cve_nist:`2024-26805`, :cve_nist:`2024-26807`, :cve_nist:`2024-26808` and :cve_nist:`2024-26809`
+-  llvm: Fix :cve_nist:`2024-0151`
+-  ofono: Fix :cve_nist:`2023-2794`
+-  openssh: Fix :cve_nist:`2024-6387` and :cve_nist:`2024-39894`
+-  openssl: Fix :cve_nist:`2024-5535`
+-  pam: Fix :cve_nist:`2024-22365`
+-  python3-idna: Fix :cve_nist:`2024-3651`
+-  qemu: Fix :cve_nist:`2023-6683`, :cve_nist:`2024-3446`, :cve_mitre:`2024-3447`, :cve_nist:`2024-3567`, :cve_nist:`2024-26327` and :cve_nist:`2024-26328`
+-  ruby: Fix :cve_nist:`2023-36617` and :cve_nist:`2024-27281`
+-  vte: Fix :cve_nist:`2024-37535`
+-  wget: Fix for :cve_nist:`2024-38428`
 
 
 Fixes in Yocto-5.0.3
diff --git a/documentation/migration-guides/release-notes-5.0.4.rst b/documentation/migration-guides/release-notes-5.0.4.rst
new file mode 100644
index 0000000000..14fbe3f6f8
--- /dev/null
+++ b/documentation/migration-guides/release-notes-5.0.4.rst
@@ -0,0 +1,212 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-5.0.4 (Scarthgap)
+-----------------------------------------
+
+Security Fixes in Yocto-5.0.4
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  apr: Fix :cve_nist:`2023-49582`
+-  curl: Ignore :cve_nist:`2024-32928`
+-  curl: Fix :cve_nist:`2024-7264`
+-  expat: Fix :cve_nist:`2024-45490`, :cve_nist:`2024-45491` and :cve_nist:`2024-45492`
+-  ffmpeg: Fix :cve_nist:`2023-50008` and :cve_nist:`2024-32230`
+-  libpcap: Fix :cve_nist:`2023-7256` and :cve_nist:`2024-8006`
+-  libyaml: Ignore :cve_nist:`2024-35325` and :cve_nist:`2024-35326`
+-  openssl: Fix :cve_nist:`2024-5535` and :cve_nist:`2024-6119`
+-  python3-certifi: Fix :cve_nist:`2024-39689`
+-  python3-setuptools: Fix :cve_nist:`2024-6345`
+-  python3: Fix :cve_nist:`2024-6232`, :cve_nist:`2024-7592`, :cve_nist:`2024-8088` and :cve_nist:`2024-27034`
+-  qemu: Fix :cve_nist:`2024-4467` and :cve_nist:`2024-7409`
+-  ruby: Fix :cve_nist:`2024-27282`
+-  tiff: Fix :cve_nist:`2024-7006`
+-  vim: Fix :cve_nist:`2024-41957`, :cve_nist:`2024-41965`, :cve_nist:`2024-43374`, :cve_nist:`2024-43790` and :cve_nist:`2024-43802`
+
+
+Fixes in Yocto-5.0.4
+~~~~~~~~~~~~~~~~~~~~
+
+-  apr: drop 0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch
+-  apr: upgrade to 1.7.5
+-  bind: Fix build with the `httpstats` package config enabled
+-  bitbake: data_smart: Improve performance for VariableHistory
+-  bluez5: remove redundant patch for MAX_INPUT
+-  build-appliance-image: Update to scarthgap head revision
+-  buildhistory: Fix intermittent package file list creation
+-  buildhistory: Restoring files from preserve list
+-  buildhistory: Simplify intercept call sites and drop SSTATEPOSTINSTFUNC usage
+-  busybox: Fix cut with "-s" flag
+-  create-sdpx-2.2.bbclass: Switch from exists to isfile checking debugsrc
+-  cups: upgrade to 2.4.10
+-  dejagnu: Fix :term:`LICENSE` (change to GPL-3.0-only)
+-  doc: features: describe distribution feature pni-name
+-  doc: features: remove duplicate word in distribution feature ext2
+-  expat: upgrade to 2.6.3
+-  expect-native: fix do_compile failure with gcc-14
+-  gcc: Fix spurious '/' in GLIBC_DYNAMIC_LINKER on microblaze
+-  gcr: Fix :term:`LICENSE` (change to LGPL-2.0-only)
+-  glibc: fix fortran header file conflict for arm
+-  go: upgrade to 1.22.6
+-  gstreamer1.0: disable flaky baseparser tests
+-  image_types.bbclass: Use --force also with lz4,lzop
+-  initramfs-framework: fix typos
+-  iw: Fix :term:`LICENSE` (change to ISC)
+-  libadwaita: upgrade to 1.5.2
+-  libcap-ng: update :term:`SRC_URI`
+-  libdnf: upgrade to 0.73.2
+-  libedit: Make docs generation deterministic
+-  libgfortran.inc: fix nativesdk-libgfortran dependencies
+-  librsvg: don't try to run target code at build time
+-  linux-firmware: add a package for ath12k firmware
+-  llvm: Enable libllvm for native build
+-  maintainers.inc: add maintainer for python(-setuptools, -smmap, -subunit, -testtools)
+-  mc: fix source URL
+-  migration-guide: add release notes for 4.0.20 and 5.0.3
+-  oeqa/postactions: fix exception handling
+-  oeqa/runtime/ssh: In case of failure, show exit code and handle -15 (SIGTERM)
+-  oeqa/runtime/ssh: add retry logic and sleeps to allow for slower systems
+-  oeqa/runtime/ssh: check for all errors at the end
+-  oeqa/runtime/ssh: increase the number of attempts
+-  oeqa/selftest/reproducibile: Explicitly list virtual targets
+-  oeqa/utils/postactions: transfer whole archive over ssh instead of doing individual copies
+-  openssh: add backported header file include
+-  openssl: upgrade to 3.2.3
+-  os-release: Fix VERSION_CODENAME in case it is empty
+-  poky.conf: bump version for 5.0.4
+-  populate_sdk_ext.bclass: make sure OECORE_NATIVE_SYSROOT is exported.
+-  python3-maturin: Fix cross compilation issue for armv7l, mips64, ppc
+-  python3-pycryptodome(x): use python_setuptools_build_meta build class
+-  python3: upgrade to 3.12.6
+-  python3: skip readline limited history tests
+-  qemu: backport patches to fix riscv64 build failure
+-  qemuboot: Trigger write_qemuboot_conf task on changes of kernel image realpath
+-  ref-manual: fix typo and move :term:`SYSROOT_DIRS` example
+-  ruby: Make docs generation deterministic
+-  systemd: Mitigate /var/log type mismatch issue
+-  systemd: Mitigate /var/tmp type mismatch issue
+-  tiff: Fix :term:`LICENSE` (change to libtiff)
+-  u-boot.inc: Refactor do_* steps into functions that can be overridden
+-  udev-extraconf: Add collect flag to mount
+-  unzip: Fix :term:`LICENSE` (change to Info-ZIP)
+-  util-linux: Add :term:`PACKAGECONFIG` option (libmount-mountfd-support) to mitigate rootfs remount error
+-  vim: upgrade to 9.1.0698
+-  weston-init: fix weston not starting when xwayland is enabled
+-  wireless-regdb: upgrade to 2024.07.04
+-  wpa-supplicant: upgrade to 2.11
+-  xserver-xorg: mark :cve_nist:`2023-5574` as unpatched when xvfb enabled
+-  yocto-uninative: Update to 4.6 for glibc 2.40
+-  zip: Fix :term:`LICENSE` (change to Info-ZIP)
+
+
+Known Issues in Yocto-5.0.4
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-5.0.4
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Alban Bedel
+-  Alexander Kanavin
+-  Alexis Lothoré
+-  Archana Polampalli
+-  Ashish Sharma
+-  Bartosz Golaszewski
+-  Benjamin Szőke
+-  Changqing Li
+-  Chen Qi
+-  Colin McAllister
+-  Daniel Semkowicz
+-  Dmitry Baryshkov
+-  Gauthier HADERER
+-  Guðni Már Gilbert
+-  Jon Mason
+-  Jose Quaresma
+-  Jörg Sommer
+-  Kai Kang
+-  Khem Raj
+-  Lee Chee Yang
+-  Mark Hatle
+-  Martin Jansa
+-  Matthias Pritschet
+-  Michael Halstead
+-  Mingli Yu
+-  Niko Mauno
+-  Pedro Ferreira
+-  Peter Marko
+-  Quentin Schulz
+-  Richard Purdie
+-  Robert Yang
+-  Ross Burton
+-  Ryan Eatmon
+-  Siddharth Doshi
+-  Simone Weiß
+-  Soumya Sambu
+-  Steve Sakoman
+-  Trevor Gamblin
+-  Ulrich Ölmann
+-  Vijay Anusuri
+-  Wang Mingyu
+-  Weisser, Pascal.ext
+-  Yogita Urade
+
+
+Repositories / Downloads for Yocto-5.0.4
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.4 </poky/log/?h=yocto-5.0.4>`
+-  Git Revision: :yocto_git:`2034fc38eb4e63984d9bd6b260aa1bf95ce562e4 </poky/commit/?id=2034fc38eb4e63984d9bd6b260aa1bf95ce562e4>`
+-  Release Artefact: poky-2034fc38eb4e63984d9bd6b260aa1bf95ce562e4
+-  sha: 697ed099793d6c86d5ffe590e96f99689bd28dcb2d4451dc4585496fa4a20400
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-5.0.4/poky-2034fc38eb4e63984d9bd6b260aa1bf95ce562e4.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-5.0.4/poky-2034fc38eb4e63984d9bd6b260aa1bf95ce562e4.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.4 </openembedded-core/log/?h=yocto-5.0.4>`
+-  Git Revision: :oe_git:`f888dd911529a828820799a7a1b75dfd3a44847c </openembedded-core/commit/?id=f888dd911529a828820799a7a1b75dfd3a44847c>`
+-  Release Artefact: oecore-f888dd911529a828820799a7a1b75dfd3a44847c
+-  sha: 93cb4c3c8e0f77edab20814d155847dc3452c6b083e3dd9c7a801e80a7e4d228
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-5.0.4/oecore-f888dd911529a828820799a7a1b75dfd3a44847c.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-5.0.4/oecore-f888dd911529a828820799a7a1b75dfd3a44847c.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.4 </meta-mingw/log/?h=yocto-5.0.4>`
+-  Git Revision: :yocto_git:`acbba477893ef87388effc4679b7f40ee49fc852 </meta-mingw/commit/?id=acbba477893ef87388effc4679b7f40ee49fc852>`
+-  Release Artefact: meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852
+-  sha: 3b7c2f475dad5130bace652b150367f587d44b391218b1364a8bbc430b48c54c
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-5.0.4/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-5.0.4/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.4 </bitbake/log/?h=yocto-5.0.4>`
+-  Git Revision: :oe_git:`d251668d9a7a8dd25bd8767efb30d6d9ff8b1ad3 </bitbake/commit/?id=d251668d9a7a8dd25bd8767efb30d6d9ff8b1ad3>`
+-  Release Artefact: bitbake-d251668d9a7a8dd25bd8767efb30d6d9ff8b1ad3
+-  sha: d873f4d3a471d26680dc39200d8f3851a6863f15daa9bed978ba31b930f9a1c1
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-5.0.4/bitbake-d251668d9a7a8dd25bd8767efb30d6d9ff8b1ad3.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-5.0.4/bitbake-d251668d9a7a8dd25bd8767efb30d6d9ff8b1ad3.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag: :yocto_git:`yocto-5.0.4 </yocto-docs/log/?h=yocto-5.0.4>`
+-  Git Revision: :yocto_git:`d71081dd14a9d75ace4d1c62472374f37b4a888d </yocto-docs/commit/?id=d71081dd14a9d75ace4d1c62472374f37b4a888d>`
+
diff --git a/documentation/migration-guides/release-notes-5.0.5.rst b/documentation/migration-guides/release-notes-5.0.5.rst
new file mode 100644
index 0000000000..c8cf9a85d1
--- /dev/null
+++ b/documentation/migration-guides/release-notes-5.0.5.rst
@@ -0,0 +1,227 @@
+Release notes for Yocto-5.0.5 (Scarthgap)
+-----------------------------------------
+
+Security Fixes in Yocto-5.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  ``cups``: Fix :cve_nist:`2024-47175`
+-  ``curl``: Fix :cve_nist:`2024-8096`
+-  ``gnupg``: Ignore :cve_nist:`2022-3219` (wont-fix)
+-  ``libarchive``: Fix :cve_nist:`2024-48957` and :cve_nist:`2024-48958`
+-  ``openssh``: Ignore :cve_nist:`2023-51767` (wont-fix)
+-  ``openssl``: Fix :cve_nist:`2024-9143`
+-  ``ruby``: Fix :cve_nist:`2024-41123` and :cve_mitre:`2024-41496`
+-  ``rust-llvm``: Fix :cve_nist:`2024-0151`
+-  ``rust``, ``libstd-rs``: Ignore :cve_nist:`2024-43402`
+-  ``wpa-supplicant``: Patch SAE H2E and incomplete downgrade protection for group negotiation
+-  ``wpa-supplicant``: Fix :cve_nist:`2024-3596`
+-  ``wpa-supplicant``: Ignore :cve_nist:`2024-5290`
+
+
+Fixes in Yocto-5.0.5
+~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: stable 2.42 branch updates
+-  bitbake.conf: Add truncate to :term:`HOSTTOOLS`
+-  bitbake: asyncrpc: Use client timeout for websocket open timeout
+-  bitbake: bitbake: doc/user-manual: Update the :term:`BB_HASHSERVE_UPSTREAM`
+-  bitbake: gitsm: Add call_process_submodules() to remove duplicated code
+-  bitbake: gitsm: Remove downloads/tmpdir when failed
+-  bitbake: tests/fetch: Use our own mirror of mobile-broadband-provider to decouple from gnome gitlab
+-  bitbake: tests/fetch: Use our own mirror of sysprof to decouple from gnome gitlab
+-  build-appliance-image: Update to scarthgap head revision
+-  cryptodev: upgrade to 1.14
+-  cve-check: add support for cvss v4.0
+-  cve_check: Use a local copy of the database during builds
+-  dev-manual: add bblock documentation
+-  documentation: conf.py: rename :cve: role to :cve_nist:
+-  documentation: README: add instruction to run Vale on a subset
+-  documentation: Makefile: add SPHINXLINTDOCS to specify subset to sphinx-lint
+-  e2fsprogs: removed 'sed -u' option
+-  ffmpeg: Add "libswresample libavcodec" to :term:`CVE_PRODUCT`
+-  glibc: stable 2.39 branch updates.
+-  go: upgrade to 1.22.8
+-  icu: update patch Upstream-Status
+-  image.bbclass: Drop support for ImageQAFailed exceptions in image_qa
+-  image_qa: fix error handling
+-  install-buildtools: fix "test installation" step
+-  install-buildtools: remove md5 checksum validation
+-  install-buildtools: update base-url, release and installer version
+-  kernel-devsrc: remove 64 bit vdso cmd files
+-  kernel-fitimage: fix external dtb check
+-  kernel-fitimage: fix intentation
+-  lib/oe/package-manager: skip processing installed-pkgs with empty globs
+-  liba52: fix do_fetch error
+-  libpcre2: Update base uri PhilipHazel -> PCRE2Project
+-  libsdl2: Fix non-deterministic configure option for libsamplerate
+-  license: Fix directory layout issues
+-  linux-firmware: upgrade to 20240909
+-  linux-yocto/6.6: fix genericarm64 config warning
+-  linux-yocto/6.6: upgrade to v6.6.54
+-  lsb-release: fix Distro Codename shell escaping
+-  makedevs: Fix issue when rootdir of / is given
+-  makedevs: Fix matching uid/gid
+-  meta-ide-support: Mark recipe as MACHINE-specific
+-  meta-world-pkgdata: Inherit nopackages
+-  migration-guide: add release notes for 4.0.21, 4.0.22 and 5.0.4
+-  migration-guide: release-notes-4.0: update :term:`BB_HASHSERVE_UPSTREAM` for new infrastructure
+-  migration-guide: release-notes-5.0.rst: update NO_OUTPUT -> NO_COLOR
+-  orc: upgrade to 0.4.40
+-  overview-manual: concepts: add details on package splitting
+-  poky.conf: bump version for 5.0.5
+-  populate_sdk_base: inherit nopackages
+-  ptest-runner: upgrade to 2.4.5
+-  pulseaudio: correct freedesktop.org -> www.freedesktop.org :term:`SRC_URI`
+-  desktop-file-utils: correct freedesktop.org -> www.freedesktop.org :term:`SRC_URI`
+-  python3-lxml: upgrade to v5.0.2
+-  python3-setuptools: Add "python:setuptools" to :term:`CVE_PRODUCT`
+-  recipes-bsp: usbutils: Fix usb-devices command using busybox
+-  ref-manual: add missing CVE_CHECK manifest variables
+-  ref-manual: add missing :term:`EXTERNAL_KERNEL_DEVICETREE` variable
+-  ref-manual: add missing :term:`OPKGBUILDCMD` variable
+-  ref-manual: add missing :term:`TESTIMAGE_FAILED_QA_ARTIFACTS`
+-  ref-manual: devtool-reference: document missing commands
+-  ref-manual: devtool-reference: refresh example outputs
+-  ref-manual: faq: add q&a on class appends
+-  ref-manual: introduce :term:`CVE_CHECK_REPORT_PATCHED` variable
+-  ref-manual: merge patch-status-* to patch-status
+-  ref-manual: release-process: add a reference to the doc's release
+-  ref-manual: release-process: refresh the current LTS releases
+-  ref-manual: release-process: update releases.svg
+-  ref-manual: release-process: update releases.svg with month after "Current"
+-  ref-manual: structure.rst: document missing tmp/ dirs
+-  ref-manual: variables: add SIGGEN_LOCKEDSIGS* variables
+-  rootfs-postcommands.bbclass: make opkg status reproducible
+-  rpm: fix expansion of %_libdir in macros
+-  ruby: upgrade to 3.3.5
+-  runqemu: Fix detection of -serial parameter
+-  runqemu: keep generating tap devices
+-  scripts/install-buildtools: Update to 5.0.3
+-  sqlite3: upgrade to 3.45.3
+-  styles: vocabularies: Yocto: add sstate
+-  systemtap: fix systemtap-native build error on Fedora 40
+-  sysvinit: take release tarballs from github
+-  testexport: fallback for empty :term:`IMAGE_LINK_NAME`
+-  testimage: fallback for empty :term:`IMAGE_LINK_NAME`
+-  uboot-sign: fix counters in do_uboot_assemble_fitimage
+-  vim: upgrade to 9.1.0764
+-  virglrenderer: Add patch to fix -int-conversion build issue
+-  webkitgtk: upgrade to 2.44.3
+-  weston: backport patch to allow neatvnc < v0.9.0
+-  wpa-supplicant: Patch security advisory 2024-2
+-  xserver-xorg: upgrade to 21.1.14
+
+
+Known Issues in Yocto-5.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  ``oeqa/runtime``: the ``beaglebone-yocto`` target fails the parselogs runtime test due to unexpected kernel error messages in the log (see :yocto_bugs:`bug 15624 </show_bug.cgi?id=15624>` on Bugzilla).
+
+
+Contributors to Yocto-5.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Aditya Tayade
+-  Adrian Freihofer
+-  Aleksandar Nikolic
+-  Alexander Kanavin
+-  Antonin Godard
+-  Anuj Mittal
+-  Bruce Ashfield
+-  Claus Stovgaard
+-  Deepesh Varatharajan
+-  Deepthi Hemraj
+-  Hiago De Franco
+-  Hitendra Prajapati
+-  Jaeyoon Jung
+-  Jiaying Song
+-  Jonas Gorski
+-  Jose Quaresma
+-  Joshua Watt
+-  Julien Stephan
+-  Jörg Sommer
+-  Khem Raj
+-  Konrad Weihmann
+-  Lee Chee Yang
+-  Louis Rannou
+-  Macpaul Lin
+-  Martin Jansa
+-  Paul Barker
+-  Paul Gerber
+-  Peter Kjellerstedt
+-  Peter Marko
+-  Purushottam Choudhary
+-  Richard Purdie
+-  Robert Yang
+-  Rohini Sangam
+-  Ross Burton
+-  Sergei Zhmylev
+-  Shunsuke Tokumoto
+-  Steve Sakoman
+-  Teresa Remmet
+-  Victor Kamensky
+-  Vijay Anusuri
+-  Wang Mingyu
+-  Yi Zhao
+-  Yogita Urade
+-  Zahir Hussain
+
+
+Repositories / Downloads for Yocto-5.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.5 </poky/log/?h=yocto-5.0.5>`
+-  Git Revision: :yocto_git:`dce4163d42f7036ea216b52b9135968d51bec4c1 </poky/commit/?id=dce4163d42f7036ea216b52b9135968d51bec4c1>`
+-  Release Artefact: poky-dce4163d42f7036ea216b52b9135968d51bec4c1
+-  sha: ad35a965a284490a962f6854ace536b8795f96514e14bf5c79f91f6d76ac25d3
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.5/poky-dce4163d42f7036ea216b52b9135968d51bec4c1.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.5/poky-dce4163d42f7036ea216b52b9135968d51bec4c1.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.5 </openembedded-core/log/?h=yocto-5.0.5>`
+-  Git Revision: :oe_git:`a051a066da2874b95680d0353dfa18c1d56b2670 </openembedded-core/commit/?id=a051a066da2874b95680d0353dfa18c1d56b2670>`
+-  Release Artefact: oecore-a051a066da2874b95680d0353dfa18c1d56b2670
+-  sha: 16d252aade00161ade2692f41b2da3effeb1f41816a66db843bb1c5495125e93
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.5/oecore-a051a066da2874b95680d0353dfa18c1d56b2670.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.5/oecore-a051a066da2874b95680d0353dfa18c1d56b2670.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.5 </meta-mingw/log/?h=yocto-5.0.5>`
+-  Git Revision: :yocto_git:`acbba477893ef87388effc4679b7f40ee49fc852 </meta-mingw/commit/?id=acbba477893ef87388effc4679b7f40ee49fc852>`
+-  Release Artefact: meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852
+-  sha: 3b7c2f475dad5130bace652b150367f587d44b391218b1364a8bbc430b48c54c
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.5/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.5/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
+
+bitbake
+
+-  Repository Location: :bitbake_git:`/`
+-  Branch: :bitbake_git:`2.8 </log/?h=2.8>`
+-  Tag:  :bitbake_git:`yocto-5.0.5 </log/?h=yocto-5.0.5>`
+-  Git Revision: :bitbake_git:`377eba2361850adfb8ce7e761ef9c76be287f88c </commit/?id=377eba2361850adfb8ce7e761ef9c76be287f88c>`
+-  Release Artefact: bitbake-377eba2361850adfb8ce7e761ef9c76be287f88c
+-  sha: 4a5a35098eec719bbb879706d50e552a2b709295db4055c8050ae7dda1eb2994
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.5/bitbake-377eba2361850adfb8ce7e761ef9c76be287f88c.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.5/bitbake-377eba2361850adfb8ce7e761ef9c76be287f88c.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag: :yocto_git:`yocto-5.0.5 </yocto-docs/log/?h=yocto-5.0.5>`
+-  Git Revision: :yocto_git:`e882cb3e5816d081eb05cb83488f286cca70e0c6 </yocto-docs/commit/?id=e882cb3e5816d081eb05cb83488f286cca70e0c6>`
+
diff --git a/documentation/migration-guides/release-notes-5.0.6.rst b/documentation/migration-guides/release-notes-5.0.6.rst
new file mode 100644
index 0000000000..b6f42198a1
--- /dev/null
+++ b/documentation/migration-guides/release-notes-5.0.6.rst
@@ -0,0 +1,223 @@
+Release notes for Yocto-5.0.6 (Scarthgap)
+-----------------------------------------
+
+Security Fixes in Yocto-5.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  acpica: Fix :cve_nist:`2024-24856`
+-  curl: Fix :cve_nist:`2024-9681`
+-  dropbear: Fix :cve_nist:`2023-48795`
+-  expat: Fix :cve_nist:`2024-50602`
+-  ffmpeg: Fix :cve_nist:`2023-49501`, :cve_nist:`2023-49528`, :cve_nist:`2023-50007`,
+   :cve_nist:`2024-7055` and :cve_mitre:`2024-28661`
+-  glib-2.0: Fix :cve_nist:`2024-52533`
+-  ghostscript: Fix :cve_nist:`2024-46951`, :cve_nist:`2024-46952`, :cve_nist:`2024-46953`,
+   :cve_nist:`2024-46954`, :cve_nist:`2024-46955` and :cve_nist:`2024-46956`
+-  gstreamer1.0: Ignore :cve_nist:`2024-0444`
+-  libpam: Fix :cve_nist:`2024-10041`
+-  libsndfile: Fix :cve_nist:`2024-50612`
+-  libsoup: Fix :cve_nist:`2024-52530`, :cve_nist:`2024-52531` and :cve_nist:`2024-52532`
+-  ovmf: Fix :cve_nist:`2024-1298` and :cve_nist:`2024-38796`
+-  python3-zipp: Fix :cve_nist:`2024-5569`
+-  qemu: Fix :cve_nist:`2024-4693`, :cve_nist:`2024-6505` and :cve_nist:`2024-7730`
+-  qemu: Ignore :cve_nist:`2024-6505`
+
+
+Fixes in Yocto-5.0.6
+~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: Add missing perl modules to :term:`RDEPENDS` for nativesdk variant
+-  binutils: stable 2.42 branch update
+-  bitbake: Remove custom exception backtrace formatting
+-  bitbake: fetch2/git: Use quote from shlex, not pipes
+-  bitbake: fetch2: use persist_data context managers
+-  bitbake: fetch/wget: Increase timeout to 100s from 30s
+-  bitbake: persist_data: close connection in SQLTable __exit__
+-  bitbake: runqueue: Fix performance of multiconfigs with large overlap
+-  bitbake: runqueue: Fix scenetask processing performance issue
+-  bitbake: runqueue: Optimise setscene loop processing
+-  build-appliance-image: Update to scarthgap head revision
+-  builder: set :term:`CVE_PRODUCT`
+-  cmake: Fix sporadic issues when determining compiler internals
+-  cml1: do_diffconfig: Don't override .config with .config.orig
+-  contributor-guide: Remove duplicated words
+-  dev-manual: bblock: use warning block instead of attention
+-  dev-manual: document how to provide confs from layer.conf
+-  dnf: drop python3-iniparse from :term:`DEPENDS` and :term:`RDEPENDS`
+-  do_package/sstate/sstatesig: Change timestamp clamping to hash output only
+-  doc: Makefile: add support for xelatex
+-  doc: Makefile: publish pdf and epub versions too
+-  doc: Makefile: remove inkscape, replace by rsvg-convert
+-  doc: add a download page for epub and pdf
+-  doc: conf.py: add a bitbake_git extlink
+-  doc: standards.md: add a section on admonitions
+-  doc: sphinx-static: switchers.js.in: do not refer to URL_ROOT anymore
+-  dropbear: backport fix for concurrent channel open/close
+-  enchant2: fix do_fetch error
+-  expat: upgrade to 2.6.4
+-  gcc: backport patch to fix an issue with tzdata 2024b
+-  ghostscript: upgrade to 10.04.0
+-  glibc: stable 2.39 branch updates
+-  groff: fix rare build race in hdtbl
+-  libgcrypt: Fix building error with '-O2' in sysroot path
+-  libpam: drop cracklib from :term:`DEPENDS`
+-  libxml-parser-perl: fix do_fetch error
+-  llvm: reduce size of -dbg package
+-  lttng-ust: backport patch to fix cmake-multiple-shared-libraries build error
+-  migration-guides: add release notes for 4.0.23 and 5.0.5
+-  ninja: fix build with python 3.13
+-  oeqa/runtime/ssh: Fix incorrect timeout fix
+-  oeqa/runtime/ssh: Rework ssh timeout
+-  oeqa/utils/gitarchive: Return tag name and improve exclude handling
+-  package_rpm: Check if file exists before open()
+-  package_rpm: restrict rpm to 4 threads
+-  package_rpm: use zstd's default compression level
+-  poky.conf: bump version for 5.0.6
+-  pseudo: Fix envp bug and add posix_spawn wrapper
+-  python3-poetry-core: drop python3-six from :term:`RDEPENDS`
+-  python3-requests: upgrade to 2.32.2
+-  python3-urllib3: upgrade to 2.2.2
+-  qemu: upgrade to 8.2.7
+-  qemurunner: Clean up serial_lock handling
+-  ref-manual: classes: fix bin_package description
+-  resulttool: Add --logfile-archive option to store mode
+-  resulttool: Allow store to filter to specific revisions
+-  resulttool: Clean up repoducible build logs
+-  resulttool: Fix passthrough of --all files in store mode
+-  resulttool: Handle ltp rawlogs as well as ptest
+-  resulttool: Improve repo layout for oeselftest results
+-  resulttool: Trim the precision of duration information
+-  resulttool: Use single space indentation in json output
+-  rootfs: Ensure run-postinsts is not uninstalled for read-only-rootfs-delayed-postinsts
+-  rxvt-unicode.inc: disable the terminfo installation by setting TIC to :
+-  sanity: check for working user namespaces
+-  scripts/install-buildtools: Update to 5.0.5
+-  selftest/reproducible: Clean up pathnames
+-  selftest/reproducible: Drop rawlogs
+-  shared-mime-info: drop itstool-native from :term:`DEPENDS`
+-  strace: download release tarballs from GitHub
+-  systemd-boot: drop intltool-native from :term:`DEPENDS`
+-  systemd: drop intltool-native from :term:`DEPENDS`
+-  systemd: upgrade to 255.13
+-  sysvinit: backport patch for fixing one issue of pidof
+-  tcl: skip io-13.6 test case
+-  toolchain-shar-extract.sh: exit when post-relocate-setup.sh fails
+-  tune-cortexa32: set tune feature as armv8a
+-  tzcode-native: upgrade to 2024b
+-  tzdata: upgrade to 2024b
+-  uboot-sign: fix concat_dtb arguments
+-  udev-extraconf: fix network.sh script did not configure hotplugged interfaces
+-  webkitgtk: fix erroneous use of unsuported DEBUG_LEVELFLAG variable
+-  wireless-regdb: upgrade to 2024.10.07
+
+
+Known Issues in Yocto-5.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-5.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Aleksandar Nikolic
+-  Alexander Kanavin
+-  Antonin Godard
+-  Archana Polampalli
+-  Bin Lan
+-  Changqing Li
+-  Chen Qi
+-  Chris Laplante
+-  Clayton Casciato
+-  Deepthi Hemraj
+-  Divya Chellam
+-  Florian Kreutzer
+-  Gassner, Tobias.ext
+-  Guðni Már Gilbert
+-  Harish Sadineni
+-  Hitendra Prajapati
+-  Hongxu Jia
+-  Jagadeesh Krishnanjanappa
+-  Jiaying Song
+-  Jinfeng Wang
+-  Joshua Watt
+-  Lee Chee Yang
+-  Markus Volk
+-  Michael Opdenacker
+-  Pavel Zhukov
+-  Peter Marko
+-  Philip Lorenz
+-  Randy MacLeod
+-  Regis Dargent
+-  Richard Purdie
+-  Robert Yang
+-  Ross Burton
+-  Soumya Sambu
+-  Steve Sakoman
+-  Talel BELHAJSALEM
+-  Trevor Gamblin
+-  Vijay Anusuri
+-  Wang Mingyu
+-  Yogita Urade
+
+
+Repositories / Downloads for Yocto-5.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.6 </poky/log/?h=yocto-5.0.6>`
+-  Git Revision: :yocto_git:`2541a8171f91812a4b16e7dc4da0d77d2318a256 </poky/commit/?id=2541a8171f91812a4b16e7dc4da0d77d2318a256>`
+-  Release Artefact: poky-2541a8171f91812a4b16e7dc4da0d77d2318a256
+-  sha: b77157596ae75d163387a08a317397a57ab8fa6cf4725f28e344fae3f69cca4d
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.6/poky-2541a8171f91812a4b16e7dc4da0d77d2318a256.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.6/poky-2541a8171f91812a4b16e7dc4da0d77d2318a256.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.6 </openembedded-core/log/?h=yocto-5.0.6>`
+-  Git Revision: :oe_git:`336eec6808710f260a5336ca8ca98139a80ccb14 </openembedded-core/commit/?id=336eec6808710f260a5336ca8ca98139a80ccb14>`
+-  Release Artefact: oecore-336eec6808710f260a5336ca8ca98139a80ccb14
+-  sha: 38c4fa7e7e88c28361c012dd5baabe373e2ec3c8aba6194146768b146192cceb
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.6/oecore-336eec6808710f260a5336ca8ca98139a80ccb14.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.6/oecore-336eec6808710f260a5336ca8ca98139a80ccb14.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.6 </meta-mingw/log/?h=yocto-5.0.6>`
+-  Git Revision: :yocto_git:`acbba477893ef87388effc4679b7f40ee49fc852 </meta-mingw/commit/?id=acbba477893ef87388effc4679b7f40ee49fc852>`
+-  Release Artefact: meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852
+-  sha: 3b7c2f475dad5130bace652b150367f587d44b391218b1364a8bbc430b48c54c
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.6/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.6/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.6 </bitbake/log/?h=yocto-5.0.6>`
+-  Git Revision: :oe_git:`f40a3a477d5241b697bf2fb030dd804c1ff5839f </bitbake/commit/?id=f40a3a477d5241b697bf2fb030dd804c1ff5839f>`
+-  Release Artefact: bitbake-f40a3a477d5241b697bf2fb030dd804c1ff5839f
+-  sha: dbfc056c7408a5547f624799621ab1261a05685112e0922a88007723b1edbc87
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.6/bitbake-f40a3a477d5241b697bf2fb030dd804c1ff5839f.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.6/bitbake-f40a3a477d5241b697bf2fb030dd804c1ff5839f.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag: :yocto_git:`yocto-5.0.6 </yocto-docs/log/?h=yocto-5.0.6>`
+-  Git Revision: :yocto_git:`TBD </yocto-docs/commit/?id=TBD>`
+
diff --git a/documentation/migration-guides/release-notes-5.0.7.rst b/documentation/migration-guides/release-notes-5.0.7.rst
new file mode 100644
index 0000000000..1c8a4809a9
--- /dev/null
+++ b/documentation/migration-guides/release-notes-5.0.7.rst
@@ -0,0 +1,331 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-5.0.7 (Scarthgap)
+-----------------------------------------
+
+Security Fixes in Yocto-5.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  avahi: Fix :cve_nist:`2024-52616`
+-  binutils: Fix :cve_nist:`2024-53589`
+-  ffmpeg: Fix :cve_nist:`2024-35366`, :cve_nist:`2024-35367` and :cve_nist:`2024-35368`
+-  gstreamer1.0-plugins-base: Fix :cve_nist:`2024-47538`, :cve_nist:`2024-47541`,
+   :cve_nist:`2024-47542`, :cve_nist:`2024-47600`, :cve_nist:`2024-47607`, :cve_nist:`2024-47615`
+   and :cve_nist:`2024-47835`
+-  gstreamer1.0-plugins-good: Fix :cve_nist:`2024-47537`, :cve_nist:`2024-47539`,
+   :cve_nist:`2024-47540`, :cve_nist:`2024-47543`, :cve_nist:`2024-47544`, :cve_nist:`2024-47545`,
+   :cve_nist:`2024-47546`, :cve_nist:`2024-47596`, :cve_nist:`2024-47597`, :cve_nist:`2024-47598`,
+   :cve_nist:`2024-47599`, :cve_nist:`2024-47601`, :cve_nist:`2024-47602`, :cve_nist:`2024-47603`,
+   :cve_nist:`2024-47606`, :cve_nist:`2024-47613`, :cve_nist:`2024-47774`, :cve_nist:`2024-47775`,
+   :cve_nist:`2024-47776`, :cve_nist:`2024-47777`, :cve_nist:`2024-47778` and :cve_nist:`2024-47834`
+-  gstreamer1.0: Ignore :cve_nist:`2024-47537`, :cve_nist:`2024-47539`, :cve_nist:`2024-47540`,
+   :cve_nist:`2024-47543`, :cve_nist:`2024-47544`, :cve_nist:`2024-47545`, :cve_nist:`2024-47538`,
+   :cve_nist:`2024-47541`, :cve_nist:`2024-47542`, :cve_nist:`2024-47600`, :cve_nist:`2024-47607`,
+   :cve_nist:`2024-47615`, :cve_nist:`2024-47835`, :cve_nist:`2024-47546`, :cve_nist:`2024-47596`,
+   :cve_nist:`2024-47597`, :cve_nist:`2024-47598`, :cve_nist:`2024-47599`, :cve_nist:`2024-47601`,
+   :cve_nist:`2024-47602`, :cve_nist:`2024-47603`, :cve_nist:`2024-47613`, :cve_nist:`2024-47774`,
+   :cve_nist:`2024-47775`, :cve_nist:`2024-47776`, :cve_nist:`2024-47777`, :cve_nist:`2024-47778`
+   and :cve_nist:`2024-47834`
+-  libarchive: Fix :cve_nist:`2024-20696`
+-  libxml2: Fix :cve_nist:`2024-40896`
+-  linux-yocto/6.6: Fix :cve_nist:`2024-27059`, :cve_nist:`2024-43098`, :cve_nist:`2024-45828`,
+   :cve_nist:`2024-47141`, :cve_nist:`2024-47143`, :cve_nist:`2024-47704`, :cve_nist:`2024-47809`,
+   :cve_nist:`2024-48873`, :cve_nist:`2024-48875`, :cve_nist:`2024-48881`, :cve_nist:`2024-49863`,
+   :cve_nist:`2024-49864`, :cve_nist:`2024-49866`, :cve_nist:`2024-49867`, :cve_nist:`2024-49868`,
+   :cve_nist:`2024-49870`, :cve_nist:`2024-49871`, :cve_nist:`2024-49874`, :cve_nist:`2024-49875`,
+   :cve_nist:`2024-49877`, :cve_nist:`2024-49878`, :cve_nist:`2024-49879`, :cve_nist:`2024-49881`,
+   :cve_nist:`2024-49882`, :cve_nist:`2024-49883`, :cve_nist:`2024-49884`, :cve_nist:`2024-49886`,
+   :cve_nist:`2024-49889`, :cve_nist:`2024-49890`, :cve_nist:`2024-49892`, :cve_nist:`2024-49894`,
+   :cve_nist:`2024-49895`, :cve_nist:`2024-49896`, :cve_nist:`2024-49900`, :cve_nist:`2024-49901`,
+   :cve_nist:`2024-49902`, :cve_nist:`2024-49903`, :cve_nist:`2024-49905`, :cve_nist:`2024-49907`,
+   :cve_nist:`2024-49912`, :cve_nist:`2024-49913`, :cve_nist:`2024-49924`, :cve_nist:`2024-49925`,
+   :cve_nist:`2024-49927`, :cve_nist:`2024-49929`, :cve_nist:`2024-49930`, :cve_nist:`2024-49931`,
+   :cve_nist:`2024-49933`, :cve_nist:`2024-49935`, :cve_nist:`2024-49936`, :cve_nist:`2024-49937`,
+   :cve_nist:`2024-49938`, :cve_nist:`2024-49939`, :cve_nist:`2024-49944`, :cve_nist:`2024-49946`,
+   :cve_nist:`2024-49947`, :cve_nist:`2024-49948`, :cve_nist:`2024-49949`, :cve_nist:`2024-49950`,
+   :cve_nist:`2024-49951`, :cve_nist:`2024-49952`, :cve_nist:`2024-49953`, :cve_nist:`2024-49954`,
+   :cve_nist:`2024-49955`, :cve_nist:`2024-49957`, :cve_nist:`2024-49958`, :cve_nist:`2024-49959`,
+   :cve_nist:`2024-49960`, :cve_nist:`2024-49961`, :cve_nist:`2024-49962`, :cve_nist:`2024-49963`,
+   :cve_nist:`2024-49965`, :cve_nist:`2024-49966`, :cve_nist:`2024-49969`, :cve_nist:`2024-49973`,
+   :cve_nist:`2024-49975`, :cve_nist:`2024-49976`, :cve_nist:`2024-49977`, :cve_nist:`2024-49978`,
+   :cve_nist:`2024-49980`, :cve_nist:`2024-49981`, :cve_nist:`2024-49982`, :cve_nist:`2024-49983`,
+   :cve_nist:`2024-49985`, :cve_nist:`2024-49986`, :cve_nist:`2024-49987`, :cve_nist:`2024-49988`,
+   :cve_nist:`2024-49989`, :cve_nist:`2024-49991`, :cve_nist:`2024-49992`, :cve_nist:`2024-49995`,
+   :cve_nist:`2024-49996`, :cve_nist:`2024-49997`, :cve_nist:`2024-50000`, :cve_nist:`2024-50001`,
+   :cve_nist:`2024-50002`, :cve_nist:`2024-50003`, :cve_nist:`2024-50005`, :cve_nist:`2024-50006`,
+   :cve_nist:`2024-50007`, :cve_nist:`2024-50008`, :cve_nist:`2024-50012`, :cve_nist:`2024-50013`,
+   :cve_nist:`2024-50015`, :cve_nist:`2024-50016`, :cve_nist:`2024-50019`, :cve_nist:`2024-50022`,
+   :cve_nist:`2024-50023`, :cve_nist:`2024-50024`, :cve_nist:`2024-50026`, :cve_nist:`2024-50029`,
+   :cve_nist:`2024-50031`, :cve_nist:`2024-50032`, :cve_nist:`2024-50033`, :cve_nist:`2024-50035`,
+   :cve_nist:`2024-50036`, :cve_nist:`2024-50038`, :cve_nist:`2024-50039`, :cve_nist:`2024-50040`,
+   :cve_nist:`2024-50041`, :cve_nist:`2024-50044`, :cve_nist:`2024-50045`, :cve_nist:`2024-50046`,
+   :cve_nist:`2024-50047`, :cve_nist:`2024-50048`, :cve_nist:`2024-50049`, :cve_nist:`2024-50051`,
+   :cve_nist:`2024-50055`, :cve_nist:`2024-50057`, :cve_nist:`2024-50058`, :cve_nist:`2024-50059`,
+   :cve_nist:`2024-50060`, :cve_nist:`2024-50061`, :cve_nist:`2024-50062`, :cve_nist:`2024-50063`,
+   :cve_nist:`2024-50064`, :cve_nist:`2024-50065`, :cve_nist:`2024-50066`, :cve_nist:`2024-50069`,
+   :cve_nist:`2024-50070`, :cve_nist:`2024-50072`, :cve_nist:`2024-50073`, :cve_nist:`2024-50074`,
+   :cve_nist:`2024-50075`, :cve_nist:`2024-50076`, :cve_nist:`2024-50077`, :cve_nist:`2024-50078`,
+   :cve_nist:`2024-50080`, :cve_nist:`2024-50082`, :cve_nist:`2024-50083`, :cve_nist:`2024-50084`,
+   :cve_nist:`2024-50085`, :cve_nist:`2024-50086`, :cve_nist:`2024-50087`, :cve_nist:`2024-50088`,
+   :cve_nist:`2024-50093`, :cve_nist:`2024-50095`, :cve_nist:`2024-50096`, :cve_nist:`2024-50098`,
+   :cve_nist:`2024-50099`, :cve_nist:`2024-50101`, :cve_nist:`2024-50103`, :cve_nist:`2024-50108`,
+   :cve_nist:`2024-50110`, :cve_nist:`2024-50111`, :cve_nist:`2024-50112`, :cve_nist:`2024-50115`,
+   :cve_nist:`2024-50116`, :cve_nist:`2024-50117`, :cve_nist:`2024-50120`, :cve_nist:`2024-50121`,
+   :cve_nist:`2024-50124`, :cve_nist:`2024-50125`, :cve_nist:`2024-50126`, :cve_nist:`2024-50127`,
+   :cve_nist:`2024-50128`, :cve_nist:`2024-50130`, :cve_nist:`2024-50131`, :cve_nist:`2024-50133`,
+   :cve_nist:`2024-50134`, :cve_nist:`2024-50135`, :cve_nist:`2024-50136`, :cve_nist:`2024-50139`,
+   :cve_nist:`2024-50140`, :cve_nist:`2024-50141`, :cve_nist:`2024-50142`, :cve_nist:`2024-50143`,
+   :cve_nist:`2024-50145`, :cve_nist:`2024-50147`, :cve_nist:`2024-50148`, :cve_nist:`2024-50150`,
+   :cve_nist:`2024-50151`, :cve_nist:`2024-50152`, :cve_nist:`2024-50153`, :cve_nist:`2024-50154`,
+   :cve_nist:`2024-50155`, :cve_nist:`2024-50156`, :cve_nist:`2024-50158`, :cve_nist:`2024-50159`,
+   :cve_nist:`2024-50160`, :cve_nist:`2024-50162`, :cve_nist:`2024-50163`, :cve_nist:`2024-50164`,
+   :cve_nist:`2024-50166`, :cve_nist:`2024-50167`, :cve_nist:`2024-50168`, :cve_nist:`2024-50169`,
+   :cve_nist:`2024-50170`, :cve_nist:`2024-50171`, :cve_nist:`2024-50172`, :cve_nist:`2024-50175`,
+   :cve_nist:`2024-50176`, :cve_nist:`2024-50179`, :cve_nist:`2024-50180`, :cve_nist:`2024-50181`,
+   :cve_nist:`2024-50182`, :cve_nist:`2024-50183`, :cve_nist:`2024-50184`, :cve_nist:`2024-50185`,
+   :cve_nist:`2024-50186`, :cve_nist:`2024-50187`, :cve_nist:`2024-50188`, :cve_nist:`2024-50189`,
+   :cve_nist:`2024-50191`, :cve_nist:`2024-50192`, :cve_nist:`2024-50193`, :cve_nist:`2024-50194`,
+   :cve_nist:`2024-50195`, :cve_nist:`2024-50196`, :cve_nist:`2024-50198`, :cve_nist:`2024-50201`,
+   :cve_nist:`2024-50202`, :cve_nist:`2024-50205`, :cve_nist:`2024-50208`, :cve_nist:`2024-50209`,
+   :cve_nist:`2024-50211`, :cve_nist:`2024-50215`, :cve_nist:`2024-50222`, :cve_nist:`2024-50223`,
+   :cve_nist:`2024-50224`, :cve_nist:`2024-50226`, :cve_nist:`2024-50229`, :cve_nist:`2024-50230`,
+   :cve_nist:`2024-50231`, :cve_nist:`2024-50232`, :cve_nist:`2024-50233`, :cve_nist:`2024-50234`,
+   :cve_nist:`2024-50235`, :cve_nist:`2024-50236`, :cve_nist:`2024-50237`, :cve_nist:`2024-50239`,
+   :cve_nist:`2024-50240`, :cve_nist:`2024-50242`, :cve_nist:`2024-50243`, :cve_nist:`2024-50244`,
+   :cve_nist:`2024-50245`, :cve_nist:`2024-50246`, :cve_nist:`2024-50247`, :cve_nist:`2024-50248`,
+   :cve_nist:`2024-50249`, :cve_nist:`2024-50250`, :cve_nist:`2024-50251`, :cve_nist:`2024-50252`,
+   :cve_nist:`2024-50255`, :cve_nist:`2024-50256`, :cve_nist:`2024-50257`, :cve_nist:`2024-50258`,
+   :cve_nist:`2024-50259`, :cve_nist:`2024-50261`, :cve_nist:`2024-50262`, :cve_nist:`2024-50264`,
+   :cve_nist:`2024-50265`, :cve_nist:`2024-50267`, :cve_nist:`2024-50268`, :cve_nist:`2024-50269`,
+   :cve_nist:`2024-50271`, :cve_nist:`2024-50272`, :cve_nist:`2024-50273`, :cve_nist:`2024-50275`,
+   :cve_nist:`2024-50276`, :cve_nist:`2024-50278`, :cve_nist:`2024-50279`, :cve_nist:`2024-50282`,
+   :cve_nist:`2024-50283`, :cve_nist:`2024-50284`, :cve_nist:`2024-50285`, :cve_nist:`2024-50286`,
+   :cve_nist:`2024-50287`, :cve_nist:`2024-50292`, :cve_nist:`2024-50296`, :cve_nist:`2024-50298`,
+   :cve_nist:`2024-50299`, :cve_nist:`2024-50300`, :cve_nist:`2024-50301`, :cve_nist:`2024-50302`,
+   :cve_nist:`2024-53042`, :cve_nist:`2024-53043`, :cve_nist:`2024-53046`, :cve_nist:`2024-53047`,
+   :cve_nist:`2024-53052`, :cve_nist:`2024-53055`, :cve_nist:`2024-53057`, :cve_nist:`2024-53058`,
+   :cve_nist:`2024-53059`, :cve_nist:`2024-53060`, :cve_nist:`2024-53061`, :cve_nist:`2024-53063`,
+   :cve_nist:`2024-53066`, :cve_nist:`2024-53068`, :cve_nist:`2024-53072`, :cve_nist:`2024-53076`,
+   :cve_nist:`2024-53079`, :cve_nist:`2024-53081`, :cve_nist:`2024-53082`, :cve_nist:`2024-53083`,
+   :cve_nist:`2024-53088`, :cve_nist:`2024-53091`, :cve_nist:`2024-53093`, :cve_nist:`2024-53094`,
+   :cve_nist:`2024-53096`, :cve_nist:`2024-53099`, :cve_nist:`2024-53100`, :cve_nist:`2024-53101`,
+   :cve_nist:`2024-53103`, :cve_nist:`2024-53108`, :cve_nist:`2024-53109`, :cve_nist:`2024-53110`,
+   :cve_nist:`2024-53112`, :cve_nist:`2024-53113`, :cve_nist:`2024-53119`, :cve_nist:`2024-53120`,
+   :cve_nist:`2024-53121`, :cve_nist:`2024-53122`, :cve_nist:`2024-53123`, :cve_nist:`2024-53126`,
+   :cve_nist:`2024-53127`, :cve_nist:`2024-53129`, :cve_nist:`2024-53130`, :cve_nist:`2024-53131`,
+   :cve_nist:`2024-53134`, :cve_nist:`2024-53135`, :cve_nist:`2024-53138`, :cve_nist:`2024-53139`,
+   :cve_nist:`2024-53140`, :cve_nist:`2024-53141`, :cve_nist:`2024-53142`, :cve_nist:`2024-53145`,
+   :cve_nist:`2024-53146`, :cve_nist:`2024-53150`, :cve_nist:`2024-53151`, :cve_nist:`2024-53154`,
+   :cve_nist:`2024-53155`, :cve_nist:`2024-53156`, :cve_nist:`2024-53157`, :cve_nist:`2024-53161`,
+   :cve_nist:`2024-53165`, :cve_nist:`2024-53166`, :cve_nist:`2024-53168`, :cve_nist:`2024-53171`,
+   :cve_nist:`2024-53173`, :cve_nist:`2024-53175`, :cve_nist:`2024-53180`, :cve_nist:`2024-53188`,
+   :cve_nist:`2024-53191`, :cve_nist:`2024-53200`, :cve_nist:`2024-53202`, :cve_nist:`2024-53208`,
+   :cve_nist:`2024-53210`, :cve_nist:`2024-53213`, :cve_nist:`2024-53215`, :cve_nist:`2024-53217`,
+   :cve_nist:`2024-53224`, :cve_nist:`2024-53226`, :cve_nist:`2024-53227`, :cve_nist:`2024-53230`,
+   :cve_nist:`2024-53231`, :cve_nist:`2024-53237`, :cve_nist:`2024-53239`, :cve_nist:`2024-54683`,
+   :cve_nist:`2024-55916`, :cve_nist:`2024-56369`, :cve_nist:`2024-56538`, :cve_nist:`2024-56551`,
+   :cve_nist:`2024-56567`, :cve_nist:`2024-56568`, :cve_nist:`2024-56569`, :cve_nist:`2024-56572`,
+   :cve_nist:`2024-56574`, :cve_nist:`2024-56575`, :cve_nist:`2024-56577`, :cve_nist:`2024-56578`,
+   :cve_nist:`2024-56579`, :cve_nist:`2024-56581`, :cve_nist:`2024-56587`, :cve_nist:`2024-56593`,
+   :cve_nist:`2024-56595`, :cve_nist:`2024-56596`, :cve_nist:`2024-56598`, :cve_nist:`2024-56600`,
+   :cve_nist:`2024-56601`, :cve_nist:`2024-56602`, :cve_nist:`2024-56603`, :cve_nist:`2024-56604`,
+   :cve_nist:`2024-56605`, :cve_nist:`2024-56606`, :cve_nist:`2024-56611`, :cve_nist:`2024-56613`,
+   :cve_nist:`2024-56614`, :cve_nist:`2024-56615`, :cve_nist:`2024-56617`, :cve_nist:`2024-56622`,
+   :cve_nist:`2024-56623`, :cve_nist:`2024-56626`, :cve_nist:`2024-56627`, :cve_nist:`2024-56629`,
+   :cve_nist:`2024-56631`, :cve_nist:`2024-56634`, :cve_nist:`2024-56635`, :cve_nist:`2024-56640`,
+   :cve_nist:`2024-56642`, :cve_nist:`2024-56643`, :cve_nist:`2024-56648`, :cve_nist:`2024-56649`,
+   :cve_nist:`2024-56650`, :cve_nist:`2024-56651`, :cve_nist:`2024-56653`, :cve_nist:`2024-56654`,
+   :cve_nist:`2024-56657`, :cve_nist:`2024-56658`, :cve_nist:`2024-56659`, :cve_nist:`2024-56660`,
+   :cve_nist:`2024-56662`, :cve_nist:`2024-56663`, :cve_nist:`2024-56664`, :cve_nist:`2024-56667`,
+   :cve_nist:`2024-56670`, :cve_nist:`2024-56672`, :cve_nist:`2024-56675`, :cve_nist:`2024-56687`,
+   :cve_nist:`2024-56688`, :cve_nist:`2024-56689`, :cve_nist:`2024-56692`, :cve_nist:`2024-56694`,
+   :cve_nist:`2024-56698`, :cve_nist:`2024-56704`, :cve_nist:`2024-56708`, :cve_nist:`2024-56710`,
+   :cve_nist:`2024-56715`, :cve_nist:`2024-56716`, :cve_nist:`2024-56717`, :cve_nist:`2024-56718`,
+   :cve_nist:`2024-56720`, :cve_nist:`2024-56722`, :cve_nist:`2024-56723`, :cve_nist:`2024-56724`,
+   :cve_nist:`2024-56725`, :cve_nist:`2024-56726`, :cve_nist:`2024-56727`, :cve_nist:`2024-56728`,
+   :cve_nist:`2024-56729`, :cve_nist:`2024-56739`, :cve_nist:`2024-56741`, :cve_nist:`2024-56744`,
+   :cve_nist:`2024-56745`, :cve_nist:`2024-56746`, :cve_nist:`2024-56747`, :cve_nist:`2024-56748`,
+   :cve_nist:`2024-56751`, :cve_nist:`2024-56752`, :cve_nist:`2024-56754`, :cve_nist:`2024-56755`,
+   :cve_nist:`2024-56756`, :cve_nist:`2024-56760`, :cve_nist:`2024-56763`, :cve_nist:`2024-56765`,
+   :cve_nist:`2024-56767`, :cve_nist:`2024-56769`, :cve_nist:`2024-56770`, :cve_nist:`2024-56774`,
+   :cve_nist:`2024-56776`, :cve_nist:`2024-56777`, :cve_nist:`2024-56778`, :cve_nist:`2024-56779`,
+   :cve_nist:`2024-56780`, :cve_nist:`2024-56781`, :cve_nist:`2024-56783`, :cve_nist:`2024-56785`,
+   :cve_nist:`2024-56786`, :cve_nist:`2024-56787`, :cve_nist:`2024-57798`, :cve_nist:`2024-57807`
+   and :cve_nist:`2024-57874`
+-  ofono: Fix :cve_nist:`2023-4232`, :cve_nist:`2023-4235`, :cve_nist:`2024-7539`,
+   :cve_nist:`2024-7540`, :cve_nist:`2024-7541`, :cve_nist:`2024-7542`, :cve_nist:`2024-7543`,
+   :cve_nist:`2024-7544`, :cve_nist:`2024-7545`, :cve_nist:`2024-7546` and :cve_nist:`2024-7547`
+-  rsync: Fix :cve_nist:`2024-12084`, :cve_nist:`2024-12085`, :cve_nist:`2024-12086`,
+   :cve_nist:`2024-12087`, :cve_nist:`2024-12088` and :cve_nist:`2024-12747`
+-  socat: Fix :cve_nist:`2024-54661`
+-  subversion: Fix :cve_nist:`2024-46901`
+-  wget: Fix :cve_nist:`2024-10524`
+
+
+Fixes in Yocto-5.0.7
+~~~~~~~~~~~~~~~~~~~~
+
+-  bitbake: cooker: Make cooker 'skiplist' per-multiconfig/mc
+-  bitbake: tests/fetch: Fix git shallow test failure with git >= 2.48
+-  bitbake: ui/knotty: print log paths for failed tasks in summary
+-  bitbake: ui/knotty: respect NO_COLOR & check for tty; rename print_hyperlink => format_hyperlink
+-  bluez5: Revert "bluez5: remove configuration files from install task"
+-  bluez5: backport patch to fix address type when loading keys
+-  boost: fix do_fetch error
+-  build-appliance-image: Update to scarthgap head revision
+-  classes/nativesdk: also override :term:`TUNE_PKGARCH`
+-  classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture
+-  contributor-guide/submit-changes.rst: suggest to remove the git signature
+-  cve-update-nvd2-native: Handle :term:`BB_NO_NETWORK` and missing db
+-  cve-update-nvd2-native: Tweak to work better with NFS :term:`DL_DIR`
+-  dev-manual/bmaptool.rst: correct command for bmaptool-native
+-  dev-manual/bmaptool.rst: simplify and fix instructions
+-  dev-manual: fix styling of references to bmaptool
+-  docs: Gather dependencies in poky.yaml.in
+-  docs: Update autobuilder URLs to valkyrie
+-  docs: Update the documentation for :term:`SRCPV`
+-  gcc: Fix c++: tweak for Wrange-loop-construct
+-  groff: Fix race issues for parallel build
+-  libgfortran: fix buildpath QA issue
+-  libxml2: Upgrade to 2.12.9
+-  linux-yocto/6.6: bsp/genericarm64: disable ARM64_SME
+-  linux-yocto/6.6: genericarm64.cfg: enable CONFIG_DMA_CMA
+-  linux-yocto/6.6: update to v6.6.69
+-  lttng-modules: fix sched_stat_runtime changed in Linux 6.6.66
+-  migration-guides: add release notes for 5.0.6
+-  oeqa/ssh: allow to retrieve raw, unformatted ouput
+-  ovmf-native: remove .pyc files from install
+-  poky.conf: add new tested distros
+-  poky.conf: bump version for 5.0.7
+-  poky.yaml.in: add missing locales dependency
+-  poky.yaml.in: replace inkscape dependency by librsvg2-bin
+-  populate_sdk_ext: write_local_conf add shutil import
+-  pulseaudio: fix webrtc audio depdency
+-  python3-requests: upgrade to 2.32.3
+-  python3: Drop empty patch
+-  python3: add dependency on -compression to -core
+-  python3: upgrade to 3.12.7
+-  ref-manual: move runtime-testing section to the test-manual
+-  ref-manual: use standardized method accross both ubuntu and debian for locale install
+-  ref-manual: SSTATE_MIRRORS/SOURCE_MIRROR_URL: add instructions for mirror authentication
+-  reproducible-builds.rst: show how to build a single package
+-  rust-target-config: Fix TARGET_C_INT_WIDTH with correct size
+-  rust: Revert "rust: Add new varaible RUST_ENABLE_EXTRA_TOOLS"
+-  rust: add reproducibility patch to eliminate host leakage
+-  rust: build the default set of tools
+-  rust: correctly link rust-snapshot into build/stage0
+-  rust: use rust-snapshot binaries only in rust-native
+-  sanity.bbclass: skip check_userns for non-local uid
+-  scripts/install-buildtools: Update to 5.0.6
+-  system-requirements.rst: add dependencies for pdf builds
+-  system-requirements: add fedora 39 to supported distros
+-  system-requirements: update list of supported distros
+-  systemd: enable create-log-dirs
+-  test-manual/reproducible-builds: fix reproducible links
+
+
+Known Issues in Yocto-5.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+Contributors to Yocto-5.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Aleksandar Nikolic
+-  Alexander Kanavin
+-  Alexis Lothoré
+-  Antonin Godard
+-  Archana Polampalli
+-  Bruce Ashfield
+-  Catalin Popescu
+-  Changqing Li
+-  Chen Qi
+-  Chris Laplante
+-  Divya Chellam
+-  Esben Haabendal
+-  Guénaël Muller
+-  Guðni Már Gilbert
+-  Harish Sadineni
+-  Hiago De Franco
+-  Hitendra Prajapati
+-  Jiaying Song
+-  Khem Raj
+-  Lee Chee Yang
+-  Mark Hatle
+-  Michael Opdenacker
+-  Mikko Rapeli
+-  Peter Marko
+-  Richard Purdie
+-  Robert Yang
+-  Ross Burton
+-  Soumya Sambu
+-  Steve Sakoman
+-  Sunil Dora
+-  Trevor Gamblin
+-  Xiangyu Chen
+-  Yash Shinde
+-  Zhang Peng
+-  Zahir Hussain
+
+
+Repositories / Downloads for Yocto-5.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.7 </poky/log/?h=yocto-5.0.7>`
+-  Git Revision: :yocto_git:`7dad83c7e5e9637c0ff5d5712409611fd4a14946 </poky/commit/?id=7dad83c7e5e9637c0ff5d5712409611fd4a14946>`
+-  Release Artefact: poky-7dad83c7e5e9637c0ff5d5712409611fd4a14946
+-  sha: ae688031b19b88582bb4a76d0525e3704b981ad1d21eb38a0873cd01dd9a4652
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.7/poky-7dad83c7e5e9637c0ff5d5712409611fd4a14946.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.7/poky-7dad83c7e5e9637c0ff5d5712409611fd4a14946.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.7 </openembedded-core/log/?h=yocto-5.0.7>`
+-  Git Revision: :oe_git:`62cb12967391db709315820d48853ffa4c6b4740 </openembedded-core/commit/?id=62cb12967391db709315820d48853ffa4c6b4740>`
+-  Release Artefact: oecore-62cb12967391db709315820d48853ffa4c6b4740
+-  sha: bc45429df1805445b678f1b0ed6ce017edfac38c7226dce92ce393b3ef311f95
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.7/oecore-62cb12967391db709315820d48853ffa4c6b4740.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.7/oecore-62cb12967391db709315820d48853ffa4c6b4740.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.7 </meta-mingw/log/?h=yocto-5.0.7>`
+-  Git Revision: :yocto_git:`acbba477893ef87388effc4679b7f40ee49fc852 </meta-mingw/commit/?id=acbba477893ef87388effc4679b7f40ee49fc852>`
+-  Release Artefact: meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852
+-  sha: 3b7c2f475dad5130bace652b150367f587d44b391218b1364a8bbc430b48c54c
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.7/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.7/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.7 </bitbake/log/?h=yocto-5.0.7>`
+-  Git Revision: :oe_git:`aa0e540fc31a1c26839efd2c7785a751ce24ebfb </bitbake/commit/?id=aa0e540fc31a1c26839efd2c7785a751ce24ebfb>`
+-  Release Artefact: bitbake-aa0e540fc31a1c26839efd2c7785a751ce24ebfb
+-  sha: 169b68ed7d5e55015b1c35a82d35efaa25c87cba4722c85e66514a15d31e1d28
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.7/bitbake-aa0e540fc31a1c26839efd2c7785a751ce24ebfb.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.7/bitbake-aa0e540fc31a1c26839efd2c7785a751ce24ebfb.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag: :yocto_git:`yocto-5.0.7 </yocto-docs/log/?h=yocto-5.0.7>`
+-  Git Revision: :yocto_git:`bb9e018adcc10c642f87d0b95432783b5eb8057b </yocto-docs/commit/?id=bb9e018adcc10c642f87d0b95432783b5eb8057b>`
+
diff --git a/documentation/migration-guides/release-notes-5.0.8.rst b/documentation/migration-guides/release-notes-5.0.8.rst
new file mode 100644
index 0000000000..5cb8b30246
--- /dev/null
+++ b/documentation/migration-guides/release-notes-5.0.8.rst
@@ -0,0 +1,226 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-5.0.8 (Scarthgap)
+-----------------------------------------
+
+Security Fixes in Yocto-5.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: Fix :cve_nist:`2025-0840`
+-  curl: Ignore :cve_nist:`2025-0725`
+-  elfutils: Fix :cve_nist:`2025-1352`, :cve_nist:`2025-1365` and :cve_nist:`2025-1372`
+-  ffmpeg: Fix :cve_nist:`2024-35365`, :cve_nist:`2024-35369`, :cve_nist:`2024-36613`,
+   :cve_nist:`2024-36616`, :cve_nist:`2024-36617`, :cve_nist:`2024-36618`, :cve_nist:`2024-36619`,
+   :cve_nist:`2025-0518`, :cve_nist:`2025-22919`, :cve_nist:`2025-22921` and :cve_nist:`2025-25473`
+-  glibc: Fix :cve_nist:`2025-0395`
+-  gnutls: Fix :cve_nist:`2024-12243`
+-  go: Fix :cve_nist:`2024-45336`, :cve_nist:`2024-45341` and :cve_nist:`2025-22866`
+-  gstreamer1.0-rtsp-server: Fix :cve_nist:`2024-44331`
+-  libcap: Fix :cve_nist:`2025-1390`
+-  libtasn1: Fix :cve_nist:`2024-12133`
+-  libxml2: Fix :cve_nist:`2024-56171` and :cve_nist:`2025-24928`
+-  linux-yocto/6.6: Fix :cve_nist:`2024-36476`, :cve_nist:`2024-53179`, :cve_nist:`2024-56582`,
+   :cve_nist:`2024-56703`, :cve_nist:`2024-57801`, :cve_nist:`2024-57802`, :cve_nist:`2024-57841`,
+   :cve_nist:`2024-57882`, :cve_nist:`2024-57887`, :cve_nist:`2024-57890`, :cve_nist:`2024-57892`,
+   :cve_nist:`2024-57895`, :cve_nist:`2024-57896`, :cve_nist:`2024-57900`, :cve_nist:`2024-57901`,
+   :cve_nist:`2024-57902`, :cve_nist:`2024-57906`, :cve_nist:`2024-57907`, :cve_nist:`2024-57908`,
+   :cve_nist:`2024-57910`, :cve_nist:`2024-57911`, :cve_nist:`2024-57912`, :cve_nist:`2024-57913`,
+   :cve_nist:`2024-57916`, :cve_nist:`2024-57922`, :cve_nist:`2024-57925`, :cve_nist:`2024-57926`,
+   :cve_nist:`2024-57933`, :cve_nist:`2024-57938`, :cve_nist:`2024-57939`, :cve_nist:`2024-57940`,
+   :cve_nist:`2024-57949`, :cve_nist:`2024-57951`, :cve_nist:`2025-21631`, :cve_nist:`2025-21636`,
+   :cve_nist:`2025-21637`, :cve_nist:`2025-21638`, :cve_nist:`2025-21639`, :cve_nist:`2025-21640`,
+   :cve_nist:`2025-21642`, :cve_nist:`2025-21652`, :cve_nist:`2025-21658`, :cve_nist:`2025-21665`,
+   :cve_nist:`2025-21666`, :cve_nist:`2025-21667`, :cve_nist:`2025-21669`, :cve_nist:`2025-21670`,
+   :cve_nist:`2025-21671`, :cve_nist:`2025-21673`, :cve_nist:`2025-21674`, :cve_nist:`2025-21675`,
+   :cve_nist:`2025-21676`, :cve_nist:`2025-21680`, :cve_nist:`2025-21681`, :cve_nist:`2025-21683`,
+   :cve_nist:`2025-21684`, :cve_nist:`2025-21687`, :cve_nist:`2025-21689`, :cve_nist:`2025-21690`,
+   :cve_nist:`2025-21692`, :cve_nist:`2025-21694`, :cve_nist:`2025-21697` and :cve_nist:`2025-21699`
+-  openssh: Fix :cve_nist:`2025-26466`
+-  openssl: Fix :cve_nist:`2024-9143`, :cve_nist:`2024-12797` and :cve_nist:`2024-13176`
+-  pyhton3: Fix :cve_nist:`2024-12254` and :cve_nist:`2025-0938`
+-  subversion: Ignore :cve_nist:`2024-45720`
+-  u-boot: Fix :cve_nist:`2024-57254`, :cve_nist:`2024-57255`, :cve_nist:`2024-57256`,
+   :cve_nist:`2024-57257`, :cve_nist:`2024-57258` and :cve_nist:`2024-57259`
+-  vim: Fix :cve_nist:`2025-22134` and :cve_nist:`2025-24014`
+-  xwayland: Fix :cve_nist:`2024-9632`, :cve_nist:`2025-26594`, :cve_nist:`2025-26595`,
+   :cve_nist:`2025-26596`, :cve_nist:`2025-26597`, :cve_nist:`2025-26598`, :cve_nist:`2025-26599`,
+   :cve_nist:`2025-26600` and :cve_nist:`2025-26601`
+
+
+Fixes in Yocto-5.0.8
+~~~~~~~~~~~~~~~~~~~~
+
+-  base-files: Drop /bin/sh dependency
+-  bind: upgrade to 9.18.33
+-  binutils: File name too long causing failure to open temporary head file in dlltool
+-  binutils: stable 2.42 branch update
+-  bitbake: bblayers/query: Fix using "removeprefix" string method
+-  bitbake: bitbake-diffsigs: fix handling when finding only a single sigfile
+-  bitbake: data_smart.py: clear expand_cache in _setvar_update_overridevars
+-  bitbake: data_smart.py: remove unnecessary ? from __expand_var_regexp__
+-  bitbake: data_smart.py: simple clean up
+-  build-appliance-image: Update to scarthgap head revision
+-  ccache.conf: Add include_file_ctime to sloppiness
+-  cmake: apply parallel build settings to ptest tasks
+-  contributor-guide/submit-changes: add policy on AI generated code
+-  dev-manual/building: document the initramfs-framework recipe
+-  devtool: ide-sdk recommend :term:`DEBUG_BUILD`
+-  devtool: ide-sdk remove the plugin from eSDK installer
+-  devtool: ide-sdk sort cmake preset
+-  devtool: modify support debug-builds
+-  docs: Add favicon for the documentation html
+-  docs: Fix typo in standards.md
+-  docs: Remove all mention of core-image-lsb
+-  docs: vulnerabilities/classes: remove references to cve-check text format
+-  files: Amend overlayfs unit descriptions with path information
+-  files: overlayfs-create-dirs: Improve mount unit dependency
+-  glibc: stable 2.39 branch updates
+-  gnupg: upgrade to 2.4.5
+-  go: upgrade 1.22.12
+-  icu: remove host references in nativesdk to fix reproducibility
+-  libtasn1: upgrade to 4.20.0
+-  libxml2: upgrade to 2.12.10
+-  linux-yocto/6.6: upgrade to v6.6.75
+-  meta: Enable '-o pipefail' for the SDK installer
+-  migration-guides: add release notes for 4.0.24, 4.0.25 and 5.0.7
+-  oe-selftest: devtool ide-sdk use modify debug-build
+-  oeqa/sdk/context: fix for gtk3 test failure during do_testsdk
+-  oeqa/selftest/rust: skip on all MIPS platforms
+-  openssl: upgrade to 3.2.4
+-  pkg-config-native: pick additional search paths from $EXTRA_NATIVE_PKGCONFIG_PATH
+-  poky.conf: add ubuntu2404 to :term:`SANITY_TESTED_DISTROS`
+-  poky.conf: bump version for 5.0.8
+-  ppp: Revert lock path to /var/lock
+-  python3-setuptools-scm: respect GIT_CEILING_DIRECTORIES
+-  python3: upgrade to 3.12.9
+-  qemu: Do not define sched_attr with glibc >= 2.41
+-  ref-manual/faq: add q&a on systemd as default
+-  ref-manual: Add missing variable :term:`IMAGE_ROOTFS_MAXSIZE`
+-  ref-manual: don't refer to poky-lsb
+-  ref-manual: remove OE_IMPORTS
+-  rust-common.bbclass: soft assignment for RUSTLIB path
+-  rust: fix for rust multilib sdk configuration
+-  rust: remove redundant cargo config file
+-  scripts/install-buildtools: Update to 5.0.7
+-  sdk-manual: extensible.rst: devtool ide-sdk improve
+-  sdk-manual: extensible.rst: update devtool ide-sdk
+-  selftest/rust: correctly form the PATH environment variable
+-  systemd: add libpcre2 as :term:`RRECOMMENDS` if pcre2 is enabled
+-  systemd: upgrade to 255.17
+-  test-manual/ptest: link to common framework ptest classes
+-  tzcode-native: Fix compiler setting from 2023d version
+-  tzdata/tzcode-native: upgrade to 2025a
+-  u-boot: kernel-fitimage: Fix dependency loop if :term:`UBOOT_SIGN_ENABLE` and UBOOT_ENV enabled
+-  u-boot: kernel-fitimage: Restore FIT_SIGN_INDIVIDUAL="1" behavior
+-  uboot-config: fix devtool modify with kernel-fitimage
+-  vim: upgrade to 9.1.1043
+
+
+Known Issues in Yocto-5.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  N/A
+
+Contributors to Yocto-5.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Adrian Freihofer
+-  Aleksandar Nikolic
+-  Alessio Cascone
+-  Alexander Kanavin
+-  Alexis Cellier
+-  Antonin Godard
+-  Archana Polampalli
+-  Bruce Ashfield
+-  Chen Qi
+-  Deepesh Varatharajan
+-  Divya Chellam
+-  Enrico Jörns
+-  Esben Haabendal
+-  Etienne Cordonnier
+-  Fabio Berton
+-  Guðni Már Gilbert
+-  Harish Sadineni
+-  Hitendra Prajapati
+-  Hongxu Jia
+-  Jiaying Song
+-  Joerg Schmidt
+-  Johannes Schneider
+-  Khem Raj
+-  Lee Chee Yang
+-  Marek Vasut
+-  Marta Rybczynska
+-  Moritz Haase
+-  Oleksandr Hnatiuk
+-  Pedro Ferreira
+-  Peter Marko
+-  Poonam Jadhav
+-  Priyal Doshi
+-  Ross Burton
+-  Simon A. Eugster
+-  Steve Sakoman
+-  Vijay Anusuri
+-  Wang Mingyu
+-  Weisser, Pascal
+
+
+Repositories / Downloads for Yocto-5.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.8 </poky/log/?h=yocto-5.0.8>`
+-  Git Revision: :yocto_git:`dc4827b3660bc1a03a2bc3b0672615b50e9137ff </poky/commit/?id=dc4827b3660bc1a03a2bc3b0672615b50e9137ff>`
+-  Release Artefact: poky-dc4827b3660bc1a03a2bc3b0672615b50e9137ff
+-  sha: ace7264e16e18ed02ef0ad2935fa10b5fad2c4de38b2356f4192b38ef2184504
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.8/poky-dc4827b3660bc1a03a2bc3b0672615b50e9137ff.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.8/poky-dc4827b3660bc1a03a2bc3b0672615b50e9137ff.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.8 </openembedded-core/log/?h=yocto-5.0.8>`
+-  Git Revision: :oe_git:`cd2b6080a4c0f2ed2c9939ec0b87763aef595048 </openembedded-core/commit/?id=cd2b6080a4c0f2ed2c9939ec0b87763aef595048>`
+-  Release Artefact: oecore-cd2b6080a4c0f2ed2c9939ec0b87763aef595048
+-  sha: 14c7cd5c62a96ceb9c2141164ea0f087fdbaed99ca3e9a722977a3f12d6381f6
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.8/oecore-cd2b6080a4c0f2ed2c9939ec0b87763aef595048.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.8/oecore-cd2b6080a4c0f2ed2c9939ec0b87763aef595048.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.8 </meta-mingw/log/?h=yocto-5.0.8>`
+-  Git Revision: :yocto_git:`bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f </meta-mingw/commit/?id=bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f>`
+-  Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
+-  sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.8/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.8/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.8 </bitbake/log/?h=yocto-5.0.8>`
+-  Git Revision: :oe_git:`7375d32e8c1af20c51abec4eb3b072b4ca58b239 </bitbake/commit/?id=7375d32e8c1af20c51abec4eb3b072b4ca58b239>`
+-  Release Artefact: bitbake-7375d32e8c1af20c51abec4eb3b072b4ca58b239
+-  sha: 13dffbc162c5b6e2c95fa72936a430b9a542d52d81d502a5d0afc592fbf4a16b
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.8/bitbake-7375d32e8c1af20c51abec4eb3b072b4ca58b239.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.8/bitbake-7375d32e8c1af20c51abec4eb3b072b4ca58b239.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag: :yocto_git:`yocto-5.0.8 </yocto-docs/log/?h=yocto-5.0.8>`
+-  Git Revision: :yocto_git:`7d3cce5b962ca9f73b29affceb7ebc6710627739 </yocto-docs/commit/?id=7d3cce5b962ca9f73b29affceb7ebc6710627739>`
+
diff --git a/documentation/migration-guides/release-notes-5.0.9.rst b/documentation/migration-guides/release-notes-5.0.9.rst
new file mode 100644
index 0000000000..81b853cf31
--- /dev/null
+++ b/documentation/migration-guides/release-notes-5.0.9.rst
@@ -0,0 +1,206 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-5.0.9 (Scarthgap)
+-----------------------------------------
+
+Security Fixes in Yocto-5.0.9
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: Fix :cve_nist:`2024-57360`, :cve_nist:`2025-1176`, :cve_nist:`2025-1178` and
+   :cve_nist:`2025-1181`
+-  expat: Fix :cve_nist:`2024-8176`
+-  freetype: Fix :cve_nist:`2025-27363`
+-  ghostscript: Fix :cve_nist:`2025-27830`, :cve_nist:`2025-27831`, :cve_nist:`2025-27832`,
+   :cve_nist:`2025-27833`, :cve_nist:`2025-27833`, :cve_nist:`2025-27834`, :cve_nist:`2025-27835`
+   and :cve_nist:`2025-27836`
+-  go: fix :cve_nist:`2025-22870` and :cve_nist:`2025-22871`
+-  grub: Fix :cve_nist:`2024-45781`, :cve_nist:`2024-45774`, :cve_nist:`2024-45775`,
+   :cve_nist:`2024-45776`, :cve_nist:`2024-45777`, :cve_nist:`2024-45778`, :cve_nist:`2024-45779`,
+   :cve_nist:`2024-45780`, :cve_nist:`2024-45782`, :cve_nist:`2024-45783`, :cve_nist:`2024-56737`,
+   :cve_nist:`2025-0622`, :cve_nist:`2025-0624`, :cve_nist:`2025-0677`, :cve_nist:`2025-0678`,
+   :cve_nist:`2025-0684`, :cve_nist:`2025-0685`, :cve_nist:`2025-0686`, :cve_nist:`2025-0689`,
+   :cve_nist:`2025-0690`, :cve_nist:`2025-1118` and :cve_nist:`2025-1125`
+-  libarchive: Fix :cve_nist:`2024-20696`, :cve_nist:`2024-48957`, :cve_nist:`2024-48958`,
+   :cve_nist:`2025-1632` and :cve_nist:`2025-25724`
+-  libxslt: Fix :cve_nist:`2024-24855` and :cve_nist:`2024-55549`
+-  linux-yocto/6.6: Fix :cve_nist:`2024-54458`, :cve_nist:`2024-57834`, :cve_nist:`2024-57973`,
+   :cve_nist:`2024-57978`, :cve_nist:`2024-57979`, :cve_nist:`2024-57980`, :cve_nist:`2024-57981`,
+   :cve_nist:`2024-57984`, :cve_nist:`2024-57996`, :cve_nist:`2024-57997`, :cve_nist:`2024-58002`,
+   :cve_nist:`2024-58005`, :cve_nist:`2024-58007`, :cve_nist:`2024-58010`, :cve_nist:`2024-58011`,
+   :cve_nist:`2024-58013`, :cve_nist:`2024-58017`, :cve_nist:`2024-58020`, :cve_nist:`2024-58034`,
+   :cve_nist:`2024-58052`, :cve_nist:`2024-58055`, :cve_nist:`2024-58058`, :cve_nist:`2024-58063`,
+   :cve_nist:`2024-58068`, :cve_nist:`2024-58069`, :cve_nist:`2024-58070`, :cve_nist:`2024-58071`,
+   :cve_nist:`2024-58076`, :cve_nist:`2024-58080`, :cve_nist:`2024-58083`, :cve_nist:`2024-58088`,
+   :cve_nist:`2025-21700`, :cve_nist:`2025-21703`, :cve_nist:`2025-21707`, :cve_nist:`2025-21711`,
+   :cve_nist:`2025-21715`, :cve_nist:`2025-21716`, :cve_nist:`2025-21718`, :cve_nist:`2025-21726`,
+   :cve_nist:`2025-21727`, :cve_nist:`2025-21731`, :cve_nist:`2025-21735`, :cve_nist:`2025-21736`,
+   :cve_nist:`2025-21741`, :cve_nist:`2025-21742`, :cve_nist:`2025-21743`, :cve_nist:`2025-21744`,
+   :cve_nist:`2025-21745`, :cve_nist:`2025-21748`, :cve_nist:`2025-21749`, :cve_nist:`2025-21753`,
+   :cve_nist:`2025-21756`, :cve_nist:`2025-21759`, :cve_nist:`2025-21760`, :cve_nist:`2025-21761`,
+   :cve_nist:`2025-21762`, :cve_nist:`2025-21763`, :cve_nist:`2025-21764`, :cve_nist:`2025-21773`,
+   :cve_nist:`2025-21775`, :cve_nist:`2025-21776`, :cve_nist:`2025-21779`, :cve_nist:`2025-21780`,
+   :cve_nist:`2025-21782`, :cve_nist:`2025-21783`, :cve_nist:`2025-21785`, :cve_nist:`2025-21787`,
+   :cve_nist:`2025-21789`, :cve_nist:`2025-21790`, :cve_nist:`2025-21791`, :cve_nist:`2025-21792`,
+   :cve_nist:`2025-21793`, :cve_nist:`2025-21796`, :cve_nist:`2025-21811`, :cve_nist:`2025-21812`,
+   :cve_nist:`2025-21814`, :cve_nist:`2025-21820`, :cve_nist:`2025-21844`, :cve_nist:`2025-21846`,
+   :cve_nist:`2025-21847`, :cve_nist:`2025-21848`, :cve_nist:`2025-21853`, :cve_nist:`2025-21854`,
+   :cve_nist:`2025-21855`, :cve_nist:`2025-21856`, :cve_nist:`2025-21857`, :cve_nist:`2025-21858`,
+   :cve_nist:`2025-21859`, :cve_nist:`2025-21862`, :cve_nist:`2025-21863`, :cve_nist:`2025-21864`,
+   :cve_nist:`2025-21865`, :cve_nist:`2025-21866`, :cve_nist:`2025-21867`, :cve_nist:`2025-21887`,
+   :cve_nist:`2025-21891`, :cve_nist:`2025-21898`, :cve_nist:`2025-21904`, :cve_nist:`2025-21905`,
+   :cve_nist:`2025-21908`, :cve_nist:`2025-21912`, :cve_nist:`2025-21915`, :cve_nist:`2025-21917`,
+   :cve_nist:`2025-21918`, :cve_nist:`2025-21919`, :cve_nist:`2025-21920`, :cve_nist:`2025-21922`,
+   :cve_nist:`2025-21928`, :cve_nist:`2025-21934`, :cve_nist:`2025-21936`, :cve_nist:`2025-21937`,
+   :cve_nist:`2025-21941`, :cve_nist:`2025-21943`, :cve_nist:`2025-21945`, :cve_nist:`2025-21947`,
+   :cve_nist:`2025-21948`, :cve_nist:`2025-21951`, :cve_nist:`2025-21957`, :cve_nist:`2025-21959`,
+   :cve_nist:`2025-21962`, :cve_nist:`2025-21963`, :cve_nist:`2025-21964`, :cve_nist:`2025-21966`,
+   :cve_nist:`2025-21967`, :cve_nist:`2025-21968`, :cve_nist:`2025-21969`, :cve_nist:`2025-21979`,
+   :cve_nist:`2025-21980`, :cve_nist:`2025-21981`, :cve_nist:`2025-21991` and :cve_nist:`2025-21993`
+-  mpg123: Fix :cve_nist:`2024-10573`
+-  ofono: Fix :cve_nist:`2024-7537`
+-  openssh: Fix :cve_nist:`2025-26465`
+-  puzzles: Ignore :cve_nist:`2024-13769`, :cve_nist:`2024-13770` and :cve_nist:`2025-0837`
+-  qemu: Ignore :cve_nist:`2023-1386`
+-  ruby: Fix :cve_nist:`2025-27219` and :cve_nist:`2025-27220`
+-  rust-cross-canadian: Ignore :cve_nist:`2024-43402`
+-  vim: Fix :cve_nist:`2025-1215`, :cve_nist:`2025-26603`, :cve_nist:`2025-27423` and
+   :cve_nist:`2025-29768`
+-  xserver-xorg: Fix :cve_nist:`2025-26594`, :cve_nist:`2025-26595`, :cve_nist:`2025-26596`,
+   :cve_nist:`2025-26597`, :cve_nist:`2025-26598`, :cve_nist:`2025-26599`, :cve_nist:`2025-26600`
+   and :cve_nist:`2025-26601`
+-  xz: Fix :cve_nist:`2025-31115`
+
+
+Fixes in Yocto-5.0.9
+~~~~~~~~~~~~~~~~~~~~
+
+-  babeltrace2: extend to nativesdk
+-  babeltrace: extend to nativesdk
+-  bitbake: event/utils: Avoid deadlock from lock_timeout() and recursive events
+-  bitbake: utils: Add signal blocking for lock_timeout
+-  bitbake: utils: Print information about lock issue before exiting
+-  bitbake: utils: Tweak lock_timeout logic
+-  build-appliance-image: Update to scarthgap head revision
+-  cve-check.bbclass: Mitigate symlink related error
+-  cve-update-nvd2-native: add workaround for json5 style list
+-  cve-update-nvd2-native: handle missing vulnStatus
+-  gcc: remove paths to sysroot from configargs.h and checksum-options for gcc-cross-canadian
+-  gcc: unify cleanup of include-fixed, apply to cross-canadian
+-  ghostscript: upgrade to 10.05.0
+-  grub: backport strlcpy function
+-  grub: drop obsolete CVE statuses
+-  icu: Adjust ICU_DATA_DIR path on big endian targets
+-  kernel-arch: add macro-prefix-map in KERNEL_CC
+-  libarchive: upgrade to 3.7.9
+-  libxslt: upgrade to 1.1.43
+-  linux-yocto/6.6: update to v6.6.84
+-  mc: set ac_cv_path_ZIP to avoid buildpaths QA issues
+-  mpg123: upgrade to 1.32.10
+-  nativesdk-libtool: sanitize the script, remove buildpaths
+-  openssl: rewrite ptest installation
+-  overview-manual/concepts: remove :term:`PR` from the build dir list
+-  patch.py: set commituser and commitemail for addNote
+-  poky.conf: bump version for 5.0.9
+-  vim: Upgrade to 9.1.1198
+-  xserver-xf86-config: add a configuration fragment to disable screen blanking
+-  xserver-xf86-config: remove obsolete configuration files
+-  xserver-xorg: upgrade to 21.1.16
+-  xz: upgrade to 5.4.7
+-  yocto-uninative: Update to 4.7 for glibc 2.41
+
+
+Known Issues in Yocto-5.0.9
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+Contributors to Yocto-5.0.9
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+-  Antonin Godard
+-  Archana Polampalli
+-  Ashish Sharma
+-  Bruce Ashfield
+-  Changqing Li
+-  Denys Dmytriyenko
+-  Divya Chellam
+-  Hitendra Prajapati
+-  Madhu Marri
+-  Makarios Christakis
+-  Martin Jansa
+-  Michael Halstead
+-  Niko Mauno
+-  Oleksandr Hnatiuk
+-  Peter Marko
+-  Richard Purdie
+-  Ross Burton
+-  Sana Kazi
+-  Stefan Mueller-Klieser
+-  Steve Sakoman
+-  Vijay Anusuri
+-  Virendra Thakur
+-  Vishwas Udupa
+-  Wang Mingyu
+-  Zhang Peng
+
+
+Repositories / Downloads for Yocto-5.0.9
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`scarthgap </poky/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.9 </poky/log/?h=yocto-5.0.9>`
+-  Git Revision: :yocto_git:`bab0f9f62af9af580744948dd3240f648a99879a </poky/commit/?id=bab0f9f62af9af580744948dd3240f648a99879a>`
+-  Release Artefact: poky-bab0f9f62af9af580744948dd3240f648a99879a
+-  sha: ee6811d9fb6c4913e19d6e3569f1edc8ccd793779b237520596506446a6b4531
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/poky-bab0f9f62af9af580744948dd3240f648a99879a.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/poky-bab0f9f62af9af580744948dd3240f648a99879a.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`scarthgap </openembedded-core/log/?h=scarthgap>`
+-  Tag:  :oe_git:`yocto-5.0.9 </openembedded-core/log/?h=yocto-5.0.9>`
+-  Git Revision: :oe_git:`04038ecd1edd6592b826665a2b787387bb7074fa </openembedded-core/commit/?id=04038ecd1edd6592b826665a2b787387bb7074fa>`
+-  Release Artefact: oecore-04038ecd1edd6592b826665a2b787387bb7074fa
+-  sha: 6e201a4b486dfbdfcb7e96d83b962a205ec4764db6ad0e34bd623db18910eddb
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/oecore-04038ecd1edd6592b826665a2b787387bb7074fa.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/oecore-04038ecd1edd6592b826665a2b787387bb7074fa.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`scarthgap </meta-mingw/log/?h=scarthgap>`
+-  Tag:  :yocto_git:`yocto-5.0.9 </meta-mingw/log/?h=yocto-5.0.9>`
+-  Git Revision: :yocto_git:`bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f </meta-mingw/commit/?id=bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f>`
+-  Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
+-  sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.8 </bitbake/log/?h=2.8>`
+-  Tag:  :oe_git:`yocto-5.0.9 </bitbake/log/?h=yocto-5.0.9>`
+-  Git Revision: :oe_git:`696c2c1ef095f8b11c7d2eff36fae50f58c62e5e </bitbake/commit/?id=696c2c1ef095f8b11c7d2eff36fae50f58c62e5e>`
+-  Release Artefact: bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e
+-  sha: fc83f879cd6dd14b9b7eba0161fec23ecc191fed0fb00556ba729dceef6c145f
+-  Download Locations:
+   https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e.tar.bz2
+   https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`scarthgap </yocto-docs/log/?h=scarthgap>`
+-  Tag: :yocto_git:`yocto-5.0.9 </yocto-docs/log/?h=yocto-5.0.9>`
+-  Git Revision: :yocto_git:`56db4fd81f6235428bef9e46a61c11ca0ba89733 </yocto-docs/commit/?id=56db4fd81f6235428bef9e46a61c11ca0ba89733>`
+
diff --git a/documentation/migration-guides/release-notes-5.0.rst b/documentation/migration-guides/release-notes-5.0.rst
index 800ba20a27..de11bd174a 100644
--- a/documentation/migration-guides/release-notes-5.0.rst
+++ b/documentation/migration-guides/release-notes-5.0.rst
@@ -217,7 +217,7 @@ New Features / Enhancements in 5.0
       state directory (i.e., ``/run``).
 
    -  Allow to disable colored text output through the
-      `NO_OUTPUT <https://no-color.org/>`__ environment variable.
+      `NO_COLOR <https://no-color.org/>`__ environment variable.
 
    -  ``git-make-shallow`` script: add support for Git's ``safe.bareRepository=explicit``
       configuration setting.
@@ -362,39 +362,39 @@ The following corrections have been made to the :term:`LICENSE` values set by re
 Security Fixes in 5.0
 ~~~~~~~~~~~~~~~~~~~~~
 
--  avahi: :cve:`2023-1981`, :cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`, :cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`, :cve:`2023-38472`, :cve:`2023-38473`
--  bind: :cve:`2023-4408`, :cve:`2023-5517`, :cve:`2023-5679`, :cve:`2023-50387`
--  bluez5: :cve:`2023-45866`
--  coreutils: :cve:`2024-0684`
--  cups: :cve:`2023-4504`
--  curl: :cve:`2023-46218`
--  expat: :cve:`2024-28757`
--  gcc: :cve:`2023-4039`
--  glibc: :cve:`2023-5156`, :cve:`2023-0687`
--  gnutls: :cve:`2024-0553`, :cve:`2024-0567`, :cve:`2024-28834`, :cve:`2024-28835`
--  go: :cve:`2023-45288`
--  grub: :cve:`2023-4692`, :cve:`2023-4693`
--  grub2: :cve:`2023-4001` (ignored), :cve:`2024-1048` (ignored)
--  libgit2: :cve:`2024-24575`, :cve:`2024-24577`
--  libsndfile1: :cve:`2022-33065`
--  libssh2: :cve:`2023-48795`
--  libuv: :cve:`2024-24806`
--  libxml2: :cve:`2023-45322` (ignored)
--  linux-yocto/6.6: :cve:`2020-16119`
--  openssh: :cve:`2023-48795`, :cve:`2023-51384`, :cve:`2023-51385`
--  openssl: :cve:`2023-5363`, :cve:`2023-5678`, :cve:`2023-6129`, :cve_mitre:`2023-6237`, :cve:`2024-0727`, :cve:`2024-2511`
--  perl: :cve:`2023-47100`
--  pixman: :cve:`2023-37769` (ignored)
--  python3-cryptography{-vectors}: :cve:`2023-49083`, :cve:`2024-26130`
--  python3-urllib3: :cve:`2023-45803`
--  shadow: :cve:`2023-4641`
--  sudo: :cve:`2023-42456`
--  tiff: :cve:`2023-6228`, :cve:`2023-6277`, :cve:`2023-52355`, :cve:`2023-52356`
--  vim: :cve:`2023-46246`, :cve:`2023-48231`, :cve:`2023-48232`, :cve:`2023-48233`, :cve:`2023-48234`, :cve:`2023-48235`, :cve:`2023-48236`, :cve:`2023-48237`, :cve:`2024-22667`
--  wpa-supplicant: :cve:`2023-52160`
--  xserver-xorg: :cve:`2023-5574`, :cve:`2023-6816`, :cve:`2024-0229`, :cve:`2024-0408`, :cve:`2024-0409`, :cve:`2024-21885`, :cve:`2024-21886`
--  xwayland: :cve:`2023-5367`, :cve:`2024-0408`, :cve:`2024-0409`, :cve:`2023-6816`, :cve:`2024-0229`, :cve:`2024-21885`, :cve:`2024-21886`
--  zlib: :cve:`2023-45853` (ignored), :cve:`2023-6992` (ignored)
+-  avahi: :cve_nist:`2023-1981`, :cve_nist:`2023-38469`, :cve_nist:`2023-38470`, :cve_nist:`2023-38471`, :cve_nist:`2023-38469`, :cve_nist:`2023-38470`, :cve_nist:`2023-38471`, :cve_nist:`2023-38472`, :cve_nist:`2023-38473`
+-  bind: :cve_nist:`2023-4408`, :cve_nist:`2023-5517`, :cve_nist:`2023-5679`, :cve_nist:`2023-50387`
+-  bluez5: :cve_nist:`2023-45866`
+-  coreutils: :cve_nist:`2024-0684`
+-  cups: :cve_nist:`2023-4504`
+-  curl: :cve_nist:`2023-46218`
+-  expat: :cve_nist:`2024-28757`
+-  gcc: :cve_nist:`2023-4039`
+-  glibc: :cve_nist:`2023-5156`, :cve_nist:`2023-0687`
+-  gnutls: :cve_nist:`2024-0553`, :cve_nist:`2024-0567`, :cve_nist:`2024-28834`, :cve_nist:`2024-28835`
+-  go: :cve_nist:`2023-45288`
+-  grub: :cve_nist:`2023-4692`, :cve_nist:`2023-4693`
+-  grub2: :cve_nist:`2023-4001` (ignored), :cve_nist:`2024-1048` (ignored)
+-  libgit2: :cve_nist:`2024-24575`, :cve_nist:`2024-24577`
+-  libsndfile1: :cve_nist:`2022-33065`
+-  libssh2: :cve_nist:`2023-48795`
+-  libuv: :cve_nist:`2024-24806`
+-  libxml2: :cve_nist:`2023-45322` (ignored)
+-  linux-yocto/6.6: :cve_nist:`2020-16119`
+-  openssh: :cve_nist:`2023-48795`, :cve_nist:`2023-51384`, :cve_nist:`2023-51385`
+-  openssl: :cve_nist:`2023-5363`, :cve_nist:`2023-5678`, :cve_nist:`2023-6129`, :cve_mitre:`2023-6237`, :cve_nist:`2024-0727`, :cve_nist:`2024-2511`
+-  perl: :cve_nist:`2023-47100`
+-  pixman: :cve_nist:`2023-37769` (ignored)
+-  python3-cryptography{-vectors}: :cve_nist:`2023-49083`, :cve_nist:`2024-26130`
+-  python3-urllib3: :cve_nist:`2023-45803`
+-  shadow: :cve_nist:`2023-4641`
+-  sudo: :cve_nist:`2023-42456`
+-  tiff: :cve_nist:`2023-6228`, :cve_nist:`2023-6277`, :cve_nist:`2023-52355`, :cve_nist:`2023-52356`
+-  vim: :cve_nist:`2023-46246`, :cve_nist:`2023-48231`, :cve_nist:`2023-48232`, :cve_nist:`2023-48233`, :cve_nist:`2023-48234`, :cve_nist:`2023-48235`, :cve_nist:`2023-48236`, :cve_nist:`2023-48237`, :cve_nist:`2024-22667`
+-  wpa-supplicant: :cve_nist:`2023-52160`
+-  xserver-xorg: :cve_nist:`2023-5574`, :cve_nist:`2023-6816`, :cve_nist:`2024-0229`, :cve_nist:`2024-0408`, :cve_nist:`2024-0409`, :cve_nist:`2024-21885`, :cve_nist:`2024-21886`
+-  xwayland: :cve_nist:`2023-5367`, :cve_nist:`2024-0408`, :cve_nist:`2024-0409`, :cve_nist:`2023-6816`, :cve_nist:`2024-0229`, :cve_nist:`2024-21885`, :cve_nist:`2024-21886`
+-  zlib: :cve_nist:`2023-45853` (ignored), :cve_nist:`2023-6992` (ignored)
 
 
 Recipe Upgrades in 5.0
diff --git a/documentation/overview-manual/concepts.rst b/documentation/overview-manual/concepts.rst
index 62f2327a7e..56dd3b3b55 100644
--- a/documentation/overview-manual/concepts.rst
+++ b/documentation/overview-manual/concepts.rst
@@ -98,7 +98,7 @@ files, and how to package the compiled output.
 
 The term "package" is sometimes used to refer to recipes. However, since
 the word "package" is used for the packaged output from the OpenEmbedded
-build system (i.e. ``.ipk`` or ``.deb`` files), this document avoids
+build system (i.e. ``.ipk``, ``.deb`` or ``.rpm`` files), this document avoids
 using the term "package" when referring to recipes.
 
 Classes
@@ -256,7 +256,7 @@ development environment.
 .. note::
 
    The
-   scripts/oe-setup-builddir
+   ``scripts/oe-setup-builddir``
    script uses the
    ``$TEMPLATECONF``
    variable to determine which sample configuration files to locate.
@@ -352,7 +352,7 @@ layers the build system uses to further control the build. These layers
 provide Metadata for the software, machine, and policies.
 
 In general, there are three types of layer input. You can see them below
-the "User Configuration" box in the `general workflow
+the "User Configuration" box in the :ref:`general workflow
 figure <overview-manual/concepts:openembedded build system concepts>`:
 
 -  *Metadata (.bb + Patches):* Software layers containing
@@ -420,14 +420,14 @@ build.
 Distro Layer
 ~~~~~~~~~~~~
 
-The distribution layer provides policy configurations for your
+A distribution layer provides policy configurations for your
 distribution. Best practices dictate that you isolate these types of
 configurations into their own layer. Settings you provide in
 ``conf/distro/distro.conf`` override similar settings that BitBake finds
 in your ``conf/local.conf`` file in the :term:`Build Directory`.
 
 The following list provides some explanation and references for what you
-typically find in the distribution layer:
+typically find in a distribution layer:
 
 -  *classes:* Class files (``.bbclass``) hold common functionality that
    can be shared among recipes in the distribution. When your recipes
@@ -454,7 +454,7 @@ typically find in the distribution layer:
 BSP Layer
 ~~~~~~~~~
 
-The BSP Layer provides machine configurations that target specific
+A BSP layer provides machine configurations that target specific
 hardware. Everything in this layer is specific to the machine for which
 you are building the image or the SDK. A common structure or form is
 defined for BSP layers. You can learn more about this structure in the
@@ -465,7 +465,7 @@ defined for BSP layers. You can learn more about this structure in the
    In order for a BSP layer to be considered compliant with the Yocto
    Project, it must meet some structural requirements.
 
-The BSP Layer's configuration directory contains configuration files for
+A BSP layer's configuration directory contains configuration files for
 the machine (``conf/machine/machine.conf``) and, of course, the layer
 (``conf/layer.conf``).
 
@@ -477,18 +477,18 @@ formfactors, graphics support systems, and so forth.
 .. note::
 
    While the figure shows several
-   recipes-\*
+   ``recipes-*``
    directories, not all these directories appear in all BSP layers.
 
 Software Layer
 ~~~~~~~~~~~~~~
 
-The software layer provides the Metadata for additional software
+A software layer provides the Metadata for additional software
 packages used during the build. This layer does not include Metadata
 that is specific to the distribution or the machine, which are found in
 their respective layers.
 
-This layer contains any recipes, append files, and patches, that your
+This layer contains any recipes, append files, and patches that your
 project needs.
 
 Sources
@@ -560,9 +560,8 @@ source tree used by the group).
 
 The canonical method through which to include a local project is to use the
 :ref:`ref-classes-externalsrc` class to include that local project. You use
-either the ``local.conf`` or a recipe's append file to override or set the
-recipe to point to the local directory on your disk to pull in the whole
-source tree.
+either ``local.conf`` or a recipe's append file to override or set the
+recipe to point to the local directory from which to fetch the source.
 
 Source Control Managers (Optional)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -736,9 +735,6 @@ following list describe the :term:`Build Directory`'s hierarchy:
    -  :term:`PV`: The version of the
       recipe used to build the package.
 
-   -  :term:`PR`: The revision of the
-      recipe used to build the package.
-
 -  :term:`S`: Contains the unpacked source
    files for a given recipe.
 
@@ -912,11 +908,62 @@ the analysis and package splitting process use several areas:
    execute on a system and it generates code for yet another machine
    (e.g. :ref:`ref-classes-cross-canadian` recipes).
 
-The :term:`FILES` variable defines the
-files that go into each package in
-:term:`PACKAGES`. If you want
-details on how this is accomplished, you can look at
-:yocto_git:`package.bbclass </poky/tree/meta/classes-global/package.bbclass>`.
+Packages for a recipe are listed in the :term:`PACKAGES` variable. The
+:oe_git:`bitbake.conf </openembedded-core/tree/meta/conf/bitbake.conf>`
+configuration file defines the following default list of packages::
+
+  PACKAGES = "${PN}-src ${PN}-dbg ${PN}-staticdev ${PN}-dev ${PN}-doc ${PN}-locale ${PACKAGE_BEFORE_PN} ${PN}"
+
+Each of these packages contains a default list of files defined with the
+:term:`FILES` variable. For example, the package ``${PN}-dev`` represents files
+useful to the development of applications depending on ``${PN}``. The default
+list of files for ``${PN}-dev``, also defined in :oe_git:`bitbake.conf
+</openembedded-core/tree/meta/conf/bitbake.conf>`, is defined as follows::
+
+  FILES:${PN}-dev = "${includedir} ${FILES_SOLIBSDEV} ${libdir}/*.la \
+                  ${libdir}/*.o ${libdir}/pkgconfig ${datadir}/pkgconfig \
+                  ${datadir}/aclocal ${base_libdir}/*.o \
+                  ${libdir}/${BPN}/*.la ${base_libdir}/*.la \
+                  ${libdir}/cmake ${datadir}/cmake"
+
+The paths in this list must be *absolute* paths from the point of view of the
+root filesystem on the target, and must *not* make a reference to the variable
+:term:`D` or any :term:`WORKDIR` related variable. A correct example would be::
+
+  ${sysconfdir}/foo.conf
+
+.. note::
+
+   The list of files for a package is defined using the override syntax by
+   separating :term:`FILES` and the package name by a semi-colon (``:``).
+
+A given file can only ever be in one package. By iterating from the leftmost to
+rightmost package in :term:`PACKAGES`, each file matching one of the patterns
+defined in the corresponding :term:`FILES` definition is included in the
+package.
+
+.. note::
+
+  To find out which package installs a file, the ``oe-pkgdata-util``
+  command-line utility can be used::
+
+    $ oe-pkgdata-util find-path '/etc/fstab'
+    base-files: /etc/fstab
+
+  For more information on the ``oe-pkgdata-util`` utility, see the section
+  :ref:`dev-manual/debugging:Viewing Package Information with
+  ``oe-pkgdata-util``` of the Yocto Project Development Tasks Manual.
+
+To add a custom package variant of the ``${PN}`` recipe named
+``${PN}-extra`` (name is arbitrary), one can add it to the
+:term:`PACKAGE_BEFORE_PN` variable::
+
+  PACKAGE_BEFORE_PN += "${PN}-extra"
+
+Alternatively, a custom package can be added by adding it to the
+:term:`PACKAGES` variable using the prepend operator (``=+``)::
+
+  PACKAGES =+ "${PN}-extra"
 
 Depending on the type of packages being created (RPM, DEB, or IPK), the
 :ref:`do_package_write_* <ref-tasks-package_write_deb>`
@@ -2153,7 +2200,7 @@ require root privileges, the fact that some earlier steps ran in a fake
 root environment does not cause problems.
 
 The capability to run tasks in a fake root environment is known as
-"`fakeroot <http://man.he.net/man1/fakeroot>`__", which is derived from
+":manpage:`fakeroot <fakeroot(1)>`", which is derived from
 the BitBake keyword/variable flag that requests a fake root environment
 for a task.
 
diff --git a/documentation/overview-manual/yp-intro.rst b/documentation/overview-manual/yp-intro.rst
index 4a27e12e01..11e6d99e32 100644
--- a/documentation/overview-manual/yp-intro.rst
+++ b/documentation/overview-manual/yp-intro.rst
@@ -400,7 +400,7 @@ Yocto Project:
    Autobuilder :doc:`here </test-manual/understand-autobuilder>`.
 
 -  *Pseudo:* Pseudo is the Yocto Project implementation of
-   `fakeroot <http://man.he.net/man1/fakeroot>`__, which is used to run
+   :manpage:`fakeroot <fakeroot(1)>`, which is used to run
    commands in an environment that seemingly has root privileges.
 
    During a build, it can be necessary to perform operations that
diff --git a/documentation/poky.yaml.in b/documentation/poky.yaml.in
index 0c04b615ea..9c03e9959b 100644
--- a/documentation/poky.yaml.in
+++ b/documentation/poky.yaml.in
@@ -1,41 +1,27 @@
+#
+# Macros used in the documentation
+#
+
+# The DISTRO variable represents the current docs version. It should be used
+# when referring to the current docs version. See also DISTRO_LATEST_TAG.
 DISTRO : "5.0"
+# The DISTRO_LATEST_TAG represents the latest tag on the current branch. It
+# should be used in HTTP link referring to the current docs version. In these
+# cases, the DISTRO may point to A.B.999 which does not exist (just used to
+# represent the latest HEAD revision on the branch). DISTRO_LATEST_TAG should
+# always point to an existing tag.
+DISTRO_LATEST_TAG : "5.0"
 DISTRO_NAME_NO_CAP : "scarthgap"
 DISTRO_NAME : "Scarthgap"
 DISTRO_NAME_NO_CAP_MINUS_ONE : "nanbield"
 DISTRO_NAME_NO_CAP_LTS : "scarthgap"
 YOCTO_DOC_VERSION : "5.0"
-DISTRO_REL_TAG : "yocto-5.0"
+DISTRO_REL_TAG : "yocto-$DISTRO;"
+DISTRO_REL_LATEST_TAG : "yocto-&DISTRO_LATEST_TAG;"
 DOCCONF_VERSION : "dev"
 BITBAKE_SERIES : ""
 YOCTO_DL_URL : "https://downloads.yoctoproject.org"
-YOCTO_AB_URL : "https://autobuilder.yoctoproject.org"
 YOCTO_RELEASE_DL_URL : "&YOCTO_DL_URL;/releases/yocto/yocto-&DISTRO;"
-UBUNTU_HOST_PACKAGES_ESSENTIAL : "gawk wget git diffstat unzip texinfo gcc \
-     build-essential chrpath socat cpio python3 python3-pip python3-pexpect \
-     xz-utils debianutils iputils-ping python3-git python3-jinja2 \
-     python3-subunit zstd liblz4-tool file locales libacl1
-     \n\   $ sudo locale-gen en_US.UTF-8"
-FEDORA_HOST_PACKAGES_ESSENTIAL : "gawk make wget tar bzip2 gzip python3 unzip perl patch \
-     diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath \
-     ccache perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue perl-bignum socat \
-     python3-pexpect findutils which file cpio python python3-pip xz python3-GitPython \
-     python3-jinja2 rpcgen perl-FindBin perl-File-Compare \
-     perl-File-Copy perl-locale zstd lz4 hostname glibc-langpack-en libacl"
-OPENSUSE_HOST_PACKAGES_ESSENTIAL : "python gcc gcc-c++ git chrpath make wget python-xml \
-     diffstat makeinfo python-curses patch socat python3 python3-curses tar python3-pip \
-     python3-pexpect xz which python3-Jinja2 rpcgen \
-     zstd lz4 bzip2 gzip hostname libacl1
-     \n\   $ sudo pip3 install GitPython"
-ALMALINUX_HOST_PACKAGES_ESSENTIAL : "-y epel-release
-     \n\   $ sudo yum install dnf-plugins-core
-     \n\   $ sudo dnf config-manager --set-enabled crb
-     \n\   $ sudo dnf makecache
-     \n\   $ sudo dnf install gawk make wget tar bzip2 gzip python3 unzip perl patch \
-     diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath ccache \
-     socat perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue python3-pip \
-     python3-GitPython python3-jinja2 python3-pexpect xz which \
-     rpcgen zstd lz4 cpio glibc-langpack-en libacl"
-PIP3_HOST_PACKAGES_DOC : "$ sudo pip3 install sphinx sphinx_rtd_theme pyyaml"
 MIN_PYTHON_VERSION : "3.8.0"
 MIN_TAR_VERSION : "1.28"
 MIN_GIT_VERSION : "1.8.3.1"
@@ -47,3 +33,237 @@ MIN_DISK_SPACE : "90"
 MIN_DISK_SPACE_RM_WORK : "40"
 # RAM (Gbytes) needed to generate qemux86-64 core-image-sato on Ubuntu 22.04 (x86-64) on a 4 core system
 MIN_RAM : "8"
+
+#
+# Dependencies
+#
+
+# Shared between distros
+PIP3_HOST_PACKAGES_DOC: sphinx sphinx_rtd_theme pyyaml
+
+UBUNTU_DEBIAN_HOST_PACKAGES_ESSENTIAL: >-
+  build-essential
+  chrpath
+  cpio
+  debianutils
+  diffstat
+  file
+  gawk
+  gcc
+  git
+  iputils-ping
+  libacl1
+  liblz4-tool
+  locales
+  python3
+  python3-git
+  python3-jinja2
+  python3-pexpect
+  python3-pip
+  python3-subunit
+  socat
+  texinfo
+  unzip
+  wget
+  xz-utils
+  zstd
+
+UBUNTU_DEBIAN_HOST_PACKAGES_DOC: >-
+  git
+  librsvg2-bin
+  locales
+  make
+  python3-saneyaml
+  python3-sphinx-rtd-theme
+  sphinx
+
+UBUNTU_DEBIAN_HOST_PACKAGES_DOC_PDF: >-
+  fonts-freefont-otf
+  latexmk
+  tex-gyre
+  texlive-fonts-extra
+  texlive-fonts-recommended
+  texlive-lang-all
+  texlive-latex-extra
+  texlive-latex-recommended
+  texlive-xetex
+
+FEDORA_HOST_PACKAGES_ESSENTIAL: >-
+  bzip2
+  ccache
+  chrpath
+  cpio
+  cpp
+  diffstat
+  diffutils
+  file
+  findutils
+  gawk
+  gcc
+  gcc-c++
+  git
+  glibc-devel
+  glibc-langpack-en
+  gzip
+  hostname
+  libacl
+  lz4
+  make
+  patch
+  perl
+  perl-Data-Dumper
+  perl-File-Compare
+  perl-File-Copy
+  perl-FindBin
+  perl-Text-ParseWords
+  perl-Thread-Queue
+  perl-bignum
+  perl-locale
+  python
+  python3
+  python3-GitPython
+  python3-jinja2
+  python3-pexpect
+  python3-pip
+  rpcgen
+  socat
+  tar
+  texinfo
+  unzip
+  wget
+  which
+  xz
+  zstd
+
+FEDORA_HOST_PACKAGES_DOC: >-
+  git
+  glibc-locale-source
+  librsvg2-tools
+  make
+  python3-pip
+  which
+
+FEDORA_HOST_PACKAGES_DOC_PDF: >-
+  'texlive-collection-lang*'
+  latexmk
+  texlive-collection-fontsextra
+  texlive-collection-fontsrecommended
+  texlive-collection-latex
+  texlive-collection-latexextra
+  texlive-collection-latexrecommended
+  texlive-collection-xetex
+  texlive-fncychap
+  texlive-gnu-freefont
+  texlive-tex-gyre
+  texlive-xetex
+
+OPENSUSE_HOST_PACKAGES_ESSENTIAL: >-
+  bzip2
+  chrpath
+  diffstat
+  gcc
+  gcc-c++
+  git
+  gzip
+  hostname
+  libacl1
+  lz4
+  make
+  makeinfo
+  patch
+  python
+  python-curses
+  python-xml
+  python3
+  python3-Jinja2
+  python3-curses
+  python3-pexpect
+  python3-pip
+  rpcgen
+  socat
+  tar
+  wget
+  which
+  xz
+  zstd
+
+OPENSUSE_PIP3_HOST_PACKAGES_ESSENTIAL: GitPython
+
+OPENSUSE_HOST_PACKAGES_DOC: >-
+  git
+  glibc-i18ndata
+  make
+  python3-pip
+  rsvg-convert
+  which
+
+OPENSUSE_HOST_PACKAGES_DOC_PDF: >-
+  'texlive-collection-lang*'
+  texlive-collection-fontsextra
+  texlive-collection-fontsrecommended
+  texlive-collection-latex
+  texlive-collection-latexextra
+  texlive-collection-latexrecommended
+  texlive-collection-xetex
+  texlive-fncychap
+  texlive-gnu-freefont
+  texlive-latexmk
+  texlive-tex-gyre
+  texlive-xetex
+
+ALMALINUX_HOST_PACKAGES_ESSENTIAL: >-
+  bzip2
+  ccache
+  chrpath
+  cpio
+  cpp
+  diffstat
+  diffutils
+  gawk
+  gcc
+  gcc-c++
+  git
+  glibc-devel
+  glibc-langpack-en
+  gzip
+  libacl
+  lz4
+  make
+  patch
+  perl
+  perl-Data-Dumper
+  perl-Text-ParseWords
+  perl-Thread-Queue
+  python3
+  python3-GitPython
+  python3-jinja2
+  python3-pexpect
+  python3-pip
+  rpcgen
+  socat
+  tar
+  texinfo
+  unzip
+  wget
+  which
+  xz
+  zstd
+
+ALMALINUX_HOST_PACKAGES_DOC: >-
+  git
+  glibc-locale-source
+  librsvg2-tools
+  make
+  python3-pip
+  which
+
+ALMALINUX_HOST_PACKAGES_DOC_PDF: >-
+  latexmk
+  texlive-collection-fontsrecommended
+  texlive-collection-latex
+  texlive-collection-latexrecommended
+  texlive-collection-xetex
+  texlive-fncychap
+  texlive-gnu-freefont
+  texlive-tex-gyre
+  texlive-xetex
diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index 9520d0bf7c..1d76b36d45 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -159,27 +159,38 @@ software that includes bash-completion data.
 ``bin_package``
 ===============
 
-The :ref:`ref-classes-bin-package` class is a helper class for recipes that extract the
-contents of a binary package (e.g. an RPM) and install those contents
-rather than building the binary from source. The binary package is
-extracted and new packages in the configured output package format are
-created. Extraction and installation of proprietary binaries is a good
-example use for this class.
+The :ref:`ref-classes-bin-package` class is a helper class for recipes, that
+disables the :ref:`ref-tasks-configure` and :ref:`ref-tasks-compile` tasks and
+copies the content of the :term:`S` directory into the :term:`D` directory. This
+is useful for installing binary packages (e.g. RPM packages) by passing the
+package in the :term:`SRC_URI` variable and inheriting this class.
 
-.. note::
+For RPMs and other packages that do not contain a subdirectory, you should set
+the :term:`SRC_URI` option ``subdir`` to :term:`BP` so that the contents are
+extracted to the directory expected by the default value of :term:`S`. For
+example::
+
+   SRC_URI = "https://example.com/downloads/somepackage.rpm;subdir=${BP}"
+
+This class can also be used for tarballs. For example::
+
+   SRC_URI = "file://somepackage.tar.xz;subdir=${BP}"
+
+The :ref:`ref-classes-bin-package` class will copy the extracted content of the
+tarball from :term:`S` to :term:`D`.
 
-   For RPMs and other packages that do not contain a subdirectory, you
-   should specify an appropriate fetcher parameter to point to the
-   subdirectory. For example, if BitBake is using the Git fetcher (``git://``),
-   the "subpath" parameter limits the checkout to a specific subpath
-   of the tree. Here is an example where ``${BP}`` is used so that the files
-   are extracted into the subdirectory expected by the default value of
-   :term:`S`::
+This class assumes that the content of the package as installed in :term:`S`
+mirrors the expected layout once installed on the target, which is generally the
+case for binary packages. For example, an RPM package for a library would
+usually contain the ``usr/lib`` directory, and should be extracted to
+``${S}/usr/lib/<library>.so.<version>`` to be installed in :term:`D` correctly.
 
-      SRC_URI = "git://example.com/downloads/somepackage.rpm;branch=main;subpath=${BP}"
+.. note::
 
-   See the ":ref:`bitbake-user-manual/bitbake-user-manual-fetching:fetchers`" section in the BitBake User Manual for
-   more information on supported BitBake Fetchers.
+   The extraction of the package passed in :term:`SRC_URI` is not handled by the
+   :ref:`ref-classes-bin-package` class, but rather by the appropriate
+   :ref:`fetcher <bitbake-user-manual/bitbake-user-manual-fetching:fetchers>`
+   depending on the file extension.
 
 .. _ref-classes-binconfig:
 
@@ -552,7 +563,7 @@ You can also look for vulnerabilities in specific packages by passing
 ``-c cve_check`` to BitBake.
 
 After building the software with Bitbake, CVE check output reports are available in ``tmp/deploy/cve``
-and image specific summaries in ``tmp/deploy/images/*.cve`` or ``tmp/deploy/images/*.json`` files.
+and image specific summaries in ``tmp/deploy/images/*.json`` files.
 
 When building, the CVE checker will emit build time warnings for any detected
 issues which are in the state ``Unpatched``, meaning that CVE issue seems to affect the software component
@@ -1461,12 +1472,8 @@ The tests you can list with the :term:`WARN_QA` and
 -  ``patch-fuzz:`` Checks for fuzz in patch files that may allow
    them to apply incorrectly if the underlying code changes.
 
--  ``patch-status-core:`` Checks that the Upstream-Status is specified
-   and valid in the headers of patches for recipes in the OE-Core layer.
-
--  ``patch-status-noncore:`` Checks that the Upstream-Status is specified
-   and valid in the headers of patches for recipes in layers other than
-   OE-Core.
+-  ``patch-status:`` Checks that the ``Upstream-Status`` is specified and valid
+   in the headers of patches for recipes.
 
 -  ``perllocalpod:`` Checks for ``perllocal.pod`` being erroneously
    installed and packaged by a recipe.
@@ -1986,7 +1993,8 @@ a couple different ways:
       Not using this naming convention can lead to subtle problems
       caused by existing code that depends on that naming convention.
 
--  Create or modify a target recipe that contains the following::
+-  Or, create a :ref:`ref-classes-native` variant of any target recipe (e.g.
+   ``myrecipe.bb``) by adding the following to the recipe::
 
       BBCLASSEXTEND = "native"
 
@@ -2017,24 +2025,25 @@ couple different ways:
    inherit statement in the recipe after all other inherit statements so
    that the :ref:`ref-classes-nativesdk` class is inherited last.
 
--  Create a :ref:`ref-classes-nativesdk` variant of any recipe by adding the following::
+   .. note::
 
-       BBCLASSEXTEND = "nativesdk"
+      When creating a recipe, you must follow this naming convention::
 
-   Inside the
-   recipe, use ``:class-nativesdk`` and ``:class-target`` overrides to
-   specify any functionality specific to the respective SDK machine or
-   target case.
+              nativesdk-myrecipe.bb
 
-.. note::
 
-   When creating a recipe, you must follow this naming convention::
+      Not doing so can lead to subtle problems because there is code that
+      depends on the naming convention.
 
-           nativesdk-myrecipe.bb
+-  Or, create a :ref:`ref-classes-nativesdk` variant of any target recipe (e.g.
+   ``myrecipe.bb``) by adding the following to the recipe::
 
+       BBCLASSEXTEND = "nativesdk"
 
-   Not doing so can lead to subtle problems because there is code that
-   depends on the naming convention.
+   Inside the
+   recipe, use ``:class-nativesdk`` and ``:class-target`` overrides to
+   specify any functionality specific to the respective SDK machine or
+   target case.
 
 Although applied differently, the :ref:`ref-classes-nativesdk` class is used with both
 methods. The advantage of the second method is that you do not need to
@@ -2608,7 +2617,7 @@ runtime tests for recipes that build software that provides these tests.
 This class is intended to be inherited by individual recipes. However,
 the class' functionality is largely disabled unless "ptest" appears in
 :term:`DISTRO_FEATURES`. See the
-":ref:`dev-manual/packages:testing packages with ptest`"
+":ref:`test-manual/ptest:testing packages with ptest`"
 section in the Yocto Project Development Tasks Manual for more information
 on ptest.
 
@@ -2632,7 +2641,7 @@ Enables package tests (ptests) specifically for GNOME packages, which
 have tests intended to be executed with ``gnome-desktop-testing``.
 
 For information on setting up and running ptests, see the
-":ref:`dev-manual/packages:testing packages with ptest`"
+":ref:`test-manual/ptest:testing packages with ptest`"
 section in the Yocto Project Development Tasks Manual.
 
 .. _ref-classes-python3-dir:
@@ -3205,8 +3214,8 @@ after it is built, you can set :term:`TESTIMAGE_AUTO`::
    TESTIMAGE_AUTO = "1"
 
 For information on how to enable, run, and create new tests, see the
-":ref:`dev-manual/runtime-testing:performing automated runtime testing`"
-section in the Yocto Project Development Tasks Manual.
+":ref:`test-manual/runtime-testing:performing automated runtime testing`"
+section in the Yocto Project Test Environment Manual.
 
 .. _ref-classes-testsdk:
 
diff --git a/documentation/ref-manual/devtool-reference.rst b/documentation/ref-manual/devtool-reference.rst
index 9319addc3c..2db2adde95 100644
--- a/documentation/ref-manual/devtool-reference.rst
+++ b/documentation/ref-manual/devtool-reference.rst
@@ -24,7 +24,7 @@ The ``devtool`` command line is organized similarly to Git in that it
 has a number of sub-commands for each function. You can run
 ``devtool --help`` to see all the commands::
 
-   $ devtool -h
+   $ devtool --help
    NOTE: Starting bitbake server...
    usage: devtool [--basepath BASEPATH] [--bbpath BBPATH] [-d] [-q] [--color COLOR] [-h] <subcommand> ...
 
@@ -50,6 +50,7 @@ has a number of sub-commands for each function. You can run
        search                Search available recipes
      Working on a recipe in the workspace:
        build                 Build a recipe
+       ide-sdk               Setup the SDK and configure the IDE
        rename                Rename a recipe file in the workspace
        edit-recipe           Edit a recipe file
        find-recipe           Find a recipe file
@@ -63,17 +64,11 @@ has a number of sub-commands for each function. You can run
        build-image           Build image including workspace recipe packages
      Advanced:
        create-workspace      Set up workspace in an alternative location
+       import                Import exported tar archive into workspace
+       export                Export workspace into a tar archive
        extract               Extract the source for an existing recipe
        sync                  Synchronize the source tree for an existing recipe
        menuconfig            Alter build-time configuration for a recipe
-       import                Import exported tar archive into workspace
-       export                Export workspace into a tar archive
-     other:
-       selftest-reverse      Reverse value (for selftest)
-       pluginfile            Print the filename of this plugin
-       bbdir                 Print the BBPATH directory of this plugin
-       count                 How many times have this plugin been registered.
-       multiloaded           How many times have this plugin been initialized
    Use devtool <subcommand> --help to get help on a specific command
 
 As directed in the general help output, you can
@@ -82,8 +77,8 @@ using ``--help``::
 
    $ devtool add --help
    NOTE: Starting bitbake server...
-   usage: devtool add [-h] [--same-dir | --no-same-dir] [--fetch URI] [--npm-dev] [--version VERSION] [--no-git] [--srcrev SRCREV | --autorev] [--srcbranch SRCBRANCH] [--binary] [--also-native] [--src-subdir SUBDIR] [--mirrors]
-                      [--provides PROVIDES]
+   usage: devtool add [-h] [--same-dir | --no-same-dir] [--fetch URI] [--npm-dev] [--no-pypi] [--version VERSION] [--no-git] [--srcrev SRCREV | --autorev]
+                      [--srcbranch SRCBRANCH] [--binary] [--also-native] [--src-subdir SUBDIR] [--mirrors] [--provides PROVIDES]
                       [recipename] [srctree] [fetchuri]
 
    Adds a new recipe to the workspace to build a specified source tree. Can optionally fetch a remote URI and unpack it to create the source tree.
@@ -99,6 +94,7 @@ using ``--help``::
      --no-same-dir         Force build in a separate build directory
      --fetch URI, -f URI   Fetch the specified URI and extract it to create the source tree (deprecated - pass as positional argument instead)
      --npm-dev             For npm, also fetch devDependencies
+     --no-pypi             Do not inherit pypi class
      --version VERSION, -V VERSION
                            Version to use within recipe (PV)
      --no-git, -g          If fetching source, do not set up source tree as a git repository
@@ -439,7 +435,7 @@ You can read more on the ``devtool upgrade`` workflow in the
 ":ref:`sdk-manual/extensible:use \`\`devtool upgrade\`\` to create a version of the recipe that supports a newer version of the software`"
 section in the Yocto Project Application Development and the Extensible
 Software Development Kit (eSDK) manual. You can also see an example of
-how to use ``devtool upgrade`` in the ":ref:`dev-manual/upgrading-recipes:using \`\`devtool upgrade\`\``"
+how to use ``devtool upgrade`` in the ":ref:`dev-manual/upgrading-recipes:using ``devtool upgrade```"
 section in the Yocto Project Development Tasks Manual.
 
 .. _devtool-resetting-a-recipe:
@@ -467,6 +463,20 @@ Here is an example that resets the workspace directory that contains the
    NOTE: Leaving source tree /home/scottrif/poky/build/workspace/sources/mtr as-is; if you no longer need it then please delete it manually
    $
 
+.. _devtool-finish-working-on-a-recipe:
+
+Finish Working on a Recipe
+==========================
+
+Use the ``devtool finish`` command to push any committed changes to the
+specified recipe in the specified layer and remove it from your workspace.
+
+This is roughly equivalent to the ``devtool update-recipe`` command followed by
+the ``devtool reset`` command. The changes must have been committed to the git
+repository created by ``devtool``. Here is an example::
+
+  $ devtool finish recipe /path/to/custom/layer
+
 .. _devtool-building-your-recipe:
 
 Building Your Recipe
@@ -543,6 +553,26 @@ the packages are already on the target. Consequently, when a runtime
 call is made in the application for a dependent function (e.g. a library
 call), the function cannot be found.
 
+.. warning::
+
+   Runtime dependencies can be explicitly listed in the :term:`RDEPENDS`
+   variable, but may also be the result of a :term:`DEPENDS` assignment in your
+   application's recipe. This is usually the case when your application depends
+   on libraries for compilation: these libraries are listed as build-time
+   dependencies in the :term:`DEPENDS` variable in your application's recipe.
+   However these may also be runtime dependencies if they install shared objects
+   on which your application will dynamically link to at runtime (e.g. shared
+   libraries ending with ``.so``).
+
+   These runtime dependencies are automatically resolved by the
+   :term:`OpenEmbedded Build System` during the packaging phase. Since
+   ``devtool`` ignores packaging dependencies, they will not be installed
+   automatically with ``devtool deploy-target``.
+
+   For more information on how the :term:`OpenEmbedded Build System` handles
+   packaging, see the :ref:`overview-manual/concepts:Automatically Added Runtime
+   Dependencies` section of the Yocto Project Overview and Concepts Manual.
+
 To be sure you have all the dependencies local to the target, you need
 to be sure that the packages are pre-deployed (installed) on the target
 before attempting to run your application.
@@ -618,3 +648,43 @@ a match.
 
 When you use the ``devtool search`` command, you must supply a keyword.
 The command uses the keyword when searching for a match.
+
+Alternatively, the ``devtool find-recipe`` command can be used to search for
+recipe files instead of recipe names. Likewise, you must supply a keyword.
+
+.. _devtool-get-the-configure-script-help:
+
+Get Information on Recipe Configuration Scripts
+===============================================
+
+Use the ``devtool configure-help`` command to get help on the configuration
+script options for a given recipe. You must supply the recipe name to the
+command. For example, it shows the output of ``./configure --help`` for
+:ref:`autotools <ref-classes-autotools>`-based recipes.
+
+The ``configure-help`` command will also display the configuration options
+currently in use, including the ones passed through the :term:`EXTRA_OECONF`
+variable.
+
+.. _devtool-generate-an-ide-configuration-for-a-recipe:
+
+Generate an IDE Configuration for a Recipe
+==========================================
+
+The ``devtool ide-sdk`` automatically creates an IDE configuration and SDK to
+work on a given recipe. Depending on the ``--mode`` parameter, different types
+of SDKs are generated:
+
+-  ``modified`` mode: this creates an SDK and generates an IDE configuration in
+   the workspace directory.
+
+-  ``shared`` mode: this creates a cross-compiling toolchain and the
+   corresponding shared sysroot directories of the supplied recipe(s).
+
+The ``--target`` option can be used to specify a ``username@hostname`` string
+and create a remote debugging configuration for the recipe. Similarly to
+``devtool deploy-target``, it requires an SSH server running on the target.
+
+For further details on the ``devtool ide-sdk`` command, see the
+":doc:`/sdk-manual/extensible`" chapter in the Yocto Project Application
+Development and the Extensible Software Development Kit (eSDK) manual.
diff --git a/documentation/ref-manual/faq.rst b/documentation/ref-manual/faq.rst
index bab284bbfd..7dd37c7a5c 100644
--- a/documentation/ref-manual/faq.rst
+++ b/documentation/ref-manual/faq.rst
@@ -45,6 +45,28 @@ See :yocto_wiki:`Products that use the Yocto Project
 Wiki. Don't hesitate to contribute to this page if you know other such
 products.
 
+Why isn't systemd the default init system for OpenEmbedded-Core/Yocto Project or in Poky?
+-----------------------------------------------------------------------------------------
+
+`systemd <https://systemd.io/>`__ is a desktop Linux init system with a specific
+focus that is not entirely aligned with a customisable "embedded" build
+system/environment.
+
+It understandably mandates certain layouts and configurations which may
+or may not align with what the objectives and direction :term:`OpenEmbedded-Core
+(OE-Core)` or Yocto Project want to take. It doesn't support all of our targets.
+For example `musl <https://www.musl-libc.org/>`__ support in systemd is
+problematic.
+
+If it were our default, we would have to align with all their choices
+and this doesn't make sense. It is therefore a configuration option and
+available to anyone where the design goals align. But we are clear it
+is not the only way to handle init.
+
+Our automated testing includes it through the ``poky-altcfg`` :term:`DISTRO` and
+we don't really need it to be the default: it is tested, it works, and people
+can choose to use it.
+
 Building environment
 ====================
 
@@ -259,6 +281,25 @@ Within the :term:`Build Directory`, is the ``tmp`` directory. To remove all the
 build output yet preserve any source code or downloaded files from
 previous builds, simply remove the ``tmp`` directory.
 
+Why isn't there a way to append bbclass files like bbappend for recipes?
+------------------------------------------------------------------------
+
+The Yocto Project has consciously chosen not to implement such functionality.
+Class code is designed to be shared and reused, and exposes some level of
+configuration to its users. We want to encourage people to share these changes
+so we can build the best classes.
+
+If the ``append`` functionality was available for classes, our evidence and
+experience suggest that people would create their custom changes in their
+layer instead of sharing and discussing the issues and/or limitations they
+encountered. This would lead to bizarre class interactions when new layers are
+included. We therefore consciously choose to have a natural pressure to share
+class code improvements or fixes.
+
+There are also technical considerations like which recipes a class append would
+apply to and how that would fit within the layer model. These are complications
+we think we can live without!
+
 Customizing generated images
 ============================
 
diff --git a/documentation/ref-manual/features.rst b/documentation/ref-manual/features.rst
index b2ba731bb2..5574ecafe2 100644
--- a/documentation/ref-manual/features.rst
+++ b/documentation/ref-manual/features.rst
@@ -12,7 +12,7 @@ Features provide a mechanism for working out which packages should be
 included in the generated images. Distributions can select which
 features they want to support through the :term:`DISTRO_FEATURES` variable,
 which is set or appended to in a distribution's configuration file such
-as ``poky.conf``, ``poky-tiny.conf``, ``poky-lsb.conf`` and so forth.
+as ``poky.conf``, ``poky-tiny.conf``, ``poky-altcfg.conf`` and so forth.
 Machine features are set in the :term:`MACHINE_FEATURES` variable, which is
 set in the machine configuration file and specifies the hardware
 features for a given machine.
@@ -207,7 +207,7 @@ metadata, as extra layers can define their own:
 
 -  *ptest:* Enables building the package tests where supported by
    individual recipes. For more information on package tests, see the
-   ":ref:`dev-manual/packages:testing packages with ptest`" section
+   ":ref:`test-manual/ptest:testing packages with ptest`" section
    in the Yocto Project Development Tasks Manual.
 
 -  *pulseaudio:* Include support for
diff --git a/documentation/ref-manual/images.rst b/documentation/ref-manual/images.rst
index c45f9104a9..c9d8989261 100644
--- a/documentation/ref-manual/images.rst
+++ b/documentation/ref-manual/images.rst
@@ -51,27 +51,6 @@ Here is a list of supported recipes:
 -  ``core-image-full-cmdline``: A console-only image with more
    full-featured Linux system functionality installed.
 
--  ``core-image-lsb``: An image that conforms to the Linux Standard Base
-   (LSB) specification. This image requires a distribution configuration
-   that enables LSB compliance (e.g. ``poky-lsb``). If you build
-   ``core-image-lsb`` without that configuration, the image will not be
-   LSB-compliant.
-
--  ``core-image-lsb-dev``: A ``core-image-lsb`` image that is suitable
-   for development work using the host. The image includes headers and
-   libraries you can use in a host development environment. This image
-   requires a distribution configuration that enables LSB compliance
-   (e.g. ``poky-lsb``). If you build ``core-image-lsb-dev`` without that
-   configuration, the image will not be LSB-compliant.
-
--  ``core-image-lsb-sdk``: A ``core-image-lsb`` that includes everything
-   in the cross-toolchain but also includes development headers and
-   libraries to form a complete standalone SDK. This image requires a
-   distribution configuration that enables LSB compliance (e.g.
-   ``poky-lsb``). If you build ``core-image-lsb-sdk`` without that
-   configuration, the image will not be LSB-compliant. This image is
-   suitable for development using the target.
-
 -  ``core-image-minimal``: A small image just capable of allowing a
    device to boot.
 
@@ -119,8 +98,8 @@ Here is a list of supported recipes:
    deployed to a separate partition so that you can boot into it and use
    it to deploy a second image to be tested. You can find more
    information about runtime testing in the
-   ":ref:`dev-manual/runtime-testing:performing automated runtime testing`"
-   section in the Yocto Project Development Tasks Manual.
+   ":ref:`test-manual/runtime-testing:performing automated runtime testing`"
+   section in the Yocto Project Test Environment Manual.
 
 -  ``core-image-testmaster-initramfs``: A RAM-based Initial Root
    Filesystem (:term:`Initramfs`) image tailored for use with the
diff --git a/documentation/ref-manual/qa-checks.rst b/documentation/ref-manual/qa-checks.rst
index 53b1836e74..27d46de3fd 100644
--- a/documentation/ref-manual/qa-checks.rst
+++ b/documentation/ref-manual/qa-checks.rst
@@ -752,21 +752,17 @@ Errors and Warnings
 
 .. _qa-check-patch-status:
 
-- ``Missing Upstream-Status in patch <patchfile> Please add according to <url> [patch-status-core/patch-status-noncore]``
+- ``Missing Upstream-Status in patch <patchfile> Please add according to <url> [patch-status]``
 
     The ``Upstream-Status`` value is missing in the specified patch file's header.
     This value is intended to track whether or not the patch has been sent
     upstream, whether or not it has been merged, etc.
 
-    There are two options for this same check - ``patch-status-core`` (for
-    recipes in OE-Core) and ``patch-status-noncore`` (for recipes in any other
-    layer).
-
     For more information, see the
     ":ref:`contributor-guide/recipe-style-guide:patch upstream status`"
     section in the Yocto Project and OpenEmbedded Contributor Guide.
 
-- ``Malformed Upstream-Status in patch <patchfile> Please correct according to <url> [patch-status-core/patch-status-noncore]``
+- ``Malformed Upstream-Status in patch <patchfile> Please correct according to <url> [patch-status]``
 
     The ``Upstream-Status`` value in the specified patch file's header is invalid -
     it must be a specific format. See the "Missing Upstream-Status" entry above
@@ -795,7 +791,7 @@ Errors and Warnings
 
     This check will detect if the source of the package contains some
     upstream-provided tests and, if so, that ptests are implemented for this
-    recipe.  See the ":ref:`dev-manual/packages:testing packages with ptest`"
+    recipe.  See the ":ref:`test-manual/ptest:testing packages with ptest`"
     section in the Yocto Project Development Tasks Manual. See also the
     ":ref:`ref-classes-ptest`" section.
 
diff --git a/documentation/ref-manual/release-process.rst b/documentation/ref-manual/release-process.rst
index 920794679d..639921b9f6 100644
--- a/documentation/ref-manual/release-process.rst
+++ b/documentation/ref-manual/release-process.rst
@@ -103,17 +103,22 @@ have reached their End of Life (EOL) won't receive such updates.
 
 This started with version 3.1 ("Dunfell"), released in April 2020, which
 the project initially committed to supporting for two years, but this duration
-was later extended to four years. Similarly, the following :term:`LTS` release,
-version 4.0 ("Kirkstone"), was released two years later in May 2022 and the
-project committed to supporting it for four years too.
+was later extended to four years.
 
-Therefore, a new :term:`LTS` release is made every two years and is supported
-for four years. This offers more stability to project users and leaves more
-time to upgrade to the following :term:`LTS` release.
+A new :term:`LTS` release is made every two years and is supported for four
+years. This offers more stability to project users and leaves more time to
+upgrade to the following :term:`LTS` release.
+
+The currently supported :term:`LTS` releases are:
+
+-  Version 5.0 ("Scarthgap"), released in April 2024 and supported until April 2028.
+-  Version 4.0 ("Kirkstone"), released in May 2022 and supported until May 2026.
 
 See :yocto_wiki:`/Stable_Release_and_LTS` for details about the management
 of stable and :term:`LTS` releases.
 
+This documentation was built for the &DISTRO_NAME; release.
+
 .. image:: svg/releases.*
    :width: 100%
 
@@ -143,8 +148,8 @@ Additionally, because the test strategies are visible to you as a
 developer, you can validate your projects. This section overviews the
 available test infrastructure used in the Yocto Project. For information
 on how to run available tests on your projects, see the
-":ref:`dev-manual/runtime-testing:performing automated runtime testing`"
-section in the Yocto Project Development Tasks Manual.
+":ref:`test-manual/runtime-testing:performing automated runtime testing`"
+section in the Yocto Project Test Environment Manual.
 
 The QA/testing infrastructure is woven into the project to the point
 where core developers take some of it for granted. The infrastructure
@@ -170,7 +175,7 @@ consists of the following pieces:
    operation and functions. However, the test can also use the IP
    address of a machine to test.
 
--  :ref:`ptest <dev-manual/packages:testing packages with ptest>`:
+-  :ref:`ptest <test-manual/ptest:testing packages with ptest>`:
    Runs tests against packages produced during the build for a given
    piece of software. The test allows the packages to be run within a
    target image.
@@ -185,7 +190,7 @@ effort has been made to automate the tests so that more people can use
 them and the Yocto Project development team can run them faster and more
 efficiently.
 
-The Yocto Project's main Autobuilder (&YOCTO_AB_URL;) publicly tests each Yocto
+The Yocto Project's main :yocto_ab:`Autobuilder <>` publicly tests each Yocto
 Project release's code in the :oe_git:`openembedded-core </openembedded-core>`,
 :yocto_git:`poky </poky>` and :oe_git:`bitbake </bitbake>` repositories. The
 testing occurs for both the current state of the "master" branch and also for
diff --git a/documentation/ref-manual/structure.rst b/documentation/ref-manual/structure.rst
index e4d8b54bb9..2190f5b90e 100644
--- a/documentation/ref-manual/structure.rst
+++ b/documentation/ref-manual/structure.rst
@@ -335,6 +335,15 @@ Once the build process gets the sample file, it uses ``sed`` to substitute final
    version of the ``bblayers.conf.sample`` file in the ``meta-poky/conf/templates/default``
    directory.
 
+.. _structure-build-conf-bblock.conf:
+
+``build/conf/bblock.conf``
+--------------------------
+
+This configuration file is generated by :doc:`bblock </dev-manual/bblock>` and
+contains the signatures locked by ``bblock``. By default, it does not exist
+and will be created upon the first invocation of ``bblock``.
+
 .. _structure-build-downloads:
 
 ``build/downloads/``
@@ -484,6 +493,30 @@ the ":ref:`sdk-manual/appendix-obtain:building an sdk installer`"
 section in the Yocto Project Application Development and the Extensible
 Software Development Kit (eSDK) manual.
 
+.. _structure-build-tmp-hosttools:
+
+``build/tmp/hosttools/``
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+The OpenEmbedded build system uses this directory to create symbolic links to
+some of the host components that are allowed to be called within tasks. These
+are basic components listed in the :ref:`ref-manual/system-requirements:required
+packages for the build host` section. These components are also listed in the
+:term:`HOSTTOOLS` variable and are limited to this list to prevent host
+contamination.
+
+.. _structure-build-tmp-pkgdata:
+
+``build/tmp/pkgdata/``
+~~~~~~~~~~~~~~~~~~~~~~
+
+The OpenEmbedded build system uses this directory to store package metadata
+generated during the :ref:`ref-tasks-packagedata` task. The files stored in this
+directory contain information about each output package produced by the
+OpenEmbedded build system, and are used in different ways by the build system
+such as ":ref:`dev-manual/debugging:viewing package information with
+``oe-pkgdata-util```".
+
 .. _structure-build-tmp-sstate-control:
 
 ``build/tmp/sstate-control/``
@@ -657,8 +690,15 @@ Here are key subdirectories within each recipe work directory:
 
 For efficiency, the OpenEmbedded build system creates and uses this
 directory to hold recipes that share a work directory with other
-recipes. In practice, this is only used for ``gcc`` and its variants
-(e.g. ``gcc-cross``, ``libgcc``, ``gcc-runtime``, and so forth).
+recipes. This is for example used for ``gcc`` and its variants (e.g.
+``gcc-cross``, ``libgcc``, ``gcc-runtime``, and so forth), or by the
+:ref:`ref-classes-kernel` class to make the kernel source code and kernel build
+artifacts available to out-of-tree kernel modules or other kernel-dependent
+recipes.
+
+In practice, only a few recipes make use of the ``work-shared`` directory. This
+directory is especially useful for recipes that would induce a lot of storage
+space if they were to be shared with the standard :term:`Sysroot` mechanism.
 
 .. _structure-meta:
 
diff --git a/documentation/ref-manual/svg/releases.svg b/documentation/ref-manual/svg/releases.svg
index 036aa467cc..3a379078b8 100644
--- a/documentation/ref-manual/svg/releases.svg
+++ b/documentation/ref-manual/svg/releases.svg
@@ -2,11 +2,14 @@
 <svg
    version="1.1"
    id="svg2"
-   width="2040.0006"
-   height="669.30511"
-   viewBox="0 0 2040.0006 669.30509"
+   width="1992.7236"
+   height="613.35602"
+   viewBox="0 0 1992.7236 613.35599"
    sodipodi:docname="releases.svg"
-   inkscape:version="1.1.2 (0a00cf5339, 2022-02-04)"
+   inkscape:version="1.4.1 (93de688d07, 2025-03-30)"
+   inkscape:export-filename="../../../../../../../../tmp/releases.png"
+   inkscape:export-xdpi="96"
+   inkscape:export-ydpi="96"
    xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
    xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
    xmlns="http://www.w3.org/2000/svg"
@@ -24,29 +27,29 @@
         <dc:format>image/svg+xml</dc:format>
         <dc:type
            rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <cc:license
-           rdf:resource="http://artlibre.org/licence/lal" />
         <dc:title>Yocto Project Release Timeline</dc:title>
         <dc:creator>
           <cc:Agent>
             <dc:title>The Yocto Project</dc:title>
           </cc:Agent>
         </dc:creator>
+        <cc:license
+           rdf:resource="http://artlibre.org/licence/lal" />
       </cc:Work>
       <cc:License
-         rdf:about="http://creativecommons.org/licenses/by-sa/4.0/">
+         rdf:about="http://artlibre.org/licence/lal">
         <cc:permits
            rdf:resource="http://creativecommons.org/ns#Reproduction" />
         <cc:permits
            rdf:resource="http://creativecommons.org/ns#Distribution" />
-        <cc:requires
-           rdf:resource="http://creativecommons.org/ns#Notice" />
-        <cc:requires
-           rdf:resource="http://creativecommons.org/ns#Attribution" />
         <cc:permits
            rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
         <cc:requires
            rdf:resource="http://creativecommons.org/ns#ShareAlike" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#Notice" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#Attribution" />
       </cc:License>
     </rdf:RDF>
   </metadata>
@@ -66,7 +69,8 @@
        miter_limit="4"
        scale_width="1"
        end_linecap_type="zerowidth"
-       not_jump="false" />
+       not_jump="false"
+       message="" />
     <marker
        style="overflow:visible"
        id="marker5783"
@@ -404,15 +408,15 @@
      guidetolerance="10"
      inkscape:pageopacity="0"
      inkscape:pageshadow="2"
-     inkscape:window-width="1920"
-     inkscape:window-height="1043"
+     inkscape:window-width="3826"
+     inkscape:window-height="2069"
      id="namedview4"
      showgrid="true"
-     inkscape:zoom="1.4472045"
-     inkscape:cx="987.76641"
-     inkscape:cy="357.93145"
-     inkscape:window-x="1728"
-     inkscape:window-y="0"
+     inkscape:zoom="1.5536106"
+     inkscape:cx="1158.2696"
+     inkscape:cy="273.55632"
+     inkscape:window-x="2256"
+     inkscape:window-y="60"
      inkscape:window-maximized="1"
      inkscape:current-layer="g10"
      inkscape:document-rotation="0"
@@ -422,94 +426,109 @@
      fit-margin-left="30"
      fit-margin-right="30"
      fit-margin-bottom="30"
-     inkscape:pagecheckerboard="0">
+     inkscape:pagecheckerboard="0"
+     inkscape:showpageshadow="2"
+     inkscape:deskcolor="#d1d1d1"
+     showguides="true">
     <inkscape:grid
        type="xygrid"
        id="grid1257"
-       originx="-289.99936"
-       originy="369.99998" />
+       originx="-289.06071"
+       originy="478.43017"
+       spacingy="1"
+       spacingx="1"
+       units="px"
+       visible="true" />
   </sodipodi:namedview>
   <g
      inkscape:groupmode="layer"
      inkscape:label="Image"
      id="g10"
-     transform="translate(-289.99936,370.00003)">
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1080,220.00003 v -515.00007 0 0"
+     transform="translate(-289.06072,478.43022)">
+    <rect
+       style="fill:#333333;fill-opacity:0;stroke:#000000;stroke-width:0.713896;stroke-linejoin:bevel;stroke-miterlimit:0;stroke-opacity:0"
+       id="rect1"
+       width="1992.0098"
+       height="612.64215"
+       x="289.41766"
+       y="-478.07327"
+       ry="24.97636" />
+    <path
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 563.40434,64.000628 v -524.414808 0 0"
        id="path207708" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1200,220.00003 v -515.00007 0 0"
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 683.40434,64.000628 v -524.414808 0 0"
        id="path207708-4" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1320,220.00003 v -515.00007 0 0"
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 803.40434,64.000628 v -524.414808 0 0"
        id="path207708-4-3" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1440,219.99998 v -515.00002 0 0"
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 923.40434,64.000577 v -524.414757 0 0"
        id="path207708-4-3-6" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1560,219.99998 v -515.00001 0 0"
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 1043.4043,64.000577 v -524.414757 0 0"
        id="path207708-4-3-6-2" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1680,219.99998 v -515.00002 0 0"
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 1163.4043,64.000577 v -524.414757 0 0"
        id="path207708-4-3-6-2-8" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1800,219.99998 v -515.00002 0 0"
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 1283.4043,64.000577 v -524.414757 0 0"
        id="path207708-4-3-6-2-8-4" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1920,219.99998 v -515.00002 0 0"
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 1403.4043,64.000577 v -524.414757 0 0"
        id="path207708-4-3-6-2-8-4-3" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 2040,219.99997 v -460.00002 0 0"
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.475347;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 1523.4043,64.000568 v -415.757648 0 0"
        id="path207708-4-3-6-2-8-4-3-8" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 2040,219.99998 v -515.00002 0 0"
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 1523.4043,64.000577 v -524.414757 0 0"
        id="path207708-4-3-6-2-8-4-3-8-0" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 2159.954,219.99997 v -514.99999 0 0"
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 1643.3583,64.000565 v -524.414715 0 0"
        id="path207708-4-3-6-2-8-4-3-8-4" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 2280,219.99997 v -514.99999 0 0"
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 1763.4043,64.000565 v -524.414715 0 0"
        id="path207708-4-3-6-2-8-4-3-8-4-0" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 960,220.00003 v -515.00007 0 0"
-       id="path207708-9" />
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 1883.7877,64.878769 v -524.414709 0 0"
+       id="path207708-4-3-6-2-8-4-3-8-4-0-8" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 840,220.00001 v -375 0 0"
-       id="path207708-9-6" />
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 2002.9599,64.984489 v -524.414709 0 0"
+       id="path207708-4-3-6-2-8-4-3-8-4-0-8-8" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 840,220.00002 v -515.00004 0 0"
-       id="path207708-9-6-2" />
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 2123.2232,62.984489 v -524.414709 0 0"
+       id="path207708-4-3-6-2-8-4-3-8-4-0-8-8-1" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 720,220.00003 v -515.00007 0 0"
-       id="path207708-9-6-2-5" />
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 2243.313,63.984489 v -524.414709 0 0"
+       id="path207708-4-3-6-2-8-4-3-8-4-0-8-8-1-9" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 600,220.00003 v -515.00007 0 0"
-       id="path207708-9-6-2-5-9" />
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 443.40434,64.000628 v -524.414808 0 0"
+       id="path207708-9" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 480,220.00003 v -515.00007 0 0"
-       id="path207708-9-6-2-5-9-0" />
+       d="m 323.40434,64.000608 v -375.000008 0 0"
+       id="path207708-9-6" />
     <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 360,220.00003 v -515.00007 0 0"
-       id="path207708-9-6-2-5-9-0-5" />
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.50455;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 323.40434,64.000616 v -524.414766 0 0"
+       id="path207708-9-6-2" />
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:42.5884px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
@@ -541,186 +560,152 @@
          x="-59.575905"
          y="580.05695" /></text>
     <rect
-       style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
-       id="rect917-0-0"
-       width="980"
+       style="opacity:0.5;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4"
+       width="160.00002"
        height="45.000004"
-       x="360"
-       y="154.99997"
+       x="443.40427"
+       y="-55.999405"
        ry="2.2558987" />
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="420.52835"
-       y="174.12433"
-       id="text1185-3-55-4"><tspan
+       x="491.89841"
+       y="-36.604408"
+       id="text1185-3-55-4-0-0-0"><tspan
          sodipodi:role="line"
-         x="420.52835"
-         y="174.12433"
+         x="491.89841"
+         y="-36.604408"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan957-2-8">Dunfell (LTS)</tspan><tspan
+         id="tspan957-2-8-6-3-9">Langdale</tspan><tspan
          sodipodi:role="line"
-         x="420.52835"
-         y="192.121"
+         x="491.89841"
+         y="-18.607729"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan10317">3.1</tspan></text>
+         id="tspan10317-2-9-1">4.1</tspan></text>
     <rect
-       style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
-       id="rect917-0-0-4"
-       width="140.00002"
+       style="opacity:0.5;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4-5"
+       width="140.00003"
        height="45.000004"
-       x="480"
-       y="99.999969"
+       x="583.40436"
+       y="-110.99944"
        ry="2.2558987" />
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="534.10651"
-       y="118.94971"
-       id="text1185-3-55-4-0"><tspan
+       x="639.46136"
+       y="-91.498215"
+       id="text1185-3-55-4-0-0-0-1"><tspan
          sodipodi:role="line"
-         x="534.10651"
-         y="118.94971"
+         x="639.46136"
+         y="-91.498215"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan957-2-8-6">Gatesgarth</tspan><tspan
+         id="tspan957-2-8-6-3-9-7">Mickledore</tspan><tspan
          sodipodi:role="line"
-         x="534.10651"
-         y="136.94638"
+         x="639.46136"
+         y="-73.501534"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan10317-2">3.2</tspan></text>
-    <rect
-       style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
-       id="rect917-0-0-4-4"
-       width="260"
-       height="45.000004"
-       x="599.99994"
-       y="45.000011"
-       ry="2.2558987" />
+         id="tspan10317-2-9-1-4">4.2</tspan></text>
     <rect
-       style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
-       id="rect917-0-0-4-4-9"
-       width="160.00002"
+       style="opacity:1;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4-5-3-9-2-3-6"
+       width="140"
        height="45.000004"
-       x="720"
-       y="-9.9999905"
+       x="923.65302"
+       y="-275.19217"
        ry="2.2558987" />
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="766.10297"
-       y="9.57586"
-       id="text1185-3-55-4-0-0"><tspan
+       x="970.63739"
+       y="-256.32867"
+       id="text1185-3-55-4-0-0-0-1-1-6-4"><tspan
          sodipodi:role="line"
-         x="766.10297"
-         y="9.57586"
+         x="970.63739"
+         y="-256.32867"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan957-2-8-6-3">Honister</tspan><tspan
+         id="tspan957-2-8-6-3-9-7-4-2-0">Styhead</tspan><tspan
          sodipodi:role="line"
-         x="766.10297"
-         y="27.57254"
+         x="970.63739"
+         y="-238.332"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan10317-2-9">3.4</tspan></text>
+         id="tspan10317-2-9-1-4-6-5-6">5.1</tspan></text>
     <rect
        style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
-       id="rect917-0-0-4-4-9-4"
-       width="160.00002"
+       id="rect917-0-0-4-4-9-4-5-3-9-2-3-6-2"
+       width="140"
        height="45.000004"
-       x="959.99994"
-       y="-120"
+       x="1043.4697"
+       y="-328.48172"
        ry="2.2558987" />
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1008.4941"
-       y="-100.605"
-       id="text1185-3-55-4-0-0-0"><tspan
+       x="1090.4542"
+       y="-309.61823"
+       id="text1185-3-55-4-0-0-0-1-1-6-4-7"><tspan
          sodipodi:role="line"
-         x="1008.4941"
-         y="-100.605"
+         x="1090.4542"
+         y="-309.61823"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan957-2-8-6-3-9">Langdale</tspan><tspan
+         id="tspan957-2-8-6-3-9-7-4-2-0-0">Walnascar</tspan><tspan
          sodipodi:role="line"
-         x="1008.4941"
-         y="-82.608322"
+         x="1090.4542"
+         y="-291.62155"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan10317-2-9-1">4.1</tspan></text>
+         id="tspan10317-2-9-1-4-6-5-6-9">5.2</tspan></text>
     <rect
-       style="opacity:1;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
-       id="rect917-0-0-4-4-9-4-5"
-       width="140.00003"
+       style="opacity:0.75;fill:#251f32;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4-5-3-9-2-3-67"
+       width="140"
        height="45.000004"
-       x="1100"
-       y="-175.00003"
+       x="1163.6425"
+       y="-382.27469"
        ry="2.2558987" />
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1156.057"
-       y="-155.49881"
-       id="text1185-3-55-4-0-0-0-1"><tspan
+       x="1214.9716"
+       y="-363.89413"
+       id="text1185-3-55-4-0-0-0-1-1-6-4-3-53"><tspan
          sodipodi:role="line"
-         x="1156.057"
-         y="-155.49881"
+         x="1214.9716"
+         y="-363.89413"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan957-2-8-6-3-9-7">Mickledore</tspan><tspan
+         id="tspan957-2-8-6-3-9-7-4-2-0-5-5">Whinlatter</tspan><tspan
          sodipodi:role="line"
-         x="1156.057"
-         y="-137.50214"
+         x="1214.9716"
+         y="-345.89746"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan10317-2-9-1-4">4.2</tspan></text>
-    <g
-       id="g1258">
-      <rect
-         style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
-         id="rect917-0-0-4-4-9-4-5-38"
-         width="120.00002"
-         height="45.000004"
-         x="1220"
-         y="-230.00005"
-         ry="2.2558987" />
-      <text
-         xml:space="preserve"
-         style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-         x="1269.2329"
-         y="-210.32925"
-         id="text1185-3-55-4-0-0-0-1-1"><tspan
-           sodipodi:role="line"
-           x="1269.2329"
-           y="-210.32925"
-           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-           id="tspan957-2-8-6-3-9-7-4">Nanbield</tspan><tspan
-           sodipodi:role="line"
-           x="1269.2329"
-           y="-192.33258"
-           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-           id="tspan10317-2-9-1-4-6">4.3</tspan></text>
-    </g>
+         id="tspan10317-2-9-1-4-6-5-6-6-6">5.3</tspan></text>
     <rect
-       style="opacity:0.75;fill:#241f31;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
-       id="rect917-0-0-4-4-9-4-5-3-9-2"
-       width="140"
+       style="opacity:0.75;fill:#251f32;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:5.29752;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4-5-3-9-2-3-67-6"
+       width="982.23163"
        height="45.000004"
-       x="1440"
-       y="-340.00003"
+       x="1283.7023"
+       y="-436.77539"
        ry="2.2558987" />
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1487.233"
-       y="-320.32928"
-       id="text1185-3-55-4-0-0-0-1-1-6-4"><tspan
+       x="1335.1118"
+       y="-418.39484"
+       id="text1185-3-55-4-0-0-0-1-1-6-4-3-53-0"><tspan
          sodipodi:role="line"
-         x="1487.233"
-         y="-320.32928"
+         x="1335.1118"
+         y="-418.39484"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan957-2-8-6-3-9-7-4-2-0">Styhead</tspan><tspan
+         id="tspan957-2-8-6-3-9-7-4-2-0-5-5-6">Wrynose</tspan><tspan
          sodipodi:role="line"
-         x="1487.233"
-         y="-302.33261"
+         x="1335.1118"
+         y="-400.39816"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan10317-2-9-1-4-6-5-6">5.1</tspan></text>
+         id="tspan10317-2-9-1-4-6-5-6-6-6-2">6.0</tspan></text>
     <g
-       id="g1591">
+       id="g1591"
+       transform="translate(-516.59566,64.000598)">
       <rect
          style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
          id="rect917-0-0-4-4-9-9"
@@ -749,42 +734,26 @@
     <path
        id="rect917-0-0-4-4-9-9-9"
        style="fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:2;stroke-opacity:1"
-       d="m 1322.3015,-285.00003 c -1.2753,0 -2.302,1.00609 -2.302,2.25586 v 40.48828 c 0,1.24977 1.0267,2.25586 2.302,2.25586 h 975.0412 c 1.2754,0 2.302,-1.00609 2.302,-2.25586 v -40.48828 c 0,-1.24977 -1.0266,-2.25586 -2.302,-2.25586 z" />
+       d="m 805.70584,-220.99944 c -1.2753,0 -2.302,1.00609 -2.302,2.25586 v 40.48828 c 0,1.24977 1.0267,2.25586 2.302,2.25586 H 1780.747 c 1.2754,0 2.302,-1.00609 2.302,-2.25586 v -40.48828 c 0,-1.24977 -1.0266,-2.25586 -2.302,-2.25586 z" />
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1390.4988"
-       y="-265.64832"
+       x="873.90314"
+       y="-201.64772"
        id="text1185-3-55-4-0-0-9-0"><tspan
          sodipodi:role="line"
-         x="1390.4988"
-         y="-265.64832"
+         x="873.90314"
+         y="-201.64772"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
          id="tspan957-2-8-6-3-6-8">Scarthgap (LTS)</tspan><tspan
          sodipodi:role="line"
-         x="1390.4988"
-         y="-247.65164"
+         x="873.90314"
+         y="-183.65105"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
          id="tspan10317-2-9-0-1">5.0</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="653.72168"
-       y="64.866302"
-       id="text1185-3-55-4-0-0-7"><tspan
-         sodipodi:role="line"
-         x="653.72168"
-         y="64.866302"
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan957-2-8-6-3-2">Hardknott </tspan><tspan
-         sodipodi:role="line"
-         x="653.72168"
-         y="82.862984"
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan10317-2-9-8">3.3</tspan></text>
     <g
        id="g1125-0"
-       transform="matrix(0.42240595,0,0,0.41654472,354.53445,-399.96314)"
+       transform="matrix(0.42240595,0,0,0.41654472,330.77064,-497.11721)"
        style="stroke:none;stroke-width:2.38399">
       <rect
          style="opacity:1;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:4.76797;stroke-opacity:1"
@@ -873,234 +842,149 @@
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1199.6055"
-       y="250.21216"
+       x="683.00983"
+       y="94.212761"
        id="text1185-9-7-1-1"><tspan
          sodipodi:role="line"
-         x="1199.6055"
-         y="250.21216"
+         x="683.00983"
+         y="94.212761"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345">Oct.</tspan><tspan
          sodipodi:role="line"
-         x="1199.6055"
-         y="268.20883"
+         x="683.00983"
+         y="112.20944"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906">2023</tspan></text>
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1439.3904"
-       y="249.86044"
+       x="922.79474"
+       y="93.861046"
        id="text1185-9-7-1-1-89"><tspan
          sodipodi:role="line"
-         x="1439.3904"
-         y="249.86044"
+         x="922.79474"
+         y="93.861046"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-7">Oct.</tspan><tspan
          sodipodi:role="line"
-         x="1439.3904"
-         y="267.85712"
+         x="922.79474"
+         y="111.85773"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-76">2024</tspan></text>
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1679.3094"
-       y="250.58356"
+       x="1162.7139"
+       y="94.58416"
        id="text1185-9-7-1-1-89-6"><tspan
          sodipodi:role="line"
-         x="1679.3094"
-         y="250.58356"
+         x="1162.7139"
+         y="94.58416"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-7-8">Oct.</tspan><tspan
          sodipodi:role="line"
-         x="1679.3094"
-         y="268.58023"
+         x="1162.7139"
+         y="112.58084"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-76-0">2025</tspan></text>
     <text
        xml:space="preserve"
-       style="font-weight:bold;font-size:6.66667px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="849.49744"
-       y="61.106953"
-       id="text1185-9-7-1-1-0"><tspan
-         sodipodi:role="line"
-         x="849.49744"
-         y="61.106953"
-         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:6.66667px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:end;text-anchor:end;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan46212">Support for this version was extended to leave</tspan><tspan
-         sodipodi:role="line"
-         x="849.49744"
-         y="70.105324"
-         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:6.66667px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:end;text-anchor:end;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan120364">users more time to adapt to override syntax</tspan><tspan
-         sodipodi:role="line"
-         x="849.49744"
-         y="79.103691"
-         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:6.66667px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:end;text-anchor:end;fill:#fffefe;fill-opacity:1;stroke:none"
-         id="tspan123280">changes in the 3.4 release.</tspan></text>
-    <text
-       xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="959.52008"
-       y="250.67822"
+       x="442.92441"
+       y="94.678825"
        id="text1185-9-7-1-1-0-7"><tspan
          sodipodi:role="line"
-         x="959.52008"
-         y="250.67822"
+         x="442.92441"
+         y="94.678825"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-42-7">Oct.</tspan><tspan
          sodipodi:role="line"
-         x="959.52008"
-         y="268.6749"
+         x="442.92441"
+         y="112.67551"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-9-6">2022</tspan></text>
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="719.13617"
-       y="250.21216"
-       id="text1185-9-7-1-1-2"><tspan
-         sodipodi:role="line"
-         x="719.13617"
-         y="250.21216"
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
-         id="tspan31345-1">Oct.</tspan><tspan
-         sodipodi:role="line"
-         x="719.13617"
-         y="268.20883"
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
-         id="tspan49906-5">2021</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="478.82367"
-       y="250.21216"
-       id="text1185-9-7-1-1-80"><tspan
-         sodipodi:role="line"
-         x="478.82367"
-         y="250.21216"
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
-         id="tspan31345-5">Oct.</tspan><tspan
-         sodipodi:role="line"
-         x="478.82367"
-         y="268.20883"
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
-         id="tspan49906-6">2020</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="361.81961"
-       y="250.07544"
-       id="text1185-9-7-1-1-8"><tspan
-         sodipodi:role="line"
-         x="361.81961"
-         y="250.07544"
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
-         id="tspan31345-4">Apr.</tspan><tspan
-         sodipodi:role="line"
-         x="361.81961"
-         y="268.07211"
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
-         id="tspan49906-7">2020</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="840.9248"
-       y="250.07544"
+       x="324.32913"
+       y="94.076042"
        id="text1185-9-7-1-1-8-1"><tspan
          sodipodi:role="line"
-         x="840.9248"
-         y="250.07544"
+         x="324.32913"
+         y="94.076042"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-4-0">Apr</tspan><tspan
          sodipodi:role="line"
-         x="840.9248"
-         y="268.07211"
+         x="324.32913"
+         y="112.07272"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-7-3">2022</tspan></text>
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1321.8608"
-       y="250.07544"
+       x="805.2652"
+       y="94.076042"
        id="text1185-9-7-1-1-8-1-0"><tspan
          sodipodi:role="line"
-         x="1321.8608"
-         y="250.07544"
+         x="805.2652"
+         y="94.076042"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-4-0-4">Apr.</tspan><tspan
          sodipodi:role="line"
-         x="1321.8608"
-         y="268.07211"
+         x="805.2652"
+         y="112.07272"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-7-3-8">2024</tspan></text>
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1561.8163"
-       y="249.66977"
+       x="1045.2207"
+       y="93.670372"
        id="text1185-9-7-1-1-8-1-0-4"><tspan
          sodipodi:role="line"
-         x="1561.8163"
-         y="249.66977"
+         x="1045.2207"
+         y="93.670372"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-4-0-4-81">Apr.</tspan><tspan
          sodipodi:role="line"
-         x="1561.8163"
-         y="267.66644"
+         x="1045.2207"
+         y="111.66705"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-7-3-8-2">2025</tspan></text>
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1802.1477"
-       y="250.26334"
+       x="1285.5521"
+       y="94.263939"
        id="text1185-9-7-1-1-8-1-0-4-2"><tspan
          sodipodi:role="line"
-         x="1802.1477"
-         y="250.26334"
+         x="1285.5521"
+         y="94.263939"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-4-0-4-81-5">Apr.</tspan><tspan
          sodipodi:role="line"
-         x="1802.1477"
-         y="268.26001"
+         x="1285.5521"
+         y="112.26062"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-7-3-8-2-8">2026</tspan></text>
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1081.4458"
-       y="250.07544"
+       x="564.85016"
+       y="94.076042"
        id="text1185-9-7-1-1-8-1-0-2"><tspan
          sodipodi:role="line"
-         x="1081.4458"
-         y="250.07544"
+         x="564.85016"
+         y="94.076042"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-4-0-4-8">Apr.</tspan><tspan
          sodipodi:role="line"
-         x="1081.4458"
-         y="268.07211"
+         x="564.85016"
+         y="112.07272"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-7-3-8-3">2023</tspan></text>
     <text
        xml:space="preserve"
-       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="602.51526"
-       y="250.07544"
-       id="text1185-9-7-1-1-8-1-7"><tspan
-         sodipodi:role="line"
-         x="602.51526"
-         y="250.07544"
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
-         id="tspan31345-4-0-5">Apr.</tspan><tspan
-         sodipodi:role="line"
-         x="602.51526"
-         y="268.07211"
-         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
-         id="tspan49906-7-3-6">2021</tspan></text>
-    <text
-       xml:space="preserve"
        style="font-weight:bold;font-size:42.5884px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
        x="-16.290483"
        y="345.7359"
@@ -1111,252 +995,117 @@
          y="345.7359" /></text>
     <path
        id="path29430"
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="M 319.99936,219.99912 H 2300 Z" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 360,219.99997 v 10.00004 0"
-       id="path29548" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 480,219.99996 v 10 0"
-       id="path29548-5" />
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.99503;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="M 307.54809,63.999718 H 2277.72 Z" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 600,219.99992 v 10.00005 0"
-       id="path29548-5-1" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 720,220.00002 v 9.99999 0"
-       id="path29548-5-1-3" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 840,220.00002 v 9.99995 0"
+       d="m 323.40434,64.000618 v 9.99995 0"
        id="path29548-5-1-3-6" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 960,220.00002 v 9.99999 0"
+       d="m 443.40434,64.000618 v 9.99999 0"
        id="path29548-5-1-3-6-3" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1080,220.00002 v 9.99999 0"
+       d="m 563.40434,64.000618 v 9.99999 0"
        id="path29548-5-1-3-6-3-1" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 380,219.99997 v 5.00004 0"
-       id="path29548-8"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 400,219.99997 v 5.00004 0"
-       id="path29548-8-5"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.999997;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 420,219.99997 v 5 0"
-       id="path29548-8-5-0"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282155" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.999997;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 440,219.99997 v 5 0"
-       id="path29548-8-5-0-6"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282155" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 460,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 500,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.999997;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 520,219.99997 v 5 0"
-       id="path29548-8-5-0-6-4-6-2-9"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282155" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 540,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 560,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 580,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8-1"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 620.266,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8-1-3"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 640,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 660,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 679.61073,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 700,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 740,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 760,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 780.36587,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 800,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 820,219.99997 v 5.00004 0"
-       id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6"
-       inkscape:transform-center-x="14.782001"
-       inkscape:transform-center-y="-0.085282837" />
-    <path
-       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 860,219.99997 v 5.00004 0"
+       d="m 343.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 880,219.99997 v 5.00004 0"
+       d="m 363.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 899.72384,219.99997 v 5.00004 0"
+       d="m 383.12818,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 920,219.99997 v 5.00004 0"
+       d="m 403.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 940,219.99997 v 5.00004 0"
+       d="m 423.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 980,219.99997 v 5.00004 0"
+       d="m 463.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1000,219.99997 v 5.00004 0"
+       d="m 483.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1020,219.99997 v 5.00004 0"
+       d="m 503.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1040,219.99997 v 5.00004 0"
+       d="m 523.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1059.7216,219.99997 v 5.00004 0"
+       d="m 543.12594,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-9"
        inkscape:transform-center-x="-14.78205"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1100,219.99997 v 5.00004 0"
+       d="m 583.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-0"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1120,219.99997 v 5.00004 0"
+       d="m 603.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-7"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1140,219.99997 v 5.00004 0"
+       d="m 623.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-5"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1160,219.99997 v 5.00004 0"
+       d="m 643.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-8"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1179.7216,219.99997 v 5.00004 0"
+       d="m 663.12594,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-9-7"
        inkscape:transform-center-x="-14.78205"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1320,219.99996 v 10 0"
+       d="m 803.40434,64.000558 v 10 0"
        id="path29548-5-1-3-6-3-1-0-8" />
     <g
-       id="g1267">
+       id="g1267"
+       transform="translate(-516.59566,-155.99941)">
       <path
          style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
          d="m 1200,220.00002 v 9.99999 0"
@@ -1394,7 +1143,7 @@
     </g>
     <g
        id="g1267-4"
-       transform="translate(240,-4e-5)">
+       transform="translate(-276.59566,-155.99945)">
       <path
          style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
          d="m 1200,220.00002 v 9.99999 0"
@@ -1432,7 +1181,7 @@
     </g>
     <g
        id="g1267-4-5"
-       transform="translate(480,-5e-5)">
+       transform="translate(-36.595659,-155.99946)">
       <path
          style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
          d="m 1200,220.00002 v 9.99999 0"
@@ -1470,7 +1219,7 @@
     </g>
     <g
        id="g1267-4-5-22"
-       transform="translate(600,-4e-5)">
+       transform="translate(83.404341,-155.99945)">
       <path
          style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
          d="m 1200,220.00002 v 9.99999 0"
@@ -1508,7 +1257,7 @@
     </g>
     <g
        id="g1267-4-5-9"
-       transform="translate(360,-4e-5)">
+       transform="translate(-156.59566,-155.99945)">
       <path
          style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
          d="m 1200,220.00002 v 9.99999 0"
@@ -1546,105 +1295,105 @@
     </g>
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1800,219.99997 v 9.99999 0"
+       d="m 1283.4043,64.000568 v 9.99999 0"
        id="path29548-5-1-3-6-3-1-0-3-4-2-0" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1340,219.99997 v 5.00004 0"
+       d="m 823.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-0-5-3"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1360,219.99997 v 5.00004 0"
+       d="m 843.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-7-5-0"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1380,219.99997 v 5.00004 0"
+       d="m 863.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-5-2-3"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1400,219.99997 v 5.00004 0"
+       d="m 883.40434,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-8-9-0"
        inkscape:transform-center-x="14.782001"
        inkscape:transform-center-y="-0.085282837" />
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 1419.7216,219.99997 v 5.00004 0"
+       d="m 903.12594,64.000568 v 5.00004 0"
        id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-9-7-0-9"
        inkscape:transform-center-x="-14.78205"
        inkscape:transform-center-y="-0.085282837" />
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="1919.3904"
-       y="249.86044"
+       x="1402.7948"
+       y="93.861046"
        id="text1185-9-7-1-1-89-62"><tspan
          sodipodi:role="line"
-         x="1919.3904"
-         y="249.86044"
+         x="1402.7948"
+         y="93.861046"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-7-6">Oct.</tspan><tspan
          sodipodi:role="line"
-         x="1919.3904"
-         y="267.85712"
+         x="1402.7948"
+         y="111.85773"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-76-7">2026</tspan></text>
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="2159.3093"
-       y="250.58356"
+       x="1642.7137"
+       y="94.58416"
        id="text1185-9-7-1-1-89-6-5"><tspan
          sodipodi:role="line"
-         x="2159.3093"
-         y="250.58356"
+         x="1642.7137"
+         y="94.58416"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-7-8-6">Oct.</tspan><tspan
          sodipodi:role="line"
-         x="2159.3093"
-         y="268.58023"
+         x="1642.7137"
+         y="112.58084"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-76-0-9">2027</tspan></text>
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="2041.8163"
-       y="249.66977"
+       x="1525.2207"
+       y="93.670372"
        id="text1185-9-7-1-1-8-1-0-4-8"><tspan
          sodipodi:role="line"
-         x="2041.8163"
-         y="249.66977"
+         x="1525.2207"
+         y="93.670372"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-4-0-4-81-7">Apr.</tspan><tspan
          sodipodi:role="line"
-         x="2041.8163"
-         y="267.66644"
+         x="1525.2207"
+         y="111.66705"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-7-3-8-2-2">2027</tspan></text>
     <text
        xml:space="preserve"
        style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="2282.1477"
-       y="250.26334"
+       x="1765.5521"
+       y="94.263939"
        id="text1185-9-7-1-1-8-1-0-4-2-8"><tspan
          sodipodi:role="line"
-         x="2282.1477"
-         y="250.26334"
+         x="1765.5521"
+         y="94.263939"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan31345-4-0-4-81-5-2">Apr.</tspan><tspan
          sodipodi:role="line"
-         x="2282.1477"
-         y="268.26001"
+         x="1765.5521"
+         y="112.26062"
          style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
          id="tspan49906-7-3-8-2-8-9">2028</tspan></text>
     <g
        id="g1267-4-9"
-       transform="translate(720,-3e-5)">
+       transform="translate(203.40434,-155.99944)">
       <path
          style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
          d="m 1200,220.00002 v 9.99999 0"
@@ -1682,7 +1431,7 @@
     </g>
     <g
        id="g1267-4-5-2"
-       transform="translate(960,-4e-5)">
+       transform="translate(443.40434,-155.99945)">
       <path
          style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
          d="m 1200,220.00002 v 9.99999 0"
@@ -1720,7 +1469,7 @@
     </g>
     <g
        id="g1267-4-5-9-9"
-       transform="translate(840,-3e-5)">
+       transform="translate(323.40434,-155.99944)">
       <path
          style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
          d="m 1200,220.00002 v 9.99999 0"
@@ -1758,8 +1507,390 @@
     </g>
     <path
        style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
-       d="m 2280,219.99998 v 9.99999 0"
+       d="m 1763.4043,64.000578 v 9.99999 0"
        id="path29548-5-1-3-6-3-1-0-3-4-2-0-0" />
+    <text
+       xml:space="preserve"
+       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="1885.6029"
+       y="94.285194"
+       id="text1185-9-7-1-1-8-1-0-4-2-8-2"><tspan
+         sodipodi:role="line"
+         x="1885.6029"
+         y="94.285194"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
+         id="tspan31345-4-0-4-81-5-2-8">Oct.</tspan><tspan
+         sodipodi:role="line"
+         x="1885.6029"
+         y="112.28188"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
+         id="tspan49906-7-3-8-2-8-9-9">2028</tspan></text>
+    <g
+       id="g1267-4-5-2-7"
+       transform="translate(563.45518,-155.9782)">
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1200,220.00002 v 9.99999 0"
+         id="path29548-5-1-3-6-3-1-0-3-4-1-3" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1220,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-0-5-0-0-5-6"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1240,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-7-5-3-5-9-1"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1260,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-5-2-0-9-9-2"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1280,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-8-9-9-4-1-9"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1299.7216,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-9-7-0-2-6-4-3"
+         inkscape:transform-center-x="-14.78205"
+         inkscape:transform-center-y="-0.085282837" />
+    </g>
+    <path
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 1883.4551,64.021829 v 9.99999 0"
+       id="path29548-5-1-3-6-3-1-0-3-4-2-0-0-1" />
+    <text
+       xml:space="preserve"
+       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="2005.5908"
+       y="94.339828"
+       id="text1185-9-7-1-1-8-1-0-4-2-8-2-4"><tspan
+         sodipodi:role="line"
+         x="2005.5908"
+         y="94.339828"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
+         id="tspan31345-4-0-4-81-5-2-8-7">Apr.</tspan><tspan
+         sodipodi:role="line"
+         x="2005.5908"
+         y="112.33651"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
+         id="tspan49906-7-3-8-2-8-9-9-8">2029</tspan></text>
+    <g
+       id="g1267-4-5-2-7-4"
+       transform="translate(683.44312,-155.92356)">
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1200,220.00002 v 9.99999 0"
+         id="path29548-5-1-3-6-3-1-0-3-4-1-3-5" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1220,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-0-5-0-0-5-6-0"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1240,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-7-5-3-5-9-1-3"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1260,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-5-2-0-9-9-2-6"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1280,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-8-9-9-4-1-9-1"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1299.7216,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-9-7-0-2-6-4-3-0"
+         inkscape:transform-center-x="-14.78205"
+         inkscape:transform-center-y="-0.085282837" />
+    </g>
+    <path
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 2003.443,64.076464 v 9.99999 0"
+       id="path29548-5-1-3-6-3-1-0-3-4-2-0-0-1-6" />
+    <text
+       xml:space="preserve"
+       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="2125.6079"
+       y="94.692207"
+       id="text1185-9-7-1-1-8-1-0-4-2-8-2-4-2"><tspan
+         sodipodi:role="line"
+         x="2125.6079"
+         y="94.692207"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
+         id="tspan31345-4-0-4-81-5-2-8-7-0">Oct.</tspan><tspan
+         sodipodi:role="line"
+         x="2125.6079"
+         y="112.68889"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
+         id="tspan49906-7-3-8-2-8-9-9-8-6">2029</tspan></text>
+    <g
+       id="g1267-4-5-2-7-4-1"
+       transform="translate(803.46019,-155.57118)">
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1200,220.00002 v 9.99999 0"
+         id="path29548-5-1-3-6-3-1-0-3-4-1-3-5-5" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1220,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-0-5-0-0-5-6-0-5"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1240,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-7-5-3-5-9-1-3-4"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1260,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-5-2-0-9-9-2-6-7"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1280,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-8-9-9-4-1-9-1-6"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1299.7216,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-9-7-0-2-6-4-3-0-5"
+         inkscape:transform-center-x="-14.78205"
+         inkscape:transform-center-y="-0.085282837" />
+    </g>
+    <path
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 2123.4601,64.428843 v 9.99999 0"
+       id="path29548-5-1-3-6-3-1-0-3-4-2-0-0-1-6-6" />
+    <path
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 2123.3825,64.223284 v 9.99999 0"
+       id="path29548-5-1-3-6-3-1-0-3-4-2-0-0-1-6-3" />
+    <text
+       xml:space="preserve"
+       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="2245.5474"
+       y="94.839027"
+       id="text1185-9-7-1-1-8-1-0-4-2-8-2-4-2-7"><tspan
+         sodipodi:role="line"
+         x="2245.5474"
+         y="94.839027"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
+         id="tspan31345-4-0-4-81-5-2-8-7-0-4">Apr.</tspan><tspan
+         sodipodi:role="line"
+         x="2245.5474"
+         y="112.83571"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-align:center;text-anchor:middle;stroke:none"
+         id="tspan49906-7-3-8-2-8-9-9-8-6-5">2030</tspan></text>
+    <g
+       id="g1267-4-5-2-7-4-1-2"
+       transform="translate(923.39972,-155.42436)">
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1200,220.00002 v 9.99999 0"
+         id="path29548-5-1-3-6-3-1-0-3-4-1-3-5-5-5" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1220,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-0-5-0-0-5-6-0-5-4"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1240,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-7-5-3-5-9-1-3-4-7"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1260,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-5-2-0-9-9-2-6-7-4"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1280,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-8-9-9-4-1-9-1-6-4"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1299.7216,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-9-7-0-2-6-4-3-0-5-3"
+         inkscape:transform-center-x="-14.78205"
+         inkscape:transform-center-y="-0.085282837" />
+    </g>
+    <g
+       id="g1267-4-5-2-7-4-1-2-0"
+       transform="translate(1043.3579,-155.33829)">
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1200,220.00002 v 9.99999 0"
+         id="path29548-5-1-3-6-3-1-0-3-4-1-3-5-5-5-6" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1220,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-0-5-0-0-5-6-0-5-4-8"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1240,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-7-5-3-5-9-1-3-4-7-9"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1260,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-5-2-0-9-9-2-6-7-4-2"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1280,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-8-9-9-4-1-9-1-6-4-6"
+         inkscape:transform-center-x="14.782001"
+         inkscape:transform-center-y="-0.085282837" />
+      <path
+         style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         d="m 1299.7216,219.99997 v 5.00004 0"
+         id="path29548-8-5-0-6-4-6-2-9-0-8-1-3-1-9-6-9-3-4-0-4-6-2-2-7-6-1-9-9-1-4-9-7-0-2-6-4-3-0-5-3-6"
+         inkscape:transform-center-x="-14.78205"
+         inkscape:transform-center-y="-0.085282837" />
+    </g>
+    <path
+       style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 2243.3996,64.575663 v 9.99999 0"
+       id="path29548-5-1-3-6-3-1-0-3-4-2-0-0-1-6-6-0" />
+    <rect
+       style="opacity:0.75;fill:#241f31;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:0.751473;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4-5-3-9-2-36"
+       width="38.418175"
+       height="23.151052"
+       x="2047.6135"
+       y="-45.172161"
+       ry="1.1605872" />
+    <rect
+       style="opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1.98878;stroke-dasharray:none;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4-5-3-9-2-36-7"
+       width="186.42949"
+       height="110.40546"
+       x="2036.5294"
+       y="-77.753708"
+       ry="5.5347452" />
+    <rect
+       style="opacity:0.75;fill:#241f31;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:0.50949;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4-5-3-9-2-6"
+       width="21.197233"
+       height="19.28739"
+       x="2053.8164"
+       y="-45.883858"
+       ry="0.96689767" />
+    <text
+       xml:space="preserve"
+       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="2132.4917"
+       y="-57.687912"
+       id="text1185-3-55-4-0-0-0-1-1-6-4-3-5"><tspan
+         sodipodi:role="line"
+         x="2132.4917"
+         y="-57.687912"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none"
+         id="tspan10317-2-9-1-4-6-5-6-6-5">Legend</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="2098.0986"
+       y="-31.899874"
+       id="text1185-3-55-4-0-0-0-1-1-6-4-3-5-2"><tspan
+         sodipodi:role="line"
+         x="2098.0986"
+         y="-31.899874"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans';text-align:center;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none"
+         id="tspan10317-2-9-1-4-6-5-6-6-5-9">Future</tspan></text>
+    <rect
+       style="opacity:1;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:0.50949;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4-5-3-9-2-6-1"
+       width="21.197233"
+       height="19.28739"
+       x="2053.8672"
+       y="-21.756365"
+       ry="0.96689767" />
+    <text
+       xml:space="preserve"
+       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="2128.7158"
+       y="-7.6722765"
+       id="text1185-3-55-4-0-0-0-1-1-6-4-3-5-2-2"><tspan
+         sodipodi:role="line"
+         x="2128.7158"
+         y="-7.6722765"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans';text-align:center;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none"
+         id="tspan10317-2-9-1-4-6-5-6-6-5-9-7">Current (Apr. 25)</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="2109.363"
+       y="16.03771"
+       id="text1185-3-55-4-0-0-0-1-1-6-4-3-5-2-2-9"><tspan
+         sodipodi:role="line"
+         x="2109.363"
+         y="16.03771"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans';text-align:center;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none"
+         id="tspan10317-2-9-1-4-6-5-6-6-5-9-7-3">End-of-life</tspan></text>
+    <rect
+       style="opacity:0.5;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:0.50949;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4-5-3-9-2-6-1-0"
+       width="21.197233"
+       height="19.28739"
+       x="2054.0239"
+       y="1.9667883"
+       ry="0.96689767" />
+    <rect
+       style="opacity:0.5;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1.85786;stroke-opacity:1"
+       id="rect917-0-0-4-4-9-4-5-6"
+       width="120.80748"
+       height="45.000004"
+       x="703.10553"
+       y="-165.72791"
+       ry="2.2558987" />
+    <text
+       xml:space="preserve"
+       style="font-weight:bold;font-size:13.3333px;line-height:125%;font-family:'Nimbus Roman';-inkscape-font-specification:'Nimbus Roman, Bold';letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;fill:#fffefe;fill-opacity:1;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="752.16809"
+       y="-147.18787"
+       id="text1185-3-55-4-0-0-0-1-2"><tspan
+         sodipodi:role="line"
+         x="752.16809"
+         y="-147.18787"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
+         id="tspan1">Nanbield</tspan><tspan
+         sodipodi:role="line"
+         x="752.16809"
+         y="-129.19119"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:13.3333px;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans Bold';text-align:center;text-anchor:middle;fill:#fffefe;fill-opacity:1;stroke:none"
+         id="tspan2">4.3</tspan></text>
   </g>
   <style
      type="text/css"
diff --git a/documentation/ref-manual/system-requirements.rst b/documentation/ref-manual/system-requirements.rst
index 0fc92550a5..b22572c6b4 100644
--- a/documentation/ref-manual/system-requirements.rst
+++ b/documentation/ref-manual/system-requirements.rst
@@ -62,8 +62,12 @@ supported on the following distributions:
 
 -  Ubuntu 22.04 (LTS)
 
+-  Ubuntu 23.04
+
 -  Fedora 38
 
+-  Fedora 39
+
 -  CentOS Stream 8
 
 -  Debian GNU/Linux 11 (Bullseye)
@@ -150,10 +154,27 @@ Ubuntu and Debian
 Here are the packages needed to build an image on a headless system
 with a supported Ubuntu or Debian Linux distribution::
 
-   $ sudo apt install &UBUNTU_HOST_PACKAGES_ESSENTIAL;
+   $ sudo apt install &UBUNTU_DEBIAN_HOST_PACKAGES_ESSENTIAL;
+
+You also need to ensure you have the ``en_US.UTF-8`` locale enabled::
+
+   $ locale --all-locales | grep en_US.utf8
+
+If this is not the case, you can reconfigure the ``locales`` package to add it
+(requires an interactive shell)::
+
+   $ sudo dpkg-reconfigure locales
 
 .. note::
 
+   -  If you are not in an interactive shell, ``dpkg-reconfigure`` will
+      not work as expected. To add the locale you will need to edit
+      ``/etc/locale.gen`` file to add/uncomment the ``en_US.UTF-8`` locale.
+      A naive way to do this as root is::
+
+         $ echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
+         $ locale-gen
+
    -  If your build system has the ``oss4-dev`` package installed, you
       might experience QEMU build failures due to the package installing
       its own custom ``/usr/include/linux/soundcard.h`` on the Debian
@@ -164,8 +185,12 @@ with a supported Ubuntu or Debian Linux distribution::
 
 Here are the packages needed to build Project documentation manuals::
 
-   $ sudo apt install git make inkscape texlive-latex-extra
-   $ sudo apt install sphinx python3-saneyaml python3-sphinx-rtd-theme
+   $ sudo apt install &UBUNTU_DEBIAN_HOST_PACKAGES_DOC;
+
+In addition to the previous packages, here are the packages needed to build the
+documentation in PDF format::
+
+   $ sudo apt install &UBUNTU_DEBIAN_HOST_PACKAGES_DOC_PDF;
 
 Fedora Packages
 ---------------
@@ -177,8 +202,13 @@ with a supported Fedora Linux distribution::
 
 Here are the packages needed to build Project documentation manuals::
 
-   $ sudo dnf install git make python3-pip which inkscape texlive-fncychap
-   &PIP3_HOST_PACKAGES_DOC;
+   $ sudo dnf install &FEDORA_HOST_PACKAGES_DOC;
+   $ sudo pip3 install &PIP3_HOST_PACKAGES_DOC;
+
+In addition to the previous packages, here are the packages needed to build the
+documentation in PDF format::
+
+   $ sudo dnf install &FEDORA_HOST_PACKAGES_DOC_PDF;
 
 openSUSE Packages
 -----------------
@@ -187,11 +217,17 @@ Here are the packages needed to build an image on a headless system
 with a supported openSUSE distribution::
 
    $ sudo zypper install &OPENSUSE_HOST_PACKAGES_ESSENTIAL;
+   $ sudo pip3 install &OPENSUSE_PIP3_HOST_PACKAGES_ESSENTIAL;
 
 Here are the packages needed to build Project documentation manuals::
 
-   $ sudo zypper install git make python3-pip which inkscape texlive-fncychap
-   &PIP3_HOST_PACKAGES_DOC;
+   $ sudo zypper install &OPENSUSE_HOST_PACKAGES_DOC;
+   $ sudo pip3 install &PIP3_HOST_PACKAGES_DOC;
+
+In addition to the previous packages, here are the packages needed to build the
+documentation in PDF format::
+
+   $ sudo zypper install &OPENSUSE_HOST_PACKAGES_DOC_PDF;
 
 
 AlmaLinux Packages
@@ -200,6 +236,10 @@ AlmaLinux Packages
 Here are the packages needed to build an image on a headless system
 with a supported AlmaLinux distribution::
 
+   $ sudo dnf install -y epel-release
+   $ sudo yum install dnf-plugins-core
+   $ sudo dnf config-manager --set-enabled crb
+   $ sudo dnf makecache
    $ sudo dnf install &ALMALINUX_HOST_PACKAGES_ESSENTIAL;
 
 .. note::
@@ -217,8 +257,20 @@ with a supported AlmaLinux distribution::
 
 Here are the packages needed to build Project documentation manuals::
 
-   $ sudo dnf install git make python3-pip which inkscape texlive-fncychap
-   &PIP3_HOST_PACKAGES_DOC;
+   $ sudo dnf install &ALMALINUX_HOST_PACKAGES_DOC;
+   $ sudo pip3 install &PIP3_HOST_PACKAGES_DOC;
+
+In addition to the previous packages, here are the packages needed to build the
+documentation in PDF format::
+
+   $ sudo dnf install &ALMALINUX_HOST_PACKAGES_DOC_PDF;
+
+.. warning::
+
+   Unlike Fedora or OpenSUSE, AlmaLinux does not provide the packages
+   ``texlive-collection-fontsextra``, ``texlive-collection-lang*`` and
+   ``texlive-collection-latexextra``, so you may run into issues. These may be
+   installed using `tlmgr <https://tug.org/texlive/tlmgr.html>`_.
 
 .. _system-requirements-buildtools:
 
@@ -319,7 +371,7 @@ If you would prefer not to use the ``install-buildtools`` script, you can instea
 download and run a pre-built :term:`buildtools` installer yourself with the following
 steps:
 
-#. Go to :yocto_dl:`/releases/yocto/yocto-&DISTRO;/buildtools/`, locate and
+#. Go to :yocto_dl:`/releases/yocto/&DISTRO_REL_LATEST_TAG;/buildtools/`, locate and
    download the ``.sh`` file corresponding to your host architecture
    and to :term:`buildtools`, :term:`buildtools-extended` or :term:`buildtools-make`.
 
diff --git a/documentation/ref-manual/tasks.rst b/documentation/ref-manual/tasks.rst
index 2e4b23408d..cf6b9876ca 100644
--- a/documentation/ref-manual/tasks.rst
+++ b/documentation/ref-manual/tasks.rst
@@ -616,8 +616,8 @@ information on how the root filesystem is created.
 
 Boots an image and performs runtime tests within the image. For
 information on automatically testing images, see the
-":ref:`dev-manual/runtime-testing:performing automated runtime testing`"
-section in the Yocto Project Development Tasks Manual.
+":ref:`test-manual/runtime-testing:performing automated runtime testing`"
+section in the Yocto Project Test Environment Manual.
 
 .. _ref-tasks-testimage_auto:
 
@@ -629,8 +629,8 @@ after it has been built. This task is enabled when you set
 :term:`TESTIMAGE_AUTO` equal to "1".
 
 For information on automatically testing images, see the
-":ref:`dev-manual/runtime-testing:performing automated runtime testing`"
-section in the Yocto Project Development Tasks Manual.
+":ref:`test-manual/runtime-testing:performing automated runtime testing`"
+section in the Yocto Project Test Environment Manual.
 
 Kernel-Related Tasks
 ====================
@@ -727,7 +727,7 @@ tool, which you then use to modify the kernel configuration.
            $ bitbake linux-yocto -c menuconfig
 
 
-See the ":ref:`kernel-dev/common:using \`\`menuconfig\`\``"
+See the ":ref:`kernel-dev/common:using ``menuconfig```"
 section in the Yocto Project Linux Kernel Development Manual for more
 information on this configuration tool.
 
@@ -751,7 +751,7 @@ which can then be applied by subsequent tasks such as
 
 Runs ``make menuconfig`` for the kernel. For information on
 ``menuconfig``, see the
-":ref:`kernel-dev/common:using \`\`menuconfig\`\``"
+":ref:`kernel-dev/common:using ``menuconfig```"
 section in the Yocto Project Linux Kernel Development Manual.
 
 .. _ref-tasks-savedefconfig:
diff --git a/documentation/ref-manual/terms.rst b/documentation/ref-manual/terms.rst
index b18c4183b6..9f61061415 100644
--- a/documentation/ref-manual/terms.rst
+++ b/documentation/ref-manual/terms.rst
@@ -63,7 +63,7 @@ universal, the list includes them just in case:
       This term refers to the area used by the OpenEmbedded build system for
       builds. The area is created when you ``source`` the setup environment
       script that is found in the Source Directory
-      (i.e. :ref:`ref-manual/structure:\`\`oe-init-build-env\`\``). The
+      (i.e. :ref:`ref-manual/structure:``oe-init-build-env```). The
       :term:`TOPDIR` variable points to the :term:`Build Directory`.
 
       You have a lot of flexibility when creating the :term:`Build Directory`.
@@ -452,7 +452,7 @@ universal, the list includes them just in case:
      the Source Directory, if you do, the top-level directory name of the
      Source Directory is derived from the Yocto Project release tarball.
      For example, downloading and unpacking poky tarballs from
-     :yocto_dl:`/releases/yocto/&DISTRO_REL_TAG;/`
+     :yocto_dl:`/releases/yocto/&DISTRO_REL_LATEST_TAG;/`
      results in a Source Directory whose root folder is named poky.
 
 
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index f694640c00..9406f3548c 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -143,7 +143,7 @@ system and gives an overview of their function and contents.
       information on how this variable is used.
 
    :term:`AR`
-      The minimal command and arguments used to run ``ar``.
+      The minimal command and arguments used to run :manpage:`ar <ar(1)>`.
 
    :term:`ARCHIVER_MODE`
       When used with the :ref:`ref-classes-archiver` class,
@@ -165,7 +165,8 @@ system and gives an overview of their function and contents.
       ``meta/classes/archiver.bbclass`` file in the :term:`Source Directory`.
 
    :term:`AS`
-      Minimal command and arguments needed to run the assembler.
+      Minimal command and arguments needed to run the :manpage:`assembler
+      <as(1)>`.
 
    :term:`ASSUME_PROVIDED`
       Lists recipe names (:term:`PN` values) BitBake does not
@@ -209,12 +210,11 @@ system and gives an overview of their function and contents.
          SRCREV = "${AUTOREV}"
 
       If you use the previous statement to retrieve the latest version of
-      software, you need to be sure :term:`PV` contains
-      ``${``\ :term:`SRCPV`\ ``}``. For example, suppose you have a kernel
-      recipe that inherits the :ref:`ref-classes-kernel` class and you
-      use the previous statement. In this example, ``${SRCPV}`` does not
-      automatically get into :term:`PV`. Consequently, you need to change
-      :term:`PV` in your recipe so that it does contain ``${SRCPV}``.
+      software, you need to make sure :term:`PV` contains the ``+`` sign so
+      :term:`bitbake` includes source control information to :term:`PKGV` when
+      packaging the recipe. For example::
+
+         PV = "6.10.y+git"
 
       For more information see the
       ":ref:`dev-manual/packages:automatically incrementing a package version number`"
@@ -225,6 +225,12 @@ system and gives an overview of their function and contents.
       must set this variable in your recipe. The
       :ref:`ref-classes-syslinux` class checks this variable.
 
+   :term:`AUTOTOOLS_SCRIPT_PATH`
+      When using the :ref:`ref-classes-autotools` class, the
+      :term:`AUTOTOOLS_SCRIPT_PATH` variable stores the location of the
+      different scripts used by the Autotools build system. The default
+      value for this variable is :term:`S`.
+
    :term:`AVAILTUNES`
       The list of defined CPU and Application Binary Interface (ABI)
       tunings (i.e. "tunes") available for use by the OpenEmbedded build
@@ -972,55 +978,165 @@ system and gives an overview of their function and contents.
       variable is a useful pointer in case a bug in the software being
       built needs to be manually reported.
 
+   :term:`BUILD_AR`
+      Specifies the architecture-specific :manpage:`archiver <ar(1)>` for the
+      build host, and its default definition is derived in part from
+      :term:`BUILD_PREFIX`::
+
+         BUILD_AR = "${BUILD_PREFIX}ar"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`AR` is set to the
+      value of this variable by default.
+
+      The :term:`BUILD_AR` variable should not be set manually, and is rarely
+      used in recipes as :term:`AR` contains the appropriate value depending on
+      the context (native or target recipes). Exception be made for target
+      recipes that need to use the :manpage:`archiver <ar(1)>` from the build
+      host at some point during the build.
+
    :term:`BUILD_ARCH`
       Specifies the architecture of the build host (e.g. ``i686``). The
       OpenEmbedded build system sets the value of :term:`BUILD_ARCH` from the
       machine name reported by the ``uname`` command.
 
+   :term:`BUILD_AS`
+      Specifies the architecture-specific :manpage:`assembler <as(1)>` for the
+      build host, and its default definition is derived in part from
+      :term:`BUILD_PREFIX`::
+
+         BUILD_AS = "${BUILD_PREFIX}as ${BUILD_AS_ARCH}"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`AS` is set to the
+      value of this variable by default.
+
+      The :term:`BUILD_AS` variable should not be set manually, and is rarely
+      used in recipes as :term:`AS` contains the appropriate value depending on
+      the context (native or target recipes). Exception be made for target
+      recipes that need to use the :manpage:`assembler <as(1)>` from the build
+      host at some point during the build.
+
    :term:`BUILD_AS_ARCH`
       Specifies the architecture-specific assembler flags for the build
       host. By default, the value of :term:`BUILD_AS_ARCH` is empty.
 
+   :term:`BUILD_CC`
+      Specifies the architecture-specific C compiler for the build host,
+      and its default definition is derived in part from :term:`BUILD_PREFIX`
+      and :term:`BUILD_CC_ARCH`::
+
+         BUILD_CC = "${CCACHE}${BUILD_PREFIX}gcc ${BUILD_CC_ARCH}"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`CC` is set to the
+      value of this variable by default.
+
+      The :term:`BUILD_CC` variable should not be set manually, and is rarely
+      used in recipes as :term:`CC` contains the appropriate value depending on
+      the context (native or target recipes). Exception be made for target
+      recipes that need to use the compiler from the build host at some point
+      during the build.
+
    :term:`BUILD_CC_ARCH`
       Specifies the architecture-specific C compiler flags for the build
       host. By default, the value of :term:`BUILD_CC_ARCH` is empty.
 
    :term:`BUILD_CCLD`
-      Specifies the linker command to be used for the build host when the C
-      compiler is being used as the linker. By default, :term:`BUILD_CCLD`
-      points to GCC and passes as arguments the value of
-      :term:`BUILD_CC_ARCH`, assuming
-      :term:`BUILD_CC_ARCH` is set.
+      Specifies the :manpage:`linker <ld(1)>` command to be used for the build
+      host when the C compiler is being used as the linker, and its default
+      definition is derived in part from :term:`BUILD_PREFIX` and
+      :term:`BUILD_CC_ARCH`::
+
+         BUILD_CCLD = "${BUILD_PREFIX}gcc ${BUILD_CC_ARCH}"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`CCLD` is set to
+      the value of this variable by default.
+
+      The :term:`BUILD_CCLD` variable should not be set manually, and is rarely
+      used in recipes as :term:`CCLD` contains the appropriate value depending on
+      the context (native or target recipes). Exception be made for target
+      recipes that need to use the :manpage:`linker <ld(1)>` from the build host
+      at some point during the build.
 
    :term:`BUILD_CFLAGS`
       Specifies the flags to pass to the C compiler when building for the
-      build host. When building in the ``-native`` context,
+      build host. When building a :ref:`ref-classes-native` recipe,
       :term:`CFLAGS` is set to the value of this variable by
       default.
 
+   :term:`BUILD_CPP`
+      Specifies the C preprocessor command (to both the C and the C++ compilers)
+      when building for the build host, and its default definition is derived in
+      part from :term:`BUILD_PREFIX` and :term:`BUILD_CC_ARCH`::
+
+         BUILD_CPP = "${BUILD_PREFIX}gcc ${BUILD_CC_ARCH} -E"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`CPP` is set to
+      the value of this variable by default.
+
+      The :term:`BUILD_CPP` variable should not be set manually, and is rarely
+      used in recipes as :term:`CPP` contains the appropriate value depending on
+      the context (native or target recipes). Exception be made for target
+      recipes that need to use the preprocessor from the build host at some
+      point during the build.
+
    :term:`BUILD_CPPFLAGS`
       Specifies the flags to pass to the C preprocessor (i.e. to both the C
       and the C++ compilers) when building for the build host. When
       building in the ``-native`` context, :term:`CPPFLAGS`
       is set to the value of this variable by default.
 
+   :term:`BUILD_CXX`
+      Specifies the architecture-specific C++ compiler for the build host,
+      and its default definition is derived in part from :term:`BUILD_PREFIX`
+      and :term:`BUILD_CC_ARCH`::
+
+         BUILD_CXX = "${CCACHE}${BUILD_PREFIX}g++ ${BUILD_CC_ARCH}"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`CXX` is set to
+      the value of this variable by default.
+
+      The :term:`BUILD_CXX` variable should not be set manually, and is rarely
+      used in recipes as :term:`CXX` contains the appropriate value depending on
+      the context (native or target recipes). Exception be made for target
+      recipes that need to use the C++ compiler from the build host at some
+      point during the build.
+
    :term:`BUILD_CXXFLAGS`
       Specifies the flags to pass to the C++ compiler when building for the
-      build host. When building in the ``-native`` context,
+      build host. When building a :ref:`ref-classes-native` recipe,
       :term:`CXXFLAGS` is set to the value of this variable
       by default.
 
    :term:`BUILD_FC`
-      Specifies the Fortran compiler command for the build host. By
-      default, :term:`BUILD_FC` points to Gfortran and passes as arguments the
-      value of :term:`BUILD_CC_ARCH`, assuming
-      :term:`BUILD_CC_ARCH` is set.
+      Specifies the Fortran compiler command for the build host, and its default
+      definition is derived in part from :term:`BUILD_PREFIX` and
+      :term:`BUILD_CC_ARCH`::
+
+         BUILD_FC = "${BUILD_PREFIX}gfortran ${BUILD_CC_ARCH}"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`FC` is set to the
+      value of this variable by default.
+
+      The :term:`BUILD_FC` variable should not be set manually, and is rarely
+      used in recipes as :term:`FC` contains the appropriate value depending on
+      the context (native or target recipes). Exception be made for target
+      recipes that need to use the Fortran compiler from the build host at some
+      point during the build.
 
    :term:`BUILD_LD`
-      Specifies the linker command for the build host. By default,
-      :term:`BUILD_LD` points to the GNU linker (ld) and passes as arguments
-      the value of :term:`BUILD_LD_ARCH`, assuming
-      :term:`BUILD_LD_ARCH` is set.
+      Specifies the linker command for the build host, and its default
+      definition is derived in part from :term:`BUILD_PREFIX` and
+      :term:`BUILD_LD_ARCH`::
+
+         BUILD_LD = "${BUILD_PREFIX}ld ${BUILD_LD_ARCH}"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`LD` is set to the
+      value of this variable by default.
+
+      The :term:`BUILD_LD` variable should not be set manually, and is rarely
+      used in recipes as :term:`LD` contains the appropriate value depending on
+      the context (native or target recipes). Exception be made for target
+      recipes that need to use the linker from the build host at some point
+      during the build.
 
    :term:`BUILD_LD_ARCH`
       Specifies architecture-specific linker flags for the build host. By
@@ -1028,10 +1144,58 @@ system and gives an overview of their function and contents.
 
    :term:`BUILD_LDFLAGS`
       Specifies the flags to pass to the linker when building for the build
-      host. When building in the ``-native`` context,
+      host. When building a :ref:`ref-classes-native` recipe,
       :term:`LDFLAGS` is set to the value of this variable
       by default.
 
+   :term:`BUILD_NM`
+      Specifies the architecture-specific utility to list symbols from object
+      files for the build host, and its default definition is derived in part
+      from :term:`BUILD_PREFIX`::
+
+         BUILD_NM = "${BUILD_PREFIX}nm"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`NM` is set to the
+      value of this variable by default.
+
+      The :term:`BUILD_NM` variable should not be set manually, and is rarely
+      used in recipes as :term:`NM` contains the appropriate value depending on
+      the context (native or target recipes). Exception be made for target
+      recipes that need to use the utility from the build host at some point
+      during the build.
+
+   :term:`BUILD_OBJCOPY`
+      Specifies the architecture-specific utility to copy object files for the
+      build host, and its default definition is derived in part from
+      :term:`BUILD_PREFIX`::
+
+         BUILD_OBJCOPY = "${BUILD_PREFIX}objcopy"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`OBJCOPY` is set
+      to the value of this variable by default.
+
+      The :term:`BUILD_OBJCOPY` variable should not be set manually, and is
+      rarely used in recipes as :term:`OBJCOPY` contains the appropriate value
+      depending on the context (native or target recipes). Exception be made for
+      target recipes that need to use the utility from the build host at some
+      point during the build.
+
+   :term:`BUILD_OBJDUMP`
+      Specifies the architecture-specific utility to display object files
+      information for the build host, and its default definition is derived in
+      part from :term:`BUILD_PREFIX`::
+
+         BUILD_OBJDUMP = "${BUILD_PREFIX}objdump"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`OBJDUMP` is set
+      to the value of this variable by default.
+
+      The :term:`BUILD_OBJDUMP` variable should not be set manually, and is
+      rarely used in recipes as :term:`OBJDUMP` contains the appropriate value
+      depending on the context (native or target recipes). Exception be made for
+      target recipes that need to use the utility from the build host at some
+      point during the build.
+
    :term:`BUILD_OPTIMIZATION`
       Specifies the optimization flags passed to the C compiler when
       building for the build host or the SDK. The flags are passed through
@@ -1052,11 +1216,53 @@ system and gives an overview of their function and contents.
       build system uses the :term:`BUILD_PREFIX` value to set the
       :term:`TARGET_PREFIX` when building for :ref:`ref-classes-native` recipes.
 
+   :term:`BUILD_RANLIB`
+      Specifies the architecture-specific utility to generate indexes for
+      archives for the build host, and its default definition is derived in part
+      from :term:`BUILD_PREFIX`::
+
+         BUILD_RANLIB = "${BUILD_PREFIX}ranlib -D"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`RANLIB` is set to
+      the value of this variable by default.
+
+      The :term:`BUILD_RANLIB` variable should not be set manually, and is
+      rarely used in recipes as :term:`RANLIB` contains the appropriate value
+      depending on the context (native or target recipes). Exception be made for
+      target recipes that need to use the utility from the build host at some
+      point during the build.
+
+   :term:`BUILD_READELF`
+      Specifies the architecture-specific utility to display information about
+      ELF files for the build host, and its default definition is derived in
+      part from :term:`BUILD_PREFIX`::
+
+         BUILD_READELF = "${BUILD_PREFIX}readelf"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`READELF` is set
+      to the value of this variable by default.
+
+      The :term:`BUILD_READELF` variable should not be set manually, and is
+      rarely used in recipes as :term:`READELF` contains the appropriate value
+      depending on the context (native or target recipes). Exception be made for
+      target recipes that need to use the utility from the build host at some
+      point during the build.
+
    :term:`BUILD_STRIP`
-      Specifies the command to be used to strip debugging symbols from
-      binaries produced for the build host. By default, :term:`BUILD_STRIP`
-      points to
-      ``${``\ :term:`BUILD_PREFIX`\ ``}strip``.
+      Specifies the command to be used to strip debugging symbols from binaries
+      produced for the build host, and its default definition is derived in part
+      from :term:`BUILD_PREFIX`::
+
+         BUILD_STRIP = "${BUILD_PREFIX}strip"
+
+      When building a :ref:`ref-classes-native` recipe, :term:`STRIP` is set to
+      the value of this variable by default.
+
+      The :term:`BUILD_STRIP` variable should not be set manually, and is
+      rarely used in recipes as :term:`STRIP` contains the appropriate value
+      depending on the context (native or target recipes). Exception be made for
+      target recipes that need to use the utility from the build host at some
+      point during the build.
 
    :term:`BUILD_SYS`
       Specifies the system, including the architecture and the operating
@@ -1252,6 +1458,10 @@ system and gives an overview of their function and contents.
    :term:`CC`
       The minimal command and arguments used to run the C compiler.
 
+   :term:`CCLD`
+      The minimal command and arguments used to run the linker when the C
+      compiler is being used as the linker.
+
    :term:`CFLAGS`
       Specifies the flags to pass to the C compiler. This variable is
       exported to an environment variable and thus made visible to the
@@ -1495,6 +1705,17 @@ system and gives an overview of their function and contents.
    :term:`CONFIGURE_FLAGS`
       The minimal arguments for GNU configure.
 
+   :term:`CONFIGURE_SCRIPT`
+      When using the :ref:`ref-classes-autotools` class, the
+      :term:`CONFIGURE_SCRIPT` variable stores the location of the ``configure``
+      script for the Autotools build system. The default definition for this
+      variable is::
+
+         CONFIGURE_SCRIPT ?= "${AUTOTOOLS_SCRIPT_PATH}/configure"
+
+      Where :term:`AUTOTOOLS_SCRIPT_PATH` is the location of the of the
+      Autotools build system scripts, which defaults to :term:`S`.
+
    :term:`CONFLICT_DISTRO_FEATURES`
       When inheriting the :ref:`ref-classes-features_check`
       class, this variable identifies distribution features that would be
@@ -1678,9 +1899,27 @@ system and gives an overview of their function and contents.
          variable only in certain contexts (e.g. when building for kernel
          and kernel module recipes).
 
+   :term:`CVE_CHECK_CREATE_MANIFEST`
+      Specifies whether to create a CVE manifest to place in the deploy
+      directory. The default is "1".
+
    :term:`CVE_CHECK_IGNORE`
       This variable is deprecated and should be replaced by :term:`CVE_STATUS`.
 
+   :term:`CVE_CHECK_MANIFEST_JSON`
+      Specifies the path to the CVE manifest in JSON format. See
+      :term:`CVE_CHECK_CREATE_MANIFEST`.
+
+   :term:`CVE_CHECK_MANIFEST_JSON_SUFFIX`
+      Allows to modify the JSON manifest suffix. See
+      :term:`CVE_CHECK_MANIFEST_JSON`.
+
+   :term:`CVE_CHECK_REPORT_PATCHED`
+      Specifies whether or not the :ref:`ref-classes-cve-check`
+      class should report patched or ignored CVEs. The default is "1", but you
+      may wish to set it to "0" if you do not need patched or ignored CVEs in
+      the logs.
+
    :term:`CVE_CHECK_SHOW_WARNINGS`
       Specifies whether or not the :ref:`ref-classes-cve-check`
       class should generate warning messages on the console when unpatched
@@ -1960,7 +2199,7 @@ system and gives an overview of their function and contents.
       resides within the :term:`Build Directory` as ``${TMPDIR}/deploy``.
 
       For more information on the structure of the Build Directory, see
-      ":ref:`ref-manual/structure:the build directory --- \`\`build/\`\``" section.
+      ":ref:`ref-manual/structure:the build directory --- ``build/```" section.
       For more detail on the contents of the ``deploy`` directory, see the
       ":ref:`overview-manual/concepts:images`",
       ":ref:`overview-manual/concepts:package feeds`", and
@@ -2002,7 +2241,7 @@ system and gives an overview of their function and contents.
       contents of :term:`IMGDEPLOYDIR` by the :ref:`ref-classes-image` class.
 
       For more information on the structure of the :term:`Build Directory`, see
-      ":ref:`ref-manual/structure:the build directory --- \`\`build/\`\``" section.
+      ":ref:`ref-manual/structure:the build directory --- ``build/```" section.
       For more detail on the contents of the ``deploy`` directory, see the
       ":ref:`overview-manual/concepts:images`" and
       ":ref:`overview-manual/concepts:application development sdk`" sections both in
@@ -2501,6 +2740,13 @@ system and gives an overview of their function and contents.
       external tools. See the :ref:`ref-classes-kernel-yocto` class in
       ``meta/classes-recipe`` to see how the variable is used.
 
+   :term:`EXTERNAL_KERNEL_DEVICETREE`
+      When inheriting :ref:`ref-classes-kernel-fitimage` and a
+      :term:`PREFERRED_PROVIDER` for ``virtual/dtb`` set to ``devicetree``, the
+      variable :term:`EXTERNAL_KERNEL_DEVICETREE` can be used to specify a
+      directory containing one or more compiled device tree or device tree
+      overlays to use.
+
    :term:`KERNEL_LOCALVERSION`
       This variable allows to append a string to the version
       of the kernel image. This corresponds to the ``CONFIG_LOCALVERSION``
@@ -2744,6 +2990,9 @@ system and gives an overview of their function and contents.
    :term:`FAKEROOTNOENV`
       See :term:`bitbake:FAKEROOTNOENV` in the BitBake manual.
 
+   :term:`FC`
+      The minimal command and arguments used to run the Fortran compiler.
+
    :term:`FEATURE_PACKAGES`
       Defines one or more packages to include in an image when a specific
       item is included in :term:`IMAGE_FEATURES`.
@@ -3323,6 +3572,20 @@ system and gives an overview of their function and contents.
       - mips
       - mipsel
 
+   :term:`HOST_AS_ARCH`
+      Specifies architecture-specific assembler flags.
+
+      Default initialization for :term:`HOST_AS_ARCH` varies depending on what
+      is being built:
+
+      -  :term:`TARGET_AS_ARCH` when building for the
+         target
+
+      -  :term:`BUILD_AS_ARCH` when building for the build host (i.e.
+         ``-native``)
+
+      -  :term:`SDK_AS_ARCH` when building for an SDK (i.e. ``nativesdk-``)
+
    :term:`HOST_CC_ARCH`
       Specifies architecture-specific compiler flags that are passed to the
       C compiler.
@@ -3336,8 +3599,20 @@ system and gives an overview of their function and contents.
       -  :term:`BUILD_CC_ARCH` when building for the build host (i.e.
          ``-native``)
 
-      -  ``BUILDSDK_CC_ARCH`` when building for an SDK (i.e.
-         ``nativesdk-``)
+      -  :term:`SDK_CC_ARCH` when building for an SDK (i.e. ``nativesdk-``)
+
+   :term:`HOST_LD_ARCH`
+      Specifies architecture-specific linker flags.
+
+      Default initialization for :term:`HOST_LD_ARCH` varies depending on what
+      is being built:
+
+      -  :term:`TARGET_LD_ARCH` when building for the target
+
+      -  :term:`BUILD_LD_ARCH` when building for the build host (i.e.
+         ``-native``)
+
+      -  :term:`SDK_LD_ARCH` when building for an SDK (i.e. ``nativesdk-``)
 
    :term:`HOST_OS`
       Specifies the name of the target operating system, which is normally
@@ -3878,6 +4153,36 @@ system and gives an overview of their function and contents.
 
          IMAGE_ROOTFS_EXTRA_SPACE = "41943040"
 
+   :term:`IMAGE_ROOTFS_MAXSIZE`
+      Defines the maximum allowed size of the generated image in kilobytes.
+      The build will fail if the generated image size exceeds this value.
+
+      The generated image size undergoes several calculation steps before being
+      compared to :term:`IMAGE_ROOTFS_MAXSIZE`.
+      In the first step, the size of the directory pointed to by :term:`IMAGE_ROOTFS`
+      is calculated.
+      In the second step, the result from the first step is multiplied
+      by :term:`IMAGE_OVERHEAD_FACTOR`.
+      In the third step, the result from the second step is compared with
+      :term:`IMAGE_ROOTFS_SIZE`. The larger value of these is added to
+      :term:`IMAGE_ROOTFS_EXTRA_SPACE`.
+      In the fourth step, the result from the third step is checked for
+      a decimal part. If it has one, it is rounded up to the next integer.
+      If it does not, it is simply converted into an integer.
+      In the fifth step, the :term:`IMAGE_ROOTFS_ALIGNMENT` is added to the result
+      from the fourth step and "1" is subtracted.
+      In the sixth step, the remainder of the division between the result
+      from the fifth step and :term:`IMAGE_ROOTFS_ALIGNMENT` is subtracted from the
+      result of the fifth step. In this way, the result from the fourth step is
+      rounded up to the nearest multiple of :term:`IMAGE_ROOTFS_ALIGNMENT`.
+
+      Thus, if the :term:`IMAGE_ROOTFS_MAXSIZE` is set, is compared with the result
+      of the above calculations and is independent of the final image type.
+      No default value is set for :term:`IMAGE_ROOTFS_MAXSIZE`.
+
+      It's a good idea to set this variable for images that need to fit on a limited
+      space (e.g. SD card, a fixed-size partition, ...).
+
    :term:`IMAGE_ROOTFS_SIZE`
       Defines the size in Kbytes for the generated image. The OpenEmbedded
       build system determines the final size for the generated image using
@@ -4059,6 +4364,23 @@ system and gives an overview of their function and contents.
       Set the variable to "1" to prevent the default dependencies from
       being added.
 
+   :term:`INHIBIT_DEFAULT_RUST_DEPS`
+      Prevents the :ref:`ref-classes-rust` class from automatically adding
+      its default build-time dependencies.
+
+      When a recipe inherits the :ref:`ref-classes-rust` class, several
+      tools such as ``rust-native`` and ``${RUSTLIB_DEP}`` (only added when cross-compiling) are added
+      to :term:`DEPENDS` to support the ``rust`` build process.
+
+      To prevent the build system from adding these dependencies automatically,
+      set the :term:`INHIBIT_DEFAULT_RUST_DEPS` variable as follows::
+
+         INHIBIT_DEFAULT_RUST_DEPS = "1"
+
+      By default, the value of :term:`INHIBIT_DEFAULT_RUST_DEPS` is empty. Setting
+      it to "0" does not disable inhibition. Only the empty string will disable
+      inhibition.
+
    :term:`INHIBIT_PACKAGE_DEBUG_SPLIT`
       Prevents the OpenEmbedded build system from splitting out debug
       information during packaging. By default, the build system splits out
@@ -4105,6 +4427,25 @@ system and gives an overview of their function and contents.
          even if the toolchain's binaries are strippable, there are other files
          needed for the build that are not strippable.
 
+   :term:`INHIBIT_UPDATERCD_BBCLASS`
+      Prevents the :ref:`ref-classes-update-rc.d` class from automatically
+      installing and registering SysV init scripts for packages.
+
+      When a recipe inherits the :ref:`ref-classes-update-rc.d` class, init
+      scripts are typically installed and registered for the packages listed in
+      :term:`INITSCRIPT_PACKAGES`. This ensures that the relevant
+      services are started and stopped at the appropriate runlevels using the
+      traditional SysV init system.
+
+      To prevent the build system from adding these scripts and configurations
+      automatically, set the :term:`INHIBIT_UPDATERCD_BBCLASS` variable as follows::
+
+         INHIBIT_UPDATERCD_BBCLASS = "1"
+
+      By default, the value of :term:`INHIBIT_UPDATERCD_BBCLASS` is empty. Setting
+      it to "0" does not disable inhibition. Only the empty string will disable
+      inhibition.
+
    :term:`INIT_MANAGER`
       Specifies the system init manager to use. Available options are:
 
@@ -4271,6 +4612,20 @@ system and gives an overview of their function and contents.
       See the :term:`MACHINE` variable for additional
       information.
 
+   :term:`INITRAMFS_MAXSIZE`
+      Defines the maximum allowed size of the :term:`Initramfs` image in Kbytes.
+      The build will fail if the :term:`Initramfs` image size exceeds this value.
+
+      The :term:`Initramfs` image size undergoes several calculation steps before
+      being compared to :term:`INITRAMFS_MAXSIZE`.
+      These steps are the same as those used for :term:`IMAGE_ROOTFS_MAXSIZE`
+      and are described in detail in that entry.
+
+      Thus, :term:`INITRAMFS_MAXSIZE` is compared with the result of the calculations
+      and is independent of the final image type (e.g. compressed).
+      A default value for :term:`INITRAMFS_MAXSIZE` is set in
+      :oe_git:`meta/conf/bitbake.conf </openembedded-core/tree/meta/conf/bitbake.conf>`.
+
    :term:`INITRAMFS_MULTICONFIG`
       Defines the multiconfig to create a multiconfig dependency to be used by
       the :ref:`ref-classes-kernel` class.
@@ -4336,8 +4691,7 @@ system and gives an overview of their function and contents.
 
       The value in :term:`INITSCRIPT_PARAMS` is passed through to the
       ``update-rc.d`` command. For more information on valid parameters,
-      please see the ``update-rc.d`` manual page at
-      https://manpages.debian.org/buster/init-system-helpers/update-rc.d.8.en.html
+      please see the manual page: :manpage:`update-rc.d <update-rc.d(8)>`.
 
    :term:`INSANE_SKIP`
       Specifies the QA checks to skip for a specific package within a
@@ -4454,15 +4808,8 @@ system and gives an overview of their function and contents.
       options not explicitly specified will be disabled in the kernel
       config.
 
-      In case :term:`KCONFIG_MODE` is not set the behaviour will depend on where
-      the ``defconfig`` file is coming from. An "in-tree" ``defconfig`` file
-      will be handled in ``alldefconfig`` mode, a ``defconfig`` file placed
-      in ``${WORKDIR}`` through a meta-layer will be handled in
-      ``allnoconfig`` mode.
-
-      An "in-tree" ``defconfig`` file can be selected via the
-      :term:`KBUILD_DEFCONFIG` variable. :term:`KCONFIG_MODE` does not need to
-      be explicitly set.
+      In case :term:`KCONFIG_MODE` is not set the ``defconfig`` file
+      will be handled in ``allnoconfig`` mode.
 
       A ``defconfig`` file compatible with ``allnoconfig`` mode can be
       generated by copying the ``.config`` file from a working Linux kernel
@@ -4906,7 +5253,8 @@ system and gives an overview of their function and contents.
       ``LAYERVERSION_mylayer``).
 
    :term:`LD`
-      The minimal command and arguments used to run the linker.
+      The minimal command and arguments used to run the :manpage:`linker
+      <ld(1)>`.
 
    :term:`LDFLAGS`
       Specifies the flags to pass to the linker. This variable is exported
@@ -5084,7 +5432,7 @@ system and gives an overview of their function and contents.
       The :term:`LINUX_VERSION` variable is used to define :term:`PV`
       for the recipe::
 
-         PV = "${LINUX_VERSION}+git${SRCPV}"
+         PV = "${LINUX_VERSION}+git"
 
    :term:`LINUX_VERSION_EXTENSION`
       A string extension compiled into the version string of the Linux
@@ -5512,7 +5860,7 @@ system and gives an overview of their function and contents.
       variable is set.
 
    :term:`NM`
-      The minimal command and arguments to run ``nm``.
+      The minimal command and arguments to run :manpage:`nm <nm(1)>`.
 
    :term:`NO_GENERIC_LICENSE`
       Avoids QA errors when you use a non-common, non-CLOSED license in a
@@ -5586,10 +5934,10 @@ system and gives an overview of their function and contents.
          NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot"
 
    :term:`OBJCOPY`
-      The minimal command and arguments to run ``objcopy``.
+      The minimal command and arguments to run :manpage:`objcopy <objcopy(1)>`.
 
    :term:`OBJDUMP`
-      The minimal command and arguments to run ``objdump``.
+      The minimal command and arguments to run :manpage:`objdump <objdump(1)>`.
 
    :term:`OE_BINCONFIG_EXTRA_MANGLE`
       When inheriting the :ref:`ref-classes-binconfig` class,
@@ -5614,14 +5962,6 @@ system and gives an overview of their function and contents.
 
          OECMAKE_GENERATOR = "Unix Makefiles"
 
-   :term:`OE_IMPORTS`
-      An internal variable used to tell the OpenEmbedded build system what
-      Python modules to import for every Python function run by the system.
-
-      .. note::
-
-         Do not set this variable. It is for internal use only.
-
    :term:`OE_INIT_ENV_SCRIPT`
       The name of the build environment setup script for the purposes of
       setting up the environment within the extensible SDK. The default
@@ -5684,6 +6024,13 @@ system and gives an overview of their function and contents.
    :term:`OPKG_MAKE_INDEX_EXTRA_PARAMS`
       Specifies extra parameters for the ``opkg-make-index`` command.
 
+   :term:`OPKGBUILDCMD`
+      The variable :term:`OPKGBUILDCMD` specifies the command used to build opkg
+      packages when using the :ref:`ref-classes-package_ipk` class. It is
+      defined in :ref:`ref-classes-package_ipk` as::
+
+          OPKGBUILDCMD ??= 'opkg-build -Z zstd -a "${ZSTD_DEFAULTS}"'
+
    :term:`OVERLAYFS_ETC_DEVICE`
       When the :ref:`ref-classes-overlayfs-etc` class is
       inherited, specifies the device to be mounted for the read/write
@@ -6450,7 +6797,7 @@ system and gives an overview of their function and contents.
       For examples of how this data is used, see the
       ":ref:`overview-manual/concepts:automatically added runtime dependencies`"
       section in the Yocto Project Overview and Concepts Manual and the
-      ":ref:`dev-manual/debugging:viewing package information with \`\`oe-pkgdata-util\`\``"
+      ":ref:`dev-manual/debugging:viewing package information with ``oe-pkgdata-util```"
       section in the Yocto Project Development Tasks Manual. For more
       information on the shared, global-state directory, see
       :term:`STAGING_DIR_HOST`.
@@ -6491,6 +6838,23 @@ system and gives an overview of their function and contents.
       The version of the package(s) built by the recipe. By default,
       :term:`PKGV` is set to :term:`PV`.
 
+      If :term:`PV` contains the ``+`` sign, source control information will be
+      included in :term:`PKGV` later in the packaging phase. For more
+      information, see the :doc:`/dev-manual/external-scm` section of the Yocto
+      Project Development Tasks Manual.
+
+      .. warning::
+
+         Since source control information is included in a late stage by the
+         :ref:`ref-classes-package` class, it cannot be seen from the BitBake
+         environment with ``bitbake -e`` or ``bitbake-getvar``. Instead, after
+         the package is built, the version information can be retrieved with
+         ``oe-pkgdata-util package-info <package name>``. See the
+         :ref:`dev-manual/debugging:Viewing Package Information with
+         ``oe-pkgdata-util``` section of the Yocto Project Development Tasks
+         Manual for more information on ``oe-pkgdata-util``.
+
+
    :term:`PN`
       This variable can have two separate functions depending on the
       context: a recipe name or a resulting package name.
@@ -6625,22 +6989,14 @@ system and gives an overview of their function and contents.
          string. You cannot use the wildcard character in any other
          location of the string.
 
-      The specified version is matched against :term:`PV`, which
-      does not necessarily match the version part of the recipe's filename.
-      For example, consider two recipes ``foo_1.2.bb`` and ``foo_git.bb``
-      where ``foo_git.bb`` contains the following assignment::
-
-         PV = "1.1+git${SRCPV}"
-
-      In this case, the correct way to select
-      ``foo_git.bb`` is by using an assignment such as the following::
-
-         PREFERRED_VERSION_foo = "1.1+git%"
+      The specified version is matched against :term:`PV`, which does not
+      necessarily match the version part of the recipe's filename.
 
-      Compare that previous example
-      against the following incorrect example, which does not work::
-
-         PREFERRED_VERSION_foo = "git"
+      If you want to select a recipe named ``foo_git.bb`` which has :term:`PV`
+      set to ``1.2.3+git``, you can do so by setting ```PREFERRED_VERSION_foo``
+      to ``1.2.3%`` (i.e. simply setting ``PREFERRED_VERSION_foo`` to ``git``
+      will not work as the name of the recipe isn't used, but rather its
+      :term:`PV` definition).
 
       Sometimes the :term:`PREFERRED_VERSION` variable can be set by
       configuration files in a way that is hard to change. You can use
@@ -6805,7 +7161,7 @@ system and gives an overview of their function and contents.
 
    :term:`PTEST_ENABLED`
       Specifies whether or not :ref:`Package
-      Test <dev-manual/packages:testing packages with ptest>` (ptest)
+      Test <test-manual/ptest:testing packages with ptest>` (ptest)
       functionality is enabled when building a recipe. You should not set
       this variable directly. Enabling and disabling building Package Tests
       at build time should be done by adding "ptest" to (or removing it
@@ -6862,7 +7218,7 @@ system and gives an overview of their function and contents.
          QA_EMPTY_DIRS_RECOMMENDATION:/dev = "but all devices must be created at runtime"
 
    :term:`RANLIB`
-      The minimal command and arguments to run ``ranlib``.
+      The minimal command and arguments to run :manpage:`ranlib <ranlib(1)>`.
 
    :term:`RCONFLICTS`
       The list of packages that conflict with packages. Note that packages
@@ -6999,6 +7355,9 @@ system and gives an overview of their function and contents.
       ":ref:`bitbake-user-manual/bitbake-user-manual-execution:dependencies`" sections in the
       BitBake User Manual for additional information on tasks and dependencies.
 
+   :term:`READELF`
+      The minimal command and arguments to run :manpage:`readelf <readelf(1)>`.
+
    :term:`RECIPE_MAINTAINER`
       This variable defines the name and e-mail address of the maintainer of a
       recipe. Such information can be used by human users submitted changes,
@@ -7093,17 +7452,12 @@ system and gives an overview of their function and contents.
          prefer to have a read-only root filesystem and prefer to keep
          writeable data in one place.
 
-      You can override the default by setting the variable in any layer or
-      in the ``local.conf`` file. Because the default is set using a "weak"
-      assignment (i.e. "??="), you can use either of the following forms to
-      define your override::
+      When setting ``INIT_MANAGER = systemd``, the default will be set to::
 
-         ROOT_HOME = "/root"
          ROOT_HOME ?= "/root"
 
-      These
-      override examples use ``/root``, which is probably the most commonly
-      used override.
+      You can also override the default by setting the variable in your distro
+      configuration or in the ``local.conf`` file.
 
    :term:`ROOTFS`
       Indicates a filesystem image to include as the root filesystem.
@@ -7348,11 +7702,21 @@ system and gives an overview of their function and contents.
 
       Only one archive type can be specified.
 
+   :term:`SDK_AS_ARCH`
+      Specifies architecture-specific assembler flags when building
+      :ref:`ref-classes-nativesdk` recipes. By default, the value of
+      :term:`SDK_AS_ARCH` equals the one of :term:`BUILD_AS_ARCH`.
+
    :term:`SDK_BUILDINFO_FILE`
       When using the :ref:`ref-classes-image-buildinfo` class,
       specifies the file in the SDK to write the build information into. The
       default value is "``/buildinfo``".
 
+   :term:`SDK_CC_ARCH`
+      Specifies the architecture-specific C compiler flags when building
+      :ref:`ref-classes-nativesdk` recipes. By default, the value of
+      :term:`SDK_CC_ARCH` equals the one of :term:`BUILD_CC_ARCH`.
+
    :term:`SDK_CUSTOM_TEMPLATECONF`
       When building the extensible SDK, if :term:`SDK_CUSTOM_TEMPLATECONF` is set to
       "1" and a ``conf/templateconf.cfg`` file exists in the :term:`Build Directory`
@@ -7434,6 +7798,11 @@ system and gives an overview of their function and contents.
       :term:`SDK_EXT_TYPE` is set to "minimal", and defaults to "1" if
       :term:`SDK_EXT_TYPE` is set to "full".
 
+   :term:`SDK_LD_ARCH`
+      Specifies architecture-specific linker flags when building
+      :ref:`ref-classes-nativesdk` recipes. By default, the value of
+      :term:`SDK_LD_ARCH` equals the one of :term:`BUILD_LD_ARCH`.
+
    :term:`SDK_NAME`
       The base name for SDK output files. The default value (as set in
       ``meta-poky/conf/distro/poky.conf``) is derived from the
@@ -7725,6 +8094,53 @@ system and gives an overview of their function and contents.
          might break at runtime if the interface of the recipe was changed
          after the other had been built.
 
+   :term:`SIGGEN_LOCKEDSIGS`
+     The list of locked tasks, with the form::
+
+       SIGGEN_LOCKEDSIGS += "<package>:<task>:<signature>"
+
+     If ``<signature>`` exists for the specified ``<task>`` and ``<package>``
+     in the sstate cache, BitBake will use the cached output instead of
+     rebuilding the ``<task>``. If it does not exist, BitBake will build the
+     ``<task>`` and the sstate cache will be used next time.
+
+     Example::
+
+       SIGGEN_LOCKEDSIGS += "bc:do_compile:09772aa4532512baf96d433484f27234d4b7c11dd9cda0d6f56fa1b7ce6f25f0"
+
+     You can obtain the signature of all the tasks for the recipe ``bc`` using::
+
+       bitbake -S none bc
+
+     Then you can look at files in ``build/tmp/stamps/<arch>/bc`` and look for
+     files like: ``<PV>.do_compile.sigdata.09772aa4532512baf96d433484f27234d4b7c11dd9cda0d6f56fa1b7ce6f25f0``.
+
+     Alternatively, you can also use :doc:`bblock </dev-manual/bblock>` to
+     generate this line for you.
+
+   :term:`SIGGEN_LOCKEDSIGS_TASKSIG_CHECK`
+     Specifies the debug level of task signature check. 3 levels are supported:
+
+     * ``info``: displays a "Note" message to remind the user that a task is locked
+       and the current signature matches the locked one.
+     * ``warn``: displays a "Warning" message if a task is locked and the current
+       signature does not match the locked one.
+     * ``error``: same as warn but displays an "Error" message and aborts.
+
+   :term:`SIGGEN_LOCKEDSIGS_TYPES`
+     Allowed overrides for :term:`SIGGEN_LOCKEDSIGS`. This is mainly used
+     for architecture specific locks. A common value for
+     :term:`SIGGEN_LOCKEDSIGS_TYPES` is ``${PACKAGE_ARCHS}``::
+
+       SIGGEN_LOCKEDSIGS_TYPES += "${PACKAGE_ARCHS}"
+
+       SIGGEN_LOCKEDSIGS_core2-64 += "bc:do_compile:09772aa4532512baf96d433484f27234d4b7c11dd9cda0d6f56fa1b7ce6f25f0"
+       SIGGEN_LOCKEDSIGS_cortexa57 += "bc:do_compile:12178eb6d55ef602a8fe638e49862fd247e07b228f0f08967697b655bfe4bb61"
+
+     Here, the ``do_compile`` task from ``bc`` will be locked only for
+     ``core2-64`` and ``cortexa57`` but not for other architectures such as
+     ``mips32r2``.
+
    :term:`SITEINFO_BITS`
       Specifies the number of bits for the target system CPU. The value
       should be either "32" or "64".
@@ -7835,6 +8251,31 @@ system and gives an overview of their function and contents.
 
          You can specify only a single URL in :term:`SOURCE_MIRROR_URL`.
 
+      .. note::
+
+         If the mirror is protected behind a username and password, the
+         :term:`build host` needs to be configured so the :term:`build system
+         <OpenEmbedded Build System>` is able to fetch from the mirror.
+
+         The recommended way to do that is by setting the following parameters
+         in ``$HOME/.netrc`` (``$HOME`` being the :term:`build host` home
+         directory)::
+
+            machine example.com
+            login <user>
+            password <password>
+
+         This file requires permissions set to ``400`` or ``600`` to prevent
+         other users from reading the file::
+
+            chmod 600 "$HOME/.netrc"
+
+         Another method to configure the username and password is from the URL
+         in :term:`SOURCE_MIRROR_URL` directly, with the ``user`` and ``pswd``
+         parameters::
+
+            SOURCE_MIRROR_URL = "http://example.com/my_source_mirror;user=<user>;pswd=<password>"
+
    :term:`SPDX_ARCHIVE_PACKAGED`
       This option allows to add to :term:`SPDX` output compressed archives
       of the files in the generated target packages.
@@ -8009,7 +8450,7 @@ system and gives an overview of their function and contents.
       class.
 
    :term:`SPL_SIGN_KEYNAME`
-      The name of keys used by the :ref:`ref-classes-kernel-fitimage` class
+      The name of keys used by the :ref:`ref-classes-uboot-sign` class
       for signing U-Boot FIT image stored in the :term:`SPL_SIGN_KEYDIR`
       directory. If we have for example a ``dev.key`` key and a ``dev.crt``
       certificate stored in the :term:`SPL_SIGN_KEYDIR` directory, you will
@@ -8115,21 +8556,23 @@ system and gives an overview of their function and contents.
       (SCM).
 
    :term:`SRCPV`
-      Returns the version string of the current package. This string is
-      used to help define the value of :term:`PV`.
+      The variable :term:`SRCPV` is deprecated. It was previously used to
+      include source control information in :term:`PV` for :term:`bitbake` to
+      work correctly but this is no longer a requirement. Source control
+      information will be automatically included by :term:`bitbake` in the
+      variable :term:`PKGV` during packaging if the ``+`` sign is present in
+      :term:`PV`.
 
-      The :term:`SRCPV` variable is defined in the ``meta/conf/bitbake.conf``
-      configuration file in the :term:`Source Directory` as
-      follows::
+      .. note::
 
-         SRCPV = "${@bb.fetch2.get_srcrev(d)}"
+         The :term:`SRCPV` variable used to be defined in the
+         ``meta/conf/bitbake.conf`` configuration file in the :term:`Source
+         Directory` as follows::
 
-      Recipes that need to define :term:`PV` do so with the help of the
-      :term:`SRCPV`. For example, the ``ofono`` recipe (``ofono_git.bb``)
-      located in ``meta/recipes-connectivity`` in the Source Directory
-      defines :term:`PV` as follows::
+            SRCPV = "${@bb.fetch2.get_srcrev(d)}"
 
-         PV = "0.12-git${SRCPV}"
+         The ``get_srcrev`` function can still be used to include source control
+         information in variables manually.
 
    :term:`SRCREV`
       The revision of the source code used to build the package. This
@@ -8240,10 +8683,38 @@ system and gives an overview of their function and contents.
              file://.* https://someserver.tld/share/sstate/PATH;downloadfilename=PATH \
              file://.* file:///some-local-dir/sstate/PATH"
 
+      .. note::
+
+         If the mirror is protected behind a username and password, the
+         :term:`build host` needs to be configured so the :term:`build system
+         <OpenEmbedded Build System>` is able to download the sstate cache using
+         authentication.
+
+         The recommended way to do that is by setting the following parameters
+         in ``$HOME/.netrc`` (``$HOME`` being the :term:`build host` home
+         directory)::
+
+            machine someserver.tld
+            login <user>
+            password <password>
+
+         This file requires permissions set to ``400`` or ``600`` to prevent
+         other users from reading the file::
+
+            chmod 600 "$HOME/.netrc"
+
+         Another method to configure the username and password is from the
+         URL in :term:`SSTATE_MIRRORS` directly, with the ``user`` and ``pswd``
+         parameters::
+
+            SSTATE_MIRRORS ?= "\
+                file://.* https://someserver.tld/share/sstate/PATH;user=<user>;pswd=<password>;downloadfilename=PATH \
+            "
+
       The Yocto Project actually shares the cache data objects built by its
       autobuilder::
 
-         SSTATE_MIRRORS ?= "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"
+         SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
 
       As such binary artifacts are built for the generic QEMU machines
       supported by the various Poky releases, they are less likely to be
@@ -8267,6 +8738,26 @@ system and gives an overview of their function and contents.
 
       For details on the process, see the :ref:`ref-classes-staging` class.
 
+   :term:`SSTATE_SKIP_CREATION`
+      The :term:`SSTATE_SKIP_CREATION` variable can be used to skip the
+      creation of :ref:`shared state <overview-manual/concepts:shared state cache>`
+      tarball files. It makes sense e.g. for image creation tasks as tarring images
+      and keeping them in sstate would consume a lot of disk space.
+
+      In general it is not recommended to use this variable as missing sstate
+      artefacts adversely impact the build, particularly for entries in the
+      middle of dependency chains. The case it can make sense is where the
+      size and time costs of the artefact are similar to just running the
+      tasks. This generally only applies to end artefact output like images.
+
+      The syntax to disable it for one task is::
+
+         SSTATE_SKIP_CREATION:task-image-complete = "1"
+
+      The syntax to disable it for the whole recipe is::
+
+         SSTATE_SKIP_CREATION = "1"
+
    :term:`STAGING_BASE_LIBDIR_NATIVE`
       Specifies the path to the ``/lib`` subdirectory of the sysroot
       directory for the build host.
@@ -8457,8 +8948,8 @@ system and gives an overview of their function and contents.
       places stamps. The default directory is ``${TMPDIR}/stamps``.
 
    :term:`STRIP`
-      The minimal command and arguments to run ``strip``, which is used to
-      strip symbols.
+      The minimal command and arguments to run :manpage:`strip <strip(1)>`,
+      which is used to strip symbols.
 
    :term:`SUMMARY`
       The short (72 characters or less) summary of the binary package for
@@ -9018,8 +9509,8 @@ system and gives an overview of their function and contents.
       file.
 
       For more information on testing images, see the
-      ":ref:`dev-manual/runtime-testing:performing automated runtime testing`"
-      section in the Yocto Project Development Tasks Manual.
+      ":ref:`test-manual/runtime-testing:performing automated runtime testing`"
+      section in the Yocto Project Test Environment Manual.
 
    :term:`TEST_SERIALCONTROL_CMD`
       For automated hardware testing, specifies the command to use to
@@ -9090,8 +9581,8 @@ system and gives an overview of their function and contents.
          TEST_SUITES = "test_A test_B"
 
       For more information on testing images, see the
-      ":ref:`dev-manual/runtime-testing:performing automated runtime testing`"
-      section in the Yocto Project Development Tasks Manual.
+      ":ref:`test-manual/runtime-testing:performing automated runtime testing`"
+      section in the Yocto Project Test Environment Manual.
 
    :term:`TEST_TARGET`
       Specifies the target controller to use when running tests against a
@@ -9109,8 +9600,8 @@ system and gives an overview of their function and contents.
       You can provide the following arguments with :term:`TEST_TARGET`:
 
       -  *"qemu":* Boots a QEMU image and runs the tests. See the
-         ":ref:`dev-manual/runtime-testing:enabling runtime tests on qemu`" section
-         in the Yocto Project Development Tasks Manual for more
+         ":ref:`test-manual/runtime-testing:enabling runtime tests on qemu`" section
+         in the Yocto Project Test Environment Manual for more
          information.
 
       -  *"simpleremote":* Runs the tests on target hardware that is
@@ -9125,8 +9616,8 @@ system and gives an overview of their function and contents.
             ``meta/lib/oeqa/controllers/simpleremote.py``.
 
       For information on running tests on hardware, see the
-      ":ref:`dev-manual/runtime-testing:enabling runtime tests on hardware`"
-      section in the Yocto Project Development Tasks Manual.
+      ":ref:`test-manual/runtime-testing:enabling runtime tests on hardware`"
+      section in the Yocto Project Test Environment Manual.
 
    :term:`TEST_TARGET_IP`
       The IP address of your hardware under test. The :term:`TEST_TARGET_IP`
@@ -9162,10 +9653,15 @@ system and gives an overview of their function and contents.
 
       For more information
       on enabling, running, and writing these tests, see the
-      ":ref:`dev-manual/runtime-testing:performing automated runtime testing`"
-      section in the Yocto Project Development Tasks Manual and the
+      ":ref:`test-manual/runtime-testing:performing automated runtime testing`"
+      section in the Yocto Project Test Environment Manual and the
       ":ref:`ref-classes-testimage`" section.
 
+   :term:`TESTIMAGE_FAILED_QA_ARTIFACTS`
+      When using the :ref:`ref-classes-testimage` class, the variable
+      :term:`TESTIMAGE_FAILED_QA_ARTIFACTS`  lists space-separated paths on the
+      target to retrieve onto the host.
+
    :term:`THISDIR`
       The directory in which the file BitBake is currently parsing is
       located. Do not manually set this variable.
@@ -9957,8 +10453,22 @@ system and gives an overview of their function and contents.
       ":ref:`ref-classes-insane`" section.
 
    :term:`WATCHDOG_TIMEOUT`
-      Specifies the timeout in seconds used by the ``watchdog`` recipe and
-      also by ``systemd`` during reboot. The default is 60 seconds.
+      Specifies the timeout in seconds used by the ``watchdog-config`` recipe
+      and also by ``systemd`` during reboot. The default is 60 seconds.
+
+   :term:`WIC_CREATE_EXTRA_ARGS`
+      If the :term:`IMAGE_FSTYPES` variable contains "wic", the build
+      will generate a
+      :ref:`Wic image <dev-manual/wic:creating partitioned images using wic>`
+      automatically when BitBake builds an image recipe. As part of
+      this process BitBake will invoke the "`wic create`" command. The
+      :term:`WIC_CREATE_EXTRA_ARGS` variable is placed at the end of this
+      command which allows the user to supply additional arguments.
+
+      One such useful purpose for this mechanism is to add the ``-D`` (or
+      ``--debug``) argument to the "`wic create`" command. This increases the
+      amount of debugging information written out to the Wic log during the
+      Wic creation process.
 
    :term:`WIRELESS_DAEMON`
       For ``connman`` and ``packagegroup-base``, specifies the wireless
diff --git a/documentation/sdk-manual/appendix-obtain.rst b/documentation/sdk-manual/appendix-obtain.rst
index d06d6ec6b5..a42cbc31bb 100644
--- a/documentation/sdk-manual/appendix-obtain.rst
+++ b/documentation/sdk-manual/appendix-obtain.rst
@@ -29,7 +29,7 @@ and then run the script to hand-install the toolchain.
 Follow these steps to locate and hand-install the toolchain:
 
 #. *Go to the Installers Directory:* Go to
-   :yocto_dl:`/releases/yocto/yocto-&DISTRO;/toolchain/`
+   :yocto_dl:`/releases/yocto/&DISTRO_REL_LATEST_TAG;/toolchain/`
 
 #. *Open the Folder for Your Build Host:* Open the folder that matches
    your :term:`Build Host` (i.e.
@@ -201,7 +201,7 @@ Follow these steps to extract the root filesystem:
    Image File:* You need to find and download the root filesystem image
    file that is appropriate for your target system. These files are kept
    in machine-specific folders in the
-   :yocto_dl:`Index of Releases </releases/yocto/yocto-&DISTRO;/machines/>`
+   :yocto_dl:`Index of Releases </releases/yocto/&DISTRO_REL_LATEST_TAG;/machines/>`
    in the "machines" directory.
 
    The machine-specific folders of the "machines" directory contain
@@ -245,7 +245,7 @@ Follow these steps to extract the root filesystem:
 
    Here is an example command that extracts the root filesystem
    from a previously built root filesystem image that was downloaded
-   from the :yocto_dl:`Index of Releases </releases/yocto/yocto-&DISTRO;/machines/>`.
+   from the :yocto_dl:`Index of Releases </releases/yocto/&DISTRO_REL_LATEST_TAG;/machines/>`.
    This command extracts the root filesystem into the ``core2-64-sato``
    directory::
 
diff --git a/documentation/sdk-manual/extensible.rst b/documentation/sdk-manual/extensible.rst
index 3f6a754d88..ab4956f466 100644
--- a/documentation/sdk-manual/extensible.rst
+++ b/documentation/sdk-manual/extensible.rst
@@ -87,7 +87,7 @@ Host` by running the ``*.sh`` installation script.
 You can download a tarball installer, which includes the pre-built
 toolchain, the ``runqemu`` script, the internal build system,
 ``devtool``, and support files from the appropriate
-:yocto_dl:`toolchain </releases/yocto/yocto-&DISTRO;/toolchain/>` directory within the Index of
+:yocto_dl:`toolchain </releases/yocto/&DISTRO_REL_LATEST_TAG;/toolchain/>` directory within the Index of
 Releases. Toolchains are available for several 32-bit and 64-bit
 architectures with the ``x86_64`` directories, respectively. The
 toolchains the Yocto Project provides are based off the
@@ -178,7 +178,7 @@ Running the Extensible SDK Environment Setup Script
 Once you have the SDK installed, you must run the SDK environment setup
 script before you can actually use the SDK.
 
-When using a SDK directly in a Yocto build, you will find the script in
+When using an SDK directly in a Yocto build, you will find the script in
 ``tmp/deploy/images/qemux86-64/`` in your :term:`Build Directory`.
 
 When using a standalone SDK installer, this setup script resides in
@@ -622,28 +622,91 @@ command:
       decide you do not want to proceed with your work. If you do use this
       command, realize that the source tree is preserved.
 
-``devtool ide-sdk`` configures IDEs for the extensible SDK
-----------------------------------------------------------
+``devtool ide-sdk`` configures IDEs and bootstraps SDKs
+-------------------------------------------------------
 
-``devtool ide-sdk`` automatically configures IDEs to use the extensible SDK.
-To make sure that all parts of the extensible SDK required by the generated
-IDE configuration are available, ``devtool ide-sdk`` uses BitBake in the
-background to bootstrap the extensible SDK.
+The ``devtool ide-sdk`` command can provide an IDE configuration for IDEs when
+working on the source code of one or more recipes.
+Depending on the programming language, and the build system used by the recipe,
+the tools required for cross-development and remote debugging are different.
+For example:
 
-The extensible SDK supports two different development modes.
-``devtool ide-sdk`` supports both of them:
+-  A C/C++ project usually uses CMake or Meson.
 
-#. *Modified mode*:
+-  A Python project uses setuptools or one of its successors.
+
+-  A Rust project uses Cargo.
+
+Also, the IDE plugins needed for the integration of a build system with the
+IDE and the corresponding settings are usually specific to these build-systems.
+To hide all these details from the user, ``devtool ide-sdk`` does two things:
+
+-  It generates any kind of SDK needed for cross-development and remote
+   debugging of the specified recipes.
+
+-  It generates the configuration for the IDE (and the IDE plugins) for using
+   the cross-toolchain and remote debugging tools provided by the SDK directly
+   from the IDE.
+
+For supported build systems the configurations generated by ``devtool ide-sdk``
+combine the advantages of the ``devtool modify`` based workflow
+(see :ref:`using_devtool`) with the advantages of the simple Environment Setup
+script based workflow (see :ref:`running_the_ext_sdk_env`) provided by Yocto's
+SDK or eSDK:
+
+-  The source code of the recipe is in the workspace created by
+   ``devtool modify`` or ``devtool add``.
+   Using ``devtool build``, ``devtool build-image``,
+   ``devtool deploy-target`` or ``bitbake`` is possible.
+   Also ``devtool ide-sdk`` can be used to update the SDK and the IDE
+   configuration at any time.
 
-   By default ``devtool ide-sdk`` generates IDE configurations for recipes in
-   workspaces created by ``devtool modify`` or ``devtool add`` as described in
-   :ref:`using_devtool`.  This mode creates IDE configurations with support for
-   advanced features, such as deploying the binaries to the remote target
-   device and performing remote debugging sessions. The generated IDE
-   configurations use the per recipe sysroots as Bitbake does internally.
+-  ``devtool ide-sdk`` aims to support multiple programming languages and
+   multiple IDEs natively. "Natively" means that the IDE is configured to call
+   the build tool (e.g. ``cmake`` or ``meson``) directly. This has several
+   advantages.
+   First of all, it is usually much faster to call for example ``cmake`` than
+   ``devtool build``.
+   It also allows to benefit from the very good integration that IDEs like
+   VSCode offer for tools like CMake or GDB.
+
+   However, supporting many programming languages and multiple
+   IDEs is quite an elaborate and constantly evolving thing. Support for IDEs
+   is therefore implemented as plugins. Plugins can also be provided by
+   optional layers.
 
-   In order to use the tool, a few settings are needed. As a starting example,
-   the following lines of code can be added to the ``local.conf`` file::
+So much about the introduction to the default mode of ``devtool sdk-ide`` which
+is called the "modified" mode because it uses the workspace created by
+``devtool modify`` and the per recipe :term:`Sysroots <Sysroot>` of BitBake.
+
+For some recipes and use cases, this default behavior of ``devtool ide-sdk``
+with full ``devtool`` and ``bitbake`` integration might not be suitable.
+To offer full feature parity with the SDK and the eSDK, ``devtool ide-sdk`` has
+a second mode called "shared" mode.
+If ``devtool ide-sdk`` is called with the ``--mode=shared`` option, it
+bootstraps an SDK directly from the BitBake environment, which offers the same
+Environment Setup script as described in :ref:`running_the_ext_sdk_env`.
+In addition to the (e)SDK installer-based setup, the IDE gets configured
+to use the shared :term:`Sysroots <Sysroot>` and the tools from the SDK.
+``devtool ide-sdk --mode=shared`` is basically a wrapper for the setup of the
+extensible SDK as described in :ref:`setting_up_ext_sdk_in_build`.
+
+The use of ``devtool ide-sdk`` is an alternative to using one of the SDK
+installers.
+``devtool ide-sdk`` allows the creation of SDKs that offer all the
+functionality of the SDK and the eSDK installers. Compared to the installers,
+however, the SDK created with ``devtool ide-sdk`` is much more flexible.
+For example, it is very easy to change the :term:`MACHINE` in the
+``local.conf`` file, update the layer meta data and then regenerate the SDK.
+
+Let's take a look at an example of how to use ``devtool ide-sdk`` in each of
+the two modes:
+
+#. *Modified mode*:
+
+   In order to use the ``devtool ide-sdk``, a few settings are needed. As a
+   starting example, the following lines of code can be added to the
+   ``local.conf`` file::
 
       # Build the companion debug file system
       IMAGE_GEN_DEBUGFS = "1"
@@ -666,15 +729,20 @@ The extensible SDK supports two different development modes.
       IMAGE_INSTALL:append = " my-recipe"
 
    Assuming the BitBake environment is set up correctly and a workspace has
-   been created for the recipe using ``devtool modify my-recipe``, the
+   been created for the recipe using ``devtool modify my-recipe`` or probably
+   even better by using ``devtool modify my-recipe --debug-build``, the
    following command can create the SDK and the configuration for VSCode in
    the recipe workspace::
 
       $ devtool ide-sdk my-recipe core-image-minimal --target root@192.168.7.2
 
-   The command requires an image recipe (``core-image-minimal`` for this example)
-   that is used to create the SDK. This firmware image should also be installed
-   on the target device.  It is possible to pass multiple package recipes.
+   The command requires an image recipe (``core-image-minimal`` for this
+   example) that is used to create the SDK.
+   This firmware image should also be installed on the target device.
+   It is possible to pass multiple package recipes::
+
+      $ devtool ide-sdk my-recipe-1 my-recipe-2 core-image-minimal --target root@192.168.7.2
+
    ``devtool ide-sdk`` tries to create an IDE configuration for all package
    recipes.
 
@@ -684,9 +752,9 @@ The extensible SDK supports two different development modes.
 
    For example, a CMake preset is created for a recipe that inherits
    :ref:`ref-classes-cmake`. In the case of VSCode, CMake presets are supported
-   by the CMake Tools plugin.  This is an example of how the build
-   configuration used by ``bitbake`` is exported to an IDE configuration that
-   gives exactly the same build results.
+   by the CMake Tools plugin. This is an example of how the build configuration
+   used by ``bitbake`` is exported to an IDE configuration that gives exactly
+   the same build results.
 
    Support for remote debugging with seamless integration into the IDE is
    important for a cross-SDK. ``devtool ide-sdk`` automatically generates the
@@ -699,23 +767,54 @@ The extensible SDK supports two different development modes.
       running on the target device, it is essential that the image built by
       ``devtool ide-sdk`` is running on the target device.
 
-   ``devtool ide-sdk`` aims to support multiple programming languages and
-   multiple IDEs natively. "Natively" means that the IDE is configured to call
-   the build tool (e.g. CMake or Meson) directly. This has several advantages.
-   First of all, it is much faster than ``devtool build``, but it also allows
-   to use the very good integration of tools like CMake or GDB in VSCode and
-   other IDEs. However, supporting many programming languages and multiple
-   IDEs is quite an elaborate and constantly evolving thing. Support for IDEs
-   is therefore implemented as plugins. Plugins can also be provided by
-   optional layers.
-
    The default IDE is VSCode. Some hints about using VSCode:
 
-   -  To work on the source code of a recipe an instance of VSCode is started in
-      the recipe's workspace. Example::
+   -  VSCode can be used to work on the BitBake recipes or the application
+      source code.
+      Usually there is one instance of VSCode running in the folder where the
+      BitBake recipes are. This instance has the
+      `Yocto Project BitBake plugin <https://marketplace.visualstudio.com/items?itemName=yocto-project.yocto-bitbake>`_
+      running.
+
+      .. warning::
+
+         Some VSCode plugins (Python, BitBake and others) need a reasonable
+         configuration to work as expected. Otherwise, some plugins try to
+         index the build directory of BitBake, which keeps your system quite
+         busy until an out of memory exception stops this nonsense.
+         Other plugins, such as the BitBake plugin, do not behave as expected.
+
+         To work around such issues, the ``oe-init-build-env`` script creates
+         an initial ``.vscode/settings.json`` file if ``code`` can be found
+         and the ``.vscode`` folder does not yet exist.
+         It is best to run ``oe-init-build-env`` once before starting VSCode.
+         An alternative approach is to use a build folder outside the layers,
+         e.g. ``oe-init-build-env ../build``.
+
+      The BitBake plugin also offers to create devtool workspaces and run
+      ``devtool ide-sdk`` with a few mouse clicks.
+      Of course, issuing commands in the terminal works as well.
+
+   -  To work on the source code of a recipe another instance of VSCode is
+      started in the recipe's workspace. Example::
 
          code build/workspace/sources/my-recipe
 
+      This instance of VSCode uses plugins that are useful for the development
+      of the application. ``devtool ide-sdk`` generates the necessary
+      ``extensions.json``, ``settings.json``, ``tasks.json`` and ``launch.json``
+      configuration files for all the involved plugins.
+
+      When the source code folder present in the workspace folder is opened in
+      VSCode for the first time, a pop-up message recommends installing the
+      required plugins.
+      After accepting the installation of the plugins, working with the source
+      code or some debugging tasks should work as usual with VSCode.
+
+      Starting the VSCode instances in the recipe workspace folders can also be
+      done by a mouse click on the recipe workspaces in the first VSCode
+      instance.
+
    -  To work with CMake press ``Ctrl + Shift + p``, type ``cmake``. This will
       show some possible commands like selecting a CMake preset, compiling or
       running CTest.
@@ -728,10 +827,9 @@ The extensible SDK supports two different development modes.
       show some possible commands like compiling or executing the unit tests.
 
       A note on running cross-compiled unit tests on the host: Meson enables
-      support for QEMU user-mode by default. It is expected that the execution
-      of the unit tests from the IDE will work easily without any additional
-      steps, provided that the code is suitable for execution on the host
-      machine.
+      support for QEMU user mode by default. It is expected that the execution
+      of the unit tests from the IDE will work without any additional steps,
+      given that the code is suitable for the execution on the host machine.
 
    -  For the deployment to the target device, just press ``Ctrl + Shift + p``,
       type ``task``.  Select ``install && deploy-target``.
@@ -742,23 +840,23 @@ The extensible SDK supports two different development modes.
       selected.  After selecting one of the generated configurations, press the
       "play" button.
 
-      Starting a remote debugging session automatically initiates the deployment
-      to the target device. If this is not desired, the
+      Starting a remote debugging session automatically initiates the
+      deployment to the target device. If this is not desired, the
       ``"dependsOn": ["install && deploy-target...]`` parameter of the tasks
       with ``"label": "gdbserver start...`` can be removed from the
       ``tasks.json`` file.
 
-      VSCode supports GDB with many different setups and configurations for many
-      different use cases.  However, most of these setups have some limitations
-      when it comes to cross-development, support only a few target
+      VSCode supports GDB with many different setups and configurations for
+      many different use cases.  However, most of these setups have some
+      limitations when it comes to cross-development, support only a few target
       architectures or require a high performance target device. Therefore
       ``devtool ide-sdk`` supports the classic, generic setup with GDB on the
       development host and gdbserver on the target device.
 
       Roughly summarized, this means:
 
-      -  The binaries are copied via SSH to the remote target device by a script
-         referred by ``tasks.json``.
+      -  The binaries are copied via SSH to the remote target device by a
+         script referred by ``tasks.json``.
 
       -  gdbserver is started on the remote target device via SSH by a script
          referred by ``tasks.json``.
@@ -783,8 +881,8 @@ The extensible SDK supports two different development modes.
    .. code-block:: sh
 
       # Create the SDK
-      devtool modify cmake-example
-      devtool ide-sdk cmake-example core-image-minimal -c --debug-build-config --ide=none
+      devtool modify cmake-example --debug-build
+      devtool ide-sdk cmake-example core-image-minimal -c --ide=none
 
       # Install the firmware on a target device or start QEMU
       runqemu
@@ -860,16 +958,9 @@ The extensible SDK supports two different development modes.
 
 #. *Shared sysroots mode*
 
-   For some recipes and use cases a per-recipe sysroot based SDK is not
-   suitable.  Optionally ``devtool ide-sdk`` configures the IDE to use the
-   toolchain provided by the extensible SDK as described in
-   :ref:`running_the_ext_sdk_env`. ``devtool ide-sdk --mode=shared`` is
-   basically a wrapper for the setup of the extensible SDK as described in
-   :ref:`setting_up_ext_sdk_in_build`. The IDE gets a configuration to use the
-   shared sysroots.
-
-   Creating a SDK with shared sysroots that contains all the dependencies needed
-   to work with ``my-recipe`` is possible with the following example command::
+   Creating an SDK with shared :term:`Sysroots <Sysroot>` that contains all the
+   dependencies needed to work with ``my-recipe`` is possible with the following
+   example command::
 
       $ devtool ide-sdk --mode=shared my-recipe
 
@@ -883,12 +974,14 @@ The extensible SDK supports two different development modes.
       echo "project(foo VERSION 1.0)" > kit-test/CMakeLists.txt
       code kit-test
 
-   If there is a CMake project in the workspace, cross-compilation is supported:
+   If there is a CMake project in the workspace, cross-compilation is
+   supported:
 
    - Press ``Ctrl + Shift + P``, type ``CMake: Scan for Kits``
    - Press ``Ctrl + Shift + P``, type ``CMake: Select a Kit``
 
-   Finally most of the features provided by CMake and the IDE should be available.
+   Finally most of the features provided by CMake and the IDE should be
+   available.
 
    Other IDEs than VSCode are supported as well. However,
    ``devtool ide-sdk --mode=shared --ide=none my-recipe`` is currently
diff --git a/documentation/sdk-manual/intro.rst b/documentation/sdk-manual/intro.rst
index e8fd191dbc..fbfc8c2ac7 100644
--- a/documentation/sdk-manual/intro.rst
+++ b/documentation/sdk-manual/intro.rst
@@ -173,7 +173,7 @@ You just need to follow these general steps:
    root filesystem images.
 
    If you are going to develop your application on hardware, go to the
-   :yocto_dl:`machines </releases/yocto/yocto-&DISTRO;/machines/>` download area and choose a
+   :yocto_dl:`machines </releases/yocto/&DISTRO_REL_LATEST_TAG;/machines/>` download area and choose a
    target machine area from which to download the kernel image and root
    filesystem. This download area could have several files in it that
    support development using actual hardware. For example, the area
@@ -183,7 +183,7 @@ You just need to follow these general steps:
 
    If you are going to develop your application and then run and test it
    using the QEMU emulator, go to the
-   :yocto_dl:`machines/qemu </releases/yocto/yocto-&DISTRO;/machines/qemu>` download area. From this
+   :yocto_dl:`machines/qemu </releases/yocto/&DISTRO_REL_LATEST_TAG;/machines/qemu>` download area. From this
    area, go down into the directory for your target architecture (e.g.
    ``qemux86_64`` for an Intel-based 64-bit architecture). Download the
    kernel, root filesystem, and any other files you need for your
diff --git a/documentation/sdk-manual/using.rst b/documentation/sdk-manual/using.rst
index f1ff0c76ca..bfb306abf5 100644
--- a/documentation/sdk-manual/using.rst
+++ b/documentation/sdk-manual/using.rst
@@ -43,7 +43,7 @@ Host` by running the ``*.sh`` installation script.
 
 You can download a tarball installer, which includes the pre-built
 toolchain, the ``runqemu`` script, and support files from the
-appropriate :yocto_dl:`toolchain </releases/yocto/yocto-&DISTRO;/toolchain/>` directory within
+appropriate :yocto_dl:`toolchain </releases/yocto/&DISTRO_REL_LATEST_TAG;/toolchain/>` directory within
 the Index of Releases. Toolchains are available for several 32-bit and
 64-bit architectures with the ``x86_64`` directories, respectively. The
 toolchains the Yocto Project provides are based off the
diff --git a/documentation/set_versions.py b/documentation/set_versions.py
index dec0780834..820bd64036 100755
--- a/documentation/set_versions.py
+++ b/documentation/set_versions.py
@@ -168,17 +168,29 @@ series = [k for k in release_series]
 previousseries = series[series.index(ourseries)+1:] or [""]
 lastlts = [k for k in previousseries if k in ltsseries] or "dunfell"
 
+latestreltag = subprocess.run(["git", "describe", "--abbrev=0", "--tags", "--match", "yocto-*"], capture_output=True, text=True).stdout
+latestreltag = latestreltag.strip()
+if latestreltag:
+    if latestreltag.startswith("yocto-"):
+        latesttag = latestreltag[6:]
+else:
+    # fallback on the calculated version
+    print("Did not find a tag with 'git describe', falling back to %s" % ourversion)
+    latestreltag = "yocto-" + ourversion
+    latesttag = ourversion
+
 print("Version calculated to be %s" % ourversion)
+print("Latest release tag found is %s" % latestreltag)
 print("Release series calculated to be %s" % ourseries)
 
 replacements = {
     "DISTRO" : ourversion,
+    "DISTRO_LATEST_TAG": latesttag,
     "DISTRO_NAME_NO_CAP" : ourseries,
     "DISTRO_NAME" : ourseries.capitalize(),
     "DISTRO_NAME_NO_CAP_MINUS_ONE" : previousseries[0],
     "DISTRO_NAME_NO_CAP_LTS" : lastlts[0],
     "YOCTO_DOC_VERSION" : ourversion,
-    "DISTRO_REL_TAG" : "yocto-" + ourversion,
     "DOCCONF_VERSION" : docconfver,
     "BITBAKE_SERIES" : bitbakeversion,
 }
@@ -316,3 +328,5 @@ with open('releases.rst', 'w') as f:
             if tag == release_series[series] or tag.startswith('%s.' % release_series[series]):
                 f.write('- :yocto_docs:`%s Documentation </%s>`\n' % (tag, tag))
         f.write('\n')
+
+
diff --git a/documentation/sphinx-static/favicon.ico b/documentation/sphinx-static/favicon.ico
new file mode 100644
index 0000000000..85a921e3ef
--- /dev/null
+++ b/documentation/sphinx-static/favicon.ico
diff --git a/documentation/sphinx-static/switchers.js.in b/documentation/sphinx-static/switchers.js.in
index 8c016859bc..b1c0812b53 100644
--- a/documentation/sphinx-static/switchers.js.in
+++ b/documentation/sphinx-static/switchers.js.in
@@ -133,7 +133,13 @@ by https://git.yoctoproject.org/yocto-autobuilder-helper/tree/scripts/run-docs-b
 
   function get_docroot_url() {
     var url = window.location.href;
+    // Try to get the variable from documentation_options.js
     var root = DOCUMENTATION_OPTIONS.URL_ROOT;
+    if (root == null) {
+      // In recent versions of Sphinx, URL_ROOT was removed from
+      // documentation_options.js, so get it like searchtools.js does.
+      root = document.documentElement.dataset.content_root;
+    }
 
     var urlarray = url.split('/');
     // Trim off anything after '/'
diff --git a/documentation/standards.md b/documentation/standards.md
index bc403e393e..8300d813dc 100644
--- a/documentation/standards.md
+++ b/documentation/standards.md
@@ -1,6 +1,6 @@
 # Standards for contributing to Yocto Project documentation
 
-This document attemps to standardize the way the Yocto Project
+This document attempts to standardize the way the Yocto Project
 documentation is created.
 
 It is currently a work in progress.
@@ -109,6 +109,21 @@ or in the BitBake User Manual
 If it is not described yet, the variable should be added to the
 glossary before or in the same patch it is used, so that `:term:` can be used.
 
+### Admonitions
+
+Sphinx has predefined admonitions that can be used to highlight a bit of text or
+add a side-note to the documentation. For example:
+
+```rst
+.. note::
+
+   This is a note admonition.
+```
+
+We try to limit our usage of these admonitions to `note` and `warning`, as the
+Sphinx documentation [warns](https://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html#directives)
+that most themes only style these two admonitions.
+
 ## ReStructured Text Syntax standards
 
 This section has not been filled yet
diff --git a/documentation/styles/config/vocabularies/Yocto/accept.txt b/documentation/styles/config/vocabularies/Yocto/accept.txt
index ca622ba412..7fedda8ae2 100644
--- a/documentation/styles/config/vocabularies/Yocto/accept.txt
+++ b/documentation/styles/config/vocabularies/Yocto/accept.txt
@@ -2,4 +2,5 @@ BitBake
 BSP
 crosstap
 OpenEmbedded
+sstate
 Yocto
diff --git a/documentation/test-manual/index.rst b/documentation/test-manual/index.rst
index 86a2f436ea..d365d337ea 100644
--- a/documentation/test-manual/index.rst
+++ b/documentation/test-manual/index.rst
@@ -12,6 +12,8 @@ Yocto Project Test Environment Manual
 
    intro
    test-process
+   ptest
+   runtime-testing
    understand-autobuilder
    reproducible-builds
    yocto-project-compatible
diff --git a/documentation/test-manual/intro.rst b/documentation/test-manual/intro.rst
index c31fd11c7a..caa0a8a792 100644
--- a/documentation/test-manual/intro.rst
+++ b/documentation/test-manual/intro.rst
@@ -51,13 +51,11 @@ fashion. Basically, during the development of a Yocto Project release,
 the Autobuilder tests if things work. The Autobuilder builds all test
 targets and runs all the tests.
 
-The Yocto Project uses now uses standard upstream
-Buildbot (`version 3.8 <https://docs.buildbot.net/3.8.0/>`__) to
-drive its integration and testing. Buildbot has a plug-in interface
-that the Yocto Project customizes using code from the
-``yocto-autobuilder2`` repository, adding its own console UI plugin. The
-resulting UI plug-in allows you to visualize builds in a way suited to
-the project's needs.
+The Yocto Project uses standard upstream Buildbot to drive its integration and
+testing. Buildbot has a plug-in interface that the Yocto Project customizes
+using code from the :yocto_git:`yocto-autobuilder2 </yocto-autobuilder2>`
+repository, adding its own console UI plugin. The resulting UI plug-in allows
+you to visualize builds in a way suited to the project's needs.
 
 A ``helper`` layer provides configuration and job management through
 scripts found in the ``yocto-autobuilder-helper`` repository. The
@@ -130,7 +128,9 @@ the following types of tests:
       $ bitbake image -c testimage
 
    The tests use the :ref:`ref-classes-testimage`
-   class and the :ref:`ref-tasks-testimage` task.
+   class and the :ref:`ref-tasks-testimage` task. See the
+   :ref:`test-manual/runtime-testing:Performing Automated Runtime Testing`
+   section of the Yocto Project Test Environment Manual for more information.
 
 -  *Layer Testing:* The Autobuilder has the possibility to test whether
    specific layers work with the test of the system. The layers tested
@@ -140,7 +140,7 @@ the following types of tests:
 -  *Package Testing:* A Package Test (ptest) runs tests against packages
    built by the OpenEmbedded build system on the target machine. See the
    :ref:`Testing Packages With
-   ptest <dev-manual/packages:Testing Packages With ptest>` section
+   ptest <test-manual/ptest:Testing Packages With ptest>` section
    in the Yocto Project Development Tasks Manual and the
    ":yocto_wiki:`Ptest </Ptest>`" Wiki page for more
    information on Ptest.
diff --git a/documentation/test-manual/ptest.rst b/documentation/test-manual/ptest.rst
new file mode 100644
index 0000000000..2c021af515
--- /dev/null
+++ b/documentation/test-manual/ptest.rst
@@ -0,0 +1,128 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+***************************
+Testing Packages With ptest
+***************************
+
+A Package Test (ptest) runs tests against packages built by the
+OpenEmbedded build system on the target machine. A ptest contains at
+least two items: the actual test, and a shell script (``run-ptest``)
+that starts the test. The shell script that starts the test must not
+contain the actual test --- the script only starts the test. On the other
+hand, the test can be anything from a simple shell script that runs a
+binary and checks the output to an elaborate system of test binaries and
+data files.
+
+The test generates output in the format used by Automake::
+
+   result: testname
+
+where the result can be ``PASS``, ``FAIL``, or ``SKIP``, and
+the testname can be any identifying string.
+
+For a list of Yocto Project recipes that are already enabled with ptest,
+see the :yocto_wiki:`Ptest </Ptest>` wiki page.
+
+.. note::
+
+   A recipe is "ptest-enabled" if it inherits the :ref:`ref-classes-ptest`
+   class.
+
+Adding ptest to Your Build
+==========================
+
+To add package testing to your build, add the :term:`DISTRO_FEATURES` and
+:term:`EXTRA_IMAGE_FEATURES` variables to your ``local.conf`` file, which
+is found in the :term:`Build Directory`::
+
+   DISTRO_FEATURES:append = " ptest"
+   EXTRA_IMAGE_FEATURES += "ptest-pkgs"
+
+Once your build is complete, the ptest files are installed into the
+``/usr/lib/package/ptest`` directory within the image, where ``package``
+is the name of the package.
+
+Running ptest
+=============
+
+The ``ptest-runner`` package installs a shell script that loops through
+all installed ptest test suites and runs them in sequence. Consequently,
+you might want to add this package to your image.
+
+Getting Your Package Ready
+==========================
+
+In order to enable a recipe to run installed ptests on target hardware,
+you need to prepare the recipes that build the packages you want to
+test. Here is what you have to do for each recipe:
+
+-  *Be sure the recipe inherits the* :ref:`ref-classes-ptest` *class:*
+   Include the following line in each recipe::
+
+      inherit ptest
+
+   .. note::
+
+      Classes for common frameworks already exist in :term:`OpenEmbedded-Core
+      (OE-Core)`, such as:
+
+      -  :oe_git:`go-ptest </openembedded-core/tree/meta/classes-recipe/go-ptest.bbclass>`
+      -  :ref:`ref-classes-ptest-cargo`
+      -  :ref:`ref-classes-ptest-gnome`
+      -  :oe_git:`ptest-perl </openembedded-core/tree/meta/classes-recipe/ptest-perl.bbclass>`
+      -  :oe_git:`ptest-python-pytest </openembedded-core/tree/meta/classes-recipe/ptest-python-pytest.bbclass>`
+
+      Inheriting these classes with the ``inherit`` keyword in your recipe will
+      make the next steps automatic.
+
+-  *Create run-ptest:* This script starts your test. Locate the
+   script where you will refer to it using
+   :term:`SRC_URI`. Here is an
+   example that starts a test for ``dbus``::
+
+      #!/bin/sh
+      cd test
+      make -k runtest-TESTS
+
+-  *Ensure dependencies are met:* If the test adds build or runtime
+   dependencies that normally do not exist for the package (such as
+   requiring "make" to run the test suite), use the
+   :term:`DEPENDS` and
+   :term:`RDEPENDS` variables in
+   your recipe in order for the package to meet the dependencies. Here
+   is an example where the package has a runtime dependency on "make"::
+
+      RDEPENDS:${PN}-ptest += "make"
+
+-  *Add a function to build the test suite:* Not many packages support
+   cross-compilation of their test suites. Consequently, you usually
+   need to add a cross-compilation function to the package.
+
+   Many packages based on Automake compile and run the test suite by
+   using a single command such as ``make check``. However, the host
+   ``make check`` builds and runs on the same computer, while
+   cross-compiling requires that the package is built on the host but
+   executed for the target architecture (though often, as in the case
+   for ptest, the execution occurs on the host). The built version of
+   Automake that ships with the Yocto Project includes a patch that
+   separates building and execution. Consequently, packages that use the
+   unaltered, patched version of ``make check`` automatically
+   cross-compiles.
+
+   Regardless, you still must add a ``do_compile_ptest`` function to
+   build the test suite. Add a function similar to the following to your
+   recipe::
+
+      do_compile_ptest() {
+          oe_runmake buildtest-TESTS
+      }
+
+-  *Ensure special configurations are set:* If the package requires
+   special configurations prior to compiling the test code, you must
+   insert a ``do_configure_ptest`` function into the recipe.
+
+-  *Install the test suite:* The :ref:`ref-classes-ptest` class
+   automatically copies the file ``run-ptest`` to the target and then runs make
+   ``install-ptest`` to run the tests. If this is not enough, you need
+   to create a ``do_install_ptest`` function and make sure it gets
+   called after the "make install-ptest" completes.
diff --git a/documentation/test-manual/reproducible-builds.rst b/documentation/test-manual/reproducible-builds.rst
index 91f94a5c74..aaf2e4541e 100644
--- a/documentation/test-manual/reproducible-builds.rst
+++ b/documentation/test-manual/reproducible-builds.rst
@@ -91,13 +91,21 @@ run::
 
    oe-selftest -r reproducible.ReproducibleTests.test_reproducible_builds
 
-This defaults to including a ``world`` build so, if other layers are added, it would
-also run the tests for recipes in the additional layers. Different build targets
-can be defined using the :term:`OEQA_REPRODUCIBLE_TEST_TARGET` variable in ``local.conf``.
-The first build will be run using :ref:`Shared State <overview-manual/concepts:Shared State>` if
-available, the second build explicitly disables
-:ref:`Shared State <overview-manual/concepts:Shared State>` except for recipes defined in
-the :term:`OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS` variable, and builds on the
+This defaults to including a ``world`` build so, if other layers are added, it
+would also run the tests for recipes in the additional layers. Different build
+targets can be defined using the :term:`OEQA_REPRODUCIBLE_TEST_TARGET` variable
+in ``local.conf``. For example, running reproducibility tests for only the
+``python3-numpy`` recipe can be done by setting::
+
+   OEQA_REPRODUCIBLE_TEST_TARGET = "python3-numpy"
+
+in local.conf before running the ``oe-selftest`` command shown above.
+
+Reproducibility builds the target list twice. The first build will be run using
+:ref:`Shared State <overview-manual/concepts:Shared State>` if available, the
+second build explicitly disables :ref:`Shared State
+<overview-manual/concepts:Shared State>` except for recipes defined in the
+:term:`OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS` variable, and builds on the
 specific host the build is running on. This means we can test reproducibility
 builds between different host distributions over time on the Autobuilder.
 
@@ -111,12 +119,8 @@ https://autobuilder.yocto.io/pub/repro-fail/ in the form ``oe-reproducible +
 The project's current reproducibility status can be seen at
 :yocto_home:`/reproducible-build-results/`
 
-You can also check the reproducibility status on supported host distributions:
-
--  CentOS: :yocto_ab:`/typhoon/#/builders/reproducible-centos`
--  Debian: :yocto_ab:`/typhoon/#/builders/reproducible-debian`
--  Fedora: :yocto_ab:`/typhoon/#/builders/reproducible-fedora`
--  Ubuntu: :yocto_ab:`/typhoon/#/builders/reproducible-ubuntu`
+You can also check the reproducibility status on the Autobuilder:
+:yocto_ab:`/valkyrie/#/builders/reproducible`.
 
 ===============================
 Can I test my layer or recipes?
diff --git a/documentation/dev-manual/runtime-testing.rst b/documentation/test-manual/runtime-testing.rst
index 7a2b42f25a..557e0530b0 100644
--- a/documentation/dev-manual/runtime-testing.rst
+++ b/documentation/test-manual/runtime-testing.rst
@@ -1,5 +1,6 @@
 .. SPDX-License-Identifier: CC-BY-SA-2.0-UK
 
+************************************
 Performing Automated Runtime Testing
 ************************************
 
@@ -153,7 +154,7 @@ options are available:
 
    If you choose "SystemdbootTarget", there are additional requirements
    and considerations. See the
-   ":ref:`dev-manual/runtime-testing:selecting systemdboottarget`" section, which
+   ":ref:`test-manual/runtime-testing:selecting systemdboottarget`" section, which
    follows, for more information.
 
 -  *"BeagleBoneTarget":* Choose "BeagleBoneTarget" if you are deploying
@@ -179,7 +180,7 @@ Selecting SystemdbootTarget
 
 If you did not set :term:`TEST_TARGET` to "SystemdbootTarget", then you do
 not need any information in this section. You can skip down to the
-":ref:`dev-manual/runtime-testing:running tests`" section.
+":ref:`test-manual/runtime-testing:running tests`" section.
 
 If you did set :term:`TEST_TARGET` to "SystemdbootTarget", you also need to
 perform a one-time setup of your controller image by doing the following:
diff --git a/documentation/test-manual/test-process.rst b/documentation/test-manual/test-process.rst
index 7bec5ba828..945b56830f 100644
--- a/documentation/test-manual/test-process.rst
+++ b/documentation/test-manual/test-process.rst
@@ -20,7 +20,7 @@ helps review and test patches and this is his testing tree).
 We have two broad categories of test builds, including "full" and
 "quick". On the Autobuilder, these can be seen as "a-quick" and
 "a-full", simply for ease of sorting in the UI. Use our Autobuilder
-:yocto_ab:`console view </typhoon/#/console>` to see where we manage most
+:yocto_ab:`console view </valkyrie/#/console>` to see where we manage most
 test-related items.
 
 Builds are triggered manually when the test branches are ready. The
diff --git a/documentation/test-manual/understand-autobuilder.rst b/documentation/test-manual/understand-autobuilder.rst
index 6b4fab4f0b..7f4d1be3cd 100644
--- a/documentation/test-manual/understand-autobuilder.rst
+++ b/documentation/test-manual/understand-autobuilder.rst
@@ -10,7 +10,7 @@ Execution Flow within the Autobuilder
 The "a-full" and "a-quick" targets are the usual entry points into the
 Autobuilder and it makes sense to follow the process through the system
 starting there. This is best visualized from the :yocto_ab:`Autobuilder
-Console view </typhoon/#/console>`.
+Console view </valkyrie/#/console>`.
 
 Each item along the top of that view represents some "target build" and
 these targets are all run in parallel. The 'full' build will trigger the
diff --git a/documentation/toaster-manual/reference.rst b/documentation/toaster-manual/reference.rst
index 755b895cee..3050b5d0f5 100644
--- a/documentation/toaster-manual/reference.rst
+++ b/documentation/toaster-manual/reference.rst
@@ -546,7 +546,7 @@ database.
 
 You need to run the ``buildslist`` command first to identify existing
 builds in the database before using the
-:ref:`toaster-manual/reference:\`\`builddelete\`\`` command. Here is an
+:ref:`toaster-manual/reference:``builddelete``` command. Here is an
 example that assumes default repository and :term:`Build Directory` names:
 
 .. code-block:: shell
@@ -555,7 +555,7 @@ example that assumes default repository and :term:`Build Directory` names:
    $ python ../bitbake/lib/toaster/manage.py buildslist
 
 If your Toaster database had only one build, the above
-:ref:`toaster-manual/reference:\`\`buildslist\`\``
+:ref:`toaster-manual/reference:``buildslist```
 command would return something like the following::
 
    1: qemux86 poky core-image-minimal
@@ -576,7 +576,7 @@ the database.
 
 Prior to running the ``builddelete`` command, you need to get the ID
 associated with builds by using the
-:ref:`toaster-manual/reference:\`\`buildslist\`\`` command.
+:ref:`toaster-manual/reference:``buildslist``` command.
 
 ``perf``
 --------
diff --git a/meta-poky/conf/distro/poky.conf b/meta-poky/conf/distro/poky.conf
index 47e55683cf..9eff80491b 100644
--- a/meta-poky/conf/distro/poky.conf
+++ b/meta-poky/conf/distro/poky.conf
@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "5.0.4"
+DISTRO_VERSION = "5.0.10"
 DISTRO_CODENAME = "scarthgap"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}"
@@ -38,14 +38,19 @@ SANITY_TESTED_DISTROS ?= " \
             ubuntu-20.04 \n \
             ubuntu-22.04 \n \
             ubuntu-23.04 \n \
+            ubuntu-24.04 \n \
             fedora-38 \n \
             fedora-39 \n \
+            fedora-40 \n \
             centosstream-8 \n \
             debian-11 \n \
             debian-12 \n \
             opensuseleap-15.4 \n \
             almalinux-8.8 \n \
+            almalinux-8.9 \n \
+            almalinux-8.10 \n \
             almalinux-9.2 \n \
+            almalinux-9.4 \n \
             rocky-9 \n \
             "
 # add poky sanity bbclass
diff --git a/meta-poky/conf/templates/default/local.conf.sample b/meta-poky/conf/templates/default/local.conf.sample
index 72d3566294..b6071e2821 100644
--- a/meta-poky/conf/templates/default/local.conf.sample
+++ b/meta-poky/conf/templates/default/local.conf.sample
@@ -239,10 +239,7 @@ BB_DISKMON_DIRS ??= "\
 # Using the CDN rather than the yoctoproject.org address is suggested/preferred.
 #
 #BB_HASHSERVE_UPSTREAM = 'wss://hashserv.yoctoproject.org/ws'
-#SSTATE_MIRRORS ?= "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"
-#
-###SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
-
+#SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
 
 #
 # Qemu configuration
diff --git a/meta/classes-global/license.bbclass b/meta/classes-global/license.bbclass
index b2e0d3faba..d7c5d08a77 100644
--- a/meta/classes-global/license.bbclass
+++ b/meta/classes-global/license.bbclass
@@ -18,8 +18,14 @@ LICENSE_CREATE_PACKAGE ??= "0"
 LICENSE_PACKAGE_SUFFIX ??= "-lic"
 LICENSE_FILES_DIRECTORY ??= "${datadir}/licenses/"
 
+LICENSE_DEPLOY_PATHCOMPONENT = "${SSTATE_PKGARCH}"
+LICENSE_DEPLOY_PATHCOMPONENT:class-cross = "native"
+LICENSE_DEPLOY_PATHCOMPONENT:class-native = "native"
+# Ensure the *value* of SSTATE_PKGARCH is captured as it is used in the output paths
+LICENSE_DEPLOY_PATHCOMPONENT[vardepvalue] += "${LICENSE_DEPLOY_PATHCOMPONENT}"
+
 addtask populate_lic after do_patch before do_build
-do_populate_lic[dirs] = "${LICSSTATEDIR}/${PN}"
+do_populate_lic[dirs] = "${LICSSTATEDIR}/${LICENSE_DEPLOY_PATHCOMPONENT}/${PN}"
 do_populate_lic[cleandirs] = "${LICSSTATEDIR}"
 
 python do_populate_lic() {
@@ -29,7 +35,7 @@ python do_populate_lic() {
     lic_files_paths = find_license_files(d)
 
     # The base directory we wrangle licenses to
-    destdir = os.path.join(d.getVar('LICSSTATEDIR'), d.getVar('SSTATE_PKGARCH'), d.getVar('PN'))
+    destdir = os.path.join(d.getVar('LICSSTATEDIR'), d.getVar('LICENSE_DEPLOY_PATHCOMPONENT'), d.getVar('PN'))
     copy_license_files(lic_files_paths, destdir)
     info = get_recipe_info(d)
     with open(os.path.join(destdir, "recipeinfo"), "w") as f:
diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass
index 2e3e4e8c79..4a700ec124 100644
--- a/meta/classes-global/package_rpm.bbclass
+++ b/meta/classes-global/package_rpm.bbclass
@@ -10,7 +10,7 @@ IMAGE_PKGTYPE ?= "rpm"
 
 RPM = "rpm"
 RPMBUILD = "rpmbuild"
-RPMBUILD_COMPMODE ?= "${@'w19T%d.zstdio' % int(d.getVar('ZSTD_THREADS'))}"
+RPMBUILD_COMPMODE ?= "${@'w3T%d.zstdio' % int(d.getVar('ZSTD_THREADS'))}"
 
 PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms"
 
@@ -205,14 +205,22 @@ python write_specfile () {
                 try:
                     owner = pwd.getpwuid(stat_f.st_uid).pw_name
                 except Exception as e:
-                    bb.error("Content of /etc/passwd in sysroot:\n{}".format(
-                        open(d.getVar("RECIPE_SYSROOT") +"/etc/passwd").read()))
+                    filename = d.getVar('RECIPE_SYSROOT') + '/etc/passwd'
+                    if os.path.exists(filename):
+                        bb.error("Content of /etc/passwd in sysroot:\n{}".format(
+                            open(filename).read()))
+                    else:
+                        bb.error("File {} doesn't exist in sysroot!".format(filename))
                     raise e
                 try:
                     group = grp.getgrgid(stat_f.st_gid).gr_name
                 except Exception as e:
-                    bb.error("Content of /etc/group in sysroot:\n{}".format(
-                        open(d.getVar("RECIPE_SYSROOT") +"/etc/group").read()))
+                    filename = d.getVar("RECIPE_SYSROOT") +"/etc/group"
+                    if os.path.exists(filename):
+                        bb.error("Content of /etc/group in sysroot:\n{}".format(
+                            open(filename).read()))
+                    else:
+                        bb.error("File {} doesn't exists in sysroot!".format(filename))
                     raise e
                 return "%attr({:o},{},{}) ".format(mode, owner, group)
 
@@ -705,6 +713,7 @@ python do_package_rpm () {
     cmd = cmd + " --define '_use_internal_dependency_generator 0'"
     cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'"
     cmd = cmd + " --define '_build_id_links none'"
+    cmd = cmd + " --define '_smp_ncpus_max 4'"
     cmd = cmd + " --define '_source_payload %s'" % rpmbuild_compmode
     cmd = cmd + " --define '_binary_payload %s'" % rpmbuild_compmode
     cmd = cmd + " --define 'clamp_mtime_to_source_date_epoch 1'"
diff --git a/meta/classes-global/sanity.bbclass b/meta/classes-global/sanity.bbclass
index 1d242f0f0a..a0b2508e11 100644
--- a/meta/classes-global/sanity.bbclass
+++ b/meta/classes-global/sanity.bbclass
@@ -475,6 +475,31 @@ def check_wsl(d):
             bb.warn("You are running bitbake under WSLv2, this works properly but you should optimize your VHDX file eventually to avoid running out of storage space")
     return None
 
+def check_userns():
+    """
+    Check that user namespaces are functional, as they're used for network isolation.
+    """
+
+    # There is a known failure case with AppAmrmor where the unshare() call
+    # succeeds (at which point the uid is nobody) but writing to the uid_map
+    # fails (so the uid isn't reset back to the user's uid). We can detect this.
+    parentuid = os.getuid()
+    if not bb.utils.is_local_uid(parentuid):
+        return None
+    pid = os.fork()
+    if not pid:
+        try:
+            bb.utils.disable_network()
+        except:
+            pass
+        os._exit(parentuid != os.getuid())
+
+    ret = os.waitpid(pid, 0)[1]
+    if ret:
+        bb.fatal("User namespaces are not usable by BitBake, possibly due to AppArmor.\n"
+                 "See https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions for more information.")
+
+
 # Require at least gcc version 8.0
 #
 # This can be fixed on CentOS-7 with devtoolset-6+
@@ -641,6 +666,7 @@ def check_sanity_version_change(status, d):
     status.addresult(check_git_version(d))
     status.addresult(check_perl_modules(d))
     status.addresult(check_wsl(d))
+    status.addresult(check_userns())
 
     missing = ""
 
diff --git a/meta/classes-global/sstate.bbclass b/meta/classes-global/sstate.bbclass
index 93df5fa9e6..567797305f 100644
--- a/meta/classes-global/sstate.bbclass
+++ b/meta/classes-global/sstate.bbclass
@@ -648,15 +648,6 @@ def sstate_package(ss, d):
 
     tmpdir = d.getVar('TMPDIR')
 
-    fixtime = False
-    if ss['task'] == "package":
-        fixtime = True
-
-    def fixtimestamp(root, path):
-        f = os.path.join(root, path)
-        if os.lstat(f).st_mtime > sde:
-            os.utime(f, (sde, sde), follow_symlinks=False)
-
     sstatebuild = d.expand("${WORKDIR}/sstate-build-%s/" % ss['task'])
     sde = int(d.getVar("SOURCE_DATE_EPOCH") or time.time())
     d.setVar("SSTATE_CURRTASK", ss['task'])
@@ -671,8 +662,6 @@ def sstate_package(ss, d):
         # to sstate tasks but there aren't many of these so better just avoid them entirely.
         for walkroot, dirs, files in os.walk(state[1]):
             for file in files + dirs:
-                if fixtime:
-                    fixtimestamp(walkroot, file)
                 srcpath = os.path.join(walkroot, file)
                 if not os.path.islink(srcpath):
                     continue
@@ -694,11 +683,6 @@ def sstate_package(ss, d):
         bb.utils.mkdirhier(plain)
         bb.utils.mkdirhier(pdir)
         bb.utils.rename(plain, pdir)
-        if fixtime:
-            fixtimestamp(pdir, "")
-            for walkroot, dirs, files in os.walk(pdir):
-                for file in files + dirs:
-                    fixtimestamp(walkroot, file)
 
     d.setVar('SSTATE_BUILDDIR', sstatebuild)
     d.setVar('SSTATE_INSTDIR', sstatebuild)
diff --git a/meta/classes-recipe/cmake.bbclass b/meta/classes-recipe/cmake.bbclass
index 3d3781ef33..e8aca0db8b 100644
--- a/meta/classes-recipe/cmake.bbclass
+++ b/meta/classes-recipe/cmake.bbclass
@@ -67,6 +67,8 @@ EXTRA_OECMAKE:append = " ${PACKAGECONFIG_CONFARGS}"
 export CMAKE_BUILD_PARALLEL_LEVEL
 CMAKE_BUILD_PARALLEL_LEVEL:task-compile = "${@oe.utils.parallel_make(d, False)}"
 CMAKE_BUILD_PARALLEL_LEVEL:task-install = "${@oe.utils.parallel_make(d, True)}"
+CMAKE_BUILD_PARALLEL_LEVEL:task-compile-ptest-base = "${@oe.utils.parallel_make(d, False)}"
+CMAKE_BUILD_PARALLEL_LEVEL:task-install-ptest-base = "${@oe.utils.parallel_make(d, True)}"
 
 OECMAKE_TARGET_COMPILE ?= "all"
 OECMAKE_TARGET_INSTALL ?= "install"
diff --git a/meta/classes-recipe/cml1.bbclass b/meta/classes-recipe/cml1.bbclass
index 03e5fe6f47..456305a315 100644
--- a/meta/classes-recipe/cml1.bbclass
+++ b/meta/classes-recipe/cml1.bbclass
@@ -93,10 +93,9 @@ python do_diffconfig() {
 
     if isdiff:
         statement = 'diff --unchanged-line-format= --old-line-format= --new-line-format="%L" ' + configorig + ' ' + config + '>' + fragment
-        subprocess.call(statement, shell=True)
         # No need to check the exit code as we know it's going to be
         # non-zero, but that's what we expect.
-        shutil.copy(configorig, config)
+        subprocess.call(statement, shell=True)
 
         bb.plain("Config fragment has been dumped into:\n %s" % fragment)
     else:
diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass
index 28be6c6362..1f0ee1861e 100644
--- a/meta/classes-recipe/image.bbclass
+++ b/meta/classes-recipe/image.bbclass
@@ -303,28 +303,22 @@ addtask do_image_complete_setscene
 # IMAGE_QA_COMMANDS += " \
 #     image_check_everything_ok \
 # "
+#
 # This task runs all functions in IMAGE_QA_COMMANDS after the rootfs
 # construction has completed in order to validate the resulting image.
 #
 # The functions should use ${IMAGE_ROOTFS} to find the unpacked rootfs
 # directory, which if QA passes will be the basis for the images.
+#
+# The functions are expected to call oe.qa.handle_error() to report any
+# problems.
 fakeroot python do_image_qa () {
-    from oe.utils import ImageQAFailed
-
     qa_cmds = (d.getVar('IMAGE_QA_COMMANDS') or '').split()
-    qamsg = ""
 
     for cmd in qa_cmds:
-        try:
-            bb.build.exec_func(cmd, d)
-        except oe.utils.ImageQAFailed as e:
-            qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (e.name, e.description)
-        except Exception as e:
-            qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (cmd, e)
-
-    if qamsg:
-        imgname = d.getVar('IMAGE_NAME')
-        bb.fatal("QA errors found whilst validating image: %s\n%s" % (imgname, qamsg))
+        bb.build.exec_func(cmd, d)
+
+    oe.qa.exit_if_errors(d)
 }
 addtask do_image_qa after do_rootfs before do_image
 
diff --git a/meta/classes-recipe/kernel-arch.bbclass b/meta/classes-recipe/kernel-arch.bbclass
index b32f6137a2..36a6e0a60a 100644
--- a/meta/classes-recipe/kernel-arch.bbclass
+++ b/meta/classes-recipe/kernel-arch.bbclass
@@ -71,7 +71,13 @@ HOST_AR_KERNEL_ARCH ?= "${TARGET_AR_KERNEL_ARCH}"
 TARGET_OBJCOPY_KERNEL_ARCH ?= ""
 HOST_OBJCOPY_KERNEL_ARCH ?= "${TARGET_OBJCOPY_KERNEL_ARCH}"
 
-KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}"
+KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} \
+ -fuse-ld=bfd ${DEBUG_PREFIX_MAP} \
+ -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} \
+ -fmacro-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} \
+ -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH} \
+ -fmacro-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH} \
+"
 KERNEL_LD = "${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}"
 KERNEL_AR = "${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}"
 KERNEL_OBJCOPY = "${HOST_PREFIX}objcopy ${HOST_OBJCOPY_KERNEL_ARCH}"
diff --git a/meta/classes-recipe/kernel-fitimage.bbclass b/meta/classes-recipe/kernel-fitimage.bbclass
index 18ab17bd2c..3e20c3248b 100644
--- a/meta/classes-recipe/kernel-fitimage.bbclass
+++ b/meta/classes-recipe/kernel-fitimage.bbclass
@@ -5,6 +5,7 @@
 #
 
 inherit kernel-uboot kernel-artifact-names uboot-config
+require conf/image-fitimage.conf
 
 def get_fit_replacement_type(d):
     kerneltypes = d.getVar('KERNEL_IMAGETYPES') or ""
@@ -52,58 +53,6 @@ python __anonymous () {
         d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree")
 }
 
-
-# Description string
-FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
-
-# Kernel fitImage Hash Algo
-FIT_HASH_ALG ?= "sha256"
-
-# Kernel fitImage Signature Algo
-FIT_SIGN_ALG ?= "rsa2048"
-
-# Kernel / U-Boot fitImage Padding Algo
-FIT_PAD_ALG ?= "pkcs-1.5"
-
-# Generate keys for signing Kernel fitImage
-FIT_GENERATE_KEYS ?= "0"
-
-# Size of private keys in number of bits
-FIT_SIGN_NUMBITS ?= "2048"
-
-# args to openssl genrsa (Default is just the public exponent)
-FIT_KEY_GENRSA_ARGS ?= "-F4"
-
-# args to openssl req (Default is -batch for non interactive mode and
-# -new for new certificate)
-FIT_KEY_REQ_ARGS ?= "-batch -new"
-
-# Standard format for public key certificate
-FIT_KEY_SIGN_PKCS ?= "-x509"
-
-# Sign individual images as well
-FIT_SIGN_INDIVIDUAL ?= "0"
-
-FIT_CONF_PREFIX ?= "conf-"
-FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name"
-
-FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
-
-# Allow user to select the default DTB for FIT image when multiple dtb's exists.
-FIT_CONF_DEFAULT_DTB ?= ""
-
-# length of address in number of <u32> cells
-# ex: 1 32bits address, 2 64bits address
-FIT_ADDRESS_CELLS ?= "1"
-
-# Keys used to sign individually image nodes.
-# The keys to sign image nodes must be different from those used to sign
-# configuration nodes, otherwise the "required" property, from
-# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image".
-# Then the images signature checking will not be mandatory and no error will be
-# raised in case of failure.
-# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key")
-
 #
 # Emit the fitImage ITS header
 #
diff --git a/meta/classes-recipe/module.bbclass b/meta/classes-recipe/module.bbclass
index f2f0b25a2d..4948e995c5 100644
--- a/meta/classes-recipe/module.bbclass
+++ b/meta/classes-recipe/module.bbclass
@@ -65,6 +65,7 @@ module_do_install() {
                    CC="${KERNEL_CC}" LD="${KERNEL_LD}" OBJCOPY="${KERNEL_OBJCOPY}" \
                    STRIP="${KERNEL_STRIP}" \
                    O=${STAGING_KERNEL_BUILDDIR} \
+                   KBUILD_EXTRA_SYMBOLS="${KBUILD_EXTRA_SYMBOLS}" \
                    ${MODULES_INSTALL_TARGET}
 
         if [ ! -e "${B}/${MODULES_MODULE_SYMVERS_LOCATION}/Module.symvers" ] ; then
diff --git a/meta/classes-recipe/nativesdk.bbclass b/meta/classes-recipe/nativesdk.bbclass
index de6debda93..83ea901fa5 100644
--- a/meta/classes-recipe/nativesdk.bbclass
+++ b/meta/classes-recipe/nativesdk.bbclass
@@ -32,6 +32,7 @@ RECIPE_SYSROOT = "${WORKDIR}/recipe-sysroot"
 #
 PACKAGE_ARCH = "${SDK_ARCH}-${SDKPKGSUFFIX}"
 PACKAGE_ARCHS = "${SDK_PACKAGE_ARCHS}"
+TUNE_PKGARCH = "${SDK_ARCH}"
 
 #
 # We need chrpath >= 0.14 to ensure we can deal with 32 and 64 bit
diff --git a/meta/classes-recipe/populate_sdk_base.bbclass b/meta/classes-recipe/populate_sdk_base.bbclass
index a103e7b738..5c738dbf2a 100644
--- a/meta/classes-recipe/populate_sdk_base.bbclass
+++ b/meta/classes-recipe/populate_sdk_base.bbclass
@@ -13,7 +13,7 @@ PACKAGES = ""
 # SDK processing context.  This class happens to be common to these usages.
 SPDX_MULTILIB_SSTATE_ARCHS = "${@all_multilib_tune_values(d, 'SSTATE_ARCHS')}"
 
-inherit image-postinst-intercepts image-artifact-names
+inherit image-postinst-intercepts image-artifact-names nopackages
 
 # Wildcards specifying complementary packages to install for every package that has been explicitly
 # installed into the rootfs
diff --git a/meta/classes-recipe/populate_sdk_ext.bbclass b/meta/classes-recipe/populate_sdk_ext.bbclass
index e76ef60720..662cc493ce 100644
--- a/meta/classes-recipe/populate_sdk_ext.bbclass
+++ b/meta/classes-recipe/populate_sdk_ext.bbclass
@@ -290,6 +290,8 @@ def copy_uninative(d, baseoutpath):
     return uninative_checksum
 
 def write_local_conf(d, baseoutpath, derivative, core_meta_subdir, uninative_checksum):
+    import shutil
+
     #check if custome templateconf path is set
     use_custom_templateconf = d.getVar('SDK_CUSTOM_TEMPLATECONF')
 
diff --git a/meta/classes-recipe/qemu.bbclass b/meta/classes-recipe/qemu.bbclass
index dbb5ee0b66..8d7c82668b 100644
--- a/meta/classes-recipe/qemu.bbclass
+++ b/meta/classes-recipe/qemu.bbclass
@@ -60,8 +60,8 @@ def qemu_run_binary(data, rootfs_path, binary):
 # this dance). For others (e.g. arm) a -cpu option is not necessary, since the
 # qemu-arm default CPU supports all required architecture levels.
 
-QEMU_OPTIONS = "-r ${OLDEST_KERNEL} ${@d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')) or ""}"
-QEMU_OPTIONS[vardeps] += "QEMU_EXTRAOPTIONS_${PACKAGE_ARCH}"
+QEMU_OPTIONS = "-r ${OLDEST_KERNEL} ${@d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('TUNE_PKGARCH')) or ""}"
+QEMU_OPTIONS[vardeps] += "QEMU_EXTRAOPTIONS_${TUNE_PKGARCH}"
 
 QEMU_EXTRAOPTIONS_ppce500v2 = " -cpu e500v2"
 QEMU_EXTRAOPTIONS_ppce500mc = " -cpu e500mc"
@@ -71,7 +71,3 @@ QEMU_EXTRAOPTIONS_ppce6500 = " -cpu e500mc"
 QEMU_EXTRAOPTIONS_ppc64e6500 = " -cpu e500mc"
 QEMU_EXTRAOPTIONS_ppc7400 = " -cpu 7400"
 QEMU_EXTRAOPTIONS_powerpc64le = " -cpu POWER9"
-# Some packages e.g. fwupd sets PACKAGE_ARCH = MACHINE_ARCH and uses meson which
-# needs right options to usermode qemu
-QEMU_EXTRAOPTIONS_qemuppc = " -cpu 7400"
-QEMU_EXTRAOPTIONS_qemuppc64 = " -cpu POWER9"
diff --git a/meta/classes-recipe/rootfs-postcommands.bbclass b/meta/classes-recipe/rootfs-postcommands.bbclass
index 920da94ba2..5f4d67f93c 100644
--- a/meta/classes-recipe/rootfs-postcommands.bbclass
+++ b/meta/classes-recipe/rootfs-postcommands.bbclass
@@ -487,6 +487,10 @@ rootfs_reproducible () {
                         find ${IMAGE_ROOTFS}${sysconfdir}/gconf -name '%gconf.xml' -print0 | xargs -0r \
                         sed -i -e 's@\bmtime="[0-9][0-9]*"@mtime="'${REPRODUCIBLE_TIMESTAMP_ROOTFS}'"@g'
                 fi
+
+                if [ -f ${IMAGE_ROOTFS}${localstatedir}/lib/opkg/status ]; then
+                        sed -i 's/^Installed-Time: .*/Installed-Time: ${REPRODUCIBLE_TIMESTAMP_ROOTFS}/' ${IMAGE_ROOTFS}${localstatedir}/lib/opkg/status
+                fi
         fi
 }
 
diff --git a/meta/classes-recipe/rust-common.bbclass b/meta/classes-recipe/rust-common.bbclass
index 6940093e59..b4b70574a2 100644
--- a/meta/classes-recipe/rust-common.bbclass
+++ b/meta/classes-recipe/rust-common.bbclass
@@ -13,7 +13,7 @@ FILES:${PN} += "${rustlibdir}/*.so"
 FILES:${PN}-dev += "${rustlibdir}/*.rlib ${rustlibdir}/*.rmeta"
 FILES:${PN}-dbg += "${rustlibdir}/.debug"
 
-RUSTLIB = "-L ${STAGING_DIR_HOST}${rustlibdir}"
+RUSTLIB ?= "-L ${STAGING_DIR_HOST}${rustlibdir}"
 RUST_DEBUG_REMAP = "--remap-path-prefix=${WORKDIR}=${TARGET_DBGSRC_DIR}"
 RUSTFLAGS += "${RUSTLIB} ${RUST_DEBUG_REMAP}"
 RUSTLIB_DEP ??= "libstd-rs"
diff --git a/meta/classes-recipe/rust-target-config.bbclass b/meta/classes-recipe/rust-target-config.bbclass
index 926b0630b1..1bd7626bd8 100644
--- a/meta/classes-recipe/rust-target-config.bbclass
+++ b/meta/classes-recipe/rust-target-config.bbclass
@@ -195,7 +195,7 @@ MAX_ATOMIC_WIDTH[mipsel] = "32"
 DATA_LAYOUT[mips64] = "E-m:e-i8:8:32-i16:16:32-i64:64-n32:64-S128"
 TARGET_ENDIAN[mips64] = "big"
 TARGET_POINTER_WIDTH[mips64] = "64"
-TARGET_C_INT_WIDTH[mips64] = "64"
+TARGET_C_INT_WIDTH[mips64] = "32"
 MAX_ATOMIC_WIDTH[mips64] = "64"
 
 ## mips64-n32-unknown-linux-{gnu, musl}
@@ -209,7 +209,7 @@ MAX_ATOMIC_WIDTH[mips64-n32] = "64"
 DATA_LAYOUT[mips64el] = "e-m:e-i8:8:32-i16:16:32-i64:64-n32:64-S128"
 TARGET_ENDIAN[mips64el] = "little"
 TARGET_POINTER_WIDTH[mips64el] = "64"
-TARGET_C_INT_WIDTH[mips64el] = "64"
+TARGET_C_INT_WIDTH[mips64el] = "32"
 MAX_ATOMIC_WIDTH[mips64el] = "64"
 
 ## powerpc-unknown-linux-{gnu, musl}
@@ -223,14 +223,14 @@ MAX_ATOMIC_WIDTH[powerpc] = "32"
 DATA_LAYOUT[powerpc64] = "E-m:e-i64:64-n32:64-S128-v256:256:256-v512:512:512"
 TARGET_ENDIAN[powerpc64] = "big"
 TARGET_POINTER_WIDTH[powerpc64] = "64"
-TARGET_C_INT_WIDTH[powerpc64] = "64"
+TARGET_C_INT_WIDTH[powerpc64] = "32"
 MAX_ATOMIC_WIDTH[powerpc64] = "64"
 
 ## powerpc64le-unknown-linux-{gnu, musl}
 DATA_LAYOUT[powerpc64le] = "e-m:e-i64:64-n32:64-v256:256:256-v512:512:512"
 TARGET_ENDIAN[powerpc64le] = "little"
 TARGET_POINTER_WIDTH[powerpc64le] = "64"
-TARGET_C_INT_WIDTH[powerpc64le] = "64"
+TARGET_C_INT_WIDTH[powerpc64le] = "32"
 MAX_ATOMIC_WIDTH[powerpc64le] = "64"
 
 ## riscv32gc-unknown-linux-{gnu, musl}
@@ -244,7 +244,7 @@ MAX_ATOMIC_WIDTH[riscv32gc] = "32"
 DATA_LAYOUT[riscv64gc] = "e-m:e-p:64:64-i64:64-i128:128-n64-S128"
 TARGET_ENDIAN[riscv64gc] = "little"
 TARGET_POINTER_WIDTH[riscv64gc] = "64"
-TARGET_C_INT_WIDTH[riscv64gc] = "64"
+TARGET_C_INT_WIDTH[riscv64gc] = "32"
 MAX_ATOMIC_WIDTH[riscv64gc] = "64"
 
 ## loongarch64-unknown-linux-{gnu, musl}
diff --git a/meta/classes-recipe/testimage.bbclass b/meta/classes-recipe/testimage.bbclass
index 954c213912..33b1c13f9d 100644
--- a/meta/classes-recipe/testimage.bbclass
+++ b/meta/classes-recipe/testimage.bbclass
@@ -25,7 +25,9 @@ TESTIMAGE_AUTO ??= "0"
 TESTIMAGE_FAILED_QA_ARTIFACTS = "\
     ${localstatedir}/log \
     ${sysconfdir}/version \
-    ${sysconfdir}/os-release"
+    ${sysconfdir}/os-release \
+    ${nonarch_libdir}/os-release \
+"
 
 # If some ptests are run and fail, retrieve corresponding directories
 TESTIMAGE_FAILED_QA_ARTIFACTS += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${libdir}/${MCNAME}/ptest', '', d)}"
diff --git a/meta/classes-recipe/uboot-config.bbclass b/meta/classes-recipe/uboot-config.bbclass
index e55fc38b7c..bf21961977 100644
--- a/meta/classes-recipe/uboot-config.bbclass
+++ b/meta/classes-recipe/uboot-config.bbclass
@@ -101,12 +101,12 @@ python () {
     # The "doc" varflag is special, we don't want to see it here
     ubootconfigflags.pop('doc', None)
     ubootconfig = (d.getVar('UBOOT_CONFIG') or "").split()
+    recipename = d.getVar("PN")
 
     if not ubootmachine and not ubootconfig:
-        PN = d.getVar("PN")
         FILE = os.path.basename(d.getVar("FILE"))
         bb.debug(1, "To build %s, see %s for instructions on \
-                 setting up your machine config" % (PN, FILE))
+                 setting up your machine config" % (recipename, FILE))
         raise bb.parse.SkipRecipe("Either UBOOT_MACHINE or UBOOT_CONFIG must be set in the %s machine configuration." % d.getVar("MACHINE"))
 
     if ubootmachine and ubootconfig:
@@ -140,9 +140,12 @@ python () {
             if not found:
                 raise bb.parse.SkipRecipe("The selected UBOOT_CONFIG key %s has no match in %s." % (ubootconfig, ubootconfigflags.keys()))
 
-            if len(ubootconfig) == 1:
-                d.setVar('KCONFIG_CONFIG_ROOTDIR', os.path.join(d.getVar("B"), d.getVar("UBOOT_MACHINE").strip()))
-            else:
-                # Disable menuconfig for multiple configs
-                d.setVar('KCONFIG_CONFIG_ENABLE_MENUCONFIG', "false")
+            # This recipe might be inherited e.g. by the kernel recipe via kernel-fitimage.bbclass
+            # Ensure the uboot specific menuconfig settings do not leak into other recipes
+            if 'u-boot' in recipename:
+                if len(ubootconfig) == 1:
+                    d.setVar('KCONFIG_CONFIG_ROOTDIR', os.path.join(d.getVar("B"), d.getVar("UBOOT_MACHINE").strip()))
+                else:
+                    # Disable menuconfig for multiple configs
+                    d.setVar('KCONFIG_CONFIG_ENABLE_MENUCONFIG', "false")
 }
diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass
index c8e097f2f2..699db248e1 100644
--- a/meta/classes-recipe/uboot-sign.bbclass
+++ b/meta/classes-recipe/uboot-sign.bbclass
@@ -26,6 +26,7 @@
 
 # We need some variables from u-boot-config
 inherit uboot-config
+require conf/image-fitimage.conf
 
 # Enable use of a U-Boot fitImage
 UBOOT_FITIMAGE_ENABLE ?= "0"
@@ -85,9 +86,6 @@ UBOOT_FIT_KEY_SIGN_PKCS ?= "-x509"
 # ex: 1 32bits address, 2 64bits address
 UBOOT_FIT_ADDRESS_CELLS ?= "1"
 
-# This is only necessary for determining the signing configuration
-KERNEL_PN = "${PREFERRED_PROVIDER_virtual/kernel}"
-
 UBOOT_FIT_UBOOT_LOADADDRESS ?= "${UBOOT_LOADADDRESS}"
 UBOOT_FIT_UBOOT_ENTRYPOINT ?= "${UBOOT_ENTRYPOINT}"
 
@@ -96,8 +94,8 @@ python() {
     sign = d.getVar('UBOOT_SIGN_ENABLE') == '1'
     if d.getVar('UBOOT_FITIMAGE_ENABLE') == '1' or sign:
         d.appendVar('DEPENDS', " u-boot-tools-native dtc-native")
-    if sign:
-        d.appendVar('DEPENDS', " " + d.getVar('KERNEL_PN'))
+    if d.getVar('FIT_GENERATE_KEYS') == '1' and sign:
+        d.appendVarFlag('do_uboot_assemble_fitimage', 'depends', ' virtual/kernel:do_kernel_generate_rsa_keys')
 }
 
 concat_dtb() {
@@ -105,17 +103,69 @@ concat_dtb() {
         binary="$2"
 
         if [ -e "${UBOOT_DTB_BINARY}" ]; then
-                # Re-sign the kernel in order to add the keys to our dtb
+                # Signing individual images is not recommended as that
+                # makes fitImage susceptible to mix-and-match attack.
+                #
+                # OE FIT_SIGN_INDIVIDUAL is implemented in an unusual manner,
+                # where the resulting signed fitImage contains both signed
+                # images and signed configurations. This is redundant. In
+                # order to prevent mix-and-match attack, it is sufficient
+                # to sign configurations. The FIT_SIGN_INDIVIDUAL = "1"
+                # support is kept to avoid breakage of existing layers, but
+                # it is highly recommended to avoid FIT_SIGN_INDIVIDUAL = "1",
+                # i.e. set FIT_SIGN_INDIVIDUAL = "0" .
+                if [ "${FIT_SIGN_INDIVIDUAL}" = "1" ] ; then
+                        # Sign dummy image images in order to
+                        # add the image signing keys to our dtb
+                        ${UBOOT_MKIMAGE_SIGN} \
+                                ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
+                                -f auto \
+                                -k "${UBOOT_SIGN_KEYDIR}" \
+                                -o "${FIT_HASH_ALG},${FIT_SIGN_ALG}" \
+                                -g "${UBOOT_SIGN_IMG_KEYNAME}" \
+                                -K "${UBOOT_DTB_BINARY}" \
+                                -d /dev/null \
+                                -r ${B}/unused.itb \
+                                ${UBOOT_MKIMAGE_SIGN_ARGS}
+                fi
+
+                # Sign dummy image configurations in order to
+                # add the configuration signing keys to our dtb
                 ${UBOOT_MKIMAGE_SIGN} \
                         ${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
-                        -F -k "${UBOOT_SIGN_KEYDIR}" \
+                        -f auto-conf \
+                        -k "${UBOOT_SIGN_KEYDIR}" \
+                        -o "${FIT_HASH_ALG},${FIT_SIGN_ALG}" \
+                        -g "${UBOOT_SIGN_KEYNAME}" \
                         -K "${UBOOT_DTB_BINARY}" \
-                        -r ${B}/fitImage-linux \
+                        -d /dev/null \
+                        -r ${B}/unused.itb \
                         ${UBOOT_MKIMAGE_SIGN_ARGS}
-                # Verify the kernel image and u-boot dtb
-                ${UBOOT_FIT_CHECK_SIGN} \
-                        -k "${UBOOT_DTB_BINARY}" \
-                        -f ${B}/fitImage-linux
+
+                # Verify the dummy fitImage signature against u-boot.dtb
+                # augmented using public key material.
+                #
+                # This only works for FIT_SIGN_INDIVIDUAL = "0", because
+                # mkimage -f auto-conf does not support -F to extend the
+                # existing unused.itb , and instead rewrites unused.itb
+                # from scratch.
+                #
+                # Using two separate unused.itb for mkimage -f auto and
+                # mkimage -f auto-conf invocation above would not help, as
+                # the signature verification process below checks whether
+                # all keys inserted into u-boot.dtb /signature node pass
+                # the verification. Separate unused.itb would each miss one
+                # of the signatures.
+                #
+                # The FIT_SIGN_INDIVIDUAL = "1" support is kept to avoid
+                # breakage of existing layers, but it is highly recommended
+                # to not use FIT_SIGN_INDIVIDUAL = "1", i.e. set
+                # FIT_SIGN_INDIVIDUAL = "0" .
+                if [ "${FIT_SIGN_INDIVIDUAL}" != "1" ] ; then
+                        ${UBOOT_FIT_CHECK_SIGN} \
+                                -k "${UBOOT_DTB_BINARY}" \
+                                -f ${B}/unused.itb
+                fi
                 cp ${UBOOT_DTB_BINARY} ${UBOOT_DTB_SIGNED}
         fi
 
@@ -338,7 +388,7 @@ uboot_assemble_fitimage_helper() {
         binary="$2"
 
         if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
-                concat_dtb $type $binary
+                concat_dtb "$type" "$binary"
         fi
 
         if [ "${UBOOT_FITIMAGE_ENABLE}" = "1" -a -n "${SPL_DTB_BINARY}" ]; then
@@ -351,13 +401,10 @@ uboot_assemble_fitimage_helper() {
 }
 
 do_uboot_assemble_fitimage() {
-        if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
-                cp "${STAGING_DIR_HOST}/sysroot-only/fitImage" "${B}/fitImage-linux"
-        fi
-
         if [ -n "${UBOOT_CONFIG}" ]; then
-                unset i j k
+                unset i
                 for config in ${UBOOT_MACHINE}; do
+                        unset j k
                         i=$(expr $i + 1);
                         for type in ${UBOOT_CONFIG}; do
                                 j=$(expr $j + 1);
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 93a2a1413d..6b8376bf17 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -31,8 +31,9 @@
 CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 
-CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db"
+CVE_CHECK_DB_FILENAME ?= "nvdcve_2-2.db"
+CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}"
 CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
 
 CVE_CHECK_LOG ?= "${T}/cve.log"
@@ -198,7 +199,7 @@ python do_cve_check () {
 }
 
 addtask cve_check before do_build
-do_cve_check[depends] = "cve-update-nvd2-native:do_fetch"
+do_cve_check[depends] = "cve-update-nvd2-native:do_unpack"
 do_cve_check[nostamp] = "1"
 
 python cve_check_cleanup () {
@@ -269,24 +270,27 @@ python cve_check_write_rootfs_manifest () {
     d.setVar("PN", save_pn)
 
     if enable_text:
-        link_path = os.path.join(deploy_dir, "%s.cve" % link_name)
         manifest_name = d.getVar("CVE_CHECK_MANIFEST")
 
         with open(manifest_name, "w") as f:
             f.write(text_data)
 
-        update_symlinks(manifest_name, link_path)
+        if link_name:
+            link_path = os.path.join(deploy_dir, "%s.cve" % link_name)
+            update_symlinks(manifest_name, link_path)
         bb.plain("Image CVE report stored in: %s" % manifest_name)
 
     if enable_json:
         manifest_name_suffix = d.getVar("CVE_CHECK_MANIFEST_JSON_SUFFIX")
-        link_path = os.path.join(deploy_dir, "%s.%s" % (link_name, manifest_name_suffix))
         manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
 
         with open(manifest_name, "w") as f:
             json.dump(json_data, f, indent=2)
 
-        update_symlinks(manifest_name, link_path)
+        if link_name:
+            link_path = os.path.join(deploy_dir, "%s.%s" % (link_name, manifest_name_suffix))
+            update_symlinks(manifest_name, link_path)
+
         bb.plain("Image CVE JSON report stored in: %s" % manifest_name)
 }
 
@@ -447,9 +451,10 @@ def get_cve_info(d, cves):
             cve_data[row[0]]["summary"] = row[1]
             cve_data[row[0]]["scorev2"] = row[2]
             cve_data[row[0]]["scorev3"] = row[3]
-            cve_data[row[0]]["modified"] = row[4]
-            cve_data[row[0]]["vector"] = row[5]
-            cve_data[row[0]]["vectorString"] = row[6]
+            cve_data[row[0]]["scorev4"] = row[4]
+            cve_data[row[0]]["modified"] = row[5]
+            cve_data[row[0]]["vector"] = row[6]
+            cve_data[row[0]]["vectorString"] = row[7]
         cursor.close()
     conn.close()
     return cve_data
@@ -514,6 +519,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data):
         write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
         write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"]
         write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"]
+        write_string += "CVSS v4 BASE SCORE: %s\n" % cve_data[cve]["scorev4"]
         write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
         write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"]
         write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
@@ -631,6 +637,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status):
             "summary" : cve_data[cve]["summary"],
             "scorev2" : cve_data[cve]["scorev2"],
             "scorev3" : cve_data[cve]["scorev3"],
+            "scorev4" : cve_data[cve]["scorev4"],
             "vector" : cve_data[cve]["vector"],
             "vectorString" : cve_data[cve]["vectorString"],
             "status" : status,
diff --git a/meta/conf/ccache.conf b/meta/conf/ccache.conf
index 4406ae561b..499e5327b8 100644
--- a/meta/conf/ccache.conf
+++ b/meta/conf/ccache.conf
@@ -1 +1,7 @@
 max_size = 0
+
+# Avoid spurious cache misses caused by recipe sysroot creation: Creating a
+# recipe sysroot hardlinks all dependent files into place. Hardlinking updates
+# the file's ctime which in turn interferes with ccache's include_file_ctime
+# check.
+sloppiness = include_file_ctime
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index baaf971a9a..3a51ad2139 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -190,7 +190,7 @@ RECIPE_MAINTAINER:pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj <r
 RECIPE_MAINTAINER:pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-gcc-runtime = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-gcc-sanitizers = "Khem Raj <raj.khem@gmail.com>"
-RECIPE_MAINTAINER:pn-gcc-source-13.3.0 = "Khem Raj <raj.khem@gmail.com>"
+RECIPE_MAINTAINER:pn-gcc-source-13.4.0 = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-gconf = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-gcr = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER:pn-gdb = "Khem Raj <raj.khem@gmail.com>"
@@ -210,7 +210,6 @@ RECIPE_MAINTAINER:pn-glibc = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-glibc-locale = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-glibc-mtrace = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-glibc-scripts = "Khem Raj <raj.khem@gmail.com>"
-RECIPE_MAINTAINER:pn-glibc-y2038-tests = "Lukasz Majewski <lukma@denx.de>"
 RECIPE_MAINTAINER:pn-glibc-testsuite = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-gmp = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-glslang = "Jose Quaresma <quaresma.jose@gmail.com>"
diff --git a/meta/conf/distro/include/ptest-packagelists.inc b/meta/conf/distro/include/ptest-packagelists.inc
index 5975db25cc..9950e46776 100644
--- a/meta/conf/distro/include/ptest-packagelists.inc
+++ b/meta/conf/distro/include/ptest-packagelists.inc
@@ -81,8 +81,6 @@ PTESTS_FAST = "\
     zlib \
     libexif \
 "
-PTESTS_FAST:append:libc-glibc = " glibc-y2038-tests"
-PTESTS_PROBLEMS:remove:libc-glibc = "glibc-y2038-tests"
 PTESTS_FAST:remove:mips64 = "qemu"
 PTESTS_PROBLEMS:append:mips64 = " qemu"
 PTESTS_FAST:remove:riscv32 = "qemu"
@@ -104,6 +102,7 @@ PTESTS_SLOW = "\
     libevent \
     libgcrypt \
     libmodule-build-perl \
+    libpng \
     lttng-tools \
     openssh \
     openssl \
diff --git a/meta/conf/distro/include/time64.inc b/meta/conf/distro/include/time64.inc
index 2e85753e55..dd29105db4 100644
--- a/meta/conf/distro/include/time64.inc
+++ b/meta/conf/distro/include/time64.inc
@@ -19,7 +19,6 @@ TARGET_CC_ARCH:append:powerpc = "${@bb.utils.contains('TUNE_FEATURES', 'm32', '$
 TARGET_CC_ARCH:append:x86 = "${@bb.utils.contains('TUNE_FEATURES', 'm32', '${GLIBC_64BIT_TIME_FLAGS}', '', d)}"
 
 GLIBC_64BIT_TIME_FLAGS:pn-glibc = ""
-GLIBC_64BIT_TIME_FLAGS:pn-glibc-y2038-tests = ""
 GLIBC_64BIT_TIME_FLAGS:pn-glibc-testsuite = ""
 # pipewire-v4l2 explicitly sets _FILE_OFFSET_BITS=32 to get access to
 # both 32 and 64 bit file APIs.  But it does not handle the time side?
@@ -36,7 +35,6 @@ GLIBC_64BIT_TIME_FLAGS:pn-gcc-sanitizers = ""
 # Caused by the flags exceptions above
 INSANE_SKIP:append:pn-gcc-sanitizers = " 32bit-time"
 INSANE_SKIP:append:pn-glibc = " 32bit-time"
-INSANE_SKIP:append:pn-glibc-y2038-tests = " 32bit-time"
 INSANE_SKIP:append:pn-pulseaudio = " 32bit-time"
 
 # Strace has tests that call 32 bit API directly, which is fair enough, e.g.
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index a6f7107dfe..3d0f1fdccd 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,10 +6,10 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_MAXGLIBCVERSION = "2.40"
-UNINATIVE_VERSION = "4.6"
+UNINATIVE_MAXGLIBCVERSION = "2.41"
+UNINATIVE_VERSION = "4.7"
 
 UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "c2d36338272eba101580f648dd8dff5352cdb4c1809db7dedf8fc4d7e7df716c"
-UNINATIVE_CHECKSUM[i686] ?= "0041584678109c18deca48fb59eaf14cf725cf024a170ab537b354b63240c504"
-UNINATIVE_CHECKSUM[x86_64] ?= "6bf00154c5a7bc48adbf63fd17684bb87eb07f4814fbb482a3fbd817c1ccf4c5"
+UNINATIVE_CHECKSUM[aarch64] ?= "ac440e4fc80665c79f9718c665c6e28d771e51609c088c3c97ba3ad5cfed197a"
+UNINATIVE_CHECKSUM[i686] ?= "c5efa31450f3bbd63ea961d4e7c747ae41317937d429f65e1d5cf2050338e27a"
+UNINATIVE_CHECKSUM[x86_64] ?= "5800d4e9a129d1be09cf548918d25f74e91a7c1193ae5239d5b0c9246c486d2c"
diff --git a/meta/conf/image-fitimage.conf b/meta/conf/image-fitimage.conf
new file mode 100644
index 0000000000..be9ae30134
--- /dev/null
+++ b/meta/conf/image-fitimage.conf
@@ -0,0 +1,53 @@
+# Possible options for fitImage generation, mainly
+# related to signing of the fitImage content.
+
+# Description string
+FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}"
+
+# Kernel fitImage Hash Algo
+FIT_HASH_ALG ?= "sha256"
+
+# Kernel fitImage Signature Algo
+FIT_SIGN_ALG ?= "rsa2048"
+
+# Kernel / U-Boot fitImage Padding Algo
+FIT_PAD_ALG ?= "pkcs-1.5"
+
+# Generate keys for signing Kernel fitImage
+FIT_GENERATE_KEYS ?= "0"
+
+# Size of private keys in number of bits
+FIT_SIGN_NUMBITS ?= "2048"
+
+# args to openssl genrsa (Default is just the public exponent)
+FIT_KEY_GENRSA_ARGS ?= "-F4"
+
+# args to openssl req (Default is -batch for non interactive mode and
+# -new for new certificate)
+FIT_KEY_REQ_ARGS ?= "-batch -new"
+
+# Standard format for public key certificate
+FIT_KEY_SIGN_PKCS ?= "-x509"
+
+# Sign individual images as well
+FIT_SIGN_INDIVIDUAL ?= "0"
+
+FIT_CONF_PREFIX ?= "conf-"
+FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name"
+
+FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
+
+# Allow user to select the default DTB for FIT image when multiple dtb's exists.
+FIT_CONF_DEFAULT_DTB ?= ""
+
+# length of address in number of <u32> cells
+# ex: 1 32bits address, 2 64bits address
+FIT_ADDRESS_CELLS ?= "1"
+
+# Keys used to sign individually image nodes.
+# The keys to sign image nodes must be different from those used to sign
+# configuration nodes, otherwise the "required" property, from
+# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image".
+# Then the images signature checking will not be mandatory and no error will be
+# raised in case of failure.
+# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key")
diff --git a/meta/conf/machine/include/arm/armv8a/tune-cortexa32.inc b/meta/conf/machine/include/arm/armv8a/tune-cortexa32.inc
index 25bdf12b18..0eb938a240 100644
--- a/meta/conf/machine/include/arm/armv8a/tune-cortexa32.inc
+++ b/meta/conf/machine/include/arm/armv8a/tune-cortexa32.inc
@@ -10,7 +10,7 @@ AVAILTUNES += "cortexa32 cortexa32-crypto"
 ARMPKGARCH:tune-cortexa32             = "cortexa32"
 ARMPKGARCH:tune-cortexa32-crypto      = "cortexa32"
 # We do not want -march since -mcpu is added above to cover for it
-TUNE_FEATURES:tune-cortexa32          = "aarch64 cortexa32 crc callconvention-hard neon"
+TUNE_FEATURES:tune-cortexa32          = "armv8a cortexa32 crc callconvention-hard neon"
 TUNE_FEATURES:tune-cortexa32-crypto   = "${TUNE_FEATURES:tune-cortexa32} crypto"
 PACKAGE_EXTRA_ARCHS:tune-cortexa32             = "${PACKAGE_EXTRA_ARCHS:tune-armv8a-crc} cortexa32 cortexa32hf-neon"
 PACKAGE_EXTRA_ARCHS:tune-cortexa32-crypto      = "${PACKAGE_EXTRA_ARCHS:tune-armv8a-crc-crypto} cortexa32 cortexa32hf-neon cortexa32hf-neon-crypto"
diff --git a/meta/conf/machine/include/arm/armv8r/tune-cortexr52.inc b/meta/conf/machine/include/arm/armv8r/tune-cortexr52.inc
index 89f0e09450..e8667bc16b 100644
--- a/meta/conf/machine/include/arm/armv8r/tune-cortexr52.inc
+++ b/meta/conf/machine/include/arm/armv8r/tune-cortexr52.inc
@@ -10,11 +10,10 @@ require conf/machine/include/arm/arch-armv8r.inc
 
 AVAILTUNES                             += "cortexr52"
 ARMPKGARCH:tune-cortexr52               = "cortexr52"
-# We do not want -march since -mcpu is added above to cover for it
-TUNE_FEATURES:tune-cortexr52            = "aarch64 crc simd cortexr52"
+TUNE_FEATURES:tune-cortexr52            = "${TUNE_FEATURES:tune-armv8r-crc-simd} cortexr52"
 PACKAGE_EXTRA_ARCHS:tune-cortexr52      = "${PACKAGE_EXTRA_ARCHS:tune-armv8r-crc-simd} cortexr52"
 
 AVAILTUNES                             += "cortexr52hf"
-ARMPKGARCH:tune-cortexr52hf             = "cortexr52"
+ARMPKGARCH:tune-cortexr52hf             = "cortexr52hf"
 TUNE_FEATURES:tune-cortexr52hf          = "${TUNE_FEATURES:tune-cortexr52} callconvention-hard"
 PACKAGE_EXTRA_ARCHS:tune-cortexr52hf    = "cortexr52hf"
diff --git a/meta/files/overlayfs-create-dirs.service.in b/meta/files/overlayfs-create-dirs.service.in
index c949a6dc73..c8431548d7 100644
--- a/meta/files/overlayfs-create-dirs.service.in
+++ b/meta/files/overlayfs-create-dirs.service.in
@@ -1,7 +1,6 @@
 [Unit]
-Description=Overlayfs directories setup
-Requires={DATA_MOUNT_UNIT}
-After={DATA_MOUNT_UNIT}
+Description=Overlayfs directories setup {LOWERDIR}
+RequiresMountsFor={DATA_MOUNT_POINT}
 DefaultDependencies=no
 
 [Service]
diff --git a/meta/files/overlayfs-unit.mount.in b/meta/files/overlayfs-unit.mount.in
index 1d33b7e39c..9c117f2c52 100644
--- a/meta/files/overlayfs-unit.mount.in
+++ b/meta/files/overlayfs-unit.mount.in
@@ -1,5 +1,5 @@
 [Unit]
-Description=Overlayfs mount unit
+Description=Overlayfs mount unit {LOWERDIR}
 Requires={CREATE_DIRS_SERVICE}
 After={CREATE_DIRS_SERVICE}
 
diff --git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh
index 89d30005fd..29c52e3b13 100644
--- a/meta/files/toolchain-shar-extract.sh
+++ b/meta/files/toolchain-shar-extract.sh
@@ -1,6 +1,11 @@
 #!/bin/sh
 
 export LC_ALL=en_US.UTF-8
+
+# The pipefail option is now part of POSIX (POSIX.1-2024) and available in more
+# and more shells. Enable it if available to make the SDK installer more robust.
+(set -o pipefail 2> /dev/null) && set -o pipefail
+
 #Make sure at least one python is installed
 INIT_PYTHON=$(which python3 2>/dev/null )
 [ -z "$INIT_PYTHON" ] && INIT_PYTHON=$(which python2 2>/dev/null)
@@ -286,6 +291,10 @@ post_relocate="$target_sdk_dir/post-relocate-setup.sh"
 if [ -e "$post_relocate" ]; then
         $SUDO_EXEC sed -e "s:@SDKPATH@:$target_sdk_dir:g" -i $post_relocate
         $SUDO_EXEC /bin/sh $post_relocate "$target_sdk_dir" "@SDKPATH@"
+        if [ $? -ne 0 ]; then
+                echo "Executing $post_relocate failed"
+                exit 1
+        fi
         $SUDO_EXEC rm -f $post_relocate
 fi
 
diff --git a/meta/lib/oe/package_manager/__init__.py b/meta/lib/oe/package_manager/__init__.py
index d3b2317894..2100a97c12 100644
--- a/meta/lib/oe/package_manager/__init__.py
+++ b/meta/lib/oe/package_manager/__init__.py
@@ -365,45 +365,43 @@ class PackageManager(object, metaclass=ABCMeta):
                 for complementary_linguas in (self.d.getVar('IMAGE_LINGUAS_COMPLEMENTARY') or "").split():
                     globs += (" " + complementary_linguas) % lang
 
-        if globs is None:
-            return
-
-        # we need to write the list of installed packages to a file because the
-        # oe-pkgdata-util reads it from a file
-        with tempfile.NamedTemporaryFile(mode="w+", prefix="installed-pkgs") as installed_pkgs:
-            pkgs = self.list_installed()
-
-            provided_pkgs = set()
-            for pkg in pkgs.values():
-                provided_pkgs |= set(pkg.get('provs', []))
-
-            output = oe.utils.format_pkg_list(pkgs, "arch")
-            installed_pkgs.write(output)
-            installed_pkgs.flush()
-
-            cmd = ["oe-pkgdata-util",
-                   "-p", self.d.getVar('PKGDATA_DIR'), "glob", installed_pkgs.name,
-                   globs]
-            exclude = self.d.getVar('PACKAGE_EXCLUDE_COMPLEMENTARY')
-            if exclude:
-                cmd.extend(['--exclude=' + '|'.join(exclude.split())])
-            try:
-                bb.note('Running %s' % cmd)
-                proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-                stdout, stderr = proc.communicate()
-                if stderr: bb.note(stderr.decode("utf-8"))
-                complementary_pkgs = stdout.decode("utf-8")
-                complementary_pkgs = set(complementary_pkgs.split())
-                skip_pkgs = sorted(complementary_pkgs & provided_pkgs)
-                install_pkgs = sorted(complementary_pkgs - provided_pkgs)
-                bb.note("Installing complementary packages ... %s (skipped already provided packages %s)" % (
-                    ' '.join(install_pkgs),
-                    ' '.join(skip_pkgs)))
-                self.install(install_pkgs, hard_depends_only=True)
-            except subprocess.CalledProcessError as e:
-                bb.fatal("Could not compute complementary packages list. Command "
-                         "'%s' returned %d:\n%s" %
-                         (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
+        if globs:
+            # we need to write the list of installed packages to a file because the
+            # oe-pkgdata-util reads it from a file
+            with tempfile.NamedTemporaryFile(mode="w+", prefix="installed-pkgs") as installed_pkgs:
+                pkgs = self.list_installed()
+
+                provided_pkgs = set()
+                for pkg in pkgs.values():
+                    provided_pkgs |= set(pkg.get('provs', []))
+
+                output = oe.utils.format_pkg_list(pkgs, "arch")
+                installed_pkgs.write(output)
+                installed_pkgs.flush()
+
+                cmd = ["oe-pkgdata-util",
+                    "-p", self.d.getVar('PKGDATA_DIR'), "glob", installed_pkgs.name,
+                    globs]
+                exclude = self.d.getVar('PACKAGE_EXCLUDE_COMPLEMENTARY')
+                if exclude:
+                    cmd.extend(['--exclude=' + '|'.join(exclude.split())])
+                try:
+                    bb.note('Running %s' % cmd)
+                    proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+                    stdout, stderr = proc.communicate()
+                    if stderr: bb.note(stderr.decode("utf-8"))
+                    complementary_pkgs = stdout.decode("utf-8")
+                    complementary_pkgs = set(complementary_pkgs.split())
+                    skip_pkgs = sorted(complementary_pkgs & provided_pkgs)
+                    install_pkgs = sorted(complementary_pkgs - provided_pkgs)
+                    bb.note("Installing complementary packages ... %s (skipped already provided packages %s)" % (
+                        ' '.join(install_pkgs),
+                        ' '.join(skip_pkgs)))
+                    self.install(install_pkgs, hard_depends_only=True)
+                except subprocess.CalledProcessError as e:
+                    bb.fatal("Could not compute complementary packages list. Command "
+                            "'%s' returned %d:\n%s" %
+                            (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
 
         if self.d.getVar('IMAGE_LOCALES_ARCHIVE') == '1':
             target_arch = self.d.getVar('TARGET_ARCH')
diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index 60a0cc8291..417333e431 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -462,21 +462,23 @@ class GitApplyTree(PatchTree):
         return (tmpfile, cmd)
 
     @staticmethod
-    def addNote(repo, ref, key, value=None):
+    def addNote(repo, ref, key, value=None, commituser=None, commitemail=None):
         note = key + (": %s" % value if value else "")
         notes_ref = GitApplyTree.notes_ref
         runcmd(["git", "config", "notes.rewriteMode", "ignore"], repo)
         runcmd(["git", "config", "notes.displayRef", notes_ref, notes_ref], repo)
         runcmd(["git", "config", "notes.rewriteRef", notes_ref, notes_ref], repo)
-        runcmd(["git", "notes", "--ref", notes_ref, "append", "-m", note, ref], repo)
+        cmd = ["git"]
+        GitApplyTree.gitCommandUserOptions(cmd, commituser, commitemail)
+        runcmd(cmd + ["notes", "--ref", notes_ref, "append", "-m", note, ref], repo)
 
     @staticmethod
-    def removeNote(repo, ref, key):
+    def removeNote(repo, ref, key, commituser=None, commitemail=None):
         notes = GitApplyTree.getNotes(repo, ref)
         notes = {k: v for k, v in notes.items() if k != key and not k.startswith(key + ":")}
         runcmd(["git", "notes", "--ref", GitApplyTree.notes_ref, "remove", "--ignore-missing", ref], repo)
         for note, value in notes.items():
-            GitApplyTree.addNote(repo, ref, note, value)
+            GitApplyTree.addNote(repo, ref, note, value, commituser, commitemail)
 
     @staticmethod
     def getNotes(repo, ref):
@@ -507,7 +509,7 @@ class GitApplyTree(PatchTree):
         GitApplyTree.gitCommandUserOptions(cmd, d=d)
         cmd += ["commit", "-m", subject, "--no-verify"]
         runcmd(cmd, dir)
-        GitApplyTree.addNote(dir, "HEAD", GitApplyTree.ignore_commit)
+        GitApplyTree.addNote(dir, "HEAD", GitApplyTree.ignore_commit, d.getVar('PATCH_GIT_USER_NAME'), d.getVar('PATCH_GIT_USER_EMAIL'))
 
     @staticmethod
     def extractPatches(tree, startcommits, outdir, paths=None):
@@ -654,7 +656,7 @@ class GitApplyTree(PatchTree):
             raise
         finally:
             if patch_applied:
-                GitApplyTree.addNote(self.dir, "HEAD", GitApplyTree.original_patch, os.path.basename(patch['file']))
+                GitApplyTree.addNote(self.dir, "HEAD", GitApplyTree.original_patch, os.path.basename(patch['file']), self.commituser, self.commitemail)
 
 
 class QuiltTree(PatchSet):
diff --git a/meta/lib/oe/rootfs.py b/meta/lib/oe/rootfs.py
index 8cd48f9450..5abce4ad7d 100644
--- a/meta/lib/oe/rootfs.py
+++ b/meta/lib/oe/rootfs.py
@@ -269,7 +269,11 @@ class Rootfs(object, metaclass=ABCMeta):
                 self.pm.remove(["run-postinsts"])
 
         image_rorfs = bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs",
+                                        True, False, self.d) and \
+                      not bb.utils.contains("IMAGE_FEATURES",
+                                        "read-only-rootfs-delayed-postinsts",
                                         True, False, self.d)
+
         image_rorfs_force = self.d.getVar('FORCE_RO_REMOVE')
 
         if image_rorfs or image_rorfs_force == "1":
diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
index a46e5502ab..d818fce8f1 100644
--- a/meta/lib/oe/sstatesig.py
+++ b/meta/lib/oe/sstatesig.py
@@ -524,6 +524,7 @@ def OEOuthashBasic(path, sigfile, task, d):
     if task == "package":
         include_timestamps = True
         include_root = False
+        source_date_epoch = float(d.getVar("SOURCE_DATE_EPOCH"))
     hash_version = d.getVar('HASHEQUIV_HASH_VERSION')
     extra_sigdata = d.getVar("HASHEQUIV_EXTRA_SIGDATA")
 
@@ -615,7 +616,11 @@ def OEOuthashBasic(path, sigfile, task, d):
                         raise Exception(msg).with_traceback(e.__traceback__)
 
                 if include_timestamps:
-                    update_hash(" %10d" % s.st_mtime)
+                    # Need to clamp to SOURCE_DATE_EPOCH
+                    if s.st_mtime > source_date_epoch:
+                        update_hash(" %10d" % source_date_epoch)
+                    else:
+                        update_hash(" %10d" % s.st_mtime)
 
                 update_hash(" ")
                 if stat.S_ISBLK(s.st_mode) or stat.S_ISCHR(s.st_mode):
diff --git a/meta/lib/oe/utils.py b/meta/lib/oe/utils.py
index 14a7d07ef0..c9c7a47041 100644
--- a/meta/lib/oe/utils.py
+++ b/meta/lib/oe/utils.py
@@ -482,19 +482,6 @@ def get_multilib_datastore(variant, d):
         localdata.setVar("MLPREFIX", "")
     return localdata
 
-class ImageQAFailed(Exception):
-    def __init__(self, description, name=None, logfile=None):
-        self.description = description
-        self.name = name
-        self.logfile=logfile
-
-    def __str__(self):
-        msg = 'Function failed: %s' % self.name
-        if self.description:
-            msg = msg + ' (%s)' % self.description
-
-        return msg
-
 def sh_quote(string):
     import shlex
     return shlex.quote(string)
diff --git a/meta/lib/oeqa/core/runner.py b/meta/lib/oeqa/core/runner.py
index a86a706bd9..b683d9b80a 100644
--- a/meta/lib/oeqa/core/runner.py
+++ b/meta/lib/oeqa/core/runner.py
@@ -357,7 +357,7 @@ class OETestResultJSONHelper(object):
             os.makedirs(write_dir, exist_ok=True)
         test_results = self._get_existing_testresults_if_available(write_dir)
         test_results[result_id] = {'configuration': configuration, 'result': test_result}
-        json_testresults = json.dumps(test_results, sort_keys=True, indent=4)
+        json_testresults = json.dumps(test_results, sort_keys=True, indent=1)
         self._write_file(write_dir, self.testresult_filename, json_testresults)
         if has_bb:
             bb.utils.unlockfile(lf)
diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index 09cdd14c75..d473469384 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -55,14 +55,14 @@ class OESSHTarget(OETarget):
     def stop(self, **kwargs):
         pass
 
-    def _run(self, command, timeout=None, ignore_status=True):
+    def _run(self, command, timeout=None, ignore_status=True, raw=False):
         """
             Runs command in target using SSHProcess.
         """
         self.logger.debug("[Running]$ %s" % " ".join(command))
 
         starttime = time.time()
-        status, output = SSHCall(command, self.logger, timeout)
+        status, output = SSHCall(command, self.logger, timeout, raw)
         self.logger.debug("[Command returned '%d' after %.2f seconds]"
                  "" % (status, time.time() - starttime))
 
@@ -72,7 +72,7 @@ class OESSHTarget(OETarget):
 
         return (status, output)
 
-    def run(self, command, timeout=None, ignore_status=True):
+    def run(self, command, timeout=None, ignore_status=True, raw=False):
         """
             Runs command in target.
 
@@ -91,7 +91,7 @@ class OESSHTarget(OETarget):
         else:
             processTimeout = self.timeout
 
-        status, output = self._run(sshCmd, processTimeout, ignore_status)
+        status, output = self._run(sshCmd, processTimeout, ignore_status, raw)
         self.logger.debug('Command: %s\nStatus: %d Output:  %s\n' % (command, status, output))
 
         return (status, output)
@@ -206,7 +206,7 @@ class OESSHTarget(OETarget):
                 remoteDir = os.path.join(remotePath, tmpDir.lstrip("/"))
                 self.deleteDir(remoteDir)
 
-def SSHCall(command, logger, timeout=None, **opts):
+def SSHCall(command, logger, timeout=None, raw=False, **opts):
 
     def run():
         nonlocal output
@@ -265,7 +265,7 @@ def SSHCall(command, logger, timeout=None, **opts):
         else:
             output_raw = process.communicate()[0]
 
-        output = output_raw.decode('utf-8', errors='ignore')
+        output = output_raw if raw else output_raw.decode('utf-8', errors='ignore')
         logger.debug('Data from SSH call:\n%s' % output.rstrip())
 
         # timout or not, make sure process exits and is not hanging
@@ -292,7 +292,7 @@ def SSHCall(command, logger, timeout=None, **opts):
 
     options = {
         "stdout": subprocess.PIPE,
-        "stderr": subprocess.STDOUT,
+        "stderr": subprocess.STDOUT if not raw else None,
         "stdin": None,
         "shell": False,
         "bufsize": -1,
@@ -320,4 +320,4 @@ def SSHCall(command, logger, timeout=None, **opts):
         logger.debug('Something went wrong, killing SSH process')
         raise
 
-    return (process.returncode, output.rstrip())
+    return (process.returncode, output if raw else output.rstrip())
diff --git a/meta/lib/oeqa/runtime/cases/ssh.py b/meta/lib/oeqa/runtime/cases/ssh.py
index b86428002f..89d64430e5 100644
--- a/meta/lib/oeqa/runtime/cases/ssh.py
+++ b/meta/lib/oeqa/runtime/cases/ssh.py
@@ -16,8 +16,8 @@ class SSHTest(OERuntimeTestCase):
     @OETestDepends(['ping.PingTest.test_ping'])
     @OEHasPackage(['dropbear', 'openssh-sshd'])
     def test_ssh(self):
-        for i in range(20):
-          status, output = self.target.run("uname -a", timeout=5)
+        for i in range(5):
+          status, output = self.target.run("uname -a", timeout=30)
           if status == 0:
               break
           elif status == 255 or status == -signal.SIGTERM:
diff --git a/meta/lib/oeqa/sdk/context.py b/meta/lib/oeqa/sdk/context.py
index 01c38c24e6..77e6a98f39 100644
--- a/meta/lib/oeqa/sdk/context.py
+++ b/meta/lib/oeqa/sdk/context.py
@@ -41,11 +41,13 @@ class OESDKTestContext(OETestContext):
 
     def hasTargetPackage(self, pkg, multilib=False, regex=False):
         if multilib:
-            # match multilib according to sdk_env
-            mls = self.td.get('MULTILIB_VARIANTS', '').split()
-            for ml in mls:
-                if ('ml'+ml) in self.sdk_env:
-                    pkg = ml + '-' + pkg
+            stripped_sdk_env = os.path.basename(self.sdk_env)
+            if stripped_sdk_env.startswith('environment-setup-'):
+                # match multilib according to sdk_env
+                mls = self.td.get('MULTILIB_VARIANTS', '').split()
+                for ml in mls:
+                    if ('ml'+ml) in stripped_sdk_env:
+                        pkg = ml + '-' + pkg
         return self._hasPackage(self.target_pkg_manifest, pkg, regex=regex)
 
 class OESDKTestContextExecutor(OETestContextExecutor):
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index fc08906117..ee75687f01 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -2493,7 +2493,7 @@ class DevtoolIdeSdkTests(DevtoolBase):
         self.track_for_cleanup(tempdir)
         self.add_command_to_tearDown('bitbake -c clean %s' % recipe_name)
 
-        result = runCmd('devtool modify %s -x %s' % (recipe_name, tempdir))
+        result = runCmd('devtool modify %s -x %s --debug-build' % (recipe_name, tempdir))
         self.assertExists(os.path.join(tempdir, build_file),
                           'Extracted source could not be found')
         self.assertExists(os.path.join(self.workspacedir, 'conf',
diff --git a/meta/lib/oeqa/selftest/cases/meta_ide.py b/meta/lib/oeqa/selftest/cases/meta_ide.py
index ffe0d2604d..5a17ca52ea 100644
--- a/meta/lib/oeqa/selftest/cases/meta_ide.py
+++ b/meta/lib/oeqa/selftest/cases/meta_ide.py
@@ -20,8 +20,8 @@ class MetaIDE(OESelftestTestCase):
         bitbake('meta-ide-support')
         bitbake('build-sysroots -c build_native_sysroot')
         bitbake('build-sysroots -c build_target_sysroot')
-        bb_vars = get_bb_vars(['MULTIMACH_TARGET_SYS', 'DEPLOY_DIR_IMAGE', 'COREBASE'])
-        cls.environment_script = 'environment-setup-%s' % bb_vars['MULTIMACH_TARGET_SYS']
+        bb_vars = get_bb_vars(['MACHINE_ARCH', 'TARGET_VENDOR', 'TARGET_OS', 'DEPLOY_DIR_IMAGE', 'COREBASE'])
+        cls.environment_script = 'environment-setup-%s%s-%s' % (bb_vars['MACHINE_ARCH'], bb_vars['TARGET_VENDOR'], bb_vars['TARGET_OS'])
         cls.deploydir = bb_vars['DEPLOY_DIR_IMAGE']
         cls.environment_script_path = '%s/%s' % (cls.deploydir, cls.environment_script)
         cls.corebasedir = bb_vars['COREBASE']
diff --git a/meta/lib/oeqa/selftest/cases/overlayfs.py b/meta/lib/oeqa/selftest/cases/overlayfs.py
index e31063567b..580fbdcb9c 100644
--- a/meta/lib/oeqa/selftest/cases/overlayfs.py
+++ b/meta/lib/oeqa/selftest/cases/overlayfs.py
@@ -5,7 +5,7 @@
 #
 
 from oeqa.selftest.case import OESelftestTestCase
-from oeqa.utils.commands import bitbake, runqemu
+from oeqa.utils.commands import bitbake, runqemu, get_bb_vars
 from oeqa.core.decorator import OETestTag
 from oeqa.core.decorator.data import skipIfNotMachine
 
@@ -466,6 +466,45 @@ IMAGE_INSTALL:append = " overlayfs-user"
             line = getline_qemu(output, "Read-only file system")
             self.assertTrue(line, msg=output)
 
+    @skipIfNotMachine("qemux86-64", "tests are qemux86-64 specific currently")
+    def test_postinst_on_target_for_read_only_rootfs(self):
+        """
+        Summary:  The purpose of this test case is to verify that post-installation
+                  on target scripts are executed even if using read-only rootfs when
+                  read-only-rootfs-delayed-postinsts is set
+        Expected: The test files are created on first boot
+        """
+
+        import oe.path
+
+        vars = get_bb_vars(("IMAGE_ROOTFS", "sysconfdir"), "core-image-minimal")
+        sysconfdir = vars["sysconfdir"]
+        self.assertIsNotNone(sysconfdir)
+        # Need to use oe.path here as sysconfdir starts with /
+        targettestdir = os.path.join(sysconfdir, "postinst-test")
+
+        config = self.get_working_config()
+
+        args = {
+            'OVERLAYFS_INIT_OPTION': "",
+            'OVERLAYFS_ETC_USE_ORIG_INIT_NAME': 1,
+            'OVERLAYFS_ROOTFS_TYPE': "ext4",
+            'OVERLAYFS_ETC_CREATE_MOUNT_DIRS': 1
+        }
+
+        # read-only-rootfs is already set in get_working_config()
+        config += 'EXTRA_IMAGE_FEATURES += "read-only-rootfs-delayed-postinsts"\n'
+        config += 'CORE_IMAGE_EXTRA_INSTALL = "postinst-delayed-b"\n'
+
+        self.write_config(config.format(**args))
+
+        res = bitbake('core-image-minimal')
+
+        with runqemu('core-image-minimal', image_fstype='wic') as qemu:
+            for filename in ("rootfs", "delayed-a", "delayed-b"):
+                status, output = qemu.run_serial("test -f %s && echo found" % os.path.join(targettestdir, filename))
+                self.assertIn("found", output, "%s was not present on boot" % filename)
+
     def get_working_config(self):
         return """
 # Use systemd as init manager
diff --git a/meta/lib/oeqa/selftest/cases/reproducible.py b/meta/lib/oeqa/selftest/cases/reproducible.py
index 021e894012..34efa730e5 100644
--- a/meta/lib/oeqa/selftest/cases/reproducible.py
+++ b/meta/lib/oeqa/selftest/cases/reproducible.py
@@ -16,6 +16,8 @@ import os
 import datetime
 
 exclude_packages = [
+       'rust-rustdoc',
+       'rust-dbg'
         ]
 
 def is_excluded(package):
@@ -177,12 +179,8 @@ class ReproducibleTests(OESelftestTestCase):
             self.sstate_targets = bb_vars['OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS'].split()
 
         self.extraresults = {}
-        self.extraresults.setdefault('reproducible.rawlogs', {})['log'] = ''
         self.extraresults.setdefault('reproducible', {}).setdefault('files', {})
 
-    def append_to_log(self, msg):
-        self.extraresults['reproducible.rawlogs']['log'] += msg
-
     def compare_packages(self, reference_dir, test_dir, diffutils_sysroot):
         result = PackageCompareResults(self.oeqa_reproducible_excluded_packages)
 
@@ -209,7 +207,7 @@ class ReproducibleTests(OESelftestTestCase):
 
     def write_package_list(self, package_class, name, packages):
         self.extraresults['reproducible']['files'].setdefault(package_class, {})[name] = [
-                {'reference': p.reference, 'test': p.test} for p in packages]
+                p.reference.split("/./")[1] for p in packages]
 
     def copy_file(self, source, dest):
         bb.utils.mkdirhier(os.path.dirname(dest))
@@ -295,8 +293,6 @@ class ReproducibleTests(OESelftestTestCase):
 
                 self.logger.info('Reproducibility summary for %s: %s' % (c, result))
 
-                self.append_to_log('\n'.join("%s: %s" % (r.status, r.test) for r in result.total))
-
                 self.write_package_list(package_class, 'missing', result.missing)
                 self.write_package_list(package_class, 'different', result.different)
                 self.write_package_list(package_class, 'different_excluded', result.different_excluded)
diff --git a/meta/lib/oeqa/selftest/cases/rust.py b/meta/lib/oeqa/selftest/cases/rust.py
index ad14189c6d..26f132edc4 100644
--- a/meta/lib/oeqa/selftest/cases/rust.py
+++ b/meta/lib/oeqa/selftest/cases/rust.py
@@ -3,6 +3,7 @@ import os
 import subprocess
 import time
 from oeqa.core.decorator import OETestTag
+from oeqa.core.decorator.data import skipIfArch
 from oeqa.core.case import OEPTestResultTestCase
 from oeqa.selftest.case import OESelftestTestCase
 from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars, runqemu, Command
@@ -38,15 +39,12 @@ def parse_results(filename):
 @OETestTag("toolchain-user")
 @OETestTag("runqemu")
 class RustSelfTestSystemEmulated(OESelftestTestCase, OEPTestResultTestCase):
+
+    @skipIfArch(['mips', 'mips64'])
     def test_rust(self, *args, **kwargs):
         # Disable Rust Oe-selftest
         #self.skipTest("The Rust Oe-selftest is disabled.")
 
-        # Skip mips32 target since it is unstable with rust tests
-        machine = get_bb_var('MACHINE')
-        if machine == "qemumips":
-            self.skipTest("The mips32 target is skipped for Rust Oe-selftest.")
-
         # build remote-test-server before image build
         recipe = "rust"
         start_time = time.time()
@@ -210,9 +208,8 @@ class RustSelfTestSystemEmulated(OESelftestTestCase, OEPTestResultTestCase):
             tmpdir = get_bb_var("TMPDIR", "rust")
 
             # Set path for target-poky-linux-gcc, RUST_TARGET_PATH and hosttools.
-            cmd = " export PATH=%s/recipe-sysroot-native/usr/bin:$PATH;" % rustlibpath
-            cmd = cmd + " export TARGET_VENDOR=\"-poky\";"
-            cmd = cmd + " export PATH=%s/recipe-sysroot-native/usr/bin/%s:%s/hosttools:$PATH;" % (rustlibpath, tcpath, tmpdir)
+            cmd = "export TARGET_VENDOR=\"-poky\";"
+            cmd = cmd + " export PATH=%s/recipe-sysroot-native/usr/bin/python3-native:%s/recipe-sysroot-native/usr/bin:%s/recipe-sysroot-native/usr/bin/%s:%s/hosttools:$PATH;" % (rustlibpath, rustlibpath, rustlibpath, tcpath, tmpdir)
             cmd = cmd + " export RUST_TARGET_PATH=%s/rust-targets;" % rustlibpath
             # Trigger testing.
             cmd = cmd + " export TEST_DEVICE_ADDR=\"%s:12345\";" % qemu.ip
diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py b/meta/lib/oeqa/selftest/cases/sstatetests.py
index 86d6cd7464..4a2c425ac8 100644
--- a/meta/lib/oeqa/selftest/cases/sstatetests.py
+++ b/meta/lib/oeqa/selftest/cases/sstatetests.py
@@ -977,7 +977,7 @@ class SStateMirrors(SStateBase):
             self.append_config("""
 MACHINE = "{}"
 BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"
-SSTATE_MIRRORS ?= "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"
+SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
 """.format(machine))
         else:
             self.append_config("""
diff --git a/meta/lib/oeqa/utils/gitarchive.py b/meta/lib/oeqa/utils/gitarchive.py
index 10cb267dfa..a826646059 100644
--- a/meta/lib/oeqa/utils/gitarchive.py
+++ b/meta/lib/oeqa/utils/gitarchive.py
@@ -67,7 +67,7 @@ def git_commit_data(repo, data_dir, branch, message, exclude, notes, log):
 
         # Remove files that are excluded
         if exclude:
-            repo.run_cmd(['rm', '--cached'] + [f for f in exclude], env_update)
+            repo.run_cmd(['rm', '--cached', '--ignore-unmatch'] + [f for f in exclude], env_update)
 
         tree = repo.run_cmd('write-tree', env_update)
 
@@ -202,6 +202,8 @@ def gitarchive(data_dir, git_dir, no_create, bare, commit_msg_subject, commit_ms
         log.info("Pushing data to remote")
         data_repo.run_cmd(cmd)
 
+    return tag_name
+
 # Container class for tester revisions
 TestedRev = namedtuple('TestedRev', 'commit commit_number tags')
 
diff --git a/meta/lib/oeqa/utils/qemurunner.py b/meta/lib/oeqa/utils/qemurunner.py
index cda43aad8c..f1c2d2b5c9 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -519,7 +519,6 @@ class QemuRunner:
                 except Exception as e:
                     self.logger.warning('Extra log data exception %s' % repr(e))
                     data = None
-            self.thread.serial_lock.release()
             return False
 
         with self.thread.serial_lock:
@@ -822,10 +821,12 @@ class LoggingThread(threading.Thread):
                     self.logfunc(data, ".stdout")
                 elif self.serialsock and self.serialsock.fileno() == fd:
                     if self.serial_lock.acquire(blocking=False):
-                        data = self.recv(1024, self.serialsock)
-                        self.logger.debug("Data received serial thread %s" % data.decode('utf-8', 'replace'))
-                        self.logfunc(data, ".2")
-                        self.serial_lock.release()
+                        try:
+                            data = self.recv(1024, self.serialsock)
+                            self.logger.debug("Data received serial thread %s" % data.decode('utf-8', 'replace'))
+                            self.logfunc(data, ".2")
+                        finally:
+                            self.serial_lock.release()
                     else:
                         serial_registered = False
                         poll.unregister(self.serialsock.fileno())
diff --git a/meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch b/meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch
new file mode 100644
index 0000000000..0ff6dff33a
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch
@@ -0,0 +1,68 @@
+From ea703528a8581a2ea7e0bad424a70fdf0aec7d8f Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sat, 15 Jun 2024 02:33:08 +0100
+Subject: [PATCH 1/2] misc: Implement grub_strlcpy()
+
+grub_strlcpy() acts the same way as strlcpy() does on most *NIX,
+returning the length of src and ensuring dest is always NUL
+terminated except when size is 0.
+
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ea703528a8581a2ea7e0bad424a70fdf0aec7d8f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ include/grub/misc.h | 39 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 39 insertions(+)
+
+diff --git a/include/grub/misc.h b/include/grub/misc.h
+index 1578f36c3..14d8f37ac 100644
+--- a/include/grub/misc.h
++++ b/include/grub/misc.h
+@@ -64,6 +64,45 @@ grub_stpcpy (char *dest, const char *src)
+   return d - 1;
+ }
+ 
++static inline grub_size_t
++grub_strlcpy (char *dest, const char *src, grub_size_t size)
++{
++  char *d = dest;
++  grub_size_t res = 0;
++  /*
++   * We do not subtract one from size here to avoid dealing with underflowing
++   * the value, which is why to_copy is always checked to be greater than one
++   * throughout this function.
++   */
++  grub_size_t to_copy = size;
++
++  /* Copy size - 1 bytes to dest. */
++  if (to_copy > 1)
++    while ((*d++ = *src++) != '\0' && ++res && --to_copy > 1)
++      ;
++
++  /*
++   * NUL terminate if size != 0. The previous step may have copied a NUL byte
++   * if it reached the end of the string, but we know dest[size - 1] must always
++   * be a NUL byte.
++   */
++  if (size != 0)
++    dest[size - 1] = '\0';
++
++  /* If there is still space in dest, but are here, we reached the end of src. */
++  if (to_copy > 1)
++    return res;
++
++  /*
++   * If we haven't reached the end of the string, iterate through to determine
++   * the strings total length.
++   */
++  while (*src++ != '\0' && ++res)
++   ;
++
++  return res;
++}
++
+ /* XXX: If grub_memmove is too slow, we must implement grub_memcpy.  */
+ static inline void *
+ grub_memcpy (void *dest, const void *src, grub_size_t n)
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45774.patch b/meta/recipes-bsp/grub/files/CVE-2024-45774.patch
new file mode 100644
index 0000000000..55aecc17d7
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45774.patch
@@ -0,0 +1,37 @@
+From 2c34af908ebf4856051ed29e46d88abd2b20387f Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 8 Mar 2024 22:47:20 +1100
+Subject: [PATCH] video/readers/jpeg: Do not permit duplicate SOF0 markers in
+ JPEG
+
+Otherwise a subsequent header could change the height and width
+allowing future OOB writes.
+
+Fixes: CVE-2024-45774
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2024-45774
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2c34af908ebf4856051ed29e46d88abd2b20387f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/video/readers/jpeg.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index ae634fd41..631a89356 100644
+--- a/grub-core/video/readers/jpeg.c
++++ b/grub-core/video/readers/jpeg.c
+@@ -339,6 +339,10 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data)
+   if (grub_errno != GRUB_ERR_NONE)
+     return grub_errno;
+ 
++  if (data->image_height != 0 || data->image_width != 0)
++    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
++                      "jpeg: cannot have duplicate SOF0 markers");
++
+   if (grub_jpeg_get_byte (data) != 8)
+     return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+                       "jpeg: only 8-bit precision is supported");
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45775.patch b/meta/recipes-bsp/grub/files/CVE-2024-45775.patch
new file mode 100644
index 0000000000..70492b8c2e
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45775.patch
@@ -0,0 +1,38 @@
+From 05be856a8c3aae41f5df90cab7796ab7ee34b872 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:55 +0000
+Subject: [PATCH] commands/extcmd: Missing check for failed allocation
+
+The grub_extcmd_dispatcher() calls grub_arg_list_alloc() to allocate
+a grub_arg_list struct but it does not verify the allocation was successful.
+In case of failed allocation the NULL state pointer can be accessed in
+parse_option() through grub_arg_parse() which may lead to a security issue.
+
+Fixes: CVE-2024-45775
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+
+CVE: CVE-2024-45775
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=05be856a8c3aae41f5df90cab7796ab7ee34b872]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/extcmd.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/grub-core/commands/extcmd.c b/grub-core/commands/extcmd.c
+index 90a5ca24a..c236be13a 100644
+--- a/grub-core/commands/extcmd.c
++++ b/grub-core/commands/extcmd.c
+@@ -49,6 +49,9 @@ grub_extcmd_dispatcher (struct grub_command *cmd, int argc, char **args,
+     }
+ 
+   state = grub_arg_list_alloc (ext, argc, args);
++  if (state == NULL)
++    return grub_errno;
++
+   if (grub_arg_parse (ext, argc, args, state, &new_args, &new_argc))
+     {
+       context.state = state;
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45776.patch b/meta/recipes-bsp/grub/files/CVE-2024-45776.patch
new file mode 100644
index 0000000000..8deea958b8
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45776.patch
@@ -0,0 +1,39 @@
+From 09bd6eb58b0f71ec273916070fa1e2de16897a91 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:56 +0000
+Subject: [PATCH] gettext: Integer overflow leads to heap OOB write or read
+
+Calculation of ctx->grub_gettext_msg_list size in grub_mofile_open() may
+overflow leading to subsequent OOB write or read. This patch fixes the
+issue by replacing grub_zalloc() and explicit multiplication with
+grub_calloc() which does the same thing in safe manner.
+
+Fixes: CVE-2024-45776
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+
+CVE: CVE-2024-45776
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=09bd6eb58b0f71ec273916070fa1e2de16897a91]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/gettext/gettext.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index e4f4f8ee6..63bb1ab73 100644
+--- a/grub-core/gettext/gettext.c
++++ b/grub-core/gettext/gettext.c
+@@ -323,8 +323,8 @@ grub_mofile_open (struct grub_gettext_context *ctx,
+   for (ctx->grub_gettext_max_log = 0; ctx->grub_gettext_max >> ctx->grub_gettext_max_log;
+        ctx->grub_gettext_max_log++);
+ 
+-  ctx->grub_gettext_msg_list = grub_zalloc (ctx->grub_gettext_max
+-                                           * sizeof (ctx->grub_gettext_msg_list[0]));
++  ctx->grub_gettext_msg_list = grub_calloc (ctx->grub_gettext_max,
++                                           sizeof (ctx->grub_gettext_msg_list[0]));
+   if (!ctx->grub_gettext_msg_list)
+     {
+       grub_file_close (fd);
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45777.patch b/meta/recipes-bsp/grub/files/CVE-2024-45777.patch
new file mode 100644
index 0000000000..0305a95fd5
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45777.patch
@@ -0,0 +1,57 @@
+From b970a5ed967816bbca8225994cd0ee2557bad515 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:57 +0000
+Subject: [PATCH] gettext: Integer overflow leads to heap OOB write
+
+The size calculation of the translation buffer in
+grub_gettext_getstr_from_position() may overflow
+to 0 leading to heap OOB write. This patch fixes
+the issue by using grub_add() and checking for
+an overflow.
+
+Fixes: CVE-2024-45777
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+
+CVE: CVE-2024-45777
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b970a5ed967816bbca8225994cd0ee2557bad515]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/gettext/gettext.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index 63bb1ab73..9ffc73428 100644
+--- a/grub-core/gettext/gettext.c
++++ b/grub-core/gettext/gettext.c
+@@ -26,6 +26,7 @@
+ #include <grub/file.h>
+ #include <grub/kernel.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -99,6 +100,7 @@ grub_gettext_getstr_from_position (struct grub_gettext_context *ctx,
+   char *translation;
+   struct string_descriptor desc;
+   grub_err_t err;
++  grub_size_t alloc_sz;
+ 
+   internal_position = (off + position * sizeof (desc));
+ 
+@@ -109,7 +111,10 @@ grub_gettext_getstr_from_position (struct grub_gettext_context *ctx,
+   length = grub_cpu_to_le32 (desc.length);
+   offset = grub_cpu_to_le32 (desc.offset);
+ 
+-  translation = grub_malloc (length + 1);
++  if (grub_add (length, 1, &alloc_sz))
++    return NULL;
++
++  translation = grub_malloc (alloc_sz);
+   if (!translation)
+     return NULL;
+ 
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch b/meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch
new file mode 100644
index 0000000000..eba013897f
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch
@@ -0,0 +1,55 @@
+From 26db6605036bd9e5b16d9068a8cc75be63b8b630 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Sat, 23 Mar 2024 15:59:43 +1100
+Subject: [PATCH] fs/bfs: Disable under lockdown
+
+The BFS is not fuzz-clean. Don't allow it to be loaded under lockdown.
+This will also disable the AFS.
+
+Fixes: CVE-2024-45778
+Fixes: CVE-2024-45779
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2024-45778
+CVE: CVE-2024-45779
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/bfs.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/fs/bfs.c b/grub-core/fs/bfs.c
+index 022f69fe2..78aeb051f 100644
+--- a/grub-core/fs/bfs.c
++++ b/grub-core/fs/bfs.c
+@@ -30,6 +30,7 @@
+ #include <grub/types.h>
+ #include <grub/i18n.h>
+ #include <grub/fshelp.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1106,7 +1107,10 @@ GRUB_MOD_INIT (bfs)
+ {
+   COMPILE_TIME_ASSERT (1 << LOG_EXTENT_SIZE ==
+                       sizeof (struct grub_bfs_extent));
+-  grub_fs_register (&grub_bfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_bfs_fs);
++    }
+ }
+ 
+ #ifdef MODE_AFS
+@@ -1115,5 +1119,6 @@ GRUB_MOD_FINI (afs)
+ GRUB_MOD_FINI (bfs)
+ #endif
+ {
+-  grub_fs_unregister (&grub_bfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_bfs_fs);
+ }
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45780.patch b/meta/recipes-bsp/grub/files/CVE-2024-45780.patch
new file mode 100644
index 0000000000..1de0099f94
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45780.patch
@@ -0,0 +1,93 @@
+From 0087bc6902182fe5cedce2d034c75a79cf6dd4f3 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:58 +0000
+Subject: [PATCH] fs/tar: Integer overflow leads to heap OOB write
+
+Both namesize and linksize are derived from hd.size, a 12-digit octal
+number parsed by read_number(). Later direct arithmetic calculation like
+"namesize + 1" and "linksize + 1" may exceed the maximum value of
+grub_size_t leading to heap OOB write. This patch fixes the issue by
+using grub_add() and checking for an overflow.
+
+Fixes: CVE-2024-45780
+
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+
+CVE: CVE-2024-45780
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0087bc6902182fe5cedce2d034c75a79cf6dd4f3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/tar.c | 23 ++++++++++++++++++-----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c
+index 646bce5eb..386c09022 100644
+--- a/grub-core/fs/tar.c
++++ b/grub-core/fs/tar.c
+@@ -25,6 +25,7 @@
+ #include <grub/mm.h>
+ #include <grub/dl.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -76,6 +77,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+ {
+   struct head hd;
+   int reread = 0, have_longname = 0, have_longlink = 0;
++  grub_size_t sz;
+ 
+   data->hofs = data->next_hofs;
+ 
+@@ -97,7 +99,11 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+        {
+          grub_err_t err;
+          grub_size_t namesize = read_number (hd.size, sizeof (hd.size));
+-         *name = grub_malloc (namesize + 1);
++
++         if (grub_add (namesize, 1, &sz))
++           return grub_error (GRUB_ERR_BAD_FS, N_("name size overflow"));
++
++         *name = grub_malloc (sz);
+          if (*name == NULL)
+            return grub_errno;
+          err = grub_disk_read (data->disk, 0,
+@@ -117,15 +123,19 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+        {
+          grub_err_t err;
+          grub_size_t linksize = read_number (hd.size, sizeof (hd.size));
+-         if (data->linkname_alloc < linksize + 1)
++
++         if (grub_add (linksize, 1, &sz))
++           return grub_error (GRUB_ERR_BAD_FS, N_("link size overflow"));
++
++         if (data->linkname_alloc < sz)
+            {
+              char *n;
+-             n = grub_calloc (2, linksize + 1);
++             n = grub_calloc (2, sz);
+              if (!n)
+                return grub_errno;
+              grub_free (data->linkname);
+              data->linkname = n;
+-             data->linkname_alloc = 2 * (linksize + 1);
++             data->linkname_alloc = 2 * (sz);
+            }
+ 
+          err = grub_disk_read (data->disk, 0,
+@@ -148,7 +158,10 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+          while (extra_size < sizeof (hd.prefix)
+                 && hd.prefix[extra_size])
+            extra_size++;
+-         *name = grub_malloc (sizeof (hd.name) + extra_size + 2);
++
++         if (grub_add (sizeof (hd.name) + 2, extra_size, &sz))
++           return grub_error (GRUB_ERR_BAD_FS, N_("long name size overflow"));
++         *name = grub_malloc (sz);
+          if (*name == NULL)
+            return grub_errno;
+          if (hd.prefix[0])
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45781.patch b/meta/recipes-bsp/grub/files/CVE-2024-45781.patch
new file mode 100644
index 0000000000..bd0b6aa04a
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45781.patch
@@ -0,0 +1,35 @@
+From c1a291b01f4f1dcd6a22b61f1c81a45a966d16ba Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sun, 12 May 2024 02:03:33 +0100
+Subject: [PATCH 2/2] fs/ufs: Fix a heap OOB write
+
+grub_strcpy() was used to copy a symlink name from the filesystem
+image to a heap allocated buffer. This led to a OOB write to adjacent
+heap allocations. Fix by using grub_strlcpy().
+
+Fixes: CVE-2024-45781
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2024-45781
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=c1a291b01f4f1dcd6a22b61f1c81a45a966d16ba]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/ufs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/ufs.c b/grub-core/fs/ufs.c
+index a354c92d9..01235101b 100644
+--- a/grub-core/fs/ufs.c
++++ b/grub-core/fs/ufs.c
+@@ -463,7 +463,7 @@ grub_ufs_lookup_symlink (struct grub_ufs_data *data, int ino)
+   /* Check against zero is paylindromic, no need to swap.  */
+   if (data->inode.nblocks == 0
+       && INODE_SIZE (data) <= sizeof (data->inode.symlink))
+-    grub_strcpy (symlink, (char *) data->inode.symlink);
++    grub_strlcpy (symlink, (char *) data->inode.symlink, sz);
+   else
+     {
+       if (grub_ufs_read_file (data, 0, 0, 0, sz, symlink) < 0)
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch b/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
new file mode 100644
index 0000000000..41cc025b81
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
@@ -0,0 +1,36 @@
+From 417547c10410b714e43f08f74137c24015f8f4c3 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sun, 12 May 2024 02:48:33 +0100
+Subject: [PATCH] fs/hfs: Fix stack OOB write with grub_strcpy()
+
+Replaced with grub_strlcpy().
+
+Fixes: CVE-2024-45782
+Fixes: CVE-2024-56737
+Fixes: https://savannah.gnu.org/bugs/?66599
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2024-45782
+CVE: CVE-2024-56737
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=417547c10410b714e43f08f74137c24015f8f4c3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/hfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
+index 91dc0e69c..920112b03 100644
+--- a/grub-core/fs/hfs.c
++++ b/grub-core/fs/hfs.c
+@@ -379,7 +379,7 @@ grub_hfs_mount (grub_disk_t disk)
+      volume name.  */
+   key.parent_dir = grub_cpu_to_be32_compile_time (1);
+   key.strlen = data->sblock.volname[0];
+-  grub_strcpy ((char *) key.str, (char *) (data->sblock.volname + 1));
++  grub_strlcpy ((char *) key.str, (char *) (data->sblock.volname + 1), sizeof (key.str));
+ 
+   if (grub_hfs_find_node (data, (char *) &key, data->cat_root,
+                          0, (char *) &dir, sizeof (dir)) == 0)
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45783.patch b/meta/recipes-bsp/grub/files/CVE-2024-45783.patch
new file mode 100644
index 0000000000..99c769961b
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45783.patch
@@ -0,0 +1,39 @@
+From f7c070a2e28dfab7137db0739fb8db1dc02d8898 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sun, 12 May 2024 06:22:51 +0100
+Subject: [PATCH] fs/hfsplus: Set a grub_errno if mount fails
+
+It was possible for mount to fail but not set grub_errno. This led to
+a possible double decrement of the module reference count if the NULL
+page was mapped.
+
+Fixing in general as a similar bug was fixed in commit 61b13c187
+(fs/hfsplus: Set grub_errno to prevent NULL pointer access) and there
+are likely more variants around.
+
+Fixes: CVE-2024-45783
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2024-45783
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f7c070a2e28dfab7137db0739fb8db1dc02d8898]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/hfsplus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index 295822f69..de71fd486 100644
+--- a/grub-core/fs/hfsplus.c
++++ b/grub-core/fs/hfsplus.c
+@@ -405,7 +405,7 @@ grub_hfsplus_mount (grub_disk_t disk)
+ 
+  fail:
+ 
+-  if (grub_errno == GRUB_ERR_OUT_OF_RANGE)
++  if (grub_errno == GRUB_ERR_OUT_OF_RANGE || grub_errno == GRUB_ERR_NONE)
+     grub_error (GRUB_ERR_BAD_FS, "not a HFS+ filesystem");
+ 
+   grub_free (data);
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch b/meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch
new file mode 100644
index 0000000000..09dbfce5f8
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch
@@ -0,0 +1,35 @@
+From 2123c5bca7e21fbeb0263df4597ddd7054700726 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 1 Nov 2024 19:24:29 +0000
+Subject: [PATCH 1/3] commands/pgp: Unregister the "check_signatures" hooks on
+ module unload
+
+If the hooks are not removed they can be called after the module has
+been unloaded leading to an use-after-free.
+
+Fixes: CVE-2025-0622
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0622
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2123c5bca7e21fbeb0263df4597ddd7054700726]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/pgp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
+index c6766f044..5fadc33c4 100644
+--- a/grub-core/commands/pgp.c
++++ b/grub-core/commands/pgp.c
+@@ -1010,6 +1010,8 @@ GRUB_MOD_INIT(pgp)
+ 
+ GRUB_MOD_FINI(pgp)
+ {
++  grub_register_variable_hook ("check_signatures", NULL, NULL);
++  grub_env_unset ("check_signatures");
+   grub_verifier_unregister (&grub_pubkey_verifier);
+   grub_unregister_extcmd (cmd);
+   grub_unregister_extcmd (cmd_trust);
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch b/meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch
new file mode 100644
index 0000000000..be01da3355
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch
@@ -0,0 +1,41 @@
+From 9c16197734ada8d0838407eebe081117799bfe67 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 1 Nov 2024 23:46:55 +0000
+Subject: [PATCH 2/3] normal: Remove variables hooks on module unload
+
+The normal module does not entirely cleanup after itself in
+its GRUB_MOD_FINI() leaving a few variables hooks in place.
+It is not possible to unload normal module now but fix the
+issues for completeness.
+
+On the occasion replace 0s with NULLs for "pager" variable
+hooks unregister.
+
+Fixes: CVE-2025-0622
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0622
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c16197734ada8d0838407eebe081117799bfe67]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/normal/main.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
+index 838f57fa5..04d058f55 100644
+--- a/grub-core/normal/main.c
++++ b/grub-core/normal/main.c
+@@ -582,7 +582,9 @@ GRUB_MOD_FINI(normal)
+   grub_xputs = grub_xputs_saved;
+ 
+   grub_set_history (0);
+-  grub_register_variable_hook ("pager", 0, 0);
++  grub_register_variable_hook ("pager", NULL, NULL);
++  grub_register_variable_hook ("color_normal", NULL, NULL);
++  grub_register_variable_hook ("color_highlight", NULL, NULL);
+   grub_fs_autoload_hook = 0;
+   grub_unregister_command (cmd_clear);
+ }
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch b/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
new file mode 100644
index 0000000000..79078a4350
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
@@ -0,0 +1,38 @@
+From 7580addfc8c94cedb0cdfd7a1fd65b539215e637 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 1 Nov 2024 23:52:06 +0000
+Subject: [PATCH 3/3] gettext: Remove variables hooks on module unload
+
+The gettext module does not entirely cleanup after itself in
+its GRUB_MOD_FINI() leaving a few variables hooks in place.
+It is not possible to unload gettext module because normal
+module depends on it. Though fix the issues for completeness.
+
+Fixes: CVE-2025-0622
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0622
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7580addfc8c94cedb0cdfd7a1fd65b539215e637]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/gettext/gettext.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index 7a1c14e4f..e4f4f8ee6 100644
+--- a/grub-core/gettext/gettext.c
++++ b/grub-core/gettext/gettext.c
+@@ -535,6 +535,10 @@ GRUB_MOD_INIT (gettext)
+ 
+ GRUB_MOD_FINI (gettext)
+ {
++  grub_register_variable_hook ("locale_dir", NULL, NULL);
++  grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
++  grub_register_variable_hook ("lang", NULL, NULL);
++
+   grub_gettext_delete_list (&main_context);
+   grub_gettext_delete_list (&secondary_context);
+ 
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0624.patch b/meta/recipes-bsp/grub/files/CVE-2025-0624.patch
new file mode 100644
index 0000000000..229fe6399e
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0624.patch
@@ -0,0 +1,84 @@
+From 5eef88152833062a3f7e017535372d64ac8ef7e1 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 15 Nov 2024 13:12:09 +0000
+Subject: [PATCH] net: Fix OOB write in grub_net_search_config_file()
+
+The function included a call to grub_strcpy() which copied data from an
+environment variable to a buffer allocated in grub_cmd_normal(). The
+grub_cmd_normal() didn't consider the length of the environment variable.
+So, the copy operation could exceed the allocation and lead to an OOB
+write. Fix the issue by replacing grub_strcpy() with grub_strlcpy() and
+pass the underlying buffers size to the grub_net_search_config_file().
+
+Fixes: CVE-2025-0624
+
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0624
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5eef88152833062a3f7e017535372d64ac8ef7e1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/net/net.c     | 7 ++++---
+ grub-core/normal/main.c | 2 +-
+ include/grub/net.h      | 2 +-
+ 3 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index 0e41e21a5..9939ff601 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -1909,14 +1909,15 @@ grub_config_search_through (char *config, char *suffix,
+ }
+ 
+ grub_err_t
+-grub_net_search_config_file (char *config)
++grub_net_search_config_file (char *config, grub_size_t config_buf_len)
+ {
+-  grub_size_t config_len;
++  grub_size_t config_len, suffix_len;
+   char *suffix;
+ 
+   config_len = grub_strlen (config);
+   config[config_len] = '-';
+   suffix = config + config_len + 1;
++  suffix_len = config_buf_len - (config_len + 1);
+ 
+   struct grub_net_network_level_interface *inf;
+   FOR_NET_NETWORK_LEVEL_INTERFACES (inf)
+@@ -1942,7 +1943,7 @@ grub_net_search_config_file (char *config)
+ 
+       if (client_uuid)
+         {
+-          grub_strcpy (suffix, client_uuid);
++          grub_strlcpy (suffix, client_uuid, suffix_len);
+           if (grub_config_search_through (config, suffix, 1, 0) == 0)
+             return GRUB_ERR_NONE;
+         }
+diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
+index 90879dc21..838f57fa5 100644
+--- a/grub-core/normal/main.c
++++ b/grub-core/normal/main.c
+@@ -344,7 +344,7 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)),
+ 
+           if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0 &&
+               !disable_net_search)
+-            grub_net_search_config_file (config);
++            grub_net_search_config_file (config, config_len);
+ 
+          grub_enter_normal_mode (config);
+          grub_free (config);
+diff --git a/include/grub/net.h b/include/grub/net.h
+index 228d04963..58a4f83fc 100644
+--- a/include/grub/net.h
++++ b/include/grub/net.h
+@@ -579,7 +579,7 @@ void
+ grub_net_remove_dns_server (const struct grub_net_network_level_address *s);
+ 
+ grub_err_t
+-grub_net_search_config_file (char *config);
++grub_net_search_config_file (char *config, grub_size_t config_buf_len);
+ 
+ extern char *grub_net_default_server;
+ 
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch b/meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch
new file mode 100644
index 0000000000..d5563cecc4
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch
@@ -0,0 +1,377 @@
+From 47b2dfc7953f70f98ddf35dfdd6e7f4f20283b10 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Sat, 23 Mar 2024 16:20:45 +1100
+Subject: [PATCH] fs: Disable many filesystems under lockdown
+
+The idea is to permit the following: btrfs, cpio, exfat, ext, f2fs, fat,
+hfsplus, iso9660, squash4, tar, xfs and zfs.
+
+The JFS, ReiserFS, romfs, UDF and UFS security vulnerabilities were
+reported by Jonathan Bar Or <jonathanbaror@gmail.com>.
+
+Fixes: CVE-2025-0677
+Fixes: CVE-2025-0684
+Fixes: CVE-2025-0685
+Fixes: CVE-2025-0686
+Fixes: CVE-2025-0689
+
+Suggested-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0677
+CVE: CVE-2025-0684
+CVE: CVE-2025-0685
+CVE: CVE-2025-0686
+CVE: CVE-2025-0689
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=47b2dfc7953f70f98ddf35dfdd6e7f4f20283b10]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/affs.c     | 9 +++++++--
+ grub-core/fs/cbfs.c     | 9 +++++++--
+ grub-core/fs/jfs.c      | 9 +++++++--
+ grub-core/fs/minix.c    | 9 +++++++--
+ grub-core/fs/nilfs2.c   | 9 +++++++--
+ grub-core/fs/ntfs.c     | 9 +++++++--
+ grub-core/fs/reiserfs.c | 9 +++++++--
+ grub-core/fs/romfs.c    | 9 +++++++--
+ grub-core/fs/sfs.c      | 9 +++++++--
+ grub-core/fs/udf.c      | 9 +++++++--
+ grub-core/fs/ufs.c      | 9 +++++++--
+ 11 files changed, 77 insertions(+), 22 deletions(-)
+
+diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
+index ed606b3f1..352f5d232 100644
+--- a/grub-core/fs/affs.c
++++ b/grub-core/fs/affs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -703,11 +704,15 @@ static struct grub_fs grub_affs_fs =
+ 
+ GRUB_MOD_INIT(affs)
+ {
+-  grub_fs_register (&grub_affs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_affs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(affs)
+ {
+-  grub_fs_unregister (&grub_affs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_affs_fs);
+ }
+diff --git a/grub-core/fs/cbfs.c b/grub-core/fs/cbfs.c
+index 8ab7106af..f6349df34 100644
+--- a/grub-core/fs/cbfs.c
++++ b/grub-core/fs/cbfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/dl.h>
+ #include <grub/i18n.h>
+ #include <grub/cbfs_core.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -390,12 +391,16 @@ GRUB_MOD_INIT (cbfs)
+ #if (defined (__i386__) || defined (__x86_64__)) && !defined (GRUB_UTIL) && !defined (GRUB_MACHINE_EMU) && !defined (GRUB_MACHINE_XEN)
+   init_cbfsdisk ();
+ #endif
+-  grub_fs_register (&grub_cbfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_cbfs_fs);
++    }
+ }
+ 
+ GRUB_MOD_FINI (cbfs)
+ {
+-  grub_fs_unregister (&grub_cbfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_cbfs_fs);
+ #if (defined (__i386__) || defined (__x86_64__)) && !defined (GRUB_UTIL) && !defined (GRUB_MACHINE_EMU) && !defined (GRUB_MACHINE_XEN)
+   fini_cbfsdisk ();
+ #endif
+diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
+index 6f7c43904..c0bbab8a9 100644
+--- a/grub-core/fs/jfs.c
++++ b/grub-core/fs/jfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/charset.h>
+ #include <grub/i18n.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -963,11 +964,15 @@ static struct grub_fs grub_jfs_fs =
+ 
+ GRUB_MOD_INIT(jfs)
+ {
+-  grub_fs_register (&grub_jfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_jfs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(jfs)
+ {
+-  grub_fs_unregister (&grub_jfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_jfs_fs);
+ }
+diff --git a/grub-core/fs/minix.c b/grub-core/fs/minix.c
+index 5354951d1..c267298b5 100644
+--- a/grub-core/fs/minix.c
++++ b/grub-core/fs/minix.c
+@@ -25,6 +25,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/i18n.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -734,7 +735,10 @@ GRUB_MOD_INIT(minix)
+ #endif
+ #endif
+ {
+-  grub_fs_register (&grub_minix_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_minix_fs);
++    }
+   my_mod = mod;
+ }
+ 
+@@ -756,5 +760,6 @@ GRUB_MOD_FINI(minix)
+ #endif
+ #endif
+ {
+-  grub_fs_unregister (&grub_minix_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_minix_fs);
+ }
+diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c
+index fc7374ead..08abf173f 100644
+--- a/grub-core/fs/nilfs2.c
++++ b/grub-core/fs/nilfs2.c
+@@ -34,6 +34,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1231,11 +1232,15 @@ GRUB_MOD_INIT (nilfs2)
+                                  grub_nilfs2_dat_entry));
+   COMPILE_TIME_ASSERT (1 << LOG_INODE_SIZE
+                       == sizeof (struct grub_nilfs2_inode));
+-  grub_fs_register (&grub_nilfs2_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_nilfs2_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI (nilfs2)
+ {
+-  grub_fs_unregister (&grub_nilfs2_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_nilfs2_fs);
+ }
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index de435aa14..8cc2ba3d5 100644
+--- a/grub-core/fs/ntfs.c
++++ b/grub-core/fs/ntfs.c
+@@ -27,6 +27,7 @@
+ #include <grub/fshelp.h>
+ #include <grub/ntfs.h>
+ #include <grub/charset.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1320,11 +1321,15 @@ static struct grub_fs grub_ntfs_fs =
+ 
+ GRUB_MOD_INIT (ntfs)
+ {
+-  grub_fs_register (&grub_ntfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_ntfs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI (ntfs)
+ {
+-  grub_fs_unregister (&grub_ntfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_ntfs_fs);
+ }
+diff --git a/grub-core/fs/reiserfs.c b/grub-core/fs/reiserfs.c
+index 36b26ac98..cdef2eba0 100644
+--- a/grub-core/fs/reiserfs.c
++++ b/grub-core/fs/reiserfs.c
+@@ -39,6 +39,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/i18n.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1417,11 +1418,15 @@ static struct grub_fs grub_reiserfs_fs =
+ 
+ GRUB_MOD_INIT(reiserfs)
+ {
+-  grub_fs_register (&grub_reiserfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_reiserfs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(reiserfs)
+ {
+-  grub_fs_unregister (&grub_reiserfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_reiserfs_fs);
+ }
+diff --git a/grub-core/fs/romfs.c b/grub-core/fs/romfs.c
+index 1f7dcfca1..acf8dd21e 100644
+--- a/grub-core/fs/romfs.c
++++ b/grub-core/fs/romfs.c
+@@ -23,6 +23,7 @@
+ #include <grub/disk.h>
+ #include <grub/fs.h>
+ #include <grub/fshelp.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -475,10 +476,14 @@ static struct grub_fs grub_romfs_fs =
+ 
+ GRUB_MOD_INIT(romfs)
+ {
+-  grub_fs_register (&grub_romfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_romfs_fs);
++    }
+ }
+ 
+ GRUB_MOD_FINI(romfs)
+ {
+-  grub_fs_unregister (&grub_romfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_romfs_fs);
+ }
+diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
+index 983e88008..f64bdd2df 100644
+--- a/grub-core/fs/sfs.c
++++ b/grub-core/fs/sfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
++#include <grub/lockdown.h>
+ #include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+@@ -779,11 +780,15 @@ static struct grub_fs grub_sfs_fs =
+ 
+ GRUB_MOD_INIT(sfs)
+ {
+-  grub_fs_register (&grub_sfs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_sfs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(sfs)
+ {
+-  grub_fs_unregister (&grub_sfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_sfs_fs);
+ }
+diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
+index b836e6107..a60643be1 100644
+--- a/grub-core/fs/udf.c
++++ b/grub-core/fs/udf.c
+@@ -27,6 +27,7 @@
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
+ #include <grub/datetime.h>
++#include <grub/lockdown.h>
+ #include <grub/udf.h>
+ #include <grub/safemath.h>
+ 
+@@ -1455,11 +1456,15 @@ static struct grub_fs grub_udf_fs = {
+ 
+ GRUB_MOD_INIT (udf)
+ {
+-  grub_fs_register (&grub_udf_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_udf_fs);
++    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI (udf)
+ {
+-  grub_fs_unregister (&grub_udf_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_udf_fs);
+ }
+diff --git a/grub-core/fs/ufs.c b/grub-core/fs/ufs.c
+index 01235101b..6b496e7b8 100644
+--- a/grub-core/fs/ufs.c
++++ b/grub-core/fs/ufs.c
+@@ -25,6 +25,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/i18n.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -899,7 +900,10 @@ GRUB_MOD_INIT(ufs1)
+ #endif
+ #endif
+ {
+-  grub_fs_register (&grub_ufs_fs);
++  if (!grub_is_lockdown ())
++    {
++      grub_fs_register (&grub_ufs_fs);
++    }
+   my_mod = mod;
+ }
+ 
+@@ -913,6 +917,7 @@ GRUB_MOD_FINI(ufs1)
+ #endif
+ #endif
+ {
+-  grub_fs_unregister (&grub_ufs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_unregister (&grub_ufs_fs);
+ }
+ 
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch b/meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch
new file mode 100644
index 0000000000..14e67cf35b
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch
@@ -0,0 +1,87 @@
+From 84bc0a9a68835952ae69165c11709811dae7634e Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Tue, 21 Jan 2025 19:02:37 +0000
+Subject: [PATCH] fs: Prevent overflows when allocating memory for arrays
+
+Use grub_calloc() when allocating memory for arrays to ensure proper
+overflow checks are in place.
+
+The HFS+ and squash4 security vulnerabilities were reported by
+Jonathan Bar Or <jonathanbaror@gmail.com>.
+
+Fixes: CVE-2025-0678
+Fixes: CVE-2025-1125
+
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0678
+CVE: CVE-2025-1125
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=84bc0a9a68835952ae69165c11709811dae7634e]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/btrfs.c       | 4 ++--
+ grub-core/fs/hfspluscomp.c | 9 +++++++--
+ grub-core/fs/squash4.c     | 8 ++++----
+ 3 files changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 0625b1166..9c1e925c9 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -1276,8 +1276,8 @@ grub_btrfs_mount (grub_device_t dev)
+     }
+ 
+   data->n_devices_allocated = 16;
+-  data->devices_attached = grub_malloc (sizeof (data->devices_attached[0])
+-                                       * data->n_devices_allocated);
++  data->devices_attached = grub_calloc (data->n_devices_allocated,
++                                       sizeof (data->devices_attached[0]));
+   if (!data->devices_attached)
+     {
+       grub_free (data);
+diff --git a/grub-core/fs/hfspluscomp.c b/grub-core/fs/hfspluscomp.c
+index 48ae438d8..a80954ee6 100644
+--- a/grub-core/fs/hfspluscomp.c
++++ b/grub-core/fs/hfspluscomp.c
+@@ -244,14 +244,19 @@ hfsplus_open_compressed_real (struct grub_hfsplus_file *node)
+          return 0;
+        }
+       node->compress_index_size = grub_le_to_cpu32 (index_size);
+-      node->compress_index = grub_malloc (node->compress_index_size
+-                                         * sizeof (node->compress_index[0]));
++      node->compress_index = grub_calloc (node->compress_index_size,
++                                         sizeof (node->compress_index[0]));
+       if (!node->compress_index)
+        {
+          node->compressed = 0;
+          grub_free (attr_node);
+          return grub_errno;
+        }
++
++      /*
++       * The node->compress_index_size * sizeof (node->compress_index[0]) is safe here
++       * due to relevant checks done in grub_calloc() above.
++       */
+       if (grub_hfsplus_read_file (node, 0, 0,
+                                  0x104 + sizeof (index_size),
+                                  node->compress_index_size
+diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c
+index f91ff3bfa..cf2bca822 100644
+--- a/grub-core/fs/squash4.c
++++ b/grub-core/fs/squash4.c
+@@ -816,10 +816,10 @@ direct_read (struct grub_squash_data *data,
+          break;
+        }
+       total_blocks = ((total_size + data->blksz - 1) >> data->log2_blksz);
+-      ino->block_sizes = grub_malloc (total_blocks
+-                                     * sizeof (ino->block_sizes[0]));
+-      ino->cumulated_block_sizes = grub_malloc (total_blocks
+-                                               * sizeof (ino->cumulated_block_sizes[0]));
++      ino->block_sizes = grub_calloc (total_blocks,
++                                     sizeof (ino->block_sizes[0]));
++      ino->cumulated_block_sizes = grub_calloc (total_blocks,
++                                               sizeof (ino->cumulated_block_sizes[0]));
+       if (!ino->block_sizes || !ino->cumulated_block_sizes)
+        {
+          grub_free (ino->block_sizes);
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0690.patch b/meta/recipes-bsp/grub/files/CVE-2025-0690.patch
new file mode 100644
index 0000000000..be585c96ad
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0690.patch
@@ -0,0 +1,73 @@
+From dad8f502974ed9ad0a70ae6820d17b4b142558fc Mon Sep 17 00:00:00 2001
+From: Jonathan Bar Or <jonathanbaror@gmail.com>
+Date: Thu, 23 Jan 2025 19:17:05 +0100
+Subject: [PATCH] commands/read: Fix an integer overflow when supplying more
+ than 2^31 characters
+
+The grub_getline() function currently has a signed integer variable "i"
+that can be overflown when user supplies more than 2^31 characters.
+It results in a memory corruption of the allocated line buffer as well
+as supplying large negative values to grub_realloc().
+
+Fixes: CVE-2025-0690
+
+Reported-by: Jonathan Bar Or <jonathanbaror@gmail.com>
+Signed-off-by: Jonathan Bar Or <jonathanbaror@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-0690
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=dad8f502974ed9ad0a70ae6820d17b4b142558fc]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/read.c | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/commands/read.c b/grub-core/commands/read.c
+index 597c90706..8d72e45c9 100644
+--- a/grub-core/commands/read.c
++++ b/grub-core/commands/read.c
+@@ -25,6 +25,7 @@
+ #include <grub/types.h>
+ #include <grub/extcmd.h>
+ #include <grub/i18n.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -37,13 +38,14 @@ static const struct grub_arg_option options[] =
+ static char *
+ grub_getline (int silent)
+ {
+-  int i;
++  grub_size_t i;
+   char *line;
+   char *tmp;
+   int c;
++  grub_size_t alloc_size;
+ 
+   i = 0;
+-  line = grub_malloc (1 + i + sizeof('\0'));
++  line = grub_malloc (1 + sizeof('\0'));
+   if (! line)
+     return NULL;
+ 
+@@ -59,8 +61,17 @@ grub_getline (int silent)
+       line[i] = (char) c;
+       if (!silent)
+        grub_printf ("%c", c);
+-      i++;
+-      tmp = grub_realloc (line, 1 + i + sizeof('\0'));
++      if (grub_add (i, 1, &i))
++        {
++          grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++          return NULL;
++        }
++      if (grub_add (i, 1 + sizeof('\0'), &alloc_size))
++        {
++          grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
++          return NULL;
++        }
++      tmp = grub_realloc (line, alloc_size);
+       if (! tmp)
+        {
+          grub_free (line);
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-1118.patch b/meta/recipes-bsp/grub/files/CVE-2025-1118.patch
new file mode 100644
index 0000000000..e6906d909c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-1118.patch
@@ -0,0 +1,37 @@
+From 34824806ac6302f91e8cabaa41308eaced25725f Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Thu, 18 Apr 2024 20:29:39 +0100
+Subject: [PATCH] commands/minicmd: Block the dump command in lockdown mode
+
+The dump enables a user to read memory which should not be possible
+in lockdown mode.
+
+Fixes: CVE-2025-1118
+
+Reported-by: B Horn <b@horn.uk>
+Reported-by: Jonathan Bar Or <jonathanbaror@gmail.com>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-1118
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/minicmd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c
+index 286290866..8c5ee3e60 100644
+--- a/grub-core/commands/minicmd.c
++++ b/grub-core/commands/minicmd.c
+@@ -203,8 +203,8 @@ GRUB_MOD_INIT(minicmd)
+     grub_register_command ("help", grub_mini_cmd_help,
+                           0, N_("Show this message."));
+   cmd_dump =
+-    grub_register_command ("dump", grub_mini_cmd_dump,
+-                          N_("ADDR [SIZE]"), N_("Show memory contents."));
++    grub_register_command_lockdown ("dump", grub_mini_cmd_dump,
++                                   N_("ADDR [SIZE]"), N_("Show memory contents."));
+   cmd_rmmod =
+     grub_register_command ("rmmod", grub_mini_cmd_rmmod,
+                           N_("MODULE"), N_("Remove a module."));
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 54c0e9bdd5..7c83febaa2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -19,16 +19,31 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://grub-module-explicitly-keeps-symbole-.module_license.patch \
            file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
            file://0001-RISC-V-Restore-the-typcast-to-long.patch \
+           file://0001-misc-Implement-grub_strlcpy.patch \
+           file://CVE-2024-45781.patch \
+           file://CVE-2024-45782_CVE-2024-56737.patch \
+           file://CVE-2024-45780.patch \
+           file://CVE-2024-45783.patch \
+           file://CVE-2025-0624.patch \
+           file://CVE-2024-45774.patch \
+           file://CVE-2024-45775.patch \
+           file://CVE-2025-0622-01.patch \
+           file://CVE-2025-0622-02.patch \
+           file://CVE-2025-0622-03.patch \
+           file://CVE-2024-45776.patch \
+           file://CVE-2024-45777.patch \
+           file://CVE-2025-0690.patch \
+           file://CVE-2025-1118.patch \
+           file://CVE-2024-45778_CVE-2024-45779.patch \
+           file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \
+           file://CVE-2025-0678_CVE-2025-1125.patch \
 "
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"
 
 CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
-CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE"
 CVE_STATUS[CVE-2023-4001]  = "not-applicable-platform: Applies only to RHEL/Fedora"
 CVE_STATUS[CVE-2024-1048]  = "not-applicable-platform: Applies only to RHEL/Fedora"
-CVE_STATUS[CVE-2023-4692]  = "cpe-incorrect: Fixed in version 2.12 already"
-CVE_STATUS[CVE-2023-4693]  = "cpe-incorrect: Fixed in version 2.12 already"
 
 DEPENDS = "flex-native bison-native gettext-native"
 
diff --git a/meta/recipes-bsp/u-boot/files/CVE-2024-57254.patch b/meta/recipes-bsp/u-boot/files/CVE-2024-57254.patch
new file mode 100644
index 0000000000..be00121224
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/CVE-2024-57254.patch
@@ -0,0 +1,47 @@
+From 3f9deb424ecd6ecd50f165b42f0b0290d83853f5 Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Fri, 2 Aug 2024 18:36:45 +0200
+Subject: [PATCH 1/8] squashfs: Fix integer overflow in sqfs_inode_size()
+
+A carefully crafted squashfs filesystem can exhibit an extremly large
+inode size and overflow the calculation in sqfs_inode_size().
+As a consequence, the squashfs driver will read from wrong locations.
+
+Fix by using __builtin_add_overflow() to detect the overflow.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
+
+CVE: CVE-2024-57254
+Upstream-Status: Backport [https://source.denx.de/u-boot/u-boot/-/commit/c8e929e5758999933f9e905049ef2bf3fe6b140d]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ fs/squashfs/sqfs_inode.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/fs/squashfs/sqfs_inode.c b/fs/squashfs/sqfs_inode.c
+index d25cfb53..bb3ccd37 100644
+--- a/fs/squashfs/sqfs_inode.c
++++ b/fs/squashfs/sqfs_inode.c
+@@ -78,11 +78,16 @@ int sqfs_inode_size(struct squashfs_base_inode *inode, u32 blk_size)
+ 
+        case SQFS_SYMLINK_TYPE:
+        case SQFS_LSYMLINK_TYPE: {
++               int size;
++
+                struct squashfs_symlink_inode *symlink =
+                        (struct squashfs_symlink_inode *)inode;
+ 
+-               return sizeof(*symlink) +
+-                       get_unaligned_le32(&symlink->symlink_size);
++               if (__builtin_add_overflow(sizeof(*symlink),
++                   get_unaligned_le32(&symlink->symlink_size), &size))
++                       return -EINVAL;
++
++               return size;
+        }
+ 
+        case SQFS_BLKDEV_TYPE:
+-- 
+2.34.1
+
diff --git a/meta/recipes-bsp/u-boot/files/CVE-2024-57255.patch b/meta/recipes-bsp/u-boot/files/CVE-2024-57255.patch
new file mode 100644
index 0000000000..4ca72da554
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/CVE-2024-57255.patch
@@ -0,0 +1,53 @@
+From 5d7ca74388544bf8c95e104517a9120e94bfe40d Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Fri, 2 Aug 2024 18:36:44 +0200
+Subject: [PATCH 2/8] squashfs: Fix integer overflow in sqfs_resolve_symlink()
+
+A carefully crafted squashfs filesystem can exhibit an inode size of 0xffffffff,
+as a consequence malloc() will do a zero allocation.
+Later in the function the inode size is again used for copying data.
+So an attacker can overwrite memory.
+Avoid the overflow by using the __builtin_add_overflow() helper.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
+
+CVE: CVE-2024-57255
+Upstream-Status: Backport [https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ fs/squashfs/sqfs.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
+index 1430e671..16a07c06 100644
+--- a/fs/squashfs/sqfs.c
++++ b/fs/squashfs/sqfs.c
+@@ -422,8 +422,10 @@ static char *sqfs_resolve_symlink(struct squashfs_symlink_inode *sym,
+        char *resolved, *target;
+        u32 sz;
+ 
+-       sz = get_unaligned_le32(&sym->symlink_size);
+-       target = malloc(sz + 1);
++       if (__builtin_add_overflow(get_unaligned_le32(&sym->symlink_size), 1, &sz))
++               return NULL;
++
++       target = malloc(sz);
+        if (!target)
+                return NULL;
+ 
+@@ -431,9 +433,9 @@ static char *sqfs_resolve_symlink(struct squashfs_symlink_inode *sym,
+         * There is no trailling null byte in the symlink's target path, so a
+         * copy is made and a '\0' is added at its end.
+         */
+-       target[sz] = '\0';
++       target[sz - 1] = '\0';
+        /* Get target name (relative path) */
+-       strncpy(target, sym->symlink, sz);
++       strncpy(target, sym->symlink, sz - 1);
+ 
+        /* Relative -> absolute path conversion */
+        resolved = sqfs_get_abs_path(base_path, target);
+-- 
+2.34.1
+
diff --git a/meta/recipes-bsp/u-boot/files/CVE-2024-57256.patch b/meta/recipes-bsp/u-boot/files/CVE-2024-57256.patch
new file mode 100644
index 0000000000..78cf4ac225
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/CVE-2024-57256.patch
@@ -0,0 +1,51 @@
+From 49cab731abe7a98db4ac16666e3b5ab3bc799282 Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Fri, 9 Aug 2024 11:54:28 +0200
+Subject: [PATCH 3/8] ext4: Fix integer overflow in ext4fs_read_symlink()
+
+While zalloc() takes a size_t type, adding 1 to the le32 variable
+will overflow.
+A carefully crafted ext4 filesystem can exhibit an inode size of 0xffffffff
+and as consequence zalloc() will do a zero allocation.
+
+Later in the function the inode size is again used for copying data.
+So an attacker can overwrite memory.
+
+Avoid the overflow by using the __builtin_add_overflow() helper.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+
+CVE: CVE-2024-57256
+Upstream-Status: Backport [https://source.denx.de/u-boot/u-boot/-/commit/35f75d2a46e5859138c83a75cd2f4141c5479ab9]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ fs/ext4/ext4_common.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c
+index f50de7c0..a7798296 100644
+--- a/fs/ext4/ext4_common.c
++++ b/fs/ext4/ext4_common.c
+@@ -2188,13 +2188,18 @@ static char *ext4fs_read_symlink(struct ext2fs_node *node)
+        struct ext2fs_node *diro = node;
+        int status;
+        loff_t actread;
++       size_t alloc_size;
+ 
+        if (!diro->inode_read) {
+                status = ext4fs_read_inode(diro->data, diro->ino, &diro->inode);
+                if (status == 0)
+                        return NULL;
+        }
+-       symlink = zalloc(le32_to_cpu(diro->inode.size) + 1);
++
++       if (__builtin_add_overflow(le32_to_cpu(diro->inode.size), 1, &alloc_size))
++               return NULL;
++
++       symlink = zalloc(alloc_size);
+        if (!symlink)
+                return NULL;
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-bsp/u-boot/files/CVE-2024-57257.patch b/meta/recipes-bsp/u-boot/files/CVE-2024-57257.patch
new file mode 100644
index 0000000000..bfffcafa43
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/CVE-2024-57257.patch
@@ -0,0 +1,227 @@
+From 4eb527c473068953f90ea65b33046a25140e0a89 Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Fri, 2 Aug 2024 18:36:47 +0200
+Subject: [PATCH 4/8] squashfs: Fix stack overflow while symlink resolving
+
+The squashfs driver blindly follows symlinks, and calls sqfs_size()
+recursively. So an attacker can create a crafted filesystem and with
+a deep enough nesting level a stack overflow can be achieved.
+
+Fix by limiting the nesting level to 8.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
+
+CVE: CVE-2024-57257
+Upstream-Status: Backport [https://source.denx.de/u-boot/u-boot/-/commit/4f5cc096bfd0a591f8a11e86999e3d90a9484c34]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ fs/squashfs/sqfs.c | 76 +++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 61 insertions(+), 15 deletions(-)
+
+diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
+index 16a07c06..a5b7890e 100644
+--- a/fs/squashfs/sqfs.c
++++ b/fs/squashfs/sqfs.c
+@@ -24,7 +24,12 @@
+ #include "sqfs_filesystem.h"
+ #include "sqfs_utils.h"
+ 
++#define MAX_SYMLINK_NEST 8
++
+ static struct squashfs_ctxt ctxt;
++static int symlinknest;
++
++static int sqfs_readdir_nest(struct fs_dir_stream *fs_dirs, struct fs_dirent **dentp);
+ 
+ static int sqfs_disk_read(__u32 block, __u32 nr_blocks, void *buf)
+ {
+@@ -508,7 +513,7 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list,
+                        goto out;
+                }
+ 
+-               while (!sqfs_readdir(dirsp, &dent)) {
++               while (!sqfs_readdir_nest(dirsp, &dent)) {
+                        ret = strcmp(dent->name, token_list[j]);
+                        if (!ret)
+                                break;
+@@ -533,6 +538,11 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list,
+ 
+                /* Check for symbolic link and inode type sanity */
+                if (get_unaligned_le16(&dir->inode_type) == SQFS_SYMLINK_TYPE) {
++                       if (++symlinknest == MAX_SYMLINK_NEST) {
++                               ret = -ELOOP;
++                               goto out;
++                       }
++
+                        sym = (struct squashfs_symlink_inode *)table;
+                        /* Get first j + 1 tokens */
+                        path = sqfs_concat_tokens(token_list, j + 1);
+@@ -880,7 +890,7 @@ out:
+        return metablks_count;
+ }
+ 
+-int sqfs_opendir(const char *filename, struct fs_dir_stream **dirsp)
++static int sqfs_opendir_nest(const char *filename, struct fs_dir_stream **dirsp)
+ {
+        unsigned char *inode_table = NULL, *dir_table = NULL;
+        int j, token_count = 0, ret = 0, metablks_count;
+@@ -975,7 +985,19 @@ out:
+        return ret;
+ }
+ 
++int sqfs_opendir(const char *filename, struct fs_dir_stream **dirsp)
++{
++       symlinknest = 0;
++       return sqfs_opendir_nest(filename, dirsp);
++}
++
+ int sqfs_readdir(struct fs_dir_stream *fs_dirs, struct fs_dirent **dentp)
++{
++       symlinknest = 0;
++       return sqfs_readdir_nest(fs_dirs, dentp);
++}
++
++static int sqfs_readdir_nest(struct fs_dir_stream *fs_dirs, struct fs_dirent **dentp)
+ {
+        struct squashfs_super_block *sblk = ctxt.sblk;
+        struct squashfs_dir_stream *dirs;
+@@ -1319,8 +1341,8 @@ static int sqfs_get_lregfile_info(struct squashfs_lreg_inode *lreg,
+        return datablk_count;
+ }
+ 
+-int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len,
+-             loff_t *actread)
++static int sqfs_read_nest(const char *filename, void *buf, loff_t offset,
++                         loff_t len, loff_t *actread)
+ {
+        char *dir = NULL, *fragment_block, *datablock = NULL;
+        char *fragment = NULL, *file = NULL, *resolved, *data;
+@@ -1350,11 +1372,11 @@ int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len,
+        }
+ 
+        /*
+-        * sqfs_opendir will uncompress inode and directory tables, and will
++        * sqfs_opendir_nest will uncompress inode and directory tables, and will
+         * return a pointer to the directory that contains the requested file.
+         */
+        sqfs_split_path(&file, &dir, filename);
+-       ret = sqfs_opendir(dir, &dirsp);
++       ret = sqfs_opendir_nest(dir, &dirsp);
+        if (ret) {
+                goto out;
+        }
+@@ -1362,7 +1384,7 @@ int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len,
+        dirs = (struct squashfs_dir_stream *)dirsp;
+ 
+        /* For now, only regular files are able to be loaded */
+-       while (!sqfs_readdir(dirsp, &dent)) {
++       while (!sqfs_readdir_nest(dirsp, &dent)) {
+                ret = strcmp(dent->name, file);
+                if (!ret)
+                        break;
+@@ -1411,9 +1433,14 @@ int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len,
+                break;
+        case SQFS_SYMLINK_TYPE:
+        case SQFS_LSYMLINK_TYPE:
++               if (++symlinknest == MAX_SYMLINK_NEST) {
++                       ret = -ELOOP;
++                       goto out;
++               }
++
+                symlink = (struct squashfs_symlink_inode *)ipos;
+                resolved = sqfs_resolve_symlink(symlink, filename);
+-               ret = sqfs_read(resolved, buf, offset, len, actread);
++               ret = sqfs_read_nest(resolved, buf, offset, len, actread);
+                free(resolved);
+                goto out;
+        case SQFS_BLKDEV_TYPE:
+@@ -1584,7 +1611,14 @@ out:
+        return ret;
+ }
+ 
+-int sqfs_size(const char *filename, loff_t *size)
++int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len,
++             loff_t *actread)
++{
++       symlinknest = 0;
++       return sqfs_read_nest(filename, buf, offset, len, actread);
++}
++
++static int sqfs_size_nest(const char *filename, loff_t *size)
+ {
+        struct squashfs_super_block *sblk = ctxt.sblk;
+        struct squashfs_symlink_inode *symlink;
+@@ -1600,10 +1634,10 @@ int sqfs_size(const char *filename, loff_t *size)
+ 
+        sqfs_split_path(&file, &dir, filename);
+        /*
+-        * sqfs_opendir will uncompress inode and directory tables, and will
++        * sqfs_opendir_nest will uncompress inode and directory tables, and will
+         * return a pointer to the directory that contains the requested file.
+         */
+-       ret = sqfs_opendir(dir, &dirsp);
++       ret = sqfs_opendir_nest(dir, &dirsp);
+        if (ret) {
+                ret = -EINVAL;
+                goto free_strings;
+@@ -1611,7 +1645,7 @@ int sqfs_size(const char *filename, loff_t *size)
+ 
+        dirs = (struct squashfs_dir_stream *)dirsp;
+ 
+-       while (!sqfs_readdir(dirsp, &dent)) {
++       while (!sqfs_readdir_nest(dirsp, &dent)) {
+                ret = strcmp(dent->name, file);
+                if (!ret)
+                        break;
+@@ -1644,6 +1678,11 @@ int sqfs_size(const char *filename, loff_t *size)
+                break;
+        case SQFS_SYMLINK_TYPE:
+        case SQFS_LSYMLINK_TYPE:
++               if (++symlinknest == MAX_SYMLINK_NEST) {
++                       *size = 0;
++                       return -ELOOP;
++               }
++
+                symlink = (struct squashfs_symlink_inode *)ipos;
+                resolved = sqfs_resolve_symlink(symlink, filename);
+                ret = sqfs_size(resolved, size);
+@@ -1683,10 +1722,11 @@ int sqfs_exists(const char *filename)
+ 
+        sqfs_split_path(&file, &dir, filename);
+        /*
+-        * sqfs_opendir will uncompress inode and directory tables, and will
++        * sqfs_opendir_nest will uncompress inode and directory tables, and will
+         * return a pointer to the directory that contains the requested file.
+         */
+-       ret = sqfs_opendir(dir, &dirsp);
++       symlinknest = 0;
++       ret = sqfs_opendir_nest(dir, &dirsp);
+        if (ret) {
+                ret = -EINVAL;
+                goto free_strings;
+@@ -1694,7 +1734,7 @@ int sqfs_exists(const char *filename)
+ 
+        dirs = (struct squashfs_dir_stream *)dirsp;
+ 
+-       while (!sqfs_readdir(dirsp, &dent)) {
++       while (!sqfs_readdir_nest(dirsp, &dent)) {
+                ret = strcmp(dent->name, file);
+                if (!ret)
+                        break;
+@@ -1711,6 +1751,12 @@ free_strings:
+        return ret == 0;
+ }
+ 
++int sqfs_size(const char *filename, loff_t *size)
++{
++       symlinknest = 0;
++       return sqfs_size_nest(filename, size);
++}
++
+ void sqfs_close(void)
+ {
+        sqfs_decompressor_cleanup(&ctxt);
+-- 
+2.34.1
+
diff --git a/meta/recipes-bsp/u-boot/files/CVE-2024-57258-1.patch b/meta/recipes-bsp/u-boot/files/CVE-2024-57258-1.patch
new file mode 100644
index 0000000000..d33a4260ba
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/CVE-2024-57258-1.patch
@@ -0,0 +1,47 @@
+From 50ab41c3628dedeca1a331dd86dd203b73faea74 Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Fri, 2 Aug 2024 12:08:45 +0200
+Subject: [PATCH 5/8] dlmalloc: Fix integer overflow in sbrk()
+
+Make sure that the new break is within mem_malloc_start
+and mem_malloc_end before making progress.
+ulong new = old + increment; can overflow for extremely large
+increment values and memset() can get wrongly called.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Reviewed-by: Simon Glass <sjg@chromium.org>
+
+CVE: CVE-2024-57258
+Upstream-Status: Backport [https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ common/dlmalloc.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/common/dlmalloc.c b/common/dlmalloc.c
+index de3f0422..bae2a27c 100644
+--- a/common/dlmalloc.c
++++ b/common/dlmalloc.c
+@@ -591,6 +591,9 @@ void *sbrk(ptrdiff_t increment)
+        ulong old = mem_malloc_brk;
+        ulong new = old + increment;
+ 
++       if ((new < mem_malloc_start) || (new > mem_malloc_end))
++               return (void *)MORECORE_FAILURE;
++
+        /*
+         * if we are giving memory back make sure we clear it out since
+         * we set MORECORE_CLEARS to 1
+@@ -598,9 +601,6 @@ void *sbrk(ptrdiff_t increment)
+        if (increment < 0)
+                memset((void *)new, 0, -increment);
+ 
+-       if ((new < mem_malloc_start) || (new > mem_malloc_end))
+-               return (void *)MORECORE_FAILURE;
+-
+        mem_malloc_brk = new;
+ 
+        return (void *)old;
+-- 
+2.34.1
+
diff --git a/meta/recipes-bsp/u-boot/files/CVE-2024-57258-2.patch b/meta/recipes-bsp/u-boot/files/CVE-2024-57258-2.patch
new file mode 100644
index 0000000000..688e2c64d8
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/CVE-2024-57258-2.patch
@@ -0,0 +1,43 @@
+From db7c626204f488a802a2e58b7a788b11fde6be7d Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Fri, 2 Aug 2024 12:08:44 +0200
+Subject: [PATCH 6/8] dlmalloc: Fix integer overflow in request2size()
+
+req is of type size_t, casting it to long opens the door
+for an integer overflow.
+Values between LONG_MAX - (SIZE_SZ + MALLOC_ALIGN_MASK) - 1 and LONG_MAX
+cause and overflow such that request2size() returns MINSIZE.
+
+Fix by removing the cast.
+The origin of the cast is unclear, it's in u-boot and ppcboot since ever
+and predates the CVS history.
+Doug Lea's original dlmalloc implementation also doesn't have it.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Reviewed-by: Simon Glass <sjg@chromium.org>
+
+CVE: CVE-2024-57258
+Upstream-Status: Backport [https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ common/dlmalloc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/dlmalloc.c b/common/dlmalloc.c
+index bae2a27c..1ac4ee9f 100644
+--- a/common/dlmalloc.c
++++ b/common/dlmalloc.c
+@@ -379,8 +379,8 @@ nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ /* pad request bytes into a usable size */
+ 
+ #define request2size(req) \
+- (((long)((req) + (SIZE_SZ + MALLOC_ALIGN_MASK)) < \
+-  (long)(MINSIZE + MALLOC_ALIGN_MASK)) ? MINSIZE : \
++ ((((req) + (SIZE_SZ + MALLOC_ALIGN_MASK)) < \
++  (MINSIZE + MALLOC_ALIGN_MASK)) ? MINSIZE : \
+    (((req) + (SIZE_SZ + MALLOC_ALIGN_MASK)) & ~(MALLOC_ALIGN_MASK)))
+ 
+ /* Check if m has acceptable alignment */
+-- 
+2.34.1
+
diff --git a/meta/recipes-bsp/u-boot/files/CVE-2024-57258-3.patch b/meta/recipes-bsp/u-boot/files/CVE-2024-57258-3.patch
new file mode 100644
index 0000000000..2c8a7c9d91
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/CVE-2024-57258-3.patch
@@ -0,0 +1,40 @@
+From 37095a204127b60b5e00c4c5d435d6e48a6a1c51 Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Fri, 2 Aug 2024 12:08:43 +0200
+Subject: [PATCH 7/8] x86: Fix ptrdiff_t for x86_64
+
+sbrk() assumes ptrdiff_t is large enough to enlarge/shrink the heap
+by LONG_MIN/LONG_MAX.
+So, use the long type, also to match the rest of the Linux ecosystem.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Reviewed-by: Simon Glass <sjg@chromium.org>
+
+CVE: CVE-2024-57258
+Upstream-Status: Backport [https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ arch/x86/include/asm/posix_types.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/arch/x86/include/asm/posix_types.h b/arch/x86/include/asm/posix_types.h
+index dbcea7f4..e1ed9bca 100644
+--- a/arch/x86/include/asm/posix_types.h
++++ b/arch/x86/include/asm/posix_types.h
+@@ -20,11 +20,12 @@ typedef unsigned short      __kernel_gid_t;
+ #if defined(__x86_64__)
+ typedef unsigned long  __kernel_size_t;
+ typedef long           __kernel_ssize_t;
++typedef long           __kernel_ptrdiff_t;
+ #else
+ typedef unsigned int   __kernel_size_t;
+ typedef int            __kernel_ssize_t;
+-#endif
+ typedef int            __kernel_ptrdiff_t;
++#endif
+ typedef long           __kernel_time_t;
+ typedef long           __kernel_suseconds_t;
+ typedef long           __kernel_clock_t;
+-- 
+2.34.1
+
diff --git a/meta/recipes-bsp/u-boot/files/CVE-2024-57259.patch b/meta/recipes-bsp/u-boot/files/CVE-2024-57259.patch
new file mode 100644
index 0000000000..fdf5fdfce4
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/CVE-2024-57259.patch
@@ -0,0 +1,41 @@
+From 2c08fe306c6cbc60ec4beb434c71e56bb7abb678 Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Fri, 2 Aug 2024 22:05:09 +0200
+Subject: [PATCH 8/8] squashfs: Fix heap corruption in sqfs_search_dir()
+
+res needs to be large enough to store both strings rem and target,
+plus the path separator and the terminator.
+Currently the space for the path separator is not accounted, so
+the heap is corrupted by one byte.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
+
+CVE: CVE-2024-57259
+Upstream-Status: Backport [https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b3d9c5701b4855f5e74bcf6849bf5e]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ fs/squashfs/sqfs.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
+index a5b7890e..1bd9b2a4 100644
+--- a/fs/squashfs/sqfs.c
++++ b/fs/squashfs/sqfs.c
+@@ -563,8 +563,11 @@ static int sqfs_search_dir(struct squashfs_dir_stream *dirs, char **token_list,
+                                ret = -ENOMEM;
+                                goto out;
+                        }
+-                       /* Concatenate remaining tokens and symlink's target */
+-                       res = malloc(strlen(rem) + strlen(target) + 1);
++                       /*
++                        * Concatenate remaining tokens and symlink's target.
++                        * Allocate enough space for rem, target, '/' and '\0'.
++                        */
++                       res = malloc(strlen(rem) + strlen(target) + 2);
+                        if (!res) {
+                                ret = -ENOMEM;
+                                goto out;
+-- 
+2.34.1
+
diff --git a/meta/recipes-bsp/u-boot/u-boot-common.inc b/meta/recipes-bsp/u-boot/u-boot-common.inc
index 1f17bd7d0a..3a48b63c42 100644
--- a/meta/recipes-bsp/u-boot/u-boot-common.inc
+++ b/meta/recipes-bsp/u-boot/u-boot-common.inc
@@ -14,7 +14,16 @@ PE = "1"
 # repo during parse
 SRCREV = "866ca972d6c3cabeaf6dbac431e8e08bb30b3c8e"
 
-SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master"
+SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master \
+           file://CVE-2024-57254.patch \
+           file://CVE-2024-57255.patch \
+           file://CVE-2024-57256.patch \
+           file://CVE-2024-57257.patch \
+           file://CVE-2024-57258-1.patch \
+           file://CVE-2024-57258-2.patch \
+           file://CVE-2024-57258-3.patch \
+           file://CVE-2024-57259.patch \
+"
 
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build"
diff --git a/meta/recipes-bsp/usbutils/usbutils/0001-usb-devices-Fix-usb-devices-with-busybox.patch b/meta/recipes-bsp/usbutils/usbutils/0001-usb-devices-Fix-usb-devices-with-busybox.patch
new file mode 100755
index 0000000000..dbe5d7c18b
--- /dev/null
+++ b/meta/recipes-bsp/usbutils/usbutils/0001-usb-devices-Fix-usb-devices-with-busybox.patch
@@ -0,0 +1,37 @@
+From da155d965a34b5c5770dc30fa52eb7ef405f3a30 Mon Sep 17 00:00:00 2001
+From: Teresa Remmet <t.remmet@phytec.de>
+Date: Thu, 5 Sep 2024 08:37:48 +0200
+Subject: [PATCH] usb-devices: Fix usb-devices with busybox
+
+The busybox find command is missing the -printf parameter leading to
+the error:
+
+find: unrecognized: -printf
+
+Replace the parameter with sed.
+
+This patch was originally created by Daniel Fancsali.
+
+Upstream-Status: Backport [https://github.com/gregkh/usbutils/commit/da155d965a34b5c5770dc30fa52eb7ef405f3a30]
+
+Signed-off-by: Teresa Remmet <t.remmet@phytec.de>
+---
+ usb-devices | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/usb-devices b/usb-devices
+index 5f60ad5a1ed0..51f48b4ad628 100755
+--- a/usb-devices
++++ b/usb-devices
+@@ -192,7 +192,7 @@ if [ ! -d /sys/bus ]; then
+        exit 1
+ fi
+ 
+-for device in $(find /sys/bus/usb/devices -name 'usb*' -printf '%f\n' | sort -V)
++for device in $(find /sys/bus/usb/devices -name 'usb*' | sed -E 's#^.*/##g' | sort -V)
+ do
+        print_device "/sys/bus/usb/devices/$device" 0 0 0
+ done
+-- 
+2.34.1
+
diff --git a/meta/recipes-bsp/usbutils/usbutils_017.bb b/meta/recipes-bsp/usbutils/usbutils_017.bb
index a2e340ea4f..83d5c7287d 100644
--- a/meta/recipes-bsp/usbutils/usbutils_017.bb
+++ b/meta/recipes-bsp/usbutils/usbutils_017.bb
@@ -13,6 +13,7 @@ DEPENDS = "libusb1 virtual/libiconv udev"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/usb/usbutils/usbutils-${PV}.tar.gz \
            file://0001-usbutils.pc.in-Fix-Cflags-entry.patch \
+           file://0001-usb-devices-Fix-usb-devices-with-busybox.patch \
           "
 SRC_URI[sha256sum] = "f704c4cb78a060db88b43aac6ebfd3d93c2c5cf1d6dd0e42936faaf00814ab00"
 
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 1f18d4491d..1163c17e20 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -35,6 +35,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
            file://CVE-2023-38471-2.patch \
            file://CVE-2023-38472.patch \
            file://CVE-2023-38473.patch \
+           file://CVE-2024-52616.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/"
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
new file mode 100644
index 0000000000..a156f98728
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
@@ -0,0 +1,104 @@
+From f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Mon, 11 Nov 2024 00:56:09 +0100
+Subject: [PATCH] Properly randomize query id of DNS packets
+
+CVE: CVE-2024-52616
+Upstream-Status: Backport [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ avahi-core/wide-area.c | 36 ++++++++++++++++++++++++++++--------
+ configure.ac           |  3 ++-
+ 2 files changed, 30 insertions(+), 9 deletions(-)
+
+diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c
+index 971f5e714..00a15056e 100644
+--- a/avahi-core/wide-area.c
++++ b/avahi-core/wide-area.c
+@@ -40,6 +40,13 @@
+ #include "addr-util.h"
+ #include "rr-util.h"
+ 
++#ifdef HAVE_SYS_RANDOM_H
++#include <sys/random.h>
++#endif
++#ifndef HAVE_GETRANDOM
++#  define getrandom(d, len, flags) (-1)
++#endif
++
+ #define CACHE_ENTRIES_MAX 500
+ 
+ typedef struct AvahiWideAreaCacheEntry AvahiWideAreaCacheEntry;
+@@ -84,8 +91,6 @@ struct AvahiWideAreaLookupEngine {
+     int fd_ipv4, fd_ipv6;
+     AvahiWatch *watch_ipv4, *watch_ipv6;
+ 
+-    uint16_t next_id;
+-
+     /* Cache */
+     AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache);
+     AvahiHashmap *cache_by_key;
+@@ -201,6 +206,26 @@ static void sender_timeout_callback(AvahiTimeEvent *e, void *userdata) {
+     avahi_time_event_update(e, avahi_elapse_time(&tv, 1000, 0));
+ }
+ 
++static uint16_t get_random_uint16(void) {
++    uint16_t next_id;
++
++    if (getrandom(&next_id, sizeof(next_id), 0) == -1)
++        next_id = (uint16_t) rand();
++    return next_id;
++}
++
++static uint16_t avahi_wide_area_next_id(AvahiWideAreaLookupEngine *e) {
++    uint16_t next_id;
++
++    next_id = get_random_uint16();
++    while (find_lookup(e, next_id)) {
++        /* This ID is already used, get new. */
++        next_id = get_random_uint16();
++    }
++    return next_id;
++}
++
++
+ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
+     AvahiWideAreaLookupEngine *e,
+     AvahiKey *key,
+@@ -227,11 +252,7 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
+     /* If more than 65K wide area quries are issued simultaneously,
+      * this will break. This should be limited by some higher level */
+ 
+-    for (;; e->next_id++)
+-        if (!find_lookup(e, e->next_id))
+-            break; /* This ID is not yet used. */
+-
+-    l->id = e->next_id++;
++    l->id = avahi_wide_area_next_id(e);
+ 
+     /* We keep the packet around in case we need to repeat our query */
+     l->packet = avahi_dns_packet_new(0);
+@@ -604,7 +625,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) {
+         e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e);
+ 
+     e->n_dns_servers = e->current_dns_server = 0;
+-    e->next_id = (uint16_t) rand();
+ 
+     /* Initialize cache */
+     AVAHI_LLIST_HEAD_INIT(AvahiWideAreaCacheEntry, e->cache);
+diff --git a/configure.ac b/configure.ac
+index a3211b80e..31bce3d76 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -367,7 +367,8 @@ AC_FUNC_SELECT_ARGTYPES
+ # whether libc's malloc does too. (Same for realloc.)
+ #AC_FUNC_MALLOC
+ #AC_FUNC_REALLOC
+-AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname])
++AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname getrandom])
++AC_CHECK_HEADERS([sys/random.h])
+ 
+ AC_FUNC_CHOWN
+ AC_FUNC_STAT
+
diff --git a/meta/recipes-connectivity/bind/bind_9.18.28.bb b/meta/recipes-connectivity/bind/bind_9.18.33.bb
index 4b0948298e..2554a7bb5f 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.28.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.33.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
            file://0001-avoid-start-failure-with-bind-user.patch \
            "
 
-SRC_URI[sha256sum] = "e7cce9a165f7b619eefc4832f0a8dc16b005d29e3890aed6008c506ea286a5e7"
+SRC_URI[sha256sum] = "fb373fac5ebbc41c645160afd5a9fb451918f6c0e69ab1d9474154e2b515de40"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 # follow the ESV versions divisible by 2
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 3f2f096aac..53d8644159 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -18,6 +18,7 @@ PACKAGECONFIG ??= "obex-profiles \
     ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
     a2dp-profiles \
     avrcp-profiles \
+    mcp-profiles \
     network-profiles \
     hid-profiles \
     hog-profiles \
@@ -35,6 +36,7 @@ PACKAGECONFIG[nfc] = "--enable-nfc,--disable-nfc"
 PACKAGECONFIG[sap-profiles] = "--enable-sap,--disable-sap"
 PACKAGECONFIG[a2dp-profiles] = "--enable-a2dp,--disable-a2dp"
 PACKAGECONFIG[avrcp-profiles] = "--enable-avrcp,--disable-avrcp"
+PACKAGECONFIG[mcp-profiles] = "--enable-mcp,--disable-mcp"
 PACKAGECONFIG[network-profiles] = "--enable-network,--disable-network"
 PACKAGECONFIG[hid-profiles] = "--enable-hid,--disable-hid"
 PACKAGECONFIG[hog-profiles] = "--enable-hog,--disable-hog"
@@ -54,6 +56,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
            ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
            file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
            file://0001-test-gatt-Fix-hung-issue.patch \
+           file://0001-adapter-Fix-up-address-type-when-loading-keys.patch \
+           file://toolsbtmgmt-fix-index-option-for-non-interactive-mode.patch \
            "
 S = "${WORKDIR}/bluez-${PV}"
 
@@ -86,6 +90,14 @@ do_install:append() {
         install -d ${D}${INIT_D_DIR}
         install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth
 
+        install -d ${D}${sysconfdir}/bluetooth/
+        if [ -f ${S}/profiles/network/network.conf ]; then
+                install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/
+        fi
+        if [ -f ${S}/profiles/input/input.conf ]; then
+                install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
+        fi
+
         if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then
                 sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth
         fi
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-up-address-type-when-loading-keys.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-up-address-type-when-loading-keys.patch
new file mode 100644
index 0000000000..a2c067b5fa
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-up-address-type-when-loading-keys.patch
@@ -0,0 +1,52 @@
+From 366a8c522b648f47147de4852c5c030d69b916b3 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Wed, 28 Aug 2024 11:30:16 -0400
+Subject: [PATCH] adapter: Fix up address type when loading keys
+
+Due to kernel change 59b047bc9808
+("Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE")
+some keys maybe store using the wrong/invalid address type as per MGMT
+API, so this attempts to fix them up.
+
+Fixes: https://github.com/bluez/bluez/issues/875
+Upstream-Status: Backport [366a8c522b648f47147de4852c5c030d69b916b3]
+Signed-off-by: Hiago De Franco <hiago.franco@toradex.com>
+---
+ src/adapter.c | 20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index 245de4456868..9f44bdefa5f4 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -5017,12 +5017,28 @@ static void load_devices(struct btd_adapter *adapter)
+                        goto free;
+                }
+ 
+-               if (key_info)
++               if (key_info) {
++                       /* Fix up address type if it was stored with the wrong
++                        * address type since Load Link Keys are only meant to
++                        * work with BR/EDR addresses as per MGMT documentation.
++                        */
++                       if (key_info->bdaddr_type != BDADDR_BREDR)
++                               key_info->bdaddr_type = BDADDR_BREDR;
++
+                        adapter->load_keys = g_slist_append(adapter->load_keys,
+                                                                key_info);
++               }
++
++               if (ltk_info) {
++                       /* Fix up address type if it was stored with the wrong
++                        * address type since Load Long Term Keys are only meant
++                        * to work with LE addresses as per MGMT documentation.
++                        */
++                       if (ltk_info->bdaddr_type == BDADDR_BREDR)
++                               ltk_info->bdaddr_type = BDADDR_LE_PUBLIC;
+ 
+-               if (ltk_info)
+                        ltks = g_slist_append(ltks, ltk_info);
++               }
+ 
+                if (peripheral_ltk_info)
+                        ltks = g_slist_append(ltks, peripheral_ltk_info);
diff --git a/meta/recipes-connectivity/bluez5/bluez5/toolsbtmgmt-fix-index-option-for-non-interactive-mode.patch b/meta/recipes-connectivity/bluez5/bluez5/toolsbtmgmt-fix-index-option-for-non-interactive-mode.patch
new file mode 100644
index 0000000000..f4e14be146
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/toolsbtmgmt-fix-index-option-for-non-interactive-mode.patch
@@ -0,0 +1,29 @@
+From f00d5546c9e989dd68ce0de0190cd0e043b0f1f5 Mon Sep 17 00:00:00 2001
+From: Arjan Opmeer <arjan.opmeer@gmail.com>
+Date: Tue, 9 Jul 2024 13:55:41 +0200
+Subject: [PATCH] tools/btmgmt: Fix --index option for non-interactive mode
+
+In non-interactive mode the --index option does not work because the
+call to mgmt_set_index() is made after bt_shell_attach().
+
+Fixes: https://github.com/bluez/bluez/issues/893
+
+Upstream-Status: Backport [https://github.com/bluez/bluez/commit/f00d5546c9e989dd68ce0de0190cd0e043b0f1f5]
+---
+ tools/btmgmt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/btmgmt.c b/tools/btmgmt.c
+index 9b7f851bd8..436c2bb21f 100644
+--- a/tools/btmgmt.c
++++ b/tools/btmgmt.c
+@@ -51,8 +51,8 @@ int main(int argc, char *argv[])
+                return EXIT_FAILURE;
+        }
+ 
+-       bt_shell_attach(fileno(stdin));
+        mgmt_set_index(index_option);
++       bt_shell_attach(fileno(stdin));
+        status = bt_shell_run();
+ 
+        mgmt_remove_submenu();
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.72.bb b/meta/recipes-connectivity/bluez5/bluez5_5.72.bb
index 9fda960ea7..d64286ef6e 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.72.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.72.bb
@@ -32,6 +32,9 @@ NOINST_TOOLS_TESTING ?= " \
     tools/rfcomm-tester \
     tools/bnep-tester \
     tools/userchan-tester \
+    tools/iso-tester \
+    tools/mesh-tester \
+    tools/ioctl-tester \
 "
 
 # noinst programs in Makefile.tools that are conditional on TOOLS
@@ -46,6 +49,7 @@ NOINST_TOOLS_BT ?= " \
     tools/hcieventmask \
     tools/hcisecfilter \
     tools/btinfo \
+    tools/btconfig \
     tools/btsnoop \
     tools/btproxy \
     tools/btiotest \
@@ -56,6 +60,8 @@ NOINST_TOOLS_BT ?= " \
     tools/advtest \
     tools/seq2bseq \
     tools/nokfw \
+    tools/rtlfw \
+    tools/bcmfw \
     tools/create-image \
     tools/eddystone \
     tools/ibeacon \
@@ -65,5 +71,5 @@ NOINST_TOOLS_BT ?= " \
     tools/check-selftest \
     tools/gatt-service \
     profiles/iap/iapd \
-    ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient tools/btpclientctl', '', d)} \
 "
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2025-32366.patch b/meta/recipes-connectivity/connman/connman/CVE-2025-32366.patch
new file mode 100644
index 0000000000..0eb7360685
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2025-32366.patch
@@ -0,0 +1,41 @@
+From 8d3be0285f1d4667bfe85dba555c663eb3d704b4 Mon Sep 17 00:00:00 2001
+From: Yoonje Shin <ioerts@kookmin.ac.kr>
+Date: Mon, 12 May 2025 10:48:18 +0200
+Subject: [PATCH] dnsproxy: Address CVE-2025-32366 vulnerability
+
+In Connman parse_rr in dnsproxy.c has a memcpy length
+that depends on an RR RDLENGTH value (i.e., *rdlen=ntohs(rr->rdlen)
+and memcpy(response+offset,*end,*rdlen)). Here, rdlen may be larger
+than the amount of remaining packet data in the current state of
+parsing. As a result, values of stack memory locations may be sent
+over the network in a response.
+
+This patch adds a check to ensure that (*end + *rdlen) does not exceed
+the valid range. If the condition is violated, the function returns
+-EINVAL.
+
+CVE: CVE-2025-32366
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=8d3be0285f1d4667bfe85dba555c663eb3d704b4]
+
+Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
+---
+ src/dnsproxy.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/dnsproxy.c b/src/dnsproxy.c
+index 1a5a4f3..50b2d55 100644
+--- a/src/dnsproxy.c
++++ b/src/dnsproxy.c
+@@ -985,6 +985,9 @@ static int parse_rr(const unsigned char *buf, const unsigned char *start,
+        if ((offset + *rdlen) > *response_size)
+                return -ENOBUFS;
+
++       if ((*end + *rdlen) > max)
++               return -EINVAL;
++
+        memcpy(response + offset, *end, *rdlen);
+
+        *end += *rdlen;
+--
+2.40.0
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch b/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch
new file mode 100644
index 0000000000..b31c59aa70
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch
@@ -0,0 +1,48 @@
+From d90b911f6760959bdf1393c39fe8d1118315490f Mon Sep 17 00:00:00 2001
+From: Praveen Kumar <praveen.kumar@windriver.com>
+Date: Thu, 24 Apr 2025 11:39:29 +0000
+Subject: [PATCH] dnsproxy: Fix NULL/empty lookup causing potential crash
+
+In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c
+can be NULL or an empty string when the TC (Truncated) bit is set in
+a DNS response. This allows attackers to cause a denial of service
+(application crash) or possibly execute arbitrary code, because those
+lookup values lead to incorrect length calculations and incorrect
+memcpy operations.
+
+This patch includes a check to make sure loookup value is valid before
+using it. This helps avoid unexpected value when the input is empty or
+incorrect.
+
+Fixes: CVE-2025-32743
+
+CVE: CVE-2025-32743
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f]
+
+Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
+---
+ src/dnsproxy.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/dnsproxy.c b/src/dnsproxy.c
+index 7ebffbc..1a5a4f3 100644
+--- a/src/dnsproxy.c
++++ b/src/dnsproxy.c
+@@ -1669,8 +1669,13 @@ static int ns_resolv(struct server_data *server, struct request_data *req,
+                                gpointer request, gpointer name)
+ {
+        int sk = -1;
++       int err;
+        const char *lookup = (const char *)name;
+-       int err = ns_try_resolv_from_cache(req, request, lookup);
++
++       if (!lookup || strlen(lookup) == 0)
++               return -EINVAL;
++
++       err = ns_try_resolv_from_cache(req, request, lookup);
+
+        if (err > 0)
+                /* cache hit */
+--
+2.40.0
diff --git a/meta/recipes-connectivity/connman/connman_1.42.bb b/meta/recipes-connectivity/connman/connman_1.42.bb
index 91ab9895ac..9b3abbe258 100644
--- a/meta/recipes-connectivity/connman/connman_1.42.bb
+++ b/meta/recipes-connectivity/connman/connman_1.42.bb
@@ -7,6 +7,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
            file://no-version-scripts.patch \
            file://0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch \
            file://0001-src-log.c-Include-libgen.h-for-basename-API.patch \
+           file://CVE-2025-32743.patch \
+           file://CVE-2025-32366.patch \
            "
 
 SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
diff --git a/meta/recipes-connectivity/kea/kea_2.4.1.bb b/meta/recipes-connectivity/kea/kea_2.4.2.bb
index fcdb4889d9..6bb7cb9164 100644
--- a/meta/recipes-connectivity/kea/kea_2.4.1.bb
+++ b/meta/recipes-connectivity/kea/kea_2.4.2.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It
 HOMEPAGE = "http://kea.isc.org"
 SECTION = "connectivity"
 LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://COPYING;md5=ea061fa0188838072c4248c1318ec131"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ee16e7280a6cf2a1487717faf33190dc"
 
 DEPENDS = "boost log4cplus openssl"
 
@@ -18,7 +18,7 @@ SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \
            file://fix_pid_keactrl.patch \
            file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \
            "
-SRC_URI[sha256sum] = "815c61f5c271caa4a1db31dd656eb50a7f6ea973da3690f7c8581408e180131a"
+SRC_URI[sha256sum] = "6e82fb319d3b871c0d39bbd504f2cda0c66fa1262865872985fb4fb91b4eaafc"
 
 inherit autotools systemd update-rc.d upstream-version-is-even
 
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
index 0f5747cc6d..4d78312929 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
@@ -66,34 +66,14 @@ start_nfsd(){
         start-stop-daemon --start --exec "$NFS_NFSD" -- "$@"
         echo done
 }
-delay_nfsd(){
-        for delay in 0 1 2 3 4 5 6 7 8 9 
-        do
-                if pidof nfsd >/dev/null
-                then
-                        echo -n .
-                        sleep 1
-                else
-                        return 0
-                fi
-        done
-        return 1
-}
 stop_nfsd(){
-        # WARNING: this kills any process with the executable
-        # name 'nfsd'.
         echo -n 'stopping nfsd: '
-        start-stop-daemon --stop --quiet --signal 1 --name nfsd
-        if delay_nfsd || {
-                echo failed
-                echo ' using signal 9: '
-                start-stop-daemon --stop --quiet --signal 9 --name nfsd
-                delay_nfsd
-        }
+        $NFS_NFSD 0
+        if pidof nfsd
         then
-                echo done
-        else
                 echo failed
+        else
+                echo done
         fi
 }
 
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
new file mode 100644
index 0000000000..516cbf779c
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
@@ -0,0 +1,31 @@
+From 2ff2da7ac374a790f8b2a0216bcb4e3126498225 Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Wed, 4 Dec 2024 10:18:52 +0200
+Subject: [PATCH] smsutil: check status report fits in buffer
+
+Fixes CVE-2023-4232
+
+CVE: CVE-2023-4232
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=2ff2da7ac374a790f8b2a0216bcb4e3126498225]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/smsutil.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index ac89f16c..a706e26f 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1088,6 +1088,9 @@ static gboolean decode_status_report(const unsigned char *pdu, int len,
+                if ((len - offset) < expected)
+                        return FALSE;
+ 
++               if (expected > (int)sizeof(out->status_report.ud))
++                       return FALSE;
++
+                memcpy(out->status_report.ud, pdu + offset, expected);
+        }
+ 
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
new file mode 100644
index 0000000000..059f9bbfee
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
@@ -0,0 +1,38 @@
+From 02aa0f9bad3d9e47a152fc045d0f51874d901d7e Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Wed, 4 Dec 2024 10:18:51 +0200
+Subject: [PATCH] smsutil: check deliver reports fit in buffer
+
+Fixes CVE-2023-4235
+
+CVE: CVE-2023-4235
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=02aa0f9bad3d9e47a152fc045d0f51874d901d7e]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/smsutil.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index 484bfd0b..ac89f16c 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1240,10 +1240,16 @@ static gboolean decode_deliver_report(const unsigned char *pdu, int len,
+                        return FALSE;
+ 
+                if (out->type == SMS_TYPE_DELIVER_REPORT_ERROR) {
++                       if (expected > (int) sizeof(out->deliver_err_report.ud))
++                               return FALSE;
++
+                        out->deliver_err_report.udl = udl;
+                        memcpy(out->deliver_err_report.ud,
+                                        pdu + offset, expected);
+                } else {
++                       if (expected > (int) sizeof(out->deliver_ack_report.ud))
++                               return FALSE;
++
+                        out->deliver_ack_report.udl = udl;
+                        memcpy(out->deliver_ack_report.ud,
+                                        pdu + offset, expected);
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch
new file mode 100644
index 0000000000..6e131121f2
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch
@@ -0,0 +1,59 @@
+From e6d8d526d5077c0b6ab459efeb6b882c28e0fdeb Mon Sep 17 00:00:00 2001
+From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
+Date: Sun, 16 Mar 2025 12:26:42 +0200
+Subject: [PATCH] qmi: sms: Fix possible out-of-bounds read
+
+Fixes: CVE-2024-7537
+
+CVE: CVE-2024-7537
+Upstream-Status: Backport [https://web.git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=e6d8d526d5077c0b6ab459efeb6b882c28e0fdeb]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ drivers/qmimodem/sms.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/qmimodem/sms.c b/drivers/qmimodem/sms.c
+index 3e2bef6e..75863480 100644
+--- a/drivers/qmimodem/sms.c
++++ b/drivers/qmimodem/sms.c
+@@ -467,6 +467,8 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data)
+        const struct qmi_wms_result_msg_list *list;
+        uint32_t cnt = 0;
+        uint16_t tmp;
++       uint16_t length;
++       size_t msg_size;
+ 
+        DBG("");
+ 
+@@ -476,7 +478,7 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data)
+                goto done;
+        }
+ 
+-       list = qmi_result_get(result, QMI_WMS_RESULT_MSG_LIST, NULL);
++       list = qmi_result_get(result, QMI_WMS_RESULT_MSG_LIST, &length);
+        if (list == NULL) {
+                DBG("Err: get msg list empty");
+                goto done;
+@@ -485,6 +487,13 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data)
+        cnt = GUINT32_FROM_LE(list->cnt);
+        DBG("msgs found %d", cnt);
+ 
++       msg_size = cnt * sizeof(list->msg[0]);
++
++       if (length != sizeof(list->cnt) + msg_size) {
++               DBG("Err: invalid msg list count");
++               goto done;
++       }
++
+        for (tmp = 0; tmp < cnt; tmp++) {
+                DBG("unread type %d ndx %d", list->msg[tmp].type,
+                        GUINT32_FROM_LE(list->msg[tmp].ndx));
+@@ -498,8 +507,6 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data)
+ 
+        /* save list and get 1st msg */
+        if (cnt) {
+-               int msg_size = cnt * sizeof(list->msg[0]);
+-
+                data->msg_list = g_try_malloc0(sizeof(list->cnt) + msg_size);
+                if (data->msg_list == NULL)
+                        goto done;
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch
new file mode 100644
index 0000000000..7fcc620fd8
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch
@@ -0,0 +1,88 @@
+From 389e2344f86319265fb72ae590b470716e038fdc Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Tue, 17 Dec 2024 11:31:29 +0200
+Subject: [PATCH] ussd: ensure ussd content fits in buffers
+
+Fixes: CVE-2024-7539
+
+CVE: CVE-2024-7539
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=389e2344f86319265fb72ae590b470716e038fdc]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ drivers/atmodem/ussd.c      | 5 ++++-
+ drivers/huaweimodem/ussd.c  | 5 ++++-
+ drivers/speedupmodem/ussd.c | 5 ++++-
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/atmodem/ussd.c b/drivers/atmodem/ussd.c
+index aaf47b2..cee9bc5 100644
+--- a/drivers/atmodem/ussd.c
++++ b/drivers/atmodem/ussd.c
+@@ -107,7 +107,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+        const char *content;
+        int dcs;
+        enum sms_charset charset;
+-       unsigned char msg[160];
++       unsigned char msg[160] = {0};
+        const unsigned char *msg_ptr = NULL;
+        long msg_len;
+ 
+@@ -127,6 +127,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+        if (!g_at_result_iter_next_number(&iter, &dcs))
+                dcs = 0;
+ 
++       if (strlen(content) > sizeof(msg) * 2)
++               goto out;
++
+        if (!cbs_dcs_decode(dcs, NULL, NULL, &charset, NULL, NULL, NULL)) {
+                ofono_error("Unsupported USSD data coding scheme (%02x)", dcs);
+                status = 4; /* Not supported */
+diff --git a/drivers/huaweimodem/ussd.c b/drivers/huaweimodem/ussd.c
+index ffb9b2a..cfdb4ee 100644
+--- a/drivers/huaweimodem/ussd.c
++++ b/drivers/huaweimodem/ussd.c
+@@ -52,7 +52,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+        int status;
+        int dcs = 0;
+        const char *content;
+-       unsigned char msg[160];
++       unsigned char msg[160] = {0};
+        const unsigned char *msg_ptr = NULL;
+        long msg_len;
+ 
+@@ -69,6 +69,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+ 
+        g_at_result_iter_next_number(&iter, &dcs);
+ 
++       if (strlen(content) > sizeof(msg) * 2)
++               goto out;
++
+        msg_ptr = decode_hex_own_buf(content, -1, &msg_len, 0, msg);
+ 
+ out:
+diff --git a/drivers/speedupmodem/ussd.c b/drivers/speedupmodem/ussd.c
+index 44da8ed..33441c6 100644
+--- a/drivers/speedupmodem/ussd.c
++++ b/drivers/speedupmodem/ussd.c
+@@ -51,7 +51,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+        int status;
+        int dcs = 0;
+        const char *content;
+-       unsigned char msg[160];
++       unsigned char msg[160] = {0};
+        const unsigned char *msg_ptr = NULL;
+        long msg_len;
+ 
+@@ -68,6 +68,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+ 
+        g_at_result_iter_next_number(&iter, &dcs);
+ 
++       if (strlen(content) > sizeof(msg) * 2)
++               goto out;
++
+        msg_ptr = decode_hex_own_buf(content, -1, &msg_len, 0, msg);
+ 
+ out:
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
new file mode 100644
index 0000000000..0b06e057e5
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
@@ -0,0 +1,52 @@
+From 29ff6334b492504ace101be748b256e6953d2c2f Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Tue, 17 Dec 2024 11:31:28 +0200
+Subject: [PATCH] atmodem: sms: ensure buffer is initialized before use
+
+Fixes: CVE-2024-7540
+Fixes: CVE-2024-7541
+Fixes: CVE-2024-7542
+
+CVE: CVE-2024-7540
+CVE: CVE-2024-7541
+CVE: CVE-2024-7542
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=29ff6334b492504ace101be748b256e6953d2c2f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ drivers/atmodem/sms.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/atmodem/sms.c b/drivers/atmodem/sms.c
+index d994856b..0668c631 100644
+--- a/drivers/atmodem/sms.c
++++ b/drivers/atmodem/sms.c
+@@ -412,7 +412,7 @@ static void at_cmt_notify(GAtResult *result, gpointer user_data)
+        struct sms_data *data = ofono_sms_get_data(sms);
+        GAtResultIter iter;
+        const char *hexpdu;
+-       unsigned char pdu[176];
++       unsigned char pdu[176] = {0};
+        long pdu_len;
+        int tpdu_len;
+ 
+@@ -479,7 +479,7 @@ static void at_cmgr_notify(GAtResult *result, gpointer user_data)
+        struct sms_data *data = ofono_sms_get_data(sms);
+        GAtResultIter iter;
+        const char *hexpdu;
+-       unsigned char pdu[176];
++       unsigned char pdu[176] = {0};
+        long pdu_len;
+        int tpdu_len;
+ 
+@@ -661,7 +661,7 @@ static void at_cmgl_notify(GAtResult *result, gpointer user_data)
+        struct sms_data *data = ofono_sms_get_data(sms);
+        GAtResultIter iter;
+        const char *hexpdu;
+-       unsigned char pdu[176];
++       unsigned char pdu[176] = {0};
+        long pdu_len;
+        int tpdu_len;
+        int index;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7543.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7543.patch
new file mode 100644
index 0000000000..e48579e59a
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7543.patch
@@ -0,0 +1,30 @@
+From 90e60ada012de42964214d8155260f5749d0dcc7 Mon Sep 17 00:00:00 2001
+From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
+Date: Tue, 3 Dec 2024 21:43:50 +0200
+Subject: [PATCH] stkutil: Fix CVE-2024-7543
+
+CVE: CVE-2024-7543
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=90e60ada012de42964214d8155260f5749d0dcc7]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/stkutil.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/stkutil.c b/src/stkutil.c
+index 4f31af4..fdd11ad 100644
+--- a/src/stkutil.c
++++ b/src/stkutil.c
+@@ -1876,6 +1876,10 @@ static bool parse_dataobj_mms_reference(struct comprehension_tlv_iter *iter,
+ 
+        data = comprehension_tlv_iter_get_data(iter);
+        mr->len = len;
++
++       if (len > sizeof(mr->ref))
++               return false;
++
+        memcpy(mr->ref, data, len);
+ 
+        return true;
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch
new file mode 100644
index 0000000000..7984bc6487
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch
@@ -0,0 +1,30 @@
+From a240705a0d5d41eca6de4125ab2349ecde4c873a Mon Sep 17 00:00:00 2001
+From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
+Date: Tue, 3 Dec 2024 21:43:49 +0200
+Subject: [PATCH] stkutil: Fix CVE-2024-7544
+
+CVE: CVE-2024-7544
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a240705a0d5d41eca6de4125ab2349ecde4c873a]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/stkutil.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/stkutil.c b/src/stkutil.c
+index fdd11ad..475caaa 100644
+--- a/src/stkutil.c
++++ b/src/stkutil.c
+@@ -1898,6 +1898,10 @@ static bool parse_dataobj_mms_id(struct comprehension_tlv_iter *iter,
+ 
+        data = comprehension_tlv_iter_get_data(iter);
+        mi->len = len;
++
++       if (len > sizeof(mi->id))
++               return false;
++
+        memcpy(mi->id, data, len);
+ 
+        return true;
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7545.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7545.patch
new file mode 100644
index 0000000000..a3bf13a81e
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7545.patch
@@ -0,0 +1,32 @@
+From 556e14548c38c2b96d85881542046ee7ed750bb5 Mon Sep 17 00:00:00 2001
+From: Sicelo A. Mhlongo <absicsz@gmail.com>
+Date: Wed, Dec 4 12:07:34 2024 +0200
+Subject: [PATCH] stkutil: ensure data fits in buffer
+
+Fixes CVE-2024-7545
+
+CVE: CVE-2024-7545
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=556e14548c38c2b96d85881542046ee7ed750bb5]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/stkutil.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/stkutil.c b/src/stkutil.c
+index 475caaa..e1fd75c 100644
+--- a/src/stkutil.c
++++ b/src/stkutil.c
+@@ -1938,6 +1938,10 @@ static bool parse_dataobj_mms_content_id(
+ 
+        data = comprehension_tlv_iter_get_data(iter);
+        mci->len = len;
++
++       if (len > sizeof(mci->id))
++               return false;
++
+        memcpy(mci->id, data, len);
+ 
+        return true;
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch
new file mode 100644
index 0000000000..808458be2f
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch
@@ -0,0 +1,30 @@
+From 79ea6677669e50b0bb9c231765adb4f81c375f63 Mon Sep 17 00:00:00 2001
+From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
+Date: Tue, 3 Dec 2024 21:43:52 +0200
+Subject: [PATCH] Fix CVE-2024-7546
+
+CVE: CVE-2024-7546
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=79ea6677669e50b0bb9c231765adb4f81c375f63]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/stkutil.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/stkutil.c b/src/stkutil.c
+index e1fd75c..88a715d 100644
+--- a/src/stkutil.c
++++ b/src/stkutil.c
+@@ -1783,6 +1783,10 @@ static bool parse_dataobj_frame_layout(struct comprehension_tlv_iter *iter,
+ 
+        fl->layout = data[0];
+        fl->len = len - 1;
++
++       if (fl->len > sizeof(fl->size))
++               return false;
++
+        memcpy(fl->size, data + 1, fl->len);
+ 
+        return true;
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7547.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7547.patch
new file mode 100644
index 0000000000..d4feee7f7f
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7547.patch
@@ -0,0 +1,29 @@
+From 305df050d02aea8532f7625d6642685aa530f9b0 Mon Sep 17 00:00:00 2001
+From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
+Date: Tue, 3 Dec 2024 21:43:51 +0200
+Subject: [PATCH] Fix CVE-2024-7547
+
+CVE: CVE-2024-7547
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=305df050d02aea8532f7625d6642685aa530f9b0]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/smsutil.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index def47e8..f79f59d 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1475,6 +1475,9 @@ static gboolean decode_command(const unsigned char *pdu, int len,
+        if ((len - offset) < out->command.cdl)
+                return FALSE;
+ 
++       if (out->command.cdl > sizeof(out->command.cd))
++               return FALSE;
++
+        memcpy(out->command.cd, pdu + offset, out->command.cdl);
+ 
+        return TRUE;
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono_2.4.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb
index f8ade2b2f8..2cf6438117 100644
--- a/meta/recipes-connectivity/ofono/ofono_2.4.bb
+++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb
@@ -16,6 +16,16 @@ SRC_URI = "\
     file://CVE-2023-2794-0002.patch \
     file://CVE-2023-2794-0003.patch \
     file://CVE-2023-2794-0004.patch \
+    file://CVE-2024-7539.patch \
+    file://CVE-2024-7543.patch \
+    file://CVE-2024-7544.patch \
+    file://CVE-2024-7545.patch \
+    file://CVE-2024-7546.patch \
+    file://CVE-2024-7547.patch \
+    file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
+    file://CVE-2023-4232.patch \
+    file://CVE-2023-4235.patch \
+    file://CVE-2024-7537.patch \
 "
 SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d"
 
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2025-26465.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2025-26465.patch
new file mode 100644
index 0000000000..0a3cf1496b
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2025-26465.patch
@@ -0,0 +1,169 @@
+From 0832aac79517611dd4de93ad0a83577994d9c907 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Tue, 18 Feb 2025 08:02:48 +0000
+Subject: [PATCH] upstream: Fix cases where error codes were not correctly set
+
+Reported by the Qualys Security Advisory team. ok markus@
+
+OpenBSD-Commit-ID: 7bcd4ffe0fa1e27ff98d451fb9c22f5fae6e610d
+
+CVE: CVE-2025-26465
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/0832aac79517611dd4de93ad0a83577994d9c907]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ krl.c           | 4 +++-
+ ssh-agent.c     | 5 +++++
+ ssh-sk-client.c | 4 +++-
+ sshconnect2.c   | 5 ++++-
+ sshsig.c        | 1 +
+ 5 files changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/krl.c b/krl.c
+index e2efdf0..0d0f695 100644
+--- a/krl.c
++++ b/krl.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: krl.c,v 1.59 2023/07/17 05:22:30 djm Exp $ */
++/* $OpenBSD: krl.c,v 1.60 2025/02/18 08:02:48 djm Exp $ */
+ /*
+  * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
+  *
+@@ -674,6 +674,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
+                        break;
+                case KRL_SECTION_CERT_SERIAL_BITMAP:
+                        if (rs->lo - bitmap_start > INT_MAX) {
++                               r = SSH_ERR_INVALID_FORMAT;
+                                error_f("insane bitmap gap");
+                                goto out;
+                        }
+@@ -1059,6 +1060,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp)
+        }
+
+        if ((krl = ssh_krl_init()) == NULL) {
++               r = SSH_ERR_ALLOC_FAIL;
+                error_f("alloc failed");
+                goto out;
+        }
+diff --git a/ssh-agent.c b/ssh-agent.c
+index b6a3f48..2d2c6fc 100644
+--- a/ssh-agent.c
++++ b/ssh-agent.c
+@@ -1204,6 +1204,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp,
+            "restrict-destination-v00@openssh.com") == 0) {
+                if (*dcsp != NULL) {
+                        error_f("%s already set", ext_name);
++                       r = SSH_ERR_INVALID_FORMAT;
+                        goto out;
+                }
+                if ((r = sshbuf_froms(m, &b)) != 0) {
+@@ -1213,6 +1214,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp,
+                while (sshbuf_len(b) != 0) {
+                        if (*ndcsp >= AGENT_MAX_DEST_CONSTRAINTS) {
+                                error_f("too many %s constraints", ext_name);
++                               r = SSH_ERR_INVALID_FORMAT;
+                                goto out;
+                        }
+                        *dcsp = xrecallocarray(*dcsp, *ndcsp, *ndcsp + 1,
+@@ -1230,6 +1232,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp,
+                }
+                if (*certs != NULL) {
+                        error_f("%s already set", ext_name);
++                       r = SSH_ERR_INVALID_FORMAT;
+                        goto out;
+                }
+                if ((r = sshbuf_get_u8(m, &v)) != 0 ||
+@@ -1241,6 +1244,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp,
+                while (sshbuf_len(b) != 0) {
+                        if (*ncerts >= AGENT_MAX_EXT_CERTS) {
+                                error_f("too many %s constraints", ext_name);
++                               r = SSH_ERR_INVALID_FORMAT;
+                                goto out;
+                        }
+                        *certs = xrecallocarray(*certs, *ncerts, *ncerts + 1,
+@@ -1737,6 +1741,7 @@ process_ext_session_bind(SocketEntry *e)
+        /* record new key/sid */
+        if (e->nsession_ids >= AGENT_MAX_SESSION_IDS) {
+                error_f("too many session IDs recorded");
++               r = -1;
+                goto out;
+        }
+        e->session_ids = xrecallocarray(e->session_ids, e->nsession_ids,
+diff --git a/ssh-sk-client.c b/ssh-sk-client.c
+index 321fe53..06fad22 100644
+--- a/ssh-sk-client.c
++++ b/ssh-sk-client.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: ssh-sk-client.c,v 1.12 2022/01/14 03:34:00 djm Exp $ */
++/* $OpenBSD: ssh-sk-client.c,v 1.13 2025/02/18 08:02:48 djm Exp $ */
+ /*
+  * Copyright (c) 2019 Google LLC
+  *
+@@ -439,6 +439,7 @@ sshsk_load_resident(const char *provider_path, const char *device,
+                }
+                if ((srk = calloc(1, sizeof(*srk))) == NULL) {
+                        error_f("calloc failed");
++                       r = SSH_ERR_ALLOC_FAIL;
+                        goto out;
+                }
+                srk->key = key;
+@@ -450,6 +451,7 @@ sshsk_load_resident(const char *provider_path, const char *device,
+                if ((tmp = recallocarray(srks, nsrks, nsrks + 1,
+                    sizeof(*srks))) == NULL) {
+                        error_f("recallocarray keys failed");
++                       r = SSH_ERR_ALLOC_FAIL;
+                        goto out;
+                }
+                debug_f("srks[%zu]: %s %s uidlen %zu", nsrks,
+diff --git a/sshconnect2.c b/sshconnect2.c
+index fab1e36..a5f92f0 100644
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -101,7 +101,7 @@ verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
+            options.required_rsa_size)) != 0)
+                fatal_r(r, "Bad server host key");
+        if (verify_host_key(xxx_host, xxx_hostaddr, hostkey,
+-           xxx_conn_info) == -1)
++           xxx_conn_info) != 0)
+                fatal("Host key verification failed.");
+        return 0;
+ }
+@@ -709,6 +709,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
+
+        if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) {
+                debug_f("server sent unknown pkalg %s", pkalg);
++               r = SSH_ERR_INVALID_FORMAT;
+                goto done;
+        }
+        if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
+@@ -719,6 +720,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
+                error("input_userauth_pk_ok: type mismatch "
+                    "for decoded key (received %d, expected %d)",
+                    key->type, pktype);
++               r = SSH_ERR_INVALID_FORMAT;
+                goto done;
+        }
+
+@@ -738,6 +740,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
+                    SSH_FP_DEFAULT);
+                error_f("server replied with unknown key: %s %s",
+                    sshkey_type(key), fp == NULL ? "<ERROR>" : fp);
++               r = SSH_ERR_INVALID_FORMAT;
+                goto done;
+        }
+        ident = format_identity(id);
+diff --git a/sshsig.c b/sshsig.c
+index d50d65f..1b7f40d 100644
+--- a/sshsig.c
++++ b/sshsig.c
+@@ -874,6 +874,7 @@ cert_filter_principals(const char *path, u_long linenum,
+        }
+        if ((principals = sshbuf_dup_string(nprincipals)) == NULL) {
+                error_f("buffer error");
++               r = SSH_ERR_ALLOC_FAIL;
+                goto out;
+        }
+        /* success */
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2025-26466.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2025-26466.patch
new file mode 100644
index 0000000000..27b2fa7143
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2025-26466.patch
@@ -0,0 +1,38 @@
+From 6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Tue, 18 Feb 2025 08:02:12 +0000
+Subject: [PATCH] upstream: Don't reply to PING in preauth phase or during KEX
+
+Reported by the Qualys Security Advisory team. ok markus@
+
+OpenBSD-Commit-ID: c656ac4abd1504389d1733d85152044b15830217
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2]
+CVE: CVE-2025-26466
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ packet.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/packet.c b/packet.c
+index beb214f..aeab98c 100644
+--- a/packet.c
++++ b/packet.c
+@@ -1773,6 +1773,14 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
+                        if ((r = sshpkt_get_string_direct(ssh, &d, &len)) != 0)
+                                return r;
+                        DBG(debug("Received SSH2_MSG_PING len %zu", len));
++                       if (!ssh->state->after_authentication) {
++                               DBG(debug("Won't reply to PING in preauth"));
++                               break;
++                       }
++                       if (ssh_packet_is_rekeying(ssh)) {
++                               DBG(debug("Won't reply to PING during KEX"));
++                               break;
++                       }
+                        if ((r = sshpkt_start(ssh, SSH2_MSG_PONG)) != 0 ||
+                            (r = sshpkt_put_string(ssh, d, len)) != 0 ||
+                            (r = sshpkt_send(ssh)) != 0)
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch
new file mode 100644
index 0000000000..72fc0073e8
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch
@@ -0,0 +1,44 @@
+From fc86875e6acb36401dfc1dfb6b628a9d1460f367 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 9 Apr 2025 07:00:03 +0000
+Subject: [PATCH] upstream: Fix logic error in DisableForwarding option. This
+ option
+
+was documented as disabling X11 and agent forwarding but it failed to do so.
+Spotted by Tim Rice.
+
+OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367]
+CVE: CVE-2025-32728
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ session.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/session.c b/session.c
+index aa342e8..eb932b8 100644
+--- a/session.c
++++ b/session.c
+@@ -2191,7 +2191,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
+        if ((r = sshpkt_get_end(ssh)) != 0)
+                sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+        if (!auth_opts->permit_agent_forwarding_flag ||
+-           !options.allow_agent_forwarding) {
++           !options.allow_agent_forwarding ||
++           options.disable_forwarding) {
+                debug_f("agent forwarding disabled");
+                return 0;
+        }
+@@ -2586,7 +2587,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
+                ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
+                return 0;
+        }
+-       if (!options.x11_forwarding) {
++       if (!options.x11_forwarding || options.disable_forwarding) {
+                debug("X11 forwarding disabled in server configuration file.");
+                return 0;
+        }
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
index 3c507cf911..afcd50c7e6 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
@@ -29,6 +29,9 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://CVE-2024-6387.patch \
            file://CVE-2024-39894.patch \
            file://0001-Fix-missing-header-for-systemd-notification.patch \
+           file://CVE-2025-26466.patch \
+           file://CVE-2025-26465.patch \
+           file://CVE-2025-32728.patch \
            "
 SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"
 
@@ -40,6 +43,7 @@ CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to Op
 Red Hat Enterprise Linux 7 and when running in a Kerberos environment"
 
 CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries."
+CVE_STATUS[CVE-2023-51767] = "upstream-wontfix: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1."
 
 PAM_SRC_URI = "file://sshd"
 
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
index 6f23490c87..c635be8aca 100644
--- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
+++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -1,5 +1,23 @@
 export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
-export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
-export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
 export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/"
 export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
+
+# Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools
+# CAFILE/CAPATH is auto-deteced when source buildtools
+if [ -z "$SSL_CERT_FILE" ]; then
+   if [ -n "$CAFILE" ];then
+       export SSL_CERT_FILE="$CAFILE"
+   elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+       export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
+   fi
+fi
+
+if [ -z "$SSL_CERT_DIR" ]; then
+   if [ -n "$CAPATH" ];then
+       export SSL_CERT_DIR="$CAPATH"
+   elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+       export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
+   fi
+fi
+
+export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE"
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch
index 9baa0c2d75..b05d7abf7c 100644
--- a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch
@@ -8,10 +8,10 @@ Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481]
 Signed-off-by: William Lyu <William.Lyu@windriver.com>
 Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
 ---
- test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++----------
+ test/helpers/handshake.c | 137 +++++++++++++++++++++++++++++----------
  test/helpers/handshake.h |  70 +++++++++++++++++++-
  test/ssl_test.c          |  44 +++++++++++++
- 3 files changed, 218 insertions(+), 35 deletions(-)
+ 3 files changed, 217 insertions(+), 34 deletions(-)
 
 diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c
 index e0422469e4..ae2ad59dd4 100644
@@ -20,7 +20,7 @@ index e0422469e4..ae2ad59dd4 100644
 @@ -24,6 +24,102 @@
  #include <netinet/sctp.h>
  #endif
-
+ 
 +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */
 +/* Maps string names to various enumeration type */
 +typedef struct {
@@ -120,10 +120,10 @@ index e0422469e4..ae2ad59dd4 100644
  HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void)
  {
      HANDSHAKE_RESULT *ret;
-@@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client,
+@@ -725,15 +821,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client,
          SSL_set_post_handshake_auth(client, 1);
  }
-
+ 
 -/* The status for each connection phase. */
 -typedef enum {
 -    PEER_SUCCESS,
@@ -136,10 +136,10 @@ index e0422469e4..ae2ad59dd4 100644
  /* An SSL object and associated read-write buffers. */
  typedef struct peer_st {
      SSL *ssl;
-@@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer)
+@@ -1080,17 +1167,6 @@ static void do_shutdown_step(PEER *peer)
      }
  }
-
+ 
 -typedef enum {
 -    HANDSHAKE,
 -    RENEG_APPLICATION_DATA,
@@ -154,10 +154,10 @@ index e0422469e4..ae2ad59dd4 100644
  static int renegotiate_op(const SSL_TEST_CTX *test_ctx)
  {
      switch (test_ctx->handshake_mode) {
-@@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer,
+@@ -1168,19 +1244,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer,
      }
  }
-
+ 
 -typedef enum {
 -    /* Both parties succeeded. */
 -    HANDSHAKE_SUCCESS,
@@ -174,10 +174,10 @@ index e0422469e4..ae2ad59dd4 100644
  /*
   * Determine the handshake outcome.
   * last_status: the status of the peer to have acted last.
-@@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal(
-
+@@ -1545,6 +1608,10 @@ static HANDSHAKE_RESULT *do_handshake_internal(
+ 
      start = time(NULL);
-
+ 
 +    save_loop_history(&(ret->history),
 +                      phase, status, server.status, client.status,
 +                      client_turn_count, client_turn);
@@ -185,10 +185,10 @@ index e0422469e4..ae2ad59dd4 100644
      /*
       * Half-duplex handshake loop.
       * Client and server speak to each other synchronously in the same process.
-@@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal(
+@@ -1566,6 +1633,10 @@ static HANDSHAKE_RESULT *do_handshake_internal(
                                        0 /* server went last */);
          }
-
+ 
 +        save_loop_history(&(ret->history),
 +                          phase, status, server.status, client.status,
 +                          client_turn_count, client_turn);
@@ -208,9 +208,9 @@ index 78b03f9f4b..b9967c2623 100644
   * Licensed under the Apache License 2.0 (the "License").  You may not use
   * this file except in compliance with the License.  You can obtain a copy
 @@ -12,6 +12,11 @@
-
+ 
  #include "ssl_test_ctx.h"
-
+ 
 +#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4
 +#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT)
 +#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \
@@ -222,7 +222,7 @@ index 78b03f9f4b..b9967c2623 100644
 @@ -22,6 +27,63 @@ typedef struct ctx_data_st {
      char *session_ticket_app_data;
  } CTX_DATA;
-
+ 
 +typedef enum {
 +    HANDSHAKE,
 +    RENEG_APPLICATION_DATA,
@@ -290,12 +290,12 @@ index 78b03f9f4b..b9967c2623 100644
 +    /* handshake loop history */
 +    HANDSHAKE_HISTORY history;
  } HANDSHAKE_RESULT;
-
+ 
  HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);
 @@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
                                      CTX_DATA *server2_ctx_data,
                                      CTX_DATA *client_ctx_data);
-
+ 
 +const char *handshake_connect_phase_name(connect_phase_t phase);
 +const char *handshake_status_name(handshake_status_t handshake_status);
 +const char *handshake_peer_status_name(peer_status_t peer_status);
@@ -308,7 +308,7 @@ index ea608518f9..9d6b093c81 100644
 @@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL;
  /* Currently the section names are of the form test-<number>, e.g. test-15. */
  #define MAX_TESTCASE_NAME_LENGTH 100
-
+ 
 +static void print_handshake_history(const HANDSHAKE_HISTORY *history)
 +{
 +    size_t first_idx;
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
index 502a7aaf32..3f6ab97795 100644
--- a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
@@ -20,7 +20,7 @@ diff --git a/Configure b/Configure
 index 4569952..adf019b 100755
 --- a/Configure
 +++ b/Configure
-@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
+@@ -1485,16 +1485,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
          push @{$config{shared_ldflag}}, "-mno-cygwin";
          }
  
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
index bafdbaa46f..ce2acb2462 100644
--- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -38,7 +38,7 @@ Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl
 ===================================================================
 --- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl
 +++ openssl-3.0.4/Configurations/unix-Makefile.tmpl
-@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl
+@@ -481,13 +481,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
                           '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
  BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
  
@@ -67,7 +67,7 @@ Index: openssl-3.0.4/crypto/build.info
 ===================================================================
 --- openssl-3.0.4.orig/crypto/build.info
 +++ openssl-3.0.4/crypto/build.info
-@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
+@@ -115,7 +115,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
  
  DEPEND[info.o]=buildinf.h
  DEPEND[cversion.o]=buildinf.h
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest
index c89ec5afa1..cd29bb1446 100644
--- a/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ b/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -1,12 +1,19 @@
 #!/bin/sh
 
-set -e
+set -eu
 
-# Optional arguments are 'list' to lists all tests, or the test name (base name
-# ie test_evp, not 03_test_evp.t).
+# Optional arguments are 'list' to lists the tests, or the test name (base name
+# ie test_evp, not 03_test_evp.t). Without any arguments we run all tests.
+
+if test $# -gt 0; then
+    TESTS=$*
+else
+    # Skip test_symbol_presence as this is for developers
+    TESTS="alltests -test_symbol_presence"
+fi
 
 export TOP=.
-# OPENSSL_ENGINES is relative from the test binaries
-export OPENSSL_ENGINES=../engines
+# Run four jobs in parallel
+export HARNESS_JOBS=4
 
-{ HARNESS_JOBS=4 perl ./test/run_tests.pl $* || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g'
+{ perl ./test/run_tests.pl $TESTS || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g'
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.3.bb b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb
index 53139df40c..c4ad80e734 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.2.3.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb
@@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "52b5f1c6b8022bc5868c308c54fb77705e702d6c6f4594f99a0df216acf46239"
+SRC_URI[sha256sum] = "b23ad7fd9f73e43ad1767e636040e88ba7c9e5775bfa5618436a0dd2c17c3716"
 
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -186,44 +186,43 @@ do_install:append:class-nativesdk () {
 
 PTEST_BUILD_HOST_FILES += "configdata.pm"
 PTEST_BUILD_HOST_PATTERN = "perl_version ="
-do_install_ptest () {
-        install -d ${D}${PTEST_PATH}/test
-        install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test
-        install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test
-        install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test
-
-        # Prune the build tree
-        rm -f ${B}/fuzz/*.* ${B}/test/*.*
-
-        cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
-        sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm
-        cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
-
-        # For test_shlibload
-        ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
-        ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+do_install_ptest() {
+        install -m644 ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
+        cp -rf ${S}/Configurations ${S}/external ${D}${PTEST_PATH}/
 
         install -d ${D}${PTEST_PATH}/apps
         ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
-        install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
-        install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
-
-        install -d ${D}${PTEST_PATH}/engines
-        install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines
-        install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines
-        install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
-
-        install -d ${D}${PTEST_PATH}/providers
-        install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers
 
-        install -d ${D}${PTEST_PATH}/Configurations
-        cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/
+        cd ${S}
+        find test/certs test/ct test/d2i-tests test/recipes test/ocsp-tests test/ssl-tests test/smime-certs -type f -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
+        find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
+        find apps test -name \*.der -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
+        find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
+        find util -name \*.p[lm] -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
+
+        cd ${B}
+        # Everything but .? (.o and .d)
+        find test -type f -name \*[^.]? -exec install -m755 -D {} ${D}${PTEST_PATH}/{} \;
+        find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
+        find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
+        find apps test -name \*.srl -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
+        install -m755 ${B}/util/*wrap.* ${D}${PTEST_PATH}/util/
+
+        install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps/
+        install -m755 ${S}/test/*.pl ${D}${PTEST_PATH}/test/
+        install -m755 ${S}/test/shibboleth.pfx ${D}${PTEST_PATH}/test/
+        install -m755 ${S}/test/*.bin ${D}${PTEST_PATH}/test/
+        install -m755 ${S}/test/dane*.in ${D}${PTEST_PATH}/test/
+        install -m755 ${S}/test/smcont*.txt ${D}${PTEST_PATH}/test/
+        install -m755 ${S}/test/ssl_test.tmpl ${D}${PTEST_PATH}/test/
+
+        sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm ${D}${PTEST_PATH}/util/wrap.pl
 
-        # seems to be needed with perl 5.32.1
-        install -d ${D}${PTEST_PATH}/util/perl/recipes
-        cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/
-
-        sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl
+        install -d ${D}${PTEST_PATH}/engines
+        install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines/
+        install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines/
+        ln -s ${libdir}/engines-3/loader_attic.so ${D}${PTEST_PATH}/engines/
+        ln -s ${libdir}/ossl-modules/ ${D}${PTEST_PATH}/providers
 }
 
 # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
@@ -250,7 +249,7 @@ CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 
 RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy"
 RDEPENDS:${PN}-misc = "perl"
-RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed"
+RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed openssl-engines openssl-ossl-module-legacy"
 
 RDEPENDS:${PN}-bin += "openssl-conf"
 
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-Revert-lock-path-to-var-lock-435.patch b/meta/recipes-connectivity/ppp/ppp/0001-Revert-lock-path-to-var-lock-435.patch
new file mode 100644
index 0000000000..573eb413b0
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/0001-Revert-lock-path-to-var-lock-435.patch
@@ -0,0 +1,63 @@
+From 99cbf5e269994482edaf64624be8b1c806f9587c Mon Sep 17 00:00:00 2001
+From: Dominique Martinet <asmadeus@codewreck.org>
+Date: Tue, 10 Oct 2023 10:05:50 +0900
+Subject: [PATCH] Revert lock path to /var/lock (#435)
+
+lock dir changed on linux from /var/lock to /run/pppd/lock with
+pppd-2.5.0, which makes pppd fail to start if the distribution does not
+pre-create the directory.
+
+This reverts it back to /var/lock.
+
+The paths for other OS should be identical as LOCALSTATEDIR should be
+/var, but also revert them back as well just in case.
+Since the variable is no longer used remove it from makefiles.
+
+Fixes: 66a8c74c3f73 ("Let ./configure control the paths for pppd")
+Fixes: #419
+
+Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Co-authored-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+
+Upstream-Status: Backport [https://github.com/ppp-project/ppp/commit/99cbf5e269994482edaf64624be8b1c806f9587c]
+---
+ pppd/Makefile.am | 2 +-
+ pppd/pathnames.h | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/pppd/Makefile.am b/pppd/Makefile.am
+index e5bedf2..7cb3005 100644
+--- a/pppd/Makefile.am
++++ b/pppd/Makefile.am
+@@ -83,7 +83,7 @@ pppd_SOURCES = \
+     upap.c \
+     utils.c
+ 
+-pppd_CPPFLAGS = -DSYSCONFDIR=\"${sysconfdir}\" -DLOCALSTATEDIR=\"${localstatedir}\" -DPPPD_RUNTIME_DIR='"@PPPD_RUNTIME_DIR@"' -DPPPD_LOGFILE_DIR='"@PPPD_LOGFILE_DIR@"'
++pppd_CPPFLAGS = -DSYSCONFDIR=\"${sysconfdir}\" -DPPPD_RUNTIME_DIR='"@PPPD_RUNTIME_DIR@"' -DPPPD_LOGFILE_DIR='"@PPPD_LOGFILE_DIR@"'
+ pppd_LDFLAGS =
+ pppd_LIBS =
+ 
+diff --git a/pppd/pathnames.h b/pppd/pathnames.h
+index de2fb68..12609a9 100644
+--- a/pppd/pathnames.h
++++ b/pppd/pathnames.h
+@@ -120,12 +120,12 @@
+ #define PPP_PATH_PPPDB          PPP_PATH_VARRUN  "/pppd2.tdb"
+ 
+ #ifdef __linux__
+-#define PPP_PATH_LOCKDIR        PPP_PATH_VARRUN  "/lock"
++#define PPP_PATH_LOCKDIR        "/var/lock"
+ #else
+ #ifdef SVR4
+-#define PPP_PATH_LOCKDIR        LOCALSTATEDIR "/spool/locks"
++#define PPP_PATH_LOCKDIR        "/var/spool/locks"
+ #else
+-#define PPP_PATH_LOCKDIR        LOCALSTATEDIR "/spool/lock"
++#define PPP_PATH_LOCKDIR        "/var/spool/lock"
+ #endif
+ #endif
+ 
+-- 
+2.43.0
+
diff --git a/meta/recipes-connectivity/ppp/ppp/CVE-2024-58250.patch b/meta/recipes-connectivity/ppp/ppp/CVE-2024-58250.patch
new file mode 100644
index 0000000000..55d36c5baa
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/CVE-2024-58250.patch
@@ -0,0 +1,194 @@
+From 0a66ad22e54c72690ec2a29a019767c55c5281fc Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Fri, 18 Oct 2024 20:22:57 +1100
+Subject: [PATCH] pppd: Remove passprompt plugin
+
+This is prompted by a number of factors:
+
+* It was more useful back in the dial-up days, but no-one uses dial-up
+  any more
+
+* In many cases there will be no terminal accessible to the prompter
+  program at the point where the prompter is run
+
+* The passwordfd plugin does much the same thing but does it more
+  cleanly and securely
+
+* The handling of privileges and file descriptors needs to be audited
+  thoroughly.
+
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+
+CVE: CVE-2024-58250
+Upstream-Status: Backport [https://github.com/ppp-project/ppp/commit/0a66ad22e54c72690ec2a29a019767c55c5281fc]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ pppd/plugins/Makefile.am  |   6 +-
+ pppd/plugins/passprompt.c | 137 --------------------------------------
+ 2 files changed, 1 insertion(+), 142 deletions(-)
+ delete mode 100644 pppd/plugins/passprompt.c
+
+diff --git a/pppd/plugins/Makefile.am b/pppd/plugins/Makefile.am
+index 2826148..9480d51 100644
+--- a/pppd/plugins/Makefile.am
++++ b/pppd/plugins/Makefile.am
+@@ -1,4 +1,4 @@
+-pppd_plugin_LTLIBRARIES = minconn.la passprompt.la passwordfd.la winbind.la
++pppd_plugin_LTLIBRARIES = minconn.la passwordfd.la winbind.la
+ pppd_plugindir = $(PPPD_PLUGIN_DIR)
+ 
+ PLUGIN_CPPFLAGS = -I${top_srcdir}
+@@ -8,10 +8,6 @@ minconn_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
+ minconn_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+ minconn_la_SOURCES = minconn.c
+ 
+-passprompt_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
+-passprompt_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+-passprompt_la_SOURCES = passprompt.c
+-
+ passwordfd_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
+ passwordfd_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+ passwordfd_la_SOURCES = passwordfd.c
+diff --git a/pppd/plugins/passprompt.c b/pppd/plugins/passprompt.c
+deleted file mode 100644
+index 7779d51..0000000
+--- a/pppd/plugins/passprompt.c
++++ /dev/null
+@@ -1,137 +0,0 @@
+-/*
+- * passprompt.c - pppd plugin to invoke an external PAP password prompter
+- *
+- * Copyright 1999 Paul Mackerras, Alan Curry.
+- *
+- *  This program is free software; you can redistribute it and/or
+- *  modify it under the terms of the GNU General Public License
+- *  as published by the Free Software Foundation; either version
+- *  2 of the License, or (at your option) any later version.
+- */
+-
+-#include <errno.h>
+-#include <unistd.h>
+-#include <sys/wait.h>
+-#include <sys/param.h>
+-#include <limits.h>
+-#include <stdio.h>
+-#include <syslog.h>
+-#include <stdarg.h>
+-#include <stdint.h>
+-#include <stdbool.h>
+-#include <string.h>
+-
+-#include <pppd/pppd.h>
+-#include <pppd/upap.h>
+-#include <pppd/eap.h>
+-#include <pppd/options.h>
+-
+-char pppd_version[] = PPPD_VERSION;
+-
+-static char promptprog[PATH_MAX+1];
+-static int promptprog_refused = 0;
+-
+-static struct option options[] = {
+-    { "promptprog", o_string, promptprog,
+-      "External PAP password prompting program",
+-      OPT_STATIC, NULL, PATH_MAX },
+-    { NULL }
+-};
+-
+-static int promptpass(char *user, char *passwd)
+-{
+-    int p[2];
+-    pid_t kid;
+-    int readgood, wstat, ret;
+-    ssize_t red;
+-
+-    if (promptprog_refused || promptprog[0] == 0 || access(promptprog, X_OK) < 0)
+-       return -1;      /* sorry, can't help */
+-
+-    if (!passwd)
+-       return 1;
+-
+-    if (pipe(p)) {
+-       warn("Can't make a pipe for %s", promptprog);
+-       return 0;
+-    }
+-    if ((kid = fork()) == (pid_t) -1) {
+-       warn("Can't fork to run %s", promptprog);
+-       close(p[0]);
+-       close(p[1]);
+-       return 0;
+-    }
+-    if (!kid) {
+-       /* we are the child, exec the program */
+-       char *argv[5], fdstr[32];
+-       ppp_sys_close();
+-       closelog();
+-       close(p[0]);
+-       ret = seteuid(getuid());
+-       if (ret != 0) {
+-               warn("Couldn't set effective user id");
+-       }
+-       ret = setegid(getgid());
+-       if (ret != 0) {
+-               warn("Couldn't set effective user id");
+-       }
+-       sprintf(fdstr, "%d", p[1]);
+-       argv[0] = promptprog;
+-       argv[1] = strdup(user);
+-       argv[2] = strdup(ppp_remote_name());
+-       argv[3] = fdstr;
+-       argv[4] = 0;
+-       execv(*argv, argv);
+-       _exit(127);
+-    }
+-
+-    /* we are the parent, read the password from the pipe */
+-    close(p[1]);
+-    readgood = 0;
+-    do {
+-       red = read(p[0], passwd + readgood, MAXSECRETLEN-1 - readgood);
+-       if (red == 0)
+-           break;
+-       if (red < 0) {
+-           if (errno == EINTR && !ppp_signaled(SIGTERM))
+-               continue;
+-           error("Can't read secret from %s: %m", promptprog);
+-           readgood = -1;
+-           break;
+-       }
+-       readgood += red;
+-    } while (readgood < MAXSECRETLEN - 1);
+-    close(p[0]);
+-
+-    /* now wait for child to exit */
+-    while (waitpid(kid, &wstat, 0) < 0) {
+-       if (errno != EINTR || ppp_signaled(SIGTERM)) {
+-           warn("error waiting for %s: %m", promptprog);
+-           break;
+-       }
+-    }
+-
+-    if (readgood < 0)
+-       return 0;
+-    passwd[readgood] = 0;
+-    if (!WIFEXITED(wstat))
+-       warn("%s terminated abnormally", promptprog);
+-    if (WEXITSTATUS(wstat)) {
+-           warn("%s exited with code %d", promptprog, WEXITSTATUS(wstat));
+-           /* code when cancel was hit in the prompt prog */
+-           if (WEXITSTATUS(wstat) == 128) {
+-               promptprog_refused = 1;
+-           }
+-           return -1;
+-    }
+-    return 1;
+-}
+-
+-void plugin_init(void)
+-{
+-    ppp_add_options(options);
+-    pap_passwd_hook = promptpass;
+-#ifdef PPP_WITH_EAPTLS
+-    eaptls_passwd_hook = promptpass;
+-#endif
+-}
diff --git a/meta/recipes-connectivity/ppp/ppp_2.5.0.bb b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
index 5f0c75de83..b50795109f 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
@@ -7,7 +7,6 @@ BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
 DEPENDS = "libpcap openssl virtual/crypt"
 LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD & RSA-MD"
 LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
-                    file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
                     file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \
                     file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"
 
@@ -23,6 +22,8 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
            file://ppp_on_boot \
            file://provider \
            file://ppp@.service \
+           file://0001-Revert-lock-path-to-var-lock-435.patch \
+           file://CVE-2024-58250.patch \
            "
 
 SRC_URI[sha256sum] = "5cae0e8075f8a1755f16ca290eb44e6b3545d3f292af4da65ecffe897de636ff"
diff --git a/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch b/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch
new file mode 100644
index 0000000000..3bf685ebd9
--- /dev/null
+++ b/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch
@@ -0,0 +1,113 @@
+From 4ee1f31cf80019c5907876576d6dfd49368d660f Mon Sep 17 00:00:00 2001
+From: Gerhard Rieger <gerhard@dest-unreach.org>
+Date: Fri, 6 Dec 2024 11:42:09 +0100
+Subject: [PATCH] Version 1.8.0.2 - CVE-2024-54661: Arbitrary file overwrite in
+ readline.sh
+
+CVE: CVE-2024-54661
+Upstream-Status: Backport [https://repo.or.cz/socat.git/commitdiff/4ee1f31cf80019c5907876576d6dfd49368d660f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ readline.sh | 10 +++++++--
+ test.sh     | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 71 insertions(+), 2 deletions(-)
+
+diff --git a/readline.sh b/readline.sh
+index b6f8438..1045303 100755
+--- a/readline.sh
++++ b/readline.sh
+@@ -22,9 +22,15 @@ if [ "$withhistfile" ]; then
+ else
+     HISTOPT=
+ fi
+-mkdir -p /tmp/$USER || exit 1
+ #
+ #
+ 
+-exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>/tmp/$USER/stderr2
++if test -w .; then
++    STDERR=./socat-readline.${1##*/}.log
++    rm -f $STDERR
++else
++    STDERR=/dev/null
++fi
++
++exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR
+ 
+diff --git a/test.sh b/test.sh
+index 46bebf8..5204ac7 100755
+--- a/test.sh
++++ b/test.sh
+@@ -19154,6 +19154,69 @@ esac
+ N=$((N+1))
+ 
+ 
++# Test the readline.sh file overwrite vulnerability
++NAME=READLINE_SH_OVERWRITE
++case "$TESTS" in
++*%$N%*|*%functions%*|*%bugs%*|*%readline%*|*%security%*|*%$NAME%*)
++TEST="$NAME: Test the readline.sh file overwrite vulnerability"
++# Create a symlink /tmp/$USER/stderr2 pointing to a temporary file,
++# run readline.sh
++# When the temporary file is kept the test succeeded
++if ! eval $NUMCOND; then :
++elif ! cond=$(checkconds \
++                 "" \
++                 "" \
++                 "readline.sh" \
++                 "" \
++                 "" \
++                 "" \
++                 "" ); then
++    $PRINTF "test $F_n $TEST... ${YELLOW}$cond${NORMAL}\n" $N
++    numCANT=$((numCANT+1))
++    listCANT="$listCANT $N"
++    namesCANT="$namesCANT $NAME"
++else
++    tf="$td/test$N.file"
++    te="$td/test$N.stderr"
++    tdiff="$td/test$N.diff"
++    da="test$N $(date) $RANDOM"
++    echo "$da" >"$tf"
++    ln -sf "$tf" /tmp/$USER/stderr2
++    CMD0="readline.sh cat"
++    printf "test $F_n $TEST... " $N
++    $CMD0 </dev/null >/dev/null 2>"${te}0"
++    rc0=$?
++#    if [ "$rc0" -ne 0 ]; then
++#      $PRINTF "$CANT (rc0=$rc0)\n"
++#      echo "$CMD0"
++#      cat "${te}0" >&2
++#      numCANT=$((numCANT+1))
++#      listCANT="$listCANT $N"
++#      namesCANT="$namesCANT $NAME"
++#    elif ! echo "$da" |diff - "$tf" >$tdiff; then
++    if ! echo "$da" |diff - "$tf" >$tdiff; then
++       $PRINTF "$FAILED (diff)\n"
++       echo "$CMD0 &"
++       cat "${te}0" >&2
++       echo "// diff:" >&2
++       cat "$tdiff" >&2
++       numFAIL=$((numFAIL+1))
++       listFAIL="$listFAIL $N"
++       namesFAIL="$namesFAIL $NAME"
++    else
++       $PRINTF "$OK\n"
++       if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
++       if [ "$DEBUG" ];   then cat "${te}0" >&2; fi
++       if [ "$VERBOSE" ]; then echo "$CMD1"; fi
++       if [ "$DEBUG" ];   then cat "${te}1" >&2; fi
++       numOK=$((numOK+1))
++       listOK="$listOK $N"
++    fi
++fi # NUMCOND
++ ;;
++esac
++N=$((N+1))
++
+ # end of common tests
+ 
+ ##################################################################################
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.0.bb b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
index 912605c95c..bb39730005 100644
--- a/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
+++ b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 
 SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
            file://0001-fix-compile-procan.c-failed.patch \
+           file://CVE-2024-54661.patch \
 "
 
 SRC_URI[sha256sum] = "e1de683dd22ee0e3a6c6bbff269abe18ab0c9d7eb650204f125155b9005faca7"
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
new file mode 100644
index 0000000000..5780f27f8b
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
@@ -0,0 +1,52 @@
+From 364c2da8741f0979dae497551e70b94c0e6c8636 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 7 Jul 2024 11:46:49 +0300
+Subject: [PATCH 1/3] SAE: Check for invalid Rejected Groups element length
+ explicitly
+
+Instead of practically ignoring an odd octet at the end of the element,
+check for such invalid case explicitly. This is needed to avoid a
+potential group downgrade attack.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=364c2da8741f0979dae497551e70b94c0e6c8636]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/ap/ieee802_11.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index db4104928..1a62e30cc 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1258,7 +1258,7 @@ static int check_sae_rejected_groups(struct hostapd_data *hapd,
+                                     struct sae_data *sae)
+ {
+        const struct wpabuf *groups;
+-       size_t i, count;
++       size_t i, count, len;
+        const u8 *pos;
+ 
+        if (!sae->tmp)
+@@ -1268,7 +1268,15 @@ static int check_sae_rejected_groups(struct hostapd_data *hapd,
+                return 0;
+ 
+        pos = wpabuf_head(groups);
+-       count = wpabuf_len(groups) / 2;
++       len = wpabuf_len(groups);
++       if (len & 1) {
++               wpa_printf(MSG_DEBUG,
++                          "SAE: Invalid length of the Rejected Groups element payload: %zu",
++                          len);
++               return 1;
++       }
++
++       count = len / 2;
+        for (i = 0; i < count; i++) {
+                int enabled;
+                u16 group;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
new file mode 100644
index 0000000000..3e96ae9e2e
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
@@ -0,0 +1,50 @@
+From 593a7c2f8c93edd6b552f2d42e28164464b4e6ff Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Tue, 9 Jul 2024 23:33:38 +0300
+Subject: [PATCH 2/3] SAE: Check for invalid Rejected Groups element length
+ explicitly on STA
+
+Instead of practically ignoring an odd octet at the end of the element,
+check for such invalid case explicitly. This is needed to avoid a
+potential group downgrade attack.
+
+Fixes: 444d76f74f65 ("SAE: Check that peer's rejected groups are not enabled")
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=593a7c2f8c93edd6b552f2d42e28164464b4e6ff]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ wpa_supplicant/sme.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
+index 7f43216c6..c7289f6a8 100644
+--- a/wpa_supplicant/sme.c
++++ b/wpa_supplicant/sme.c
+@@ -1222,14 +1222,21 @@ static int sme_sae_is_group_enabled(struct wpa_supplicant *wpa_s, int group)
+ static int sme_check_sae_rejected_groups(struct wpa_supplicant *wpa_s,
+                                         const struct wpabuf *groups)
+ {
+-       size_t i, count;
++       size_t i, count, len;
+        const u8 *pos;
+ 
+        if (!groups)
+                return 0;
+ 
+        pos = wpabuf_head(groups);
+-       count = wpabuf_len(groups) / 2;
++       len = wpabuf_len(groups);
++       if (len & 1) {
++               wpa_printf(MSG_DEBUG,
++                          "SAE: Invalid length of the Rejected Groups element payload: %zu",
++                          len);
++               return 1;
++       }
++       count = len / 2;
+        for (i = 0; i < count; i++) {
+                int enabled;
+                u16 group;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch
new file mode 100644
index 0000000000..5e9e8bc01d
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch
@@ -0,0 +1,38 @@
+From 9716bf1160beb677e965d9e6475d6c9e162e8374 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Tue, 9 Jul 2024 23:34:34 +0300
+Subject: [PATCH 3/3] SAE: Reject invalid Rejected Groups element in the parser
+
+There is no need to depend on all uses (i.e., both hostapd and
+wpa_supplicant) to verify that the length of the Rejected Groups field
+in the Rejected Groups element is valid (i.e., a multiple of two octets)
+since the common parser can reject the message when detecting this.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=9716bf1160beb677e965d9e6475d6c9e162e8374]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/common/sae.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/common/sae.c b/src/common/sae.c
+index c0f154e91..620bdf753 100644
+--- a/src/common/sae.c
++++ b/src/common/sae.c
+@@ -2076,6 +2076,12 @@ static int sae_parse_rejected_groups(struct sae_data *sae,
+                return WLAN_STATUS_UNSPECIFIED_FAILURE;
+        epos++; /* skip ext ID */
+        len--;
++       if (len & 1) {
++               wpa_printf(MSG_DEBUG,
++                          "SAE: Invalid length of the Rejected Groups element payload: %u",
++                          len);
++               return WLAN_STATUS_UNSPECIFIED_FAILURE;
++       }
+ 
+        wpabuf_free(sae->tmp->peer_rejected_groups);
+        sae->tmp->peer_rejected_groups = wpabuf_alloc(len);
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
new file mode 100644
index 0000000000..7a8197d2b4
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
@@ -0,0 +1,82 @@
+From 945acf3ef06a6c312927da4fa055693dbac432d1 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 2 Apr 2022 16:28:12 +0300
+Subject: [PATCH 1/9] ieee802_11_auth: Coding style cleanup - no string
+ constant splitting
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=945acf3ef06a6c312927da4fa055693dbac432d1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/ap/ieee802_11_auth.c | 27 +++++++++++++++------------
+ 1 file changed, 15 insertions(+), 12 deletions(-)
+
+diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
+index 783ee6dea..47cc625be 100644
+--- a/src/ap/ieee802_11_auth.c
++++ b/src/ap/ieee802_11_auth.c
+@@ -267,16 +267,16 @@ int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr,
+                os_get_reltime(&query->timestamp);
+                os_memcpy(query->addr, addr, ETH_ALEN);
+                if (hostapd_radius_acl_query(hapd, addr, query)) {
+-                       wpa_printf(MSG_DEBUG, "Failed to send Access-Request "
+-                                  "for ACL query.");
++                       wpa_printf(MSG_DEBUG,
++                                  "Failed to send Access-Request for ACL query.");
+                        hostapd_acl_query_free(query);
+                        return HOSTAPD_ACL_REJECT;
+                }
+ 
+                query->auth_msg = os_memdup(msg, len);
+                if (query->auth_msg == NULL) {
+-                       wpa_printf(MSG_ERROR, "Failed to allocate memory for "
+-                                  "auth frame.");
++                       wpa_printf(MSG_ERROR,
++                                  "Failed to allocate memory for auth frame.");
+                        hostapd_acl_query_free(query);
+                        return HOSTAPD_ACL_REJECT;
+                }
+@@ -467,19 +467,21 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
+        if (query == NULL)
+                return RADIUS_RX_UNKNOWN;
+ 
+-       wpa_printf(MSG_DEBUG, "Found matching Access-Request for RADIUS "
+-                  "message (id=%d)", query->radius_id);
++       wpa_printf(MSG_DEBUG,
++                  "Found matching Access-Request for RADIUS message (id=%d)",
++                  query->radius_id);
+ 
+        if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) {
+-               wpa_printf(MSG_INFO, "Incoming RADIUS packet did not have "
+-                          "correct authenticator - dropped\n");
++               wpa_printf(MSG_INFO,
++                          "Incoming RADIUS packet did not have correct authenticator - dropped");
+                return RADIUS_RX_INVALID_AUTHENTICATOR;
+        }
+ 
+        if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
+            hdr->code != RADIUS_CODE_ACCESS_REJECT) {
+-               wpa_printf(MSG_DEBUG, "Unknown RADIUS message code %d to ACL "
+-                          "query", hdr->code);
++               wpa_printf(MSG_DEBUG,
++                          "Unknown RADIUS message code %d to ACL query",
++                          hdr->code);
+                return RADIUS_RX_UNKNOWN;
+        }
+ 
+@@ -506,8 +508,9 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
+                            msg, RADIUS_ATTR_ACCT_INTERIM_INTERVAL,
+                            &info->acct_interim_interval) == 0 &&
+                    info->acct_interim_interval < 60) {
+-                       wpa_printf(MSG_DEBUG, "Ignored too small "
+-                                  "Acct-Interim-Interval %d for STA " MACSTR,
++                       wpa_printf(MSG_DEBUG,
++                                  "Ignored too small Acct-Interim-Interval %d for STA "
++                                  MACSTR,
+                                   info->acct_interim_interval,
+                                   MAC2STR(query->addr));
+                        info->acct_interim_interval = 0;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch
new file mode 100644
index 0000000000..dab2eedd6a
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch
@@ -0,0 +1,165 @@
+From adac846bd0e258a0aa50750bbd2b411fa0085c46 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:11:44 +0200
+Subject: [PATCH 2/9] RADIUS: Allow Message-Authenticator attribute as the
+ first attribute
+
+If a Message-Authenticator attribute was already added to a RADIUS
+message, use that attribute instead of adding a new one when finishing
+message building. This allows the Message-Authenticator attribute to be
+placed as the first attribute in the message.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=adac846bd0e258a0aa50750bbd2b411fa0085c46]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/radius/radius.c | 85 ++++++++++++++++++++++++++++-----------------
+ src/radius/radius.h |  1 +
+ 2 files changed, 54 insertions(+), 32 deletions(-)
+
+diff --git a/src/radius/radius.c b/src/radius/radius.c
+index be16e27b9..2d2e00b5c 100644
+--- a/src/radius/radius.c
++++ b/src/radius/radius.c
+@@ -364,25 +364,54 @@ void radius_msg_dump(struct radius_msg *msg)
+ }
+ 
+ 
++u8 * radius_msg_add_msg_auth(struct radius_msg *msg)
++{
++       u8 auth[MD5_MAC_LEN];
++       struct radius_attr_hdr *attr;
++
++       os_memset(auth, 0, MD5_MAC_LEN);
++       attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
++                                  auth, MD5_MAC_LEN);
++       if (!attr) {
++               wpa_printf(MSG_ERROR,
++                          "WARNING: Could not add Message-Authenticator");
++               return NULL;
++       }
++
++       return (u8 *) (attr + 1);
++}
++
++
++static u8 * radius_msg_auth_pos(struct radius_msg *msg)
++{
++       u8 *pos;
++       size_t alen;
++
++       if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
++                                   &pos, &alen, NULL) == 0 &&
++           alen == MD5_MAC_LEN) {
++               /* Use already added Message-Authenticator attribute */
++               return pos;
++       }
++
++       /* Add a Message-Authenticator attribute */
++       return radius_msg_add_msg_auth(msg);
++}
++
++
+ int radius_msg_finish(struct radius_msg *msg, const u8 *secret,
+                      size_t secret_len)
+ {
+        if (secret) {
+-               u8 auth[MD5_MAC_LEN];
+-               struct radius_attr_hdr *attr;
++               u8 *pos;
+ 
+-               os_memset(auth, 0, MD5_MAC_LEN);
+-               attr = radius_msg_add_attr(msg,
+-                                          RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+-                                          auth, MD5_MAC_LEN);
+-               if (attr == NULL) {
+-                       wpa_printf(MSG_WARNING, "RADIUS: Could not add "
+-                                  "Message-Authenticator");
++               pos = radius_msg_auth_pos(msg);
++               if (!pos)
+                        return -1;
+-               }
+                msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
+-               hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
+-                        wpabuf_len(msg->buf), (u8 *) (attr + 1));
++               if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
++                            wpabuf_len(msg->buf), pos) < 0)
++                       return -1;
+        } else
+                msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
+ 
+@@ -398,23 +427,19 @@ int radius_msg_finish(struct radius_msg *msg, const u8 *secret,
+ int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret,
+                          size_t secret_len, const u8 *req_authenticator)
+ {
+-       u8 auth[MD5_MAC_LEN];
+-       struct radius_attr_hdr *attr;
+        const u8 *addr[4];
+        size_t len[4];
++       u8 *pos;
+ 
+-       os_memset(auth, 0, MD5_MAC_LEN);
+-       attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+-                                  auth, MD5_MAC_LEN);
+-       if (attr == NULL) {
+-               wpa_printf(MSG_ERROR, "WARNING: Could not add Message-Authenticator");
++       pos = radius_msg_auth_pos(msg);
++       if (!pos)
+                return -1;
+-       }
+        msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
+        os_memcpy(msg->hdr->authenticator, req_authenticator,
+                  sizeof(msg->hdr->authenticator));
+-       hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
+-                wpabuf_len(msg->buf), (u8 *) (attr + 1));
++       if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
++                    wpabuf_len(msg->buf), pos) < 0)
++               return -1;
+ 
+        /* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */
+        addr[0] = (u8 *) msg->hdr;
+@@ -442,21 +467,17 @@ int radius_msg_finish_das_resp(struct radius_msg *msg, const u8 *secret,
+ {
+        const u8 *addr[2];
+        size_t len[2];
+-       u8 auth[MD5_MAC_LEN];
+-       struct radius_attr_hdr *attr;
++       u8 *pos;
+ 
+-       os_memset(auth, 0, MD5_MAC_LEN);
+-       attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+-                                  auth, MD5_MAC_LEN);
+-       if (attr == NULL) {
+-               wpa_printf(MSG_WARNING, "Could not add Message-Authenticator");
++       pos = radius_msg_auth_pos(msg);
++       if (!pos)
+                return -1;
+-       }
+ 
+        msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
+        os_memcpy(msg->hdr->authenticator, req_hdr->authenticator, 16);
+-       hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
+-                wpabuf_len(msg->buf), (u8 *) (attr + 1));
++       if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
++                    wpabuf_len(msg->buf), pos) < 0)
++               return -1;
+ 
+        /* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */
+        addr[0] = wpabuf_head_u8(msg->buf);
+diff --git a/src/radius/radius.h b/src/radius/radius.h
+index fb8148180..6b9dfbca2 100644
+--- a/src/radius/radius.h
++++ b/src/radius/radius.h
+@@ -240,6 +240,7 @@ struct wpabuf * radius_msg_get_buf(struct radius_msg *msg);
+ struct radius_msg * radius_msg_new(u8 code, u8 identifier);
+ void radius_msg_free(struct radius_msg *msg);
+ void radius_msg_dump(struct radius_msg *msg);
++u8 * radius_msg_add_msg_auth(struct radius_msg *msg);
+ int radius_msg_finish(struct radius_msg *msg, const u8 *secret,
+                      size_t secret_len);
+ int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret,
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch
new file mode 100644
index 0000000000..02e35bd6de
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch
@@ -0,0 +1,62 @@
+From 54abb0d3cf35894e7d86e3f7555e95b106306803 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:13:32 +0200
+Subject: [PATCH 3/9] RADIUS server: Place Message-Authenticator attribute as
+ the first one
+
+Move the Message-Authenticator attribute to be the first attribute in
+the RADIUS messages. This mitigates certain MD5 attacks against
+RADIUS/UDP.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=54abb0d3cf35894e7d86e3f7555e95b106306803]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/radius/radius_server.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
+index e02c21540..fa3691548 100644
+--- a/src/radius/radius_server.c
++++ b/src/radius/radius_server.c
+@@ -920,6 +920,11 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
+                return NULL;
+        }
+ 
++       if (!radius_msg_add_msg_auth(msg)) {
++               radius_msg_free(msg);
++               return NULL;
++       }
++
+        sess_id = htonl(sess->sess_id);
+        if (code == RADIUS_CODE_ACCESS_CHALLENGE &&
+            !radius_msg_add_attr(msg, RADIUS_ATTR_STATE,
+@@ -1204,6 +1209,11 @@ radius_server_macacl(struct radius_server_data *data,
+                return NULL;
+        }
+ 
++       if (!radius_msg_add_msg_auth(msg)) {
++               radius_msg_free(msg);
++               return NULL;
++       }
++
+        if (radius_msg_copy_attr(msg, request, RADIUS_ATTR_PROXY_STATE) < 0) {
+                RADIUS_DEBUG("Failed to copy Proxy-State attribute(s)");
+                radius_msg_free(msg);
+@@ -1253,6 +1263,11 @@ static int radius_server_reject(struct radius_server_data *data,
+                return -1;
+        }
+ 
++       if (!radius_msg_add_msg_auth(msg)) {
++               radius_msg_free(msg);
++               return -1;
++       }
++
+        os_memset(&eapfail, 0, sizeof(eapfail));
+        eapfail.code = EAP_CODE_FAILURE;
+        eapfail.identifier = 0;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch
new file mode 100644
index 0000000000..c4aa40c811
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch
@@ -0,0 +1,37 @@
+From 689a248260c9708e6c92cd8635382725a29e34ca Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:16:12 +0200
+Subject: [PATCH 4/9] eapol_test: Move Message-Authenticator attribute to be
+ the first one
+
+Even if this is not strictly speaking necessary for mitigating certain
+RADIUS protocol attacks, be consistent with the RADIUS server behavior
+and move the Message-Authenticator attribute to be the first attribute
+in the message from RADIUS client.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=689a248260c9708e6c92cd8635382725a29e34ca]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ wpa_supplicant/eapol_test.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
+index e256ac50e..57082e4b8 100644
+--- a/wpa_supplicant/eapol_test.c
++++ b/wpa_supplicant/eapol_test.c
+@@ -194,6 +194,9 @@ static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e,
+                return;
+        }
+ 
++       if (!radius_msg_add_msg_auth(msg))
++               goto fail;
++
+        radius_msg_make_authenticator(msg);
+ 
+        hdr = (const struct eap_hdr *) eap;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch
new file mode 100644
index 0000000000..ce499ce8b6
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch
@@ -0,0 +1,52 @@
+From 37fe8e48ab44d44fe3cf5dd8f52cb0a10be0cd17 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:22:43 +0200
+Subject: [PATCH 5/9] hostapd: Move Message-Authenticator attribute to be the
+ first one in req
+
+Even if this is not strictly speaking necessary for mitigating certain
+RADIUS protocol attacks, be consistent with the RADIUS server behavior
+and move the Message-Authenticator attribute to be the first attribute
+in the message from RADIUS client in hostapd.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=37fe8e48ab44d44fe3cf5dd8f52cb0a10be0cd17]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/ap/ieee802_11_auth.c | 3 +++
+ src/ap/ieee802_1x.c      | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
+index 47cc625be..2a950cf7f 100644
+--- a/src/ap/ieee802_11_auth.c
++++ b/src/ap/ieee802_11_auth.c
+@@ -119,6 +119,9 @@ static int hostapd_radius_acl_query(struct hostapd_data *hapd, const u8 *addr,
+                goto fail;
+        }
+ 
++       if (!radius_msg_add_msg_auth(msg))
++               goto fail;
++
+        os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT, MAC2STR(addr));
+        if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, (u8 *) buf,
+                                 os_strlen(buf))) {
+diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
+index 753c88335..89e3dd30e 100644
+--- a/src/ap/ieee802_1x.c
++++ b/src/ap/ieee802_1x.c
+@@ -702,6 +702,9 @@ void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd,
+                goto fail;
+        }
+ 
++       if (!radius_msg_add_msg_auth(msg))
++               goto fail;
++
+        if (sm->identity &&
+            !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
+                                 sm->identity, sm->identity_len)) {
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch
new file mode 100644
index 0000000000..44113afd4a
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch
@@ -0,0 +1,51 @@
+From f54157077f799d84ce26bed6ad6b01c4a16e31cf Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:26:58 +0200
+Subject: [PATCH 6/9] RADIUS DAS: Move Message-Authenticator attribute to be
+ the first one
+
+Even if this might not be strictly speaking necessary for mitigating
+certain RADIUS protocol attacks, be consistent with the RADIUS server
+behavior and move the Message-Authenticator attribute to be the first
+attribute in the RADIUS DAS responses from hostapd.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=f54157077f799d84ce26bed6ad6b01c4a16e31cf]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/radius/radius_das.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/radius/radius_das.c b/src/radius/radius_das.c
+index aaa3fc267..8d7c9b4c4 100644
+--- a/src/radius/radius_das.c
++++ b/src/radius/radius_das.c
+@@ -177,6 +177,11 @@ fail:
+        if (reply == NULL)
+                return NULL;
+ 
++       if (!radius_msg_add_msg_auth(reply)) {
++               radius_msg_free(reply);
++               return NULL;
++       }
++
+        if (error) {
+                if (!radius_msg_add_attr_int32(reply, RADIUS_ATTR_ERROR_CAUSE,
+                                               error)) {
+@@ -368,6 +373,11 @@ fail:
+        if (!reply)
+                return NULL;
+ 
++       if (!radius_msg_add_msg_auth(reply)) {
++               radius_msg_free(reply);
++               return NULL;
++       }
++
+        if (error &&
+            !radius_msg_add_attr_int32(reply, RADIUS_ATTR_ERROR_CAUSE, error)) {
+                radius_msg_free(reply);
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch
new file mode 100644
index 0000000000..9a284b5261
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch
@@ -0,0 +1,46 @@
+From 934b0c3a45ce0726560ccefbd992a9d385c36385 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:31:37 +0200
+Subject: [PATCH 7/9] Require Message-Authenticator in Access-Reject even
+ without EAP-Message
+
+Do not allow the exception for missing Message-Authenticator in
+Access-Reject without EAP-Message. While such exception is allowed in
+RADIUS definition, there is no strong reason to maintain this since
+Access-Reject is supposed to include EAP-Message and even if it doesn't,
+discarding Access-Reject will result in the connection not completing.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=934b0c3a45ce0726560ccefbd992a9d385c36385]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/ap/ieee802_1x.c | 11 +----------
+ 1 file changed, 1 insertion(+), 10 deletions(-)
+
+diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
+index 89e3dd30e..6e7b75128 100644
+--- a/src/ap/ieee802_1x.c
++++ b/src/ap/ieee802_1x.c
+@@ -1939,16 +1939,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
+        }
+        sta = sm->sta;
+ 
+-       /* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
+-        * present when packet contains an EAP-Message attribute */
+-       if (hdr->code == RADIUS_CODE_ACCESS_REJECT &&
+-           radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
+-                               0) < 0 &&
+-           radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
+-               wpa_printf(MSG_DEBUG,
+-                          "Allowing RADIUS Access-Reject without Message-Authenticator since it does not include EAP-Message");
+-       } else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
+-                                    req, 1)) {
++       if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 1)) {
+                wpa_printf(MSG_INFO,
+                           "Incoming RADIUS packet did not have correct Message-Authenticator - dropped");
+                return RADIUS_RX_INVALID_AUTHENTICATOR;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch
new file mode 100644
index 0000000000..177c6f81e6
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch
@@ -0,0 +1,67 @@
+From 58097123ec5ea6f8276b38cb9b07669ec368a6c1 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 17 Mar 2024 10:42:56 +0200
+Subject: [PATCH 8/9] RADIUS: Require Message-Authenticator attribute in MAC
+ ACL cases
+
+hostapd required Message-Authenticator attribute to be included in EAP
+authentication cases, but that requirement was not in place for MAC ACL
+cases. Start requiring Message-Authenticator attribute for MAC ACL by
+default. Unlike the EAP case, this can still be disabled with
+radius_require_message_authenticator=1 to maintain compatibility with
+some RADIUS servers when used in a network where the connection to such
+a server is secure.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=58097123ec5ea6f8276b38cb9b07669ec368a6c1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/ap/ap_config.c       |  1 +
+ src/ap/ap_config.h       |  1 +
+ src/ap/ieee802_11_auth.c |  4 +++-
+ 5 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
+index 86b6e097c..cf497a180 100644
+--- a/src/ap/ap_config.c
++++ b/src/ap/ap_config.c
+@@ -120,6 +120,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
+ #endif /* CONFIG_IEEE80211R_AP */
+ 
+        bss->radius_das_time_window = 300;
++       bss->radius_require_message_authenticator = 1;
+ 
+        bss->anti_clogging_threshold = 5;
+        bss->sae_sync = 5;
+diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
+index 49cd3168a..22ad617f4 100644
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -302,6 +302,7 @@ struct hostapd_bss_config {
+        struct hostapd_ip_addr own_ip_addr;
+        char *nas_identifier;
+        struct hostapd_radius_servers *radius;
++       int radius_require_message_authenticator;
+        int acct_interim_interval;
+        int radius_request_cui;
+        struct hostapd_radius_attr *radius_auth_req_attr;
+diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
+index 2a950cf7f..dab9bcde3 100644
+--- a/src/ap/ieee802_11_auth.c
++++ b/src/ap/ieee802_11_auth.c
+@@ -474,7 +474,9 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
+                   "Found matching Access-Request for RADIUS message (id=%d)",
+                   query->radius_id);
+ 
+-       if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) {
++       if (radius_msg_verify(
++                   msg, shared_secret, shared_secret_len, req,
++                   hapd->conf->radius_require_message_authenticator)) {
+                wpa_printf(MSG_INFO,
+                           "Incoming RADIUS packet did not have correct authenticator - dropped");
+                return RADIUS_RX_INVALID_AUTHENTICATOR;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch
new file mode 100644
index 0000000000..e23d1e0047
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch
@@ -0,0 +1,47 @@
+From f302d9f9646704cce745734af21d540baa0da65f Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 17 Mar 2024 10:47:58 +0200
+Subject: [PATCH 9/9] RADIUS: Check Message-Authenticator if it is present even
+ if not required
+
+Always check the Message-Authenticator attribute in a received RADIUS
+message if it is present. Previously, this would have been skipped if
+the attribute was not required to be present.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=f302d9f9646704cce745734af21d540baa0da65f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/radius/radius.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/src/radius/radius.c b/src/radius/radius.c
+index 2d2e00b5c..a0e3ce399 100644
+--- a/src/radius/radius.c
++++ b/src/radius/radius.c
+@@ -879,6 +879,20 @@ int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
+                return 1;
+        }
+ 
++       if (!auth) {
++               u8 *pos;
++               size_t alen;
++
++               if (radius_msg_get_attr_ptr(msg,
++                                           RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
++                                           &pos, &alen, NULL) == 0) {
++                       /* Check the Message-Authenticator attribute since it
++                        * was included even if we are configured to not
++                        * require it. */
++                       auth = 1;
++               }
++       }
++
+        if (auth &&
+            radius_msg_verify_msg_auth(msg, secret, secret_len,
+                                       sent_msg->hdr->authenticator)) {
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
index 22028ce957..c1a4383b47 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
@@ -19,6 +19,18 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
            file://0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch \
            file://0001-Install-wpa_passphrase-when-not-disabled.patch \
            file://0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch \
+           file://CVE-2024-3596_00.patch \
+           file://CVE-2024-3596_01.patch \
+           file://CVE-2024-3596_02.patch \
+           file://CVE-2024-3596_03.patch \
+           file://CVE-2024-3596_04.patch \
+           file://CVE-2024-3596_05.patch \
+           file://CVE-2024-3596_06.patch \
+           file://CVE-2024-3596_07.patch \
+           file://CVE-2024-3596_08.patch \
+           file://0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch \
+           file://0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch \
+           file://0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch \
            "
 SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f"
 
@@ -32,6 +44,8 @@ PACKAGECONFIG[openssl] = ",,openssl"
 
 CVE_PRODUCT = "wpa_supplicant"
 
+CVE_STATUS[CVE-2024-5290] = "not-applicable-platform: this only affects Ubuntu and other platforms patching wpa-supplicant"
+
 EXTRA_OEMAKE = "'LIBDIR=${libdir}' 'INCDIR=${includedir}' 'BINDIR=${sbindir}'"
 
 do_configure () {
diff --git a/meta/recipes-core/base-files/base-files_3.0.14.bb b/meta/recipes-core/base-files/base-files_3.0.14.bb
index 9fab53ce63..5d13b6249d 100644
--- a/meta/recipes-core/base-files/base-files_3.0.14.bb
+++ b/meta/recipes-core/base-files/base-files_3.0.14.bb
@@ -70,29 +70,6 @@ hostname = "${MACHINE}"
 
 BASEFILESISSUEINSTALL ?= "do_install_basefilesissue"
 
-# In previous versions of base-files, /run was a softlink to /var/run and the
-# directory was located in /var/volatlie/run.  Also, /var/lock was a softlink
-# to /var/volatile/lock which is where the real directory was located.  Now,
-# /run and /run/lock are the real directories.  If we are upgrading, we may
-# need to remove the symbolic links first before we create the directories.
-# Otherwise the directory creation will fail and we will have circular symbolic
-# links.
-# 
-pkg_preinst:${PN} () {
-    #!/bin/sh -e
-    if [ x"$D" = "x" ]; then
-        if [ -h "/var/lock" ]; then
-            # Remove the symbolic link
-            rm -f /var/lock
-        fi
-
-        if [ -h "/run" ]; then
-            # Remove the symbolic link
-            rm -f /run
-        fi
-    fi     
-}
-
 do_install () {
         for d in ${dirs555}; do
                 install -m 0555 -d ${D}$d
diff --git a/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch b/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
new file mode 100644
index 0000000000..41be1635b5
--- /dev/null
+++ b/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
@@ -0,0 +1,112 @@
+From 8763c305c29d0abb7e2be4695212b42917d054b2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
+Date: Tue, 20 May 2025 16:03:44 +0100
+Subject: [PATCH] sort: fix buffer under-read (CWE-127)
+
+* src/sort.c (begfield): Check pointer adjustment
+to avoid Out-of-range pointer offset (CWE-823).
+(limfield): Likewise.
+* tests/sort/sort-field-limit.sh: Add a new test,
+which triggers with ASAN or Valgrind.
+* tests/local.mk: Reference the new test.
+* NEWS: Mention bug fix introduced in v7.2 (2009).
+Fixes https://bugs.gnu.org/78507
+
+CVE: CVE-2025-5278
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/sort.c                     | 12 ++++++++++--
+ tests/local.mk                 |  1 +
+ tests/sort/sort-field-limit.sh | 35 ++++++++++++++++++++++++++++++++++
+ 3 files changed, 46 insertions(+), 2 deletions(-)
+ create mode 100755 tests/sort/sort-field-limit.sh
+
+diff --git a/src/sort.c b/src/sort.c
+index b10183b6f..7af1a2512 100644
+--- a/src/sort.c
++++ b/src/sort.c
+@@ -1644,7 +1644,11 @@ begfield (struct line const *line, struct keyfield const *key)
+       ++ptr;
+ 
+   /* Advance PTR by SCHAR (if possible), but no further than LIM.  */
+-  ptr = MIN (lim, ptr + schar);
++  size_t remaining_bytes = lim - ptr;
++  if (schar < remaining_bytes)
++    ptr += schar;
++  else
++    ptr = lim;
+ 
+   return ptr;
+ }
+@@ -1746,7 +1750,11 @@ limfield (struct line const *line, struct keyfield const *key)
+           ++ptr;
+ 
+       /* Advance PTR by ECHAR (if possible), but no further than LIM.  */
+-      ptr = MIN (lim, ptr + echar);
++      size_t remaining_bytes = lim - ptr;
++      if (echar < remaining_bytes)
++        ptr += echar;
++      else
++        ptr = lim;
+     }
+ 
+   return ptr;
+diff --git a/tests/local.mk b/tests/local.mk
+index 4da6756ac..642d225fa 100644
+--- a/tests/local.mk
++++ b/tests/local.mk
+@@ -388,6 +388,7 @@ all_tests =                                 \
+   tests/sort/sort-debug-keys.sh                        \
+   tests/sort/sort-debug-warn.sh                        \
+   tests/sort/sort-discrim.sh                   \
++  tests/sort/sort-field-limit.sh               \
+   tests/sort/sort-files0-from.pl               \
+   tests/sort/sort-float.sh                     \
+   tests/sort/sort-h-thousands-sep.sh           \
+diff --git a/tests/sort/sort-field-limit.sh b/tests/sort/sort-field-limit.sh
+new file mode 100755
+index 000000000..52d8e1d17
+--- /dev/null
++++ b/tests/sort/sort-field-limit.sh
+@@ -0,0 +1,35 @@
++#!/bin/sh
++# From 7.2-9.7, this would trigger an out of bounds mem read
++
++# Copyright (C) 2025 Free Software Foundation, Inc.
++
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <https://www.gnu.org/licenses/>.
++
++. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
++print_ver_ sort
++getlimits_
++
++# This issue triggers with valgrind or ASAN
++valgrind --error-exitcode=1 sort --version 2>/dev/null &&
++  VALGRIND='valgrind --error-exitcode=1'
++
++{ printf '%s\n' aa bb; } > in || framework_failure_
++
++_POSIX2_VERSION=200809 $VALGRIND sort +0.${SIZE_MAX}R in > out || fail=1
++compare in out || fail=1
++
++_POSIX2_VERSION=200809 $VALGRIND sort +1 -1.${SIZE_MAX}R in > out || fail=1
++compare in out || fail=1
++
++Exit $fail
+-- 
+2.34.1
+
diff --git a/meta/recipes-core/coreutils/coreutils_9.4.bb b/meta/recipes-core/coreutils/coreutils_9.4.bb
index 62ecdea6ec..caed1f8c49 100644
--- a/meta/recipes-core/coreutils/coreutils_9.4.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.4.bb
@@ -18,6 +18,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
            file://0001-local.mk-fix-cross-compiling-problem.patch \
            file://0001-posixtm-pacify-clang-18.patch \
            file://CVE-2024-0684.patch \
+           file://CVE-2025-5278.patch \
            file://run-ptest \
            "
 SRC_URI[sha256sum] = "ea613a4cf44612326e917201bbbcdfbd301de21ffc3b59b6e5c07e040b275e52"
diff --git a/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch b/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch
new file mode 100644
index 0000000000..dff6534027
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch
@@ -0,0 +1,45 @@
+From 5c34e70b80e5fc539f96e029b56b95cdee556010 Mon Sep 17 00:00:00 2001
+From: Matt Johnston <matt@ucc.asn.au>
+Date: Sun, 8 Sep 2024 11:07:41 +0200
+Subject: Don't close channels when a PID hasn't started
+
+If check_close() ran prior to a server channel exec/shell
+request, it would send a close immediately.
+This fix changes it to exclude write_fd==FD_UNINIT from
+being closed there.
+
+When a channel was closed by the time shell/exec request
+was received, then data sent hits an assertion.
+This fixes #321 on Github.
+
+The "pid == 0" check was initially added to avoid waiting
+to close a channel when a process has never been launched
+(which is correct), but that isn't correct in the case
+of the closed-fd test.
+
+Fixes: 8e6f73e879ca ("- Remove "flushing" handling for exited processes)
+
+Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/71521d1b78706a70d3570b860e65234cefdc8c81]
+
+Signed-off-by: Florian Kreutzer <florian.kreutzer.oss@rohde-schwarz.com>
+---
+ common-channel.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/common-channel.c b/common-channel.c
+index be5b57f..9926972 100644
+--- a/common-channel.c
++++ b/common-channel.c
+@@ -317,7 +317,8 @@ static void check_close(struct Channel *channel) {
+ 
+        if ((channel->recv_eof && !write_pending(channel))
+                /* have a server "session" and child has exited */
+-               || (channel->type->check_close && close_allowed)) {
++               || (channel->writefd != FD_UNINIT
++                       && channel->type->check_close && close_allowed)) {
+                close_chan_fd(channel, channel->writefd, SHUT_WR);
+        }
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch b/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch
new file mode 100644
index 0000000000..64b0405473
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch
@@ -0,0 +1,234 @@
+From 6e43be5c7b99dbee49dc72b6f989f29fdd7e9356 Mon Sep 17 00:00:00 2001
+From: Matt Johnston <matt@ucc.asn.au>
+Date: Mon, 20 Nov 2023 14:02:47 +0800
+Subject: [PATCH] Implement Strict KEX mode
+
+As specified by OpenSSH with kex-strict-c-v00@openssh.com and
+kex-strict-s-v00@openssh.com.
+
+CVE: CVE-2023-48795
+Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ cli-session.c    | 11 +++++++++++
+ common-algo.c    |  6 ++++++
+ common-kex.c     | 26 +++++++++++++++++++++++++-
+ kex.h            |  3 +++
+ process-packet.c | 34 +++++++++++++++++++---------------
+ ssh.h            |  4 ++++
+ svr-session.c    |  3 +++
+ 7 files changed, 71 insertions(+), 16 deletions(-)
+
+diff --git a/cli-session.c b/cli-session.c
+index 5981b24..d261c8f 100644
+--- a/cli-session.c
++++ b/cli-session.c
+@@ -46,6 +46,7 @@ static void cli_finished(void) ATTRIB_NORETURN;
+ static void recv_msg_service_accept(void);
+ static void cli_session_cleanup(void);
+ static void recv_msg_global_request_cli(void);
++static void cli_algos_initialise(void);
+ 
+ struct clientsession cli_ses; /* GLOBAL */
+ 
+@@ -117,6 +118,7 @@ void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection
+        }
+ 
+        chaninitialise(cli_chantypes);
++       cli_algos_initialise();
+ 
+        /* Set up cli_ses vars */
+        cli_session_init(proxy_cmd_pid);
+@@ -487,3 +489,12 @@ void cli_dropbear_log(int priority, const char* format, va_list param) {
+        fflush(stderr);
+ }
+ 
++static void cli_algos_initialise(void) {
++       algo_type *algo;
++       for (algo = sshkex; algo->name; algo++) {
++               if (strcmp(algo->name, SSH_STRICT_KEX_S) == 0) {
++                       algo->usable = 0;
++               }
++       }
++}
++
+diff --git a/common-algo.c b/common-algo.c
+index 378f0ca..f9d46eb 100644
+--- a/common-algo.c
++++ b/common-algo.c
+@@ -307,6 +307,12 @@ algo_type sshkex[] = {
+        /* Set unusable by svr_algos_initialise() */
+        {SSH_EXT_INFO_C, 0, NULL, 1, NULL},
+ #endif
++#endif
++#if DROPBEAR_CLIENT
++       {SSH_STRICT_KEX_C, 0, NULL, 1, NULL},
++#endif
++#if DROPBEAR_SERVER
++       {SSH_STRICT_KEX_S, 0, NULL, 1, NULL},
+ #endif
+        {NULL, 0, NULL, 0, NULL}
+ };
+diff --git a/common-kex.c b/common-kex.c
+index ac88442..8e33b12 100644
+--- a/common-kex.c
++++ b/common-kex.c
+@@ -183,6 +183,10 @@ void send_msg_newkeys() {
+        gen_new_keys();
+        switch_keys();
+ 
++       if (ses.kexstate.strict_kex) {
++               ses.transseq = 0;
++       }
++
+        TRACE(("leave send_msg_newkeys"))
+ }
+ 
+@@ -193,7 +197,11 @@ void recv_msg_newkeys() {
+ 
+        ses.kexstate.recvnewkeys = 1;
+        switch_keys();
+-       
++
++       if (ses.kexstate.strict_kex) {
++               ses.recvseq = 0;
++       }
++
+        TRACE(("leave recv_msg_newkeys"))
+ }
+ 
+@@ -550,6 +558,10 @@ void recv_msg_kexinit() {
+ 
+        ses.kexstate.recvkexinit = 1;
+ 
++       if (ses.kexstate.strict_kex && !ses.kexstate.donefirstkex && ses.recvseq != 1) {
++               dropbear_exit("First packet wasn't kexinit");
++       }
++
+        TRACE(("leave recv_msg_kexinit"))
+ }
+ 
+@@ -859,6 +871,18 @@ static void read_kex_algos() {
+        }
+ #endif
+ 
++       if (!ses.kexstate.donefirstkex) {
++               const char* strict_name;
++               if (IS_DROPBEAR_CLIENT) {
++                       strict_name = SSH_STRICT_KEX_S;
++               } else {
++                       strict_name = SSH_STRICT_KEX_C;
++               }
++               if (buf_has_algo(ses.payload, strict_name) == DROPBEAR_SUCCESS) {
++                       ses.kexstate.strict_kex = 1;
++               }
++       }
++
+        algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess);
+        allgood &= goodguess;
+        if (algo == NULL || algo->data == NULL) {
+diff --git a/kex.h b/kex.h
+index 77cf21a..7fcc3c2 100644
+--- a/kex.h
++++ b/kex.h
+@@ -83,6 +83,9 @@ struct KEXState {
+ 
+        unsigned our_first_follows_matches : 1;
+ 
++       /* Boolean indicating that strict kex mode is in use */
++       unsigned int strict_kex;
++
+        time_t lastkextime; /* time of the last kex */
+        unsigned int datatrans; /* data transmitted since last kex */
+        unsigned int datarecv; /* data received since last kex */
+diff --git a/process-packet.c b/process-packet.c
+index 9454160..133a152 100644
+--- a/process-packet.c
++++ b/process-packet.c
+@@ -44,6 +44,7 @@ void process_packet() {
+ 
+        unsigned char type;
+        unsigned int i;
++       unsigned int first_strict_kex = ses.kexstate.strict_kex && !ses.kexstate.donefirstkex;
+        time_t now;
+ 
+        TRACE2(("enter process_packet"))
+@@ -54,22 +55,24 @@ void process_packet() {
+        now = monotonic_now();
+        ses.last_packet_time_keepalive_recv = now;
+ 
+-       /* These packets we can receive at any time */
+-       switch(type) {
+ 
+-               case SSH_MSG_IGNORE:
+-                       goto out;
+-               case SSH_MSG_DEBUG:
+-                       goto out;
++       if (type == SSH_MSG_DISCONNECT) {
++               /* Allowed at any time */
++               dropbear_close("Disconnect received");
++       }
+ 
+-               case SSH_MSG_UNIMPLEMENTED:
+-                       /* debugging XXX */
+-                       TRACE(("SSH_MSG_UNIMPLEMENTED"))
+-                       goto out;
+-                       
+-               case SSH_MSG_DISCONNECT:
+-                       /* TODO cleanup? */
+-                       dropbear_close("Disconnect received");
++       /* These packets may be received at any time,
++          except during first kex with strict kex */
++       if (!first_strict_kex) {
++               switch(type) {
++                       case SSH_MSG_IGNORE:
++                               goto out;
++                       case SSH_MSG_DEBUG:
++                               goto out;
++                       case SSH_MSG_UNIMPLEMENTED:
++                               TRACE(("SSH_MSG_UNIMPLEMENTED"))
++                               goto out;
++               }
+        }
+ 
+        /* Ignore these packet types so that keepalives don't interfere with
+@@ -98,7 +101,8 @@ void process_packet() {
+                        if (type >= 1 && type <= 49
+                                && type != SSH_MSG_SERVICE_REQUEST
+                                && type != SSH_MSG_SERVICE_ACCEPT
+-                               && type != SSH_MSG_KEXINIT)
++                               && type != SSH_MSG_KEXINIT
++                               && !first_strict_kex)
+                        {
+                                TRACE(("unknown allowed packet during kexinit"))
+                                recv_unimplemented();
+diff --git a/ssh.h b/ssh.h
+index 1b4fec6..ef3efdc 100644
+--- a/ssh.h
++++ b/ssh.h
+@@ -100,6 +100,10 @@
+ #define SSH_EXT_INFO_C "ext-info-c"
+ #define SSH_SERVER_SIG_ALGS "server-sig-algs"
+ 
++/* OpenSSH strict KEX feature */
++#define SSH_STRICT_KEX_S "kex-strict-s-v00@openssh.com"
++#define SSH_STRICT_KEX_C "kex-strict-c-v00@openssh.com"
++
+ /* service types */
+ #define SSH_SERVICE_USERAUTH "ssh-userauth"
+ #define SSH_SERVICE_USERAUTH_LEN 12
+diff --git a/svr-session.c b/svr-session.c
+index 769f073..a538e2c 100644
+--- a/svr-session.c
++++ b/svr-session.c
+@@ -370,6 +370,9 @@ static void svr_algos_initialise(void) {
+                        algo->usable = 0;
+                }
+ #endif
++               if (strcmp(algo->name, SSH_STRICT_KEX_C) == 0) {
++                       algo->usable = 0;
++               }
+        }
+ }
+ 
diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2022.83.bb
index 528eff1a10..772e08eaed 100644
--- a/meta/recipes-core/dropbear/dropbear_2022.83.bb
+++ b/meta/recipes-core/dropbear/dropbear_2022.83.bb
@@ -14,6 +14,7 @@ RCONFLICTS:${PN} = "openssh-sshd openssh"
 
 SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
            file://0001-urandom-xauth-changes-to-options.h.patch \
+           file://0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch \
            file://init \
            file://dropbearkey.service \
            file://dropbear@.service \
@@ -22,6 +23,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
            ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
            ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \
            file://CVE-2023-36328.patch \
+           file://CVE-2023-48795.patch \
            "
 
 SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b"
diff --git a/meta/recipes-core/expat/expat/0001-tests-Cover-indirect-entity-recursion.patch b/meta/recipes-core/expat/expat/0001-tests-Cover-indirect-entity-recursion.patch
new file mode 100644
index 0000000000..802d762787
--- /dev/null
+++ b/meta/recipes-core/expat/expat/0001-tests-Cover-indirect-entity-recursion.patch
@@ -0,0 +1,103 @@
+From 3d5fdbb44e80ed789e4f6510542d77d6284fbd0e Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sat, 23 Nov 2024 14:20:21 +0100
+Subject: [PATCH] tests: Cover indirect entity recursion
+
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/3d5fdbb44e80ed789e4f6510542d77d6284fbd0e]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ expat/tests/basic_tests.c | 74 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 74 insertions(+)
+
+diff --git a/expat/tests/basic_tests.c b/expat/tests/basic_tests.c
+index d38b8fd1..d2306772 100644
+--- a/expat/tests/basic_tests.c
++++ b/expat/tests/basic_tests.c
+@@ -1202,6 +1202,79 @@ START_TEST(test_wfc_no_recursive_entity_refs) {
+ }
+ END_TEST
+ 
++START_TEST(test_no_indirectly_recursive_entity_refs) {
++  struct TestCase {
++    const char *doc;
++    bool usesParameterEntities;
++  };
++
++  const struct TestCase cases[] = {
++      // general entity + character data
++      {"<!DOCTYPE a [\n"
++       "  <!ENTITY e1 '&e2;'>\n"
++       "  <!ENTITY e2 '&e1;'>\n"
++       "]><a>&e2;</a>\n",
++       false},
++
++      // general entity + attribute value
++      {"<!DOCTYPE a [\n"
++       "  <!ENTITY e1 '&e2;'>\n"
++       "  <!ENTITY e2 '&e1;'>\n"
++       "]><a k1='&e2;' />\n",
++       false},
++
++      // parameter entity
++      {"<!DOCTYPE doc [\n"
++       "  <!ENTITY % p1 '&#37;p2;'>\n"
++       "  <!ENTITY % p2 '&#37;p1;'>\n"
++       "  <!ENTITY % define_g \"<!ENTITY g '&#37;p2;'>\">\n"
++       "  %define_g;\n"
++       "]>\n"
++       "<doc/>\n",
++       true},
++  };
++  for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
++    const char *const doc = cases[i].doc;
++    const bool usesParameterEntities = cases[i].usesParameterEntities;
++
++    set_subtest("[%i] %s", (int)i, doc);
++
++#ifdef XML_DTD // both GE and DTD
++    const bool rejection_expected = true;
++#elif XML_GE == 1 // GE but not DTD
++    const bool rejection_expected = ! usesParameterEntities;
++#else             // neither DTD nor GE
++    const bool rejection_expected = false;
++#endif
++
++    XML_Parser parser = XML_ParserCreate(NULL);
++
++#ifdef XML_DTD
++    if (usesParameterEntities) {
++      assert_true(
++          XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS)
++          == 1);
++    }
++#else
++    UNUSED_P(usesParameterEntities);
++#endif // XML_DTD
++
++    const enum XML_Status status
++        = _XML_Parse_SINGLE_BYTES(parser, doc, (int)strlen(doc),
++                                  /*isFinal*/ XML_TRUE);
++
++    if (rejection_expected) {
++      assert_true(status == XML_STATUS_ERROR);
++      assert_true(XML_GetErrorCode(parser) == XML_ERROR_RECURSIVE_ENTITY_REF);
++    } else {
++      assert_true(status == XML_STATUS_OK);
++    }
++
++    XML_ParserFree(parser);
++  }
++}
++END_TEST
++
+ START_TEST(test_recursive_external_parameter_entity_2) {
+   struct TestCase {
+     const char *doc;
+@@ -5969,6 +6042,7 @@ make_basic_test_case(Suite *s) {
+   tcase_add_test(tc_basic, test_not_standalone_handler_reject);
+   tcase_add_test(tc_basic, test_not_standalone_handler_accept);
+   tcase_add_test__if_xml_ge(tc_basic, test_wfc_no_recursive_entity_refs);
++  tcase_add_test(tc_basic, test_no_indirectly_recursive_entity_refs);
+   tcase_add_test__ifdef_xml_dtd(tc_basic, test_ext_entity_invalid_parse);
+   tcase_add_test__if_xml_ge(tc_basic, test_dtd_default_handling);
+   tcase_add_test(tc_basic, test_dtd_attr_handling);
diff --git a/meta/recipes-core/expat/expat/CVE-2024-8176-01.patch b/meta/recipes-core/expat/expat/CVE-2024-8176-01.patch
new file mode 100644
index 0000000000..dc8a520161
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2024-8176-01.patch
@@ -0,0 +1,1477 @@
+From 3f924a715cfa97e70df1c24334d2d728973d1020 Mon Sep 17 00:00:00 2001
+From: Peter Marko <peter.marko@siemens.com>
+Date: Mon, 17 Mar 2025 20:41:24 +0100
+Subject: [PATCH] [CVE-2024-8176] Resolve the recursion during entity
+ processing to prevent stack overflow (fixes #893)
+
+Fixes #893
+
+CVE: CVE-2024-8176
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/pull/973]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ expat/Changes             |  29 +-
+ expat/lib/xmlparse.c      | 564 ++++++++++++++++++++++++++++----------
+ expat/tests/alloc_tests.c |  27 ++
+ expat/tests/basic_tests.c | 247 +++++++++++++++--
+ expat/tests/handlers.c    |  14 +
+ expat/tests/handlers.h    |   5 +
+ expat/tests/misc_tests.c  |  43 +++
+ 7 files changed, 751 insertions(+), 178 deletions(-)
+
+diff --git a/expat/Changes b/expat/Changes
+index aa19f70a..8c5db88c 100644
+--- a/expat/Changes
++++ b/expat/Changes
+@@ -11,7 +11,6 @@
+ !! The following topics need *additional skilled C developers* to progress   !!
+ !! in a timely manner or at all (loosely ordered by descending priority):    !!
+ !!                                                                           !!
+-!! - <blink>fixing a complex non-public security issue</blink>,              !!
+ !! - teaming up on researching and fixing future security reports and        !!
+ !!   ClusterFuzz findings with few-days-max response times in communication  !!
+ !!   in order to (1) have a sound fix ready before the end of a 90 days      !!
+@@ -30,6 +29,34 @@
+ !! THANK YOU!                        Sebastian Pipping -- Berlin, 2024-03-09 !!
+ !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ 
++Patches:
++        Security fixes:
++       #893 #???  CVE-2024-8176 -- Fix crash from chaining a large number
++                    of entities caused by stack overflow by resolving use of
++                    recursion, for all three uses of entities:
++                    - general entities in character data ("<e>&g1;</e>")
++                    - general entities in attribute values ("<e k1='&g1;'/>")
++                    - parameter entities ("%p1;")
++                    Known impact is (reliable and easy) denial of service:
++                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
++                    (Base Score: 7.5, Temporal Score: 7.2)
++                    Please note that a layer of compression around XML can
++                    significantly reduce the minimum attack payload size.
++
++         Special thanks to:
++            Alexander Gieringer
++            Berkay Eren Ürün
++            Jann Horn
++            Sebastian Andrzej Siewior
++            Snild Dolkow
++            Thomas Pröll
++            Tomas Korbar
++                 and
++            Google Project Zero
++            Linutronix
++            Red Hat
++            Siemens
++
+ Release 2.6.4 Wed November 6 2024
+         Security fixes:
+             #915  CVE-2024-50602 -- Fix crash within function XML_ResumeParser
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index a4e091e7..473c791d 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -39,7 +39,7 @@
+    Copyright (c) 2022      Sean McBride <sean@rogue-research.com>
+    Copyright (c) 2023      Owain Davies <owaind@bath.edu>
+    Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <snild@sony.com>
+-   Copyright (c) 2024      Berkay Eren Ürün <berkay.ueruen@siemens.com>
++   Copyright (c) 2024-2025 Berkay Eren Ürün <berkay.ueruen@siemens.com>
+    Copyright (c) 2024      Hanno Böck <hanno@gentoo.org>
+    Licensed under the MIT license:
+ 
+@@ -325,6 +325,10 @@ typedef struct {
+   const XML_Char *publicId;
+   const XML_Char *notation;
+   XML_Bool open;
++  XML_Bool hasMore; /* true if entity has not been completely processed */
++  /* An entity can be open while being already completely processed (hasMore ==
++    XML_FALSE). The reason is the delayed closing of entities until their inner
++    entities are processed and closed */
+   XML_Bool is_param;
+   XML_Bool is_internal; /* true if declared in internal subset outside PE */
+ } ENTITY;
+@@ -415,6 +419,12 @@ typedef struct {
+   int *scaffIndex;
+ } DTD;
+ 
++enum EntityType {
++  ENTITY_INTERNAL,
++  ENTITY_ATTRIBUTE,
++  ENTITY_VALUE,
++};
++
+ typedef struct open_internal_entity {
+   const char *internalEventPtr;
+   const char *internalEventEndPtr;
+@@ -422,6 +432,7 @@ typedef struct open_internal_entity {
+   ENTITY *entity;
+   int startTagLevel;
+   XML_Bool betweenDecl; /* WFC: PE Between Declarations */
++  enum EntityType type;
+ } OPEN_INTERNAL_ENTITY;
+ 
+ enum XML_Account {
+@@ -481,8 +492,8 @@ static enum XML_Error doProlog(XML_Parser parser, const ENCODING *enc,
+                                const char *next, const char **nextPtr,
+                                XML_Bool haveMore, XML_Bool allowClosingDoctype,
+                                enum XML_Account account);
+-static enum XML_Error processInternalEntity(XML_Parser parser, ENTITY *entity,
+-                                            XML_Bool betweenDecl);
++static enum XML_Error processEntity(XML_Parser parser, ENTITY *entity,
++                                    XML_Bool betweenDecl, enum EntityType type);
+ static enum XML_Error doContent(XML_Parser parser, int startTagLevel,
+                                 const ENCODING *enc, const char *start,
+                                 const char *end, const char **endPtr,
+@@ -513,18 +524,22 @@ static enum XML_Error storeAttributeValue(XML_Parser parser,
+                                           const char *ptr, const char *end,
+                                           STRING_POOL *pool,
+                                           enum XML_Account account);
+-static enum XML_Error appendAttributeValue(XML_Parser parser,
+-                                           const ENCODING *enc,
+-                                           XML_Bool isCdata, const char *ptr,
+-                                           const char *end, STRING_POOL *pool,
+-                                           enum XML_Account account);
++static enum XML_Error
++appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
++                     const char *ptr, const char *end, STRING_POOL *pool,
++                     enum XML_Account account, const char **nextPtr);
+ static ATTRIBUTE_ID *getAttributeId(XML_Parser parser, const ENCODING *enc,
+                                     const char *start, const char *end);
+ static int setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType);
+ #if XML_GE == 1
+ static enum XML_Error storeEntityValue(XML_Parser parser, const ENCODING *enc,
+                                        const char *start, const char *end,
+-                                       enum XML_Account account);
++                                       enum XML_Account account,
++                                       const char **nextPtr);
++static enum XML_Error callStoreEntityValue(XML_Parser parser,
++                                           const ENCODING *enc,
++                                           const char *start, const char *end,
++                                           enum XML_Account account);
+ #else
+ static enum XML_Error storeSelfEntityValue(XML_Parser parser, ENTITY *entity);
+ #endif
+@@ -709,6 +724,10 @@ struct XML_ParserStruct {
+   const char *m_positionPtr;
+   OPEN_INTERNAL_ENTITY *m_openInternalEntities;
+   OPEN_INTERNAL_ENTITY *m_freeInternalEntities;
++  OPEN_INTERNAL_ENTITY *m_openAttributeEntities;
++  OPEN_INTERNAL_ENTITY *m_freeAttributeEntities;
++  OPEN_INTERNAL_ENTITY *m_openValueEntities;
++  OPEN_INTERNAL_ENTITY *m_freeValueEntities;
+   XML_Bool m_defaultExpandInternalEntities;
+   int m_tagLevel;
+   ENTITY *m_declEntity;
+@@ -756,6 +775,7 @@ struct XML_ParserStruct {
+   ACCOUNTING m_accounting;
+   ENTITY_STATS m_entity_stats;
+ #endif
++  XML_Bool m_reenter;
+ };
+ 
+ #define MALLOC(parser, s) (parser->m_mem.malloc_fcn((s)))
+@@ -1028,7 +1048,29 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
+ #if defined(XML_TESTING)
+   g_bytesScanned += (unsigned)have_now;
+ #endif
+-  const enum XML_Error ret = parser->m_processor(parser, start, end, endPtr);
++  // Run in a loop to eliminate dangerous recursion depths
++  enum XML_Error ret;
++  *endPtr = start;
++  while (1) {
++    // Use endPtr as the new start in each iteration, since it will
++    // be set to the next start point by m_processor.
++    ret = parser->m_processor(parser, *endPtr, end, endPtr);
++
++    // Make parsing status (and in particular XML_SUSPENDED) take
++    // precedence over re-enter flag when they disagree
++    if (parser->m_parsingStatus.parsing != XML_PARSING) {
++      parser->m_reenter = XML_FALSE;
++    }
++
++    if (! parser->m_reenter) {
++      break;
++    }
++
++    parser->m_reenter = XML_FALSE;
++    if (ret != XML_ERROR_NONE)
++      return ret;
++  }
++
+   if (ret == XML_ERROR_NONE) {
+     // if we consumed nothing, remember what we had on this parse attempt.
+     if (*endPtr == start) {
+@@ -1139,6 +1181,8 @@ parserCreate(const XML_Char *encodingName,
+   parser->m_freeBindingList = NULL;
+   parser->m_freeTagList = NULL;
+   parser->m_freeInternalEntities = NULL;
++  parser->m_freeAttributeEntities = NULL;
++  parser->m_freeValueEntities = NULL;
+ 
+   parser->m_groupSize = 0;
+   parser->m_groupConnector = NULL;
+@@ -1241,6 +1285,8 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
+   parser->m_eventEndPtr = NULL;
+   parser->m_positionPtr = NULL;
+   parser->m_openInternalEntities = NULL;
++  parser->m_openAttributeEntities = NULL;
++  parser->m_openValueEntities = NULL;
+   parser->m_defaultExpandInternalEntities = XML_TRUE;
+   parser->m_tagLevel = 0;
+   parser->m_tagStack = NULL;
+@@ -1251,6 +1297,8 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
+   parser->m_unknownEncodingData = NULL;
+   parser->m_parentParser = NULL;
+   parser->m_parsingStatus.parsing = XML_INITIALIZED;
++  // Reentry can only be triggered inside m_processor calls
++  parser->m_reenter = XML_FALSE;
+ #ifdef XML_DTD
+   parser->m_isParamEntity = XML_FALSE;
+   parser->m_useForeignDTD = XML_FALSE;
+@@ -1310,6 +1358,24 @@ XML_ParserReset(XML_Parser parser, const XML_Char *encodingName) {
+     openEntity->next = parser->m_freeInternalEntities;
+     parser->m_freeInternalEntities = openEntity;
+   }
++  /* move m_openAttributeEntities to m_freeAttributeEntities (i.e. same task but
++   * for attributes) */
++  openEntityList = parser->m_openAttributeEntities;
++  while (openEntityList) {
++    OPEN_INTERNAL_ENTITY *openEntity = openEntityList;
++    openEntityList = openEntity->next;
++    openEntity->next = parser->m_freeAttributeEntities;
++    parser->m_freeAttributeEntities = openEntity;
++  }
++  /* move m_openValueEntities to m_freeValueEntities (i.e. same task but
++   * for value entities) */
++  openEntityList = parser->m_openValueEntities;
++  while (openEntityList) {
++    OPEN_INTERNAL_ENTITY *openEntity = openEntityList;
++    openEntityList = openEntity->next;
++    openEntity->next = parser->m_freeValueEntities;
++    parser->m_freeValueEntities = openEntity;
++  }
+   moveToFreeBindingList(parser, parser->m_inheritedBindings);
+   FREE(parser, parser->m_unknownEncodingMem);
+   if (parser->m_unknownEncodingRelease)
+@@ -1323,6 +1389,19 @@ XML_ParserReset(XML_Parser parser, const XML_Char *encodingName) {
+   return XML_TRUE;
+ }
+ 
++static XML_Bool
++parserBusy(XML_Parser parser) {
++  switch (parser->m_parsingStatus.parsing) {
++  case XML_PARSING:
++  case XML_SUSPENDED:
++    return XML_TRUE;
++  case XML_INITIALIZED:
++  case XML_FINISHED:
++  default:
++    return XML_FALSE;
++  }
++}
++
+ enum XML_Status XMLCALL
+ XML_SetEncoding(XML_Parser parser, const XML_Char *encodingName) {
+   if (parser == NULL)
+@@ -1331,8 +1410,7 @@ XML_SetEncoding(XML_Parser parser, const XML_Char *encodingName) {
+      XXX There's no way for the caller to determine which of the
+      XXX possible error cases caused the XML_STATUS_ERROR return.
+   */
+-  if (parser->m_parsingStatus.parsing == XML_PARSING
+-      || parser->m_parsingStatus.parsing == XML_SUSPENDED)
++  if (parserBusy(parser))
+     return XML_STATUS_ERROR;
+ 
+   /* Get rid of any previous encoding name */
+@@ -1569,7 +1647,34 @@ XML_ParserFree(XML_Parser parser) {
+     entityList = entityList->next;
+     FREE(parser, openEntity);
+   }
+-
++  /* free m_openAttributeEntities and m_freeAttributeEntities */
++  entityList = parser->m_openAttributeEntities;
++  for (;;) {
++    OPEN_INTERNAL_ENTITY *openEntity;
++    if (entityList == NULL) {
++      if (parser->m_freeAttributeEntities == NULL)
++        break;
++      entityList = parser->m_freeAttributeEntities;
++      parser->m_freeAttributeEntities = NULL;
++    }
++    openEntity = entityList;
++    entityList = entityList->next;
++    FREE(parser, openEntity);
++  }
++  /* free m_openValueEntities and m_freeValueEntities */
++  entityList = parser->m_openValueEntities;
++  for (;;) {
++    OPEN_INTERNAL_ENTITY *openEntity;
++    if (entityList == NULL) {
++      if (parser->m_freeValueEntities == NULL)
++        break;
++      entityList = parser->m_freeValueEntities;
++      parser->m_freeValueEntities = NULL;
++    }
++    openEntity = entityList;
++    entityList = entityList->next;
++    FREE(parser, openEntity);
++  }
+   destroyBindings(parser->m_freeBindingList, parser);
+   destroyBindings(parser->m_inheritedBindings, parser);
+   poolDestroy(&parser->m_tempPool);
+@@ -1611,8 +1716,7 @@ XML_UseForeignDTD(XML_Parser parser, XML_Bool useDTD) {
+     return XML_ERROR_INVALID_ARGUMENT;
+ #ifdef XML_DTD
+   /* block after XML_Parse()/XML_ParseBuffer() has been called */
+-  if (parser->m_parsingStatus.parsing == XML_PARSING
+-      || parser->m_parsingStatus.parsing == XML_SUSPENDED)
++  if (parserBusy(parser))
+     return XML_ERROR_CANT_CHANGE_FEATURE_ONCE_PARSING;
+   parser->m_useForeignDTD = useDTD;
+   return XML_ERROR_NONE;
+@@ -1627,8 +1731,7 @@ XML_SetReturnNSTriplet(XML_Parser parser, int do_nst) {
+   if (parser == NULL)
+     return;
+   /* block after XML_Parse()/XML_ParseBuffer() has been called */
+-  if (parser->m_parsingStatus.parsing == XML_PARSING
+-      || parser->m_parsingStatus.parsing == XML_SUSPENDED)
++  if (parserBusy(parser))
+     return;
+   parser->m_ns_triplets = do_nst ? XML_TRUE : XML_FALSE;
+ }
+@@ -1897,8 +2000,7 @@ XML_SetParamEntityParsing(XML_Parser parser,
+   if (parser == NULL)
+     return 0;
+   /* block after XML_Parse()/XML_ParseBuffer() has been called */
+-  if (parser->m_parsingStatus.parsing == XML_PARSING
+-      || parser->m_parsingStatus.parsing == XML_SUSPENDED)
++  if (parserBusy(parser))
+     return 0;
+ #ifdef XML_DTD
+   parser->m_paramEntityParsing = peParsing;
+@@ -1915,8 +2017,7 @@ XML_SetHashSalt(XML_Parser parser, unsigned long hash_salt) {
+   if (parser->m_parentParser)
+     return XML_SetHashSalt(parser->m_parentParser, hash_salt);
+   /* block after XML_Parse()/XML_ParseBuffer() has been called */
+-  if (parser->m_parsingStatus.parsing == XML_PARSING
+-      || parser->m_parsingStatus.parsing == XML_SUSPENDED)
++  if (parserBusy(parser))
+     return 0;
+   parser->m_hash_secret_salt = hash_salt;
+   return 1;
+@@ -2230,6 +2331,11 @@ XML_GetBuffer(XML_Parser parser, int len) {
+   return parser->m_bufferEnd;
+ }
+ 
++static void
++triggerReenter(XML_Parser parser) {
++  parser->m_reenter = XML_TRUE;
++}
++
+ enum XML_Status XMLCALL
+ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
+   if (parser == NULL)
+@@ -2704,8 +2810,9 @@ static enum XML_Error PTRCALL
+ contentProcessor(XML_Parser parser, const char *start, const char *end,
+                  const char **endPtr) {
+   enum XML_Error result = doContent(
+-      parser, 0, parser->m_encoding, start, end, endPtr,
+-      (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_ACCOUNT_DIRECT);
++      parser, parser->m_parentParser ? 1 : 0, parser->m_encoding, start, end,
++      endPtr, (XML_Bool)! parser->m_parsingStatus.finalBuffer,
++      XML_ACCOUNT_DIRECT);
+   if (result == XML_ERROR_NONE) {
+     if (! storeRawNames(parser))
+       return XML_ERROR_NO_MEMORY;
+@@ -2793,6 +2900,11 @@ externalEntityInitProcessor3(XML_Parser parser, const char *start,
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
+       return XML_ERROR_ABORTED;
++    case XML_PARSING:
++      if (parser->m_reenter) {
++        return XML_ERROR_UNEXPECTED_STATE; // LCOV_EXCL_LINE
++      }
++      /* Fall through */
+     default:
+       start = next;
+     }
+@@ -2966,7 +3078,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+             reportDefault(parser, enc, s, next);
+           break;
+         }
+-        result = processInternalEntity(parser, entity, XML_FALSE);
++        result = processEntity(parser, entity, XML_FALSE, ENTITY_INTERNAL);
+         if (result != XML_ERROR_NONE)
+           return result;
+       } else if (parser->m_externalEntityRefHandler) {
+@@ -3092,7 +3204,9 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+     }
+       if ((parser->m_tagLevel == 0)
+           && (parser->m_parsingStatus.parsing != XML_FINISHED)) {
+-        if (parser->m_parsingStatus.parsing == XML_SUSPENDED)
++        if (parser->m_parsingStatus.parsing == XML_SUSPENDED
++            || (parser->m_parsingStatus.parsing == XML_PARSING
++                && parser->m_reenter))
+           parser->m_processor = epilogProcessor;
+         else
+           return epilogProcessor(parser, next, end, nextPtr);
+@@ -3153,7 +3267,9 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+         }
+         if ((parser->m_tagLevel == 0)
+             && (parser->m_parsingStatus.parsing != XML_FINISHED)) {
+-          if (parser->m_parsingStatus.parsing == XML_SUSPENDED)
++          if (parser->m_parsingStatus.parsing == XML_SUSPENDED
++              || (parser->m_parsingStatus.parsing == XML_PARSING
++                  && parser->m_reenter))
+             parser->m_processor = epilogProcessor;
+           else
+             return epilogProcessor(parser, next, end, nextPtr);
+@@ -3293,6 +3409,12 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
+       return XML_ERROR_ABORTED;
++    case XML_PARSING:
++      if (parser->m_reenter) {
++        *nextPtr = next;
++        return XML_ERROR_NONE;
++      }
++      /* Fall through */
+     default:;
+     }
+   }
+@@ -4217,6 +4339,11 @@ doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr,
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
+       return XML_ERROR_ABORTED;
++    case XML_PARSING:
++      if (parser->m_reenter) {
++        return XML_ERROR_UNEXPECTED_STATE; // LCOV_EXCL_LINE
++      }
++      /* Fall through */
+     default:;
+     }
+   }
+@@ -4549,7 +4676,7 @@ entityValueInitProcessor(XML_Parser parser, const char *s, const char *end,
+       }
+       /* found end of entity value - can store it now */
+       return storeEntityValue(parser, parser->m_encoding, s, end,
+-                              XML_ACCOUNT_DIRECT);
++                              XML_ACCOUNT_DIRECT, NULL);
+     } else if (tok == XML_TOK_XML_DECL) {
+       enum XML_Error result;
+       result = processXmlDecl(parser, 0, start, next);
+@@ -4676,7 +4803,7 @@ entityValueProcessor(XML_Parser parser, const char *s, const char *end,
+         break;
+       }
+       /* found end of entity value - can store it now */
+-      return storeEntityValue(parser, enc, s, end, XML_ACCOUNT_DIRECT);
++      return storeEntityValue(parser, enc, s, end, XML_ACCOUNT_DIRECT, NULL);
+     }
+     start = next;
+   }
+@@ -5119,9 +5246,9 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+ #if XML_GE == 1
+         // This will store the given replacement text in
+         // parser->m_declEntity->textPtr.
+-        enum XML_Error result
+-            = storeEntityValue(parser, enc, s + enc->minBytesPerChar,
+-                               next - enc->minBytesPerChar, XML_ACCOUNT_NONE);
++        enum XML_Error result = callStoreEntityValue(
++            parser, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar,
++            XML_ACCOUNT_NONE);
+         if (parser->m_declEntity) {
+           parser->m_declEntity->textPtr = poolStart(&dtd->entityValuePool);
+           parser->m_declEntity->textLen
+@@ -5546,7 +5673,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+           enum XML_Error result;
+           XML_Bool betweenDecl
+               = (role == XML_ROLE_PARAM_ENTITY_REF ? XML_TRUE : XML_FALSE);
+-          result = processInternalEntity(parser, entity, betweenDecl);
++          result = processEntity(parser, entity, betweenDecl, ENTITY_INTERNAL);
+           if (result != XML_ERROR_NONE)
+             return result;
+           handleDefault = XML_FALSE;
+@@ -5751,6 +5878,12 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
+       return XML_ERROR_ABORTED;
++    case XML_PARSING:
++      if (parser->m_reenter) {
++        *nextPtr = next;
++        return XML_ERROR_NONE;
++      }
++    /* Fall through */
+     default:
+       s = next;
+       tok = XmlPrologTok(enc, s, end, &next);
+@@ -5825,21 +5958,49 @@ epilogProcessor(XML_Parser parser, const char *s, const char *end,
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
+       return XML_ERROR_ABORTED;
++    case XML_PARSING:
++      if (parser->m_reenter) {
++        return XML_ERROR_UNEXPECTED_STATE; // LCOV_EXCL_LINE
++      }
++    /* Fall through */
+     default:;
+     }
+   }
+ }
+ 
+ static enum XML_Error
+-processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) {
+-  const char *textStart, *textEnd;
+-  const char *next;
+-  enum XML_Error result;
+-  OPEN_INTERNAL_ENTITY *openEntity;
++processEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl,
++              enum EntityType type) {
++  OPEN_INTERNAL_ENTITY *openEntity, **openEntityList, **freeEntityList;
++  switch (type) {
++  case ENTITY_INTERNAL:
++    parser->m_processor = internalEntityProcessor;
++    openEntityList = &parser->m_openInternalEntities;
++    freeEntityList = &parser->m_freeInternalEntities;
++    break;
++  case ENTITY_ATTRIBUTE:
++    openEntityList = &parser->m_openAttributeEntities;
++    freeEntityList = &parser->m_freeAttributeEntities;
++    break;
++  case ENTITY_VALUE:
++    openEntityList = &parser->m_openValueEntities;
++    freeEntityList = &parser->m_freeValueEntities;
++    break;
++    /* default case serves merely as a safety net in case of a
++     * wrong entityType. Therefore we exclude the following lines
++     * from the test coverage.
++     *
++     * LCOV_EXCL_START
++     */
++  default:
++    // Should not reach here
++    assert(0);
++    /* LCOV_EXCL_STOP */
++  }
+ 
+-  if (parser->m_freeInternalEntities) {
+-    openEntity = parser->m_freeInternalEntities;
+-    parser->m_freeInternalEntities = openEntity->next;
++  if (*freeEntityList) {
++    openEntity = *freeEntityList;
++    *freeEntityList = openEntity->next;
+   } else {
+     openEntity
+         = (OPEN_INTERNAL_ENTITY *)MALLOC(parser, sizeof(OPEN_INTERNAL_ENTITY));
+@@ -5847,55 +6008,34 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) {
+       return XML_ERROR_NO_MEMORY;
+   }
+   entity->open = XML_TRUE;
++  entity->hasMore = XML_TRUE;
+ #if XML_GE == 1
+   entityTrackingOnOpen(parser, entity, __LINE__);
+ #endif
+   entity->processed = 0;
+-  openEntity->next = parser->m_openInternalEntities;
+-  parser->m_openInternalEntities = openEntity;
++  openEntity->next = *openEntityList;
++  *openEntityList = openEntity;
+   openEntity->entity = entity;
++  openEntity->type = type;
+   openEntity->startTagLevel = parser->m_tagLevel;
+   openEntity->betweenDecl = betweenDecl;
+   openEntity->internalEventPtr = NULL;
+   openEntity->internalEventEndPtr = NULL;
+-  textStart = (const char *)entity->textPtr;
+-  textEnd = (const char *)(entity->textPtr + entity->textLen);
+-  /* Set a safe default value in case 'next' does not get set */
+-  next = textStart;
+ 
+-  if (entity->is_param) {
+-    int tok
+-        = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
+-    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
+-                      tok, next, &next, XML_FALSE, XML_FALSE,
+-                      XML_ACCOUNT_ENTITY_EXPANSION);
+-  } else {
+-    result = doContent(parser, parser->m_tagLevel, parser->m_internalEncoding,
+-                       textStart, textEnd, &next, XML_FALSE,
+-                       XML_ACCOUNT_ENTITY_EXPANSION);
++  // Only internal entities make use of the reenter flag
++  // therefore no need to set it for other entity types
++  if (type == ENTITY_INTERNAL) {
++    triggerReenter(parser);
+   }
+-
+-  if (result == XML_ERROR_NONE) {
+-    if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
+-      entity->processed = (int)(next - textStart);
+-      parser->m_processor = internalEntityProcessor;
+-    } else if (parser->m_openInternalEntities->entity == entity) {
+-#if XML_GE == 1
+-      entityTrackingOnClose(parser, entity, __LINE__);
+-#endif /* XML_GE == 1 */
+-      entity->open = XML_FALSE;
+-      parser->m_openInternalEntities = openEntity->next;
+-      /* put openEntity back in list of free instances */
+-      openEntity->next = parser->m_freeInternalEntities;
+-      parser->m_freeInternalEntities = openEntity;
+-    }
+-  }
+-  return result;
++  return XML_ERROR_NONE;
+ }
+ 
+ static enum XML_Error PTRCALL
+ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
+                         const char **nextPtr) {
++  UNUSED_P(s);
++  UNUSED_P(end);
++  UNUSED_P(nextPtr);
+   ENTITY *entity;
+   const char *textStart, *textEnd;
+   const char *next;
+@@ -5905,68 +6045,67 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
+     return XML_ERROR_UNEXPECTED_STATE;
+ 
+   entity = openEntity->entity;
+-  textStart = ((const char *)entity->textPtr) + entity->processed;
+-  textEnd = (const char *)(entity->textPtr + entity->textLen);
+-  /* Set a safe default value in case 'next' does not get set */
+-  next = textStart;
+ 
+-  if (entity->is_param) {
+-    int tok
+-        = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
+-    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
+-                      tok, next, &next, XML_FALSE, XML_TRUE,
+-                      XML_ACCOUNT_ENTITY_EXPANSION);
+-  } else {
+-    result = doContent(parser, openEntity->startTagLevel,
+-                       parser->m_internalEncoding, textStart, textEnd, &next,
+-                       XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION);
+-  }
++  // This will return early
++  if (entity->hasMore) {
++    textStart = ((const char *)entity->textPtr) + entity->processed;
++    textEnd = (const char *)(entity->textPtr + entity->textLen);
++    /* Set a safe default value in case 'next' does not get set */
++    next = textStart;
+ 
+-  if (result != XML_ERROR_NONE)
+-    return result;
++    if (entity->is_param) {
++      int tok
++          = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
++      result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
++                        tok, next, &next, XML_FALSE, XML_FALSE,
++                        XML_ACCOUNT_ENTITY_EXPANSION);
++    } else {
++      result = doContent(parser, openEntity->startTagLevel,
++                         parser->m_internalEncoding, textStart, textEnd, &next,
++                         XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION);
++    }
++
++    if (result != XML_ERROR_NONE)
++      return result;
++    // Check if entity is complete, if not, mark down how much of it is
++    // processed
++    if (textEnd != next
++        && (parser->m_parsingStatus.parsing == XML_SUSPENDED
++            || (parser->m_parsingStatus.parsing == XML_PARSING
++                && parser->m_reenter))) {
++      entity->processed = (int)(next - (const char *)entity->textPtr);
++      return result;
++    }
+ 
+-  if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
+-    entity->processed = (int)(next - (const char *)entity->textPtr);
++    // Entity is complete. We cannot close it here since we need to first
++    // process its possible inner entities (which are added to the
++    // m_openInternalEntities during doProlog or doContent calls above)
++    entity->hasMore = XML_FALSE;
++    triggerReenter(parser);
+     return result;
+-  }
++  } // End of entity processing, "if" block will return here
+ 
++  // Remove fully processed openEntity from open entity list.
+ #if XML_GE == 1
+   entityTrackingOnClose(parser, entity, __LINE__);
+ #endif
++  // openEntity is m_openInternalEntities' head, as we set it at the start of
++  // this function and we skipped doProlog and doContent calls with hasMore set
++  // to false. This means we can directly remove the head of
++  // m_openInternalEntities
++  assert(parser->m_openInternalEntities == openEntity);
+   entity->open = XML_FALSE;
+-  parser->m_openInternalEntities = openEntity->next;
++  parser->m_openInternalEntities = parser->m_openInternalEntities->next;
++
+   /* put openEntity back in list of free instances */
+   openEntity->next = parser->m_freeInternalEntities;
+   parser->m_freeInternalEntities = openEntity;
+ 
+-  // If there are more open entities we want to stop right here and have the
+-  // upcoming call to XML_ResumeParser continue with entity content, or it would
+-  // be ignored altogether.
+-  if (parser->m_openInternalEntities != NULL
+-      && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
+-    return XML_ERROR_NONE;
+-  }
+-
+-  if (entity->is_param) {
+-    int tok;
+-    parser->m_processor = prologProcessor;
+-    tok = XmlPrologTok(parser->m_encoding, s, end, &next);
+-    return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
+-                    (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE,
+-                    XML_ACCOUNT_DIRECT);
+-  } else {
+-    parser->m_processor = contentProcessor;
+-    /* see externalEntityContentProcessor vs contentProcessor */
+-    result = doContent(parser, parser->m_parentParser ? 1 : 0,
+-                       parser->m_encoding, s, end, nextPtr,
+-                       (XML_Bool)! parser->m_parsingStatus.finalBuffer,
+-                       XML_ACCOUNT_DIRECT);
+-    if (result == XML_ERROR_NONE) {
+-      if (! storeRawNames(parser))
+-        return XML_ERROR_NO_MEMORY;
+-    }
+-    return result;
++  if (parser->m_openInternalEntities == NULL) {
++    parser->m_processor = entity->is_param ? prologProcessor : contentProcessor;
+   }
++  triggerReenter(parser);
++  return XML_ERROR_NONE;
+ }
+ 
+ static enum XML_Error PTRCALL
+@@ -5982,8 +6121,70 @@ static enum XML_Error
+ storeAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+                     const char *ptr, const char *end, STRING_POOL *pool,
+                     enum XML_Account account) {
+-  enum XML_Error result
+-      = appendAttributeValue(parser, enc, isCdata, ptr, end, pool, account);
++  const char *next = ptr;
++  enum XML_Error result = XML_ERROR_NONE;
++
++  while (1) {
++    if (! parser->m_openAttributeEntities) {
++      result = appendAttributeValue(parser, enc, isCdata, next, end, pool,
++                                    account, &next);
++    } else {
++      OPEN_INTERNAL_ENTITY *const openEntity = parser->m_openAttributeEntities;
++      if (! openEntity)
++        return XML_ERROR_UNEXPECTED_STATE;
++
++      ENTITY *const entity = openEntity->entity;
++      const char *const textStart
++          = ((const char *)entity->textPtr) + entity->processed;
++      const char *const textEnd
++          = (const char *)(entity->textPtr + entity->textLen);
++      /* Set a safe default value in case 'next' does not get set */
++      const char *nextInEntity = textStart;
++      if (entity->hasMore) {
++        result = appendAttributeValue(
++            parser, parser->m_internalEncoding, isCdata, textStart, textEnd,
++            pool, XML_ACCOUNT_ENTITY_EXPANSION, &nextInEntity);
++        if (result != XML_ERROR_NONE)
++          break;
++        // Check if entity is complete, if not, mark down how much of it is
++        // processed. A XML_SUSPENDED check here is not required as
++        // appendAttributeValue will never suspend the parser.
++        if (textEnd != nextInEntity) {
++          entity->processed
++              = (int)(nextInEntity - (const char *)entity->textPtr);
++          continue;
++        }
++
++        // Entity is complete. We cannot close it here since we need to first
++        // process its possible inner entities (which are added to the
++        // m_openAttributeEntities during appendAttributeValue)
++        entity->hasMore = XML_FALSE;
++        continue;
++      } // End of entity processing, "if" block skips the rest
++
++      // Remove fully processed openEntity from open entity list.
++#if XML_GE == 1
++      entityTrackingOnClose(parser, entity, __LINE__);
++#endif
++      // openEntity is m_openAttributeEntities' head, since we set it at the
++      // start of this function and because we skipped appendAttributeValue call
++      // with hasMore set to false. This means we can directly remove the head
++      // of m_openAttributeEntities
++      assert(parser->m_openAttributeEntities == openEntity);
++      entity->open = XML_FALSE;
++      parser->m_openAttributeEntities = parser->m_openAttributeEntities->next;
++
++      /* put openEntity back in list of free instances */
++      openEntity->next = parser->m_freeAttributeEntities;
++      parser->m_freeAttributeEntities = openEntity;
++    }
++
++    // Break if an error occurred or there is nothing left to process
++    if (result || (parser->m_openAttributeEntities == NULL && end == next)) {
++      break;
++    }
++  }
++
+   if (result)
+     return result;
+   if (! isCdata && poolLength(pool) && poolLastChar(pool) == 0x20)
+@@ -5996,7 +6197,7 @@ storeAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+ static enum XML_Error
+ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+                      const char *ptr, const char *end, STRING_POOL *pool,
+-                     enum XML_Account account) {
++                     enum XML_Account account, const char **nextPtr) {
+   DTD *const dtd = parser->m_dtd; /* save one level of indirection */
+ #ifndef XML_DTD
+   UNUSED_P(account);
+@@ -6014,6 +6215,9 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+ #endif
+     switch (tok) {
+     case XML_TOK_NONE:
++      if (nextPtr) {
++        *nextPtr = next;
++      }
+       return XML_ERROR_NONE;
+     case XML_TOK_INVALID:
+       if (enc == parser->m_encoding)
+@@ -6154,21 +6358,11 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+         return XML_ERROR_ATTRIBUTE_EXTERNAL_ENTITY_REF;
+       } else {
+         enum XML_Error result;
+-        const XML_Char *textEnd = entity->textPtr + entity->textLen;
+-        entity->open = XML_TRUE;
+-#if XML_GE == 1
+-        entityTrackingOnOpen(parser, entity, __LINE__);
+-#endif
+-        result = appendAttributeValue(parser, parser->m_internalEncoding,
+-                                      isCdata, (const char *)entity->textPtr,
+-                                      (const char *)textEnd, pool,
+-                                      XML_ACCOUNT_ENTITY_EXPANSION);
+-#if XML_GE == 1
+-        entityTrackingOnClose(parser, entity, __LINE__);
+-#endif
+-        entity->open = XML_FALSE;
+-        if (result)
+-          return result;
++        result = processEntity(parser, entity, XML_FALSE, ENTITY_ATTRIBUTE);
++        if ((result == XML_ERROR_NONE) && (nextPtr != NULL)) {
++          *nextPtr = next;
++        }
++        return result;
+       }
+     } break;
+     default:
+@@ -6197,7 +6391,7 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
+ static enum XML_Error
+ storeEntityValue(XML_Parser parser, const ENCODING *enc,
+                  const char *entityTextPtr, const char *entityTextEnd,
+-                 enum XML_Account account) {
++                 enum XML_Account account, const char **nextPtr) {
+   DTD *const dtd = parser->m_dtd; /* save one level of indirection */
+   STRING_POOL *pool = &(dtd->entityValuePool);
+   enum XML_Error result = XML_ERROR_NONE;
+@@ -6215,8 +6409,9 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
+       return XML_ERROR_NO_MEMORY;
+   }
+ 
++  const char *next;
+   for (;;) {
+-    const char *next
++    next
+         = entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */
+     int tok = XmlEntityValueTok(enc, entityTextPtr, entityTextEnd, &next);
+ 
+@@ -6278,16 +6473,8 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
+           } else
+             dtd->keepProcessing = dtd->standalone;
+         } else {
+-          entity->open = XML_TRUE;
+-          entityTrackingOnOpen(parser, entity, __LINE__);
+-          result = storeEntityValue(
+-              parser, parser->m_internalEncoding, (const char *)entity->textPtr,
+-              (const char *)(entity->textPtr + entity->textLen),
+-              XML_ACCOUNT_ENTITY_EXPANSION);
+-          entityTrackingOnClose(parser, entity, __LINE__);
+-          entity->open = XML_FALSE;
+-          if (result)
+-            goto endEntityValue;
++          result = processEntity(parser, entity, XML_FALSE, ENTITY_VALUE);
++          goto endEntityValue;
+         }
+         break;
+       }
+@@ -6375,6 +6562,81 @@ endEntityValue:
+ #  ifdef XML_DTD
+   parser->m_prologState.inEntityValue = oldInEntityValue;
+ #  endif /* XML_DTD */
++  // If 'nextPtr' is given, it should be updated during the processing
++  if (nextPtr != NULL) {
++    *nextPtr = next;
++  }
++  return result;
++}
++
++static enum XML_Error
++callStoreEntityValue(XML_Parser parser, const ENCODING *enc,
++                     const char *entityTextPtr, const char *entityTextEnd,
++                     enum XML_Account account) {
++  const char *next = entityTextPtr;
++  enum XML_Error result = XML_ERROR_NONE;
++  while (1) {
++    if (! parser->m_openValueEntities) {
++      result
++          = storeEntityValue(parser, enc, next, entityTextEnd, account, &next);
++    } else {
++      OPEN_INTERNAL_ENTITY *const openEntity = parser->m_openValueEntities;
++      if (! openEntity)
++        return XML_ERROR_UNEXPECTED_STATE;
++
++      ENTITY *const entity = openEntity->entity;
++      const char *const textStart
++          = ((const char *)entity->textPtr) + entity->processed;
++      const char *const textEnd
++          = (const char *)(entity->textPtr + entity->textLen);
++      /* Set a safe default value in case 'next' does not get set */
++      const char *nextInEntity = textStart;
++      if (entity->hasMore) {
++        result = storeEntityValue(parser, parser->m_internalEncoding, textStart,
++                                  textEnd, XML_ACCOUNT_ENTITY_EXPANSION,
++                                  &nextInEntity);
++        if (result != XML_ERROR_NONE)
++          break;
++        // Check if entity is complete, if not, mark down how much of it is
++        // processed. A XML_SUSPENDED check here is not required as
++        // appendAttributeValue will never suspend the parser.
++        if (textEnd != nextInEntity) {
++          entity->processed
++              = (int)(nextInEntity - (const char *)entity->textPtr);
++          continue;
++        }
++
++        // Entity is complete. We cannot close it here since we need to first
++        // process its possible inner entities (which are added to the
++        // m_openValueEntities during storeEntityValue)
++        entity->hasMore = XML_FALSE;
++        continue;
++      } // End of entity processing, "if" block skips the rest
++
++      // Remove fully processed openEntity from open entity list.
++#  if XML_GE == 1
++      entityTrackingOnClose(parser, entity, __LINE__);
++#  endif
++      // openEntity is m_openValueEntities' head, since we set it at the
++      // start of this function and because we skipped storeEntityValue call
++      // with hasMore set to false. This means we can directly remove the head
++      // of m_openValueEntities
++      assert(parser->m_openValueEntities == openEntity);
++      entity->open = XML_FALSE;
++      parser->m_openValueEntities = parser->m_openValueEntities->next;
++
++      /* put openEntity back in list of free instances */
++      openEntity->next = parser->m_freeValueEntities;
++      parser->m_freeValueEntities = openEntity;
++    }
++
++    // Break if an error occurred or there is nothing left to process
++    if (result
++        || (parser->m_openValueEntities == NULL && entityTextEnd == next)) {
++      break;
++    }
++  }
++
+   return result;
+ }
+ 
+diff --git a/expat/tests/alloc_tests.c b/expat/tests/alloc_tests.c
+index e5d46ebe..12ea3b2a 100644
+--- a/expat/tests/alloc_tests.c
++++ b/expat/tests/alloc_tests.c
+@@ -19,6 +19,7 @@
+    Copyright (c) 2020      Tim Gates <tim.gates@iress.com>
+    Copyright (c) 2021      Donghee Na <donghee.na@python.org>
+    Copyright (c) 2023      Sony Corporation / Snild Dolkow <snild@sony.com>
++   Copyright (c) 2025      Berkay Eren Ürün <berkay.ueruen@siemens.com>
+    Licensed under the MIT license:
+ 
+    Permission is  hereby granted,  free of charge,  to any  person obtaining
+@@ -450,6 +451,31 @@ START_TEST(test_alloc_internal_entity) {
+ }
+ END_TEST
+ 
++START_TEST(test_alloc_parameter_entity) {
++  const char *text = "<!DOCTYPE foo ["
++                     "<!ENTITY % param1 \"<!ENTITY internal 'some_text'>\">"
++                     "%param1;"
++                     "]> <foo>&internal;content</foo>";
++  int i;
++  const int alloc_test_max_repeats = 30;
++
++  for (i = 0; i < alloc_test_max_repeats; i++) {
++    g_allocation_count = i;
++    XML_SetParamEntityParsing(g_parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
++    if (_XML_Parse_SINGLE_BYTES(g_parser, text, (int)strlen(text), XML_TRUE)
++        != XML_STATUS_ERROR)
++      break;
++    alloc_teardown();
++    alloc_setup();
++  }
++  g_allocation_count = -1;
++  if (i == 0)
++    fail("Parameter entity processed despite duff allocator");
++  if (i == alloc_test_max_repeats)
++    fail("Parameter entity not processed at max allocation count");
++}
++END_TEST
++
+ /* Test the robustness against allocation failure of element handling
+  * Based on test_dtd_default_handling().
+  */
+@@ -2079,6 +2105,7 @@ make_alloc_test_case(Suite *s) {
+   tcase_add_test__ifdef_xml_dtd(tc_alloc, test_alloc_external_entity);
+   tcase_add_test__ifdef_xml_dtd(tc_alloc, test_alloc_ext_entity_set_encoding);
+   tcase_add_test__ifdef_xml_dtd(tc_alloc, test_alloc_internal_entity);
++  tcase_add_test__ifdef_xml_dtd(tc_alloc, test_alloc_parameter_entity);
+   tcase_add_test__ifdef_xml_dtd(tc_alloc, test_alloc_dtd_default_handling);
+   tcase_add_test(tc_alloc, test_alloc_explicit_encoding);
+   tcase_add_test(tc_alloc, test_alloc_set_base);
+diff --git a/expat/tests/basic_tests.c b/expat/tests/basic_tests.c
+index d2306772..29be32cf 100644
+--- a/expat/tests/basic_tests.c
++++ b/expat/tests/basic_tests.c
+@@ -10,7 +10,7 @@
+    Copyright (c) 2003      Greg Stein <gstein@users.sourceforge.net>
+    Copyright (c) 2005-2007 Steven Solie <steven@solie.ca>
+    Copyright (c) 2005-2012 Karl Waclawek <karl@waclawek.net>
+-   Copyright (c) 2016-2024 Sebastian Pipping <sebastian@pipping.org>
++   Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org>
+    Copyright (c) 2017-2022 Rhodri James <rhodri@wildebeest.org.uk>
+    Copyright (c) 2017      Joe Orton <jorton@redhat.com>
+    Copyright (c) 2017      José Gutiérrez de la Concha <jose@zeroc.com>
+@@ -19,6 +19,7 @@
+    Copyright (c) 2020      Tim Gates <tim.gates@iress.com>
+    Copyright (c) 2021      Donghee Na <donghee.na@python.org>
+    Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <snild@sony.com>
++   Copyright (c) 2024-2025 Berkay Eren Ürün <berkay.ueruen@siemens.com>
+    Licensed under the MIT license:
+ 
+    Permission is  hereby granted,  free of charge,  to any  person obtaining
+@@ -1233,44 +1234,58 @@ START_TEST(test_no_indirectly_recursive_entity_refs) {
+        "<doc/>\n",
+        true},
+   };
++  const XML_Bool reset_or_not[] = {XML_TRUE, XML_FALSE};
++
+   for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
+-    const char *const doc = cases[i].doc;
+-    const bool usesParameterEntities = cases[i].usesParameterEntities;
++    for (size_t j = 0; j < sizeof(reset_or_not) / sizeof(reset_or_not[0]);
++         j++) {
++      const XML_Bool reset_wanted = reset_or_not[j];
++      const char *const doc = cases[i].doc;
++      const bool usesParameterEntities = cases[i].usesParameterEntities;
+ 
+-    set_subtest("[%i] %s", (int)i, doc);
++      set_subtest("[%i,reset=%i] %s", (int)i, (int)j, doc);
+ 
+ #ifdef XML_DTD // both GE and DTD
+-    const bool rejection_expected = true;
++      const bool rejection_expected = true;
+ #elif XML_GE == 1 // GE but not DTD
+-    const bool rejection_expected = ! usesParameterEntities;
++      const bool rejection_expected = ! usesParameterEntities;
+ #else             // neither DTD nor GE
+-    const bool rejection_expected = false;
++      const bool rejection_expected = false;
+ #endif
+ 
+-    XML_Parser parser = XML_ParserCreate(NULL);
++      XML_Parser parser = XML_ParserCreate(NULL);
+ 
+ #ifdef XML_DTD
+-    if (usesParameterEntities) {
+-      assert_true(
+-          XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS)
+-          == 1);
+-    }
++      if (usesParameterEntities) {
++        assert_true(
++            XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS)
++            == 1);
++      }
+ #else
+-    UNUSED_P(usesParameterEntities);
++      UNUSED_P(usesParameterEntities);
+ #endif // XML_DTD
+ 
+-    const enum XML_Status status
+-        = _XML_Parse_SINGLE_BYTES(parser, doc, (int)strlen(doc),
+-                                  /*isFinal*/ XML_TRUE);
++      const enum XML_Status status
++          = _XML_Parse_SINGLE_BYTES(parser, doc, (int)strlen(doc),
++                                    /*isFinal*/ XML_TRUE);
+ 
+-    if (rejection_expected) {
+-      assert_true(status == XML_STATUS_ERROR);
+-      assert_true(XML_GetErrorCode(parser) == XML_ERROR_RECURSIVE_ENTITY_REF);
+-    } else {
+-      assert_true(status == XML_STATUS_OK);
++      if (rejection_expected) {
++        assert_true(status == XML_STATUS_ERROR);
++        assert_true(XML_GetErrorCode(parser) == XML_ERROR_RECURSIVE_ENTITY_REF);
++      } else {
++        assert_true(status == XML_STATUS_OK);
++      }
++
++      if (reset_wanted) {
++        // This covers free'ing of (eventually) all three open entity lists by
++        // XML_ParserReset.
++        XML_ParserReset(parser, NULL);
++      }
++
++      // This covers free'ing of (eventually) all three open entity lists by
++      // XML_ParserFree (unless XML_ParserReset has already done that above).
++      XML_ParserFree(parser);
+     }
+-
+-    XML_ParserFree(parser);
+   }
+ }
+ END_TEST
+@@ -4033,7 +4048,7 @@ START_TEST(test_skipped_null_loaded_ext_entity) {
+       = {"<!ENTITY % pe1 SYSTEM 'http://example.org/two.ent'>\n"
+          "<!ENTITY % pe2 '%pe1;'>\n"
+          "%pe2;\n",
+-         external_entity_null_loader};
++         external_entity_null_loader, NULL};
+ 
+   XML_SetUserData(g_parser, &test_data);
+   XML_SetParamEntityParsing(g_parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
+@@ -4051,7 +4066,7 @@ START_TEST(test_skipped_unloaded_ext_entity) {
+       = {"<!ENTITY % pe1 SYSTEM 'http://example.org/two.ent'>\n"
+          "<!ENTITY % pe2 '%pe1;'>\n"
+          "%pe2;\n",
+-         NULL};
++         NULL, NULL};
+ 
+   XML_SetUserData(g_parser, &test_data);
+   XML_SetParamEntityParsing(g_parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
+@@ -5351,6 +5366,151 @@ START_TEST(test_pool_integrity_with_unfinished_attr) {
+ }
+ END_TEST
+ 
++/* Test a possible early return location in internalEntityProcessor */
++START_TEST(test_entity_ref_no_elements) {
++  const char *const text = "<!DOCTYPE foo [\n"
++                           "<!ENTITY e1 \"test\">\n"
++                           "]> <foo>&e1;"; // intentionally missing newline
++
++  XML_Parser parser = XML_ParserCreate(NULL);
++  assert_true(_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE)
++              == XML_STATUS_ERROR);
++  assert_true(XML_GetErrorCode(parser) == XML_ERROR_NO_ELEMENTS);
++  XML_ParserFree(parser);
++}
++END_TEST
++
++/* Tests if chained entity references lead to unbounded recursion */
++START_TEST(test_deep_nested_entity) {
++  const size_t N_LINES = 60000;
++  const size_t SIZE_PER_LINE = 50;
++
++  char *const text = (char *)malloc((N_LINES + 4) * SIZE_PER_LINE);
++  if (text == NULL) {
++    fail("malloc failed");
++  }
++
++  char *textPtr = text;
++
++  // Create the XML
++  textPtr += snprintf(textPtr, SIZE_PER_LINE,
++                      "<!DOCTYPE foo [\n"
++                      "        <!ENTITY s0 'deepText'>\n");
++
++  for (size_t i = 1; i < N_LINES; ++i) {
++    textPtr += snprintf(textPtr, SIZE_PER_LINE, "  <!ENTITY s%lu '&s%lu;'>\n",
++                        (long unsigned)i, (long unsigned)(i - 1));
++  }
++
++  snprintf(textPtr, SIZE_PER_LINE, "]> <foo>&s%lu;</foo>\n",
++           (long unsigned)(N_LINES - 1));
++
++  const XML_Char *const expected = XCS("deepText");
++
++  CharData storage;
++  CharData_Init(&storage);
++
++  XML_Parser parser = XML_ParserCreate(NULL);
++
++  XML_SetCharacterDataHandler(parser, accumulate_characters);
++  XML_SetUserData(parser, &storage);
++
++  if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE)
++      == XML_STATUS_ERROR)
++    xml_failure(parser);
++
++  CharData_CheckXMLChars(&storage, expected);
++  XML_ParserFree(parser);
++  free(text);
++}
++END_TEST
++
++/* Tests if chained entity references in attributes
++lead to unbounded recursion */
++START_TEST(test_deep_nested_attribute_entity) {
++  const size_t N_LINES = 60000;
++  const size_t SIZE_PER_LINE = 100;
++
++  char *const text = (char *)malloc((N_LINES + 4) * SIZE_PER_LINE);
++  if (text == NULL) {
++    fail("malloc failed");
++  }
++
++  char *textPtr = text;
++
++  // Create the XML
++  textPtr += snprintf(textPtr, SIZE_PER_LINE,
++                      "<!DOCTYPE foo [\n"
++                      "        <!ENTITY s0 'deepText'>\n");
++
++  for (size_t i = 1; i < N_LINES; ++i) {
++    textPtr += snprintf(textPtr, SIZE_PER_LINE, "  <!ENTITY s%lu '&s%lu;'>\n",
++                        (long unsigned)i, (long unsigned)(i - 1));
++  }
++
++  snprintf(textPtr, SIZE_PER_LINE, "]> <foo name='&s%lu;'>mainText</foo>\n",
++           (long unsigned)(N_LINES - 1));
++
++  AttrInfo doc_info[] = {{XCS("name"), XCS("deepText")}, {NULL, NULL}};
++  ElementInfo info[] = {{XCS("foo"), 1, NULL, NULL}, {NULL, 0, NULL, NULL}};
++  info[0].attributes = doc_info;
++
++  XML_Parser parser = XML_ParserCreate(NULL);
++  ParserAndElementInfo parserPlusElemenInfo = {parser, info};
++
++  XML_SetStartElementHandler(parser, counting_start_element_handler);
++  XML_SetUserData(parser, &parserPlusElemenInfo);
++
++  if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE)
++      == XML_STATUS_ERROR)
++    xml_failure(parser);
++
++  XML_ParserFree(parser);
++  free(text);
++}
++END_TEST
++
++START_TEST(test_deep_nested_entity_delayed_interpretation) {
++  const size_t N_LINES = 70000;
++  const size_t SIZE_PER_LINE = 100;
++
++  char *const text = (char *)malloc((N_LINES + 4) * SIZE_PER_LINE);
++  if (text == NULL) {
++    fail("malloc failed");
++  }
++
++  char *textPtr = text;
++
++  // Create the XML
++  textPtr += snprintf(textPtr, SIZE_PER_LINE,
++                      "<!DOCTYPE foo [\n"
++                      "        <!ENTITY %% s0 'deepText'>\n");
++
++  for (size_t i = 1; i < N_LINES; ++i) {
++    textPtr += snprintf(textPtr, SIZE_PER_LINE,
++                        "  <!ENTITY %% s%lu '&#37;s%lu;'>\n", (long unsigned)i,
++                        (long unsigned)(i - 1));
++  }
++
++  snprintf(textPtr, SIZE_PER_LINE,
++           "  <!ENTITY %% define_g \"<!ENTITY g '&#37;s%lu;'>\">\n"
++           "  %%define_g;\n"
++           "]>\n"
++           "<foo/>\n",
++           (long unsigned)(N_LINES - 1));
++
++  XML_Parser parser = XML_ParserCreate(NULL);
++
++  XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
++  if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE)
++      == XML_STATUS_ERROR)
++    xml_failure(parser);
++
++  XML_ParserFree(parser);
++  free(text);
++}
++END_TEST
++
+ START_TEST(test_nested_entity_suspend) {
+   const char *const text = "<!DOCTYPE a [\n"
+                            "  <!ENTITY e1 '<!--e1-->'>\n"
+@@ -5381,6 +5541,35 @@ START_TEST(test_nested_entity_suspend) {
+ }
+ END_TEST
+ 
++START_TEST(test_nested_entity_suspend_2) {
++  const char *const text = "<!DOCTYPE doc [\n"
++                           "  <!ENTITY ge1 'head1Ztail1'>\n"
++                           "  <!ENTITY ge2 'head2&ge1;tail2'>\n"
++                           "  <!ENTITY ge3 'head3&ge2;tail3'>\n"
++                           "]>\n"
++                           "<doc>&ge3;</doc>";
++  const XML_Char *const expected = XCS("head3") XCS("head2") XCS("head1")
++      XCS("Z") XCS("tail1") XCS("tail2") XCS("tail3");
++  CharData storage;
++  CharData_Init(&storage);
++  XML_Parser parser = XML_ParserCreate(NULL);
++  ParserPlusStorage parserPlusStorage = {parser, &storage};
++
++  XML_SetCharacterDataHandler(parser, accumulate_char_data_and_suspend);
++  XML_SetUserData(parser, &parserPlusStorage);
++
++  enum XML_Status status = XML_Parse(parser, text, (int)strlen(text), XML_TRUE);
++  while (status == XML_STATUS_SUSPENDED) {
++    status = XML_ResumeParser(parser);
++  }
++  if (status != XML_STATUS_OK)
++    xml_failure(parser);
++
++  CharData_CheckXMLChars(&storage, expected);
++  XML_ParserFree(parser);
++}
++END_TEST
++
+ /* Regression test for quadratic parsing on large tokens */
+ START_TEST(test_big_tokens_scale_linearly) {
+   const struct {
+@@ -6221,7 +6410,13 @@ make_basic_test_case(Suite *s) {
+   tcase_add_test(tc_basic, test_empty_element_abort);
+   tcase_add_test__ifdef_xml_dtd(tc_basic,
+                                 test_pool_integrity_with_unfinished_attr);
++  tcase_add_test__if_xml_ge(tc_basic, test_entity_ref_no_elements);
++  tcase_add_test__if_xml_ge(tc_basic, test_deep_nested_entity);
++  tcase_add_test__if_xml_ge(tc_basic, test_deep_nested_attribute_entity);
++  tcase_add_test__if_xml_ge(tc_basic,
++                            test_deep_nested_entity_delayed_interpretation);
+   tcase_add_test__if_xml_ge(tc_basic, test_nested_entity_suspend);
++  tcase_add_test__if_xml_ge(tc_basic, test_nested_entity_suspend_2);
+   tcase_add_test(tc_basic, test_big_tokens_scale_linearly);
+   tcase_add_test(tc_basic, test_set_reparse_deferral);
+   tcase_add_test(tc_basic, test_reparse_deferral_is_inherited);
+diff --git a/expat/tests/handlers.c b/expat/tests/handlers.c
+index 0211985f..f15029e3 100644
+--- a/expat/tests/handlers.c
++++ b/expat/tests/handlers.c
+@@ -1882,6 +1882,20 @@ accumulate_entity_decl(void *userData, const XML_Char *entityName,
+   CharData_AppendXMLChars(storage, XCS("\n"), 1);
+ }
+ 
++void XMLCALL
++accumulate_char_data_and_suspend(void *userData, const XML_Char *s, int len) {
++  ParserPlusStorage *const parserPlusStorage = (ParserPlusStorage *)userData;
++
++  CharData_AppendXMLChars(parserPlusStorage->storage, s, len);
++
++  for (int i = 0; i < len; i++) {
++    if (s[i] == 'Z') {
++      XML_StopParser(parserPlusStorage->parser, /*resumable=*/XML_TRUE);
++      break;
++    }
++  }
++}
++
+ void XMLCALL
+ accumulate_start_element(void *userData, const XML_Char *name,
+                          const XML_Char **atts) {
+diff --git a/expat/tests/handlers.h b/expat/tests/handlers.h
+index 8850bb94..4d6a08d5 100644
+--- a/expat/tests/handlers.h
++++ b/expat/tests/handlers.h
+@@ -325,6 +325,7 @@ extern int XMLCALL external_entity_devaluer(XML_Parser parser,
+ typedef struct ext_hdlr_data {
+   const char *parse_text;
+   XML_ExternalEntityRefHandler handler;
++  CharData *storage;
+ } ExtHdlrData;
+ 
+ extern int XMLCALL external_entity_oneshot_loader(XML_Parser parser,
+@@ -569,6 +570,10 @@ extern void XMLCALL accumulate_entity_decl(
+     const XML_Char *systemId, const XML_Char *publicId,
+     const XML_Char *notationName);
+ 
++extern void XMLCALL accumulate_char_data_and_suspend(void *userData,
++                                                     const XML_Char *s,
++                                                     int len);
++
+ extern void XMLCALL accumulate_start_element(void *userData,
+                                              const XML_Char *name,
+                                              const XML_Char **atts);
+diff --git a/expat/tests/misc_tests.c b/expat/tests/misc_tests.c
+index 9afe0922..f9a78f66 100644
+--- a/expat/tests/misc_tests.c
++++ b/expat/tests/misc_tests.c
+@@ -59,6 +59,9 @@
+ #include "handlers.h"
+ #include "misc_tests.h"
+ 
++void XMLCALL accumulate_characters_ext_handler(void *userData,
++                                               const XML_Char *s, int len);
++
+ /* Test that a failure to allocate the parser structure fails gracefully */
+ START_TEST(test_misc_alloc_create_parser) {
+   XML_Memory_Handling_Suite memsuite = {duff_allocator, realloc, free};
+@@ -519,6 +522,45 @@ START_TEST(test_misc_stopparser_rejects_unstarted_parser) {
+ }
+ END_TEST
+ 
++/* Adaptation of accumulate_characters that takes ExtHdlrData input to work with
++ * test_renter_loop_finite_content below */
++void XMLCALL
++accumulate_characters_ext_handler(void *userData, const XML_Char *s, int len) {
++  ExtHdlrData *const test_data = (ExtHdlrData *)userData;
++  CharData_AppendXMLChars(test_data->storage, s, len);
++}
++
++/* Test that internalEntityProcessor does not re-enter forever;
++ * based on files tests/xmlconf/xmltest/valid/ext-sa/012.{xml,ent} */
++START_TEST(test_renter_loop_finite_content) {
++  CharData storage;
++  CharData_Init(&storage);
++  const char *const text = "<!DOCTYPE doc [\n"
++                           "<!ENTITY e1 '&e2;'>\n"
++                           "<!ENTITY e2 '&e3;'>\n"
++                           "<!ENTITY e3 SYSTEM '012.ent'>\n"
++                           "<!ENTITY e4 '&e5;'>\n"
++                           "<!ENTITY e5 '(e5)'>\n"
++                           "<!ELEMENT doc (#PCDATA)>\n"
++                           "]>\n"
++                           "<doc>&e1;</doc>\n";
++  ExtHdlrData test_data = {"&e4;\n", external_entity_null_loader, &storage};
++  const XML_Char *const expected = XCS("(e5)\n");
++
++  XML_Parser parser = XML_ParserCreate(NULL);
++  assert_true(parser != NULL);
++  XML_SetUserData(parser, &test_data);
++  XML_SetExternalEntityRefHandler(parser, external_entity_oneshot_loader);
++  XML_SetCharacterDataHandler(parser, accumulate_characters_ext_handler);
++  if (_XML_Parse_SINGLE_BYTES(parser, text, (int)strlen(text), XML_TRUE)
++      == XML_STATUS_ERROR)
++    xml_failure(parser);
++
++  CharData_CheckXMLChars(&storage, expected);
++  XML_ParserFree(parser);
++}
++END_TEST
++
+ void
+ make_miscellaneous_test_case(Suite *s) {
+   TCase *tc_misc = tcase_create("miscellaneous tests");
+@@ -545,4 +587,5 @@ make_miscellaneous_test_case(Suite *s) {
+   tcase_add_test(tc_misc, test_misc_char_handler_stop_without_leak);
+   tcase_add_test(tc_misc, test_misc_resumeparser_not_crashing);
+   tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
++  tcase_add_test__if_xml_ge(tc_misc, test_renter_loop_finite_content);
+ }
diff --git a/meta/recipes-core/expat/expat/CVE-2024-8176-02.patch b/meta/recipes-core/expat/expat/CVE-2024-8176-02.patch
new file mode 100644
index 0000000000..a22ace3be6
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2024-8176-02.patch
@@ -0,0 +1,248 @@
+From 5f7af592557495a99e7badaf5c03362a20650156 Mon Sep 17 00:00:00 2001
+From: Peter Marko <peter.marko@siemens.com>
+Date: Thu, 27 Mar 2025 20:28:26 +0100
+Subject: [PATCH] Stop updating event pointer on exit for reentry (fixes #980)
+ #989
+
+Fixes #980
+
+CVE: CVE-2024-8176
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/pull/989]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ expat/Changes            | 15 ++++++++++++
+ expat/lib/xmlparse.c     | 12 ++++++---
+ expat/tests/common.c     | 25 +++++++++++++++++++
+ expat/tests/common.h     |  2 ++
+ expat/tests/misc_tests.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 112 insertions(+), 3 deletions(-)
+
+diff --git a/expat/Changes b/expat/Changes
+index 8c5db88c..7ba33497 100644
+--- a/expat/Changes
++++ b/expat/Changes
+@@ -30,6 +30,21 @@
+ !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ 
+ Patches:
++        Bug fixes:
++       #980 #989  Restore event pointer behavior from Expat 2.6.4
++                    (that the fix to CVE-2024-8176 changed in 2.7.0);
++                    affected API functions are:
++                    - XML_GetCurrentByteCount
++                    - XML_GetCurrentByteIndex
++                    - XML_GetCurrentColumnNumber
++                    - XML_GetCurrentLineNumber
++                    - XML_GetInputContext
++
++        Special thanks to:
++            Berkay Eren Ürün
++                 and
++            Perl XML::Parser
++
+         Security fixes:
+        #893 #???  CVE-2024-8176 -- Fix crash from chaining a large number
+                     of entities caused by stack overflow by resolving use of
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 473c791d..c6085d38 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -3402,12 +3402,13 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+       break;
+       /* LCOV_EXCL_STOP */
+     }
+-    *eventPP = s = next;
+     switch (parser->m_parsingStatus.parsing) {
+     case XML_SUSPENDED:
++      *eventPP = next;
+       *nextPtr = next;
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
++      *eventPP = next;
+       return XML_ERROR_ABORTED;
+     case XML_PARSING:
+       if (parser->m_reenter) {
+@@ -3416,6 +3417,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
+       }
+       /* Fall through */
+     default:;
++      *eventPP = s = next;
+     }
+   }
+   /* not reached */
+@@ -4332,12 +4334,13 @@ doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr,
+       /* LCOV_EXCL_STOP */
+     }
+ 
+-    *eventPP = s = next;
+     switch (parser->m_parsingStatus.parsing) {
+     case XML_SUSPENDED:
++      *eventPP = next;
+       *nextPtr = next;
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
++      *eventPP = next;
+       return XML_ERROR_ABORTED;
+     case XML_PARSING:
+       if (parser->m_reenter) {
+@@ -4345,6 +4348,7 @@ doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr,
+       }
+       /* Fall through */
+     default:;
++      *eventPP = s = next;
+     }
+   }
+   /* not reached */
+@@ -5951,12 +5955,13 @@ epilogProcessor(XML_Parser parser, const char *s, const char *end,
+     default:
+       return XML_ERROR_JUNK_AFTER_DOC_ELEMENT;
+     }
+-    parser->m_eventPtr = s = next;
+     switch (parser->m_parsingStatus.parsing) {
+     case XML_SUSPENDED:
++      parser->m_eventPtr = next;
+       *nextPtr = next;
+       return XML_ERROR_NONE;
+     case XML_FINISHED:
++      parser->m_eventPtr = next;
+       return XML_ERROR_ABORTED;
+     case XML_PARSING:
+       if (parser->m_reenter) {
+@@ -5964,6 +5969,7 @@ epilogProcessor(XML_Parser parser, const char *s, const char *end,
+       }
+     /* Fall through */
+     default:;
++      parser->m_eventPtr = s = next;
+     }
+   }
+ }
+diff --git a/expat/tests/common.c b/expat/tests/common.c
+index 3aea8d74..b267dbb3 100644
+--- a/expat/tests/common.c
++++ b/expat/tests/common.c
+@@ -42,6 +42,8 @@
+ */
+ 
+ #include <assert.h>
++#include <errno.h>
++#include <stdint.h> // for SIZE_MAX
+ #include <stdio.h>
+ #include <string.h>
+ 
+@@ -294,3 +296,26 @@ duff_reallocator(void *ptr, size_t size) {
+     g_reallocation_count--;
+   return realloc(ptr, size);
+ }
++
++// Portable remake of strndup(3) for C99; does not care about space efficiency
++char *
++portable_strndup(const char *s, size_t n) {
++  if ((s == NULL) || (n == SIZE_MAX)) {
++    errno = EINVAL;
++    return NULL;
++  }
++
++  char *const buffer = (char *)malloc(n + 1);
++  if (buffer == NULL) {
++    errno = ENOMEM;
++    return NULL;
++  }
++
++  errno = 0;
++
++  memcpy(buffer, s, n);
++
++  buffer[n] = '\0';
++
++  return buffer;
++}
+diff --git a/expat/tests/common.h b/expat/tests/common.h
+index bc4c7da6..88711308 100644
+--- a/expat/tests/common.h
++++ b/expat/tests/common.h
+@@ -146,6 +146,8 @@ extern void *duff_allocator(size_t size);
+ 
+ extern void *duff_reallocator(void *ptr, size_t size);
+ 
++extern char *portable_strndup(const char *s, size_t n);
++
+ #endif /* XML_COMMON_H */
+ 
+ #ifdef __cplusplus
+diff --git a/expat/tests/misc_tests.c b/expat/tests/misc_tests.c
+index f9a78f66..2b9f793b 100644
+--- a/expat/tests/misc_tests.c
++++ b/expat/tests/misc_tests.c
+@@ -561,6 +561,66 @@ START_TEST(test_renter_loop_finite_content) {
+ }
+ END_TEST
+ 
++// Inspired by function XML_OriginalString of Perl's XML::Parser
++static char *
++dup_original_string(XML_Parser parser) {
++  const int byte_count = XML_GetCurrentByteCount(parser);
++
++  assert_true(byte_count >= 0);
++
++  int offset = -1;
++  int size = -1;
++
++  const char *const context = XML_GetInputContext(parser, &offset, &size);
++
++#if XML_CONTEXT_BYTES > 0
++  assert_true(context != NULL);
++  assert_true(offset >= 0);
++  assert_true(size >= 0);
++  return portable_strndup(context + offset, byte_count);
++#else
++  assert_true(context == NULL);
++  return NULL;
++#endif
++}
++
++static void
++on_characters_issue_980(void *userData, const XML_Char *s, int len) {
++  (void)s;
++  (void)len;
++  XML_Parser parser = (XML_Parser)userData;
++
++  char *const original_string = dup_original_string(parser);
++
++#if XML_CONTEXT_BYTES > 0
++  assert_true(original_string != NULL);
++  assert_true(strcmp(original_string, "&draft.day;") == 0);
++  free(original_string);
++#else
++  assert_true(original_string == NULL);
++#endif
++}
++
++START_TEST(test_misc_expected_event_ptr_issue_980) {
++  // NOTE: This is a tiny subset of sample "REC-xml-19980210.xml"
++  //       from Perl's XML::Parser
++  const char *const doc = "<!DOCTYPE day [\n"
++                          "  <!ENTITY draft.day '10'>\n"
++                          "]>\n"
++                          "<day>&draft.day;</day>\n";
++
++  XML_Parser parser = XML_ParserCreate(NULL);
++  XML_SetUserData(parser, parser);
++  XML_SetCharacterDataHandler(parser, on_characters_issue_980);
++
++  assert_true(_XML_Parse_SINGLE_BYTES(parser, doc, (int)strlen(doc),
++                                      /*isFinal=*/XML_TRUE)
++              == XML_STATUS_OK);
++
++  XML_ParserFree(parser);
++}
++END_TEST
++
+ void
+ make_miscellaneous_test_case(Suite *s) {
+   TCase *tc_misc = tcase_create("miscellaneous tests");
+@@ -588,4 +648,5 @@ make_miscellaneous_test_case(Suite *s) {
+   tcase_add_test(tc_misc, test_misc_resumeparser_not_crashing);
+   tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
+   tcase_add_test__if_xml_ge(tc_misc, test_renter_loop_finite_content);
++  tcase_add_test(tc_misc, test_misc_expected_event_ptr_issue_980);
+ }
diff --git a/meta/recipes-core/expat/expat_2.6.3.bb b/meta/recipes-core/expat/expat_2.6.4.bb
index 5ae694a004..ab0b1d54c1 100644
--- a/meta/recipes-core/expat/expat_2.6.3.bb
+++ b/meta/recipes-core/expat/expat_2.6.4.bb
@@ -10,12 +10,15 @@ VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}"
 
 SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2  \
            file://run-ptest \
+           file://0001-tests-Cover-indirect-entity-recursion.patch;striplevel=2 \
+           file://CVE-2024-8176-01.patch;striplevel=2 \
+           file://CVE-2024-8176-02.patch;striplevel=2 \
            "
 
 GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"
 UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)"
 
-SRC_URI[sha256sum] = "b8baef92f328eebcf731f4d18103951c61fa8c8ec21d5ff4202fb6f2198aeb2d"
+SRC_URI[sha256sum] = "8dc480b796163d4436e6f1352e71800a774f73dbae213f1860b60607d2a83ada"
 
 EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
 
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
new file mode 100644
index 0000000000..3a06a9d782
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
@@ -0,0 +1,49 @@
+From ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Thu, 19 Sep 2024 18:35:53 +0100
+Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
+ messages
+
+`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
+byte in the connect message, which is an addition in SOCKSv4a vs
+SOCKSv4.
+
+This means that the buffer for building and transmitting the connect
+message could be overflowed if the username and hostname are both
+`SOCKS4_MAX_LEN` (255) bytes long.
+
+Proxy configurations are normally statically configured, so the username
+is very unlikely to be near its maximum length, and hence this overflow
+is unlikely to be triggered in practice.
+
+(Commit message by Philip Withnall, diagnosis and fix by Michael
+Catanzaro.)
+
+Fixes: #3461
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29]
+CVE: CVE-2024-52533
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ gio/gsocks4aproxy.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
+index 3dad118eb7..b3146d08fd 100644
+--- a/gio/gsocks4aproxy.c
++++ b/gio/gsocks4aproxy.c
+@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST |    | NULL |
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+- *    1    1      2              4           variable       1    variable
++ *    1    1      2              4           variable       1    variable    1
+  */
+-#define SOCKS4_CONN_MSG_LEN        (9 + SOCKS4_MAX_LEN * 2)
++#define SOCKS4_CONN_MSG_LEN        (10 + SOCKS4_MAX_LEN * 2)
+ static gint
+ set_connect_msg (guint8      *msg,
+                 const gchar *hostname,
+-- 
+GitLab
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-01.patch
new file mode 100644
index 0000000000..b7b05b6595
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-01.patch
@@ -0,0 +1,57 @@
+From fe6af80931c35fafc6a2cd0651b6de052d1bffae Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 18 Feb 2025 16:44:58 +0000
+Subject: [PATCH 1/6] gdatetime: Fix integer overflow when parsing very long
+ ISO8601 inputs
+
+This will only happen with invalid (or maliciously invalid) potential
+ISO8601 strings, but `g_date_time_new_from_iso8601()` needs to be robust
+against that.
+
+Prevent `length` overflowing by correctly defining it as a `size_t`.
+Similarly for `date_length`, but additionally track its validity in a
+boolean rather than as its sign.
+
+Spotted by chamalsl as #YWH-PGM9867-43.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+CVE: CVE-2025-3360
+Upstream-Status: Backport [https://github.com/GNOME/glib/commit/fe6af80931c35fafc6a2cd0651b6de052d1bffae]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gdatetime.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/glib/gdatetime.c b/glib/gdatetime.c
+index ad9c190b6..b33db2c20 100644
+--- a/glib/gdatetime.c
++++ b/glib/gdatetime.c
+@@ -1497,7 +1497,8 @@ parse_iso8601_time (const gchar *text, gsize length,
+ GDateTime *
+ g_date_time_new_from_iso8601 (const gchar *text, GTimeZone *default_tz)
+ {
+-  gint length, date_length = -1;
++  size_t length, date_length = 0;
++  gboolean date_length_set = FALSE;
+   gint hour = 0, minute = 0;
+   gdouble seconds = 0.0;
+   GTimeZone *tz = NULL;
+@@ -1508,11 +1509,14 @@ g_date_time_new_from_iso8601 (const gchar *text, GTimeZone *default_tz)
+   /* Count length of string and find date / time separator ('T', 't', or ' ') */
+   for (length = 0; text[length] != '\0'; length++)
+     {
+-      if (date_length < 0 && (text[length] == 'T' || text[length] == 't' || text[length] == ' '))
+-        date_length = length;
++      if (!date_length_set && (text[length] == 'T' || text[length] == 't' || text[length] == ' '))
++        {
++          date_length = length;
++          date_length_set = TRUE;
++        }
+     }
+ 
+-  if (date_length < 0)
++  if (!date_length_set)
+     return NULL;
+ 
+   if (!parse_iso8601_time (text + date_length + 1, length - (date_length + 1),
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-02.patch
new file mode 100644
index 0000000000..55f3ab126e
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-02.patch
@@ -0,0 +1,53 @@
+From 495c85278f9638fdf3ebf002c759e1bdccebaf2f Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 18 Feb 2025 16:51:36 +0000
+Subject: [PATCH 2/6] gdatetime: Fix potential integer overflow in timezone
+ offset handling
+
+This one is much harder to trigger than the one in the previous commit,
+but mixing `gssize` and `gsize` always runs the risk of the former
+overflowing for very (very very) long input strings.
+
+Avoid that possibility by not using the sign of the `tz_offset` to
+indicate its validity, and instead using the return value of the
+function.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+CVE: CVE-2025-3360
+Upstream-Status: Backport [https://github.com/GNOME/glib/commit/495c85278f9638fdf3ebf002c759e1bdccebaf2f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gdatetime.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/glib/gdatetime.c b/glib/gdatetime.c
+index b33db2c20..792c2ed15 100644
+--- a/glib/gdatetime.c
++++ b/glib/gdatetime.c
+@@ -1346,8 +1346,10 @@ parse_iso8601_date (const gchar *text, gsize length,
+     return FALSE;
+ }
+ 
++/* Value returned in tz_offset is valid if and only if the function return value
++ * is non-NULL. */
+ static GTimeZone *
+-parse_iso8601_timezone (const gchar *text, gsize length, gssize *tz_offset)
++parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset)
+ {
+   gint i, tz_length, offset_hours, offset_minutes;
+   gint offset_sign = 1;
+@@ -1415,11 +1417,11 @@ static gboolean
+ parse_iso8601_time (const gchar *text, gsize length,
+                     gint *hour, gint *minute, gdouble *seconds, GTimeZone **tz)
+ {
+-  gssize tz_offset = -1;
++  size_t tz_offset = 0;
+ 
+   /* Check for timezone suffix */
+   *tz = parse_iso8601_timezone (text, length, &tz_offset);
+-  if (tz_offset >= 0)
++  if (*tz != NULL)
+     length = tz_offset;
+ 
+   /* hh:mm:ss(.sss) */
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-03.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-03.patch
new file mode 100644
index 0000000000..fbefc262d4
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-03.patch
@@ -0,0 +1,36 @@
+From 5e8a3c19fcad2936dc5e070cf0767a5c5af907c5 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 18 Feb 2025 16:55:18 +0000
+Subject: [PATCH 3/6] gdatetime: Track timezone length as an unsigned size_t
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+It’s guaranteed to be in (0, length] by the calculations above.
+
+This avoids the possibility of integer overflow through `gssize` not
+being as big as `size_t`.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+CVE: CVE-2025-3360
+Upstream-Status: Backport [https://github.com/GNOME/glib/commit/5e8a3c19fcad2936dc5e070cf0767a5c5af907c5]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gdatetime.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/glib/gdatetime.c b/glib/gdatetime.c
+index 792c2ed15..6335bcbe2 100644
+--- a/glib/gdatetime.c
++++ b/glib/gdatetime.c
+@@ -1351,7 +1351,8 @@ parse_iso8601_date (const gchar *text, gsize length,
+ static GTimeZone *
+ parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset)
+ {
+-  gint i, tz_length, offset_hours, offset_minutes;
++  size_t tz_length;
++  gint i, offset_hours, offset_minutes;
+   gint offset_sign = 1;
+   GTimeZone *tz;
+ 
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-04.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-04.patch
new file mode 100644
index 0000000000..ce4fa53f26
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-04.patch
@@ -0,0 +1,76 @@
+From 804a3957720449dcfac601da96bd5f5db2b71ef1 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 18 Feb 2025 17:07:24 +0000
+Subject: [PATCH 4/6] gdatetime: Factor out some string pointer arithmetic
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Makes the following code a little clearer, but doesn’t introduce any
+functional changes.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+CVE: CVE-2025-3360
+Upstream-Status: Backport [https://github.com/GNOME/glib/commit/804a3957720449dcfac601da96bd5f5db2b71ef1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gdatetime.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/glib/gdatetime.c b/glib/gdatetime.c
+index 6335bcbe2..de5dd7af0 100644
+--- a/glib/gdatetime.c
++++ b/glib/gdatetime.c
+@@ -1355,6 +1355,7 @@ parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset)
+   gint i, offset_hours, offset_minutes;
+   gint offset_sign = 1;
+   GTimeZone *tz;
++  const char *tz_start;
+ 
+   /* UTC uses Z suffix  */
+   if (length > 0 && text[length - 1] == 'Z')
+@@ -1372,34 +1373,35 @@ parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset)
+       }
+   if (i < 0)
+     return NULL;
++  tz_start = text + i;
+   tz_length = length - i;
+ 
+   /* +hh:mm or -hh:mm */
+-  if (tz_length == 6 && text[i+3] == ':')
++  if (tz_length == 6 && tz_start[3] == ':')
+     {
+-      if (!get_iso8601_int (text + i + 1, 2, &offset_hours) ||
+-          !get_iso8601_int (text + i + 4, 2, &offset_minutes))
++      if (!get_iso8601_int (tz_start + 1, 2, &offset_hours) ||
++          !get_iso8601_int (tz_start + 4, 2, &offset_minutes))
+         return NULL;
+     }
+   /* +hhmm or -hhmm */
+   else if (tz_length == 5)
+     {
+-      if (!get_iso8601_int (text + i + 1, 2, &offset_hours) ||
+-          !get_iso8601_int (text + i + 3, 2, &offset_minutes))
++      if (!get_iso8601_int (tz_start + 1, 2, &offset_hours) ||
++          !get_iso8601_int (tz_start + 3, 2, &offset_minutes))
+         return NULL;
+     }
+   /* +hh or -hh */
+   else if (tz_length == 3)
+     {
+-      if (!get_iso8601_int (text + i + 1, 2, &offset_hours))
++      if (!get_iso8601_int (tz_start + 1, 2, &offset_hours))
+         return NULL;
+       offset_minutes = 0;
+     }
+   else
+     return NULL;
+ 
+-  *tz_offset = i;
+-  tz = g_time_zone_new_identifier (text + i);
++  *tz_offset = tz_start - text;
++  tz = g_time_zone_new_identifier (tz_start);
+ 
+   /* Double-check that the GTimeZone matches our interpretation of the timezone.
+    * This can fail because our interpretation is less strict than (for example)
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-05.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-05.patch
new file mode 100644
index 0000000000..22415cc6a3
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-05.patch
@@ -0,0 +1,57 @@
+From 4c56ff80344e0d8796eb2307091f7b24ec198aa9 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 18 Feb 2025 17:28:33 +0000
+Subject: [PATCH 5/6] gdatetime: Factor out an undersized variable
+
+For long input strings, it would have been possible for `i` to overflow.
+Avoid that problem by using the `tz_length` instead, so that we count up
+rather than down.
+
+This commit introduces no functional changes (outside of changing
+undefined behaviour), and can be verified using the identity
+`i === length - tz_length`.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+CVE: CVE-2025-3360
+Upstream-Status: Backport [https://github.com/GNOME/glib/commit/4c56ff80344e0d8796eb2307091f7b24ec198aa9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gdatetime.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/glib/gdatetime.c b/glib/gdatetime.c
+index de5dd7af0..2f8c864a1 100644
+--- a/glib/gdatetime.c
++++ b/glib/gdatetime.c
+@@ -1352,7 +1352,7 @@ static GTimeZone *
+ parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset)
+ {
+   size_t tz_length;
+-  gint i, offset_hours, offset_minutes;
++  gint offset_hours, offset_minutes;
+   gint offset_sign = 1;
+   GTimeZone *tz;
+   const char *tz_start;
+@@ -1365,16 +1365,15 @@ parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset)
+     }
+ 
+   /* Look for '+' or '-' of offset */
+-  for (i = length - 1; i >= 0; i--)
+-    if (text[i] == '+' || text[i] == '-')
++  for (tz_length = 1; tz_length <= length; tz_length++)
++    if (text[length - tz_length] == '+' || text[length - tz_length] == '-')
+       {
+-        offset_sign = text[i] == '-' ? -1 : 1;
++        offset_sign = text[length - tz_length] == '-' ? -1 : 1;
+         break;
+       }
+-  if (i < 0)
++  if (tz_length > length)
+     return NULL;
+-  tz_start = text + i;
+-  tz_length = length - i;
++  tz_start = text + length - tz_length;
+ 
+   /* +hh:mm or -hh:mm */
+   if (tz_length == 6 && tz_start[3] == ':')
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-06.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-06.patch
new file mode 100644
index 0000000000..249e09f0bc
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-06.patch
@@ -0,0 +1,50 @@
+From 7f6d81130ec05406a8820bc753ed03859e88daea Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 18 Feb 2025 18:20:56 +0000
+Subject: [PATCH 6/6] tests: Add some missing GDateTime ISO8601 parsing tests
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This improves test coverage, adding coverage for some lines which I
+spotted were not covered while testing the preceding commits.
+
+It doesn’t directly test the preceding commits, though.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+CVE: CVE-2025-3360
+Upstream-Status: Backport [https://github.com/GNOME/glib/commit/7f6d81130ec05406a8820bc753ed03859e88daea]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/tests/gdatetime.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
+index 9e1acd097..94dd028a3 100644
+--- a/glib/tests/gdatetime.c
++++ b/glib/tests/gdatetime.c
+@@ -859,6 +859,23 @@ test_GDateTime_new_from_iso8601 (void)
+    * NaN */
+   dt = g_date_time_new_from_iso8601 ("0005306 000001,666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666600080000-00", NULL);
+   g_assert_null (dt);
++
++  /* Various invalid timezone offsets which look like they could be in
++   * `+hh:mm`, `-hh:mm`, `+hhmm`, `-hhmm`, `+hh` or `-hh` format */
++  dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+01:xx", NULL);
++  g_assert_null (dt);
++  dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx:00", NULL);
++  g_assert_null (dt);
++  dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx:xx", NULL);
++  g_assert_null (dt);
++  dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+01xx", NULL);
++  g_assert_null (dt);
++  dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx00", NULL);
++  g_assert_null (dt);
++  dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xxxx", NULL);
++  g_assert_null (dt);
++  dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx", NULL);
++  g_assert_null (dt);
+ }
+ 
+ typedef struct {
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-4373-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-4373-01.patch
new file mode 100644
index 0000000000..f99c4de7e1
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-4373-01.patch
@@ -0,0 +1,120 @@
+From cc647f9e46d55509a93498af19659baf9c80f2e3 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Thu, 10 Apr 2025 10:57:20 -0500
+Subject: [PATCH 1/2] gstring: carefully handle gssize parameters
+
+Wherever we use gssize to allow passing -1, we need to ensure we don't
+overflow the value by assigning a gsize to it without checking if the
+size exceeds the maximum gssize. The safest way to do this is to just
+use normal gsize everywhere instead and use gssize only for the
+parameter.
+
+Our computers don't have enough RAM to write tests for this. I tried
+forcing string->len to high values for test purposes, but this isn't
+valid and will just cause out of bounds reads/writes due to
+string->allocated_len being unexpectedly small, so I don't think we can
+test this easily.
+
+CVE: CVE-2025-4373
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/cc647f9e46d55509a93498af19659baf9c80f2e3]
+
+Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
+---
+ glib/gstring.c | 36 +++++++++++++++++++++++-------------
+ 1 file changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/glib/gstring.c b/glib/gstring.c
+index 9f04144..d016b65 100644
+--- a/glib/gstring.c
++++ b/glib/gstring.c
+@@ -490,8 +490,9 @@ g_string_insert_len (GString     *string,
+     return string;
+
+   if (len < 0)
+-    len = strlen (val);
+-  len_unsigned = len;
++    len_unsigned = strlen (val);
++  else
++    len_unsigned = len;
+
+   if (pos < 0)
+     pos_unsigned = string->len;
+@@ -788,10 +789,12 @@ g_string_insert_c (GString *string,
+   g_string_maybe_expand (string, 1);
+
+   if (pos < 0)
+-    pos = string->len;
++    pos_unsigned = string->len;
+   else
+-    g_return_val_if_fail ((gsize) pos <= string->len, string);
+-  pos_unsigned = pos;
++    {
++      pos_unsigned = pos;
++      g_return_val_if_fail (pos_unsigned <= string->len, string);
++    }
+
+   /* If not just an append, move the old stuff */
+   if (pos_unsigned < string->len)
+@@ -824,6 +827,7 @@ g_string_insert_unichar (GString  *string,
+                          gssize    pos,
+                          gunichar  wc)
+ {
++  gsize pos_unsigned;
+   gint charlen, first, i;
+   gchar *dest;
+
+@@ -865,15 +869,18 @@ g_string_insert_unichar (GString  *string,
+   g_string_maybe_expand (string, charlen);
+
+   if (pos < 0)
+-    pos = string->len;
++    pos_unsigned = string->len;
+   else
+-    g_return_val_if_fail ((gsize) pos <= string->len, string);
++    {
++      pos_unsigned = pos;
++      g_return_val_if_fail (pos_unsigned <= string->len, string);
++    }
+
+   /* If not just an append, move the old stuff */
+-  if ((gsize) pos < string->len)
+-    memmove (string->str + pos + charlen, string->str + pos, string->len - pos);
++  if (pos_unsigned < string->len)
++    memmove (string->str + pos_unsigned + charlen, string->str + pos_unsigned, string->len - pos_unsigned);
+
+-  dest = string->str + pos;
++  dest = string->str + pos_unsigned;
+   /* Code copied from g_unichar_to_utf() */
+   for (i = charlen - 1; i > 0; --i)
+     {
+@@ -931,6 +938,7 @@ g_string_overwrite_len (GString     *string,
+                         const gchar *val,
+                         gssize       len)
+ {
++  gssize len_unsigned;
+   gsize end;
+
+   g_return_val_if_fail (string != NULL, NULL);
+@@ -942,14 +950,16 @@ g_string_overwrite_len (GString     *string,
+   g_return_val_if_fail (pos <= string->len, string);
+
+   if (len < 0)
+-    len = strlen (val);
++    len_unsigned = strlen (val);
++  else
++    len_unsigned = len;
+
+-  end = pos + len;
++  end = pos + len_unsigned;
+
+   if (end > string->len)
+     g_string_maybe_expand (string, end - string->len);
+
+-  memcpy (string->str + pos, val, len);
++  memcpy (string->str + pos, val, len_unsigned);
+
+   if (end > string->len)
+     {
+--
+2.40.0
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-4373-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-4373-02.patch
new file mode 100644
index 0000000000..ea586c90dc
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-4373-02.patch
@@ -0,0 +1,29 @@
+From 4d435bb4809793c445846db8fb87e3c9184c4703 Mon Sep 17 00:00:00 2001
+From: Peter Bloomfield <peterbloomfield@bellsouth.net>
+Date: Fri, 11 Apr 2025 05:52:33 +0000
+Subject: [PATCH 2/2] gstring: Make len_unsigned unsigned
+
+CVE: CVE-2025-4373
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/4d435bb4809793c445846db8fb87e3c9184c4703]
+
+Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
+---
+ glib/gstring.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/glib/gstring.c b/glib/gstring.c
+index d016b65..d9ad0c3 100644
+--- a/glib/gstring.c
++++ b/glib/gstring.c
+@@ -938,7 +938,7 @@ g_string_overwrite_len (GString     *string,
+                         const gchar *val,
+                         gssize       len)
+ {
+-  gssize len_unsigned;
++  gsize len_unsigned;
+   gsize end;
+
+   g_return_val_if_fail (string != NULL, NULL);
+--
+2.40.0
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch
new file mode 100644
index 0000000000..1997f88f12
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch
@@ -0,0 +1,72 @@
+From 39af934b11ec7bb8f943ba963919816266a3316e Mon Sep 17 00:00:00 2001
+From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
+Date: Fri, 11 Oct 2024 09:38:52 +0100
+Subject: [PATCH 1/3] gdatetime test: Do not assume PST8PDT was always exactly
+ -8/-7
+
+In newer tzdata, it is an alias for America/Los_Angeles, which has a
+slightly different meaning: DST did not exist there before 1883. As a
+result, we can no longer hard-code the knowledge that interval 0 is
+standard time and interval 1 is summer time, and instead we need to look
+up the correct intervals from known timestamps.
+
+Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3502
+Bug-Debian: https://bugs.debian.org/1084190
+[smcv: expand commit message, fix whitespace]
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport
+[https://github.com/GNOME/glib/commit/c0619f08e6c608fd6464d2f0c6970ef0bbfb9ecf]
+
+Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
+---
+ glib/tests/gdatetime.c | 22 ++++++++++++++++------
+ 1 file changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
+index 141263b66..cfe00906d 100644
+--- a/glib/tests/gdatetime.c
++++ b/glib/tests/gdatetime.c
+@@ -2625,6 +2625,7 @@ test_posix_parse (void)
+ {
+   GTimeZone *tz;
+   GDateTime *gdt1, *gdt2;
++  gint i1, i2;
+ 
+   /* Check that an unknown zone name falls back to UTC. */
+   G_GNUC_BEGIN_IGNORE_DEPRECATIONS
+@@ -2648,16 +2649,25 @@ test_posix_parse (void)
+ 
+ /* This fails rules_from_identifier on Unix (though not on Windows)
+  * but passes anyway because PST8PDT is a zone name.
++ *
++ * Intervals i1 and i2 (rather than 0 and 1) are needed because in
++ * recent tzdata, PST8PDT may be an alias for America/Los_Angeles,
++ * and hence be aware that DST has not always existed.
++ * https://bugs.debian.org/1084190
+  */
+   tz = g_time_zone_new_identifier ("PST8PDT");
+   g_assert_nonnull (tz);
+   g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT");
+-  g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 0), ==, "PST");
+-  g_assert_cmpint (g_time_zone_get_offset (tz, 0), ==, - 8 * 3600);
+-  g_assert (!g_time_zone_is_dst (tz, 0));
+-  g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 1), ==, "PDT");
+-  g_assert_cmpint (g_time_zone_get_offset (tz, 1), ==,- 7 * 3600);
+-  g_assert (g_time_zone_is_dst (tz, 1));
++  /* a date in winter = non-DST */
++  i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0);
++  /* approximately 6 months in seconds, i.e. a date in summer = DST */
++  i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000);
++  g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST");
++  g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600);
++  g_assert (!g_time_zone_is_dst (tz, i1));
++  g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i2), ==, "PDT");
++  g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600);
++  g_assert (g_time_zone_is_dst (tz, i2));
+   g_time_zone_unref (tz);
+ 
+   tz = g_time_zone_new_identifier ("PST8PDT6:32:15");
+-- 
+2.34.1
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch
new file mode 100644
index 0000000000..b3d11b5076
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch
@@ -0,0 +1,65 @@
+From 27eb6eb01d5752c201dd2ec02f656463d12ebee0 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 18 Oct 2024 11:03:19 +0100
+Subject: [PATCH 2/3] gdatetime test: Try to make PST8PDT test more obviously
+ correct
+
+Instead of using timestamp 0 as a magic number (in this case interpreted
+as 1970-01-01T00:00:00-08:00), calculate a timestamp from a recent
+year/month/day in winter, in this case 2024-01-01T00:00:00-08:00.
+
+Similarly, instead of using a timestamp 15 million seconds later
+(1970-06-23T15:40:00-07:00), calculate a timestamp from a recent
+year/month/day in summer, in this case 2024-07-01T00:00:00-07:00.
+
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport
+[https://github.com/GNOME/glib/commit/30e9cfa5733003cd1079e0e9e8a4bff1a191171a]
+
+Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
+---
+ glib/tests/gdatetime.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
+index cfe00906d..22aa5112a 100644
+--- a/glib/tests/gdatetime.c
++++ b/glib/tests/gdatetime.c
+@@ -2649,19 +2649,16 @@ test_posix_parse (void)
+ 
+ /* This fails rules_from_identifier on Unix (though not on Windows)
+  * but passes anyway because PST8PDT is a zone name.
+- *
+- * Intervals i1 and i2 (rather than 0 and 1) are needed because in
+- * recent tzdata, PST8PDT may be an alias for America/Los_Angeles,
+- * and hence be aware that DST has not always existed.
+- * https://bugs.debian.org/1084190
+  */
+   tz = g_time_zone_new_identifier ("PST8PDT");
+   g_assert_nonnull (tz);
+   g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT");
+   /* a date in winter = non-DST */
+-  i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0);
+-  /* approximately 6 months in seconds, i.e. a date in summer = DST */
+-  i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000);
++  gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0);
++  i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1));
++  /* a date in summer = DST */
++  gdt2 = g_date_time_new (tz, 2024, 7, 1, 0, 0, 0);
++  i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, g_date_time_to_unix (gdt2));
+   g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST");
+   g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600);
+   g_assert (!g_time_zone_is_dst (tz, i1));
+@@ -2669,6 +2666,8 @@ test_posix_parse (void)
+   g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600);
+   g_assert (g_time_zone_is_dst (tz, i2));
+   g_time_zone_unref (tz);
++  g_date_time_unref (gdt1);
++  g_date_time_unref (gdt2);
+ 
+   tz = g_time_zone_new_identifier ("PST8PDT6:32:15");
+ #ifdef G_OS_WIN32
+-- 
+2.34.1
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch
new file mode 100644
index 0000000000..b9afad15c5
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch
@@ -0,0 +1,63 @@
+From 9dd5e9f49620f13a3eaf2b862b7aa3c680953f01 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 18 Oct 2024 11:23:42 +0100
+Subject: [PATCH 3/3] gdatetime test: Fall back if legacy System V PST8PDT is
+ not available
+
+On recent versions of Debian, PST8PDT is part of the tzdata-legacy
+package, which is not always installed and might disappear in future.
+Successfully tested with and without tzdata-legacy on Debian unstable.
+
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport
+[https://github.com/GNOME/glib/commit/fe2699369f79981dcf913af4cfd98b342b84a9c1]
+
+Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
+---
+ glib/tests/gdatetime.c | 19 +++++++++++++++++--
+ 1 file changed, 17 insertions(+), 2 deletions(-)
+
+diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
+index 22aa5112a..4e963b171 100644
+--- a/glib/tests/gdatetime.c
++++ b/glib/tests/gdatetime.c
+@@ -2626,6 +2626,7 @@ test_posix_parse (void)
+   GTimeZone *tz;
+   GDateTime *gdt1, *gdt2;
+   gint i1, i2;
++  const char *expect_id;
+ 
+   /* Check that an unknown zone name falls back to UTC. */
+   G_GNUC_BEGIN_IGNORE_DEPRECATIONS
+@@ -2648,11 +2649,25 @@ test_posix_parse (void)
+   g_time_zone_unref (tz);
+ 
+ /* This fails rules_from_identifier on Unix (though not on Windows)
+- * but passes anyway because PST8PDT is a zone name.
++ * but can pass anyway because PST8PDT is a legacy System V zone name.
+  */
+   tz = g_time_zone_new_identifier ("PST8PDT");
++  expect_id = "PST8PDT";
++
++#ifndef G_OS_WIN32
++  /* PST8PDT is in tzdata's "backward" set, packaged as tzdata-legacy and
++   * not always present in some OSs; fall back to the equivalent geographical
++   * name if the "backward" time zones are absent. */
++  if (tz == NULL)
++    {
++      g_test_message ("Legacy PST8PDT time zone not available, falling back");
++      tz = g_time_zone_new_identifier ("America/Los_Angeles");
++      expect_id = "America/Los_Angeles";
++    }
++#endif
++
+   g_assert_nonnull (tz);
+-  g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT");
++  g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, expect_id);
+   /* a date in winter = non-DST */
+   gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0);
+   i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1));
+-- 
+2.34.1
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
index 1a4278b1bc..e1a3b57270 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
@@ -17,8 +17,20 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \
            file://memory-monitor.patch \
            file://skip-timeout.patch \
+           file://CVE-2024-52533.patch \
+           file://gdatetime-test-fail-0001.patch \
+           file://gdatetime-test-fail-0002.patch \
+           file://gdatetime-test-fail-0003.patch \
+           file://CVE-2025-3360-01.patch \
+           file://CVE-2025-3360-02.patch \
+           file://CVE-2025-3360-03.patch \
+           file://CVE-2025-3360-04.patch \
+           file://CVE-2025-3360-05.patch \
+           file://CVE-2025-3360-06.patch \
+           file://CVE-2025-4373-01.patch \
+           file://CVE-2025-4373-02.patch \
            "
-SRC_URI:append:class-native = " file://relocate-modules.patch \ 
+SRC_URI:append:class-native = " file://relocate-modules.patch \
                                 file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
                               "
 
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index 955b22bc38..0130613936 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.39/master"
 PV = "2.39+git"
-SRCREV_glibc ?= "e8f521709731ce3ae8d6f1eca30135d5c0606f02"
+SRCREV_glibc ?= "06a70769fd0b2e1f2a3085ad50ab620282bd77b3"
 SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
diff --git a/meta/recipes-core/glibc/glibc-y2038-tests_2.39.bb b/meta/recipes-core/glibc/glibc-y2038-tests_2.39.bb
deleted file mode 100644
index be49ca4cb7..0000000000
--- a/meta/recipes-core/glibc/glibc-y2038-tests_2.39.bb
+++ /dev/null
@@ -1,119 +0,0 @@
-require glibc_${PV}.bb
-require glibc-tests.inc
-
-inherit ptest features_check
-REQUIRED_DISTRO_FEATURES = "ptest"
-
-SRC_URI += "\
-        file://run-ptest \
-"
-
-SUMMARY = "glibc tests using time32/time64 interfaces to be run with ptest for the purpose of checking y2038 compatiblity"
-
-# Erase some variables already set by glibc_${PV}
-python __anonymous() {
-       # Remove packages provided by glibc build, we only need a subset of them
-       d.setVar("PACKAGES", "${PN} ${PN}-ptest")
-
-       d.setVar("PROVIDES", "${PN} ${PN}-ptest")
-
-       bbclassextend = d.getVar("BBCLASSEXTEND").replace("nativesdk", "").strip()
-       d.setVar("BBCLASSEXTEND", bbclassextend)
-       d.setVar("RRECOMMENDS", "")
-       d.setVar("SYSTEMD_SERVICE:nscd", "")
-       d.setVar("SYSTEMD_PACKAGES", "")
-}
-
-# Remove any leftovers from original glibc recipe
-RPROVIDES:${PN} = "${PN}"
-RRECOMMENDS:${PN} = ""
-RDEPENDS:${PN} = "glibc libgcc sed bash"
-RDEPENDS:${PN}-ptest = "${PN}"
-DEPENDS += "sed"
-
-export oe_srcdir="${exec_prefix}/src/debug/glibc/${PV}/"
-
-# Just build tests for target - do not run them
-do_check:append () {
-        oe_runmake -i check run-built-tests=no
-}
-addtask do_check after do_compile before do_install_ptest_base
-
-glibc_strip_build_directory () {
-        # Delete all non executable files from build directory
-        find ${B} ! -executable -type f -delete
-
-        # Remove build dynamic libraries and links to them as
-        # those are already installed in the target device
-        find ${B} -type f -name "*.so" -delete
-        find ${B} -type l -name "*.so*" -delete
-
-        # Remove headers (installed with glibc)
-        find ${B} -type f -name "*.h" -delete
-
-        find ${B} -type f -name "isomac" -delete
-        find ${B} -type f -name "annexc" -delete
-}
-
-do_install_ptest_base () {
-        glibc_strip_build_directory
-
-        ls -r ${B}/*/*-time64 > ${B}/tst_time64
-
-        # Remove '-time64' suffix - those tests are also time related
-        sed -e "s/-time64$//" ${B}/tst_time64 > ${B}/tst_time_tmp
-        tst_time=$(cat ${B}/tst_time_tmp ${B}/tst_time64)
-
-        rm ${B}/tst_time_tmp ${B}/tst_time64
-        echo "${tst_time}"
-
-        # Install build test programs to the image
-        install -d ${D}${PTEST_PATH}/tests/glibc-ptest/
-
-        for f in "${tst_time}"
-        do
-            cp -r ${f} ${D}${PTEST_PATH}/tests/glibc-ptest/
-        done
-
-        install -d ${D}${PTEST_PATH}
-        cp ${WORKDIR}/run-ptest ${D}${PTEST_PATH}/
-
-}
-
-# The datadir directory is required to allow core (and reused)
-# glibc cleanup function to finish correctly, as this directory
-# is not created for ptests
-stash_locale_package_cleanup:prepend () {
-        mkdir -p ${PKGD}${datadir}
-}
-
-stash_locale_sysroot_cleanup:prepend () {
-        mkdir -p ${SYSROOT_DESTDIR}${datadir}
-}
-
-# Prevent the do_package() task to set 'libc6' prefix
-# for glibc tests related packages
-python populate_packages:prepend () {
-    if d.getVar('DEBIAN_NAMES'):
-        d.setVar('DEBIAN_NAMES', '')
-}
-
-FILES:${PN} = "${PTEST_PATH}/* /usr/src/debug/${PN}/*"
-
-EXCLUDE_FROM_SHLIBS = "1"
-
-# Install debug data in .debug and sources in /usr/src/debug
-# It is more handy to have _all_ the sources and symbols in one
-# place (package) as this recipe will be used for validation and
-# debugging.
-PACKAGE_DEBUG_SPLIT_STYLE = ".debug"
-
-# glibc test cases violate by default some Yocto/OE checks (staticdev,
-# textrel)
-# 'debug-files' - add everything (including debug) into one package
-#                 (no need to install/build *-src package)
-INSANE_SKIP:${PN} += "staticdev textrel debug-files rpaths"
-
-deltask do_stash_locale
-do_install[noexec] = "1"
-do_populate_sysroot[noexec] = "1"
diff --git a/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch b/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch
new file mode 100644
index 0000000000..736fc51f38
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch
@@ -0,0 +1,47 @@
+From 4f54b0dfc16dbe0df86afccb90e447df5f7f571e Mon Sep 17 00:00:00 2001
+From: Wilco Dijkstra <wilco.dijkstra@arm.com>
+Date: Mon, 18 Mar 2024 15:18:20 +0000
+Subject: [PATCH] stdlib: Add single-threaded fast path to rand()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Improve performance of rand() and __random() by adding a single-threaded
+fast path.  Bench-random-lock shows about 5x speedup on Neoverse V1.
+
+Upstream-Status: Backport [be0cfd848d9ad7378800d6302bc11467cf2b514f]
+
+Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
+Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
+---
+ stdlib/random.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/stdlib/random.c b/stdlib/random.c
+index 17cc61ba8f55..5d482a857065 100644
+--- a/stdlib/random.c
++++ b/stdlib/random.c
+@@ -51,6 +51,7 @@
+    SUCH DAMAGE.*/
+ 
+ #include <libc-lock.h>
++#include <sys/single_threaded.h>
+ #include <limits.h>
+ #include <stddef.h>
+ #include <stdlib.h>
+@@ -288,6 +289,12 @@ __random (void)
+ {
+   int32_t retval;
+ 
++  if (SINGLE_THREAD_P)
++    {
++      (void) __random_r (&unsafe_state, &retval);
++      return retval;
++    }
++
+   __libc_lock_lock (lock);
+ 
+   (void) __random_r (&unsafe_state, &retval);
+-- 
+2.34.1
+
diff --git a/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch b/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
index 9bdfa76318..411ca55d9f 100644
--- a/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
+++ b/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
@@ -14,6 +14,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  sysdeps/aarch64/bits/wordsize.h | 11 +++++++++--
  sysdeps/arm/bits/wordsize.h     | 22 +---------------------
  2 files changed, 10 insertions(+), 23 deletions(-)
+ mode change 100644 => 120000 sysdeps/arm/bits/wordsize.h
 
 diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/aarch64/bits/wordsize.h
 index 118e59172d..ff86359fe8 100644
diff --git a/meta/recipes-core/glibc/glibc/0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch b/meta/recipes-core/glibc/glibc/0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch
index b527ddffc8..9e27a51e41 100644
--- a/meta/recipes-core/glibc/glibc/0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch
+++ b/meta/recipes-core/glibc/glibc/0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch
@@ -17,7 +17,7 @@ diff --git a/support/Makefile b/support/Makefile
 index 362a51f882..56d2b37058 100644
 --- a/support/Makefile
 +++ b/support/Makefile
-@@ -228,9 +228,9 @@ libsupport-inhibit-o += .o
+@@ -229,9 +229,9 @@ libsupport-inhibit-o += .o
  endif
  
  CFLAGS-support_paths.c = \
diff --git a/meta/recipes-core/glibc/glibc/0023-qemu-stale-process.patch b/meta/recipes-core/glibc/glibc/0023-qemu-stale-process.patch
index c0a467fcec..7c44acb013 100644
--- a/meta/recipes-core/glibc/glibc/0023-qemu-stale-process.patch
+++ b/meta/recipes-core/glibc/glibc/0023-qemu-stale-process.patch
@@ -22,16 +22,16 @@ diff --git a/sysdeps/unix/sysv/linux/Makefile  b/sysdeps/unix/sysv/linux/Makefil
    tst-sigtimedwait \
    tst-sync_file_range \
    tst-sysconf-iov_max \
-@@ -233,6 +232,8 @@
+@@ -234,6 +233,8 @@ tests += \
    tst-timerfd \
    tst-ttyname-direct \
    tst-ttyname-namespace \
 +  # Skip this test to avoid stale qemu process
 +  # tst-scm_rights \
    # tests
-
+ 
  # process_madvise requires CAP_SYS_ADMIN.
-@@ -270,9 +271,10 @@
+@@ -271,9 +272,10 @@ tests-time64 += \
    tst-ntp_gettimex-time64 \
    tst-ppoll-time64 \
    tst-prctl-time64 \
@@ -41,5 +41,5 @@ diff --git a/sysdeps/unix/sysv/linux/Makefile  b/sysdeps/unix/sysv/linux/Makefil
 +  # Skip this test to avoid stale qemu process
 +  # tst-scm_rights-time64 \
    # tests-time64
-
+ 
  tests-clone-internal = \
diff --git a/meta/recipes-core/glibc/glibc/run-ptest b/meta/recipes-core/glibc/glibc/run-ptest
deleted file mode 100755
index cb71c75682..0000000000
--- a/meta/recipes-core/glibc/glibc/run-ptest
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-# ptest script for glibc - to run time related tests to
-# facilitate Y2038 validation
-# Run with 'ptest-runner glibc-tests'
-
-output() {
-  retcode=$?
-  if [ $retcode -eq 0 ]
-    then echo "PASS: $i"
-  elif [ $retcode -eq 77 ]
-    then echo "SKIP: $i"
-  else echo "FAIL: $i"
-  fi
-}
-
-# Allow altering time on the target
-export GLIBC_TEST_ALLOW_TIME_SETTING="1"
-
-tst_time64=$(ls -r ${PWD}/tests/glibc-ptest/*-time64)
-
-# Remove '-time64' suffix - those tests are also time
-# related
-tst_time_tmp=$(sed -e "s/-time64$//" <<< ${tst_time64})
-
-# Do not run tests supporting only 32 bit time
-#for i in ${tst_time_tmp}
-#do
-#       $i >/dev/null 2>&1
-#       output
-#done
-
-# Run tests supporting only 64 bit time
-for i in ${tst_time64}
-do
-        $i >/dev/null 2>&1
-        output
-done
diff --git a/meta/recipes-core/glibc/glibc_2.39.bb b/meta/recipes-core/glibc/glibc_2.39.bb
index 2484ae1cd9..c87eb76f41 100644
--- a/meta/recipes-core/glibc/glibc_2.39.bb
+++ b/meta/recipes-core/glibc/glibc_2.39.bb
@@ -17,7 +17,8 @@ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, m
 easier access for another. 'ASLR bypass itself is not a vulnerability.'"
 
 CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
-CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602"
+CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2025-0395 \
+    CVE-2025-4802 CVE-2025-5702"
 CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash"
 
 DEPENDS += "gperf-native bison-native"
@@ -53,6 +54,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
            file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \
            file://0023-qemu-stale-process.patch \
+           file://0001-stdlib-Add-single-threaded-fast-path-to-rand.patch \
 "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index 9c29cf600d..fc942e3565 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -26,7 +26,7 @@ inherit core-image setuptools3 features_check
 
 REQUIRED_DISTRO_FEATURES += "xattr"
 
-SRCREV ?= "bf88a67b45235236d6655dce604e632eb94a813c"
+SRCREV ?= "1c462cc39e557276861323b7adcef4fedbdf75e9"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=scarthgap \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \
diff --git a/meta/recipes-core/initscripts/initscripts-1.0/functions b/meta/recipes-core/initscripts/initscripts-1.0/functions
index 35aebd4a55..7fc19c808b 100755
--- a/meta/recipes-core/initscripts/initscripts-1.0/functions
+++ b/meta/recipes-core/initscripts/initscripts-1.0/functions
@@ -92,3 +92,24 @@ passed() {
     echo -n -e "${BRACKET}[${SUCCESS} PASS ${BRACKET}]${NORMAL}"
     return $rc
 }
+
+log_success_msg()
+{
+    echo -n $@
+    success
+    echo
+}
+
+log_failure_msg()
+{
+    echo -n $@
+    failure
+    echo
+}
+
+log_warning_msg()
+{
+    echo -n $@
+    warning
+    echo
+}
diff --git a/meta/recipes-core/initscripts/initscripts_1.0.bb b/meta/recipes-core/initscripts/initscripts_1.0.bb
index e61ac554f3..56ee65ac5b 100644
--- a/meta/recipes-core/initscripts/initscripts_1.0.bb
+++ b/meta/recipes-core/initscripts/initscripts_1.0.bb
@@ -53,7 +53,6 @@ RDEPENDS:${PN} = "initd-functions \
 # Recommend pn-functions so that it will be a preferred default provider for initd-functions
 RRECOMMENDS:${PN} = "${PN}-functions"
 RPROVIDES:${PN}-functions = "initd-functions"
-RCONFLICTS:${PN}-functions = "lsbinitscripts"
 FILES:${PN}-functions = "${sysconfdir}/init.d/functions*"
 FILES:${PN}-sushell = "${base_sbindir}/sushell"
 
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-32414.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-32414.patch
new file mode 100644
index 0000000000..97bf75f059
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2025-32414.patch
@@ -0,0 +1,74 @@
+From d7657811964eac1cb9743bb98649278ad948f0d2 Mon Sep 17 00:00:00 2001
+From: Maks Verver <maks@verver.ch>
+Date: Tue, 8 Apr 2025 13:13:55 +0200
+Subject: [PATCH] [CVE-2025-32414] python: Read at most len/4 characters.
+
+Fixes #889 by reserving space in the buffer for UTF-8 encoding of text.
+
+CVE: CVE-2025-32414
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/d7657811964eac1cb9743bb98649278ad948f0d2]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ python/libxml.c | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/python/libxml.c b/python/libxml.c
+index 1fe8d685..2bf14078 100644
+--- a/python/libxml.c
++++ b/python/libxml.c
+@@ -248,7 +248,9 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) {
+ 
+     file = (PyObject *) context;
+     if (file == NULL) return(-1);
+-    ret = PyObject_CallMethod(file, (char *) "read", (char *) "(i)", len);
++    /* When read() returns a string, the length is in characters not bytes, so
++       request at most len / 4 characters to leave space for UTF-8 encoding. */
++    ret = PyObject_CallMethod(file, (char *) "read", (char *) "(i)", len / 4);
+     if (ret == NULL) {
+        printf("xmlPythonFileReadRaw: result is NULL\n");
+        return(-1);
+@@ -283,10 +285,12 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) {
+        Py_DECREF(ret);
+        return(-1);
+     }
+-    if (lenread > len)
+-       memcpy(buffer, data, len);
+-    else
+-       memcpy(buffer, data, lenread);
++    if (lenread < 0 || lenread > len) {
++       printf("xmlPythonFileReadRaw: invalid lenread\n");
++       Py_DECREF(ret);
++       return(-1);
++    }
++    memcpy(buffer, data, lenread);
+     Py_DECREF(ret);
+     return(lenread);
+ }
+@@ -310,7 +314,9 @@ xmlPythonFileRead (void * context, char * buffer, int len) {
+ 
+     file = (PyObject *) context;
+     if (file == NULL) return(-1);
+-    ret = PyObject_CallMethod(file, (char *) "io_read", (char *) "(i)", len);
++    /* When io_read() returns a string, the length is in characters not bytes, so
++       request at most len / 4 characters to leave space for UTF-8 encoding. */
++    ret = PyObject_CallMethod(file, (char *) "io_read", (char *) "(i)", len / 4);
+     if (ret == NULL) {
+        printf("xmlPythonFileRead: result is NULL\n");
+        return(-1);
+@@ -345,10 +351,12 @@ xmlPythonFileRead (void * context, char * buffer, int len) {
+        Py_DECREF(ret);
+        return(-1);
+     }
+-    if (lenread > len)
+-       memcpy(buffer, data, len);
+-    else
+-       memcpy(buffer, data, lenread);
++    if (lenread < 0 || lenread > len) {
++       printf("xmlPythonFileRead: invalid lenread\n");
++       Py_DECREF(ret);
++       return(-1);
++    }
++    memcpy(buffer, data, lenread);
+     Py_DECREF(ret);
+     return(lenread);
+ }
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch
new file mode 100644
index 0000000000..d8ff654a23
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch
@@ -0,0 +1,39 @@
+From 384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 6 Apr 2025 12:41:11 +0200
+Subject: [PATCH] [CVE-2025-32415] schemas: Fix heap buffer overflow in
+ xmlSchemaIDCFillNodeTables
+
+Don't use local variable which could contain a stale value.
+
+Fixes #890.
+
+CVE: CVE-2025-32415
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ xmlschemas.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 28b14bd4..428e3c82 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -23324,7 +23324,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
+                        j++;
+                    } while (j < nbDupls);
+                }
+-               if (nbNodeTable) {
++               if (bind->nbNodes) {
+                    j = 0;
+                    do {
+                        if (nbFields == 1) {
+@@ -23375,7 +23375,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
+ 
+ next_node_table_entry:
+                        j++;
+-                   } while (j < nbNodeTable);
++                   } while (j < bind->nbNodes);
+                }
+                /*
+                * If everything is fine, then add the IDC target-node to
diff --git a/meta/recipes-core/libxml/libxml2_2.12.8.bb b/meta/recipes-core/libxml/libxml2_2.12.10.bb
index fb103f0273..2eea65732b 100644
--- a/meta/recipes-core/libxml/libxml2_2.12.8.bb
+++ b/meta/recipes-core/libxml/libxml2_2.12.10.bb
@@ -18,9 +18,11 @@ inherit gnomebase
 SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testtar \
            file://run-ptest \
            file://install-tests.patch \
+           file://CVE-2025-32414.patch \
+           file://CVE-2025-32415.patch \
            "
 
-SRC_URI[archive.sha256sum] = "43ad877b018bc63deb2468d71f95219c2fac196876ef36d1bee51d226173ec93"
+SRC_URI[archive.sha256sum] = "c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995"
 SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
 
 # Disputed as a security issue, but fixed in d39f780
diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb
index e2ce5b3ecf..8e78169e23 100644
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -73,12 +73,6 @@ create_sdk_files:append () {
         touch $script
         echo 'export PATH="${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH"' >> $script
         echo 'export OECORE_NATIVE_SYSROOT="${SDKPATHNATIVE}"' >> $script
-        if [ -e "${SDK_OUTPUT}${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt" ]; then
-                echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
-                echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
-                echo 'export REQUESTS_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
-                echo 'export CURL_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
-        fi
         echo 'HOST_PKG_PATH=$(command -p pkg-config --variable=pc_path pkg-config 2>/dev/null)' >>$script
         echo 'export PKG_CONFIG_LIBDIR=${SDKPATHNATIVE}/${libdir}/pkgconfig:${SDKPATHNATIVE}/${datadir}/pkgconfig:${HOST_PKG_PATH:-/usr/lib/pkgconfig:/usr/share/pkgconfig}' >>$script
         echo 'unset HOST_PKG_PATH'
@@ -86,14 +80,35 @@ create_sdk_files:append () {
         toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS}
 
         cat >> $script <<EOF
+# Detect host ca file/path, export for envfile to use
+# /etc/ssl/certs/ca-certificates.crt Debian systems
+# /etc/pki/tls/certs/ca-bundle.crt Fedora systems
+# /etc/ssl/ca-bundle.pem Suse systems
+export CAFILE
+export CAPATH
+for a in /etc/ssl/certs/ca-certificates.crt \
+    /etc/pki/tls/certs/ca-bundle.crt \
+    /etc/ssl/ca-bundle.pem ; do
+    if test -f "\$a"; then
+        CAFILE="\$a"
+        break
+    fi
+done
+
+a="/etc/ssl/certs"
+if test -d "\$a" && ls "\$a"/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].0 >/dev/null 2>/dev/null; then
+    CAPATH="\$a"
+fi
+
 if [ -d "\$OECORE_NATIVE_SYSROOT/environment-setup.d" ]; then
         for envfile in \$OECORE_NATIVE_SYSROOT/environment-setup.d/*.sh; do
                 . \$envfile
         done
 fi
+
 # We have to unset this else it can confuse oe-selftest and other tools
 # which may also use the overlapping namespace.
-unset OECORE_NATIVE_SYSROOT
+unset OECORE_NATIVE_SYSROOT CAFILE CAPATH
 EOF
 
         if [ "${SDKMACHINE}" = "i686" ]; then
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 1901641965..945bd1d927 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -8,7 +8,6 @@ INHIBIT_DEFAULT_DEPS = "1"
 
 inherit native
 
-deltask do_unpack
 deltask do_patch
 deltask do_configure
 deltask do_compile
@@ -35,7 +34,9 @@ CVE_DB_INCR_UPDATE_AGE_THRES ?= "10368000"
 # Number of attempts for each http query to nvd server before giving up
 CVE_DB_UPDATE_ATTEMPTS ?= "5"
 
-CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db"
+CVE_CHECK_DB_DLDIR_FILE ?= "${DL_DIR}/CVE_CHECK/${CVE_CHECK_DB_FILENAME}"
+CVE_CHECK_DB_DLDIR_LOCK ?= "${CVE_CHECK_DB_DLDIR_FILE}.lock"
+CVE_CHECK_DB_TEMP_FILE ?= "${CVE_CHECK_DB_FILE}.tmp"
 
 python () {
     if not bb.data.inherits_class("cve-check", d):
@@ -52,9 +53,9 @@ python do_fetch() {
 
     bb.utils.export_proxies(d)
 
-    db_file = d.getVar("CVE_CHECK_DB_FILE")
+    db_file = d.getVar("CVE_CHECK_DB_DLDIR_FILE")
     db_dir = os.path.dirname(db_file)
-    db_tmp_file = d.getVar("CVE_DB_TEMP_FILE")
+    db_tmp_file = d.getVar("CVE_CHECK_DB_TEMP_FILE")
 
     cleanup_db_download(db_file, db_tmp_file)
     # By default let's update the whole database (since time 0)
@@ -67,6 +68,8 @@ python do_fetch() {
         update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
         if update_interval < 0:
             bb.note("CVE database update skipped")
+            if not os.path.exists(db_file):
+                bb.error("CVE database %s not present, database fetch/update skipped" % db_file)
             return
         if time.time() - os.path.getmtime(db_file) < update_interval:
             bb.note("CVE database recently updated, skipping")
@@ -76,7 +79,11 @@ python do_fetch() {
     except OSError:
         pass
 
+    if bb.utils.to_boolean(d.getVar("BB_NO_NETWORK")):
+        bb.error("BB_NO_NETWORK attempted to disable fetch, this recipe uses CVE_DB_UPDATE_INTERVAL to control download, set to '-1' to disable fetch or update")
+
     bb.utils.mkdirhier(db_dir)
+    bb.utils.mkdirhier(os.path.dirname(db_tmp_file))
     if os.path.exists(db_file):
         shutil.copy2(db_file, db_tmp_file)
 
@@ -89,10 +96,16 @@ python do_fetch() {
         os.remove(db_tmp_file)
 }
 
-do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
+do_fetch[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK}"
 do_fetch[file-checksums] = ""
 do_fetch[vardeps] = ""
 
+python do_unpack() {
+    import shutil
+    shutil.copyfile(d.getVar("CVE_CHECK_DB_DLDIR_FILE"), d.getVar("CVE_CHECK_DB_FILE"))
+}
+do_unpack[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK} ${CVE_CHECK_DB_FILE_LOCK}"
+
 def cleanup_db_download(db_file, db_tmp_file):
     """
     Cleanup the download space from possible failed downloads
@@ -216,6 +229,11 @@ def update_db_file(db_tmp_file, d, database_time):
                 # We haven't managed to download data
                 return False
 
+            # hack for json5 style responses
+            if raw_data[-3:] == ',]}':
+                bb.note("Removing trailing ',' from nvd response")
+                raw_data = raw_data[:-3] + ']}'
+
             data = json.loads(raw_data)
 
             index = data["startIndex"]
@@ -247,7 +265,7 @@ def initialize_db(conn):
         c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
 
         c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
-            SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)")
+            SCOREV2 TEXT, SCOREV3 TEXT, SCOREV4 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)")
 
         c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
             VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
@@ -323,7 +341,7 @@ def update_db(conn, elt):
     accessVector = None
     vectorString = None
     cveId = elt['cve']['id']
-    if elt['cve']['vulnStatus'] ==  "Rejected":
+    if elt['cve'].get('vulnStatus') ==  "Rejected":
         c = conn.cursor()
         c.execute("delete from PRODUCTS where ID = ?;", [cveId])
         c.execute("delete from NVD where ID = ?;", [cveId])
@@ -353,12 +371,18 @@ def update_db(conn, elt):
         cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore']
     except KeyError:
         pass
+    cvssv3 = cvssv3 or 0.0
+    try:
+        accessVector = accessVector or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['attackVector']
+        vectorString = vectorString or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['vectorString']
+        cvssv4 = elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['baseScore']
+    except KeyError:
+        cvssv4 = 0.0
     accessVector = accessVector or "UNKNOWN"
     vectorString = vectorString or "UNKNOWN"
-    cvssv3 = cvssv3 or 0.0
 
-    conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)",
-                [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close()
+    conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?, ?)",
+                [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close()
 
     try:
         # Remove any pre-existing CVE configuration. Even for partial database
diff --git a/meta/recipes-core/meta/meta-ide-support.bb b/meta/recipes-core/meta/meta-ide-support.bb
index d85aa120c0..7ed422ce4d 100644
--- a/meta/recipes-core/meta/meta-ide-support.bb
+++ b/meta/recipes-core/meta/meta-ide-support.bb
@@ -1,6 +1,7 @@
 SUMMARY = "Integrated Development Environment support"
 DESCRIPTION = "Meta package for ensuring the build directory contains all appropriate toolchain packages for using an IDE"
 LICENSE = "MIT"
+PACKAGE_ARCH = "${MACHINE_ARCH}"
 
 DEPENDS = "virtual/libc gdb-cross-${TARGET_ARCH} qemu-native qemu-helper-native unfs3-native cmake-native autoconf-native automake-native meson-native intltool-native pkgconfig-native"
 RM_WORK_EXCLUDE += "${PN}"
diff --git a/meta/recipes-core/meta/meta-world-pkgdata.bb b/meta/recipes-core/meta/meta-world-pkgdata.bb
index 0438bf6138..954675f383 100644
--- a/meta/recipes-core/meta/meta-world-pkgdata.bb
+++ b/meta/recipes-core/meta/meta-world-pkgdata.bb
@@ -27,6 +27,7 @@ python do_collect_packagedata() {
     oe.copy_buildsystem.generate_locked_sigs(sigfile, d)
 }
 
+inherit nopackages
 deltask do_fetch
 deltask do_unpack
 deltask do_patch
diff --git a/meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch b/meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch
new file mode 100644
index 0000000000..264820138f
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch
@@ -0,0 +1,51 @@
+From 150ea3ea4c821b133a782eeb33ef2a9c8fd8d7c3 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Fri, 22 Nov 2024 13:05:57 +0800
+Subject: [PATCH] MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount
+
+REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
+
+Attacker able to modify physical memory and ResumeCount.
+System will crash/DoS when ResumeCount reaches its MAX_UINT32.
+
+Cc: Zhiguang Liu <zhiguang.liu@intel.com>
+Cc: Dandan Bi <dandan.bi@intel.com>
+Cc: Liming Gao <gaoliming@byosoft.com.cn>
+
+Signed-off-by: Pakkirisamy ShanmugavelX <shanmugavelx.pakkirisamy@intel.com>
+Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
+
+CVE: CVE-2024-1298
+Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/284dbac43da752ee34825c8b3f6f9e8281cb5a19]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ .../FirmwarePerformancePei.c                         | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
+index 2f2b2a8..2ba9215 100644
+--- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
++++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
+@@ -112,11 +112,15 @@ FpdtStatusCodeListenerPei (
+   //

+   S3ResumeTotal = MultU64x32 (AcpiS3ResumeRecord->AverageResume, AcpiS3ResumeRecord->ResumeCount);

+   AcpiS3ResumeRecord->ResumeCount++;

+-  AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);

++  if (AcpiS3ResumeRecord->ResumeCount > 0) {

++    AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);

++    DEBUG ((DEBUG_INFO, "\nFPDT: S3 Resume Performance - AverageResume = 0x%x\n", AcpiS3ResumeRecord->AverageResume));

++  } else {

++    DEBUG ((DEBUG_ERROR, "\nFPDT: S3 ResumeCount reaches the MAX_UINT32 value. S3 ResumeCount record reset to Zero."));

++  }

+ 

+-  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount   = %d\n", AcpiS3ResumeRecord->ResumeCount));

+-  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume    = %ld\n", AcpiS3ResumeRecord->FullResume));

+-  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - AverageResume = %ld\n", AcpiS3ResumeRecord->AverageResume));

++  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount   = 0x%x\n", AcpiS3ResumeRecord->ResumeCount));

++  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume    = 0x%x\n", AcpiS3ResumeRecord->FullResume));

+ 

+   //

+   // Update S3 Suspend Performance Record.

+-- 
+2.34.1
+
diff --git a/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch b/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
new file mode 100644
index 0000000000..c6e15c5069
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
@@ -0,0 +1,36 @@
+From 5f7bd3f3c4747d5bb2733f017f8c5b93b63a74e3 Mon Sep 17 00:00:00 2001
+From: Doug Flick <dougflick@microsoft.com>
+Date: Fri, 22 Nov 2024 13:03:33 +0800
+Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
+
+The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
+also a UINT32 value. The current code does not check for overflow when
+adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
+check to ensure that the addition does not overflow.
+
+Signed-off-by: Doug Flick <dougflick@microsoft.com>
+Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
+
+CVE: CVE-2024-38796
+Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/c95233b8525ca6828921affd1496146cff262e65]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+index 86ff2e7..128090d 100644
+--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
++++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
+     RelocDir = &Hdr.Te->DataDirectory[0];

+   }

+ 

+-  if ((RelocDir != NULL) && (RelocDir->Size > 0)) {

++  if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {

+     RelocBase    = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);

+     RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (

+                                                   ImageContext,

+-- 
+2.34.1
+
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 35ca8d1834..319f03a8d2 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -24,6 +24,8 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
            file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
            file://0003-debug-prefix-map.patch \
            file://0004-reproducible.patch \
+           file://0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch \
+           file://0001-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch \
            "
 
 PV = "edk2-stable202402"
@@ -223,6 +225,7 @@ do_compile:class-target() {
 
 do_install:class-native() {
     install -d ${D}/${bindir}/edk2_basetools
+    find ${S}/BaseTools -name \*.pyc -exec rm -rf \{\} \;
     cp -r ${S}/BaseTools ${D}/${bindir}/${EDK_TOOLS_DIR}
 }
 
diff --git a/meta/recipes-core/systemd/systemd-boot-native_255.4.bb b/meta/recipes-core/systemd/systemd-boot-native_255.21.bb
index 73db59b14e..73db59b14e 100644
--- a/meta/recipes-core/systemd/systemd-boot-native_255.4.bb
+++ b/meta/recipes-core/systemd/systemd-boot-native_255.21.bb
diff --git a/meta/recipes-core/systemd/systemd-boot_255.4.bb b/meta/recipes-core/systemd/systemd-boot_255.21.bb
index 4ee25ee72f..397316fe9b 100644
--- a/meta/recipes-core/systemd/systemd-boot_255.4.bb
+++ b/meta/recipes-core/systemd/systemd-boot_255.21.bb
@@ -3,7 +3,7 @@ FILESEXTRAPATHS =. "${FILE_DIRNAME}/systemd:"
 
 require conf/image-uefi.conf
 
-DEPENDS = "intltool-native libcap util-linux gperf-native python3-jinja2-native python3-pyelftools-native"
+DEPENDS = "libcap util-linux gperf-native python3-jinja2-native python3-pyelftools-native"
 
 inherit meson pkgconfig gettext
 inherit deploy
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index a35db5091e..28392b6b09 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -15,7 +15,7 @@ LICENSE:libsystemd = "LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
                     file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
 
-SRCREV = "387a14a7b67b8b76adaed4175e14bb7e39b2f738"
+SRCREV = "70500d37992a01d3275b1c414c3ed161d6f91f9e"
 SRCBRANCH = "v255-stable"
 SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}"
 
diff --git a/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch b/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
index 2aa5dee6b5..22f0468460 100644
--- a/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
+++ b/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
@@ -1,7 +1,7 @@
-From 01195eb9f7d59139fb45df506ac6b3968c14a57f Mon Sep 17 00:00:00 2001
+From b270af4c086d254758fdcd1d294b15a555a4b3ea Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 13:55:12 +0800
-Subject: [PATCH 01/22] missing_type.h: add comparison_fn_t
+Subject: [PATCH] missing_type.h: add comparison_fn_t
 
 Make it work with musl where comparison_fn_t and is not provided.
 
@@ -56,6 +56,3 @@ index ae91534198..7f67eea38b 100644
  
  const char * const catalog_file_dirs[] = {
          "/usr/local/lib/systemd/catalog/",
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch b/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
index 900a931632..6cce960299 100644
--- a/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
+++ b/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
@@ -1,7 +1,7 @@
-From 872b72739e62123867ce6c4f82aa37de24cc3f75 Mon Sep 17 00:00:00 2001
+From 0660aea3d7c8058d73c9f7b2971f4daf35dd7a32 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Sat, 22 May 2021 20:26:24 +0200
-Subject: [PATCH 02/22] add fallback parse_printf_format implementation
+Subject: [PATCH] add fallback parse_printf_format implementation
 
 Upstream-Status: Inappropriate [musl specific]
 
@@ -22,10 +22,10 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  create mode 100644 src/basic/parse-printf-format.h
 
 diff --git a/meson.build b/meson.build
-index 7419e2b0b0..01fd3ffc19 100644
+index 8c16c1c5c0..408d2ab80a 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -725,6 +725,7 @@ endif
+@@ -732,6 +732,7 @@ endif
  foreach header : ['crypt.h',
                    'linux/memfd.h',
                    'linux/vm_sockets.h',
@@ -34,7 +34,7 @@ index 7419e2b0b0..01fd3ffc19 100644
                    'threads.h',
                    'valgrind/memcheck.h',
 diff --git a/src/basic/meson.build b/src/basic/meson.build
-index d7450d8b44..c3e3daf4bd 100644
+index 111253e3a5..bdaa2fc5e4 100644
 --- a/src/basic/meson.build
 +++ b/src/basic/meson.build
 @@ -183,6 +183,11 @@ endforeach
@@ -429,6 +429,3 @@ index be23b2fe75..69a2eb6404 100644
  
  #define SNDBUF_SIZE (8*1024*1024)
  
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch b/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
index be231cf6b2..4472dda2e8 100644
--- a/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
+++ b/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
@@ -1,8 +1,8 @@
-From 29a58009a172e369ad7166e16dab2f4945c6b0d2 Mon Sep 17 00:00:00 2001
+From edc39fe19419120f70341cd50d4d097a514ac9cb Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Thu, 21 Feb 2019 16:23:24 +0800
-Subject: [PATCH 1/2] binfmt: Don't install dependency links at install time
- for the binfmt services
+Subject: [PATCH] binfmt: Don't install dependency links at install time for
+ the binfmt services
 
 use [Install] blocks so that they get created when the service is enabled
 like a traditional service.
@@ -74,6 +74,3 @@ index 6861c76674..531e9fbd90 100644
 +
 +[Install]
 +WantedBy=sysinit.target
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch b/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
index 5595b5bc23..715a0c7ec8 100644
--- a/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
+++ b/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
@@ -1,7 +1,10 @@
-From 87f1d38f40c5fe9cadf2b2de442473e4e5605788 Mon Sep 17 00:00:00 2001
+From c728a728cd54c372162f5447aa94921efb0c35f0 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 14:18:21 +0800
-Subject: [PATCH 03/22] src/basic/missing.h: check for missing strndupa
+Subject: [PATCH] src/basic/missing.h: check for missing strndupa
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 
 include missing.h  for definition of strndupa
 
@@ -20,6 +23,8 @@ Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
 [Rebased for v254]
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 [Rebased for v255.1]
+Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
+[Rebased for v255.14]
 ---
  meson.build                                |  1 +
  src/backlight/backlight.c                  |  1 +
@@ -75,10 +80,10 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
  51 files changed, 62 insertions(+)
 
 diff --git a/meson.build b/meson.build
-index 01fd3ffc19..61a872b753 100644
+index 408d2ab80a..2c00b7047f 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -567,6 +567,7 @@ foreach ident : ['secure_getenv', '__secure_getenv']
+@@ -572,6 +572,7 @@ foreach ident : ['secure_getenv', '__secure_getenv']
  endforeach
  
  foreach ident : [
@@ -87,7 +92,7 @@ index 01fd3ffc19..61a872b753 100644
          ['gettid',            '''#include <sys/types.h>
                                   #include <unistd.h>'''],
 diff --git a/src/backlight/backlight.c b/src/backlight/backlight.c
-index 5ac9f904a9..99d5122dd7 100644
+index b2032adaa5..ee9201826d 100644
 --- a/src/backlight/backlight.c
 +++ b/src/backlight/backlight.c
 @@ -20,6 +20,7 @@
@@ -99,7 +104,7 @@ index 5ac9f904a9..99d5122dd7 100644
  #define PCI_CLASS_GRAPHICS_CARD 0x30000
  
 diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index 18b16ecc0e..d2be79622f 100644
+index e978bd3eff..d08c903c3b 100644
 --- a/src/basic/cgroup-util.c
 +++ b/src/basic/cgroup-util.c
 @@ -38,6 +38,7 @@
@@ -111,7 +116,7 @@ index 18b16ecc0e..d2be79622f 100644
  static int cg_enumerate_items(const char *controller, const char *path, FILE **ret, const char *item) {
          _cleanup_free_ char *fs = NULL;
 diff --git a/src/basic/env-util.c b/src/basic/env-util.c
-index d3bf73385f..16b17358ca 100644
+index a97651d7af..09fa601250 100644
 --- a/src/basic/env-util.c
 +++ b/src/basic/env-util.c
 @@ -19,6 +19,7 @@
@@ -123,7 +128,7 @@ index d3bf73385f..16b17358ca 100644
  /* We follow bash for the character set. Different shells have different rules. */
  #define VALID_BASH_ENV_NAME_CHARS               \
 diff --git a/src/basic/log.c b/src/basic/log.c
-index 1470611a75..9924ec2b9a 100644
+index ade6c8b089..0ba68b2119 100644
 --- a/src/basic/log.c
 +++ b/src/basic/log.c
 @@ -40,6 +40,7 @@
@@ -167,7 +172,7 @@ index c770e5ed32..1fd8816cd0 100644
  int mkdirat_safe_internal(
                  int dir_fd,
 diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c
-index bf67f7e01a..409f8d8a73 100644
+index 51fbe4ed84..26626c1499 100644
 --- a/src/basic/mountpoint-util.c
 +++ b/src/basic/mountpoint-util.c
 @@ -18,6 +18,7 @@
@@ -191,7 +196,7 @@ index 0430e33e40..f3728de026 100644
  int parse_boolean(const char *v) {
          if (!v)
 diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c
-index 4e3d59fc56..726e240df0 100644
+index d76705bd4b..149fb249d0 100644
 --- a/src/basic/path-lookup.c
 +++ b/src/basic/path-lookup.c
 @@ -16,6 +16,7 @@
@@ -239,7 +244,7 @@ index d7cfcd9105..6cb0ddf575 100644
  int procfs_get_pid_max(uint64_t *ret) {
          _cleanup_free_ char *value = NULL;
 diff --git a/src/basic/time-util.c b/src/basic/time-util.c
-index f9014dc560..1d7840a5b5 100644
+index 0c2d739977..5c150806a0 100644
 --- a/src/basic/time-util.c
 +++ b/src/basic/time-util.c
 @@ -27,6 +27,7 @@
@@ -251,7 +256,7 @@ index f9014dc560..1d7840a5b5 100644
  static clockid_t map_clock_id(clockid_t c) {
  
 diff --git a/src/boot/bless-boot.c b/src/boot/bless-boot.c
-index 0c0b4f23c7..68fe5ca509 100644
+index 12dfdf76fa..e66332519a 100644
 --- a/src/boot/bless-boot.c
 +++ b/src/boot/bless-boot.c
 @@ -22,6 +22,7 @@
@@ -263,7 +268,7 @@ index 0c0b4f23c7..68fe5ca509 100644
  static char **arg_path = NULL;
  
 diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
-index 4237e694c0..05f9d9d9a9 100644
+index b3baf03afc..7404784a01 100644
 --- a/src/core/dbus-cgroup.c
 +++ b/src/core/dbus-cgroup.c
 @@ -25,6 +25,7 @@
@@ -275,7 +280,7 @@ index 4237e694c0..05f9d9d9a9 100644
  
  BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", CGroupTasksMax, cgroup_tasks_max_resolve);
 diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
-index 4daa1cefd3..2c77901471 100644
+index 71b07a6ec1..174a94e8a0 100644
 --- a/src/core/dbus-execute.c
 +++ b/src/core/dbus-execute.c
 @@ -42,6 +42,7 @@
@@ -287,10 +292,10 @@ index 4daa1cefd3..2c77901471 100644
  BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output, exec_output, ExecOutput);
  static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input, exec_input, ExecInput);
 diff --git a/src/core/dbus-util.c b/src/core/dbus-util.c
-index d680a64268..e59f48103e 100644
+index 7bb026af48..a86128e40c 100644
 --- a/src/core/dbus-util.c
 +++ b/src/core/dbus-util.c
-@@ -9,6 +9,7 @@
+@@ -10,6 +10,7 @@
  #include "unit-printf.h"
  #include "user-util.h"
  #include "unit.h"
@@ -299,7 +304,7 @@ index d680a64268..e59f48103e 100644
  int bus_property_get_triggered_unit(
                  sd_bus *bus,
 diff --git a/src/core/execute.c b/src/core/execute.c
-index ef0bf88687..bd3da0c401 100644
+index aa179fd57e..1ee9f4526b 100644
 --- a/src/core/execute.c
 +++ b/src/core/execute.c
 @@ -72,6 +72,7 @@
@@ -323,7 +328,7 @@ index b8e3f7aadd..8ce8ca68d8 100644
  #if HAVE_KMOD
  #include "module-util.h"
 diff --git a/src/core/service.c b/src/core/service.c
-index b9eb40c555..268fe7573b 100644
+index d0353ae461..7f98f5ee45 100644
 --- a/src/core/service.c
 +++ b/src/core/service.c
 @@ -45,6 +45,7 @@
@@ -347,7 +352,7 @@ index 7e0c98cb7d..978a7f5874 100644
  #define DEFAULT_MAX_USE_LOWER (uint64_t) (1ULL*1024ULL*1024ULL)           /* 1 MiB */
  #define DEFAULT_MAX_USE_UPPER (uint64_t) (4ULL*1024ULL*1024ULL*1024ULL)   /* 4 GiB */
 diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
-index 016f3baa7f..b1def81313 100644
+index e7caf510ba..79b252cad7 100644
 --- a/src/fstab-generator/fstab-generator.c
 +++ b/src/fstab-generator/fstab-generator.c
 @@ -37,6 +37,7 @@
@@ -359,7 +364,7 @@ index 016f3baa7f..b1def81313 100644
  typedef enum MountPointFlags {
          MOUNT_NOAUTO    = 1 << 0,
 diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
-index da0f20d3ce..f22ce41908 100644
+index 2d380bc7a7..d3f5612728 100644
 --- a/src/journal-remote/journal-remote-main.c
 +++ b/src/journal-remote/journal-remote-main.c
 @@ -27,6 +27,7 @@
@@ -371,7 +376,7 @@ index da0f20d3ce..f22ce41908 100644
  #define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
  #define CERT_FILE     CERTIFICATE_ROOT "/certs/journal-remote.pem"
 diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
-index 7f3dcd56a4..41b7cbaaf1 100644
+index f52ed03dd0..3fa708a906 100644
 --- a/src/journal/journalctl.c
 +++ b/src/journal/journalctl.c
 @@ -77,6 +77,7 @@
@@ -383,7 +388,7 @@ index 7f3dcd56a4..41b7cbaaf1 100644
  #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
  #define PROCESS_INOTIFY_INTERVAL 1024   /* Every 1,024 messages processed */
 diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
-index ff0228081f..9066fcb133 100644
+index ab8b06896d..43f9131205 100644
 --- a/src/libsystemd/sd-bus/bus-message.c
 +++ b/src/libsystemd/sd-bus/bus-message.c
 @@ -19,6 +19,7 @@
@@ -407,7 +412,7 @@ index c25c40ff37..57a5da704f 100644
  static int node_vtable_get_userdata(
                  sd_bus *bus,
 diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
-index 3c59d0d615..746922d46f 100644
+index 5ade8e99aa..7553cf319d 100644
 --- a/src/libsystemd/sd-bus/bus-socket.c
 +++ b/src/libsystemd/sd-bus/bus-socket.c
 @@ -29,6 +29,7 @@
@@ -419,7 +424,7 @@ index 3c59d0d615..746922d46f 100644
  #define SNDBUF_SIZE (8*1024*1024)
  
 diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
-index 4a0259f8bb..aaa90d2223 100644
+index b32cd6c6a0..cc484454e0 100644
 --- a/src/libsystemd/sd-bus/sd-bus.c
 +++ b/src/libsystemd/sd-bus/sd-bus.c
 @@ -46,6 +46,7 @@
@@ -443,7 +448,7 @@ index d988588de0..458df8df9a 100644
  #define MAX_SIZE (2*1024*1024)
  
 diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c
-index 6b9ff0a4ed..4a5027ad0f 100644
+index acabec699f..8115d3784a 100644
 --- a/src/libsystemd/sd-journal/sd-journal.c
 +++ b/src/libsystemd/sd-journal/sd-journal.c
 @@ -44,6 +44,7 @@
@@ -455,7 +460,7 @@ index 6b9ff0a4ed..4a5027ad0f 100644
  #define JOURNAL_FILES_RECHECK_USEC (2 * USEC_PER_SEC)
  
 diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
-index b8da266e27..4bb8dd9496 100644
+index bf45974ca5..2cb7e930c0 100644
 --- a/src/login/pam_systemd.c
 +++ b/src/login/pam_systemd.c
 @@ -35,6 +35,7 @@
@@ -467,19 +472,19 @@ index b8da266e27..4bb8dd9496 100644
  #include "parse-util.h"
  #include "path-util.h"
 diff --git a/src/network/generator/network-generator.c b/src/network/generator/network-generator.c
-index 48527a2c73..9777fe0561 100644
+index e5f78a3b99..4833de2009 100644
 --- a/src/network/generator/network-generator.c
 +++ b/src/network/generator/network-generator.c
-@@ -14,6 +14,7 @@
- #include "string-table.h"
+@@ -15,6 +15,7 @@
  #include "string-util.h"
  #include "strv.h"
+ #include "vlan-util.h"
 +#include "missing_stdlib.h"
  
  /*
    # .network
 diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c
-index 161b1c1c70..ba1c459f78 100644
+index 2bb034eb22..c9837b8d79 100644
 --- a/src/nspawn/nspawn-settings.c
 +++ b/src/nspawn/nspawn-settings.c
 @@ -16,6 +16,7 @@
@@ -503,10 +508,10 @@ index c64e79bdff..eda26b0b9a 100644
  static void setup_logging_once(void) {
          static pthread_once_t once = PTHREAD_ONCE_INIT;
 diff --git a/src/portable/portable.c b/src/portable/portable.c
-index d4b448a627..bb26623565 100644
+index 4aced8c391..6f426e0e51 100644
 --- a/src/portable/portable.c
 +++ b/src/portable/portable.c
-@@ -40,6 +40,7 @@
+@@ -42,6 +42,7 @@
  #include "strv.h"
  #include "tmpfile-util.h"
  #include "user-util.h"
@@ -515,7 +520,7 @@ index d4b448a627..bb26623565 100644
  /* Markers used in the first line of our 20-portable.conf unit file drop-in to determine, that a) the unit file was
   * dropped there by the portable service logic and b) for which image it was dropped there. */
 diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c
-index afa537f160..32ccee4ae5 100644
+index 64b829e5e6..3a06758848 100644
 --- a/src/resolve/resolvectl.c
 +++ b/src/resolve/resolvectl.c
 @@ -48,6 +48,7 @@
@@ -551,7 +556,7 @@ index 8b462b5627..183ce1c18e 100644
  struct CGroupInfo {
          char *cgroup_path;
 diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
-index 4ee9706847..30c8084847 100644
+index 50de98941f..d47beccb0b 100644
 --- a/src/shared/bus-unit-util.c
 +++ b/src/shared/bus-unit-util.c
 @@ -50,6 +50,7 @@
@@ -587,7 +592,7 @@ index b41c9b06ca..e69050a507 100644
  int dns_label_unescape(const char **name, char *dest, size_t sz, DNSLabelFlags flags) {
          const char *n;
 diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c
-index 83e9834bbf..74eaae6f5e 100644
+index bb0536e48a..11cc1315d8 100644
 --- a/src/shared/journal-importer.c
 +++ b/src/shared/journal-importer.c
 @@ -16,6 +16,7 @@
@@ -599,7 +604,7 @@ index 83e9834bbf..74eaae6f5e 100644
  enum {
          IMPORTER_STATE_LINE = 0,    /* waiting to read, or reading line */
 diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
-index a5d04003bd..10392c132d 100644
+index 0a31be382f..92d629e7e0 100644
 --- a/src/shared/logs-show.c
 +++ b/src/shared/logs-show.c
 @@ -41,6 +41,7 @@
@@ -611,7 +616,7 @@ index a5d04003bd..10392c132d 100644
  /* up to three lines (each up to 100 characters) or 300 characters, whichever is less */
  #define PRINT_LINE_THRESHOLD 3
 diff --git a/src/shared/pager.c b/src/shared/pager.c
-index 19deefab56..6b6d0af1a0 100644
+index 41dd7bffdc..9ca45d8b91 100644
 --- a/src/shared/pager.c
 +++ b/src/shared/pager.c
 @@ -25,6 +25,7 @@
@@ -683,7 +688,7 @@ index ed22c8b679..19ebe20237 100644
  UdevEvent *udev_event_new(sd_device *dev, usec_t exec_delay_usec, sd_netlink *rtnl, int log_level) {
          UdevEvent *event;
 diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
-index 5f12002394..febe345b4c 100644
+index c242549654..e5b8df5c2d 100644
 --- a/src/udev/udev-rules.c
 +++ b/src/udev/udev-rules.c
 @@ -41,6 +41,7 @@
@@ -694,6 +699,3 @@ index 5f12002394..febe345b4c 100644
  
  #define RULES_DIRS ((const char* const*) CONF_PATHS_STRV("udev/rules.d"))
  
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch b/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
index 15877bea88..19eaf9170d 100644
--- a/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
+++ b/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
@@ -1,8 +1,7 @@
-From 5325ab5813617f35f03806ec420829dde7104387 Mon Sep 17 00:00:00 2001
+From 674232187bf337c31a6528b4d241eafeb27ac85e Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 14:56:21 +0800
-Subject: [PATCH 04/22] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not
- defined
+Subject: [PATCH] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined
 
 If the standard library doesn't provide brace
 expansion users just won't get it.
@@ -115,7 +114,7 @@ index 9b3e73cce0..3790ba3be5 100644
  
          (void) rm_rf(template, REMOVE_ROOT|REMOVE_PHYSICAL);
 diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
-index 230ec09b97..2cc5f391d7 100644
+index d22fa3b3c7..3471f98add 100644
 --- a/src/tmpfiles/tmpfiles.c
 +++ b/src/tmpfiles/tmpfiles.c
 @@ -73,6 +73,12 @@
@@ -131,7 +130,7 @@ index 230ec09b97..2cc5f391d7 100644
  /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
   * them in the file system. This is intended to be used to create
   * properly owned directories beneath /tmp, /var/tmp, /run, which are
-@@ -2434,7 +2440,9 @@ finish:
+@@ -2426,7 +2432,9 @@ finish:
  
  static int glob_item(Context *c, Item *i, action_t action) {
          _cleanup_globfree_ glob_t g = {
@@ -141,7 +140,7 @@ index 230ec09b97..2cc5f391d7 100644
          };
          int r = 0, k;
  
-@@ -2461,7 +2469,9 @@ static int glob_item_recursively(
+@@ -2453,7 +2461,9 @@ static int glob_item_recursively(
                  fdaction_t action) {
  
          _cleanup_globfree_ glob_t g = {
@@ -151,6 +150,3 @@ index 230ec09b97..2cc5f391d7 100644
          };
          int r = 0, k;
  
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch b/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
index a1dfca22cd..dbd94d473d 100644
--- a/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
@@ -1,7 +1,7 @@
-From dad7f897c0de654fa5592fda3e90f874639849f9 Mon Sep 17 00:00:00 2001
+From cdaafa37983753d309d2b37f8262e71f95798e52 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:00:06 +0800
-Subject: [PATCH 05/22] add missing FTW_ macros for musl
+Subject: [PATCH] add missing FTW_ macros for musl
 
 This is to avoid build failures like below for musl.
 
@@ -39,6 +39,3 @@ index 8684d064ec..70fc2b5376 100644
  
  static char **list_nftw = NULL;
  
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch b/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
index 4be14b72ec..09ffbcb70a 100644
--- a/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
+++ b/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
@@ -1,7 +1,7 @@
-From 96e975a2412a20e5f80bd3ab144057d275eb8597 Mon Sep 17 00:00:00 2001
+From 8c33fe6338c448dca8533b9d3f9933e2794bda61 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:12:41 +0800
-Subject: [PATCH 06/22] Use uintmax_t for handling rlim_t
+Subject: [PATCH] Use uintmax_t for handling rlim_t
 
 PRIu{32,64} is not right format to represent rlim_t type
 therefore use %ju and typecast the rlim_t variables to
@@ -86,10 +86,10 @@ index c1f0b2b974..61c5412582 100644
          return 1;
  }
 diff --git a/src/core/execute.c b/src/core/execute.c
-index bd3da0c401..df1870fd2f 100644
+index 1ee9f4526b..cb29799afb 100644
 --- a/src/core/execute.c
 +++ b/src/core/execute.c
-@@ -1045,9 +1045,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
+@@ -1043,9 +1043,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
          for (unsigned i = 0; i < RLIM_NLIMITS; i++)
                  if (c->rlimit[i]) {
                          fprintf(f, "%sLimit%s: " RLIM_FMT "\n",
@@ -101,6 +101,3 @@ index bd3da0c401..df1870fd2f 100644
                  }
  
          if (c->ioprio_set) {
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
index 8d6084239e..563f033b0d 100644
--- a/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
+++ b/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
@@ -1,7 +1,7 @@
-From 4842cff4f1329f0b5034b529d56f8ad1f234ac4c Mon Sep 17 00:00:00 2001
+From 68ab3364c0fe1073bba3adf02add7108de80a17c Mon Sep 17 00:00:00 2001
 From: Andre McCurdy <armccurdy@gmail.com>
 Date: Tue, 10 Oct 2017 14:33:30 -0700
-Subject: [PATCH 07/22] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat()
+Subject: [PATCH] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat()
 
 Avoid using AT_SYMLINK_NOFOLLOW flag. It doesn't seem like the right
 thing to do and it's not portable (not supported by musl). See:
@@ -31,7 +31,7 @@ Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
  2 files changed, 23 insertions(+), 4 deletions(-)
 
 diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h
-index 1023ab73ca..c78ff6f27f 100644
+index 6a1e2e76d1..c3f7235e09 100644
 --- a/src/basic/fs-util.h
 +++ b/src/basic/fs-util.h
 @@ -49,8 +49,27 @@ int futimens_opath(int fd, const struct timespec ts[2]);
@@ -64,10 +64,10 @@ index 1023ab73ca..c78ff6f27f 100644
  int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode);
  
 diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
-index 569ef466c3..7ae921a113 100644
+index 0d5075e1e6..dc59a9582c 100644
 --- a/src/shared/base-filesystem.c
 +++ b/src/shared/base-filesystem.c
-@@ -145,7 +145,7 @@ int base_filesystem_create_fd(int fd, const char *root, uid_t uid, gid_t gid) {
+@@ -137,7 +137,7 @@ int base_filesystem_create_fd(int fd, const char *root, uid_t uid, gid_t gid) {
          /* The "root" parameter is decoration only – it's only used as part of log messages */
  
          for (size_t i = 0; i < ELEMENTSOF(table); i++) {
@@ -76,7 +76,7 @@ index 569ef466c3..7ae921a113 100644
                          continue;
  
                  if (table[i].target) { /* Create as symlink? */
-@@ -153,7 +153,7 @@ int base_filesystem_create_fd(int fd, const char *root, uid_t uid, gid_t gid) {
+@@ -145,7 +145,7 @@ int base_filesystem_create_fd(int fd, const char *root, uid_t uid, gid_t gid) {
  
                          /* check if one of the targets exists */
                          NULSTR_FOREACH(s, table[i].target) {
@@ -85,7 +85,7 @@ index 569ef466c3..7ae921a113 100644
                                          continue;
  
                                  /* check if a specific file exists at the target path */
-@@ -164,7 +164,7 @@ int base_filesystem_create_fd(int fd, const char *root, uid_t uid, gid_t gid) {
+@@ -156,7 +156,7 @@ int base_filesystem_create_fd(int fd, const char *root, uid_t uid, gid_t gid) {
                                          if (!p)
                                                  return log_oom();
  
@@ -94,6 +94,3 @@ index 569ef466c3..7ae921a113 100644
                                                  continue;
                                  }
  
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch b/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
index c1a8bb19fe..cc9f7771be 100644
--- a/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
+++ b/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
@@ -1,8 +1,7 @@
-From bab07e779ff23d5593bb118efaaa31b60a6dce87 Mon Sep 17 00:00:00 2001
+From 6dd1aa50da27c07530a434218b5a7a384d0c6747 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sun, 27 May 2018 08:36:44 -0700
-Subject: [PATCH 08/22] Define glibc compatible basename() for non-glibc
- systems
+Subject: [PATCH] Define glibc compatible basename() for non-glibc systems
 
 Fixes builds with musl, even though systemd is adamant about
 using non-posix basename implementation, we have a way out
@@ -29,6 +28,3 @@ index b6d8be3083..0a29036c4c 100644
  static inline char* strstr_ptr(const char *haystack, const char *needle) {
          if (!haystack || !needle)
                  return NULL;
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch b/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch
index acff18dc43..21faa10a95 100644
--- a/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch
+++ b/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch
@@ -1,4 +1,4 @@
-From 5712d56f1cd654d2e5d2e9117ff77fe4c299f76b Mon Sep 17 00:00:00 2001
+From 8da2b10dcbf423f791db79b7dfcc6cfaf8e26f8b Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sat, 5 Sep 2015 06:31:47 +0000
 Subject: [PATCH] implment systemd-sysv-install for OE
@@ -38,6 +38,3 @@ index cb58d8243b..000bdf6165 100755
          ;;
      *)
          usage ;;
--- 
-2.39.2
-
diff --git a/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch b/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
index 3ff0177ae3..66aa8551ac 100644
--- a/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
+++ b/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
@@ -1,7 +1,7 @@
-From 25093c5017725b8577c444dfea0f42ad85b43522 Mon Sep 17 00:00:00 2001
+From ed33f139195794477ac854214022034db306f42d Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Wed, 4 Jul 2018 15:00:44 +0800
-Subject: [PATCH 09/22] Do not disable buffering when writing to oom_score_adj
+Subject: [PATCH] Do not disable buffering when writing to oom_score_adj
 
 On musl, disabling buffering when writing to oom_score_adj will
 cause the following error.
@@ -24,7 +24,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/basic/process-util.c b/src/basic/process-util.c
-index 201c5596ae..ea51595b6c 100644
+index bbce0ea985..d2f7c27cea 100644
 --- a/src/basic/process-util.c
 +++ b/src/basic/process-util.c
 @@ -1716,7 +1716,7 @@ int set_oom_score_adjust(int value) {
@@ -36,6 +36,3 @@ index 201c5596ae..ea51595b6c 100644
  }
  
  int get_oom_score_adjust(int *ret) {
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch b/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
index cf59ac7d06..66fab46128 100644
--- a/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
+++ b/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
@@ -1,7 +1,7 @@
-From 2adbe9773cd65c48eec9df96868d4a738927c8d9 Mon Sep 17 00:00:00 2001
+From ef261a0122ff5a4340897c9afe1fae04d14eb0dd Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Tue, 10 Jul 2018 15:40:17 +0800
-Subject: [PATCH 10/22] distinguish XSI-compliant strerror_r from GNU-specifi
+Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi
  strerror_r
 
 XSI-compliant strerror_r and GNU-specifi strerror_r are different.
@@ -24,10 +24,10 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
  2 files changed, 15 insertions(+), 1 deletion(-)
 
 diff --git a/src/libsystemd/sd-bus/bus-error.c b/src/libsystemd/sd-bus/bus-error.c
-index 77b2e1a0fd..fdba0e0142 100644
+index f415797700..a5c6e9a3bd 100644
 --- a/src/libsystemd/sd-bus/bus-error.c
 +++ b/src/libsystemd/sd-bus/bus-error.c
-@@ -408,7 +408,12 @@ static void bus_error_strerror(sd_bus_error *e, int error) {
+@@ -410,7 +410,12 @@ static void bus_error_strerror(sd_bus_error *e, int error) {
                          return;
  
                  errno = 0;
@@ -40,7 +40,7 @@ index 77b2e1a0fd..fdba0e0142 100644
                  if (errno == ERANGE || strlen(x) >= k - 1) {
                          free(m);
                          k *= 2;
-@@ -593,8 +598,12 @@ const char* _bus_error_message(const sd_bus_error *e, int error, char buf[static
+@@ -595,8 +600,12 @@ const char* _bus_error_message(const sd_bus_error *e, int error, char buf[static
  
          if (e && e->message)
                  return e->message;
@@ -71,6 +71,3 @@ index 69a2eb6404..1561859650 100644
                  if (errno == 0) {
                          char error[STRLEN("ERRNO=") + DECIMAL_STR_MAX(int) + 1];
  
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch b/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
index e481b2e2e4..1ad9a302ff 100644
--- a/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
+++ b/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
@@ -1,7 +1,7 @@
-From 49c446cfb78cf74a909bed8c3798b77a5469866a Mon Sep 17 00:00:00 2001
+From 8b76e1f027d73e26cfc8e13bd49f43197dbb9004 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:44:54 +0800
-Subject: [PATCH 11/22] avoid redefinition of prctl_mm_map structure
+Subject: [PATCH] avoid redefinition of prctl_mm_map structure
 
 Fix the following compile failure:
 error: redefinition of 'struct prctl_mm_map'
@@ -27,6 +27,3 @@ index 7d9e395c92..88c2d7dfac 100644
  
  /* 58319057b7847667f0c9585b9de0e8932b0fdb08 (4.3) */
  #ifndef PR_CAP_AMBIENT
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch b/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch
index 66be79077e..3ff247debb 100644
--- a/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch
+++ b/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch
@@ -1,7 +1,7 @@
-From e4885a8e60f883d9217e26e1db3754c2906aca31 Mon Sep 17 00:00:00 2001
+From 9686b8c52bd9e532ebe687dd31352d884873e0a4 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Fri, 1 Mar 2019 15:22:15 +0800
-Subject: [PATCH 12/22] do not disable buffer in writing files
+Subject: [PATCH] do not disable buffer in writing files
 
 Do not disable buffer in writing files, otherwise we get
 failure at boot for musl like below.
@@ -47,10 +47,10 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
  22 files changed, 50 insertions(+), 51 deletions(-)
 
 diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index d2be79622f..e65fecb68d 100644
+index d08c903c3b..77ebe85dfd 100644
 --- a/src/basic/cgroup-util.c
 +++ b/src/basic/cgroup-util.c
-@@ -417,7 +417,7 @@ int cg_kill_kernel_sigkill(const char *path) {
+@@ -443,7 +443,7 @@ int cg_kill_kernel_sigkill(const char *path) {
          if (r < 0)
                  return r;
  
@@ -59,7 +59,7 @@ index d2be79622f..e65fecb68d 100644
          if (r < 0)
                  return r;
  
-@@ -843,7 +843,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
+@@ -873,7 +873,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
  
          sc = strstrip(contents);
          if (isempty(sc)) {
@@ -68,7 +68,7 @@ index d2be79622f..e65fecb68d 100644
                  if (r < 0)
                          return r;
          } else if (!path_equal(sc, agent))
-@@ -861,7 +861,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
+@@ -891,7 +891,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
  
          sc = strstrip(contents);
          if (streq(sc, "0")) {
@@ -77,7 +77,7 @@ index d2be79622f..e65fecb68d 100644
                  if (r < 0)
                          return r;
  
-@@ -888,7 +888,7 @@ int cg_uninstall_release_agent(const char *controller) {
+@@ -918,7 +918,7 @@ int cg_uninstall_release_agent(const char *controller) {
          if (r < 0)
                  return r;
  
@@ -86,7 +86,7 @@ index d2be79622f..e65fecb68d 100644
          if (r < 0)
                  return r;
  
-@@ -898,7 +898,7 @@ int cg_uninstall_release_agent(const char *controller) {
+@@ -928,7 +928,7 @@ int cg_uninstall_release_agent(const char *controller) {
          if (r < 0)
                  return r;
  
@@ -95,7 +95,7 @@ index d2be79622f..e65fecb68d 100644
          if (r < 0)
                  return r;
  
-@@ -1814,7 +1814,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri
+@@ -1844,7 +1844,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri
          if (r < 0)
                  return r;
  
@@ -188,10 +188,10 @@ index d21f3f79ff..258607cc7e 100644
                          log_warning_errno(r, "Failed to flush binfmt_misc rules, ignoring: %m");
                  else
 diff --git a/src/core/cgroup.c b/src/core/cgroup.c
-index 61ac4df1a6..ea18970196 100644
+index d398655b0a..9558f38a72 100644
 --- a/src/core/cgroup.c
 +++ b/src/core/cgroup.c
-@@ -4578,7 +4578,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) {
+@@ -4589,7 +4589,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) {
                          u->freezer_state = FREEZER_THAWING;
          }
  
@@ -201,10 +201,10 @@ index 61ac4df1a6..ea18970196 100644
                  return r;
  
 diff --git a/src/core/main.c b/src/core/main.c
-index 3f71cc0947..0e5aec3e9e 100644
+index 364dc895d1..d28ec42030 100644
 --- a/src/core/main.c
 +++ b/src/core/main.c
-@@ -1678,7 +1678,7 @@ static void initialize_core_pattern(bool skip_setup) {
+@@ -1683,7 +1683,7 @@ static void initialize_core_pattern(bool skip_setup) {
          if (getpid_cached() != 1)
                  return;
  
@@ -240,7 +240,7 @@ index 7ea902b6f9..1aef2988d0 100644
                  log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m");
  #endif
 diff --git a/src/home/homework.c b/src/home/homework.c
-index 066483e342..5f92dd7064 100644
+index 500c310cfc..f9845ff9e7 100644
 --- a/src/home/homework.c
 +++ b/src/home/homework.c
 @@ -278,7 +278,7 @@ static void drop_caches_now(void) {
@@ -253,7 +253,7 @@ index 066483e342..5f92dd7064 100644
                  log_warning_errno(r, "Failed to drop caches, ignoring: %m");
          else
 diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
-index 2fbc619a34..09d9591e37 100644
+index 5f7491e8e2..b4a0af4073 100644
 --- a/src/libsystemd/sd-device/sd-device.c
 +++ b/src/libsystemd/sd-device/sd-device.c
 @@ -2516,7 +2516,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
@@ -279,10 +279,10 @@ index a5002437c6..b12e6cd9c9 100644
                  log_error_errno(r, "Failed to move process: %m");
                  goto finish;
 diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index 6ab604d3dc..bbec6b686c 100644
+index 005a3d2be1..526d3c4311 100644
 --- a/src/nspawn/nspawn.c
 +++ b/src/nspawn/nspawn.c
-@@ -2688,7 +2688,7 @@ static int reset_audit_loginuid(void) {
+@@ -2707,7 +2707,7 @@ static int reset_audit_loginuid(void) {
          if (streq(p, "4294967295"))
                  return 0;
  
@@ -291,7 +291,7 @@ index 6ab604d3dc..bbec6b686c 100644
          if (r < 0) {
                  log_error_errno(r,
                                  "Failed to reset audit login UID. This probably means that your kernel is too\n"
-@@ -4141,7 +4141,7 @@ static int setup_uid_map(
+@@ -4160,7 +4160,7 @@ static int setup_uid_map(
                  return log_oom();
  
          xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid);
@@ -300,7 +300,7 @@ index 6ab604d3dc..bbec6b686c 100644
          if (r < 0)
                  return log_error_errno(r, "Failed to write UID map: %m");
  
-@@ -4151,7 +4151,7 @@ static int setup_uid_map(
+@@ -4170,7 +4170,7 @@ static int setup_uid_map(
                  return log_oom();
  
          xsprintf(uid_map, "/proc/" PID_FMT "/gid_map", pid);
@@ -323,7 +323,7 @@ index a26175474b..1413a9c72c 100644
                  return log_warning_errno(r, "Failed to unregister binfmt_misc entries: %m");
  
 diff --git a/src/shared/cgroup-setup.c b/src/shared/cgroup-setup.c
-index 934a16eaf3..c921ced861 100644
+index 1b8a86dc54..5ca14433c8 100644
 --- a/src/shared/cgroup-setup.c
 +++ b/src/shared/cgroup-setup.c
 @@ -351,7 +351,7 @@ int cg_attach(const char *controller, const char *path, pid_t pid) {
@@ -335,7 +335,7 @@ index 934a16eaf3..c921ced861 100644
          if (r == -EOPNOTSUPP && cg_is_threaded(path) > 0)
                  /* When the threaded mode is used, we cannot read/write the file. Let's return recognizable error. */
                  return -EUCLEAN;
-@@ -966,7 +966,7 @@ int cg_enable_everywhere(
+@@ -969,7 +969,7 @@ int cg_enable_everywhere(
                                          return log_debug_errno(errno, "Failed to open cgroup.subtree_control file of %s: %m", p);
                          }
  
@@ -367,10 +367,10 @@ index 805503f366..01a7ccb291 100644
                  log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m");
  }
 diff --git a/src/shared/hibernate-util.c b/src/shared/hibernate-util.c
-index 3eb13d48f6..d09b901be1 100644
+index 67862dcc61..9e9265c214 100644
 --- a/src/shared/hibernate-util.c
 +++ b/src/shared/hibernate-util.c
-@@ -481,7 +481,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
+@@ -504,7 +504,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
  
          /* We write the offset first since it's safer. Note that this file is only available in 4.17+, so
           * fail gracefully if it doesn't exist and we're only overwriting it with 0. */
@@ -379,7 +379,7 @@ index 3eb13d48f6..d09b901be1 100644
          if (r == -ENOENT) {
                  if (offset != 0)
                          return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-@@ -497,7 +497,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
+@@ -520,7 +520,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) {
                  log_debug("Wrote resume_offset=%s for device '%s' to /sys/power/resume_offset.",
                            offset_str, device);
  
@@ -402,7 +402,7 @@ index 1f88e724d0..feb18b320a 100644
                  return r;
  
 diff --git a/src/shared/watchdog.c b/src/shared/watchdog.c
-index 4c1a968718..6faf6806a5 100644
+index 99ccefb227..e4975018ab 100644
 --- a/src/shared/watchdog.c
 +++ b/src/shared/watchdog.c
 @@ -93,7 +93,7 @@ static int set_pretimeout_governor(const char *governor) {
@@ -412,10 +412,10 @@ index 4c1a968718..6faf6806a5 100644
 -                              WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE);
 +                              WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE);
          if (r < 0)
-                 return log_error_errno(r, "Failed to set pretimeout_governor to '%s': %m", governor);
+                 return log_error_errno(r, "Failed to set watchdog pretimeout_governor to '%s': %m", governor);
  
 diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c
-index 21af3e9e52..6d4b84b5d5 100644
+index 21062b24e0..262dd71d72 100644
 --- a/src/sleep/sleep.c
 +++ b/src/sleep/sleep.c
 @@ -137,7 +137,7 @@ static int write_state(int fd, char * const *states) {
@@ -437,7 +437,7 @@ index 21af3e9e52..6d4b84b5d5 100644
                          log_debug("Using sleep disk mode '%s'.", *mode);
                          return 0;
 diff --git a/src/storagetm/storagetm.c b/src/storagetm/storagetm.c
-index ae63baaf79..82eeca479a 100644
+index 16d4fb07d4..aca7506463 100644
 --- a/src/storagetm/storagetm.c
 +++ b/src/storagetm/storagetm.c
 @@ -186,7 +186,7 @@ static int nvme_subsystem_unlink(NvmeSubsystem *s) {
@@ -533,7 +533,7 @@ index ae63baaf79..82eeca479a 100644
                  return log_error_errno(r, "Failed to set IP address on NVME port %" PRIu16 ": %m", portnr);
  
 diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
-index febe345b4c..a90b610ba1 100644
+index e5b8df5c2d..63ca15628c 100644
 --- a/src/udev/udev-rules.c
 +++ b/src/udev/udev-rules.c
 @@ -2711,7 +2711,6 @@ static int udev_rule_apply_token_to_event(
@@ -557,6 +557,3 @@ index 4d82c65f0a..3a3d861b83 100644
          if (r < 0)
                  return log_warning_errno(r, "Failed to %s sysfs UTF-8 flag: %m", enable_disable(utf8));
  
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch b/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
index 43f75373a6..a92d4db101 100644
--- a/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
+++ b/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
@@ -1,7 +1,7 @@
-From 2f90f8463423cfbb7e83fcef42f1071018c3b56e Mon Sep 17 00:00:00 2001
+From 385fbcc3cec50b995299e25f913d9683ddf51174 Mon Sep 17 00:00:00 2001
 From: Scott Murray <scott.murray@konsulko.com>
 Date: Fri, 13 Sep 2019 19:26:27 -0400
-Subject: [PATCH 13/22] Handle __cpu_mask usage
+Subject: [PATCH] Handle __cpu_mask usage
 
 Fixes errors:
 
@@ -55,6 +55,3 @@ index ea0c58770e..b65c0bd370 100644
  
  /* Print information about various types. Useful when diagnosing
   * gcc diagnostics on an unfamiliar architecture. */
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch b/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
index a751e1ba6f..f84f289c2f 100644
--- a/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
+++ b/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
@@ -1,7 +1,7 @@
-From b7c827bb44edbb6251c9fcdb80aa03982c0e7bf3 Mon Sep 17 00:00:00 2001
+From bc62e5e507cc3f10fde7d35d16059a06a78757b6 Mon Sep 17 00:00:00 2001
 From: Alex Kiernan <alex.kiernan@gmail.com>
 Date: Tue, 10 Mar 2020 11:05:20 +0000
-Subject: [PATCH 14/22] Handle missing gshadow
+Subject: [PATCH] Handle missing gshadow
 
 gshadow usage is now present in the userdb code. Mask all uses of it to
 allow compilation on musl
@@ -138,10 +138,10 @@ index 22ab04d6ee..4e52e7a911 100644
  #include <shadow.h>
  
 diff --git a/src/shared/userdb.c b/src/shared/userdb.c
-index f60d48ace4..e878199a28 100644
+index 7469768233..556e6b84e6 100644
 --- a/src/shared/userdb.c
 +++ b/src/shared/userdb.c
-@@ -1038,13 +1038,15 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) {
+@@ -1039,13 +1039,15 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) {
                  if (gr) {
                          _cleanup_free_ char *buffer = NULL;
                          bool incomplete = false;
@@ -158,7 +158,7 @@ index f60d48ace4..e878199a28 100644
                          if (!FLAGS_SET(iterator->flags, USERDB_SUPPRESS_SHADOW)) {
                                  r = nss_sgrp_for_group(gr, &sgrp, &buffer);
                                  if (r < 0) {
-@@ -1057,6 +1059,9 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) {
+@@ -1058,6 +1060,9 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) {
                          }
  
                          r = nss_group_to_group_record(gr, r >= 0 ? &sgrp : NULL, ret);
@@ -168,6 +168,3 @@ index f60d48ace4..e878199a28 100644
                          if (r < 0)
                                  return r;
  
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
index e112766a9b..c1297f27dd 100644
--- a/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
@@ -1,7 +1,7 @@
-From 3dc9d9d410bcce54fddfd94f43f7f77f3aa8e281 Mon Sep 17 00:00:00 2001
+From 79f2f3e90229f4812d93c6965cb67385642dfcc4 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 12 Apr 2021 23:44:53 -0700
-Subject: [PATCH 15/22] missing_syscall.h: Define MIPS ABI defines for musl
+Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl
 
 musl does not define _MIPS_SIM_ABI32, _MIPS_SIM_NABI32, _MIPS_SIM_ABI64
 unlike glibc where these are provided by libc headers, therefore define
@@ -16,7 +16,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  2 files changed, 7 insertions(+)
 
 diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
-index d795efd8f2..d6729d3c1d 100644
+index e2cd8b4e35..f2fe489de7 100644
 --- a/src/basic/missing_syscall.h
 +++ b/src/basic/missing_syscall.h
 @@ -20,6 +20,12 @@
@@ -31,9 +31,9 @@ index d795efd8f2..d6729d3c1d 100644
 +
  #include "macro.h"
  #include "missing_keyctl.h"
- #include "missing_stat.h"
+ #include "missing_sched.h"
 diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
-index 7ae921a113..0ef9d1fd39 100644
+index dc59a9582c..9e802ef5a5 100644
 --- a/src/shared/base-filesystem.c
 +++ b/src/shared/base-filesystem.c
 @@ -20,6 +20,7 @@
@@ -44,6 +44,3 @@ index 7ae921a113..0ef9d1fd39 100644
  
  typedef struct BaseFilesystem {
          const char *dir;      /* directory or symlink to create */
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch b/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
index 0be817e62d..d932d7cc76 100644
--- a/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
+++ b/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
@@ -1,7 +1,7 @@
-From 0994b59dba9f248ad31cb7087046dc00b72cb4ea Mon Sep 17 00:00:00 2001
+From a8e07d87adfeb1c72c6eaf5402db465a78e08ee6 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 21 Jan 2022 15:15:11 -0800
-Subject: [PATCH 16/22] pass correct parameters to getdents64
+Subject: [PATCH] pass correct parameters to getdents64
 
 Fixes
 ../git/src/basic/recurse-dir.c:57:40: error: incompatible pointer types passing 'uint8_t *' (aka 'unsigned char *') to parameter of type 'struct dirent *' [-Werror,-Wincompatible-pointer-types]
@@ -20,7 +20,7 @@ Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/basic/recurse-dir.c b/src/basic/recurse-dir.c
-index 5e98b7a5d8..aef065047b 100644
+index d648862dbc..a1fea243e8 100644
 --- a/src/basic/recurse-dir.c
 +++ b/src/basic/recurse-dir.c
 @@ -55,7 +55,7 @@ int readdir_all(int dir_fd,
@@ -32,6 +32,3 @@ index 5e98b7a5d8..aef065047b 100644
                  if (n < 0)
                          return -errno;
                  if (n == 0)
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch b/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
index 4176522a1c..6a2dcc355d 100644
--- a/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
+++ b/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
@@ -1,7 +1,7 @@
-From 3c094d443ca30f19114392fd8ef274af6eabc12d Mon Sep 17 00:00:00 2001
+From 5da745dc6f60f6fac65371a60eee7cecaf575eae Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 21 Jan 2022 22:19:37 -0800
-Subject: [PATCH 17/22] Adjust for musl headers
+Subject: [PATCH] Adjust for musl headers
 
 Upstream-Status: Inappropriate [musl specific]
 
@@ -242,7 +242,7 @@ index ff372092e6..eef66811f4 100644
  #include "nlmon.h"
  
 diff --git a/src/network/netdev/tunnel.c b/src/network/netdev/tunnel.c
-index db84e7cf6e..93d5642962 100644
+index ab3b8fbb51..68f88b3ca3 100644
 --- a/src/network/netdev/tunnel.c
 +++ b/src/network/netdev/tunnel.c
 @@ -2,7 +2,7 @@
@@ -332,7 +332,7 @@ index b11fdbbd0d..a971a917f0 100644
  #include "conf-parser.h"
  #include "alloc-util.h"
 diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
-index 4c7d837c41..6df6dfb816 100644
+index 52fed20b57..e66bc34993 100644
 --- a/src/network/netdev/wireguard.c
 +++ b/src/network/netdev/wireguard.c
 @@ -6,7 +6,7 @@
@@ -425,7 +425,7 @@ index 607fe0053c..9ce4005874 100644
  
  #include "sd-dhcp-server.h"
 diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
-index efbae6d868..1ea2151d50 100644
+index 8945827862..7571429523 100644
 --- a/src/network/networkd-dhcp4.c
 +++ b/src/network/networkd-dhcp4.c
 @@ -3,7 +3,7 @@
@@ -451,7 +451,7 @@ index 32229a3fc7..662a345d6e 100644
  #include "in-addr-util.h"
  #include "networkd-address.h"
 diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
-index ee5f0f2c0a..ea5269a2de 100644
+index a4fa321264..0fd81a53d1 100644
 --- a/src/network/networkd-link.c
 +++ b/src/network/networkd-link.c
 @@ -3,7 +3,7 @@
@@ -464,7 +464,7 @@ index ee5f0f2c0a..ea5269a2de 100644
  #include <linux/netdevice.h>
  #include <sys/socket.h>
 diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
-index ab9eeb13a5..dd96fe7483 100644
+index 840ccb158d..9f2e85e32f 100644
 --- a/src/network/networkd-ndisc.c
 +++ b/src/network/networkd-ndisc.c
 @@ -6,7 +6,7 @@
@@ -477,7 +477,7 @@ index ab9eeb13a5..dd96fe7483 100644
  #include "sd-ndisc.h"
  
 diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
-index 7218d799fc..30d5574eae 100644
+index eb502ae2cf..5b25ee4523 100644
 --- a/src/network/networkd-route.c
 +++ b/src/network/networkd-route.c
 @@ -1,9 +1,5 @@
@@ -502,7 +502,7 @@ index 7218d799fc..30d5574eae 100644
          _cleanup_(route_freep) Route *route = NULL;
  
 diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c
-index 2298f9ea3a..7d5f87de53 100644
+index 011ea1fe6e..59dfe733eb 100644
 --- a/src/network/networkd-setlink.c
 +++ b/src/network/networkd-setlink.c
 @@ -2,7 +2,7 @@
@@ -567,6 +567,3 @@ index f528a46b8e..830318cda5 100644
  #include <linux/netdevice.h>
  #include <linux/pci_regs.h>
  
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch b/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
index 75f6b9094a..89ef33c156 100644
--- a/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
+++ b/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
@@ -1,8 +1,8 @@
-From be02bd0876a061728661535a709d313e39fe1ac3 Mon Sep 17 00:00:00 2001
+From 1c5c9714a2a9bc651687bf2c583019c52ed93ac4 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Tue, 8 Nov 2022 13:31:34 -0800
-Subject: [PATCH 18/22] test-bus-error: strerror() is assumed to be GNU
- specific version mark it so
+Subject: [PATCH] test-bus-error: strerror() is assumed to be GNU specific
+ version mark it so
 
 Upstream-Status: Inappropriate [Upstream systemd only supports glibc]
 
@@ -47,6 +47,3 @@ index 376d532281..967cfd4d67 100644
  
  TEST(PROTECT_ERRNO) {
          errno = 12;
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch b/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
index e038b73678..7911add5ea 100644
--- a/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
@@ -1,7 +1,7 @@
-From 46d80840bfe37e67d4f18c37a77751ea1fe63a07 Mon Sep 17 00:00:00 2001
+From 43f56ac05ff4b9c7774b6f580612f2a7896a4885 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 23 Jan 2023 23:39:46 -0800
-Subject: [PATCH 19/22] errno-util: Make STRERROR portable for musl
+Subject: [PATCH] errno-util: Make STRERROR portable for musl
 
 Sadly, systemd has decided to use yet another GNU extention in a macro
 lets make this such that we can use XSI compliant strerror_r() for
@@ -37,6 +37,3 @@ index 27804e6382..274c1c6ef1 100644
  /* A helper to print an error message or message for functions that return 0 on EOF.
   * Note that we can't use ({ … }) to define a temporary variable, so errnum is
   * evaluated twice. */
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch b/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
index b83fffe793..be0a0da013 100644
--- a/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
+++ b/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
@@ -1,7 +1,7 @@
-From 9eb4867b4e2dbdb2484ae854022aff97e2f0feb3 Mon Sep 17 00:00:00 2001
+From cda1cc94bd81c8ff9135255895a414fb938e2c79 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 2 Aug 2023 12:06:27 -0700
-Subject: [PATCH 20/22] sd-event: Make malloc_trim() conditional on glibc
+Subject: [PATCH] sd-event: Make malloc_trim() conditional on glibc
 
 musl does not have this API
 
@@ -12,7 +12,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
-index 288798a0dc..6419a7f216 100644
+index b3541a1429..ba87265d9f 100644
 --- a/src/libsystemd/sd-event/sd-event.c
 +++ b/src/libsystemd/sd-event/sd-event.c
 @@ -1874,7 +1874,7 @@ _public_ int sd_event_add_exit(
@@ -34,6 +34,3 @@ index 288798a0dc..6419a7f216 100644
          usec_t after_timestamp = now(CLOCK_MONOTONIC);
  
          if (r > 0)
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch b/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
index 7eff069bb7..9aa08e59cd 100644
--- a/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
@@ -1,7 +1,7 @@
-From 502597b9ddd6b145541b23fadca0b1d3ca9f6367 Mon Sep 17 00:00:00 2001
+From 2913e608d6e91c8037d698534f72970b4c365d8f Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 2 Aug 2023 12:20:40 -0700
-Subject: [PATCH 21/22] shared: Do not use malloc_info on musl
+Subject: [PATCH] shared: Do not use malloc_info on musl
 
 Upstream-Status: Inappropriate [musl-specific]
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
@@ -52,6 +52,3 @@ index 8e70e365dd..9e782caec9 100644
                  (void) memstream_dump(LOG_INFO, &m);
                  break;
          }
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch b/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch
index 24f3bf74a0..e0a342355f 100644
--- a/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch
+++ b/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch
@@ -1,7 +1,7 @@
-From fd52f1764647e03a35e8f0ed0ef952049073ccbd Mon Sep 17 00:00:00 2001
+From 9d151b5bb3105fb21d55a301def3d97b5a314580 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Tue, 2 Jan 2024 11:03:27 +0800
-Subject: [PATCH 22/22] avoid missing LOCK_EX declaration
+Subject: [PATCH] avoid missing LOCK_EX declaration
 
 This only happens on MUSL. Include sys/file.h to avoid compilation
 error about missing LOCK_EX declaration.
@@ -15,10 +15,10 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
  2 files changed, 2 insertions(+)
 
 diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
-index 70d963e269..7084811439 100644
+index 9d27280ed0..569311422d 100644
 --- a/src/core/exec-invoke.c
 +++ b/src/core/exec-invoke.c
-@@ -4,6 +4,7 @@
+@@ -5,6 +5,7 @@
  #include <sys/ioctl.h>
  #include <sys/mount.h>
  #include <sys/prctl.h>
@@ -38,6 +38,3 @@ index 5339bc4e5e..0697495f23 100644
  
  int lock_dev_console(void);
  
--- 
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd_255.4.bb b/meta/recipes-core/systemd/systemd_255.21.bb
index 0ccca8a567..bb9dc3da33 100644
--- a/meta/recipes-core/systemd/systemd_255.4.bb
+++ b/meta/recipes-core/systemd/systemd_255.21.bb
@@ -4,7 +4,7 @@ PROVIDES = "udev"
 
 PE = "1"
 
-DEPENDS = "intltool-native gperf-native libcap util-linux python3-jinja2-native"
+DEPENDS = "gperf-native libcap util-linux python3-jinja2-native"
 
 SECTION = "base/shell"
 
@@ -188,7 +188,7 @@ PACKAGECONFIG[oomd] = "-Doomd=true,-Doomd=false"
 PACKAGECONFIG[openssl] = "-Dopenssl=true,-Dopenssl=false,openssl"
 PACKAGECONFIG[p11kit] = "-Dp11kit=true,-Dp11kit=false,p11-kit"
 PACKAGECONFIG[pam] = "-Dpam=true,-Dpam=false,libpam,${PAM_PLUGINS}"
-PACKAGECONFIG[pcre2] = "-Dpcre2=true,-Dpcre2=false,libpcre2"
+PACKAGECONFIG[pcre2] = "-Dpcre2=true,-Dpcre2=false,libpcre2,,libpcre2"
 PACKAGECONFIG[polkit] = "-Dpolkit=true,-Dpolkit=false"
 # If polkit is disabled and networkd+hostnamed are in use, enabling this option and
 # using dbus-broker will allow networkd to be authorized to change the
@@ -248,7 +248,6 @@ EXTRA_OEMESON += "-Dnobody-user=nobody \
                   -Dsystem-uid-max=999 \
                   -Dsystem-alloc-gid-min=101 \
                   -Dsystem-gid-max=999 \
-                  -Dcreate-log-dirs=false \
                   ${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', '-Ddefault-mdns=no -Ddefault-llmnr=no', '', d)} \
                   "
 
@@ -401,6 +400,10 @@ do_install() {
                         sed -i '/AlternativeNamesPolicy=/s/$/ mac/' ${D}${rootlibexecdir}/systemd/network/99-default.link
                 fi
         fi
+
+        if [ -e ${D}${nonarch_libdir}/tmpfiles.d/legacy.conf ];then
+                sed -i -e '/^L \/var\/log\/README/d' ${D}${nonarch_libdir}/tmpfiles.d/legacy.conf
+        fi
 }
 
 python populate_packages:prepend (){
@@ -589,26 +592,16 @@ FILES:${PN}-extra-utils = "\
                         ${bindir}/systemd-cgls \
                         ${bindir}/systemd-cgtop \
                         ${bindir}/systemd-stdio-bridge \
-                        ${base_bindir}/systemd-ask-password \
-                        ${base_bindir}/systemd-tty-ask-password-agent \
                         ${base_sbindir}/mount.ddi \
                         ${systemd_system_unitdir}/initrd.target.wants/systemd-pcrphase-initrd.path \
-                        ${systemd_system_unitdir}/systemd-ask-password-console.path \
-                        ${systemd_system_unitdir}/systemd-ask-password-console.service \
-                        ${systemd_system_unitdir}/systemd-ask-password-wall.path \
-                        ${systemd_system_unitdir}/systemd-ask-password-wall.service \
-                        ${systemd_system_unitdir}/sysinit.target.wants/systemd-ask-password-console.path \
-                        ${systemd_system_unitdir}/sysinit.target.wants/systemd-ask-password-wall.path \
                         ${systemd_system_unitdir}/sysinit.target.wants/systemd-pcrphase.path \
                         ${systemd_system_unitdir}/sysinit.target.wants/systemd-pcrphase-sysinit.path \
-                        ${systemd_system_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path \
                         ${rootlibexecdir}/systemd/systemd-resolve-host \
                         ${rootlibexecdir}/systemd/systemd-ac-power \
                         ${rootlibexecdir}/systemd/systemd-activate \
                         ${rootlibexecdir}/systemd/systemd-measure \
                         ${rootlibexecdir}/systemd/systemd-pcrphase \
                         ${rootlibexecdir}/systemd/systemd-socket-proxyd \
-                        ${rootlibexecdir}/systemd/systemd-reply-password \
                         ${rootlibexecdir}/systemd/systemd-sleep \
                         ${rootlibexecdir}/systemd/system-sleep \
                         ${systemd_system_unitdir}/systemd-hibernate.service \
diff --git a/meta/recipes-core/sysvinit/sysvinit/0001-Accepted-patch-from-Mark-Hindley-which-avoids-cleari.patch b/meta/recipes-core/sysvinit/sysvinit/0001-Accepted-patch-from-Mark-Hindley-which-avoids-cleari.patch
new file mode 100644
index 0000000000..33c9f62eac
--- /dev/null
+++ b/meta/recipes-core/sysvinit/sysvinit/0001-Accepted-patch-from-Mark-Hindley-which-avoids-cleari.patch
@@ -0,0 +1,31 @@
+From 5be52641a10ad6cd89bc7cdb80318e32be7e6662 Mon Sep 17 00:00:00 2001
+From: Jesse <jsmith@resonatingmedia.com>
+Date: Wed, 29 Mar 2023 10:34:45 -0300
+Subject: [PATCH] Accepted patch from Mark Hindley which avoids clearing
+ realpath information in pidof when trying to find matching executables.
+
+Upstream-Status: Backport [https://github.com/slicer69/sysvinit/commit/c06458e1c1822a2c8ff89fbdd29262ca97dd18b1#diff-4244fa301bd80b0a8f553ce0751fb0fcde1a45ee9dee71db85135cffde8ac712R13]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ src/killall5.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/killall5.c b/src/killall5.c
+index 86866b0..f7a401e 100644
+--- a/src/killall5.c
++++ b/src/killall5.c
+@@ -766,8 +766,8 @@ PIDQ_HEAD *pidof(char *prog)
+                return NULL;
+ 
+        /* Try to stat the executable. */
++       memset(real_path, 0, sizeof(real_path));
+        if ( (prog[0] == '/') && ( realpath(prog, real_path) ) ) {
+-               memset(&real_path[0], 0, sizeof(real_path));
+                dostat++;
+        }
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-core/sysvinit/sysvinit_3.04.bb b/meta/recipes-core/sysvinit/sysvinit_3.04.bb
index 6a612468f3..d3f77d8150 100644
--- a/meta/recipes-core/sysvinit/sysvinit_3.04.bb
+++ b/meta/recipes-core/sysvinit/sysvinit_3.04.bb
@@ -9,7 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe \
 
 RDEPENDS:${PN} = "${PN}-inittab"
 
-SRC_URI = "${SAVANNAH_GNU_MIRROR}/sysvinit/sysvinit-${PV}.tar.xz \
+GITHUB_BASE_URI = "https://github.com/slicer69/${BPN}/releases/"
+SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz \
            file://install.patch \
            file://crypt-lib.patch \
            file://pidof-add-m-option.patch \
@@ -22,12 +23,13 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/sysvinit/sysvinit-${PV}.tar.xz \
            file://bootlogd.init \
            file://01_bootlogd \
            file://0001-hddown-include-libgen.h-for-basename-API.patch \
+           file://0001-Accepted-patch-from-Mark-Hindley-which-avoids-cleari.patch \
            "
 SRC_URI[sha256sum] = "2a621fe6e4528bc91308b74867ddaaebbdf7753f02395c0c5bae817bd2b7e3a5"
 
 S = "${WORKDIR}/sysvinit-${PV}"
 
-inherit update-alternatives features_check
+inherit update-alternatives features_check github-releases
 DEPENDS:append = " update-rc.d-native base-passwd virtual/crypt"
 do_package_setscene[depends] = "${MLPREFIX}base-passwd:do_populate_sysroot"
 
diff --git a/meta/recipes-core/udev/udev-extraconf/network.sh b/meta/recipes-core/udev/udev-extraconf/network.sh
index 3ee92714af..ace38808cd 100644
--- a/meta/recipes-core/udev/udev-extraconf/network.sh
+++ b/meta/recipes-core/udev/udev-extraconf/network.sh
@@ -6,38 +6,6 @@ echo "$INTERFACE" | grep -q wifi && exit 0
 # udevd does clearenv(). Export shell PATH to children.
 export PATH
 
-# Check if /etc/init.d/network has been run yet to see if we are 
-# called by starting /etc/rcS.d/S03udev and not by hotplugging a device
-#
-# At this stage, network interfaces should not be brought up
-# automatically because:
-# a)    /etc/init.d/network has not been run yet (security issue)
-# b)    /var has not been populated yet so /etc/resolv,conf points to 
-#       oblivion, making the network unusable
-#
-
-spoofp="`grep ^spoofprotect /etc/network/options`"
-if test -z "$spoofp"
-then
-        # This is the default from /etc/init.d/network
-        spoofp_val=yes
-else
-        spoofp_val=${spoofp#spoofprotect=}
-fi
-
-test "$spoofp_val" = yes && spoofp_val=1 || spoofp_val=0
-
-# I think it is safe to assume that "lo" will always be there ;)
-if test "`cat /proc/sys/net/ipv4/conf/lo/rp_filter`" != "$spoofp_val" -a -n "$spoofp_val"
-then
-        echo "$INTERFACE" >> /dev/udev_network_queue    
-        exit 0
-fi
-
-#
-# Code taken from pcmcia-cs:/etc/pcmcia/network
-#
-
 # if this interface has an entry in /etc/network/interfaces, let ifupdown
 # handle it
 if grep -q "iface \+$INTERFACE" /etc/network/interfaces; then
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 48520ef951..1ecf5c7b39 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -42,6 +42,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
            file://fcntl-lock.c \
            file://CVE-2024-28085-0001.patch \
            file://CVE-2024-28085-0002.patch \
+           file://fstab-isolation.patch \
            "
 
 SRC_URI[sha256sum] = "7b6605e48d1a49f43cc4b4cfc59f313d0dd5402fa40b96810bd572e167dfed0f"
diff --git a/meta/recipes-core/util-linux/util-linux/fstab-isolation.patch b/meta/recipes-core/util-linux/util-linux/fstab-isolation.patch
new file mode 100644
index 0000000000..51d209ec60
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/fstab-isolation.patch
@@ -0,0 +1,448 @@
+From 51f1e56cc8b6843bf65ceadc5eca1545258bf020 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Sat, 22 Apr 2023 17:48:58 +0200
+Subject: [PATCH 1/3] tests: (functions.sh) create variable for test fstab
+ location
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+(cherry picked from commit ed3d33faff17fb702a3acfca2f9f24e69f4920de)
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/ed3d33faff17fb702a3acfca2f9f24e69f4920de]
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+---
+ tests/functions.sh          | 13 +++++++------
+ tests/ts/mount/fstab-broken |  2 +-
+ 2 files changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/tests/functions.sh b/tests/functions.sh
+index 5a562a39a..c2e2f33ae 100644
+--- a/tests/functions.sh
++++ b/tests/functions.sh
+@@ -386,6 +386,7 @@ function ts_init_env {
+                TS_ENABLE_UBSAN="yes"
+        fi
+ 
++       TS_FSTAB="/etc/fstab"
+        BLKID_FILE="$TS_OUTDIR/${TS_TESTNAME}.blkidtab"
+ 
+        declare -a TS_SUID_PROGS
+@@ -824,12 +825,12 @@ function ts_is_mounted {
+ }
+ 
+ function ts_fstab_open {
+-       echo "# <!-- util-linux test entry" >> /etc/fstab
++       echo "# <!-- util-linux test entry" >> "$TS_FSTAB"
+ }
+ 
+ function ts_fstab_close {
+-       echo "# -->" >> /etc/fstab
+-       sync /etc/fstab 2>/dev/null
++       echo "# -->" >> "$TS_FSTAB"
++       sync "$TS_FSTAB" 2>/dev/null
+ }
+ 
+ function ts_fstab_addline {
+@@ -838,7 +839,7 @@ function ts_fstab_addline {
+        local FS=${3:-"auto"}
+        local OPT=${4:-"defaults"}
+ 
+-       echo "$SPEC   $MNT   $FS   $OPT   0   0" >> /etc/fstab
++       echo "$SPEC   $MNT   $FS   $OPT   0   0" >> "$TS_FSTAB"
+ }
+ 
+ function ts_fstab_lock {
+@@ -862,9 +863,9 @@ function ts_fstab_clean {
+   ba
+ }
+ s/# <!-- util-linux.*-->//;
+-/^$/d" /etc/fstab
++/^$/d" "$TS_FSTAB"
+ 
+-       sync /etc/fstab 2>/dev/null
++       sync "$TS_FSTAB" 2>/dev/null
+        ts_unlock "fstab"
+ }
+ 
+diff --git a/tests/ts/mount/fstab-broken b/tests/ts/mount/fstab-broken
+index 19edc5fe3..3b7a1ee9d 100755
+--- a/tests/ts/mount/fstab-broken
++++ b/tests/ts/mount/fstab-broken
+@@ -34,7 +34,7 @@ mkdir -p $MNT
+ 
+ ts_fstab_lock
+ ts_fstab_open
+-echo "tmpd $MNT tmpfs" >> /etc/fstab
++echo "tmpd $MNT tmpfs" >> "$TS_FSTAB"
+ ts_fstab_close
+ 
+ ts_init_subtest "mount"
+-- 
+2.34.1
+
+
+From 1e4a9141ca7d310030311e09123a81591f994f83 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Sat, 22 Apr 2023 17:20:45 +0200
+Subject: [PATCH 2/3] tests: (functions.sh) use per-test fstab file
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+(cherry picked from commit 6aa8d17b6b53b86a46c5da68c02a893113130496)
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/6aa8d17b6b53b86a46c5da68c02a893113130496]
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+---
+ tests/functions.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/functions.sh b/tests/functions.sh
+index c2e2f33ae..3089e8cda 100644
+--- a/tests/functions.sh
++++ b/tests/functions.sh
+@@ -386,7 +386,7 @@ function ts_init_env {
+                TS_ENABLE_UBSAN="yes"
+        fi
+ 
+-       TS_FSTAB="/etc/fstab"
++       TS_FSTAB="$TS_OUTDIR/${TS_TESTNAME}.fstab"
+        BLKID_FILE="$TS_OUTDIR/${TS_TESTNAME}.blkidtab"
+ 
+        declare -a TS_SUID_PROGS
+-- 
+2.34.1
+
+
+From 02c483f982e23a86d58cd7c6a4eb4b6e4d5def1a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Sat, 22 Apr 2023 17:34:28 +0200
+Subject: [PATCH 3/3] mount: (tests) explicitly use test fstab location
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+(cherry picked from commit b1580bd760519a2cf052f023057846e54de47484)
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/b1580bd760519a2cf052f023057846e54de47484]
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+---
+ tests/ts/mount/fslists             | 2 +-
+ tests/ts/mount/fstab-bind          | 2 +-
+ tests/ts/mount/fstab-broken        | 4 ++--
+ tests/ts/mount/fstab-btrfs         | 8 ++++----
+ tests/ts/mount/fstab-devname       | 4 ++--
+ tests/ts/mount/fstab-devname2label | 2 +-
+ tests/ts/mount/fstab-devname2uuid  | 2 +-
+ tests/ts/mount/fstab-label         | 6 +++---
+ tests/ts/mount/fstab-label2devname | 4 ++--
+ tests/ts/mount/fstab-label2uuid    | 4 ++--
+ tests/ts/mount/fstab-loop          | 4 ++--
+ tests/ts/mount/fstab-none          | 2 +-
+ tests/ts/mount/fstab-symlink       | 2 +-
+ tests/ts/mount/fstab-uuid          | 6 +++---
+ tests/ts/mount/fstab-uuid2devname  | 4 ++--
+ tests/ts/mount/fstab-uuid2label    | 4 ++--
+ 16 files changed, 30 insertions(+), 30 deletions(-)
+
+diff --git a/tests/ts/mount/fslists b/tests/ts/mount/fslists
+index 230186a1e..6ac72c3ce 100755
+--- a/tests/ts/mount/fslists
++++ b/tests/ts/mount/fslists
+@@ -61,7 +61,7 @@ ts_finalize_subtest
+ ts_init_subtest "more-types-fstab"
+ [ -d "$TS_MOUNTPOINT" ] || mkdir -p $TS_MOUNTPOINT
+ ts_fstab_add $DEVICE $TS_MOUNTPOINT "foo,bar,ext2"
+-$TS_CMD_MOUNT $TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" $TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_fstab_clean
+ ts_is_mounted $DEVICE || ts_die "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $TS_MOUNTPOINT
+diff --git a/tests/ts/mount/fstab-bind b/tests/ts/mount/fstab-bind
+index 2c799df78..cae016dd2 100755
+--- a/tests/ts/mount/fstab-bind
++++ b/tests/ts/mount/fstab-bind
+@@ -20,7 +20,7 @@ ts_fstab_add $MY_SOURCE "$TS_MOUNTPOINT" "none" "bind,default,noauto"
+ mkdir -p $MY_SOURCE
+ mkdir -p $TS_MOUNTPOINT
+ 
+-$TS_CMD_MOUNT $TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" $TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
+ [ "$?" = "0" ] || ts_log "error: mount $TS_MOUNTPOINT"
+ 
+ $TS_CMD_FINDMNT --mountpoint "$TS_MOUNTPOINT" &> /dev/null
+diff --git a/tests/ts/mount/fstab-broken b/tests/ts/mount/fstab-broken
+index 3b7a1ee9d..ec4c34241 100755
+--- a/tests/ts/mount/fstab-broken
++++ b/tests/ts/mount/fstab-broken
+@@ -38,7 +38,7 @@ echo "tmpd $MNT tmpfs" >> "$TS_FSTAB"
+ ts_fstab_close
+ 
+ ts_init_subtest "mount"
+-$TS_CMD_MOUNT $MNT &> /dev/null
++$TS_CMD_MOUNT -T "$TS_FSTAB" $MNT &> /dev/null
+ [ "$?" = "0" ] || ts_log "error: mount $MNT"
+ $TS_CMD_FINDMNT --kernel --mountpoint "$MNT" &> /dev/null
+ if [ "$?" != "0" ]; then
+@@ -57,7 +57,7 @@ ts_finalize_subtest
+ 
+ 
+ ts_init_subtest "mount-all"
+-$TS_CMD_MOUNT -a &> /dev/null
++$TS_CMD_MOUNT -T "$TS_FSTAB" -a &> /dev/null
+ [ "$?" = "0" ] || ts_log "error: mount -a"
+ $TS_CMD_FINDMNT --kernel --mountpoint "$MNT" &> /dev/null
+ if [ "$?" != "0" ]; then
+diff --git a/tests/ts/mount/fstab-btrfs b/tests/ts/mount/fstab-btrfs
+index a1003ab52..8e76dbba6 100755
+--- a/tests/ts/mount/fstab-btrfs
++++ b/tests/ts/mount/fstab-btrfs
+@@ -94,8 +94,8 @@ ts_fstab_addline "$DEVICE" "$TS_MOUNTPOINT_SUBVOLID" "btrfs" "subvolid=$NON_DEFA
+ ts_fstab_addline "$TS_MOUNTPOINT_SUBVOLID" "$TS_MOUNTPOINT_BIND" "auto" "bind"
+ ts_fstab_close
+ 
+-$TS_CMD_MOUNT -a >> $TS_OUTPUT 2>> $TS_ERRLOG
+-$TS_CMD_MOUNT -a >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -a >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -a >> $TS_OUTPUT 2>> $TS_ERRLOG
+ 
+ $TS_CMD_UMOUNT "$TS_MOUNTPOINT_BIND" >> $TS_OUTPUT 2>> $TS_ERRLOG
+ $TS_CMD_UMOUNT "$TS_MOUNTPOINT_DEFAULT" >> $TS_OUTPUT 2>> $TS_ERRLOG
+@@ -124,8 +124,8 @@ ts_fstab_addline "$DEVICE" "$TS_MOUNTPOINT_SUBVOLID" "auto" "subvolid=$NON_DEFAU
+ ts_fstab_addline "$TS_MOUNTPOINT_SUBVOL/bind-mnt" "$TS_MOUNTPOINT_BIND" "auto" "bind"
+ ts_fstab_close
+ 
+-$TS_CMD_MOUNT -a >> $TS_OUTPUT 2>> $TS_ERRLOG
+-$TS_CMD_MOUNT -a >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -a >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -a >> $TS_OUTPUT 2>> $TS_ERRLOG
+ 
+ $TS_CMD_UMOUNT "$TS_MOUNTPOINT_BIND" >> $TS_OUTPUT 2>> $TS_ERRLOG
+ $TS_CMD_UMOUNT "$TS_MOUNTPOINT_DEFAULT" >> $TS_OUTPUT 2>> $TS_ERRLOG
+diff --git a/tests/ts/mount/fstab-devname b/tests/ts/mount/fstab-devname
+index 5b64a32a6..6ac03b5a7 100755
+--- a/tests/ts/mount/fstab-devname
++++ b/tests/ts/mount/fstab-devname
+@@ -42,13 +42,13 @@ MOUNTPOINT=$TS_MOUNTPOINT
+ ts_fstab_add $DEVICE
+ 
+ ts_init_subtest "mountpoint"
+-$TS_CMD_MOUNT $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE || >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+ 
+ ts_init_subtest "device-name"
+-$TS_CMD_MOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+diff --git a/tests/ts/mount/fstab-devname2label b/tests/ts/mount/fstab-devname2label
+index 1d8562109..44066e153 100755
+--- a/tests/ts/mount/fstab-devname2label
++++ b/tests/ts/mount/fstab-devname2label
+@@ -41,7 +41,7 @@ ts_device_has "LABEL" $LABEL $DEVICE \
+ ts_fstab_add "LABEL=$LABEL"
+ ts_udevadm_settle "$DEVICE" "LABEL"
+ 
+-$TS_CMD_MOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_die "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE || ts_die "Cannot umount $DEVICE"
+ 
+diff --git a/tests/ts/mount/fstab-devname2uuid b/tests/ts/mount/fstab-devname2uuid
+index 8105fa028..503959103 100755
+--- a/tests/ts/mount/fstab-devname2uuid
++++ b/tests/ts/mount/fstab-devname2uuid
+@@ -39,7 +39,7 @@ UUID=$(ts_uuid_by_devname "$DEVICE") || ts_die "Cannot find UUID on $DEVICE"
+ ts_fstab_add "UUID=$UUID"
+ ts_udevadm_settle "$DEVICE" "UUID"
+ 
+-$TS_CMD_MOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_die "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE || ts_die "Cannot umount $DEVICE"
+ 
+diff --git a/tests/ts/mount/fstab-label b/tests/ts/mount/fstab-label
+index 4b23e7fee..a3cc06d52 100755
+--- a/tests/ts/mount/fstab-label
++++ b/tests/ts/mount/fstab-label
+@@ -42,19 +42,19 @@ ts_fstab_add "LABEL=$LABEL"
+ ts_udevadm_settle "$DEVICE" "LABEL"
+ 
+ ts_init_subtest "no-option"
+-$TS_CMD_MOUNT $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+ 
+ ts_init_subtest "L-option"
+-$TS_CMD_MOUNT -L $LABEL >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -L $LABEL >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG 
+ ts_finalize_subtest
+ 
+ ts_init_subtest "LABEL-option"
+-$TS_CMD_MOUNT LABEL=$LABEL >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" LABEL=$LABEL >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+diff --git a/tests/ts/mount/fstab-label2devname b/tests/ts/mount/fstab-label2devname
+index 75ca05e8c..fddbfa0ba 100755
+--- a/tests/ts/mount/fstab-label2devname
++++ b/tests/ts/mount/fstab-label2devname
+@@ -44,13 +44,13 @@ ts_udevadm_settle "$DEVICE" "LABEL"
+ [ -d "$TS_MOUNTPOINT" ] || mkdir -p $TS_MOUNTPOINT
+ 
+ ts_init_subtest "L-option"
+-$TS_CMD_MOUNT -L $LABEL >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -L $LABEL >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+ 
+ ts_init_subtest "LABEL-option"
+-$TS_CMD_MOUNT "LABEL=$LABEL" >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" "LABEL=$LABEL" >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+diff --git a/tests/ts/mount/fstab-label2uuid b/tests/ts/mount/fstab-label2uuid
+index 4bfcae4b9..927cde9aa 100755
+--- a/tests/ts/mount/fstab-label2uuid
++++ b/tests/ts/mount/fstab-label2uuid
+@@ -46,13 +46,13 @@ ts_udevadm_settle "$DEVICE" "LABEL" "UUID"
+ [ -d "$TS_MOUNTPOINT" ] || mkdir -p $TS_MOUNTPOINT
+ 
+ ts_init_subtest "L-option"
+-$TS_CMD_MOUNT -L $LABEL >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -L $LABEL >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+ 
+ ts_init_subtest "LABEL-option"
+-$TS_CMD_MOUNT "LABEL=$LABEL" >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" "LABEL=$LABEL" >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+diff --git a/tests/ts/mount/fstab-loop b/tests/ts/mount/fstab-loop
+index 7cc589fd2..0541e3a74 100755
+--- a/tests/ts/mount/fstab-loop
++++ b/tests/ts/mount/fstab-loop
+@@ -39,10 +39,10 @@ ts_fstab_lock
+ ts_fstab_open
+ 
+ ts_fstab_addline "$IMG" "$TS_MOUNTPOINT-1" "ext2" "loop"
+-$TS_CMD_MOUNT -a >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -a >> $TS_OUTPUT 2>> $TS_ERRLOG
+ 
+ ts_fstab_addline "$IMG" "$TS_MOUNTPOINT-2" "ext2" "loop"
+-$TS_CMD_MOUNT -a >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -a >> $TS_OUTPUT 2>> $TS_ERRLOG
+ 
+ ts_fstab_close
+ 
+diff --git a/tests/ts/mount/fstab-none b/tests/ts/mount/fstab-none
+index 6a4d05b62..95daa6cee 100755
+--- a/tests/ts/mount/fstab-none
++++ b/tests/ts/mount/fstab-none
+@@ -17,7 +17,7 @@ ts_fstab_add "none" "$TS_MOUNTPOINT" "tmpfs" "rw,nosuid,nodev,relatime"
+ 
+ mkdir -p $TS_MOUNTPOINT
+ 
+-$TS_CMD_MOUNT $TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" $TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
+ [ "$?" = "0" ] || ts_log "error: mount $TS_MOUNTPOINT"
+ 
+ $TS_CMD_FINDMNT --mountpoint "$TS_MOUNTPOINT" &> /dev/null
+diff --git a/tests/ts/mount/fstab-symlink b/tests/ts/mount/fstab-symlink
+index 4d3e37b19..6d419f9fe 100755
+--- a/tests/ts/mount/fstab-symlink
++++ b/tests/ts/mount/fstab-symlink
+@@ -46,7 +46,7 @@ ln -s $DEVICE $LINKNAME
+ ts_fstab_add $LINKNAME $TS_MOUNTPOINT "auto" "defaults,user"
+ 
+ # variant A) -- UID=0
+-$TS_CMD_MOUNT $LINKNAME >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" $LINKNAME >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_die "A) Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $LINKNAME || ts_die "A) Cannot umount $LINKNAME"
+ 
+diff --git a/tests/ts/mount/fstab-uuid b/tests/ts/mount/fstab-uuid
+index 03917b782..f51bb294e 100755
+--- a/tests/ts/mount/fstab-uuid
++++ b/tests/ts/mount/fstab-uuid
+@@ -42,19 +42,19 @@ ts_fstab_add "UUID=$UUID"
+ ts_udevadm_settle "$DEVICE" "UUID"
+ 
+ ts_init_subtest "no-option"
+-$TS_CMD_MOUNT $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" $MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+ 
+ ts_init_subtest "U-option"
+-$TS_CMD_MOUNT -U $UUID >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -U $UUID >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+ 
+ ts_init_subtest "UUID-option"
+-$TS_CMD_MOUNT UUID=$UUID >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" UUID=$UUID >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+diff --git a/tests/ts/mount/fstab-uuid2devname b/tests/ts/mount/fstab-uuid2devname
+index 9bf165e16..2b338acb1 100755
+--- a/tests/ts/mount/fstab-uuid2devname
++++ b/tests/ts/mount/fstab-uuid2devname
+@@ -42,13 +42,13 @@ ts_udevadm_settle "$DEVICE" "UUID"
+ [ -d "$TS_MOUNTPOINT" ] || mkdir -p $TS_MOUNTPOINT
+ 
+ ts_init_subtest "U-option"
+-$TS_CMD_MOUNT -U $UUID >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -U $UUID >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+ 
+ ts_init_subtest "UUID-option"
+-$TS_CMD_MOUNT "UUID=$UUID" >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" "UUID=$UUID" >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+diff --git a/tests/ts/mount/fstab-uuid2label b/tests/ts/mount/fstab-uuid2label
+index de10ff0b0..02eb6b985 100755
+--- a/tests/ts/mount/fstab-uuid2label
++++ b/tests/ts/mount/fstab-uuid2label
+@@ -45,13 +45,13 @@ ts_udevadm_settle "$DEVICE" "LABEL" "UUID"
+ [ -d "$TS_MOUNTPOINT" ] || mkdir -p $TS_MOUNTPOINT
+ 
+ ts_init_subtest "U-option"
+-$TS_CMD_MOUNT -U $UUID >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" -U $UUID >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_finalize_subtest
+ 
+ ts_init_subtest "UUID-option"
+-$TS_CMD_MOUNT "UUID=$UUID" >> $TS_OUTPUT 2>> $TS_ERRLOG
++$TS_CMD_MOUNT -T "$TS_FSTAB" "UUID=$UUID" >> $TS_OUTPUT 2>> $TS_ERRLOG
+ ts_is_mounted $DEVICE || ts_log "Cannot find $DEVICE in /proc/mounts"
+ $TS_CMD_UMOUNT $DEVICE >> $TS_OUTPUT 2>>$TS_ERRLOG
+ ts_finalize_subtest
+-- 
+2.34.1
+
diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc
index 5d5ba3d6dc..ea018a48a3 100644
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -19,8 +19,9 @@ SRCBRANCH ?= "binutils-2_42-branch"
 UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
 
 CVE_STATUS[CVE-2023-25584] = "cpe-incorrect: Applies only for version 2.40 and earlier"
+CVE_STATUS[CVE-2025-1180] = "patched: fixed by patch for CVE-2025-1176" 
 
-SRCREV ?= "8a6764d35e5c15d78de8aef8f27af3eefd9d7544"
+SRCREV ?= "6558f9f5f0ccc107a083ae7fbf106ebcb5efa817"
 BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
 SRC_URI = "\
      ${BINUTILS_GIT_URI} \
@@ -36,5 +37,21 @@ SRC_URI = "\
      file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
      file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
      file://0015-gprofng-change-use-of-bignum-to-bigint.patch \
+     file://0016-CVE-2024-53589.patch \
+     file://0017-dlltool-file-name-too-long.patch \
+     file://0018-CVE-2025-0840.patch \
+     file://CVE-2025-1176.patch \
+     file://CVE-2025-1178.patch \
+     file://CVE-2024-57360.patch \
+     file://CVE-2025-1181-pre.patch \
+     file://CVE-2025-1181.patch \
+     file://CVE-2025-1182.patch \
+     file://0019-CVE-2025-1153-1.patch \
+     file://0020-CVE-2025-1153-2.patch \
+     file://0021-CVE-2025-1153-3.patch \
+     file://CVE-2025-1179-pre.patch \
+     file://CVE-2025-1179.patch \
+     file://0022-CVE-2025-5245.patch \
+     file://0022-CVE-2025-5244.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2024-53589.patch b/meta/recipes-devtools/binutils/binutils/0016-CVE-2024-53589.patch
new file mode 100644
index 0000000000..380112a3ba
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0016-CVE-2024-53589.patch
@@ -0,0 +1,92 @@
+Author: Alan Modra <amodra@gmail.com>
+Date:   Mon Nov 11 10:24:09 2024 +1030
+
+    Re: tekhex object file output fixes
+
+    Commit 8b5a212495 supported *ABS* symbols by allowing "section" to be
+    bfd_abs_section, but bfd_abs_section needs to be treated specially.
+    In particular, bfd_get_next_section_by_name (.., bfd_abs_section_ptr)
+    is invalid.
+
+            PR 32347
+            * tekhex.c (first_phase): Guard against modification of
+            _bfd_std_section[] entries.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88]
+CVE: CVE-2024-53589
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+diff --git a/bfd/tekhex.c b/bfd/tekhex.c
+index aea2ebb23df..b305c1f96f1 100644
+--- a/bfd/tekhex.c
++++ b/bfd/tekhex.c
+@@ -361,6 +361,7 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+ {
+   asection *section, *alt_section;
+   unsigned int len;
++  bfd_vma addr;
+   bfd_vma val;
+   char sym[17];                        /* A symbol can only be 16chars long.  */
+
+@@ -368,20 +369,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+     {
+     case '6':
+       /* Data record - read it and store it.  */
+-      {
+-       bfd_vma addr;
+-
+-       if (!getvalue (&src, &addr, src_end))
+-         return false;
+-
+-       while (*src && src < src_end - 1)
+-         {
+-           insert_byte (abfd, HEX (src), addr);
+-           src += 2;
+-           addr++;
+-         }
+-       return true;
+-      }
++      if (!getvalue (&src, &addr, src_end))
++       return false;
++
++      while (*src && src < src_end - 1)
++       {
++         insert_byte (abfd, HEX (src), addr);
++         src += 2;
++         addr++;
++       }
++      return true;
+
+     case '3':
+       /* Symbol record, read the segment.  */
+@@ -406,13 +403,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+            {
+            case '1':           /* Section range.  */
+              src++;
+-             if (!getvalue (&src, &section->vma, src_end))
++             if (!getvalue (&src, &addr, src_end))
+                return false;
+              if (!getvalue (&src, &val, src_end))
+                return false;
+-             if (val < section->vma)
+-               val = section->vma;
+-             section->size = val - section->vma;
++             if (bfd_is_const_section (section))
++               break;
++             section->vma = addr;
++             if (val < addr)
++               val = addr;
++             section->size = val - addr;
+              /* PR 17512: file: objdump-s-endless-loop.tekhex.
+                 Check for overlarge section sizes.  */
+              if (section->size & 0x80000000)
+@@ -455,6 +455,8 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+                  new_symbol->symbol.flags = BSF_LOCAL;
+                if (stype == '2' || stype == '6')
+                  new_symbol->symbol.section = bfd_abs_section_ptr;
++               else if (bfd_is_const_section (section))
++                 ;
+                else if (stype == '3' || stype == '7')
+                  {
+                    if ((section->flags & SEC_DATA) == 0)
diff --git a/meta/recipes-devtools/binutils/binutils/0017-dlltool-file-name-too-long.patch b/meta/recipes-devtools/binutils/binutils/0017-dlltool-file-name-too-long.patch
new file mode 100644
index 0000000000..2b759c1ee8
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0017-dlltool-file-name-too-long.patch
@@ -0,0 +1,208 @@
+From d95d8395b3a533461f46e8b7e55fef540fc2621b Mon Sep 17 00:00:00 2001
+From: Jiaying Song <jiaying.song.cn@windriver.com>
+Date: Tue, 13 Aug 2024 10:31:21 +0800
+Subject: [PATCH] dlltool: file name too long
+
+During the execution of the command: i686-w64-mingw32-dlltool
+--input-def $def_filepath --output-delaylib $filepath --dllname qemu.exe
+An error occurred:
+i686-w64-mingw32-dlltool: failed to open temporary head file: ..._w64_mingw32_nativesdk_qemu_8_2_2_build_plugins_libqemu_plugin_api_a_h.s
+
+Due to the path length exceeding the Linux system's file name length
+limit (NAME_MAX=255), the temporary file name generated by the
+i686-w64-mingw32-dlltool command becomes too long to open. To address
+this, a new temporary file name prefix is generated using tmp_prefix =
+prefix_encode ("d", getpid()), ensuring that the file name does not
+exceed the system's length limit.
+
+Upstream-Status: Backport
+[https://github.com/bminor/binutils-gdb/commit/a253bea8995323201b016fe477280c1782688ab4]
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+Reviewed-by: Alan Modra <amodra@gmail.com>
+
+Allow for "snnnnn.o" suffix when testing against NAME_MAX, and tidy
+TMP_STUB handling by overwriting a prior nnnnn.o string rather than
+copying the entire name.
+
+* dlltool.c (TMP_STUB): Add "nnnnn.o" to format.
+(make_one_lib_file): Localise variables.  Don't copy TMP_STUB,
+overwrite suffix instead.
+(gen_lib_file): Similarly.
+(main): Allow for max suffix when testing against NAME_MAX.
+
+Upstream-Status: Backport
+[https://github.com/bminor/binutils-gdb/commit/d0285cdf58adf04e861cd1687f7ecec65937c99d]
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ binutils/dlltool.c | 64 +++++++++++++++++-----------------------------
+ 1 file changed, 24 insertions(+), 40 deletions(-)
+
+diff --git a/binutils/dlltool.c b/binutils/dlltool.c
+index 066c99a4..94f6c34b 100644
+--- a/binutils/dlltool.c
++++ b/binutils/dlltool.c
+@@ -498,7 +498,7 @@ char *tmp_stub_buf;
+ #define TMP_HEAD_O     dlltmp (&tmp_head_o_buf, "%sh.o")
+ #define TMP_TAIL_S     dlltmp (&tmp_tail_s_buf, "%st.s")
+ #define TMP_TAIL_O     dlltmp (&tmp_tail_o_buf, "%st.o")
+-#define TMP_STUB       dlltmp (&tmp_stub_buf, "%ss")
++#define TMP_STUB       dlltmp (&tmp_stub_buf, "%ssnnnnn.o")
+ 
+ /* This bit of assembly does jmp * ....  */
+ static const unsigned char i386_jtab[] =
+@@ -2401,26 +2401,11 @@ make_imp_label (const char *prefix, const char *name)
+ static bfd *
+ make_one_lib_file (export_type *exp, int i, int delay)
+ {
+-  bfd *      abfd;
+-  asymbol *  exp_label;
+-  asymbol *  iname = 0;
+-  asymbol *  iname2;
+-  asymbol *  iname_lab;
+-  asymbol ** iname_lab_pp;
+-  asymbol ** iname_pp;
+-#ifndef EXTRA
+-#define EXTRA    0
+-#endif
+-  asymbol *  ptrs[NSECS + 4 + EXTRA + 1];
+-  flagword   applicable;
+-  char *     outname = xmalloc (strlen (TMP_STUB) + 10);
+-  int        oidx = 0;
+-
+-
+-  sprintf (outname, "%s%05d.o", TMP_STUB, i);
+-
+-  abfd = bfd_openw (outname, HOW_BFD_WRITE_TARGET);
++  char *outname = TMP_STUB;
++  size_t name_len = strlen (outname);
++  sprintf (outname + name_len - 7, "%05d.o", i);
+ 
++  bfd *abfd = bfd_openw (outname, HOW_BFD_WRITE_TARGET);
+   if (!abfd)
+     /* xgettext:c-format */
+     fatal (_("bfd_open failed open stub file: %s: %s"),
+@@ -2437,9 +2422,13 @@ make_one_lib_file (export_type *exp, int i, int delay)
+     bfd_set_private_flags (abfd, F_INTERWORK);
+ #endif
+ 
+-  applicable = bfd_applicable_section_flags (abfd);
+-
+   /* First make symbols for the sections.  */
++  flagword applicable = bfd_applicable_section_flags (abfd);
++#ifndef EXTRA
++#define EXTRA    0
++#endif
++  asymbol *ptrs[NSECS + 4 + EXTRA + 1];
++  int oidx = 0;
+   for (i = 0; i < NSECS; i++)
+     {
+       sinfo *si = secdata + i;
+@@ -2466,7 +2455,7 @@ make_one_lib_file (export_type *exp, int i, int delay)
+ 
+   if (! exp->data)
+     {
+-      exp_label = bfd_make_empty_symbol (abfd);
++      asymbol *exp_label = bfd_make_empty_symbol (abfd);
+       exp_label->name = make_imp_label ("", exp->name);
+       exp_label->section = secdata[TEXT].sec;
+       exp_label->flags = BSF_GLOBAL;
+@@ -2482,6 +2471,7 @@ make_one_lib_file (export_type *exp, int i, int delay)
+   /* Generate imp symbols with one underscore for Microsoft
+      compatibility, and with two underscores for backward
+      compatibility with old versions of cygwin.  */
++  asymbol *iname = NULL;
+   if (create_compat_implib)
+     {
+       iname = bfd_make_empty_symbol (abfd);
+@@ -2491,25 +2481,24 @@ make_one_lib_file (export_type *exp, int i, int delay)
+       iname->value = 0;
+     }
+ 
+-  iname2 = bfd_make_empty_symbol (abfd);
++  asymbol *iname2 = bfd_make_empty_symbol (abfd);
+   iname2->name = make_imp_label ("__imp_", exp->name);
+   iname2->section = secdata[IDATA5].sec;
+   iname2->flags = BSF_GLOBAL;
+   iname2->value = 0;
+ 
+-  iname_lab = bfd_make_empty_symbol (abfd);
+-
++  asymbol *iname_lab = bfd_make_empty_symbol (abfd);
+   iname_lab->name = head_label;
+   iname_lab->section = bfd_und_section_ptr;
+   iname_lab->flags = 0;
+   iname_lab->value = 0;
+ 
+-  iname_pp = ptrs + oidx;
++  asymbol **iname_pp = ptrs + oidx;
+   if (create_compat_implib)
+     ptrs[oidx++] = iname;
+   ptrs[oidx++] = iname2;
+ 
+-  iname_lab_pp = ptrs + oidx;
++  asymbol **iname_lab_pp = ptrs + oidx;
+   ptrs[oidx++] = iname_lab;
+ 
+   ptrs[oidx] = 0;
+@@ -3089,29 +3078,26 @@ gen_lib_file (int delay)
+ 
+   if (dontdeltemps < 2)
+     {
+-      char *name;
+-      size_t stub_len = strlen (TMP_STUB);
++      char *name = TMP_STUB;
++      size_t name_len = strlen (name);
+ 
+-      name = xmalloc (stub_len + 10);
+-      memcpy (name, TMP_STUB, stub_len);
+       for (i = 0; (exp = d_exports_lexically[i]); i++)
+        {
+          /* Don't delete non-existent stubs for PRIVATE entries.  */
+           if (exp->private)
+            continue;
+-         sprintf (name + stub_len, "%05d.o", i);
++         sprintf (name + name_len - 7, "%05d.o", i);
+          if (unlink (name) < 0)
+            /* xgettext:c-format */
+            non_fatal (_("cannot delete %s: %s"), name, strerror (errno));
+          if (ext_prefix_alias)
+            {
+-             sprintf (name + stub_len, "%05d.o", i + PREFIX_ALIAS_BASE);
++             sprintf (name + name_len - 7, "%05d.o", i + PREFIX_ALIAS_BASE);
+              if (unlink (name) < 0)
+                /* xgettext:c-format */
+                non_fatal (_("cannot delete %s: %s"), name, strerror (errno));
+            }
+        }
+-      free (name);
+     }
+ 
+   inform (_("Created lib file"));
+@@ -4096,9 +4082,9 @@ main (int ac, char **av)
+   if (tmp_prefix == NULL)
+     {
+       /* If possible use a deterministic prefix.  */
+-      if (imp_name || delayimp_name)
++      const char *input = imp_name ? imp_name : delayimp_name;
++      if (input && strlen (input) + sizeof ("_snnnnn.o") - 1 <= NAME_MAX)
+         {
+-          const char *input = imp_name ? imp_name : delayimp_name;
+           tmp_prefix = xmalloc (strlen (input) + 2);
+           sprintf (tmp_prefix, "%s_", input);
+           for (i = 0; tmp_prefix[i]; i++)
+@@ -4106,9 +4092,7 @@ main (int ac, char **av)
+               tmp_prefix[i] = '_';
+         }
+       else
+-        {
+-          tmp_prefix = prefix_encode ("d", getpid ());
+-        }
++        tmp_prefix = prefix_encode ("d", getpid ());
+     }
+ 
+   mangle_defs ();
+-- 
+2.34.1
+
diff --git a/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-0840.patch b/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-0840.patch
new file mode 100644
index 0000000000..3814d63e1f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-0840.patch
@@ -0,0 +1,53 @@
+Author: Alan Modra <amodra@gmail.com>
+Date:   Wed, 15 Jan 2025 19:13:43 +1030
+
+PR32560 stack-buffer-overflow at objdump disassemble_bytes
+
+There's always someone pushing the boundaries.
+
+        PR 32560
+        * objdump.c (MAX_INSN_WIDTH): Define.
+        (insn_width): Make it an unsigned long.
+        (disassemble_bytes): Use MAX_INSN_WIDTH to size buffer.
+        (main <OPTION_INSN_WIDTH>): Restrict size of insn_width.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893]
+CVE: CVE-2025-0840
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index 49e944b1..dba726e3 100644
+--- a/binutils/objdump.c
++++ b/binutils/objdump.c
+@@ -116,7 +116,8 @@ static bool disassemble_all;                /* -D */
+ static int disassemble_zeroes;         /* --disassemble-zeroes */
+ static bool formats_info;              /* -i */
+ int wide_output;                       /* -w */
+-static int insn_width;                 /* --insn-width */
++#define MAX_INSN_WIDTH 49
++static unsigned long insn_width;       /* --insn-width */
+ static bfd_vma start_address = (bfd_vma) -1; /* --start-address */
+ static bfd_vma stop_address = (bfd_vma) -1;  /* --stop-address */
+ static int dump_debugging;             /* --debugging */
+@@ -3327,7 +3328,7 @@ disassemble_bytes (struct disassemble_info *inf,
+        }
+       else
+        {
+-         char buf[50];
++         char buf[MAX_INSN_WIDTH + 1];
+          unsigned int bpc = 0;
+          unsigned int pb = 0;
+ 
+@@ -5995,8 +5996,9 @@ main (int argc, char **argv)
+          break;
+        case OPTION_INSN_WIDTH:
+          insn_width = strtoul (optarg, NULL, 0);
+-         if (insn_width <= 0)
+-           fatal (_("error: instruction width must be positive"));
++         if (insn_width - 1 >= MAX_INSN_WIDTH)
++           fatal (_("error: instruction width must be in the range 1 to "
++                    XSTRING (MAX_INSN_WIDTH)));
+          break;
+        case OPTION_INLINES:
+          unwind_inlines = true;
diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-1153-1.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-1153-1.patch
new file mode 100644
index 0000000000..fa26961447
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-1153-1.patch
@@ -0,0 +1,3207 @@
+From 0b7f992b78fe0984fc7d84cc748d0794e4a400e3 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 6 Feb 2025 21:46:22 +1030
+Subject: [PATCH] PR 32603, ld -w misbehaviorur
+
+ld -w currently causes segmentation faults and other misbehaviour
+since it changes einfo with %F in the format string (fatal error) to
+not exit.  This patch fixes that by introducing a new variant of einfo
+called "fatal" that always exits, and replaces all einfo calls using
+%F with a call to fatal without the %F.  I considered modifying einfo
+to inspect the first 2 or 4 chars in the format string, looking for
+%F, but decided that was probably a bad idea given that translators
+might have moved the %F.  It's also a little nicer to inform the
+compiler of a function that doesn't return.
+
+The patch also fixes some formatting nits, and makes use of %pA
+to print section names in a couple of places in aix.em.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0b7f992b78fe0984fc7d84cc748d0794e4a400e3]
+CVE: CVE-2025-1153
+
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ ld/emulparams/call_nop.sh     |  6 +--
+ ld/emulparams/cet.sh          |  2 +-
+ ld/emulparams/elf32mcore.sh   |  2 +-
+ ld/emulparams/x86-64-lam.sh   |  6 +--
+ ld/emulparams/x86-64-level.sh |  2 +-
+ ld/emultempl/aarch64elf.em    |  6 +--
+ ld/emultempl/aix.em           | 41 ++++++++-------
+ ld/emultempl/armelf.em        | 10 ++--
+ ld/emultempl/avrelf.em        |  2 +-
+ ld/emultempl/beos.em          | 24 ++++-----
+ ld/emultempl/cr16elf.em       |  4 +-
+ ld/emultempl/cskyelf.em       |  4 +-
+ ld/emultempl/elf.em           | 18 +++----
+ ld/emultempl/hppaelf.em       |  4 +-
+ ld/emultempl/kvxelf.em        |  7 ++-
+ ld/emultempl/loongarchelf.em  |  4 +-
+ ld/emultempl/m68hc1xelf.em    |  2 +-
+ ld/emultempl/m68kelf.em       |  4 +-
+ ld/emultempl/metagelf.em      |  4 +-
+ ld/emultempl/mipself.em       |  2 +-
+ ld/emultempl/mmix-elfnmmo.em  |  5 +-
+ ld/emultempl/nds32elf.em      |  6 +--
+ ld/emultempl/nto.em           | 28 +++++------
+ ld/emultempl/pe.em            | 20 ++++----
+ ld/emultempl/pep.em           | 16 +++---
+ ld/emultempl/ppc32elf.em      |  4 +-
+ ld/emultempl/ppc64elf.em      | 10 ++--
+ ld/emultempl/riscvelf.em      |  2 +-
+ ld/emultempl/s390.em          |  2 +-
+ ld/emultempl/scoreelf.em      |  2 +-
+ ld/emultempl/spuelf.em        | 20 ++++----
+ ld/emultempl/tic6xdsbt.em     | 10 ++--
+ ld/emultempl/ticoff.em        |  4 +-
+ ld/emultempl/v850elf.em       |  2 +-
+ ld/emultempl/vms.em           |  2 +-
+ ld/emultempl/xtensaelf.em     | 12 ++---
+ ld/emultempl/z80.em           |  2 +-
+ ld/ldcref.c                   |  8 +--
+ ld/ldelf.c                    | 34 ++++++-------
+ ld/ldelfgen.c                 | 17 +++----
+ ld/ldemul.c                   |  2 +-
+ ld/ldexp.c                    | 42 ++++++++--------
+ ld/ldfile.c                   | 14 +++---
+ ld/ldgram.y                   |  6 +--
+ ld/ldlang.c                   | 95 +++++++++++++++++------------------
+ ld/ldlex.l                    | 14 ++----
+ ld/ldmain.c                   | 44 ++++++++--------
+ ld/ldmisc.c                   | 28 ++++++++---
+ ld/ldmisc.h                   |  1 +
+ ld/ldwrite.c                  | 20 ++++----
+ ld/lexsup.c                   | 72 +++++++++++++-------------
+ ld/mri.c                      |  2 +-
+ ld/pe-dll.c                   | 12 ++---
+ ld/plugin.c                   | 27 +++++-----
+ 54 files changed, 363 insertions(+), 376 deletions(-)
+
+diff --git a/ld/emulparams/call_nop.sh b/ld/emulparams/call_nop.sh
+index 2c3c305f..7dd6dfb1 100644
+--- a/ld/emulparams/call_nop.sh
++++ b/ld/emulparams/call_nop.sh
+@@ -20,7 +20,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_CALL_NOP='
+              char *end;
+              params.call_nop_byte = strtoul (optarg + 16 , &end, 0);
+              if (*end)
+-               einfo (_("%F%P: invalid number for -z call-nop=prefix-: %s\n"),
++               fatal (_("%P: invalid number for -z call-nop=prefix-: %s\n"),
+                       optarg + 16);
+              params.call_nop_as_suffix = false;
+            }
+@@ -29,12 +29,12 @@ PARSE_AND_LIST_ARGS_CASE_Z_CALL_NOP='
+              char *end;
+              params.call_nop_byte = strtoul (optarg + 16, &end, 0);
+              if (*end)
+-               einfo (_("%F%P: invalid number for -z call-nop=suffix-: %s\n"),
++               fatal (_("%P: invalid number for -z call-nop=suffix-: %s\n"),
+                       optarg + 16);
+              params.call_nop_as_suffix = true;
+            }
+          else
+-           einfo (_("%F%P: unsupported option: -z %s\n"), optarg);
++           fatal (_("%P: unsupported option: -z %s\n"), optarg);
+        }
+ '
+ 
+diff --git a/ld/emulparams/cet.sh b/ld/emulparams/cet.sh
+index 2c627994..e463441d 100644
+--- a/ld/emulparams/cet.sh
++++ b/ld/emulparams/cet.sh
+@@ -29,7 +29,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_CET='
+                                 | prop_report_ibt
+                                 | prop_report_shstk);
+          else
+-           einfo (_("%F%P: invalid option for -z cet-report=: %s\n"),
++           fatal (_("%P: invalid option for -z cet-report=: %s\n"),
+                   optarg + 11);
+        }
+ '
+diff --git a/ld/emulparams/elf32mcore.sh b/ld/emulparams/elf32mcore.sh
+index 88a8cb6e..275a796f 100644
+--- a/ld/emulparams/elf32mcore.sh
++++ b/ld/emulparams/elf32mcore.sh
+@@ -46,6 +46,6 @@ PARSE_AND_LIST_ARGS_CASES='
+     case OPTION_BASE_FILE:
+       link_info.base_file = fopen (optarg, FOPEN_WB);
+       if (link_info.base_file == NULL)
+-       einfo (_("%F%P: cannot open base file %s\n"), optarg);
++       fatal (_("%P: cannot open base file %s\n"), optarg);
+       break;
+ '
+diff --git a/ld/emulparams/x86-64-lam.sh b/ld/emulparams/x86-64-lam.sh
+index fab42ff1..6e629ebb 100644
+--- a/ld/emulparams/x86-64-lam.sh
++++ b/ld/emulparams/x86-64-lam.sh
+@@ -25,7 +25,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_LAM='
+          else if (strcmp (optarg + 15, "error") == 0)
+            params.lam_u48_report = prop_report_error;
+          else
+-           einfo (_("%F%P: invalid option for -z lam-u48-report=: %s\n"),
++           fatal (_("%P: invalid option for -z lam-u48-report=: %s\n"),
+                   optarg + 15);
+        }
+       else if (strcmp (optarg, "lam-u57") == 0)
+@@ -39,7 +39,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_LAM='
+          else if (strcmp (optarg + 15, "error") == 0)
+            params.lam_u57_report = prop_report_error;
+          else
+-           einfo (_("%F%P: invalid option for -z lam-u57-report=: %s\n"),
++           fatal (_("%P: invalid option for -z lam-u57-report=: %s\n"),
+                   optarg + 15);
+        }
+       else if (strncmp (optarg, "lam-report=", 11) == 0)
+@@ -60,7 +60,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_LAM='
+              params.lam_u57_report = prop_report_error;
+            }
+          else
+-           einfo (_("%F%P: invalid option for -z lam-report=: %s\n"),
++           fatal (_("%P: invalid option for -z lam-report=: %s\n"),
+                   optarg + 11);
+        }
+ '
+diff --git a/ld/emulparams/x86-64-level.sh b/ld/emulparams/x86-64-level.sh
+index c46aacf3..7e27cf1e 100644
+--- a/ld/emulparams/x86-64-level.sh
++++ b/ld/emulparams/x86-64-level.sh
+@@ -10,7 +10,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_X86_64_LEVEL='
+          char *end;
+          unsigned int level = strtoul (optarg + 8 , &end, 10);
+          if (*end != '\0' || level < 2 || level > 4)
+-           einfo (_("%F%P: invalid x86-64 ISA level: %s\n"), optarg);
++           fatal (_("%P: invalid x86-64 ISA level: %s\n"), optarg);
+          params.isa_level = level;
+        }
+ '
+diff --git a/ld/emultempl/aarch64elf.em b/ld/emultempl/aarch64elf.em
+index b647909a..a6637718 100644
+--- a/ld/emultempl/aarch64elf.em
++++ b/ld/emultempl/aarch64elf.em
+@@ -316,7 +316,7 @@ aarch64_elf_create_output_section_statements (void)
+         These will only be created if the output format is an arm format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      einfo (_("%F%P: error: cannot change output format "
++      fatal (_("%P: error: cannot change output format "
+               "whilst linking %s binaries\n"), "AArch64");
+       return;
+     }
+@@ -342,7 +342,7 @@ aarch64_elf_create_output_section_statements (void)
+                              bfd_get_arch (link_info.output_bfd),
+                              bfd_get_mach (link_info.output_bfd)))
+     {
+-      einfo (_("%F%P: can not create BFD: %E\n"));
++      fatal (_("%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -468,7 +468,7 @@ PARSE_AND_LIST_ARGS_CASES='
+ 
+        group_size = bfd_scan_vma (optarg, &end, 0);
+        if (*end)
+-         einfo (_("%F%P: invalid number `%s'\''\n"), optarg);
++         fatal (_("%P: invalid number `%s'\''\n"), optarg);
+       }
+       break;
+ '
+diff --git a/ld/emultempl/aix.em b/ld/emultempl/aix.em
+index a445c329..29acdbc9 100644
+--- a/ld/emultempl/aix.em
++++ b/ld/emultempl/aix.em
+@@ -335,7 +335,7 @@ read_file_list (const char *filename)
+   f = fopen (filename, FOPEN_RT);
+   if (f == NULL)
+     {
+-      einfo (_("%F%P: cannot open %s\n"), filename);
++      fatal (_("%P: cannot open %s\n"), filename);
+       return;
+     }
+   if (fseek (f, 0L, SEEK_END) == -1)
+@@ -382,8 +382,8 @@ read_file_list (const char *filename)
+   return;
+ 
+  error:
+-  einfo (_("%F%P: cannot read %s\n"), optarg);
+   fclose (f);
++  fatal (_("%P: cannot read %s\n"), optarg);
+ }
+ 
+ static bool
+@@ -734,7 +734,7 @@ gld${EMULATION_NAME}_after_open (void)
+       size = (p->count + 2) * 4;
+       if (!bfd_xcoff_link_record_set (link_info.output_bfd, &link_info,
+                                      p->h, size))
+-       einfo (_("%F%P: bfd_xcoff_link_record_set failed: %E\n"));
++       fatal (_("%P: bfd_xcoff_link_record_set failed: %E\n"));
+     }
+ }
+ 
+@@ -764,9 +764,9 @@ gld${EMULATION_NAME}_before_allocation (void)
+ 
+       h = bfd_link_hash_lookup (link_info.hash, el->name, false, false, false);
+       if (h == NULL)
+-       einfo (_("%F%P: bfd_link_hash_lookup of export symbol failed: %E\n"));
++       fatal (_("%P: bfd_link_hash_lookup of export symbol failed: %E\n"));
+       if (!bfd_xcoff_export_symbol (link_info.output_bfd, &link_info, h))
+-       einfo (_("%F%P: bfd_xcoff_export_symbol failed: %E\n"));
++       fatal (_("%P: bfd_xcoff_export_symbol failed: %E\n"));
+     }
+ 
+   /* Track down all relocations called for by the linker script (these
+@@ -849,7 +849,7 @@ gld${EMULATION_NAME}_before_allocation (void)
+       (link_info.output_bfd, &link_info, libpath, entry_symbol.name,
+        file_align, maxstack, maxdata, gc && !unix_ld,
+        modtype, textro, flags, special_sections, rtld))
+-    einfo (_("%F%P: failed to set dynamic section sizes: %E\n"));
++    fatal (_("%P: failed to set dynamic section sizes: %E\n"));
+ 
+   /* Look through the special sections, and put them in the right
+      place in the link ordering.  This is especially magic.  */
+@@ -871,8 +871,8 @@ gld${EMULATION_NAME}_before_allocation (void)
+       is = NULL;
+       os = lang_output_section_get (sec->output_section);
+       if (os == NULL)
+-       einfo (_("%F%P: can't find output section %s\n"),
+-              sec->output_section->name);
++       fatal (_("%P: can't find output section %pA\n"),
++              sec->output_section);
+ 
+       for (pls = &os->children.head; *pls != NULL; pls = &(*pls)->header.next)
+        {
+@@ -908,8 +908,7 @@ gld${EMULATION_NAME}_before_allocation (void)
+ 
+       if (is == NULL)
+        {
+-         einfo (_("%F%P: can't find %s in output section\n"),
+-                bfd_section_name (sec));
++         fatal (_("%P: can't find %pA in output section\n"), sec);
+        }
+ 
+       /* Now figure out where the section should go.  */
+@@ -1162,7 +1161,7 @@ gld${EMULATION_NAME}_after_allocation (void)
+ 
+   /* Now that everything is in place, finalize the dynamic sections.  */
+   if (!bfd_xcoff_build_dynamic_sections (link_info.output_bfd, &link_info))
+-    einfo (_("%F%P: failed to layout dynamic sections: %E\n"));
++    fatal (_("%P: failed to layout dynamic sections: %E\n"));
+ 
+   if (!bfd_link_relocatable (&link_info))
+     {
+@@ -1313,7 +1312,7 @@ gld${EMULATION_NAME}_read_file (const char *filename, bool import)
+   if (f == NULL)
+     {
+       bfd_set_error (bfd_error_system_call);
+-      einfo ("%F%P: %s: %E\n", filename);
++      fatal ("%P: %s: %E\n", filename);
+       return;
+     }
+ 
+@@ -1375,7 +1374,7 @@ gld${EMULATION_NAME}_read_file (const char *filename, bool import)
+              obstack_free (o, obstack_base (o));
+            }
+          else if (*s == '(')
+-           einfo (_("%F%P:%s:%d: #! ([member]) is not supported "
++           fatal (_("%P:%s:%d: #! ([member]) is not supported "
+                     "in import files\n"),
+                   filename, lineno);
+          else
+@@ -1392,7 +1391,7 @@ gld${EMULATION_NAME}_read_file (const char *filename, bool import)
+              *s = '\0';
+              if (!bfd_xcoff_split_import_path (link_info.output_bfd,
+                                                start, &imppath, &impfile))
+-               einfo (_("%F%P: could not parse import path: %E\n"));
++               fatal (_("%P: could not parse import path: %E\n"));
+              while (ISSPACE (cs))
+                {
+                  ++s;
+@@ -1547,10 +1546,10 @@ gld${EMULATION_NAME}_find_relocs (lang_statement_union_type *s)
+ 
+       rs = &s->reloc_statement;
+       if (rs->name == NULL)
+-       einfo (_("%F%P: only relocations against symbols are permitted\n"));
++       fatal (_("%P: only relocations against symbols are permitted\n"));
+       if (!bfd_xcoff_link_count_reloc (link_info.output_bfd, &link_info,
+                                       rs->name))
+-       einfo (_("%F%P: bfd_xcoff_link_count_reloc failed: %E\n"));
++       fatal (_("%P: bfd_xcoff_link_count_reloc failed: %E\n"));
+     }
+ 
+   if (s->header.type == lang_assignment_statement_enum)
+@@ -1579,7 +1578,7 @@ gld${EMULATION_NAME}_find_exp_assignment (etree_type *exp)
+          if (!bfd_xcoff_record_link_assignment (link_info.output_bfd,
+                                                 &link_info,
+                                                 exp->assign.dst))
+-           einfo (_("%F%P: failed to record assignment to %s: %E\n"),
++           fatal (_("%P: failed to record assignment to %s: %E\n"),
+                   exp->assign.dst);
+        }
+       gld${EMULATION_NAME}_find_exp_assignment (exp->assign.src);
+@@ -1674,7 +1673,7 @@ gld${EMULATION_NAME}_create_output_section_statements (void)
+                             bfd_get_arch (link_info.output_bfd),
+                             bfd_get_mach (link_info.output_bfd)))
+     {
+-      einfo (_("%F%P: can not create stub BFD: %E\n"));
++      fatal (_("%P: can not create stub BFD: %E\n"));
+       return;
+     }
+ 
+@@ -1684,7 +1683,7 @@ gld${EMULATION_NAME}_create_output_section_statements (void)
+ 
+   /* Pass linker params to the back-end. */
+   if (!bfd_xcoff_link_init (&link_info, &params))
+-    einfo (_("%F%P: can not init BFD: %E\n"));
++    fatal (_("%P: can not init BFD: %E\n"));
+ 
+   /* __rtinit */
+   if (link_info.init_function != NULL
+@@ -1701,7 +1700,7 @@ gld${EMULATION_NAME}_create_output_section_statements (void)
+                                  bfd_get_arch (link_info.output_bfd),
+                                  bfd_get_mach (link_info.output_bfd)))
+        {
+-         einfo (_("%F%P: can not create BFD: %E\n"));
++         fatal (_("%P: can not create BFD: %E\n"));
+          return;
+        }
+ 
+@@ -1711,7 +1710,7 @@ gld${EMULATION_NAME}_create_output_section_statements (void)
+                                            link_info.fini_function,
+                                            rtld))
+        {
+-         einfo (_("%F%P: can not create BFD: %E\n"));
++         fatal (_("%P: can not create BFD: %E\n"));
+          return;
+        }
+ 
+diff --git a/ld/emultempl/armelf.em b/ld/emultempl/armelf.em
+index 7fb1826e..504fb0cd 100644
+--- a/ld/emultempl/armelf.em
++++ b/ld/emultempl/armelf.em
+@@ -521,7 +521,7 @@ arm_elf_create_output_section_statements (void)
+         These will only be created if the output format is an arm format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      einfo (_("%F%P: error: cannot change output format "
++      fatal (_("%P: error: cannot change output format "
+               "whilst linking %s binaries\n"), "ARM");
+       return;
+     }
+@@ -532,10 +532,10 @@ arm_elf_create_output_section_statements (void)
+                                        bfd_get_target (link_info.output_bfd));
+ 
+       if (params.in_implib_bfd == NULL)
+-       einfo (_("%F%P: %s: can't open: %E\n"), in_implib_filename);
++       fatal (_("%P: %s: can't open: %E\n"), in_implib_filename);
+ 
+       if (!bfd_check_format (params.in_implib_bfd, bfd_object))
+-       einfo (_("%F%P: %s: not a relocatable file: %E\n"), in_implib_filename);
++       fatal (_("%P: %s: not a relocatable file: %E\n"), in_implib_filename);
+     }
+ 
+   bfd_elf32_arm_set_target_params (link_info.output_bfd, &link_info, &params);
+@@ -549,7 +549,7 @@ arm_elf_create_output_section_statements (void)
+                              bfd_get_arch (link_info.output_bfd),
+                              bfd_get_mach (link_info.output_bfd)))
+     {
+-      einfo (_("%F%P: can not create BFD: %E\n"));
++      fatal (_("%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -734,7 +734,7 @@ PARSE_AND_LIST_ARGS_CASES='
+ 
+        group_size = bfd_scan_vma (optarg, &end, 0);
+        if (*end)
+-         einfo (_("%F%P: invalid number `%s'\''\n"), optarg);
++         fatal (_("%P: invalid number `%s'\''\n"), optarg);
+       }
+       break;
+ 
+diff --git a/ld/emultempl/avrelf.em b/ld/emultempl/avrelf.em
+index 3fe81004..dd5b57d1 100644
+--- a/ld/emultempl/avrelf.em
++++ b/ld/emultempl/avrelf.em
+@@ -116,7 +116,7 @@ avr_elf_create_output_section_statements (void)
+ 
+   if (bfd_get_flavour (link_info.output_bfd) != bfd_target_elf_flavour)
+     {
+-      einfo (_("%F%P: error: cannot change output format "
++      fatal (_("%P: error: cannot change output format "
+               "whilst linking %s binaries\n"), "AVR");
+       return;
+     }
+diff --git a/ld/emultempl/beos.em b/ld/emultempl/beos.em
+index 844d4986..81878b02 100644
+--- a/ld/emultempl/beos.em
++++ b/ld/emultempl/beos.em
+@@ -227,7 +227,7 @@ set_pe_subsystem (void)
+          return;
+        }
+     }
+-  einfo (_("%F%P: invalid subsystem type %s\n"), optarg);
++  fatal (_("%P: invalid subsystem type %s\n"), optarg);
+ }
+ 
+ 
+@@ -237,9 +237,7 @@ set_pe_value (char *name)
+   char *end;
+   set_pe_name (name,  strtoul (optarg, &end, 0));
+   if (end == optarg)
+-    {
+-      einfo (_("%F%P: invalid hex number for PE parameter '%s'\n"), optarg);
+-    }
++    fatal (_("%P: invalid hex number for PE parameter '%s'\n"), optarg);
+ 
+   optarg = end;
+ }
+@@ -254,9 +252,7 @@ set_pe_stack_heap (char *resname, char *comname)
+       set_pe_value (comname);
+     }
+   else if (*optarg)
+-    {
+-      einfo (_("%F%P: strange hex info for PE parameter '%s'\n"), optarg);
+-    }
++    fatal (_("%P: strange hex info for PE parameter '%s'\n"), optarg);
+ }
+ 
+ 
+@@ -271,7 +267,7 @@ gld${EMULATION_NAME}_handle_option (int optc)
+     case OPTION_BASE_FILE:
+       link_info.base_file = fopen (optarg, FOPEN_WB);
+       if (link_info.base_file == NULL)
+-       einfo (_("%F%P: cannot open base file %s\n"), optarg);
++       fatal (_("%P: cannot open base file %s\n"), optarg);
+       break;
+ 
+       /* PE options */
+@@ -380,9 +376,7 @@ gld${EMULATION_NAME}_after_open (void)
+      FIXME: This should be done via a function, rather than by
+      including an internal BFD header.  */
+   if (!obj_pe (link_info.output_bfd))
+-    {
+-      einfo (_("%F%P: PE operations on non PE file\n"));
+-    }
++    fatal (_("%P: PE operations on non PE file\n"));
+ 
+   pe_data(link_info.output_bfd)->pe_opthdr = pe;
+   pe_data(link_info.output_bfd)->dll = init[DLLOFF].value;
+@@ -431,12 +425,12 @@ sort_by_file_name (const void *a, const void *b)
+ 
+       if (!bfd_get_section_contents (sa->owner, sa, &a_sec, (file_ptr) 0,
+                                     (bfd_size_type) sizeof (a_sec)))
+-       einfo (_("%F%P: %pB: can't read contents of section .idata: %E\n"),
++       fatal (_("%P: %pB: can't read contents of section .idata: %E\n"),
+               sa->owner);
+ 
+       if (!bfd_get_section_contents (sb->owner, sb, &b_sec, (file_ptr) 0,
+                                     (bfd_size_type) sizeof (b_sec)))
+-       einfo (_("%F%P: %pB: can't read contents of section .idata: %E\n"),
++       fatal (_("%P: %pB: can't read contents of section .idata: %E\n"),
+               sb->owner);
+ 
+       i = a_sec < b_sec ? -1 : 0;
+@@ -668,7 +662,7 @@ gld${EMULATION_NAME}_place_orphan (asection *s,
+   /* Everything from the '\$' on gets deleted so don't allow '\$' as the
+      first character.  */
+   if (*secname == '\$')
+-    einfo (_("%F%P: section %s has '\$' as first character\n"), secname);
++    fatal (_("%P: section %s has '\$' as first character\n"), secname);
+   if (strchr (secname + 1, '\$') == NULL)
+     return NULL;
+ 
+@@ -698,7 +692,7 @@ gld${EMULATION_NAME}_place_orphan (asection *s,
+       }
+   ps[0] = 0;
+   if (l == NULL)
+-    einfo (_("%F%P: *(%s\$) missing from linker script\n"), output_secname);
++    fatal (_("%P: *(%s\$) missing from linker script\n"), output_secname);
+ 
+   /* Link the input section in and we're done for now.
+      The sections still have to be sorted, but that has to wait until
+diff --git a/ld/emultempl/cr16elf.em b/ld/emultempl/cr16elf.em
+index 7d4f9507..5464edf1 100644
+--- a/ld/emultempl/cr16elf.em
++++ b/ld/emultempl/cr16elf.em
+@@ -58,7 +58,7 @@ cr16_elf_after_open (void)
+             COFF and ELF.  */
+          if (bfd_get_flavour (abfd) != bfd_target_coff_flavour
+              && bfd_get_flavour (abfd) != bfd_target_elf_flavour)
+-           einfo (_("%F%P: %pB: all input objects must be COFF or ELF "
++           fatal (_("%P: %pB: all input objects must be COFF or ELF "
+                     "for --embedded-relocs\n"));
+ 
+          datasec = bfd_get_section_by_name (abfd, ".data.rel");
+@@ -82,7 +82,7 @@ cr16_elf_after_open (void)
+                                                      | SEC_IN_MEMORY))
+                  || !bfd_set_section_alignment (relsec, 2)
+                  || !bfd_set_section_size (relsec, datasec->reloc_count * 8))
+-               einfo (_("%F%P: %pB: can not create .emreloc section: %E\n"));
++               fatal (_("%P: %pB: can not create .emreloc section: %E\n"));
+            }
+ 
+          /* Double check that all other data sections are empty, as is
+diff --git a/ld/emultempl/cskyelf.em b/ld/emultempl/cskyelf.em
+index 82815e5e..9c91d7ac 100644
+--- a/ld/emultempl/cskyelf.em
++++ b/ld/emultempl/cskyelf.em
+@@ -151,7 +151,7 @@ csky_elf_create_output_section_statements (void)
+          bfd_get_arch (link_info.output_bfd),
+          bfd_get_mach (link_info.output_bfd)))
+     {
+-      einfo (_("%F%P: can not create BFD: %E\n"));
++      fatal (_("%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -324,7 +324,7 @@ PARSE_AND_LIST_ARGS_CASES='
+ 
+       group_size = bfd_scan_vma (optarg, &end, 0);
+       if (*end)
+-       einfo (_("%F%P: invalid number `%s'\''\n"), optarg);
++       fatal (_("%P: invalid number `%s'\''\n"), optarg);
+     }
+     break;
+ '
+diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em
+index 71cec19f..5cc38194 100644
+--- a/ld/emultempl/elf.em
++++ b/ld/emultempl/elf.em
+@@ -667,13 +667,13 @@ gld${EMULATION_NAME}_handle_option (int optc)
+        {
+ #ifndef HAVE_ZSTD
+          if (config.compress_debug == COMPRESS_DEBUG_ZSTD)
+-           einfo (_ ("%F%P: --compress-debug-sections=zstd: ld is not built "
+-                 "with zstd support\n"));
++           fatal (_("%P: --compress-debug-sections=zstd: ld is not built "
++                    "with zstd support\n"));
+ #endif
+        }
+       if (config.compress_debug == COMPRESS_UNKNOWN)
+-       einfo (_("%F%P: invalid --compress-debug-sections option: \`%s'\n"),
+-              optarg);
++       fatal (_("%P: invalid --compress-debug-sections option: \`%s'\n"),
++               optarg);
+       break;
+ EOF
+ 
+@@ -727,7 +727,7 @@ fragment <<EOF
+          link_info.emit_gnu_hash = true;
+        }
+       else
+-       einfo (_("%F%P: invalid hash style \`%s'\n"), optarg);
++       fatal (_("%P: invalid hash style \`%s'\n"), optarg);
+       break;
+ 
+ EOF
+@@ -747,7 +747,7 @@ fragment <<EOF
+          link_info.maxpagesize = strtoul (optarg + 14, &end, 0);
+          if (*end
+              || (link_info.maxpagesize & (link_info.maxpagesize - 1)) != 0)
+-           einfo (_("%F%P: invalid maximum page size \`%s'\n"),
++           fatal (_("%P: invalid maximum page size \`%s'\n"),
+                   optarg + 14);
+          link_info.maxpagesize_is_set = true;
+        }
+@@ -757,7 +757,7 @@ fragment <<EOF
+          link_info.commonpagesize = strtoul (optarg + 17, &end, 0);
+          if (*end
+              || (link_info.commonpagesize & (link_info.commonpagesize - 1)) != 0)
+-           einfo (_("%F%P: invalid common page size \`%s'\n"),
++           fatal (_("%P: invalid common page size \`%s'\n"),
+                   optarg + 17);
+          link_info.commonpagesize_is_set = true;
+        }
+@@ -766,7 +766,7 @@ fragment <<EOF
+          char *end;
+          link_info.stacksize = strtoul (optarg + 11, &end, 0);
+          if (*end || link_info.stacksize < 0)
+-           einfo (_("%F%P: invalid stack size \`%s'\n"), optarg + 11);
++           fatal (_("%P: invalid stack size \`%s'\n"), optarg + 11);
+          if (!link_info.stacksize)
+            /* Use -1 for explicit no-stack, because zero means
+               'default'.   */
+@@ -805,7 +805,7 @@ fragment <<EOF
+          else if (strcmp (optarg, "start-stop-visibility=protected") == 0)
+            link_info.start_stop_visibility = STV_PROTECTED;
+          else
+-           einfo (_("%F%P: invalid visibility in \`-z %s'; "
++           fatal (_("%P: invalid visibility in \`-z %s'; "
+                     "must be default, internal, hidden, or protected"),
+                   optarg);
+        }
+diff --git a/ld/emultempl/hppaelf.em b/ld/emultempl/hppaelf.em
+index 09db0cb0..f0284ea3 100644
+--- a/ld/emultempl/hppaelf.em
++++ b/ld/emultempl/hppaelf.em
+@@ -82,7 +82,7 @@ hppaelf_create_output_section_statements (void)
+                              bfd_get_arch (link_info.output_bfd),
+                              bfd_get_mach (link_info.output_bfd)))
+     {
+-      einfo (_("%F%P: can not create BFD: %E\n"));
++      fatal (_("%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -351,7 +351,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        const char *end;
+        group_size = bfd_scan_vma (optarg, &end, 0);
+        if (*end)
+-         einfo (_("%F%P: invalid number `%s'\''\n"), optarg);
++         fatal (_("%P: invalid number `%s'\''\n"), optarg);
+       }
+       break;
+ '
+diff --git a/ld/emultempl/kvxelf.em b/ld/emultempl/kvxelf.em
+index 2076c5b6..1ffbd1db 100644
+--- a/ld/emultempl/kvxelf.em
++++ b/ld/emultempl/kvxelf.em
+@@ -35,9 +35,8 @@ elf${ELFSIZE}_kvx_before_allocation (void)
+ EOF
+ if test x"${EMULATION_NAME}" != x"elf64kvx_linux"; then
+ fragment <<EOF
+-  if (bfd_link_pie (&link_info)) {
+-          einfo (_("%F:%P: -pie not supported\n"));
+-  }
++  if (bfd_link_pie (&link_info))
++    fatal (_(":%P: -pie not supported\n"));
+ EOF
+ fi
+ fragment <<EOF
+@@ -300,7 +299,7 @@ kvx_elf_create_output_section_statements (void)
+   ldlang_add_file (stub_file);
+ 
+   if (!kvx_elf${ELFSIZE}_init_stub_bfd (&link_info, stub_file->the_bfd))
+-    einfo ("%F%P: can not init BFD: %E\n");
++    einfo ("%P: can not init BFD: %E\n");
+ }
+ 
+ 
+diff --git a/ld/emultempl/loongarchelf.em b/ld/emultempl/loongarchelf.em
+index 3bb5ddf0..5a3d7b79 100644
+--- a/ld/emultempl/loongarchelf.em
++++ b/ld/emultempl/loongarchelf.em
+@@ -67,11 +67,11 @@ gld${EMULATION_NAME}_after_allocation (void)
+       && !bfd_link_relocatable (&link_info))
+     {
+       if (lang_phdr_list == NULL)
+-        elf_seg_map (link_info.output_bfd) = NULL;
++       elf_seg_map (link_info.output_bfd) = NULL;
+       if (!_bfd_elf_map_sections_to_segments (link_info.output_bfd,
+                                              &link_info,
+                                              NULL))
+-        einfo (_("%F%P: map sections to segments failed: %E\n"));
++       fatal (_("%P: map sections to segments failed: %E\n"));
+     }
+ 
+   /* Adjust program header size and .eh_frame_hdr size before
+diff --git a/ld/emultempl/m68hc1xelf.em b/ld/emultempl/m68hc1xelf.em
+index 5355b0fc..36f5f068 100644
+--- a/ld/emultempl/m68hc1xelf.em
++++ b/ld/emultempl/m68hc1xelf.em
+@@ -159,7 +159,7 @@ m68hc11elf_create_output_section_statements (void)
+                             bfd_get_arch (link_info.output_bfd),
+                             bfd_get_mach (link_info.output_bfd)))
+     {
+-      einfo (_("%F%P: can not create BFD: %E\n"));
++      fatal (_("%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+diff --git a/ld/emultempl/m68kelf.em b/ld/emultempl/m68kelf.em
+index 0477f1eb..f9a5bec2 100644
+--- a/ld/emultempl/m68kelf.em
++++ b/ld/emultempl/m68kelf.em
+@@ -82,7 +82,7 @@ m68k_elf_after_open (void)
+          asection *datasec;
+ 
+          if (bfd_get_flavour (abfd) != bfd_target_elf_flavour)
+-           einfo (_("%F%P: %pB: all input objects must be ELF "
++           fatal (_("%P: %pB: all input objects must be ELF "
+                     "for --embedded-relocs\n"));
+ 
+          datasec = bfd_get_section_by_name (abfd, ".data");
+@@ -106,7 +106,7 @@ m68k_elf_after_open (void)
+              if (relsec == NULL
+                  || !bfd_set_section_alignment (relsec, 2)
+                  || !bfd_set_section_size (relsec, datasec->reloc_count * 12))
+-               einfo (_("%F%P: %pB: can not create .emreloc section: %E\n"));
++               fatal (_("%P: %pB: can not create .emreloc section: %E\n"));
+            }
+ 
+          /* Double check that all other data sections are empty, as is
+diff --git a/ld/emultempl/metagelf.em b/ld/emultempl/metagelf.em
+index 81ab64c1..313d7ed5 100644
+--- a/ld/emultempl/metagelf.em
++++ b/ld/emultempl/metagelf.em
+@@ -59,7 +59,7 @@ metagelf_create_output_section_statements (void)
+                              bfd_get_arch (link_info.output_bfd),
+                              bfd_get_mach (link_info.output_bfd)))
+     {
+-      einfo (_("%F%P: can not create BFD: %E\n"));
++      fatal (_("%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -309,7 +309,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        const char *end;
+        group_size = bfd_scan_vma (optarg, &end, 0);
+        if (*end)
+-         einfo (_("%F%P: invalid number `%s'\''\n"), optarg);
++         fatal (_("%P: invalid number `%s'\''\n"), optarg);
+       }
+       break;
+ '
+diff --git a/ld/emultempl/mipself.em b/ld/emultempl/mipself.em
+index f8fe4b97..2a22ba49 100644
+--- a/ld/emultempl/mipself.em
++++ b/ld/emultempl/mipself.em
+@@ -152,7 +152,7 @@ mips_add_stub_section (const char *stub_sec_name, asection *input_section,
+                                 bfd_get_arch (link_info.output_bfd),
+                                 bfd_get_mach (link_info.output_bfd)))
+        {
+-         einfo (_("%F%P: can not create BFD: %E\n"));
++         fatal (_("%P: can not create BFD: %E\n"));
+          return NULL;
+        }
+       stub_bfd->flags |= BFD_LINKER_CREATED;
+diff --git a/ld/emultempl/mmix-elfnmmo.em b/ld/emultempl/mmix-elfnmmo.em
+index f2ecbba3..03186363 100644
+--- a/ld/emultempl/mmix-elfnmmo.em
++++ b/ld/emultempl/mmix-elfnmmo.em
+@@ -113,10 +113,7 @@ mmix_after_allocation (void)
+     bfd_set_section_vma (sec, 0);
+ 
+   if (!_bfd_mmix_after_linker_allocation (link_info.output_bfd, &link_info))
+-    {
+-      /* This is a fatal error; make einfo call not return.  */
+-      einfo (_("%F%P: can't finalize linker-allocated global registers\n"));
+-    }
++    fatal (_("%P: can't finalize linker-allocated global registers\n"));
+ }
+ EOF
+ 
+diff --git a/ld/emultempl/nds32elf.em b/ld/emultempl/nds32elf.em
+index bde9e35d..36260573 100644
+--- a/ld/emultempl/nds32elf.em
++++ b/ld/emultempl/nds32elf.em
+@@ -44,7 +44,7 @@ nds32_elf_create_output_section_statements (void)
+   if (strstr (bfd_get_target (link_info.output_bfd), "nds32") == NULL)
+     {
+       /* Check the output target is nds32.  */
+-      einfo (_("%F%P: error: cannot change output format whilst "
++      fatal (_("%P: error: cannot change output format whilst "
+               "linking %s binaries\n"), "NDS32");
+       return;
+     }
+@@ -96,7 +96,7 @@ nds32_elf_after_open (void)
+               && abi_ver != (elf_elfheader (abfd)->e_flags & EF_NDS_ABI))
+        {
+          /* Incompatible objects.  */
+-         einfo (_("%F%P: %pB: ABI version of object files mismatched\n"),
++         fatal (_("%P: %pB: ABI version of object files mismatched\n"),
+                 abfd);
+        }
+     }
+@@ -195,7 +195,7 @@ PARSE_AND_LIST_ARGS_CASES='
+       {
+        sym_ld_script = fopen (optarg, FOPEN_WT);
+        if(sym_ld_script == NULL)
+-         einfo (_("%F%P: cannot open map file %s: %E\n"), optarg);
++         fatal (_("%P: cannot open map file %s: %E\n"), optarg);
+       }
+     break;
+   case OPTION_HYPER_RELAX:
+diff --git a/ld/emultempl/nto.em b/ld/emultempl/nto.em
+index de69e132..609d0217 100644
+--- a/ld/emultempl/nto.em
++++ b/ld/emultempl/nto.em
+@@ -51,7 +51,7 @@ nto_create_QNX_note_section(int type)
+      is called before this function, stub_file should already be defined.  */
+   if (!stub_file)
+     {
+-      einfo (_("%F%P: cannot create .note section in stub BFD.\n"));
++      fatal (_("%P: cannot create .note section in stub BFD.\n"));
+       return NULL;
+     }
+ 
+@@ -60,7 +60,7 @@ nto_create_QNX_note_section(int type)
+   note_sec = bfd_make_section_anyway_with_flags (stub_file->the_bfd, ".note", flags);
+   if (! note_sec)
+     {
+-      einfo (_("%F%P: failed to create .note section\n"));
++      fatal (_("%P: failed to create .note section\n"));
+       return NULL;
+     }
+ 
+@@ -101,7 +101,7 @@ nto_lookup_QNX_note_section(int type)
+       sec->contents = xmalloc(sec->size);
+       if (!bfd_get_section_contents (sec->owner, sec, sec->contents, (file_ptr) 0,
+                                     sec->size))
+-       einfo (_("%F%P: %pB: can't read contents of section .note: %E\n"),
++       fatal (_("%P: %pB: can't read contents of section .note: %E\n"),
+               sec->owner);
+ 
+       e_note = (Elf_External_Note *) sec->contents;
+@@ -144,7 +144,7 @@ nto_add_note_section (void) {
+ 
+   if (nto_lazy_stack && !link_info.stacksize)
+     {
+-      einfo (_("%F%P: error: --lazy-stack must follow -zstack-size=<size>\n"));
++      fatal (_("%P: error: --lazy-stack must follow -zstack-size=<size>\n"));
+       return;
+     }
+ 
+@@ -206,22 +206,22 @@ PARSE_AND_LIST_LONGOPTS=${PARSE_AND_LIST_LONGOPTS}'
+ PARSE_AND_LIST_OPTIONS=${PARSE_AND_LIST_OPTIONS}'
+   fprintf (file, _("\
+   --stack <size>              Set size of the initial stack\n\
+-  --lazy-stack               Set lazy allocation of stack\n\
++  --lazy-stack                Set lazy allocation of stack\n\
+ "));
+ '
+ 
+ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+     case OPTION_STACK:
+       {
+-        char *end;
+-        link_info.stacksize = strtoul (optarg, &end, 0);
+-        if (*end || link_info.stacksize < 0)
+-          einfo (_("%F%P: invalid stack size `%s'\''\n"), optarg + 11);
+-        if (!link_info.stacksize)
+-          /* Use -1 for explicit no-stack, because zero means
+-             'default'.   */
+-          link_info.stacksize = -1;
+-        break;
++       char *end;
++       link_info.stacksize = strtoul (optarg, &end, 0);
++       if (*end || link_info.stacksize < 0)
++         fatal (_("%P: invalid stack size `%s'\''\n"), optarg + 11);
++       if (!link_info.stacksize)
++         /* Use -1 for explicit no-stack, because zero means
++            'default'.   */
++         link_info.stacksize = -1;
++       break;
+       }
+     case OPTION_LAZY_STACK:
+       nto_lazy_stack = true;
+diff --git a/ld/emultempl/pe.em b/ld/emultempl/pe.em
+index c6ed1110..4cb1488e 100644
+--- a/ld/emultempl/pe.em
++++ b/ld/emultempl/pe.em
+@@ -726,7 +726,7 @@ set_pe_subsystem (void)
+ 
+       if (v[i].name == NULL)
+        {
+-         einfo (_("%F%P: invalid subsystem type %s\n"), optarg);
++         fatal (_("%P: invalid subsystem type %s\n"), optarg);
+          return;
+        }
+ 
+@@ -747,7 +747,7 @@ set_pe_value (char *name)
+   set_pe_name (name,  strtoul (optarg, &end, 0));
+ 
+   if (end == optarg)
+-    einfo (_("%F%P: invalid hex number for PE parameter '%s'\n"), optarg);
++    fatal (_("%P: invalid hex number for PE parameter '%s'\n"), optarg);
+ 
+   optarg = end;
+ }
+@@ -764,7 +764,7 @@ set_pe_stack_heap (char *resname, char *comname)
+       set_pe_value (comname);
+     }
+   else if (*optarg)
+-    einfo (_("%F%P: strange hex info for PE parameter '%s'\n"), optarg);
++    fatal (_("%P: strange hex info for PE parameter '%s'\n"), optarg);
+ }
+ 
+ #define DEFAULT_BUILD_ID_STYLE "md5"
+@@ -780,7 +780,7 @@ gld${EMULATION_NAME}_handle_option (int optc)
+     case OPTION_BASE_FILE:
+       link_info.base_file = fopen (optarg, FOPEN_WB);
+       if (link_info.base_file == NULL)
+-       einfo (_("%F%P: cannot open base file %s\n"), optarg);
++       fatal (_("%P: cannot open base file %s\n"), optarg);
+       break;
+ 
+       /* PE options.  */
+@@ -1309,7 +1309,7 @@ make_runtime_ref (void)
+     = bfd_wrapped_link_hash_lookup (link_info.output_bfd, &link_info,
+                                    rr, true, false, true);
+   if (!h)
+-    einfo (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
++    fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
+   else
+     {
+       if (h->type == bfd_link_hash_new)
+@@ -1607,7 +1607,7 @@ gld${EMULATION_NAME}_after_open (void)
+   if (bfd_get_flavour (link_info.output_bfd) != bfd_target_coff_flavour
+       || coff_data (link_info.output_bfd) == NULL
+       || !obj_pe (link_info.output_bfd))
+-    einfo (_("%F%P: cannot perform PE operations on non PE output file '%pB'\n"),
++    fatal (_("%P: cannot perform PE operations on non PE output file '%pB'\n"),
+           link_info.output_bfd);
+ 
+   pe_data (link_info.output_bfd)->pe_opthdr = pe;
+@@ -1680,7 +1680,7 @@ gld${EMULATION_NAME}_after_open (void)
+         These will only be created if the output format is an arm format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      einfo (_("%F%P: error: cannot change output format "
++      fatal (_("%P: error: cannot change output format "
+               "whilst linking %s binaries\n"), "ARM");
+       return;
+     }
+@@ -1740,7 +1740,7 @@ gld${EMULATION_NAME}_after_open (void)
+ 
+                    if (!bfd_generic_link_read_symbols (is->the_bfd))
+                      {
+-                       einfo (_("%F%P: %pB: could not read symbols: %E\n"),
++                       fatal (_("%P: %pB: could not read symbols: %E\n"),
+                               is->the_bfd);
+                        return;
+                      }
+@@ -1912,7 +1912,7 @@ gld${EMULATION_NAME}_after_open (void)
+ 
+                if (!bfd_generic_link_read_symbols (is->the_bfd))
+                  {
+-                   einfo (_("%F%P: %pB: could not read symbols: %E\n"),
++                   fatal (_("%P: %pB: could not read symbols: %E\n"),
+                           is->the_bfd);
+                    return;
+                  }
+@@ -2023,7 +2023,7 @@ gld${EMULATION_NAME}_unrecognized_file (lang_input_statement_type *entry ATTRIBU
+ 
+              h = bfd_link_hash_lookup (link_info.hash, buf, true, true, true);
+              if (h == (struct bfd_link_hash_entry *) NULL)
+-               einfo (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
++               fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
+              if (h->type == bfd_link_hash_new)
+                {
+                  h->type = bfd_link_hash_undefined;
+diff --git a/ld/emultempl/pep.em b/ld/emultempl/pep.em
+index bd2ee2ed..2d033dd3 100644
+--- a/ld/emultempl/pep.em
++++ b/ld/emultempl/pep.em
+@@ -698,7 +698,7 @@ set_pep_subsystem (void)
+ 
+       if (v[i].name == NULL)
+        {
+-         einfo (_("%F%P: invalid subsystem type %s\n"), optarg);
++         fatal (_("%P: invalid subsystem type %s\n"), optarg);
+          return;
+        }
+ 
+@@ -719,7 +719,7 @@ set_pep_value (char *name)
+   set_pep_name (name,  (bfd_vma) strtoull (optarg, &end, 0));
+ 
+   if (end == optarg)
+-    einfo (_("%F%P: invalid hex number for PE parameter '%s'\n"), optarg);
++    fatal (_("%P: invalid hex number for PE parameter '%s'\n"), optarg);
+ 
+   optarg = end;
+ }
+@@ -736,7 +736,7 @@ set_pep_stack_heap (char *resname, char *comname)
+       set_pep_value (comname);
+     }
+   else if (*optarg)
+-    einfo (_("%F%P: strange hex info for PE parameter '%s'\n"), optarg);
++    fatal (_("%P: strange hex info for PE parameter '%s'\n"), optarg);
+ }
+ 
+ #define DEFAULT_BUILD_ID_STYLE "md5"
+@@ -753,7 +753,7 @@ gld${EMULATION_NAME}_handle_option (int optc)
+     case OPTION_BASE_FILE:
+       link_info.base_file = fopen (optarg, FOPEN_WB);
+       if (link_info.base_file == NULL)
+-       einfo (_("%F%P: cannot open base file %s\n"), optarg);
++       fatal (_("%P: cannot open base file %s\n"), optarg);
+       break;
+ 
+       /* PE options.  */
+@@ -1306,7 +1306,7 @@ make_runtime_ref (void)
+     = bfd_wrapped_link_hash_lookup (link_info.output_bfd, &link_info,
+                                    rr, true, false, true);
+   if (!h)
+-    einfo (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
++    fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
+   else
+     {
+       if (h->type == bfd_link_hash_new)
+@@ -1606,7 +1606,7 @@ gld${EMULATION_NAME}_after_open (void)
+   if (bfd_get_flavour (link_info.output_bfd) != bfd_target_coff_flavour
+       || coff_data (link_info.output_bfd) == NULL
+       || !obj_pe (link_info.output_bfd))
+-    einfo (_("%F%P: cannot perform PE operations on non PE output file '%pB'\n"),
++    fatal (_("%P: cannot perform PE operations on non PE output file '%pB'\n"),
+           link_info.output_bfd);
+ 
+   pe_data (link_info.output_bfd)->pe_opthdr = pep;
+@@ -1718,7 +1718,7 @@ gld${EMULATION_NAME}_after_open (void)
+ 
+                    if (!bfd_generic_link_read_symbols (is->the_bfd))
+                      {
+-                       einfo (_("%F%P: %pB: could not read symbols: %E\n"),
++                       fatal (_("%P: %pB: could not read symbols: %E\n"),
+                               is->the_bfd);
+                        return;
+                      }
+@@ -1907,7 +1907,7 @@ gld${EMULATION_NAME}_unrecognized_file (lang_input_statement_type *entry ATTRIBU
+ 
+              h = bfd_link_hash_lookup (link_info.hash, buf, true, true, true);
+              if (h == (struct bfd_link_hash_entry *) NULL)
+-               einfo (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
++               fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
+              if (h->type == bfd_link_hash_new)
+                {
+                  h->type = bfd_link_hash_undefined;
+diff --git a/ld/emultempl/ppc32elf.em b/ld/emultempl/ppc32elf.em
+index 0730a05e..ffacadc6 100644
+--- a/ld/emultempl/ppc32elf.em
++++ b/ld/emultempl/ppc32elf.em
+@@ -386,7 +386,7 @@ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+          char *end;
+          unsigned long val = strtoul (optarg, &end, 0);
+          if (*end || val > 5)
+-           einfo (_("%F%P: invalid --plt-align `%s'\''\n"), optarg);
++           fatal (_("%P: invalid --plt-align `%s'\''\n"), optarg);
+          params.plt_stub_align = val;
+        }
+       else
+@@ -419,7 +419,7 @@ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+          if (*end
+              || (params.pagesize < 4096 && params.pagesize != 0)
+              || params.pagesize != (params.pagesize & -params.pagesize))
+-           einfo (_("%F%P: invalid pagesize `%s'\''\n"), optarg);
++           fatal (_("%P: invalid pagesize `%s'\''\n"), optarg);
+        }
+       break;
+ 
+diff --git a/ld/emultempl/ppc64elf.em b/ld/emultempl/ppc64elf.em
+index 533caed2..92bf4f58 100644
+--- a/ld/emultempl/ppc64elf.em
++++ b/ld/emultempl/ppc64elf.em
+@@ -91,7 +91,7 @@ ppc_create_output_section_statements (void)
+                             bfd_get_arch (link_info.output_bfd),
+                             bfd_get_mach (link_info.output_bfd)))
+     {
+-      einfo (_("%F%P: can not create BFD: %E\n"));
++      fatal (_("%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -101,7 +101,7 @@ ppc_create_output_section_statements (void)
+   if (params.save_restore_funcs < 0)
+     params.save_restore_funcs = !bfd_link_relocatable (&link_info);
+   if (!ppc64_elf_init_stub_bfd (&link_info, &params))
+-    einfo (_("%F%P: can not init BFD: %E\n"));
++    fatal (_("%P: can not init BFD: %E\n"));
+ }
+ 
+ /* Called after opening files but before mapping sections.  */
+@@ -860,7 +860,7 @@ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+        const char *end;
+        params.group_size = bfd_scan_vma (optarg, &end, 0);
+        if (*end)
+-         einfo (_("%F%P: invalid number `%s'\''\n"), optarg);
++         fatal (_("%P: invalid number `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -886,7 +886,7 @@ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+          char *end;
+          long val = strtol (optarg, &end, 0);
+          if (*end || (unsigned long) val + 8 > 16)
+-           einfo (_("%F%P: invalid --plt-align `%s'\''\n"), optarg);
++           fatal (_("%P: invalid --plt-align `%s'\''\n"), optarg);
+          params.plt_stub_align = val;
+        }
+       else
+@@ -915,7 +915,7 @@ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+          else if (strcasecmp (optarg, "no") == 0)
+            params.power10_stubs = 0;
+          else
+-           einfo (_("%F%P: invalid --power10-stubs argument `%s'\''\n"),
++           fatal (_("%P: invalid --power10-stubs argument `%s'\''\n"),
+                   optarg);
+        }
+       else
+diff --git a/ld/emultempl/riscvelf.em b/ld/emultempl/riscvelf.em
+index fe53b2a7..006e4edb 100644
+--- a/ld/emultempl/riscvelf.em
++++ b/ld/emultempl/riscvelf.em
+@@ -141,7 +141,7 @@ riscv_create_output_section_statements (void)
+         These will only be created if the output format is a RISC-V format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      einfo (_("%F%P: error: cannot change output format"
++      fatal (_("%P: error: cannot change output format"
+               " whilst linking %s binaries\n"), "RISC-V");
+       return;
+     }
+diff --git a/ld/emultempl/s390.em b/ld/emultempl/s390.em
+index 11e7f19b..0a93d76b 100644
+--- a/ld/emultempl/s390.em
++++ b/ld/emultempl/s390.em
+@@ -34,7 +34,7 @@ static void
+ s390_elf_create_output_section_statements (void)
+ {
+   if (!bfd_elf_s390_set_options (&link_info, &params))
+-    einfo (_("%F%P: can not init BFD: %E\n"));
++    fatal (_("%P: can not init BFD: %E\n"));
+ }
+ 
+ EOF
+diff --git a/ld/emultempl/scoreelf.em b/ld/emultempl/scoreelf.em
+index 6238b5e2..6413f330 100644
+--- a/ld/emultempl/scoreelf.em
++++ b/ld/emultempl/scoreelf.em
+@@ -62,7 +62,7 @@ score_elf_after_open (void)
+         These will only be created if the output format is an score format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      einfo (_("%F%P: error: cannot change output format "
++      fatal (_("%P: error: cannot change output format "
+               "whilst linking %s binaries\n"), "S+core");
+       return;
+     }
+diff --git a/ld/emultempl/spuelf.em b/ld/emultempl/spuelf.em
+index cc39435c..c694b828 100644
+--- a/ld/emultempl/spuelf.em
++++ b/ld/emultempl/spuelf.em
+@@ -202,7 +202,7 @@ spu_elf_load_ovl_mgr (void)
+       /* User supplied __ovly_load.  */
+     }
+   else if (mgr_stream->start == mgr_stream->end)
+-    einfo (_("%F%P: no built-in overlay manager\n"));
++    fatal (_("%P: no built-in overlay manager\n"));
+   else
+     {
+       lang_input_statement_type *ovl_is;
+@@ -379,7 +379,7 @@ spu_elf_open_overlay_script (void)
+   if (script == NULL)
+     {
+     file_err:
+-      einfo (_("%F%P: can not open script: %E\n"));
++      fatal (_("%P: can not open script: %E\n"));
+     }
+   return script;
+ }
+@@ -719,7 +719,7 @@ PARSE_AND_LIST_ARGS_CASES='
+            if (*end == 0)
+              break;
+          }
+-       einfo (_("%F%P: invalid --local-store address range `%s'\''\n"), optarg);
++       fatal (_("%P: invalid --local-store address range `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -755,12 +755,12 @@ PARSE_AND_LIST_ARGS_CASES='
+       if (!num_lines_set)
+        params.num_lines = 32;
+       else if ((params.num_lines & -params.num_lines) != params.num_lines)
+-       einfo (_("%F%P: invalid --num-lines/--num-regions `%u'\''\n"),
++       fatal (_("%P: invalid --num-lines/--num-regions `%u'\''\n"),
+               params.num_lines);
+       if (!line_size_set)
+        params.line_size = 1024;
+       else if ((params.line_size & -params.line_size) != params.line_size)
+-       einfo (_("%F%P: invalid --line-size/--region-size `%u'\''\n"),
++       fatal (_("%P: invalid --line-size/--region-size `%u'\''\n"),
+               params.line_size);
+       break;
+ 
+@@ -781,7 +781,7 @@ PARSE_AND_LIST_ARGS_CASES='
+            && (params.ovly_flavour != ovly_soft_icache
+                || (params.num_lines & -params.num_lines) == params.num_lines))
+          break;
+-       einfo (_("%F%P: invalid --num-lines/--num-regions `%s'\''\n"), optarg);
++       fatal (_("%P: invalid --num-lines/--num-regions `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -794,7 +794,7 @@ PARSE_AND_LIST_ARGS_CASES='
+            && (params.ovly_flavour != ovly_soft_icache
+                || (params.line_size & -params.line_size) == params.line_size))
+          break;
+-       einfo (_("%F%P: invalid --line-size/--region-size `%s'\''\n"), optarg);
++       fatal (_("%P: invalid --line-size/--region-size `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -803,7 +803,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        char *end;
+        params.auto_overlay_fixed = strtoul (optarg, &end, 0);
+        if (*end != 0)
+-         einfo (_("%F%P: invalid --fixed-space value `%s'\''\n"), optarg);
++         fatal (_("%P: invalid --fixed-space value `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -812,7 +812,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        char *end;
+        params.auto_overlay_reserved = strtoul (optarg, &end, 0);
+        if (*end != 0)
+-         einfo (_("%F%P: invalid --reserved-space value `%s'\''\n"), optarg);
++         fatal (_("%P: invalid --reserved-space value `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -821,7 +821,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        char *end;
+        params.extra_stack_space = strtol (optarg, &end, 0);
+        if (*end != 0)
+-         einfo (_("%F%P: invalid --extra-stack-space value `%s'\''\n"), optarg);
++         fatal (_("%P: invalid --extra-stack-space value `%s'\''\n"), optarg);
+       }
+       break;
+ 
+diff --git a/ld/emultempl/tic6xdsbt.em b/ld/emultempl/tic6xdsbt.em
+index 524e3f73..a830be7e 100644
+--- a/ld/emultempl/tic6xdsbt.em
++++ b/ld/emultempl/tic6xdsbt.em
+@@ -59,10 +59,8 @@ tic6x_after_open (void)
+   if (is_tic6x_target ())
+     {
+       if (params.dsbt_index >= params.dsbt_size)
+-       {
+-         einfo (_("%F%P: invalid --dsbt-index %d, outside DSBT size\n"),
+-                params.dsbt_index);
+-       }
++       fatal (_("%P: invalid --dsbt-index %d, outside DSBT size\n"),
++              params.dsbt_index);
+       elf32_tic6x_setup (&link_info, &params);
+     }
+ 
+@@ -192,7 +190,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        if (*end == 0
+            && params.dsbt_index >= 0 && params.dsbt_index < 0x7fff)
+          break;
+-       einfo (_("%F%P: invalid --dsbt-index %s\n"), optarg);
++       fatal (_("%P: invalid --dsbt-index %s\n"), optarg);
+       }
+       break;
+     case OPTION_DSBT_SIZE:
+@@ -202,7 +200,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        if (*end == 0
+            && params.dsbt_size >= 0 && params.dsbt_size < 0x7fff)
+          break;
+-       einfo (_("%F%P: invalid --dsbt-size %s\n"), optarg);
++       fatal (_("%P: invalid --dsbt-size %s\n"), optarg);
+       }
+       break;
+    case OPTION_NO_MERGE_EXIDX_ENTRIES:
+diff --git a/ld/emultempl/ticoff.em b/ld/emultempl/ticoff.em
+index 4b048bef..bbf30f4a 100644
+--- a/ld/emultempl/ticoff.em
++++ b/ld/emultempl/ticoff.em
+@@ -88,9 +88,7 @@ gld${EMULATION_NAME}_handle_option (int optc)
+          lang_add_output_format (buf, NULL, NULL, 0);
+        }
+       else
+-       {
+-         einfo (_("%F%P: invalid COFF format version %s\n"), optarg);
+-       }
++       fatal (_("%P: invalid COFF format version %s\n"), optarg);
+       break;
+     }
+   return false;
+diff --git a/ld/emultempl/v850elf.em b/ld/emultempl/v850elf.em
+index 7bcd45f3..49ad2cc8 100644
+--- a/ld/emultempl/v850elf.em
++++ b/ld/emultempl/v850elf.em
+@@ -63,7 +63,7 @@ v850_create_output_section_statements (void)
+         These will only be created if the output format is an arm format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      einfo (_("%F%P: error: cannot change output format"
++      fatal (_("%P: error: cannot change output format"
+               " whilst linking %s binaries\n"), "V850");
+       return;
+     }
+diff --git a/ld/emultempl/vms.em b/ld/emultempl/vms.em
+index 67e9ea64..4ca2c942 100644
+--- a/ld/emultempl/vms.em
++++ b/ld/emultempl/vms.em
+@@ -201,7 +201,7 @@ gld${EMULATION_NAME}_before_allocation (void)
+       && bed->elf_backend_size_dynamic_sections
+       && ! (*bed->elf_backend_size_dynamic_sections) (link_info.output_bfd,
+                                                      &link_info))
+-    einfo (_("%F%P: failed to set dynamic section sizes: %E\n"));
++    fatal (_("%P: failed to set dynamic section sizes: %E\n"));
+ 
+   before_allocation_default ();
+ }
+diff --git a/ld/emultempl/xtensaelf.em b/ld/emultempl/xtensaelf.em
+index 51293539..208f730d 100644
+--- a/ld/emultempl/xtensaelf.em
++++ b/ld/emultempl/xtensaelf.em
+@@ -388,7 +388,7 @@ check_xtensa_info (bfd *abfd, asection *info_sec)
+ 
+   data = xmalloc (info_sec->size);
+   if (! bfd_get_section_contents (abfd, info_sec, data, 0, info_sec->size))
+-    einfo (_("%F%P: %pB: cannot read contents of section %pA\n"), abfd, info_sec);
++    fatal (_("%P: %pB: cannot read contents of section %pA\n"), abfd, info_sec);
+ 
+   if (info_sec->size > 24
+       && info_sec->size >= 24 + bfd_get_32 (abfd, data + 4)
+@@ -429,13 +429,13 @@ elf_xtensa_before_allocation (void)
+   if (is_big_endian
+       && link_info.output_bfd->xvec->byteorder == BFD_ENDIAN_LITTLE)
+     {
+-      einfo (_("%F%P: little endian output does not match "
++      fatal (_("%P: little endian output does not match "
+               "Xtensa configuration\n"));
+     }
+   if (!is_big_endian
+       && link_info.output_bfd->xvec->byteorder == BFD_ENDIAN_BIG)
+     {
+-      einfo (_("%F%P: big endian output does not match "
++      fatal (_("%P: big endian output does not match "
+               "Xtensa configuration\n"));
+     }
+ 
+@@ -454,7 +454,7 @@ elf_xtensa_before_allocation (void)
+         cannot go any further if there are any mismatches.  */
+       if ((is_big_endian && f->the_bfd->xvec->byteorder == BFD_ENDIAN_LITTLE)
+          || (!is_big_endian && f->the_bfd->xvec->byteorder == BFD_ENDIAN_BIG))
+-       einfo (_("%F%P: cross-endian linking for %pB not supported\n"),
++       fatal (_("%P: cross-endian linking for %pB not supported\n"),
+               f->the_bfd);
+ 
+       if (! first_bfd)
+@@ -485,7 +485,7 @@ elf_xtensa_before_allocation (void)
+       info_sec = bfd_make_section_with_flags (first_bfd, ".xtensa.info",
+                                              SEC_HAS_CONTENTS | SEC_READONLY);
+       if (! info_sec)
+-       einfo (_("%F%P: failed to create .xtensa.info section\n"));
++       fatal (_("%P: failed to create .xtensa.info section\n"));
+     }
+   if (info_sec)
+     {
+@@ -1224,7 +1224,7 @@ ld_build_required_section_dependence (lang_statement_union_type *s)
+       lang_statement_union_type *l = iter_stack_current (&stack);
+ 
+       if (l == NULL && link_info.non_contiguous_regions)
+-       einfo (_("%F%P: Relaxation not supported with "
++       fatal (_("%P: Relaxation not supported with "
+                 "--enable-non-contiguous-regions.\n"));
+ 
+       if (l->header.type == lang_input_section_enum)
+diff --git a/ld/emultempl/z80.em b/ld/emultempl/z80.em
+index ded04136..555f6024 100644
+--- a/ld/emultempl/z80.em
++++ b/ld/emultempl/z80.em
+@@ -48,7 +48,7 @@ z80_after_open (void)
+       const bfd_arch_info_type *info;
+       info = bfd_arch_get_compatible (link_info.output_bfd, abfd, false);
+       if (info == NULL)
+-       einfo (_("%F%P: %pB: Instruction sets of object files incompatible\n"),
++       fatal (_("%P: %pB: Instruction sets of object files incompatible\n"),
+               abfd);
+       else
+         bfd_set_arch_info (link_info.output_bfd, info);
+diff --git a/ld/ldcref.c b/ld/ldcref.c
+index 632506a4..572d4f4d 100644
+--- a/ld/ldcref.c
++++ b/ld/ldcref.c
+@@ -514,7 +514,7 @@ check_local_sym_xref (lang_input_statement_type *statement)
+     return;
+ 
+   if (!bfd_generic_link_read_symbols (abfd))
+-    einfo (_("%F%P: %pB: could not read symbols: %E\n"), abfd);
++    fatal (_("%P: %pB: could not read symbols: %E\n"), abfd);
+ 
+   for (syms = bfd_get_outsymbols (abfd); *syms; ++syms)
+     {
+@@ -625,7 +625,7 @@ check_refs (const char *name,
+      BFD might contain a prohibited cross reference.  */
+ 
+   if (!bfd_generic_link_read_symbols (abfd))
+-    einfo (_("%F%P: %pB: could not read symbols: %E\n"), abfd);
++    fatal (_("%P: %pB: could not read symbols: %E\n"), abfd);
+ 
+   info.sym_name = name;
+   info.global = global;
+@@ -687,14 +687,14 @@ check_reloc_refs (bfd *abfd, asection *sec, void *iarg)
+ 
+   relsize = bfd_get_reloc_upper_bound (abfd, sec);
+   if (relsize < 0)
+-    einfo (_("%F%P: %pB: could not read relocs: %E\n"), abfd);
++    fatal (_("%P: %pB: could not read relocs: %E\n"), abfd);
+   if (relsize == 0)
+     return;
+ 
+   relpp = (arelent **) xmalloc (relsize);
+   relcount = bfd_canonicalize_reloc (abfd, sec, relpp, info->asymbols);
+   if (relcount < 0)
+-    einfo (_("%F%P: %pB: could not read relocs: %E\n"), abfd);
++    fatal (_("%P: %pB: could not read relocs: %E\n"), abfd);
+ 
+   p = relpp;
+   pend = p + relcount;
+diff --git a/ld/ldelf.c b/ld/ldelf.c
+index d66e08dd..fb95b7a9 100644
+--- a/ld/ldelf.c
++++ b/ld/ldelf.c
+@@ -94,7 +94,7 @@ ldelf_after_parse (void)
+       else if (!link_info.maxpagesize_is_set)
+        link_info.maxpagesize = link_info.commonpagesize;
+       else
+-       einfo (_("%F%P: common page size (0x%v) > maximum page size (0x%v)\n"),
++       fatal (_("%P: common page size (0x%v) > maximum page size (0x%v)\n"),
+               link_info.commonpagesize, link_info.maxpagesize);
+     }
+ }
+@@ -120,7 +120,7 @@ ldelf_load_symbols (lang_input_statement_type *entry)
+ 
+   if (entry->flags.just_syms
+       && (bfd_get_file_flags (entry->the_bfd) & DYNAMIC) != 0)
+-    einfo (_("%F%P: %pB: --just-symbols may not be used on DSO\n"),
++    fatal (_("%P: %pB: --just-symbols may not be used on DSO\n"),
+           entry->the_bfd);
+ 
+   if (link_class == 0
+@@ -320,7 +320,7 @@ ldelf_try_needed (struct dt_needed *needed, int force, int is_linux)
+       struct bfd_link_needed_list *needs;
+ 
+       if (! bfd_elf_get_bfd_needed_list (abfd, &needs))
+-       einfo (_("%F%P: %pB: bfd_elf_get_bfd_needed_list failed: %E\n"), abfd);
++       fatal (_("%P: %pB: bfd_elf_get_bfd_needed_list failed: %E\n"), abfd);
+ 
+       if (needs != NULL)
+        {
+@@ -368,7 +368,7 @@ ldelf_try_needed (struct dt_needed *needed, int force, int is_linux)
+      can only check that using stat.  */
+ 
+   if (bfd_stat (abfd, &global_stat) != 0)
+-    einfo (_("%F%P: %pB: bfd_stat failed: %E\n"), abfd);
++    fatal (_("%P: %pB: bfd_stat failed: %E\n"), abfd);
+ 
+   /* First strip off everything before the last '/'.  */
+   soname = lbasename (bfd_get_filename (abfd));
+@@ -407,7 +407,7 @@ ldelf_try_needed (struct dt_needed *needed, int force, int is_linux)
+ 
+   /* Add this file into the symbol table.  */
+   if (! bfd_link_add_symbols (abfd, &link_info))
+-    einfo (_("%F%P: %pB: error adding symbols: %E\n"), abfd);
++    fatal (_("%P: %pB: error adding symbols: %E\n"), abfd);
+ 
+   return true;
+ }
+@@ -1205,7 +1205,7 @@ ldelf_handle_dt_needed (struct elf_link_hash_table *htab,
+          && elf_dt_name (abfd) != NULL)
+        {
+          if (bfd_elf_add_dt_needed_tag (abfd, &link_info) < 0)
+-           einfo (_("%F%P: failed to add DT_NEEDED dynamic tag\n"));
++           fatal (_("%P: failed to add DT_NEEDED dynamic tag\n"));
+        }
+ 
+   link_info.input_bfds_tail = save_input_bfd_tail;
+@@ -1256,10 +1256,8 @@ ldelf_after_open (int use_libpath, int native, int is_linux, int is_freebsd,
+                     bfd_get_target (link_info.output_bfd));
+ 
+       if (link_info.out_implib_bfd == NULL)
+-       {
+-         einfo (_("%F%P: %s: can't open for writing: %E\n"),
+-                command_line.out_implib_filename);
+-       }
++       fatal (_("%P: %s: can't open for writing: %E\n"),
++              command_line.out_implib_filename);
+     }
+ 
+   if (ldelf_emit_note_gnu_build_id != NULL
+@@ -1313,7 +1311,7 @@ ldelf_after_open (int use_libpath, int native, int is_linux, int is_freebsd,
+          && (elf_tdata (abfd)->elf_header->e_type == ET_EXEC
+              || (elf_tdata (abfd)->elf_header->e_type == ET_DYN
+                  && elf_tdata (abfd)->is_pie)))
+-       einfo (_("%F%P: cannot use executable file '%pB' as input to a link\n"),
++       fatal (_("%P: cannot use executable file '%pB' as input to a link\n"),
+               abfd);
+     }
+ 
+@@ -1367,7 +1365,7 @@ ldelf_after_open (int use_libpath, int native, int is_linux, int is_freebsd,
+                }
+              else if (seen_type != type)
+                {
+-                 einfo (_("%F%P: compact frame descriptions incompatible with"
++                 fatal (_("%P: compact frame descriptions incompatible with"
+                           " DWARF2 .eh_frame from %pB\n"),
+                         type == DWARF2_EH_HDR ? abfd : elfbfd);
+                  break;
+@@ -1409,7 +1407,7 @@ ldelf_after_open (int use_libpath, int native, int is_linux, int is_freebsd,
+ 
+   if (link_info.eh_frame_hdr_type == COMPACT_EH_HDR)
+     if (!bfd_elf_parse_eh_frame_entries (NULL, &link_info))
+-      einfo (_("%F%P: failed to parse EH frame entries\n"));
++      fatal (_("%P: failed to parse EH frame entries\n"));
+ 
+   ldelf_handle_dt_needed (htab, use_libpath, native, is_linux,
+                          is_freebsd, elfsize, prefix);
+@@ -1666,7 +1664,7 @@ ldelf_find_exp_assignment (etree_type *exp)
+                                               &link_info,
+                                               exp->assign.dst, provide,
+                                               exp->assign.hidden))
+-           einfo (_("%F%P: failed to record assignment to %s: %E\n"),
++           fatal (_("%P: failed to record assignment to %s: %E\n"),
+                   exp->assign.dst);
+        }
+       ldelf_find_exp_assignment (exp->assign.src);
+@@ -1846,7 +1844,7 @@ ldelf_before_allocation (char *audit, char *depaudit,
+          command_line.filter_shlib, audit, depaudit,
+          (const char * const *) command_line.auxiliary_filters,
+          &link_info, &sinterp)))
+-    einfo (_("%F%P: failed to set dynamic section sizes: %E\n"));
++    fatal (_("%P: failed to set dynamic section sizes: %E\n"));
+ 
+   if (sinterp != NULL)
+     {
+@@ -1883,8 +1881,8 @@ ldelf_before_allocation (char *audit, char *depaudit,
+        msg = (char *) xmalloc ((size_t) (sz + 1));
+        if (! bfd_get_section_contents (is->the_bfd, s, msg,
+                                        (file_ptr) 0, sz))
+-         einfo (_("%F%P: %pB: can't read contents of section .gnu.warning: %E\n"),
+-                is->the_bfd);
++         fatal (_("%P: %pB: can't read contents of section %pA: %E\n"),
++                is->the_bfd, s);
+        msg[sz] = '\0';
+        (*link_info.callbacks->warning) (&link_info, msg,
+                                         (const char *) NULL, is->the_bfd,
+@@ -1911,7 +1909,7 @@ ldelf_before_allocation (char *audit, char *depaudit,
+   before_allocation_default ();
+ 
+   if (!bfd_elf_size_dynsym_hash_dynstr (link_info.output_bfd, &link_info))
+-    einfo (_("%F%P: failed to set dynamic section sizes: %E\n"));
++    fatal (_("%P: failed to set dynamic section sizes: %E\n"));
+ 
+   if (ehdr_start != NULL)
+     {
+diff --git a/ld/ldelfgen.c b/ld/ldelfgen.c
+index d3448546..1b1e49ce 100644
+--- a/ld/ldelfgen.c
++++ b/ld/ldelfgen.c
+@@ -282,7 +282,7 @@ ldelf_map_segments (bool need_layout)
+                  if (os_info->ordered != os_info->count
+                      && bfd_link_relocatable (&link_info))
+                    {
+-                     einfo (_("%F%P: "
++                     fatal (_("%P: "
+                               "%pA has both ordered and unordered sections\n"),
+                             os->bfd_section);
+                      return;
+@@ -307,7 +307,7 @@ ldelf_map_segments (bool need_layout)
+          if (!_bfd_elf_map_sections_to_segments (link_info.output_bfd,
+                                                  &link_info,
+                                                  &need_layout))
+-           einfo (_("%F%P: map sections to segments failed: %E\n"));
++           fatal (_("%P: map sections to segments failed: %E\n"));
+ 
+          if (phdr_size != elf_program_header_size (link_info.output_bfd))
+            {
+@@ -327,7 +327,7 @@ ldelf_map_segments (bool need_layout)
+   while (need_layout && --tries);
+ 
+   if (tries == 0)
+-    einfo (_("%F%P: looping in map_segments\n"));
++    fatal (_("%P: looping in map_segments\n"));
+ 
+   if (bfd_get_flavour (link_info.output_bfd) == bfd_target_elf_flavour
+       && lang_phdr_list == NULL)
+@@ -337,9 +337,8 @@ ldelf_map_segments (bool need_layout)
+       const struct elf_backend_data *bed
+        = get_elf_backend_data (link_info.output_bfd);
+       if (bed->elf_backend_strip_zero_sized_dynamic_sections
+-         && !bed->elf_backend_strip_zero_sized_dynamic_sections
+-               (&link_info))
+-         einfo (_("%F%P: failed to strip zero-sized dynamic sections\n"));
++         && !bed->elf_backend_strip_zero_sized_dynamic_sections (&link_info))
++       fatal (_("%P: failed to strip zero-sized dynamic sections\n"));
+     }
+ }
+ 
+@@ -417,7 +416,7 @@ ldelf_acquire_strings_for_ctf
+     {
+       if (ctf_link_add_strtab (ctf_output, ldelf_ctf_strtab_iter_cb,
+                               &args) < 0)
+-       einfo (_("%F%P: warning: CTF strtab association failed; strings will "
++       fatal (_("%P: warning: CTF strtab association failed; strings will "
+                 "not be shared: %s\n"),
+               ctf_errmsg (ctf_errno (ctf_output)));
+     }
+@@ -444,7 +443,7 @@ ldelf_new_dynsym_for_ctf (struct ctf_dict *ctf_output, int symidx,
+       lsym.st_value = sym->st_value;
+       if (ctf_link_add_linker_symbol (ctf_output, &lsym) < 0)
+        {
+-         einfo (_("%F%P: warning: CTF symbol addition failed; CTF will "
++         fatal (_("%P: warning: CTF symbol addition failed; CTF will "
+                   "not be tied to symbols: %s\n"),
+                 ctf_errmsg (ctf_errno (ctf_output)));
+        }
+@@ -454,7 +453,7 @@ ldelf_new_dynsym_for_ctf (struct ctf_dict *ctf_output, int symidx,
+       /* Shuffle all the symbols.  */
+ 
+       if (ctf_link_shuffle_syms (ctf_output) < 0)
+-       einfo (_("%F%P: warning: CTF symbol shuffling failed; CTF will "
++       fatal (_("%P: warning: CTF symbol shuffling failed; CTF will "
+                 "not be tied to symbols: %s\n"),
+               ctf_errmsg (ctf_errno (ctf_output)));
+     }
+diff --git a/ld/ldemul.c b/ld/ldemul.c
+index 218abb84..b56b0492 100644
+--- a/ld/ldemul.c
++++ b/ld/ldemul.c
+@@ -343,7 +343,7 @@ ldemul_choose_mode (char *target)
+   einfo (_("%P: unrecognised emulation mode: %s\n"), target);
+   einfo (_("Supported emulations: "));
+   ldemul_list_emulations (stderr);
+-  einfo ("%F\n");
++  fatal ("\n");
+ }
+ 
+ void
+diff --git a/ld/ldexp.c b/ld/ldexp.c
+index 3c8ab2d3..45dffbc6 100644
+--- a/ld/ldexp.c
++++ b/ld/ldexp.c
+@@ -282,7 +282,7 @@ definedness_newfunc (struct bfd_hash_entry *entry,
+       bfd_hash_allocate (table, sizeof (struct definedness_hash_entry));
+ 
+   if (ret == NULL)
+-    einfo (_("%F%P: bfd_hash_allocate failed creating symbol %s\n"), name);
++    fatal (_("%P: bfd_hash_allocate failed creating symbol %s\n"), name);
+ 
+   ret->by_object = 0;
+   ret->iteration = 0;
+@@ -313,7 +313,7 @@ update_definedness (const char *name, struct bfd_link_hash_entry *h)
+     bfd_hash_lookup (&definedness_table, name, true, false);
+ 
+   if (defentry == NULL)
+-    einfo (_("%F%P: bfd_hash_lookup failed creating symbol %s\n"), name);
++    fatal (_("%P: bfd_hash_lookup failed creating symbol %s\n"), name);
+ 
+   /* If the symbol was already defined, and not by a script, then it
+      must be defined by an object file or by the linker target code.  */
+@@ -638,7 +638,7 @@ fold_binary (etree_type *tree)
+            expld.result.value = ((bfd_signed_vma) lhs.value
+                                  % (bfd_signed_vma) expld.result.value);
+          else if (expld.phase != lang_mark_phase_enum)
+-           einfo (_("%F%P:%pS %% by zero\n"), tree->binary.rhs);
++           fatal (_("%P:%pS %% by zero\n"), tree->binary.rhs);
+          arith_result_section (&lhs);
+          break;
+ 
+@@ -647,7 +647,7 @@ fold_binary (etree_type *tree)
+            expld.result.value = ((bfd_signed_vma) lhs.value
+                                  / (bfd_signed_vma) expld.result.value);
+          else if (expld.phase != lang_mark_phase_enum)
+-           einfo (_("%F%P:%pS / by zero\n"), tree->binary.rhs);
++           fatal (_("%P:%pS / by zero\n"), tree->binary.rhs);
+          arith_result_section (&lhs);
+          break;
+ 
+@@ -761,7 +761,7 @@ fold_name (etree_type *tree)
+          if (!h)
+            {
+              if (expld.phase != lang_first_phase_enum)
+-               einfo (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
++               fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
+            }
+          else if (h->type == bfd_link_hash_defined
+                   || h->type == bfd_link_hash_defweak)
+@@ -789,7 +789,7 @@ fold_name (etree_type *tree)
+          else if (expld.phase == lang_final_phase_enum
+                   || (expld.phase != lang_mark_phase_enum
+                       && expld.assigning_to_dot))
+-           einfo (_("%F%P:%pS: undefined symbol `%s'"
++           fatal (_("%P:%pS: undefined symbol `%s'"
+                     " referenced in expression\n"),
+                   tree, tree->name.name);
+          else if (h->type == bfd_link_hash_new)
+@@ -827,7 +827,7 @@ fold_name (etree_type *tree)
+          if (os == NULL)
+            {
+              if (expld.phase == lang_final_phase_enum)
+-               einfo (_("%F%P:%pS: undefined section `%s'"
++               fatal (_("%P:%pS: undefined section `%s'"
+                         " referenced in expression\n"),
+                       tree, tree->name.name);
+            }
+@@ -845,7 +845,7 @@ fold_name (etree_type *tree)
+          if (os == NULL)
+            {
+              if (expld.phase == lang_final_phase_enum)
+-               einfo (_("%F%P:%pS: undefined section `%s'"
++               fatal (_("%P:%pS: undefined section `%s'"
+                         " referenced in expression\n"),
+                       tree, tree->name.name);
+            }
+@@ -873,7 +873,7 @@ fold_name (etree_type *tree)
+          if (os == NULL)
+            {
+              if (expld.phase == lang_final_phase_enum)
+-               einfo (_("%F%P:%pS: undefined section `%s'"
++               fatal (_("%P:%pS: undefined section `%s'"
+                         " referenced in expression\n"),
+                       tree, tree->name.name);
+              new_number (0);
+@@ -912,7 +912,7 @@ fold_name (etree_type *tree)
+        if (mem != NULL)
+          new_number (mem->length);
+        else
+-         einfo (_("%F%P:%pS: undefined MEMORY region `%s'"
++         fatal (_("%P:%pS: undefined MEMORY region `%s'"
+                   " referenced in expression\n"),
+                 tree, tree->name.name);
+       }
+@@ -926,7 +926,7 @@ fold_name (etree_type *tree)
+        if (mem != NULL)
+          new_rel_from_abs (mem->origin);
+        else
+-         einfo (_("%F%P:%pS: undefined MEMORY region `%s'"
++         fatal (_("%P:%pS: undefined MEMORY region `%s'"
+                   " referenced in expression\n"),
+                 tree, tree->name.name);
+       }
+@@ -938,7 +938,7 @@ fold_name (etree_type *tree)
+       else if (strcmp (tree->name.name, "COMMONPAGESIZE") == 0)
+        new_number (link_info.commonpagesize);
+       else
+-       einfo (_("%F%P:%pS: unknown constant `%s' referenced in expression\n"),
++       fatal (_("%P:%pS: unknown constant `%s' referenced in expression\n"),
+               tree, tree->name.name);
+       break;
+ 
+@@ -1086,7 +1086,7 @@ exp_fold_tree_1 (etree_type *tree)
+       if (tree->assign.dst[0] == '.' && tree->assign.dst[1] == 0)
+        {
+          if (tree->type.node_class != etree_assign)
+-           einfo (_("%F%P:%pS can not PROVIDE assignment to"
++           fatal (_("%P:%pS can not PROVIDE assignment to"
+                     " location counter\n"), tree);
+          if (expld.phase != lang_first_phase_enum)
+            {
+@@ -1119,11 +1119,11 @@ exp_fold_tree_1 (etree_type *tree)
+                  || expld.section == bfd_und_section_ptr)
+                {
+                  if (expld.phase != lang_mark_phase_enum)
+-                   einfo (_("%F%P:%pS invalid assignment to"
++                   fatal (_("%P:%pS invalid assignment to"
+                             " location counter\n"), tree);
+                }
+              else if (expld.dotp == NULL)
+-               einfo (_("%F%P:%pS assignment to location counter"
++               fatal (_("%P:%pS assignment to location counter"
+                         " invalid outside of SECTIONS\n"), tree);
+ 
+              /* After allocation, assignment to dot should not be
+@@ -1142,7 +1142,7 @@ exp_fold_tree_1 (etree_type *tree)
+                    nextdot += expld.section->vma;
+                  if (nextdot < expld.dot
+                      && expld.section != bfd_abs_section_ptr)
+-                   einfo (_("%F%P:%pS cannot move location counter backwards"
++                   fatal (_("%P:%pS cannot move location counter backwards"
+                             " (from %V to %V)\n"),
+                           tree, expld.dot, nextdot);
+                  else
+@@ -1202,7 +1202,7 @@ exp_fold_tree_1 (etree_type *tree)
+                  h = bfd_link_hash_lookup (link_info.hash, tree->assign.dst,
+                                            true, false, true);
+                  if (h == NULL)
+-                   einfo (_("%F%P:%s: hash creation failed\n"),
++                   fatal (_("%P:%s: hash creation failed\n"),
+                           tree->assign.dst);
+                }
+ 
+@@ -1578,7 +1578,7 @@ exp_get_vma (etree_type *tree, lang_output_section_statement_type *os,
+       if (expld.result.valid_p)
+        return expld.result.value;
+       else if (name != NULL && expld.phase != lang_mark_phase_enum)
+-       einfo (_("%F%P:%pS: nonconstant expression for %s\n"),
++       fatal (_("%P:%pS: nonconstant expression for %s\n"),
+               tree, name);
+     }
+   return def;
+@@ -1621,7 +1621,7 @@ exp_get_fill (etree_type *tree, fill_type *def, char *name)
+   if (!expld.result.valid_p)
+     {
+       if (name != NULL && expld.phase != lang_mark_phase_enum)
+-       einfo (_("%F%P:%pS: nonconstant expression for %s\n"),
++       fatal (_("%P:%pS: nonconstant expression for %s\n"),
+               tree, name);
+       return def;
+     }
+@@ -1681,7 +1681,7 @@ exp_get_abs_int (etree_type *tree, int def, char *name)
+        }
+       else if (name != NULL && expld.phase != lang_mark_phase_enum)
+        {
+-         einfo (_("%F%P:%pS: nonconstant expression for %s\n"),
++         fatal (_("%P:%pS: nonconstant expression for %s\n"),
+                 tree, name);
+        }
+     }
+@@ -1707,7 +1707,7 @@ ldexp_init (void)
+                              definedness_newfunc,
+                              sizeof (struct definedness_hash_entry),
+                              13))
+-    einfo (_("%F%P: can not create hash table: %E\n"));
++    fatal (_("%P: can not create hash table: %E\n"));
+ }
+ 
+ /* Convert absolute symbols defined by a script from "dot" (also
+diff --git a/ld/ldfile.c b/ld/ldfile.c
+index 49d899ee..ddab0d37 100644
+--- a/ld/ldfile.c
++++ b/ld/ldfile.c
+@@ -183,7 +183,7 @@ ldfile_add_remap_file (const char * file)
+ 
+       if (*p == '\0')
+        {
+-         einfo ("%F%P: malformed remap file entry: %s\n", line);
++         fatal ("%P: malformed remap file entry: %s\n", line);
+          continue;
+        }
+ 
+@@ -195,7 +195,7 @@ ldfile_add_remap_file (const char * file)
+ 
+       if (*p == '\0')
+        {
+-         einfo ("%F%P: malformed remap file entry: %s\n", line);
++         fatal ("%P: malformed remap file entry: %s\n", line);
+          continue;
+        }
+ 
+@@ -365,7 +365,7 @@ ldfile_try_open_bfd (const char *attempt,
+   if (entry->the_bfd == NULL)
+     {
+       if (bfd_get_error () == bfd_error_invalid_target)
+-       einfo (_("%F%P: invalid BFD target `%s'\n"), entry->target);
++       fatal (_("%P: invalid BFD target `%s'\n"), entry->target);
+       return false;
+     }
+ 
+@@ -508,7 +508,7 @@ ldfile_try_open_bfd (const char *attempt,
+ 
+          if (!entry->flags.dynamic && (entry->the_bfd->flags & DYNAMIC) != 0)
+            {
+-             einfo (_("%F%P: attempted static link of dynamic object `%s'\n"),
++             fatal (_("%P: attempted static link of dynamic object `%s'\n"),
+                     attempt);
+              bfd_close (entry->the_bfd);
+              entry->the_bfd = NULL;
+@@ -919,7 +919,7 @@ ldfile_open_command_file_1 (const char *name, enum script_open_style open_how)
+       if ((open_how != script_nonT || script->open_how != script_nonT)
+          && strcmp (name, script->name) == 0)
+        {
+-         einfo (_("%F%P: error: linker script file '%s'"
++         fatal (_("%P: error: linker script file '%s'"
+                   " appears multiple times\n"), name);
+          return;
+        }
+@@ -941,7 +941,7 @@ ldfile_open_command_file_1 (const char *name, enum script_open_style open_how)
+   if (ldlex_input_stack == NULL)
+     {
+       bfd_set_error (bfd_error_system_call);
+-      einfo (_("%F%P: cannot open linker script file %s: %E\n"), name);
++      fatal (_("%P: cannot open linker script file %s: %E\n"), name);
+       return;
+     }
+ 
+@@ -1012,5 +1012,5 @@ ldfile_set_output_arch (const char *string, enum bfd_architecture defarch)
+   else if (defarch != bfd_arch_unknown)
+     ldfile_output_architecture = defarch;
+   else
+-    einfo (_("%F%P: cannot represent machine `%s'\n"), string);
++    fatal (_("%P: cannot represent machine `%s'\n"), string);
+ }
+diff --git a/ld/ldgram.y b/ld/ldgram.y
+index 0d531fdd..c2f1e298 100644
+--- a/ld/ldgram.y
++++ b/ld/ldgram.y
+@@ -209,7 +209,7 @@ mri_script_command:
+                CHIP  exp
+        |       CHIP  exp ',' exp
+        |       NAME    {
+-                       einfo(_("%F%P: unrecognised keyword in MRI style script '%s'\n"),$1);
++                       fatal (_("%P: unrecognised keyword in MRI style script '%s'\n"), $1);
+                        }
+        |       LIST    {
+                        config.map_filename = "-";
+@@ -1547,7 +1547,7 @@ yyerror (const char *arg)
+     einfo (_("%P:%s: file format not recognized; treating as linker script\n"),
+           ldlex_filename ());
+   if (error_index > 0 && error_index < ERROR_NAME_MAX)
+-    einfo (_("%F%P:%pS: %s in %s\n"), NULL, arg, error_names[error_index - 1]);
++    fatal (_("%P:%pS: %s in %s\n"), NULL, arg, error_names[error_index - 1]);
+   else
+-    einfo ("%F%P:%pS: %s\n", NULL, arg);
++    fatal ("%P:%pS: %s\n", NULL, arg);
+ }
+diff --git a/ld/ldlang.c b/ld/ldlang.c
+index 229401c8..9bf5fcbe 100644
+--- a/ld/ldlang.c
++++ b/ld/ldlang.c
+@@ -1325,7 +1325,7 @@ output_section_statement_table_init (void)
+                              output_section_statement_newfunc,
+                              sizeof (struct out_section_hash_entry),
+                              61))
+-    einfo (_("%F%P: can not create hash table: %E\n"));
++    fatal (_("%P: can not create hash table: %E\n"));
+ }
+ 
+ static void
+@@ -1453,7 +1453,7 @@ lang_memory_region_alias (const char *alias, const char *region_name)
+      the default memory region.  */
+   if (strcmp (region_name, DEFAULT_MEMORY_REGION) == 0
+       || strcmp (alias, DEFAULT_MEMORY_REGION) == 0)
+-    einfo (_("%F%P:%pS: error: alias for default memory region\n"), NULL);
++    fatal (_("%P:%pS: error: alias for default memory region\n"), NULL);
+ 
+   /* Look for the target region and check if the alias is not already
+      in use.  */
+@@ -1464,14 +1464,14 @@ lang_memory_region_alias (const char *alias, const char *region_name)
+        if (region == NULL && strcmp (n->name, region_name) == 0)
+          region = r;
+        if (strcmp (n->name, alias) == 0)
+-         einfo (_("%F%P:%pS: error: redefinition of memory region "
++         fatal (_("%P:%pS: error: redefinition of memory region "
+                   "alias `%s'\n"),
+                 NULL, alias);
+       }
+ 
+   /* Check if the target region exists.  */
+   if (region == NULL)
+-    einfo (_("%F%P:%pS: error: memory region `%s' "
++    fatal (_("%P:%pS: error: memory region `%s' "
+             "for alias `%s' does not exist\n"),
+           NULL, region_name, alias);
+ 
+@@ -1532,7 +1532,7 @@ lang_output_section_statement_lookup (const char *name,
+   if (entry == NULL)
+     {
+       if (create)
+-       einfo (_("%F%P: failed creating section `%s': %E\n"), name);
++       fatal (_("%P: failed creating section `%s': %E\n"), name);
+       return NULL;
+     }
+ 
+@@ -1567,7 +1567,7 @@ lang_output_section_statement_lookup (const char *name,
+                                             name));
+       if (entry == NULL)
+        {
+-         einfo (_("%F%P: failed creating section `%s': %E\n"), name);
++         fatal (_("%P: failed creating section `%s': %E\n"), name);
+          return NULL;
+        }
+       entry->root = last_ent->root;
+@@ -2426,7 +2426,7 @@ static void
+ init_os (lang_output_section_statement_type *s, flagword flags)
+ {
+   if (strcmp (s->name, DISCARD_SECTION_NAME) == 0)
+-    einfo (_("%F%P: illegal use of `%s' section\n"), DISCARD_SECTION_NAME);
++    fatal (_("%P: illegal use of `%s' section\n"), DISCARD_SECTION_NAME);
+ 
+   if (!s->dup_output)
+     s->bfd_section = bfd_get_section_by_name (link_info.output_bfd, s->name);
+@@ -2435,7 +2435,7 @@ init_os (lang_output_section_statement_type *s, flagword flags)
+                                                         s->name, flags);
+   if (s->bfd_section == NULL)
+     {
+-      einfo (_("%F%P: output format %s cannot represent section"
++      fatal (_("%P: output format %s cannot represent section"
+               " called %s: %E\n"),
+             link_info.output_bfd->xvec->name, s->name);
+     }
+@@ -3023,11 +3023,11 @@ load_symbols (lang_input_statement_type *entry,
+          for (p = matching; *p != NULL; p++)
+            einfo (" %s", *p);
+          free (matching);
+-         einfo ("%F\n");
++         fatal ("\n");
+        }
+       else if (err != bfd_error_file_not_recognized
+               || place == NULL)
+-       einfo (_("%F%P: %pB: file not recognized: %E\n"), entry->the_bfd);
++       fatal (_("%P: %pB: file not recognized: %E\n"), entry->the_bfd);
+ 
+       bfd_close (entry->the_bfd);
+       entry->the_bfd = NULL;
+@@ -3100,7 +3100,7 @@ load_symbols (lang_input_statement_type *entry,
+ 
+              if (!bfd_check_format (member, bfd_object))
+                {
+-                 einfo (_("%F%P: %pB: member %pB in archive is not an object\n"),
++                 fatal (_("%P: %pB: member %pB in archive is not an object\n"),
+                         entry->the_bfd, member);
+                  loaded = false;
+                }
+@@ -3115,7 +3115,7 @@ load_symbols (lang_input_statement_type *entry,
+                 substitute BFD for us.  */
+              if (!bfd_link_add_symbols (subsbfd, &link_info))
+                {
+-                 einfo (_("%F%P: %pB: error adding symbols: %E\n"), member);
++                 fatal (_("%P: %pB: error adding symbols: %E\n"), member);
+                  loaded = false;
+                }
+            }
+@@ -3129,7 +3129,7 @@ load_symbols (lang_input_statement_type *entry,
+   if (bfd_link_add_symbols (entry->the_bfd, &link_info))
+     entry->flags.loaded = true;
+   else
+-    einfo (_("%F%P: %pB: error adding symbols: %E\n"), entry->the_bfd);
++    fatal (_("%P: %pB: error adding symbols: %E\n"), entry->the_bfd);
+ 
+   return entry->flags.loaded;
+ }
+@@ -3370,7 +3370,7 @@ open_output (const char *name)
+       {
+        char *in = lrealpath (f->local_sym_name);
+        if (filename_cmp (in, out) == 0)
+-         einfo (_("%F%P: input file '%s' is the same as output file\n"),
++         fatal (_("%P: input file '%s' is the same as output file\n"),
+                 f->filename);
+        free (in);
+       }
+@@ -3432,23 +3432,23 @@ open_output (const char *name)
+   if (link_info.output_bfd == NULL)
+     {
+       if (bfd_get_error () == bfd_error_invalid_target)
+-       einfo (_("%F%P: target %s not found\n"), output_target);
++       fatal (_("%P: target %s not found\n"), output_target);
+ 
+-      einfo (_("%F%P: cannot open output file %s: %E\n"), name);
++      fatal (_("%P: cannot open output file %s: %E\n"), name);
+     }
+ 
+   delete_output_file_on_failure = true;
+ 
+   if (!bfd_set_format (link_info.output_bfd, bfd_object))
+-    einfo (_("%F%P: %s: can not make object file: %E\n"), name);
++    fatal (_("%P: %s: can not make object file: %E\n"), name);
+   if (!bfd_set_arch_mach (link_info.output_bfd,
+-                          ldfile_output_architecture,
+-                          ldfile_output_machine))
+-    einfo (_("%F%P: %s: can not set architecture: %E\n"), name);
++                         ldfile_output_architecture,
++                         ldfile_output_machine))
++    fatal (_("%P: %s: can not set architecture: %E\n"), name);
+ 
+   link_info.hash = bfd_link_hash_table_create (link_info.output_bfd);
+   if (link_info.hash == NULL)
+-    einfo (_("%F%P: can not create hash table: %E\n"));
++    fatal (_("%P: can not create hash table: %E\n"));
+ 
+   bfd_set_gp_size (link_info.output_bfd, g_switch_value);
+ }
+@@ -3662,7 +3662,7 @@ open_input_bfds (lang_statement_union_type *s,
+ 
+   /* Exit if any of the files were missing.  */
+   if (input_flags.missing_file)
+-    einfo ("%F");
++    fatal ("");
+ }
+ 
+ #ifdef ENABLE_LIBCTF
+@@ -3973,7 +3973,7 @@ insert_undefined (const char *name)
+ 
+   h = bfd_link_hash_lookup (link_info.hash, name, true, false, true);
+   if (h == NULL)
+-    einfo (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
++    fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
+   if (h->type == bfd_link_hash_new)
+     {
+       h->type = bfd_link_hash_undefined;
+@@ -4259,7 +4259,7 @@ map_input_to_output_sections
+                  else if (strcmp (name, "SHT_PREINIT_ARRAY") == 0)
+                    type = SHT_PREINIT_ARRAY;
+                  else
+-                   einfo (_ ("%F%P: invalid type for output section `%s'\n"),
++                   fatal (_ ("%P: invalid type for output section `%s'\n"),
+                           os->name);
+                }
+             else
+@@ -4268,7 +4268,7 @@ map_input_to_output_sections
+                 if (expld.result.valid_p)
+                   type = expld.result.value;
+                 else
+-                  einfo (_ ("%F%P: invalid type for output section `%s'\n"),
++                  fatal (_ ("%P: invalid type for output section `%s'\n"),
+                          os->name);
+               }
+              break;
+@@ -4417,7 +4417,7 @@ process_insert_statements (lang_statement_union_type **start)
+            }
+          if (where == NULL)
+            {
+-             einfo (_("%F%P: %s not found for insert\n"), i->where);
++             fatal (_("%P: %s not found for insert\n"), i->where);
+              return;
+            }
+ 
+@@ -5499,12 +5499,12 @@ size_input_section
+              if (dot + TO_ADDR (i->size) > end)
+                {
+                  if (i->flags & SEC_LINKER_CREATED)
+-                   einfo (_("%F%P: Output section `%pA' not large enough for "
++                   fatal (_("%P: Output section `%pA' not large enough for "
+                             "the linker-created stubs section `%pA'.\n"),
+                           i->output_section, i);
+ 
+                  if (i->rawsize && i->rawsize != i->size)
+-                   einfo (_("%F%P: Relaxation not supported with "
++                   fatal (_("%P: Relaxation not supported with "
+                             "--enable-non-contiguous-regions (section `%pA' "
+                             "would overflow `%pA' after it changed size).\n"),
+                           i, i->output_section);
+@@ -5860,7 +5860,7 @@ lang_size_sections_1
+                      dot += expld.result.section->vma;
+                  }
+                else if (expld.phase != lang_mark_phase_enum)
+-                 einfo (_("%F%P:%pS: non constant or forward reference"
++                 fatal (_("%P:%pS: non constant or forward reference"
+                           " address expression for section %s\n"),
+                         os->addr_tree, os->name);
+              }
+@@ -5943,7 +5943,7 @@ lang_size_sections_1
+                           overridden by the using the --no-check-sections
+                           switch.  */
+                        if (command_line.check_section_addresses)
+-                         einfo (_("%F%P: error: no memory region specified"
++                         fatal (_("%P: error: no memory region specified"
+                                   " for loadable section `%s'\n"),
+                                 bfd_section_name (os->bfd_section));
+                        else
+@@ -6250,7 +6250,7 @@ lang_size_sections_1
+                bool again;
+ 
+                if (!bfd_relax_section (i->owner, i, &link_info, &again))
+-                 einfo (_("%F%P: can't relax section: %E\n"));
++                 fatal (_("%P: can't relax section: %E\n"));
+                if (again)
+                  *relax = true;
+              }
+@@ -6659,7 +6659,7 @@ lang_do_assignments_1 (lang_statement_union_type *s,
+                s->data_statement.value += expld.result.section->vma;
+            }
+          else if (expld.phase == lang_final_phase_enum)
+-           einfo (_("%F%P: invalid data statement\n"));
++           fatal (_("%P: invalid data statement\n"));
+          {
+            unsigned int size;
+            switch (s->data_statement.type)
+@@ -6692,7 +6692,7 @@ lang_do_assignments_1 (lang_statement_union_type *s,
+          if (expld.result.valid_p)
+            s->reloc_statement.addend_value = expld.result.value;
+          else if (expld.phase == lang_final_phase_enum)
+-           einfo (_("%F%P: invalid reloc statement\n"));
++           fatal (_("%P: invalid reloc statement\n"));
+          dot += TO_ADDR (bfd_get_reloc_size (s->reloc_statement.howto));
+          break;
+ 
+@@ -7110,7 +7110,7 @@ lang_end (void)
+            break;
+        }
+       if (!sym)
+-       einfo (_("%F%P: --gc-sections requires a defined symbol root "
++       fatal (_("%P: --gc-sections requires a defined symbol root "
+                 "specified by -e or -u\n"));
+     }
+ 
+@@ -7135,7 +7135,7 @@ lang_end (void)
+             + bfd_section_vma (h->u.def.section->output_section)
+             + h->u.def.section->output_offset);
+       if (!bfd_set_start_address (link_info.output_bfd, val))
+-       einfo (_("%F%P: %s: can't set start address\n"), entry_symbol.name);
++       fatal (_("%P: %s: can't set start address\n"), entry_symbol.name);
+     }
+   else
+     {
+@@ -7148,7 +7148,7 @@ lang_end (void)
+       if (*send == '\0')
+        {
+          if (!bfd_set_start_address (link_info.output_bfd, val))
+-           einfo (_("%F%P: can't set start address\n"));
++           fatal (_("%P: can't set start address\n"));
+        }
+       /* BZ 2004952: Only use the start of the entry section for executables.  */
+       else if bfd_link_executable (&link_info)
+@@ -7167,7 +7167,7 @@ lang_end (void)
+                       bfd_section_vma (ts));
+              if (!bfd_set_start_address (link_info.output_bfd,
+                                          bfd_section_vma (ts)))
+-               einfo (_("%F%P: can't set start address\n"));
++               fatal (_("%P: can't set start address\n"));
+            }
+          else
+            {
+@@ -7236,11 +7236,10 @@ lang_check (void)
+                  != bfd_get_flavour (link_info.output_bfd)))
+          && (bfd_get_file_flags (input_bfd) & HAS_RELOC) != 0)
+        {
+-         einfo (_("%F%P: relocatable linking with relocations from"
++         fatal (_("%P: relocatable linking with relocations from"
+                   " format %s (%pB) to format %s (%pB) is not supported\n"),
+                 bfd_get_target (input_bfd), input_bfd,
+                 bfd_get_target (link_info.output_bfd), link_info.output_bfd);
+-         /* einfo with %F exits.  */
+        }
+ 
+       if (compatible == NULL)
+@@ -7341,7 +7340,7 @@ lang_one_common (struct bfd_link_hash_entry *h, void *info)
+ 
+   section = h->u.c.p->section;
+   if (!bfd_define_common_symbol (link_info.output_bfd, &link_info, h))
+-    einfo (_("%F%P: could not define common symbol `%pT': %E\n"),
++    fatal (_("%P: could not define common symbol `%pT': %E\n"),
+           h->root.string);
+ 
+   if (config.map_file != NULL)
+@@ -7519,7 +7518,7 @@ lang_set_flags (lang_memory_region_type *ptr, const char *flags, int invert)
+          break;
+ 
+        default:
+-         einfo (_("%F%P: invalid character %c (%d) in flags\n"),
++         fatal (_("%P: invalid character %c (%d) in flags\n"),
+                 *flags, *flags);
+          break;
+        }
+@@ -7631,7 +7630,7 @@ lang_enter_output_section_statement (const char *output_section_statement_name,
+ 
+   os->align_lma_with_input = align_with_input == ALIGN_WITH_INPUT;
+   if (os->align_lma_with_input && align != NULL)
+-    einfo (_("%F%P:%pS: error: align with input and explicit align specified\n"),
++    fatal (_("%P:%pS: error: align with input and explicit align specified\n"),
+           NULL);
+ 
+   os->subsection_alignment = subalign;
+@@ -8143,7 +8142,7 @@ lang_process (void)
+   lang_place_undefineds ();
+ 
+   if (!bfd_section_already_linked_table_init ())
+-    einfo (_("%F%P: can not create hash table: %E\n"));
++    fatal (_("%P: can not create hash table: %E\n"));
+ 
+   /* A first pass through the memory regions ensures that if any region
+      references a symbol for its origin or length then this symbol will be
+@@ -8181,7 +8180,7 @@ lang_process (void)
+       files = file_chain;
+       inputfiles = input_file_chain;
+       if (plugin_call_all_symbols_read ())
+-       einfo (_("%F%P: %s: plugin reported error after all symbols read\n"),
++       fatal (_("%P: %s: plugin reported error after all symbols read\n"),
+               plugin_error_plugin ());
+       link_info.lto_all_symbols_read = true;
+       /* Open any newly added files, updating the file chains.  */
+@@ -8758,9 +8757,7 @@ void
+ lang_startup (const char *name)
+ {
+   if (first_file->filename != NULL)
+-    {
+-      einfo (_("%F%P: multiple STARTUP files\n"));
+-    }
++    fatal (_("%P: multiple STARTUP files\n"));
+   first_file->filename = name;
+   first_file->local_sym_name = name;
+   first_file->flags.real = true;
+@@ -8984,7 +8981,7 @@ lang_record_phdrs (void)
+                        break;
+                      }
+                  if (last == NULL)
+-                   einfo (_("%F%P: no sections assigned to phdrs\n"));
++                   fatal (_("%P: no sections assigned to phdrs\n"));
+                }
+              pl = last;
+            }
+@@ -9022,7 +9019,7 @@ lang_record_phdrs (void)
+       if (!bfd_record_phdr (link_info.output_bfd, l->type,
+                            l->flags != NULL, flags, l->at != NULL,
+                            at, l->filehdr, l->phdrs, c, secs))
+-       einfo (_("%F%P: bfd_record_phdr failed: %E\n"));
++       fatal (_("%P: bfd_record_phdr failed: %E\n"));
+     }
+ 
+   free (secs);
+diff --git a/ld/ldlex.l b/ld/ldlex.l
+index e113c908..7cbade08 100644
+--- a/ld/ldlex.l
++++ b/ld/ldlex.l
+@@ -504,9 +504,7 @@ void
+ lex_push_file (FILE *file, const char *name, unsigned int sysrooted)
+ {
+   if (include_stack_ptr >= MAX_INCLUDE_DEPTH)
+-    {
+-      einfo (_("%F:includes nested too deeply\n"));
+-    }
++    fatal (_("%P: includes nested too deeply\n"));
+   file_name_stack[include_stack_ptr] = name;
+   lineno_stack[include_stack_ptr] = lineno;
+   sysrooted_stack[include_stack_ptr] = input_flags.sysrooted;
+@@ -568,9 +566,7 @@ lex_redirect (const char *string, const char *fake_filename, unsigned int count)
+ 
+   yy_init = 0;
+   if (include_stack_ptr >= MAX_INCLUDE_DEPTH)
+-    {
+-      einfo (_("%F: macros nested too deeply\n"));
+-    }
++    fatal (_("%P: macros nested too deeply\n"));
+   file_name_stack[include_stack_ptr] = fake_filename;
+   lineno_stack[include_stack_ptr] = lineno;
+   include_stack[include_stack_ptr] = YY_CURRENT_BUFFER;
+@@ -674,7 +670,7 @@ yy_input (char *buf, int max_size)
+        {
+          result = fread (buf, 1, max_size, yyin);
+          if (result < max_size && ferror (yyin))
+-           einfo (_("%F%P: read in flex scanner failed\n"));
++           fatal (_("%P: read in flex scanner failed\n"));
+        }
+     }
+   return result;
+@@ -711,7 +707,7 @@ comment (void)
+ 
+       if (c == 0)
+        {
+-         einfo (_("%F%P: EOF in comment\n"));
++         fatal (_("%P: EOF in comment\n"));
+          break;
+        }
+     }
+@@ -732,7 +728,7 @@ lex_warn_invalid (char *where, char *what)
+   if (ldfile_assumed_script)
+     {
+       bfd_set_error (bfd_error_file_not_recognized);
+-      einfo (_("%F%s: file not recognized: %E\n"), ldlex_filename ());
++      fatal (_("%s: file not recognized: %E\n"), ldlex_filename ());
+     }
+ 
+   if (! ISPRINT (*what))
+diff --git a/ld/ldmain.c b/ld/ldmain.c
+index 3cd5516c..878d9536 100644
+--- a/ld/ldmain.c
++++ b/ld/ldmain.c
+@@ -192,7 +192,7 @@ write_dependency_file (void)
+   out = fopen (config.dependency_file, FOPEN_WT);
+   if (out == NULL)
+     {
+-      einfo (_("%F%P: cannot open dependency file %s: %E\n"),
++      fatal (_("%P: cannot open dependency file %s: %E\n"),
+             config.dependency_file);
+     }
+ 
+@@ -265,7 +265,7 @@ main (int argc, char **argv)
+   expandargv (&argc, &argv);
+ 
+   if (bfd_init () != BFD_INIT_MAGIC)
+-    einfo (_("%F%P: fatal error: libbfd ABI mismatch\n"));
++    fatal (_("%P: fatal error: libbfd ABI mismatch\n"));
+ 
+   bfd_set_error_program_name (program_name);
+ 
+@@ -467,13 +467,13 @@ main (int argc, char **argv)
+     xexit (0);
+ 
+   if (link_info.inhibit_common_definition && !bfd_link_dll (&link_info))
+-    einfo (_("%F%P: --no-define-common may not be used without -shared\n"));
++    fatal (_("%P: --no-define-common may not be used without -shared\n"));
+ 
+   if (!lang_has_input_file)
+     {
+       if (version_printed || command_line.print_output_format)
+        xexit (0);
+-      einfo (_("%F%P: no input files\n"));
++      fatal (_("%P: no input files\n"));
+     }
+ 
+   if (verbose)
+@@ -493,7 +493,7 @@ main (int argc, char **argv)
+          if (config.map_file == (FILE *) NULL)
+            {
+              bfd_set_error (bfd_error_system_call);
+-             einfo (_("%F%P: cannot open map file %s: %E\n"),
++             einfo (_("%P: cannot open map file %s: %E\n"),
+                     config.map_filename);
+            }
+        }
+@@ -568,7 +568,7 @@ main (int argc, char **argv)
+       bfd *obfd = link_info.output_bfd;
+       link_info.output_bfd = NULL;
+       if (!bfd_close (obfd))
+-       einfo (_("%F%P: %s: final close failed: %E\n"), output_filename);
++       fatal (_("%P: %s: final close failed: %E\n"), output_filename);
+ 
+       /* If the --force-exe-suffix is enabled, and we're making an
+         executable file and it doesn't end in .exe, copy it to one
+@@ -595,10 +595,10 @@ main (int argc, char **argv)
+              dst = fopen (dst_name, FOPEN_WB);
+ 
+              if (!src)
+-               einfo (_("%F%P: unable to open for source of copy `%s'\n"),
++               fatal (_("%P: unable to open for source of copy `%s'\n"),
+                       output_filename);
+              if (!dst)
+-               einfo (_("%F%P: unable to open for destination of copy `%s'\n"),
++               fatal (_("%P: unable to open for destination of copy `%s'\n"),
+                       dst_name);
+              while ((l = fread (buf, 1, bsize, src)) > 0)
+                {
+@@ -709,7 +709,7 @@ get_emulation (int argc, char **argv)
+                  i++;
+                }
+              else
+-               einfo (_("%F%P: missing argument to -m\n"));
++               fatal (_("%P: missing argument to -m\n"));
+            }
+          else if (strcmp (argv[i], "-mips1") == 0
+                   || strcmp (argv[i], "-mips2") == 0
+@@ -763,11 +763,11 @@ add_ysym (const char *name)
+                                  bfd_hash_newfunc,
+                                  sizeof (struct bfd_hash_entry),
+                                  61))
+-       einfo (_("%F%P: bfd_hash_table_init failed: %E\n"));
++       fatal (_("%P: bfd_hash_table_init failed: %E\n"));
+     }
+ 
+   if (bfd_hash_lookup (link_info.notice_hash, name, true, true) == NULL)
+-    einfo (_("%F%P: bfd_hash_lookup failed: %E\n"));
++    fatal (_("%P: bfd_hash_lookup failed: %E\n"));
+ }
+ 
+ void
+@@ -780,11 +780,11 @@ add_ignoresym (struct bfd_link_info *info, const char *name)
+                                  bfd_hash_newfunc,
+                                  sizeof (struct bfd_hash_entry),
+                                  61))
+-       einfo (_("%F%P: bfd_hash_table_init failed: %E\n"));
++       fatal (_("%P: bfd_hash_table_init failed: %E\n"));
+     }
+ 
+   if (bfd_hash_lookup (info->ignore_hash, name, true, true) == NULL)
+-    einfo (_("%F%P: bfd_hash_lookup failed: %E\n"));
++    fatal (_("%P: bfd_hash_lookup failed: %E\n"));
+ }
+ 
+ /* Record a symbol to be wrapped, from the --wrap option.  */
+@@ -800,11 +800,11 @@ add_wrap (const char *name)
+                                  bfd_hash_newfunc,
+                                  sizeof (struct bfd_hash_entry),
+                                  61))
+-       einfo (_("%F%P: bfd_hash_table_init failed: %E\n"));
++       fatal (_("%P: bfd_hash_table_init failed: %E\n"));
+     }
+ 
+   if (bfd_hash_lookup (link_info.wrap_hash, name, true, true) == NULL)
+-    einfo (_("%F%P: bfd_hash_lookup failed: %E\n"));
++    fatal (_("%P: bfd_hash_lookup failed: %E\n"));
+ }
+ 
+ /* Handle the -retain-symbols-file option.  */
+@@ -832,7 +832,7 @@ add_keepsyms_file (const char *filename)
+       xmalloc (sizeof (struct bfd_hash_table));
+   if (!bfd_hash_table_init (link_info.keep_hash, bfd_hash_newfunc,
+                            sizeof (struct bfd_hash_entry)))
+-    einfo (_("%F%P: bfd_hash_table_init failed: %E\n"));
++    fatal (_("%P: bfd_hash_table_init failed: %E\n"));
+ 
+   bufsize = 100;
+   buf = (char *) xmalloc (bufsize);
+@@ -862,7 +862,7 @@ add_keepsyms_file (const char *filename)
+          buf[len] = '\0';
+ 
+          if (bfd_hash_lookup (link_info.keep_hash, buf, true, true) == NULL)
+-           einfo (_("%F%P: bfd_hash_lookup for insertion failed: %E\n"));
++           fatal (_("%P: bfd_hash_lookup for insertion failed: %E\n"));
+        }
+     }
+ 
+@@ -1269,7 +1269,7 @@ constructor_callback (struct bfd_link_info *info,
+   if (bfd_reloc_type_lookup (info->output_bfd, BFD_RELOC_CTOR) == NULL
+       && (bfd_link_relocatable (info)
+          || bfd_reloc_type_lookup (abfd, BFD_RELOC_CTOR) == NULL))
+-    einfo (_("%F%P: BFD backend error: BFD_RELOC_CTOR unsupported\n"));
++    fatal (_("%P: BFD backend error: BFD_RELOC_CTOR unsupported\n"));
+ 
+   s = set_name;
+   if (bfd_get_symbol_leading_char (abfd) != '\0')
+@@ -1281,7 +1281,7 @@ constructor_callback (struct bfd_link_info *info,
+ 
+   h = bfd_link_hash_lookup (info->hash, set_name, true, true, true);
+   if (h == (struct bfd_link_hash_entry *) NULL)
+-    einfo (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
++    fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
+   if (h->type == bfd_link_hash_new)
+     {
+       h->type = bfd_link_hash_undefined;
+@@ -1314,7 +1314,7 @@ symbol_warning (const char *warning, const char *symbol, bfd *abfd)
+   struct warning_callback_info cinfo;
+ 
+   if (!bfd_generic_link_read_symbols (abfd))
+-    einfo (_("%F%P: %pB: could not read symbols: %E\n"), abfd);
++    fatal (_("%P: %pB: could not read symbols: %E\n"), abfd);
+ 
+   cinfo.found = false;
+   cinfo.warning = warning;
+@@ -1376,14 +1376,14 @@ warning_find_reloc (bfd *abfd, asection *sec, void *iarg)
+ 
+   relsize = bfd_get_reloc_upper_bound (abfd, sec);
+   if (relsize < 0)
+-    einfo (_("%F%P: %pB: could not read relocs: %E\n"), abfd);
++    fatal (_("%P: %pB: could not read relocs: %E\n"), abfd);
+   if (relsize == 0)
+     return;
+ 
+   relpp = (arelent **) xmalloc (relsize);
+   relcount = bfd_canonicalize_reloc (abfd, sec, relpp, info->asymbols);
+   if (relcount < 0)
+-    einfo (_("%F%P: %pB: could not read relocs: %E\n"), abfd);
++    fatal (_("%P: %pB: could not read relocs: %E\n"), abfd);
+ 
+   p = relpp;
+   pend = p + relcount;
+diff --git a/ld/ldmisc.c b/ld/ldmisc.c
+index 3c862ea4..d1257214 100644
+--- a/ld/ldmisc.c
++++ b/ld/ldmisc.c
+@@ -70,7 +70,7 @@
+ void
+ vfinfo (FILE *fp, const char *fmt, va_list ap, bool is_warning)
+ {
+-  bool fatal = false;
++  bool isfatal = false;
+   const char *scan;
+   int arg_type;
+   unsigned int arg_count = 0;
+@@ -282,7 +282,7 @@ vfinfo (FILE *fp, const char *fmt, va_list ap, bool is_warning)
+ 
+            case 'F':
+              /* Error is fatal.  */
+-             fatal = true;
++             isfatal = true;
+              break;
+ 
+            case 'P':
+@@ -324,7 +324,7 @@ vfinfo (FILE *fp, const char *fmt, va_list ap, bool is_warning)
+                if (abfd != NULL)
+                  {
+                    if (!bfd_generic_link_read_symbols (abfd))
+-                     einfo (_("%F%P: %pB: could not read symbols: %E\n"), abfd);
++                     fatal (_("%P: %pB: could not read symbols: %E\n"), abfd);
+ 
+                    asymbols = bfd_get_outsymbols (abfd);
+                  }
+@@ -587,7 +587,7 @@ vfinfo (FILE *fp, const char *fmt, va_list ap, bool is_warning)
+   if (is_warning && config.fatal_warnings)
+     config.make_executable = false;
+ 
+-  if (fatal)
++  if (isfatal)
+     xexit (1);
+ }
+ 
+@@ -620,10 +620,25 @@ einfo (const char *fmt, ...)
+   fflush (stderr);
+ }
+ 
++/* Fatal error.  */
++
++void
++fatal (const char *fmt, ...)
++{
++  va_list arg;
++
++  fflush (stdout);
++  va_start (arg, fmt);
++  vfinfo (stderr, fmt, arg, true);
++  va_end (arg);
++  fflush (stderr);
++  xexit (1);
++}
++
+ void
+ info_assert (const char *file, unsigned int line)
+ {
+-  einfo (_("%F%P: internal error %s %d\n"), file, line);
++  fatal (_("%P: internal error %s %d\n"), file, line);
+ }
+ 
+ /* ('m' for map) Format info message and print on map.  */
+@@ -692,6 +707,5 @@ ld_abort (const char *file, int line, const char *fn)
+   else
+     einfo (_("%P: internal error: aborting at %s:%d\n"),
+           file, line);
+-  einfo (_("%F%P: please report this bug\n"));
+-  xexit (1);
++  fatal (_("%P: please report this bug\n"));
+ }
+diff --git a/ld/ldmisc.h b/ld/ldmisc.h
+index e8b982fe..f763ab8f 100644
+--- a/ld/ldmisc.h
++++ b/ld/ldmisc.h
+@@ -23,6 +23,7 @@
+ 
+ extern void vfinfo (FILE *fp, const char *fmt, va_list arg, bool is_warning);
+ extern void einfo (const char *, ...);
++extern void fatal (const char *, ...) ATTRIBUTE_NORETURN;
+ extern void minfo (const char *, ...);
+ extern void info_msg (const char *, ...);
+ extern void lfinfo (FILE *, const char *, ...);
+diff --git a/ld/ldwrite.c b/ld/ldwrite.c
+index 46fb33c8..ace5e564 100644
+--- a/ld/ldwrite.c
++++ b/ld/ldwrite.c
+@@ -57,14 +57,14 @@ build_link_order (lang_statement_union_type *statement)
+ 
+        link_order = bfd_new_link_order (link_info.output_bfd, output_section);
+        if (link_order == NULL)
+-         einfo (_("%F%P: bfd_new_link_order failed: %E\n"));
++         fatal (_("%P: bfd_new_link_order failed: %E\n"));
+ 
+        link_order->type = bfd_data_link_order;
+        link_order->offset = statement->data_statement.output_offset;
+        link_order->u.data.contents = bfd_alloc (link_info.output_bfd,
+                                                 QUAD_SIZE);
+        if (link_order->u.data.contents == NULL)
+-         einfo (_("%F%P: bfd_new_link_order failed: %E\n"));
++         fatal (_("%P: bfd_new_link_order failed: %E\n"));
+ 
+        value = statement->data_statement.value;
+ 
+@@ -170,7 +170,7 @@ build_link_order (lang_statement_union_type *statement)
+ 
+        link_order = bfd_new_link_order (link_info.output_bfd, output_section);
+        if (link_order == NULL)
+-         einfo (_("%F%P: bfd_new_link_order failed: %E\n"));
++         fatal (_("%P: bfd_new_link_order failed: %E\n"));
+ 
+        link_order->offset = rs->output_offset;
+        link_order->size = bfd_get_reloc_size (rs->howto);
+@@ -178,7 +178,7 @@ build_link_order (lang_statement_union_type *statement)
+        link_order->u.reloc.p = (struct bfd_link_order_reloc *)
+          bfd_alloc (link_info.output_bfd, sizeof (struct bfd_link_order_reloc));
+        if (link_order->u.reloc.p == NULL)
+-         einfo (_("%F%P: bfd_new_link_order failed: %E\n"));
++         fatal (_("%P: bfd_new_link_order failed: %E\n"));
+ 
+        link_order->u.reloc.p->reloc = rs->reloc;
+        link_order->u.reloc.p->addend = rs->addend_value;
+@@ -224,7 +224,7 @@ build_link_order (lang_statement_union_type *statement)
+            link_order = bfd_new_link_order (link_info.output_bfd,
+                                             output_section);
+            if (link_order == NULL)
+-             einfo (_("%F%P: bfd_new_link_order failed: %E\n"));
++             fatal (_("%P: bfd_new_link_order failed: %E\n"));
+ 
+            if ((i->flags & SEC_NEVER_LOAD) != 0
+                && (i->flags & SEC_DEBUGGING) == 0)
+@@ -265,7 +265,7 @@ build_link_order (lang_statement_union_type *statement)
+        link_order = bfd_new_link_order (link_info.output_bfd,
+                                         output_section);
+        if (link_order == NULL)
+-         einfo (_("%F%P: bfd_new_link_order failed: %E\n"));
++         fatal (_("%P: bfd_new_link_order failed: %E\n"));
+        link_order->type = bfd_data_link_order;
+        link_order->size = statement->padding_statement.size;
+        link_order->offset = statement->padding_statement.output_offset;
+@@ -334,8 +334,7 @@ clone_section (bfd *abfd, asection *s, const char *name, int *count)
+       if (startswith (name, ".stab")
+          || strcmp (name, "$GDB_SYMBOLS$") == 0)
+        {
+-         einfo (_ ("%F%P: cannot create split section name for %s\n"), name);
+-         /* Silence gcc warnings.  einfo exits, so we never reach here.  */
++         fatal (_ ("%P: cannot create split section name for %s\n"), name);
+          return NULL;
+        }
+       tname[5] = 0;
+@@ -346,8 +345,7 @@ clone_section (bfd *abfd, asection *s, const char *name, int *count)
+       || (h = bfd_link_hash_lookup (link_info.hash,
+                                    sname, true, true, false)) == NULL)
+     {
+-      einfo (_("%F%P: clone section failed: %E\n"));
+-      /* Silence gcc warnings.  einfo exits, so we never reach here.  */
++      fatal (_("%P: clone section failed: %E\n"));
+       return NULL;
+     }
+   free (tname);
+@@ -554,7 +552,7 @@ ldwrite (void)
+         out.  */
+ 
+       if (bfd_get_error () != bfd_error_no_error)
+-       einfo (_("%F%P: final link failed: %E\n"));
++       fatal (_("%P: final link failed: %E\n"));
+       else
+        xexit (1);
+     }
+diff --git a/ld/lexsup.c b/ld/lexsup.c
+index e9939000..00346348 100644
+--- a/ld/lexsup.c
++++ b/ld/lexsup.c
+@@ -810,7 +810,8 @@ parse_args (unsigned argc, char **argv)
+               && optc != argv[last_optind][1])
+        {
+          if (optarg)
+-           einfo (_("%F%P: Error: unable to disambiguate: %s (did you mean -%s ?)\n"),
++           fatal (_("%P: Error: unable to disambiguate: "
++                    "%s (did you mean -%s ?)\n"),
+                   argv[last_optind], argv[last_optind]);
+          else
+            einfo (_("%P: Warning: grouped short command line options are deprecated: %s\n"), argv[last_optind]);
+@@ -850,7 +851,7 @@ parse_args (unsigned argc, char **argv)
+          /* Fall through.  */
+ 
+        default:
+-         einfo (_("%F%P: use the --help option for usage information\n"));
++         fatal (_("%P: use the --help option for usage information\n"));
+          break;
+ 
+        case 1:                 /* File name.  */
+@@ -869,7 +870,7 @@ parse_args (unsigned argc, char **argv)
+                   || strcmp (optarg, "default") == 0)
+            input_flags.dynamic = true;
+          else
+-           einfo (_("%F%P: unrecognized -a option `%s'\n"), optarg);
++           fatal (_("%P: unrecognized -a option `%s'\n"), optarg);
+          break;
+        case OPTION_ASSERT:
+          /* FIXME: We just ignore these, but we should handle them.  */
+@@ -882,7 +883,7 @@ parse_args (unsigned argc, char **argv)
+          else if (strcmp (optarg, "pure-text") == 0)
+            ;
+          else
+-           einfo (_("%F%P: unrecognized -assert option `%s'\n"), optarg);
++           fatal (_("%P: unrecognized -assert option `%s'\n"), optarg);
+          break;
+        case 'A':
+          ldfile_add_arch (optarg);
+@@ -926,8 +927,7 @@ parse_args (unsigned argc, char **argv)
+ 
+              style = cplus_demangle_name_to_style (optarg);
+              if (style == unknown_demangling)
+-               einfo (_("%F%P: unknown demangling style `%s'\n"),
+-                      optarg);
++               fatal (_("%P: unknown demangling style `%s'\n"), optarg);
+ 
+              cplus_demangle_set_style (style);
+            }
+@@ -1034,7 +1034,7 @@ parse_args (unsigned argc, char **argv)
+            char *end;
+            g_switch_value = strtoul (optarg, &end, 0);
+            if (*end)
+-             einfo (_("%F%P: invalid number `%s'\n"), optarg);
++             fatal (_("%P: invalid number `%s'\n"), optarg);
+          }
+          break;
+        case 'g':
+@@ -1130,7 +1130,7 @@ parse_args (unsigned argc, char **argv)
+              link_info.unresolved_syms_in_shared_libs = RM_IGNORE;
+            }
+          else
+-           einfo (_("%F%P: bad --unresolved-symbols option: %s\n"), optarg);
++           fatal (_("%P: bad --unresolved-symbols option: %s\n"), optarg);
+          break;
+        case OPTION_WARN_UNRESOLVED_SYMBOLS:
+          link_info.warn_unresolved_syms = true;
+@@ -1217,7 +1217,7 @@ parse_args (unsigned argc, char **argv)
+          break;
+        case OPTION_PLUGIN_OPT:
+          if (plugin_opt_plugin_arg (optarg))
+-           einfo (_("%F%P: bad -plugin-opt option\n"));
++           fatal (_("%P: bad -plugin-opt option\n"));
+          break;
+ #endif /* BFD_SUPPORTS_PLUGINS */
+        case 'q':
+@@ -1234,11 +1234,11 @@ parse_args (unsigned argc, char **argv)
+               an error message here.  We cannot just make this a warning,
+               increment optind, and continue because getopt is too confused
+               and will seg-fault the next time around.  */
+-           einfo(_("%F%P: unrecognised option: %s\n"), argv[optind]);
++           fatal(_("%P: unrecognised option: %s\n"), argv[optind]);
+ 
+          if (bfd_link_pic (&link_info))
+-           einfo (_("%F%P: -r and %s may not be used together\n"),
+-                    bfd_link_dll (&link_info) ? "-shared" : "-pie");
++           fatal (_("%P: -r and %s may not be used together\n"),
++                  bfd_link_dll (&link_info) ? "-shared" : "-pie");
+ 
+          link_info.type = type_relocatable;
+          config.build_constructors = false;
+@@ -1347,7 +1347,7 @@ parse_args (unsigned argc, char **argv)
+          if (config.has_shared)
+            {
+              if (bfd_link_relocatable (&link_info))
+-               einfo (_("%F%P: -r and %s may not be used together\n"),
++               fatal (_("%P: -r and %s may not be used together\n"),
+                       "-shared");
+ 
+              link_info.type = type_dll;
+@@ -1359,7 +1359,7 @@ parse_args (unsigned argc, char **argv)
+                link_info.unresolved_syms_in_shared_libs = RM_IGNORE;
+            }
+          else
+-           einfo (_("%F%P: -shared not supported\n"));
++           fatal (_("%P: -shared not supported\n"));
+          break;
+        case OPTION_NO_PIE:
+          link_info.type = type_pde;
+@@ -1368,12 +1368,12 @@ parse_args (unsigned argc, char **argv)
+          if (config.has_shared)
+            {
+              if (bfd_link_relocatable (&link_info))
+-               einfo (_("%F%P: -r and %s may not be used together\n"), "-pie");
++               fatal (_("%P: -r and %s may not be used together\n"), "-pie");
+ 
+              link_info.type = type_pie;
+            }
+          else
+-           einfo (_("%F%P: -pie not supported\n"));
++           fatal (_("%P: -pie not supported\n"));
+          break;
+        case 'h':               /* Used on Solaris.  */
+        case OPTION_SONAME:
+@@ -1390,7 +1390,7 @@ parse_args (unsigned argc, char **argv)
+          else if (strcmp (optarg, N_("ascending")) == 0)
+            config.sort_common = sort_ascending;
+          else
+-           einfo (_("%F%P: invalid common section sorting option: %s\n"),
++           fatal (_("%P: invalid common section sorting option: %s\n"),
+                   optarg);
+          break;
+        case OPTION_SORT_SECTION:
+@@ -1399,8 +1399,7 @@ parse_args (unsigned argc, char **argv)
+          else if (strcmp (optarg, N_("alignment")) == 0)
+            sort_section = by_alignment;
+          else
+-           einfo (_("%F%P: invalid section sorting option: %s\n"),
+-                  optarg);
++           fatal (_("%P: invalid section sorting option: %s\n"), optarg);
+          break;
+        case OPTION_STATS:
+          config.stats = true;
+@@ -1436,14 +1435,14 @@ parse_args (unsigned argc, char **argv)
+            /* Check for <something>=<somthing>...  */
+            optarg2 = strchr (optarg, '=');
+            if (optarg2 == NULL)
+-             einfo (_("%F%P: invalid argument to option"
++             fatal (_("%P: invalid argument to option"
+                       " \"--section-start\"\n"));
+ 
+            optarg2++;
+ 
+            /* So far so good.  Are all the args present?  */
+            if ((*optarg == '\0') || (*optarg2 == '\0'))
+-             einfo (_("%F%P: missing argument(s) to option"
++             fatal (_("%P: missing argument(s) to option"
+                       " \"--section-start\"\n"));
+ 
+            /* We must copy the section name as set_section_start
+@@ -1487,8 +1486,8 @@ parse_args (unsigned argc, char **argv)
+          /* Fall through.  */
+        case OPTION_UR:
+          if (bfd_link_pic (&link_info))
+-           einfo (_("%F%P: -r and %s may not be used together\n"),
+-                    bfd_link_dll (&link_info) ? "-shared" : "-pie");
++           fatal (_("%P: -r and %s may not be used together\n"),
++                  bfd_link_dll (&link_info) ? "-shared" : "-pie");
+ 
+          link_info.type = type_relocatable;
+          config.build_constructors = true;
+@@ -1518,7 +1517,7 @@ parse_args (unsigned argc, char **argv)
+              char *end;
+              int level ATTRIBUTE_UNUSED = strtoul (optarg, &end, 0);
+              if (*end)
+-               einfo (_("%F%P: invalid number `%s'\n"), optarg);
++               fatal (_("%P: invalid number `%s'\n"), optarg);
+ #if BFD_SUPPORTS_PLUGINS
+              report_plugin_symbols = level > 1;
+ #endif /* BFD_SUPPORTS_PLUGINS */
+@@ -1713,7 +1712,7 @@ parse_args (unsigned argc, char **argv)
+          break;
+        case ')':
+          if (! ingroup)
+-           einfo (_("%F%P: group ended before it began (--help for usage)\n"));
++           fatal (_("%P: group ended before it began (--help for usage)\n"));
+ 
+          lang_leave_group ();
+          ingroup--;
+@@ -1729,7 +1728,7 @@ parse_args (unsigned argc, char **argv)
+ 
+        case OPTION_REMAP_INPUTS_FILE:
+          if (! ldfile_add_remap_file (optarg))
+-           einfo (_("%F%P: failed to add remap file %s\n"), optarg);
++           fatal (_("%P: failed to add remap file %s\n"), optarg);
+          break;
+ 
+        case OPTION_REMAP_INPUTS:
+@@ -1738,7 +1737,7 @@ parse_args (unsigned argc, char **argv)
+            if (optarg2 == NULL)
+              /* FIXME: Should we allow --remap-inputs=@myfile as a synonym
+                 for --remap-inputs-file=myfile ?  */
+-             einfo (_("%F%P: invalid argument to option --remap-inputs\n"));
++             fatal (_("%P: invalid argument to option --remap-inputs\n"));
+            size_t len = optarg2 - optarg;
+            char * pattern = xmalloc (len + 1);
+            memcpy (pattern, optarg, len);
+@@ -1759,8 +1758,7 @@ parse_args (unsigned argc, char **argv)
+            char *end;
+            bfd_size_type cache_size = strtoul (optarg, &end, 0);
+            if (*end != '\0')
+-             einfo (_("%F%P: invalid cache memory size: %s\n"),
+-                    optarg);
++             fatal (_("%P: invalid cache memory size: %s\n"), optarg);
+            link_info.max_cache_size = cache_size;
+          }
+          break;
+@@ -1785,7 +1783,7 @@ parse_args (unsigned argc, char **argv)
+ 
+        case OPTION_POP_STATE:
+          if (input_flags.pushed == NULL)
+-           einfo (_("%F%P: no state pushed before popping\n"));
++           fatal (_("%P: no state pushed before popping\n"));
+          else
+            {
+              struct lang_input_statement_flags *oldp = input_flags.pushed;
+@@ -1808,7 +1806,7 @@ parse_args (unsigned argc, char **argv)
+          else if (strcasecmp (optarg, "discard") == 0)
+            config.orphan_handling = orphan_handling_discard;
+          else
+-           einfo (_("%F%P: invalid argument to option"
++           fatal (_("%P: invalid argument to option"
+                     " \"--orphan-handling\"\n"));
+          break;
+ 
+@@ -1853,7 +1851,7 @@ parse_args (unsigned argc, char **argv)
+          else if (strcmp (optarg, "share-duplicated") == 0)
+            config.ctf_share_duplicated = true;
+          else
+-           einfo (_("%F%P: bad --ctf-share-types option: %s\n"), optarg);
++           fatal (_("%P: bad --ctf-share-types option: %s\n"), optarg);
+          break;
+        }
+     }
+@@ -2048,7 +2046,7 @@ parse_args (unsigned argc, char **argv)
+   if (config.no_section_header)
+     {
+       if (bfd_link_relocatable (&link_info))
+-       einfo (_("%F%P: -r and -z nosectionheader may not be used together\n"));
++       fatal (_("%P: -r and -z nosectionheader may not be used together\n"));
+ 
+       link_info.strip = strip_all;
+     }
+@@ -2056,9 +2054,9 @@ parse_args (unsigned argc, char **argv)
+   if (!bfd_link_dll (&link_info))
+     {
+       if (command_line.filter_shlib)
+-       einfo (_("%F%P: -F may not be used without -shared\n"));
++       fatal (_("%P: -F may not be used without -shared\n"));
+       if (command_line.auxiliary_filters)
+-       einfo (_("%F%P: -f may not be used without -shared\n"));
++       fatal (_("%P: -f may not be used without -shared\n"));
+     }
+ 
+   /* Treat ld -r -s as ld -r -S -x (i.e., strip all local symbols).  I
+@@ -2099,7 +2097,7 @@ set_section_start (char *sect, char *valstr)
+   const char *end;
+   bfd_vma val = bfd_scan_vma (valstr, &end, 16);
+   if (*end)
+-    einfo (_("%F%P: invalid hex number `%s'\n"), valstr);
++    fatal (_("%P: invalid hex number `%s'\n"), valstr);
+   lang_section_start (sect, exp_intop (val), NULL);
+ }
+ 
+@@ -2112,7 +2110,7 @@ set_segment_start (const char *section, char *valstr)
+ 
+   bfd_vma val = bfd_scan_vma (valstr, &end, 16);
+   if (*end)
+-    einfo (_("%F%P: invalid hex number `%s'\n"), valstr);
++    fatal (_("%P: invalid hex number `%s'\n"), valstr);
+   /* If we already have an entry for this segment, update the existing
+      value.  */
+   name = section + 1;
+diff --git a/ld/mri.c b/ld/mri.c
+index 766f3174..7c8e59fa 100644
+--- a/ld/mri.c
++++ b/ld/mri.c
+@@ -288,7 +288,7 @@ mri_format (const char *name)
+     lang_add_output_format ("srec", NULL, NULL, 1);
+ 
+   else
+-    einfo (_("%F%P: unknown format type %s\n"), name);
++    fatal (_("%P: unknown format type %s\n"), name);
+ }
+ 
+ void
+diff --git a/ld/pe-dll.c b/ld/pe-dll.c
+index 95eef84f..800d00c8 100644
+--- a/ld/pe-dll.c
++++ b/ld/pe-dll.c
+@@ -756,7 +756,7 @@ process_def_file_and_drectve (bfd *abfd ATTRIBUTE_UNUSED, struct bfd_link_info *
+ 
+          if (!bfd_generic_link_read_symbols (b))
+            {
+-             einfo (_("%F%P: %pB: could not read symbols: %E\n"), b);
++             fatal (_("%P: %pB: could not read symbols: %E\n"), b);
+              return;
+            }
+ 
+@@ -1048,7 +1048,7 @@ build_filler_bfd (bool include_edata)
+                             bfd_get_arch (link_info.output_bfd),
+                             bfd_get_mach (link_info.output_bfd)))
+     {
+-      einfo (_("%F%P: can not create BFD: %E\n"));
++      fatal (_("%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -1326,7 +1326,7 @@ pe_walk_relocs (struct bfd_link_info *info,
+ 
+       if (!bfd_generic_link_read_symbols (b))
+        {
+-         einfo (_("%F%P: %pB: could not read symbols: %E\n"), b);
++         fatal (_("%P: %pB: could not read symbols: %E\n"), b);
+          return;
+        }
+ 
+@@ -1407,7 +1407,7 @@ pe_find_data_imports (const char *symhead,
+       if (!bfd_hash_table_init (import_hash,
+                                bfd_hash_newfunc,
+                                sizeof (struct bfd_hash_entry)))
+-       einfo (_("%F%P: bfd_hash_table_init failed: %E\n"));
++       fatal (_("%P: bfd_hash_table_init failed: %E\n"));
+     }
+   else
+     import_hash = NULL;
+@@ -1447,7 +1447,7 @@ pe_find_data_imports (const char *symhead,
+ 
+                if (!bfd_generic_link_read_symbols (b))
+                  {
+-                   einfo (_("%F%P: %pB: could not read symbols: %E\n"), b);
++                   fatal (_("%P: %pB: could not read symbols: %E\n"), b);
+                    return;
+                  }
+ 
+@@ -1549,7 +1549,7 @@ generate_reloc (bfd *abfd, struct bfd_link_info *info)
+ 
+       if (!bfd_generic_link_read_symbols (b))
+        {
+-         einfo (_("%F%P: %pB: could not read symbols: %E\n"), b);
++         fatal (_("%P: %pB: could not read symbols: %E\n"), b);
+          return;
+        }
+ 
+diff --git a/ld/plugin.c b/ld/plugin.c
+index e9828690..0a99d406 100644
+--- a/ld/plugin.c
++++ b/ld/plugin.c
+@@ -252,7 +252,7 @@ plugin_opt_plugin (const char *plugin)
+   newplug->name = plugin;
+   newplug->dlhandle = dlopen (plugin, RTLD_NOW);
+   if (!newplug->dlhandle)
+-    einfo (_("%F%P: %s: error loading plugin: %s\n"), plugin, dlerror ());
++    fatal (_("%P: %s: error loading plugin: %s\n"), plugin, dlerror ());
+ 
+   /* Check if plugin has been loaded already.  */
+   while (curplug)
+@@ -345,7 +345,7 @@ plugin_get_ir_dummy_bfd (const char *name, bfd *srctemplate)
+        }
+     }
+  report_error:
+-  einfo (_("%F%P: could not create dummy IR bfd: %E\n"));
++  fatal (_("%P: could not create dummy IR bfd: %E\n"));
+   return NULL;
+ }
+ 
+@@ -426,7 +426,7 @@ asymbol_from_plugin_symbol (bfd *abfd, asymbol *asym,
+       unsigned char visibility;
+ 
+       if (!elfsym)
+-       einfo (_("%F%P: %s: non-ELF symbol in ELF BFD!\n"), asym->name);
++       fatal (_("%P: %s: non-ELF symbol in ELF BFD!\n"), asym->name);
+ 
+       if (ldsym->def == LDPK_COMMON)
+        {
+@@ -437,7 +437,7 @@ asymbol_from_plugin_symbol (bfd *abfd, asymbol *asym,
+       switch (ldsym->visibility)
+        {
+        default:
+-         einfo (_("%F%P: unknown ELF symbol visibility: %d!\n"),
++         fatal (_("%P: unknown ELF symbol visibility: %d!\n"),
+                 ldsym->visibility);
+          return LDPS_ERR;
+ 
+@@ -555,7 +555,7 @@ get_view (const void *handle, const void **viewp)
+ 
+   /* FIXME: einfo should support %lld.  */
+   if ((off_t) size != input->filesize)
+-    einfo (_("%F%P: unsupported input file size: %s (%ld bytes)\n"),
++    fatal (_("%P: unsupported input file size: %s (%ld bytes)\n"),
+           input->name, (long) input->filesize);
+ 
+   /* Check the cached view buffer.  */
+@@ -826,7 +826,7 @@ get_symbols (const void *handle, int nsyms, struct ld_plugin_symbol *syms,
+          && blhe->type != bfd_link_hash_common)
+        {
+          /* We should not have a new, indirect or warning symbol here.  */
+-         einfo (_("%F%P: %s: plugin symbol table corrupt (sym type %d)\n"),
++         fatal (_("%P: %s: plugin symbol table corrupt (sym type %d)\n"),
+                 called_plugin->name, blhe->type);
+        }
+ 
+@@ -978,13 +978,14 @@ message (int level, const char *format, ...)
+     case LDPL_ERROR:
+     default:
+       {
+-       char *newfmt = concat (level == LDPL_FATAL ? "%F" : "%X",
+-                              _("%P: error: "), format, "\n",
++       char *newfmt = concat (_("%X%P: error: "), format, "\n",
+                               (const char *) NULL);
+        fflush (stdout);
+        vfinfo (stderr, newfmt, args, true);
+        fflush (stderr);
+        free (newfmt);
++       if (level == LDPL_FATAL)
++         fatal ("");
+       }
+       break;
+     }
+@@ -1127,14 +1128,14 @@ plugin_load_plugins (void)
+       if (!onloadfn)
+        onloadfn = (ld_plugin_onload) dlsym (curplug->dlhandle, "_onload");
+       if (!onloadfn)
+-       einfo (_("%F%P: %s: error loading plugin: %s\n"),
++       fatal (_("%P: %s: error loading plugin: %s\n"),
+               curplug->name, dlerror ());
+       set_tv_plugin_args (curplug, &my_tv[tv_header_size]);
+       called_plugin = curplug;
+       rv = (*onloadfn) (my_tv);
+       called_plugin = NULL;
+       if (rv != LDPS_OK)
+-       einfo (_("%F%P: %s: plugin error: %d\n"), curplug->name, rv);
++       fatal (_("%P: %s: plugin error: %d\n"), curplug->name, rv);
+       curplug = curplug->next;
+     }
+ 
+@@ -1193,7 +1194,7 @@ plugin_strdup (bfd *abfd, const char *str)
+   strlength = strlen (str) + 1;
+   copy = bfd_alloc (abfd, strlength);
+   if (copy == NULL)
+-    einfo (_("%F%P: plugin_strdup failed to allocate memory: %s\n"),
++    fatal (_("%P: plugin_strdup failed to allocate memory: %s\n"),
+           bfd_get_error ());
+   memcpy (copy, str, strlength);
+   return copy;
+@@ -1230,7 +1231,7 @@ plugin_object_p (bfd *ibfd, bool known_used)
+ 
+   input = bfd_alloc (abfd, sizeof (*input));
+   if (input == NULL)
+-    einfo (_("%F%P: plugin failed to allocate memory for input: %s\n"),
++    fatal (_("%P: plugin failed to allocate memory for input: %s\n"),
+           bfd_get_error ());
+ 
+   if (!bfd_plugin_open_input (ibfd, &file))
+@@ -1258,7 +1259,7 @@ plugin_object_p (bfd *ibfd, bool known_used)
+   claimed = 0;
+ 
+   if (plugin_call_claim_file (&file, &claimed, known_used))
+-    einfo (_("%F%P: %s: plugin reported error claiming file\n"),
++    fatal (_("%P: %s: plugin reported error claiming file\n"),
+           plugin_error_plugin ());
+ 
+   if (input->fd != -1
+-- 
+2.43.0
+
diff --git a/meta/recipes-devtools/binutils/binutils/0020-CVE-2025-1153-2.patch b/meta/recipes-devtools/binutils/binutils/0020-CVE-2025-1153-2.patch
new file mode 100644
index 0000000000..2b473914b7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0020-CVE-2025-1153-2.patch
@@ -0,0 +1,840 @@
+From 31e9e2e8d1090da0c1da97a70005d8841fff8ddd Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 16 Feb 2025 23:34:55 +1030
+Subject: [PATCH] PR 32603, more ld -w misbehaviour
+
+Commit 8d97c1a53f3d claimed to replace all einfo calls using %F with
+a call to fatal.  It did so only for the ld/ directory.  This patch
+adds a "fatal" to linker callbacks, and replaces those calls in bfd/
+too.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=31e9e2e8d1090da0c1da97a70005d8841fff8ddd]
+CVE: CVE-2025-1153
+
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ bfd/archive.c         |  4 ++--
+ bfd/coff-aarch64.c    |  4 +---
+ bfd/coffgen.c         |  2 +-
+ bfd/elf-ifunc.c       |  4 ++--
+ bfd/elf-m10300.c      |  4 ++--
+ bfd/elf-properties.c  |  4 ++--
+ bfd/elf.c             |  4 ++--
+ bfd/elf32-arm.c       |  2 +-
+ bfd/elf32-avr.c       |  4 ++--
+ bfd/elf32-csky.c      |  2 +-
+ bfd/elf32-frv.c       |  4 ++--
+ bfd/elf32-hppa.c      |  6 ++---
+ bfd/elf32-i386.c      |  4 ++--
+ bfd/elf32-m68hc11.c   |  2 +-
+ bfd/elf32-m68hc12.c   |  2 +-
+ bfd/elf32-metag.c     |  2 +-
+ bfd/elf32-spu.c       |  5 ++--
+ bfd/elf64-ia64-vms.c  |  4 ++--
+ bfd/elf64-ppc.c       |  4 ++--
+ bfd/elf64-x86-64.c    | 14 +++++------
+ bfd/elflink.c         |  8 +++----
+ bfd/elfnn-aarch64.c   |  6 ++---
+ bfd/elfnn-ia64.c      |  4 ++--
+ bfd/elfnn-kvx.c       |  2 +-
+ bfd/elfnn-loongarch.c |  4 ++--
+ bfd/elfxx-aarch64.c   |  6 ++---
+ bfd/elfxx-sparc.c     |  4 ++--
+ bfd/elfxx-x86.c       | 56 +++++++++++++++++++++----------------------
+ bfd/linker.c          |  2 +-
+ bfd/reloc.c           |  4 ++--
+ bfd/reloc16.c         |  4 ++--
+ bfd/xcofflink.c       |  2 +-
+ include/bfdlink.h     |  3 +++
+ ld/ldmain.c           |  1 +
+ 34 files changed, 94 insertions(+), 93 deletions(-)
+
+diff --git a/bfd/archive.c b/bfd/archive.c
+index 9f3fbce9..0f617276 100644
+--- a/bfd/archive.c
++++ b/bfd/archive.c
+@@ -749,8 +749,8 @@ _bfd_get_elt_at_filepos (bfd *archive, file_ptr filepos,
+            case bfd_error_system_call:
+              if (info != NULL)
+                {
+-                 info->callbacks->einfo
+-                   (_("%F%P: %pB(%s): error opening thin archive member: %E\n"),
++                 info->callbacks->fatal
++                   (_("%P: %pB(%s): error opening thin archive member: %E\n"),
+                     archive, filename);
+                  break;
+                }
+diff --git a/bfd/coff-aarch64.c b/bfd/coff-aarch64.c
+index 825963c0..53f539e0 100644
+--- a/bfd/coff-aarch64.c
++++ b/bfd/coff-aarch64.c
+@@ -876,10 +876,8 @@ coff_pe_aarch64_relocate_section (bfd *output_bfd,
+          }
+ 
+        default:
+-         info->callbacks->einfo (_("%F%P: Unhandled relocation type %u\n"),
++         info->callbacks->fatal (_("%P: Unhandled relocation type %u\n"),
+                                  rel->r_type);
+-         BFD_FAIL ();
+-         return false;
+        }
+     }
+ 
+diff --git a/bfd/coffgen.c b/bfd/coffgen.c
+index cc1c6557..3270cd2f 100644
+--- a/bfd/coffgen.c
++++ b/bfd/coffgen.c
+@@ -2793,7 +2793,7 @@ _bfd_coff_section_already_linked (bfd *abfd,
+ 
+   /* This is the first section with this name.  Record it.  */
+   if (!bfd_section_already_linked_table_insert (already_linked_list, sec))
+-    info->callbacks->einfo (_("%F%P: already_linked_table: %E\n"));
++    info->callbacks->fatal (_("%P: already_linked_table: %E\n"));
+   return false;
+ }
+ 
+diff --git a/bfd/elf-ifunc.c b/bfd/elf-ifunc.c
+index 42a3bcdf..58a1ca5e 100644
+--- a/bfd/elf-ifunc.c
++++ b/bfd/elf-ifunc.c
+@@ -139,9 +139,9 @@ _bfd_elf_allocate_ifunc_dyn_relocs (struct bfd_link_info *info,
+          || info->export_dynamic)
+       && h->pointer_equality_needed)
+     {
+-      info->callbacks->einfo
++      info->callbacks->fatal
+        /* xgettext:c-format */
+-       (_("%F%P: dynamic STT_GNU_IFUNC symbol `%s' with pointer "
++       (_("%P: dynamic STT_GNU_IFUNC symbol `%s' with pointer "
+           "equality in `%pB' can not be used when making an "
+           "executable; recompile with -fPIE and relink with -pie\n"),
+         h->root.root.string,
+diff --git a/bfd/elf-m10300.c b/bfd/elf-m10300.c
+index 24ea43a7..cf6bb13b 100644
+--- a/bfd/elf-m10300.c
++++ b/bfd/elf-m10300.c
+@@ -2646,8 +2646,8 @@ mn10300_elf_relax_section (bfd *abfd,
+   bfd_vma align_gap_adjustment;
+ 
+   if (bfd_link_relocatable (link_info))
+-    (*link_info->callbacks->einfo)
+-      (_("%P%F: --relax and -r may not be used together\n"));
++    link_info->callbacks->fatal
++      (_("%P: --relax and -r may not be used together\n"));
+ 
+   /* Assume nothing changes.  */
+   *again = false;
+diff --git a/bfd/elf-properties.c b/bfd/elf-properties.c
+index ee8bd37f..a4591472 100644
+--- a/bfd/elf-properties.c
++++ b/bfd/elf-properties.c
+@@ -665,11 +665,11 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info)
+                                              | SEC_HAS_CONTENTS
+                                              | SEC_DATA));
+          if (sec == NULL)
+-           info->callbacks->einfo (_("%F%P: failed to create GNU property section\n"));
++           info->callbacks->fatal (_("%P: failed to create GNU property section\n"));
+ 
+          if (!bfd_set_section_alignment (sec,
+                                          elfclass == ELFCLASS64 ? 3 : 2))
+-           info->callbacks->einfo (_("%F%pA: failed to align section\n"),
++           info->callbacks->fatal (_("%pA: failed to align section\n"),
+                                    sec);
+ 
+          elf_section_type (sec) = SHT_NOTE;
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 8bffd3c5..8e4e1e7f 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -5188,8 +5188,8 @@ _bfd_elf_map_sections_to_segments (bfd *abfd,
+          && need_layout != NULL
+          && bed->size_relative_relocs
+          && !bed->size_relative_relocs (info, need_layout))
+-       info->callbacks->einfo
+-         (_("%F%P: failed to size relative relocations\n"));
++       info->callbacks->fatal
++         (_("%P: failed to size relative relocations\n"));
+     }
+ 
+   if (no_user_phdrs && bfd_count_sections (abfd) != 0)
+diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c
+index 4ad7c354..b4a822f1 100644
+--- a/bfd/elf32-arm.c
++++ b/bfd/elf32-arm.c
+@@ -5053,7 +5053,7 @@ arm_build_one_stub (struct bfd_hash_entry *gen_entry,
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+ 
+diff --git a/bfd/elf32-avr.c b/bfd/elf32-avr.c
+index 20e03bd7..912f7533 100644
+--- a/bfd/elf32-avr.c
++++ b/bfd/elf32-avr.c
+@@ -2484,8 +2484,8 @@ elf32_avr_relax_section (bfd *abfd,
+     shrinkable = false;
+ 
+   if (bfd_link_relocatable (link_info))
+-    (*link_info->callbacks->einfo)
+-      (_("%P%F: --relax and -r may not be used together\n"));
++    link_info->callbacks->fatal
++      (_("%P: --relax and -r may not be used together\n"));
+ 
+   htab = avr_link_hash_table (link_info);
+   if (htab == NULL)
+diff --git a/bfd/elf32-csky.c b/bfd/elf32-csky.c
+index 9479705d..edff65a9 100644
+--- a/bfd/elf32-csky.c
++++ b/bfd/elf32-csky.c
+@@ -3728,7 +3728,7 @@ csky_build_one_stub (struct bfd_hash_entry *gen_entry,
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+ 
+diff --git a/bfd/elf32-frv.c b/bfd/elf32-frv.c
+index 5b66b074..245db7c2 100644
+--- a/bfd/elf32-frv.c
++++ b/bfd/elf32-frv.c
+@@ -5617,8 +5617,8 @@ elf32_frvfdpic_relax_section (bfd *abfd ATTRIBUTE_UNUSED, asection *sec,
+   struct _frvfdpic_dynamic_got_plt_info gpinfo;
+ 
+   if (bfd_link_relocatable (info))
+-    (*info->callbacks->einfo)
+-      (_("%P%F: --relax and -r may not be used together\n"));
++    info->callbacks->fatal
++      (_("%P: --relax and -r may not be used together\n"));
+ 
+   /* If we return early, we didn't change anything.  */
+   *again = false;
+diff --git a/bfd/elf32-hppa.c b/bfd/elf32-hppa.c
+index c2a7ad98..f1e67a06 100644
+--- a/bfd/elf32-hppa.c
++++ b/bfd/elf32-hppa.c
+@@ -729,7 +729,7 @@ hppa_build_one_stub (struct bfd_hash_entry *bh, void *in_arg)
+         section.  The user should fix his linker script.  */
+       if (hsh->target_section->output_section == NULL
+          && info->non_contiguous_regions)
+-       info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output "
++       info->callbacks->fatal (_("%P: Could not assign `%pA' to an output "
+                                  "section. Retry without "
+                                  "--enable-non-contiguous-regions.\n"),
+                                hsh->target_section);
+@@ -758,7 +758,7 @@ hppa_build_one_stub (struct bfd_hash_entry *bh, void *in_arg)
+         section.  The user should fix his linker script.  */
+       if (hsh->target_section->output_section == NULL
+          && info->non_contiguous_regions)
+-       info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output "
++       info->callbacks->fatal (_("%P: Could not assign `%pA' to an output "
+                                  "section. Retry without "
+                                  "--enable-non-contiguous-regions.\n"),
+                                hsh->target_section);
+@@ -839,7 +839,7 @@ hppa_build_one_stub (struct bfd_hash_entry *bh, void *in_arg)
+         section.  The user should fix his linker script.  */
+       if (hsh->target_section->output_section == NULL
+          && info->non_contiguous_regions)
+-       info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output "
++       info->callbacks->fatal (_("%P: Could not assign `%pA' to an output "
+                                  "section. Retry without "
+                                  "--enable-non-contiguous-regions.\n"),
+                                hsh->target_section);
+diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
+index e2f88a11..1637e39f 100644
+--- a/bfd/elf32-i386.c
++++ b/bfd/elf32-i386.c
+@@ -4092,8 +4092,8 @@ elf_i386_finish_dynamic_sections (bfd *output_bfd,
+     {
+       if (bfd_is_abs_section (htab->elf.splt->output_section))
+        {
+-         info->callbacks->einfo
+-           (_("%F%P: discarded output section: `%pA'\n"),
++         info->callbacks->fatal
++           (_("%P: discarded output section: `%pA'\n"),
+             htab->elf.splt);
+          return false;
+        }
+diff --git a/bfd/elf32-m68hc11.c b/bfd/elf32-m68hc11.c
+index 5fc611f5..6f705718 100644
+--- a/bfd/elf32-m68hc11.c
++++ b/bfd/elf32-m68hc11.c
+@@ -419,7 +419,7 @@ m68hc11_elf_build_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+ 
+diff --git a/bfd/elf32-m68hc12.c b/bfd/elf32-m68hc12.c
+index 1be174c0..bdfb9ca5 100644
+--- a/bfd/elf32-m68hc12.c
++++ b/bfd/elf32-m68hc12.c
+@@ -539,7 +539,7 @@ m68hc12_elf_build_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+ 
+diff --git a/bfd/elf32-metag.c b/bfd/elf32-metag.c
+index de14dfe5..49f93cc7 100644
+--- a/bfd/elf32-metag.c
++++ b/bfd/elf32-metag.c
+@@ -3342,7 +3342,7 @@ metag_build_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+      section.  The user should fix his linker script.  */
+   if (hsh->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            hsh->target_section);
+ 
+diff --git a/bfd/elf32-spu.c b/bfd/elf32-spu.c
+index 881d4d8e..dd5d5fbe 100644
+--- a/bfd/elf32-spu.c
++++ b/bfd/elf32-spu.c
+@@ -4689,8 +4689,7 @@ spu_elf_auto_overlay (struct bfd_link_info *info)
+  file_err:
+   bfd_set_error (bfd_error_system_call);
+  err_exit:
+-  info->callbacks->einfo (_("%F%P: auto overlay error: %E\n"));
+-  xexit (1);
++  info->callbacks->fatal (_("%P: auto overlay error: %E\n"));
+ }
+ 
+ /* Provide an estimate of total stack required.  */
+@@ -4743,7 +4742,7 @@ spu_elf_final_link (bfd *output_bfd, struct bfd_link_info *info)
+     info->callbacks->einfo (_("%X%P: stack/lrlive analysis error: %E\n"));
+ 
+   if (!spu_elf_build_stubs (info))
+-    info->callbacks->einfo (_("%F%P: can not build overlay stubs: %E\n"));
++    info->callbacks->fatal (_("%P: can not build overlay stubs: %E\n"));
+ 
+   return bfd_elf_final_link (output_bfd, info);
+ }
+diff --git a/bfd/elf64-ia64-vms.c b/bfd/elf64-ia64-vms.c
+index 2f37e90c..b1eaaac0 100644
+--- a/bfd/elf64-ia64-vms.c
++++ b/bfd/elf64-ia64-vms.c
+@@ -361,8 +361,8 @@ elf64_ia64_relax_section (bfd *abfd, asection *sec,
+   *again = false;
+ 
+   if (bfd_link_relocatable (link_info))
+-    (*link_info->callbacks->einfo)
+-      (_("%P%F: --relax and -r may not be used together\n"));
++    link_info->callbacks->fatal
++      (_("%P: --relax and -r may not be used together\n"));
+ 
+   /* Don't even try to relax for non-ELF outputs.  */
+   if (!is_elf_hash_table (link_info->hash))
+diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
+index 720d6ac9..7b798732 100644
+--- a/bfd/elf64-ppc.c
++++ b/bfd/elf64-ppc.c
+@@ -12289,7 +12289,7 @@ ppc_size_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+   if (stub_entry->target_section != NULL
+       && stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+ 
+@@ -12297,7 +12297,7 @@ ppc_size_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+   if (stub_entry->group->stub_sec != NULL
+       && stub_entry->group->stub_sec->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->group->stub_sec);
+ 
+diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
+index c3fb375c..a22d57d7 100644
+--- a/bfd/elf64-x86-64.c
++++ b/bfd/elf64-x86-64.c
+@@ -3706,8 +3706,8 @@ elf_x86_64_relocate_section (bfd *output_bfd,
+                              || (roff - 3 + 22) > input_section->size)
+                            {
+                            corrupt_input:
+-                             info->callbacks->einfo
+-                               (_("%F%P: corrupt input: %pB\n"),
++                             info->callbacks->fatal
++                               (_("%P: corrupt input: %pB\n"),
+                                 input_bfd);
+                              return false;
+                            }
+@@ -4679,7 +4679,7 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
+       /* Check PC-relative offset overflow in PLT entry.  */
+       if ((plt_got_pcrel_offset + 0x80000000) > 0xffffffff)
+        /* xgettext:c-format */
+-       info->callbacks->einfo (_("%F%pB: PC-relative offset overflow in PLT entry for `%s'\n"),
++       info->callbacks->fatal (_("%pB: PC-relative offset overflow in PLT entry for `%s'\n"),
+                                output_bfd, h->root.root.string);
+ 
+       bfd_put_32 (output_bfd, plt_got_pcrel_offset,
+@@ -4752,7 +4752,7 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
+                 will overflow first.  */
+              if (plt0_offset > 0x80000000)
+                /* xgettext:c-format */
+-               info->callbacks->einfo (_("%F%pB: branch displacement overflow in PLT entry for `%s'\n"),
++               info->callbacks->fatal (_("%pB: branch displacement overflow in PLT entry for `%s'\n"),
+                                        output_bfd, h->root.root.string);
+              bfd_put_32 (output_bfd, - plt0_offset,
+                          (plt->contents + h->plt.offset
+@@ -4805,7 +4805,7 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
+       if ((got_after_plt && got_pcrel_offset < 0)
+          || (!got_after_plt && got_pcrel_offset > 0))
+        /* xgettext:c-format */
+-       info->callbacks->einfo (_("%F%pB: PC-relative offset overflow in GOT PLT entry for `%s'\n"),
++       info->callbacks->fatal (_("%pB: PC-relative offset overflow in GOT PLT entry for `%s'\n"),
+                                output_bfd, h->root.root.string);
+ 
+       bfd_put_32 (output_bfd, got_pcrel_offset,
+@@ -5092,8 +5092,8 @@ elf_x86_64_finish_dynamic_sections (bfd *output_bfd,
+     {
+       if (bfd_is_abs_section (htab->elf.splt->output_section))
+        {
+-         info->callbacks->einfo
+-           (_("%F%P: discarded output section: `%pA'\n"),
++         info->callbacks->fatal
++           (_("%P: discarded output section: `%pA'\n"),
+             htab->elf.splt);
+          return false;
+        }
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index 8af6898a..dba176cc 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -12891,8 +12891,8 @@ bfd_elf_final_link (bfd *abfd, struct bfd_link_info *info)
+   if (info->enable_dt_relr
+       && bed->finish_relative_relocs
+       && !bed->finish_relative_relocs (info))
+-    info->callbacks->einfo
+-      (_("%F%P: %pB: failed to finish relative relocations\n"), abfd);
++    info->callbacks->fatal
++      (_("%P: %pB: failed to finish relative relocations\n"), abfd);
+ 
+   /* Since ELF permits relocations to be against local symbols, we
+      must have the local symbols available when we do the relocations.
+@@ -14087,7 +14087,7 @@ _bfd_elf_gc_mark_extra_sections (struct bfd_link_info *info,
+          else if (strcmp (bfd_section_name (isec),
+                           "__patchable_function_entries") == 0
+                   && elf_linked_to_section (isec) == NULL)
+-             info->callbacks->einfo (_("%F%P: %pB(%pA): error: "
++             info->callbacks->fatal (_("%P: %pB(%pA): error: "
+                                        "need linked-to section "
+                                        "for --gc-sections\n"),
+                                      isec->owner, isec);
+@@ -15264,7 +15264,7 @@ _bfd_elf_section_already_linked (bfd *abfd,
+ 
+   /* This is the first section with this name.  Record it.  */
+   if (!bfd_section_already_linked_table_insert (already_linked_list, sec))
+-    info->callbacks->einfo (_("%F%P: already_linked_table: %E\n"));
++    info->callbacks->fatal (_("%P: already_linked_table: %E\n"));
+   return sec->output_section == bfd_abs_section_ptr;
+ }
+ 
+diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c
+index 109517db..0f454d23 100644
+--- a/bfd/elfnn-aarch64.c
++++ b/bfd/elfnn-aarch64.c
+@@ -3272,7 +3272,7 @@ aarch64_build_one_stub (struct bfd_hash_entry *gen_entry,
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
+                              "Retry without "
+                              "--enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+@@ -9008,9 +9008,9 @@ elfNN_aarch64_allocate_dynrelocs (struct elf_link_hash_entry *h, void *inf)
+        asection *s = p->sec->output_section;
+        if (s != NULL && (s->flags & SEC_READONLY) != 0)
+          {
+-           info->callbacks->einfo
++           info->callbacks->fatal
+                /* xgettext:c-format */
+-               (_ ("%F%P: %pB: copy relocation against non-copyable "
++               (_ ("%P: %pB: copy relocation against non-copyable "
+                    "protected symbol `%s'\n"),
+                 p->sec->owner, h->root.root.string);
+            return false;
+diff --git a/bfd/elfnn-ia64.c b/bfd/elfnn-ia64.c
+index 7081ba1b..41d9e6fe 100644
+--- a/bfd/elfnn-ia64.c
++++ b/bfd/elfnn-ia64.c
+@@ -361,8 +361,8 @@ elfNN_ia64_relax_section (bfd *abfd, asection *sec,
+   *again = false;
+ 
+   if (bfd_link_relocatable (link_info))
+-    (*link_info->callbacks->einfo)
+-      (_("%P%F: --relax and -r may not be used together\n"));
++    link_info->callbacks->fatal
++      (_("%P: --relax and -r may not be used together\n"));
+ 
+   /* Don't even try to relax for non-ELF outputs.  */
+   if (!is_elf_hash_table (link_info->hash))
+diff --git a/bfd/elfnn-kvx.c b/bfd/elfnn-kvx.c
+index ae5ed6bf..b752891b 100644
+--- a/bfd/elfnn-kvx.c
++++ b/bfd/elfnn-kvx.c
+@@ -927,7 +927,7 @@ kvx_build_one_stub (struct bfd_hash_entry *gen_entry,
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->einfo (_("%F%P: Could not assign '%pA' to an output section. "
++    info->callbacks->fatal (_("%P: Could not assign '%pA' to an output section. "
+                              "Retry without "
+                              "--enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+diff --git a/bfd/elfnn-loongarch.c b/bfd/elfnn-loongarch.c
+index a7daea67..a8c4226d 100644
+--- a/bfd/elfnn-loongarch.c
++++ b/bfd/elfnn-loongarch.c
+@@ -1445,9 +1445,9 @@ local_allocate_ifunc_dyn_relocs (struct bfd_link_info *info,
+          || info->export_dynamic)
+       && h->pointer_equality_needed)
+     {
+-      info->callbacks->einfo
++      info->callbacks->fatal
+        /* xgettext:c-format.  */
+-       (_("%F%P: dynamic STT_GNU_IFUNC symbol `%s' with pointer "
++       (_("%P: dynamic STT_GNU_IFUNC symbol `%s' with pointer "
+           "equality in `%pB' can not be used when making an "
+           "executable; recompile with -fPIE and relink with -pie\n"),
+         h->root.root.string,
+diff --git a/bfd/elfxx-aarch64.c b/bfd/elfxx-aarch64.c
+index d1279adc..161c8a52 100644
+--- a/bfd/elfxx-aarch64.c
++++ b/bfd/elfxx-aarch64.c
+@@ -754,12 +754,12 @@ _bfd_aarch64_elf_link_setup_gnu_properties (struct bfd_link_info *info,
+                                              | SEC_HAS_CONTENTS
+                                              | SEC_DATA));
+          if (sec == NULL)
+-           info->callbacks->einfo (
+-             _("%F%P: failed to create GNU property section\n"));
++           info->callbacks->fatal (
++             _("%P: failed to create GNU property section\n"));
+ 
+           align = (bfd_get_mach (ebfd) & bfd_mach_aarch64_ilp32) ? 2 : 3;
+          if (!bfd_set_section_alignment (sec, align))
+-           info->callbacks->einfo (_("%F%pA: failed to align section\n"),
++           info->callbacks->fatal (_("%pA: failed to align section\n"),
+                                    sec);
+ 
+          elf_section_type (sec) = SHT_NOTE;
+diff --git a/bfd/elfxx-sparc.c b/bfd/elfxx-sparc.c
+index 6f5062bb..95b1928d 100644
+--- a/bfd/elfxx-sparc.c
++++ b/bfd/elfxx-sparc.c
+@@ -2680,8 +2680,8 @@ _bfd_sparc_elf_relax_section (bfd *abfd ATTRIBUTE_UNUSED,
+                              bool *again)
+ {
+   if (bfd_link_relocatable (link_info))
+-    (*link_info->callbacks->einfo)
+-      (_("%P%F: --relax and -r may not be used together\n"));
++    link_info->callbacks->fatal
++      (_("%P: --relax and -r may not be used together\n"));
+ 
+   *again = false;
+   sec_do_relax (section) = 1;
+diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
+index 8c261cf8..606c8905 100644
+--- a/bfd/elfxx-x86.c
++++ b/bfd/elfxx-x86.c
+@@ -531,9 +531,9 @@ elf_x86_allocate_dynrelocs (struct elf_link_hash_entry *h, void *inf)
+          asection *s = p->sec->output_section;
+          if (s != NULL && (s->flags & SEC_READONLY) != 0)
+            {
+-             info->callbacks->einfo
++             info->callbacks->fatal
+                /* xgettext:c-format */
+-               (_("%F%P: %pB: copy relocation against non-copyable "
++               (_("%P: %pB: copy relocation against non-copyable "
+                   "protected symbol `%s' in %pB\n"),
+                 p->sec->owner, h->root.root.string,
+                 h->root.u.def.section->owner);
+@@ -1030,9 +1030,9 @@ elf_x86_relative_reloc_record_add
+ 
+   if (relative_reloc->data == NULL)
+     {
+-      info->callbacks->einfo
++      info->callbacks->fatal
+        /* xgettext:c-format */
+-       (_("%F%P: %pB: failed to allocate relative reloc record\n"),
++       (_("%P: %pB: failed to allocate relative reloc record\n"),
+         info->output_bfd);
+       return false;
+     }
+@@ -1388,9 +1388,9 @@ elf64_dt_relr_bitmap_add
+ 
+   if (bitmap->u.elf64 == NULL)
+     {
+-      info->callbacks->einfo
++      info->callbacks->fatal
+        /* xgettext:c-format */
+-       (_("%F%P: %pB: failed to allocate 64-bit DT_RELR bitmap\n"),
++       (_("%P: %pB: failed to allocate 64-bit DT_RELR bitmap\n"),
+         info->output_bfd);
+     }
+ 
+@@ -1424,9 +1424,9 @@ elf32_dt_relr_bitmap_add
+ 
+   if (bitmap->u.elf32 == NULL)
+     {
+-      info->callbacks->einfo
++      info->callbacks->fatal
+        /* xgettext:c-format */
+-       (_("%F%P: %pB: failed to allocate 32-bit DT_RELR bitmap\n"),
++       (_("%P: %pB: failed to allocate 32-bit DT_RELR bitmap\n"),
+         info->output_bfd);
+     }
+ 
+@@ -1750,9 +1750,9 @@ elf_x86_compute_dl_relr_bitmap
+          *need_layout = true;
+        }
+       else
+-       info->callbacks->einfo
++       info->callbacks->fatal
+          /* xgettext:c-format */
+-         (_("%F%P: %pB: size of compact relative reloc section is "
++         (_("%P: %pB: size of compact relative reloc section is "
+             "changed: new (%lu) != old (%lu)\n"),
+           info->output_bfd, htab->dt_relr_bitmap.count,
+           dt_relr_bitmap_count);
+@@ -1772,9 +1772,9 @@ elf_x86_write_dl_relr_bitmap (struct bfd_link_info *info,
+ 
+   contents = (unsigned char *) bfd_alloc (sec->owner, size);
+   if (contents == NULL)
+-    info->callbacks->einfo
++    info->callbacks->fatal
+       /* xgettext:c-format */
+-      (_("%F%P: %pB: failed to allocate compact relative reloc section\n"),
++      (_("%P: %pB: failed to allocate compact relative reloc section\n"),
+        info->output_bfd);
+ 
+   /* Cache the section contents for elf_link_input_bfd.  */
+@@ -2219,9 +2219,9 @@ _bfd_elf_x86_valid_reloc_p (asection *input_section,
+          else
+            name = bfd_elf_sym_name (input_section->owner, symtab_hdr,
+                                     sym, NULL);
+-         info->callbacks->einfo
++         info->callbacks->fatal
+            /* xgettext:c-format */
+-           (_("%F%P: %pB: relocation %s against absolute symbol "
++           (_("%P: %pB: relocation %s against absolute symbol "
+               "`%s' in section `%pA' is disallowed\n"),
+             input_section->owner, internal_reloc.howto->name, name,
+             input_section);
+@@ -3429,9 +3429,9 @@ _bfd_x86_elf_adjust_dynamic_symbol (struct bfd_link_info *info,
+            s = p->sec->output_section;
+            if (s != NULL && (s->flags & SEC_READONLY) != 0)
+              {
+-               info->callbacks->einfo
++               info->callbacks->fatal
+                  /* xgettext:c-format */
+-                 (_("%F%P: %pB: copy relocation against non-copyable "
++                 (_("%P: %pB: copy relocation against non-copyable "
+                     "protected symbol `%s' in %pB\n"),
+                   p->sec->owner, h->root.root.string,
+                   h->root.u.def.section->owner);
+@@ -4138,12 +4138,12 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                              | SEC_HAS_CONTENTS
+                                              | SEC_DATA));
+          if (sec == NULL)
+-           info->callbacks->einfo (_("%F%P: failed to create GNU property section\n"));
++           info->callbacks->fatal (_("%P: failed to create GNU property section\n"));
+ 
+          if (!bfd_set_section_alignment (sec, class_align))
+            {
+            error_alignment:
+-             info->callbacks->einfo (_("%F%pA: failed to align section\n"),
++             info->callbacks->fatal (_("%pA: failed to align section\n"),
+                                      sec);
+            }
+ 
+@@ -4404,7 +4404,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+       && !elf_vxworks_create_dynamic_sections (dynobj, info,
+                                               &htab->srelplt2))
+     {
+-      info->callbacks->einfo (_("%F%P: failed to create VxWorks dynamic sections\n"));
++      info->callbacks->fatal (_("%P: failed to create VxWorks dynamic sections\n"));
+       return pbfd;
+     }
+ 
+@@ -4413,7 +4413,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+      don't need to do it in check_relocs.  */
+   if (htab->elf.sgot == NULL
+       && !_bfd_elf_create_got_section (dynobj, info))
+-    info->callbacks->einfo (_("%F%P: failed to create GOT sections\n"));
++    info->callbacks->fatal (_("%P: failed to create GOT sections\n"));
+ 
+   got_align = (bed->target_id == X86_64_ELF_DATA) ? 3 : 2;
+ 
+@@ -4431,7 +4431,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+   /* Create the ifunc sections here so that check_relocs can be
+      simplified.  */
+   if (!_bfd_elf_create_ifunc_sections (dynobj, info))
+-    info->callbacks->einfo (_("%F%P: failed to create ifunc sections\n"));
++    info->callbacks->fatal (_("%P: failed to create ifunc sections\n"));
+ 
+   plt_alignment = bfd_log2 (htab->plt.plt_entry_size);
+ 
+@@ -4468,7 +4468,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                    ".plt.got",
+                                                    pltflags);
+          if (sec == NULL)
+-           info->callbacks->einfo (_("%F%P: failed to create GOT PLT section\n"));
++           info->callbacks->fatal (_("%P: failed to create GOT PLT section\n"));
+ 
+          if (!bfd_set_section_alignment (sec, non_lazy_plt_alignment))
+            goto error_alignment;
+@@ -4487,7 +4487,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                            ".plt.sec",
+                                                            pltflags);
+                  if (sec == NULL)
+-                   info->callbacks->einfo (_("%F%P: failed to create IBT-enabled PLT section\n"));
++                   info->callbacks->fatal (_("%P: failed to create IBT-enabled PLT section\n"));
+ 
+                  if (!bfd_set_section_alignment (sec, plt_alignment))
+                    goto error_alignment;
+@@ -4507,7 +4507,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                    ".eh_frame",
+                                                    flags);
+          if (sec == NULL)
+-           info->callbacks->einfo (_("%F%P: failed to create PLT .eh_frame section\n"));
++           info->callbacks->fatal (_("%P: failed to create PLT .eh_frame section\n"));
+ 
+          if (!bfd_set_section_alignment (sec, class_align))
+            goto error_alignment;
+@@ -4520,7 +4520,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                        ".eh_frame",
+                                                        flags);
+              if (sec == NULL)
+-               info->callbacks->einfo (_("%F%P: failed to create GOT PLT .eh_frame section\n"));
++               info->callbacks->fatal (_("%P: failed to create GOT PLT .eh_frame section\n"));
+ 
+              if (!bfd_set_section_alignment (sec, class_align))
+                goto error_alignment;
+@@ -4534,7 +4534,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                        ".eh_frame",
+                                                        flags);
+              if (sec == NULL)
+-               info->callbacks->einfo (_("%F%P: failed to create the second PLT .eh_frame section\n"));
++               info->callbacks->fatal (_("%P: failed to create the second PLT .eh_frame section\n"));
+ 
+              if (!bfd_set_section_alignment (sec, class_align))
+                goto error_alignment;
+@@ -4554,7 +4554,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                    ".sframe",
+                                                    flags);
+          if (sec == NULL)
+-           info->callbacks->einfo (_("%F%P: failed to create PLT .sframe section\n"));
++           info->callbacks->fatal (_("%P: failed to create PLT .sframe section\n"));
+ 
+          // FIXME check this
+          // if (!bfd_set_section_alignment (sec, class_align))
+@@ -4569,7 +4569,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                        ".sframe",
+                                                        flags);
+              if (sec == NULL)
+-               info->callbacks->einfo (_("%F%P: failed to create second PLT .sframe section\n"));
++               info->callbacks->fatal (_("%P: failed to create second PLT .sframe section\n"));
+ 
+              htab->plt_second_sframe = sec;
+            }
+diff --git a/bfd/linker.c b/bfd/linker.c
+index 0821db55..5b912221 100644
+--- a/bfd/linker.c
++++ b/bfd/linker.c
+@@ -2982,7 +2982,7 @@ _bfd_generic_section_already_linked (bfd *abfd ATTRIBUTE_UNUSED,
+ 
+   /* This is the first section with this name.  Record it.  */
+   if (!bfd_section_already_linked_table_insert (already_linked_list, sec))
+-    info->callbacks->einfo (_("%F%P: already_linked_table: %E\n"));
++    info->callbacks->fatal (_("%P: already_linked_table: %E\n"));
+   return false;
+ }
+ 
+diff --git a/bfd/reloc.c b/bfd/reloc.c
+index 7583b7fd..1fee86f1 100644
+--- a/bfd/reloc.c
++++ b/bfd/reloc.c
+@@ -8465,8 +8465,8 @@ bfd_generic_relax_section (bfd *abfd ATTRIBUTE_UNUSED,
+                           bool *again)
+ {
+   if (bfd_link_relocatable (link_info))
+-    (*link_info->callbacks->einfo)
+-      (_("%P%F: --relax and -r may not be used together\n"));
++    link_info->callbacks->fatal
++      (_("%P: --relax and -r may not be used together\n"));
+ 
+   *again = false;
+   return true;
+diff --git a/bfd/reloc16.c b/bfd/reloc16.c
+index ff5412dc..a16d6b20 100644
+--- a/bfd/reloc16.c
++++ b/bfd/reloc16.c
+@@ -151,8 +151,8 @@ bfd_coff_reloc16_relax_section (bfd *abfd,
+   long reloc_count;
+ 
+   if (bfd_link_relocatable (link_info))
+-    (*link_info->callbacks->einfo)
+-      (_("%P%F: --relax and -r may not be used together\n"));
++    link_info->callbacks->fatal
++      (_("%P: --relax and -r may not be used together\n"));
+ 
+   /* We only do global relaxation once.  It is not safe to do it multiple
+      times (see discussion of the "shrinks" array below).  */
+diff --git a/bfd/xcofflink.c b/bfd/xcofflink.c
+index 6ef9abcd..9b01cc37 100644
+--- a/bfd/xcofflink.c
++++ b/bfd/xcofflink.c
+@@ -4681,7 +4681,7 @@ xcoff_build_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+   if (hstub->target_section != NULL
+       && hstub->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->einfo (_("%F%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            hstub->target_section);
+ 
+diff --git a/include/bfdlink.h b/include/bfdlink.h
+index eac07d78..0d03fa70 100644
+--- a/include/bfdlink.h
++++ b/include/bfdlink.h
+@@ -868,6 +868,9 @@ struct bfd_link_callbacks
+     (struct bfd_link_info *, struct bfd_link_hash_entry *h,
+      struct bfd_link_hash_entry *inh,
+      bfd *abfd, asection *section, bfd_vma address, flagword flags);
++  /* Fatal error.  */
++  void (*fatal)
++    (const char *fmt, ...) ATTRIBUTE_NORETURN;
+   /* Error or warning link info message.  */
+   void (*einfo)
+     (const char *fmt, ...);
+diff --git a/ld/ldmain.c b/ld/ldmain.c
+index 878d9536..a61086c3 100644
+--- a/ld/ldmain.c
++++ b/ld/ldmain.c
+@@ -146,6 +146,7 @@ static struct bfd_link_callbacks link_callbacks =
+   reloc_dangerous,
+   unattached_reloc,
+   notice,
++  fatal,
+   einfo,
+   info_msg,
+   minfo,
+-- 
+2.43.0
+
diff --git a/meta/recipes-devtools/binutils/binutils/0021-CVE-2025-1153-3.patch b/meta/recipes-devtools/binutils/binutils/0021-CVE-2025-1153-3.patch
new file mode 100644
index 0000000000..8aef77d2f8
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0021-CVE-2025-1153-3.patch
@@ -0,0 +1,3756 @@
+From fe459e33c676883b5f28cc96c00e242973d906a9 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 24 Apr 2025 10:01:29 +0930
+Subject: [PATCH] PR 32603, revert message changes
+
+This puts back %F into translated fatal error messages
+(and reverts a few other small changes), to not disturb
+translation work
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fe459e33c676883b5f28cc96c00e242973d906a9]
+CVE: CVE-2025-1153
+
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ bfd/archive.c                 |  2 +-
+ bfd/coff-aarch64.c            |  2 +-
+ bfd/coffgen.c                 |  2 +-
+ bfd/elf-ifunc.c               |  2 +-
+ bfd/elf-m10300.c              |  2 +-
+ bfd/elf-properties.c          |  4 +-
+ bfd/elf.c                     |  2 +-
+ bfd/elf32-arm.c               |  2 +-
+ bfd/elf32-avr.c               |  2 +-
+ bfd/elf32-csky.c              |  2 +-
+ bfd/elf32-frv.c               |  2 +-
+ bfd/elf32-hppa.c              |  6 +--
+ bfd/elf32-i386.c              |  2 +-
+ bfd/elf32-m68hc11.c           |  2 +-
+ bfd/elf32-m68hc12.c           |  2 +-
+ bfd/elf32-metag.c             |  2 +-
+ bfd/elf32-spu.c               |  4 +-
+ bfd/elf64-ia64-vms.c          |  2 +-
+ bfd/elf64-ppc.c               |  4 +-
+ bfd/elf64-x86-64.c            | 10 ++---
+ bfd/elflink.c                 |  6 +--
+ bfd/elfnn-aarch64.c           |  4 +-
+ bfd/elfnn-ia64.c              |  2 +-
+ bfd/elfnn-kvx.c               |  2 +-
+ bfd/elfnn-loongarch.c         |  2 +-
+ bfd/elfxx-aarch64.c           |  4 +-
+ bfd/elfxx-sparc.c             |  2 +-
+ bfd/elfxx-x86.c               | 42 +++++++++---------
+ bfd/linker.c                  |  2 +-
+ bfd/reloc.c                   |  2 +-
+ bfd/reloc16.c                 |  2 +-
+ bfd/xcofflink.c               |  2 +-
+ ld/emulparams/call_nop.sh     |  6 +--
+ ld/emulparams/cet.sh          |  2 +-
+ ld/emulparams/elf32mcore.sh   |  2 +-
+ ld/emulparams/x86-64-lam.sh   |  6 +--
+ ld/emulparams/x86-64-level.sh |  2 +-
+ ld/emultempl/aarch64elf.em    |  6 +--
+ ld/emultempl/aix.em           | 41 +++++++++---------
+ ld/emultempl/armelf.em        | 10 ++---
+ ld/emultempl/avrelf.em        |  2 +-
+ ld/emultempl/beos.em          | 18 ++++----
+ ld/emultempl/cr16elf.em       |  4 +-
+ ld/emultempl/cskyelf.em       |  4 +-
+ ld/emultempl/elf.em           | 14 +++---
+ ld/emultempl/hppaelf.em       |  4 +-
+ ld/emultempl/kvxelf.em        |  4 +-
+ ld/emultempl/loongarchelf.em  |  2 +-
+ ld/emultempl/m68hc1xelf.em    |  2 +-
+ ld/emultempl/m68kelf.em       |  4 +-
+ ld/emultempl/metagelf.em      |  4 +-
+ ld/emultempl/mipself.em       |  2 +-
+ ld/emultempl/mmix-elfnmmo.em  |  2 +-
+ ld/emultempl/nds32elf.em      |  6 +--
+ ld/emultempl/nto.em           | 10 ++---
+ ld/emultempl/pe.em            | 20 ++++-----
+ ld/emultempl/pep.em           | 16 +++----
+ ld/emultempl/ppc32elf.em      |  4 +-
+ ld/emultempl/ppc64elf.em      | 10 ++---
+ ld/emultempl/riscvelf.em      |  2 +-
+ ld/emultempl/s390.em          |  2 +-
+ ld/emultempl/scoreelf.em      |  2 +-
+ ld/emultempl/spuelf.em        | 20 ++++-----
+ ld/emultempl/tic6xdsbt.em     |  6 +--
+ ld/emultempl/ticoff.em        |  2 +-
+ ld/emultempl/v850elf.em       |  2 +-
+ ld/emultempl/vms.em           |  2 +-
+ ld/emultempl/xtensaelf.em     | 12 ++---
+ ld/emultempl/z80.em           |  2 +-
+ ld/ldcref.c                   |  8 ++--
+ ld/ldelf.c                    | 30 ++++++-------
+ ld/ldelfgen.c                 | 14 +++---
+ ld/ldexp.c                    | 42 +++++++++---------
+ ld/ldfile.c                   | 14 +++---
+ ld/ldgram.y                   |  6 +--
+ ld/ldlang.c                   | 82 +++++++++++++++++------------------
+ ld/ldlex.l                    | 10 ++---
+ ld/ldmain.c                   | 44 +++++++++----------
+ ld/ldmisc.c                   |  6 +--
+ ld/ldwrite.c                  | 18 ++++----
+ ld/lexsup.c                   | 64 +++++++++++++--------------
+ ld/mri.c                      |  2 +-
+ ld/pe-dll.c                   | 12 ++---
+ ld/plugin.c                   | 27 ++++++------
+ 84 files changed, 384 insertions(+), 384 deletions(-)
+
+diff --git a/bfd/archive.c b/bfd/archive.c
+index 0f617276..0596a304 100644
+--- a/bfd/archive.c
++++ b/bfd/archive.c
+@@ -750,7 +750,7 @@ _bfd_get_elt_at_filepos (bfd *archive, file_ptr filepos,
+              if (info != NULL)
+                {
+                  info->callbacks->fatal
+-                   (_("%P: %pB(%s): error opening thin archive member: %E\n"),
++                   (_("%F%P: %pB(%s): error opening thin archive member: %E\n"),
+                     archive, filename);
+                  break;
+                }
+diff --git a/bfd/coff-aarch64.c b/bfd/coff-aarch64.c
+index 53f539e0..06007e6d 100644
+--- a/bfd/coff-aarch64.c
++++ b/bfd/coff-aarch64.c
+@@ -876,7 +876,7 @@ coff_pe_aarch64_relocate_section (bfd *output_bfd,
+          }
+ 
+        default:
+-         info->callbacks->fatal (_("%P: Unhandled relocation type %u\n"),
++         info->callbacks->fatal (_("%F%P: Unhandled relocation type %u\n"),
+                                  rel->r_type);
+        }
+     }
+diff --git a/bfd/coffgen.c b/bfd/coffgen.c
+index 3270cd2f..5e24210d 100644
+--- a/bfd/coffgen.c
++++ b/bfd/coffgen.c
+@@ -2793,7 +2793,7 @@ _bfd_coff_section_already_linked (bfd *abfd,
+ 
+   /* This is the first section with this name.  Record it.  */
+   if (!bfd_section_already_linked_table_insert (already_linked_list, sec))
+-    info->callbacks->fatal (_("%P: already_linked_table: %E\n"));
++    info->callbacks->fatal (_("%F%P: already_linked_table: %E\n"));
+   return false;
+ }
+ 
+diff --git a/bfd/elf-ifunc.c b/bfd/elf-ifunc.c
+index 58a1ca5e..cb623563 100644
+--- a/bfd/elf-ifunc.c
++++ b/bfd/elf-ifunc.c
+@@ -141,7 +141,7 @@ _bfd_elf_allocate_ifunc_dyn_relocs (struct bfd_link_info *info,
+     {
+       info->callbacks->fatal
+        /* xgettext:c-format */
+-       (_("%P: dynamic STT_GNU_IFUNC symbol `%s' with pointer "
++       (_("%F%P: dynamic STT_GNU_IFUNC symbol `%s' with pointer "
+           "equality in `%pB' can not be used when making an "
+           "executable; recompile with -fPIE and relink with -pie\n"),
+         h->root.root.string,
+diff --git a/bfd/elf-m10300.c b/bfd/elf-m10300.c
+index cf6bb13b..129485fa 100644
+--- a/bfd/elf-m10300.c
++++ b/bfd/elf-m10300.c
+@@ -2647,7 +2647,7 @@ mn10300_elf_relax_section (bfd *abfd,
+ 
+   if (bfd_link_relocatable (link_info))
+     link_info->callbacks->fatal
+-      (_("%P: --relax and -r may not be used together\n"));
++      (_("%P%F: --relax and -r may not be used together\n"));
+ 
+   /* Assume nothing changes.  */
+   *again = false;
+diff --git a/bfd/elf-properties.c b/bfd/elf-properties.c
+index a4591472..2e8cc8af 100644
+--- a/bfd/elf-properties.c
++++ b/bfd/elf-properties.c
+@@ -665,11 +665,11 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info)
+                                              | SEC_HAS_CONTENTS
+                                              | SEC_DATA));
+          if (sec == NULL)
+-           info->callbacks->fatal (_("%P: failed to create GNU property section\n"));
++           info->callbacks->fatal (_("%F%P: failed to create GNU property section\n"));
+ 
+          if (!bfd_set_section_alignment (sec,
+                                          elfclass == ELFCLASS64 ? 3 : 2))
+-           info->callbacks->fatal (_("%pA: failed to align section\n"),
++           info->callbacks->fatal (_("%F%pA: failed to align section\n"),
+                                    sec);
+ 
+          elf_section_type (sec) = SHT_NOTE;
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 8e4e1e7f..883aef5e 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -5189,7 +5189,7 @@ _bfd_elf_map_sections_to_segments (bfd *abfd,
+          && bed->size_relative_relocs
+          && !bed->size_relative_relocs (info, need_layout))
+        info->callbacks->fatal
+-         (_("%P: failed to size relative relocations\n"));
++         (_("%F%P: failed to size relative relocations\n"));
+     }
+ 
+   if (no_user_phdrs && bfd_count_sections (abfd) != 0)
+diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c
+index b4a822f1..bb413bb9 100644
+--- a/bfd/elf32-arm.c
++++ b/bfd/elf32-arm.c
+@@ -5053,7 +5053,7 @@ arm_build_one_stub (struct bfd_hash_entry *gen_entry,
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+ 
+diff --git a/bfd/elf32-avr.c b/bfd/elf32-avr.c
+index 912f7533..fd9f18dd 100644
+--- a/bfd/elf32-avr.c
++++ b/bfd/elf32-avr.c
+@@ -2485,7 +2485,7 @@ elf32_avr_relax_section (bfd *abfd,
+ 
+   if (bfd_link_relocatable (link_info))
+     link_info->callbacks->fatal
+-      (_("%P: --relax and -r may not be used together\n"));
++      (_("%P%F: --relax and -r may not be used together\n"));
+ 
+   htab = avr_link_hash_table (link_info);
+   if (htab == NULL)
+diff --git a/bfd/elf32-csky.c b/bfd/elf32-csky.c
+index edff65a9..3ec0622e 100644
+--- a/bfd/elf32-csky.c
++++ b/bfd/elf32-csky.c
+@@ -3728,7 +3728,7 @@ csky_build_one_stub (struct bfd_hash_entry *gen_entry,
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+ 
+diff --git a/bfd/elf32-frv.c b/bfd/elf32-frv.c
+index 245db7c2..cac2663e 100644
+--- a/bfd/elf32-frv.c
++++ b/bfd/elf32-frv.c
+@@ -5618,7 +5618,7 @@ elf32_frvfdpic_relax_section (bfd *abfd ATTRIBUTE_UNUSED, asection *sec,
+ 
+   if (bfd_link_relocatable (info))
+     info->callbacks->fatal
+-      (_("%P: --relax and -r may not be used together\n"));
++      (_("%P%F: --relax and -r may not be used together\n"));
+ 
+   /* If we return early, we didn't change anything.  */
+   *again = false;
+diff --git a/bfd/elf32-hppa.c b/bfd/elf32-hppa.c
+index f1e67a06..0d0682de 100644
+--- a/bfd/elf32-hppa.c
++++ b/bfd/elf32-hppa.c
+@@ -729,7 +729,7 @@ hppa_build_one_stub (struct bfd_hash_entry *bh, void *in_arg)
+         section.  The user should fix his linker script.  */
+       if (hsh->target_section->output_section == NULL
+          && info->non_contiguous_regions)
+-       info->callbacks->fatal (_("%P: Could not assign `%pA' to an output "
++       info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output "
+                                  "section. Retry without "
+                                  "--enable-non-contiguous-regions.\n"),
+                                hsh->target_section);
+@@ -758,7 +758,7 @@ hppa_build_one_stub (struct bfd_hash_entry *bh, void *in_arg)
+         section.  The user should fix his linker script.  */
+       if (hsh->target_section->output_section == NULL
+          && info->non_contiguous_regions)
+-       info->callbacks->fatal (_("%P: Could not assign `%pA' to an output "
++       info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output "
+                                  "section. Retry without "
+                                  "--enable-non-contiguous-regions.\n"),
+                                hsh->target_section);
+@@ -839,7 +839,7 @@ hppa_build_one_stub (struct bfd_hash_entry *bh, void *in_arg)
+         section.  The user should fix his linker script.  */
+       if (hsh->target_section->output_section == NULL
+          && info->non_contiguous_regions)
+-       info->callbacks->fatal (_("%P: Could not assign `%pA' to an output "
++       info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output "
+                                  "section. Retry without "
+                                  "--enable-non-contiguous-regions.\n"),
+                                hsh->target_section);
+diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
+index 1637e39f..42b96134 100644
+--- a/bfd/elf32-i386.c
++++ b/bfd/elf32-i386.c
+@@ -4093,7 +4093,7 @@ elf_i386_finish_dynamic_sections (bfd *output_bfd,
+       if (bfd_is_abs_section (htab->elf.splt->output_section))
+        {
+          info->callbacks->fatal
+-           (_("%P: discarded output section: `%pA'\n"),
++           (_("%F%P: discarded output section: `%pA'\n"),
+             htab->elf.splt);
+          return false;
+        }
+diff --git a/bfd/elf32-m68hc11.c b/bfd/elf32-m68hc11.c
+index 6f705718..4b127ac7 100644
+--- a/bfd/elf32-m68hc11.c
++++ b/bfd/elf32-m68hc11.c
+@@ -419,7 +419,7 @@ m68hc11_elf_build_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+ 
+diff --git a/bfd/elf32-m68hc12.c b/bfd/elf32-m68hc12.c
+index bdfb9ca5..9a2f4638 100644
+--- a/bfd/elf32-m68hc12.c
++++ b/bfd/elf32-m68hc12.c
+@@ -539,7 +539,7 @@ m68hc12_elf_build_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+ 
+diff --git a/bfd/elf32-metag.c b/bfd/elf32-metag.c
+index 49f93cc7..94be520e 100644
+--- a/bfd/elf32-metag.c
++++ b/bfd/elf32-metag.c
+@@ -3342,7 +3342,7 @@ metag_build_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+      section.  The user should fix his linker script.  */
+   if (hsh->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            hsh->target_section);
+ 
+diff --git a/bfd/elf32-spu.c b/bfd/elf32-spu.c
+index dd5d5fbe..c535b1f1 100644
+--- a/bfd/elf32-spu.c
++++ b/bfd/elf32-spu.c
+@@ -4689,7 +4689,7 @@ spu_elf_auto_overlay (struct bfd_link_info *info)
+  file_err:
+   bfd_set_error (bfd_error_system_call);
+  err_exit:
+-  info->callbacks->fatal (_("%P: auto overlay error: %E\n"));
++  info->callbacks->fatal (_("%F%P: auto overlay error: %E\n"));
+ }
+ 
+ /* Provide an estimate of total stack required.  */
+@@ -4742,7 +4742,7 @@ spu_elf_final_link (bfd *output_bfd, struct bfd_link_info *info)
+     info->callbacks->einfo (_("%X%P: stack/lrlive analysis error: %E\n"));
+ 
+   if (!spu_elf_build_stubs (info))
+-    info->callbacks->fatal (_("%P: can not build overlay stubs: %E\n"));
++    info->callbacks->fatal (_("%F%P: can not build overlay stubs: %E\n"));
+ 
+   return bfd_elf_final_link (output_bfd, info);
+ }
+diff --git a/bfd/elf64-ia64-vms.c b/bfd/elf64-ia64-vms.c
+index b1eaaac0..3c29e0d6 100644
+--- a/bfd/elf64-ia64-vms.c
++++ b/bfd/elf64-ia64-vms.c
+@@ -362,7 +362,7 @@ elf64_ia64_relax_section (bfd *abfd, asection *sec,
+ 
+   if (bfd_link_relocatable (link_info))
+     link_info->callbacks->fatal
+-      (_("%P: --relax and -r may not be used together\n"));
++      (_("%P%F: --relax and -r may not be used together\n"));
+ 
+   /* Don't even try to relax for non-ELF outputs.  */
+   if (!is_elf_hash_table (link_info->hash))
+diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
+index 7b798732..68d681a5 100644
+--- a/bfd/elf64-ppc.c
++++ b/bfd/elf64-ppc.c
+@@ -12289,7 +12289,7 @@ ppc_size_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+   if (stub_entry->target_section != NULL
+       && stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+ 
+@@ -12297,7 +12297,7 @@ ppc_size_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+   if (stub_entry->group->stub_sec != NULL
+       && stub_entry->group->stub_sec->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            stub_entry->group->stub_sec);
+ 
+diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
+index a22d57d7..41341cd8 100644
+--- a/bfd/elf64-x86-64.c
++++ b/bfd/elf64-x86-64.c
+@@ -3707,7 +3707,7 @@ elf_x86_64_relocate_section (bfd *output_bfd,
+                            {
+                            corrupt_input:
+                              info->callbacks->fatal
+-                               (_("%P: corrupt input: %pB\n"),
++                               (_("%F%P: corrupt input: %pB\n"),
+                                 input_bfd);
+                              return false;
+                            }
+@@ -4679,7 +4679,7 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
+       /* Check PC-relative offset overflow in PLT entry.  */
+       if ((plt_got_pcrel_offset + 0x80000000) > 0xffffffff)
+        /* xgettext:c-format */
+-       info->callbacks->fatal (_("%pB: PC-relative offset overflow in PLT entry for `%s'\n"),
++       info->callbacks->fatal (_("%F%pB: PC-relative offset overflow in PLT entry for `%s'\n"),
+                                output_bfd, h->root.root.string);
+ 
+       bfd_put_32 (output_bfd, plt_got_pcrel_offset,
+@@ -4752,7 +4752,7 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
+                 will overflow first.  */
+              if (plt0_offset > 0x80000000)
+                /* xgettext:c-format */
+-               info->callbacks->fatal (_("%pB: branch displacement overflow in PLT entry for `%s'\n"),
++               info->callbacks->fatal (_("%F%pB: branch displacement overflow in PLT entry for `%s'\n"),
+                                        output_bfd, h->root.root.string);
+              bfd_put_32 (output_bfd, - plt0_offset,
+                          (plt->contents + h->plt.offset
+@@ -4805,7 +4805,7 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
+       if ((got_after_plt && got_pcrel_offset < 0)
+          || (!got_after_plt && got_pcrel_offset > 0))
+        /* xgettext:c-format */
+-       info->callbacks->fatal (_("%pB: PC-relative offset overflow in GOT PLT entry for `%s'\n"),
++       info->callbacks->fatal (_("%F%pB: PC-relative offset overflow in GOT PLT entry for `%s'\n"),
+                                output_bfd, h->root.root.string);
+ 
+       bfd_put_32 (output_bfd, got_pcrel_offset,
+@@ -5093,7 +5093,7 @@ elf_x86_64_finish_dynamic_sections (bfd *output_bfd,
+       if (bfd_is_abs_section (htab->elf.splt->output_section))
+        {
+          info->callbacks->fatal
+-           (_("%P: discarded output section: `%pA'\n"),
++           (_("%F%P: discarded output section: `%pA'\n"),
+             htab->elf.splt);
+          return false;
+        }
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index dba176cc..0c3ea0a3 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -12892,7 +12892,7 @@ bfd_elf_final_link (bfd *abfd, struct bfd_link_info *info)
+       && bed->finish_relative_relocs
+       && !bed->finish_relative_relocs (info))
+     info->callbacks->fatal
+-      (_("%P: %pB: failed to finish relative relocations\n"), abfd);
++      (_("%F%P: %pB: failed to finish relative relocations\n"), abfd);
+ 
+   /* Since ELF permits relocations to be against local symbols, we
+      must have the local symbols available when we do the relocations.
+@@ -14087,7 +14087,7 @@ _bfd_elf_gc_mark_extra_sections (struct bfd_link_info *info,
+          else if (strcmp (bfd_section_name (isec),
+                           "__patchable_function_entries") == 0
+                   && elf_linked_to_section (isec) == NULL)
+-             info->callbacks->fatal (_("%P: %pB(%pA): error: "
++             info->callbacks->fatal (_("%F%P: %pB(%pA): error: "
+                                        "need linked-to section "
+                                        "for --gc-sections\n"),
+                                      isec->owner, isec);
+@@ -15264,7 +15264,7 @@ _bfd_elf_section_already_linked (bfd *abfd,
+ 
+   /* This is the first section with this name.  Record it.  */
+   if (!bfd_section_already_linked_table_insert (already_linked_list, sec))
+-    info->callbacks->fatal (_("%P: already_linked_table: %E\n"));
++    info->callbacks->fatal (_("%F%P: already_linked_table: %E\n"));
+   return sec->output_section == bfd_abs_section_ptr;
+ }
+ 
+diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c
+index 0f454d23..d7a85ef0 100644
+--- a/bfd/elfnn-aarch64.c
++++ b/bfd/elfnn-aarch64.c
+@@ -3272,7 +3272,7 @@ aarch64_build_one_stub (struct bfd_hash_entry *gen_entry,
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output section. "
+                              "Retry without "
+                              "--enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+@@ -9010,7 +9010,7 @@ elfNN_aarch64_allocate_dynrelocs (struct elf_link_hash_entry *h, void *inf)
+          {
+            info->callbacks->fatal
+                /* xgettext:c-format */
+-               (_ ("%P: %pB: copy relocation against non-copyable "
++               (_ ("%F%P: %pB: copy relocation against non-copyable "
+                    "protected symbol `%s'\n"),
+                 p->sec->owner, h->root.root.string);
+            return false;
+diff --git a/bfd/elfnn-ia64.c b/bfd/elfnn-ia64.c
+index 41d9e6fe..8d576c81 100644
+--- a/bfd/elfnn-ia64.c
++++ b/bfd/elfnn-ia64.c
+@@ -362,7 +362,7 @@ elfNN_ia64_relax_section (bfd *abfd, asection *sec,
+ 
+   if (bfd_link_relocatable (link_info))
+     link_info->callbacks->fatal
+-      (_("%P: --relax and -r may not be used together\n"));
++      (_("%P%F: --relax and -r may not be used together\n"));
+ 
+   /* Don't even try to relax for non-ELF outputs.  */
+   if (!is_elf_hash_table (link_info->hash))
+diff --git a/bfd/elfnn-kvx.c b/bfd/elfnn-kvx.c
+index b752891b..9bbbc929 100644
+--- a/bfd/elfnn-kvx.c
++++ b/bfd/elfnn-kvx.c
+@@ -927,7 +927,7 @@ kvx_build_one_stub (struct bfd_hash_entry *gen_entry,
+      section.  The user should fix his linker script.  */
+   if (stub_entry->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->fatal (_("%P: Could not assign '%pA' to an output section. "
++    info->callbacks->fatal (_("%F%P: Could not assign '%pA' to an output section. "
+                              "Retry without "
+                              "--enable-non-contiguous-regions.\n"),
+                            stub_entry->target_section);
+diff --git a/bfd/elfnn-loongarch.c b/bfd/elfnn-loongarch.c
+index a8c4226d..12ee56a9 100644
+--- a/bfd/elfnn-loongarch.c
++++ b/bfd/elfnn-loongarch.c
+@@ -1447,7 +1447,7 @@ local_allocate_ifunc_dyn_relocs (struct bfd_link_info *info,
+     {
+       info->callbacks->fatal
+        /* xgettext:c-format.  */
+-       (_("%P: dynamic STT_GNU_IFUNC symbol `%s' with pointer "
++       (_("%F%P: dynamic STT_GNU_IFUNC symbol `%s' with pointer "
+           "equality in `%pB' can not be used when making an "
+           "executable; recompile with -fPIE and relink with -pie\n"),
+         h->root.root.string,
+diff --git a/bfd/elfxx-aarch64.c b/bfd/elfxx-aarch64.c
+index 161c8a52..2aa7dd54 100644
+--- a/bfd/elfxx-aarch64.c
++++ b/bfd/elfxx-aarch64.c
+@@ -755,11 +755,11 @@ _bfd_aarch64_elf_link_setup_gnu_properties (struct bfd_link_info *info,
+                                              | SEC_DATA));
+          if (sec == NULL)
+            info->callbacks->fatal (
+-             _("%P: failed to create GNU property section\n"));
++             _("%F%P: failed to create GNU property section\n"));
+ 
+           align = (bfd_get_mach (ebfd) & bfd_mach_aarch64_ilp32) ? 2 : 3;
+          if (!bfd_set_section_alignment (sec, align))
+-           info->callbacks->fatal (_("%pA: failed to align section\n"),
++           info->callbacks->fatal (_("%F%pA: failed to align section\n"),
+                                    sec);
+ 
+          elf_section_type (sec) = SHT_NOTE;
+diff --git a/bfd/elfxx-sparc.c b/bfd/elfxx-sparc.c
+index 95b1928d..76057d3b 100644
+--- a/bfd/elfxx-sparc.c
++++ b/bfd/elfxx-sparc.c
+@@ -2681,7 +2681,7 @@ _bfd_sparc_elf_relax_section (bfd *abfd ATTRIBUTE_UNUSED,
+ {
+   if (bfd_link_relocatable (link_info))
+     link_info->callbacks->fatal
+-      (_("%P: --relax and -r may not be used together\n"));
++      (_("%P%F: --relax and -r may not be used together\n"));
+ 
+   *again = false;
+   sec_do_relax (section) = 1;
+diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
+index 606c8905..803d6a54 100644
+--- a/bfd/elfxx-x86.c
++++ b/bfd/elfxx-x86.c
+@@ -533,7 +533,7 @@ elf_x86_allocate_dynrelocs (struct elf_link_hash_entry *h, void *inf)
+            {
+              info->callbacks->fatal
+                /* xgettext:c-format */
+-               (_("%P: %pB: copy relocation against non-copyable "
++               (_("%F%P: %pB: copy relocation against non-copyable "
+                   "protected symbol `%s' in %pB\n"),
+                 p->sec->owner, h->root.root.string,
+                 h->root.u.def.section->owner);
+@@ -1032,7 +1032,7 @@ elf_x86_relative_reloc_record_add
+     {
+       info->callbacks->fatal
+        /* xgettext:c-format */
+-       (_("%P: %pB: failed to allocate relative reloc record\n"),
++       (_("%F%P: %pB: failed to allocate relative reloc record\n"),
+         info->output_bfd);
+       return false;
+     }
+@@ -1390,7 +1390,7 @@ elf64_dt_relr_bitmap_add
+     {
+       info->callbacks->fatal
+        /* xgettext:c-format */
+-       (_("%P: %pB: failed to allocate 64-bit DT_RELR bitmap\n"),
++       (_("%F%P: %pB: failed to allocate 64-bit DT_RELR bitmap\n"),
+         info->output_bfd);
+     }
+ 
+@@ -1426,7 +1426,7 @@ elf32_dt_relr_bitmap_add
+     {
+       info->callbacks->fatal
+        /* xgettext:c-format */
+-       (_("%P: %pB: failed to allocate 32-bit DT_RELR bitmap\n"),
++       (_("%F%P: %pB: failed to allocate 32-bit DT_RELR bitmap\n"),
+         info->output_bfd);
+     }
+ 
+@@ -1563,7 +1563,7 @@ elf_x86_size_or_finish_relative_reloc
+                          if (!bfd_malloc_and_get_section (sec->owner,
+                                                           sec,
+                                                           &contents))
+-                           info->callbacks->einfo
++                           info->callbacks->fatal
+                              /* xgettext:c-format */
+                              (_("%F%P: %pB: failed to allocate memory for section `%pA'\n"),
+                               info->output_bfd, sec);
+@@ -1752,7 +1752,7 @@ elf_x86_compute_dl_relr_bitmap
+       else
+        info->callbacks->fatal
+          /* xgettext:c-format */
+-         (_("%P: %pB: size of compact relative reloc section is "
++         (_("%F%P: %pB: size of compact relative reloc section is "
+             "changed: new (%lu) != old (%lu)\n"),
+           info->output_bfd, htab->dt_relr_bitmap.count,
+           dt_relr_bitmap_count);
+@@ -1774,7 +1774,7 @@ elf_x86_write_dl_relr_bitmap (struct bfd_link_info *info,
+   if (contents == NULL)
+     info->callbacks->fatal
+       /* xgettext:c-format */
+-      (_("%P: %pB: failed to allocate compact relative reloc section\n"),
++      (_("%F%P: %pB: failed to allocate compact relative reloc section\n"),
+        info->output_bfd);
+ 
+   /* Cache the section contents for elf_link_input_bfd.  */
+@@ -2221,7 +2221,7 @@ _bfd_elf_x86_valid_reloc_p (asection *input_section,
+                                     sym, NULL);
+          info->callbacks->fatal
+            /* xgettext:c-format */
+-           (_("%P: %pB: relocation %s against absolute symbol "
++           (_("%F%P: %pB: relocation %s against absolute symbol "
+               "`%s' in section `%pA' is disallowed\n"),
+             input_section->owner, internal_reloc.howto->name, name,
+             input_section);
+@@ -3431,7 +3431,7 @@ _bfd_x86_elf_adjust_dynamic_symbol (struct bfd_link_info *info,
+              {
+                info->callbacks->fatal
+                  /* xgettext:c-format */
+-                 (_("%P: %pB: copy relocation against non-copyable "
++                 (_("%F%P: %pB: copy relocation against non-copyable "
+                     "protected symbol `%s' in %pB\n"),
+                   p->sec->owner, h->root.root.string,
+                   h->root.u.def.section->owner);
+@@ -4138,12 +4138,12 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                              | SEC_HAS_CONTENTS
+                                              | SEC_DATA));
+          if (sec == NULL)
+-           info->callbacks->fatal (_("%P: failed to create GNU property section\n"));
++           info->callbacks->fatal (_("%F%P: failed to create GNU property section\n"));
+ 
+          if (!bfd_set_section_alignment (sec, class_align))
+            {
+            error_alignment:
+-             info->callbacks->fatal (_("%pA: failed to align section\n"),
++             info->callbacks->fatal (_("%F%pA: failed to align section\n"),
+                                      sec);
+            }
+ 
+@@ -4404,7 +4404,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+       && !elf_vxworks_create_dynamic_sections (dynobj, info,
+                                               &htab->srelplt2))
+     {
+-      info->callbacks->fatal (_("%P: failed to create VxWorks dynamic sections\n"));
++      info->callbacks->fatal (_("%F%P: failed to create VxWorks dynamic sections\n"));
+       return pbfd;
+     }
+ 
+@@ -4413,7 +4413,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+      don't need to do it in check_relocs.  */
+   if (htab->elf.sgot == NULL
+       && !_bfd_elf_create_got_section (dynobj, info))
+-    info->callbacks->fatal (_("%P: failed to create GOT sections\n"));
++    info->callbacks->fatal (_("%F%P: failed to create GOT sections\n"));
+ 
+   got_align = (bed->target_id == X86_64_ELF_DATA) ? 3 : 2;
+ 
+@@ -4431,7 +4431,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+   /* Create the ifunc sections here so that check_relocs can be
+      simplified.  */
+   if (!_bfd_elf_create_ifunc_sections (dynobj, info))
+-    info->callbacks->fatal (_("%P: failed to create ifunc sections\n"));
++    info->callbacks->fatal (_("%F%P: failed to create ifunc sections\n"));
+ 
+   plt_alignment = bfd_log2 (htab->plt.plt_entry_size);
+ 
+@@ -4468,7 +4468,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                    ".plt.got",
+                                                    pltflags);
+          if (sec == NULL)
+-           info->callbacks->fatal (_("%P: failed to create GOT PLT section\n"));
++           info->callbacks->fatal (_("%F%P: failed to create GOT PLT section\n"));
+ 
+          if (!bfd_set_section_alignment (sec, non_lazy_plt_alignment))
+            goto error_alignment;
+@@ -4487,7 +4487,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                            ".plt.sec",
+                                                            pltflags);
+                  if (sec == NULL)
+-                   info->callbacks->fatal (_("%P: failed to create IBT-enabled PLT section\n"));
++                   info->callbacks->fatal (_("%F%P: failed to create IBT-enabled PLT section\n"));
+ 
+                  if (!bfd_set_section_alignment (sec, plt_alignment))
+                    goto error_alignment;
+@@ -4507,7 +4507,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                    ".eh_frame",
+                                                    flags);
+          if (sec == NULL)
+-           info->callbacks->fatal (_("%P: failed to create PLT .eh_frame section\n"));
++           info->callbacks->fatal (_("%F%P: failed to create PLT .eh_frame section\n"));
+ 
+          if (!bfd_set_section_alignment (sec, class_align))
+            goto error_alignment;
+@@ -4520,7 +4520,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                        ".eh_frame",
+                                                        flags);
+              if (sec == NULL)
+-               info->callbacks->fatal (_("%P: failed to create GOT PLT .eh_frame section\n"));
++               info->callbacks->fatal (_("%F%P: failed to create GOT PLT .eh_frame section\n"));
+ 
+              if (!bfd_set_section_alignment (sec, class_align))
+                goto error_alignment;
+@@ -4534,7 +4534,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                        ".eh_frame",
+                                                        flags);
+              if (sec == NULL)
+-               info->callbacks->fatal (_("%P: failed to create the second PLT .eh_frame section\n"));
++               info->callbacks->fatal (_("%F%P: failed to create the second PLT .eh_frame section\n"));
+ 
+              if (!bfd_set_section_alignment (sec, class_align))
+                goto error_alignment;
+@@ -4554,7 +4554,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                    ".sframe",
+                                                    flags);
+          if (sec == NULL)
+-           info->callbacks->fatal (_("%P: failed to create PLT .sframe section\n"));
++           info->callbacks->fatal (_("%F%P: failed to create PLT .sframe section\n"));
+ 
+          // FIXME check this
+          // if (!bfd_set_section_alignment (sec, class_align))
+@@ -4569,7 +4569,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+                                                        ".sframe",
+                                                        flags);
+              if (sec == NULL)
+-               info->callbacks->fatal (_("%P: failed to create second PLT .sframe section\n"));
++               info->callbacks->fatal (_("%F%P: failed to create second PLT .sframe section\n"));
+ 
+              htab->plt_second_sframe = sec;
+            }
+diff --git a/bfd/linker.c b/bfd/linker.c
+index 5b912221..7940e587 100644
+--- a/bfd/linker.c
++++ b/bfd/linker.c
+@@ -2982,7 +2982,7 @@ _bfd_generic_section_already_linked (bfd *abfd ATTRIBUTE_UNUSED,
+ 
+   /* This is the first section with this name.  Record it.  */
+   if (!bfd_section_already_linked_table_insert (already_linked_list, sec))
+-    info->callbacks->fatal (_("%P: already_linked_table: %E\n"));
++    info->callbacks->fatal (_("%F%P: already_linked_table: %E\n"));
+   return false;
+ }
+ 
+diff --git a/bfd/reloc.c b/bfd/reloc.c
+index 1fee86f1..433f8e74 100644
+--- a/bfd/reloc.c
++++ b/bfd/reloc.c
+@@ -8466,7 +8466,7 @@ bfd_generic_relax_section (bfd *abfd ATTRIBUTE_UNUSED,
+ {
+   if (bfd_link_relocatable (link_info))
+     link_info->callbacks->fatal
+-      (_("%P: --relax and -r may not be used together\n"));
++      (_("%P%F: --relax and -r may not be used together\n"));
+ 
+   *again = false;
+   return true;
+diff --git a/bfd/reloc16.c b/bfd/reloc16.c
+index a16d6b20..b45ac263 100644
+--- a/bfd/reloc16.c
++++ b/bfd/reloc16.c
+@@ -152,7 +152,7 @@ bfd_coff_reloc16_relax_section (bfd *abfd,
+ 
+   if (bfd_link_relocatable (link_info))
+     link_info->callbacks->fatal
+-      (_("%P: --relax and -r may not be used together\n"));
++      (_("%P%F: --relax and -r may not be used together\n"));
+ 
+   /* We only do global relaxation once.  It is not safe to do it multiple
+      times (see discussion of the "shrinks" array below).  */
+diff --git a/bfd/xcofflink.c b/bfd/xcofflink.c
+index 9b01cc37..e0165d20 100644
+--- a/bfd/xcofflink.c
++++ b/bfd/xcofflink.c
+@@ -4681,7 +4681,7 @@ xcoff_build_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+   if (hstub->target_section != NULL
+       && hstub->target_section->output_section == NULL
+       && info->non_contiguous_regions)
+-    info->callbacks->fatal (_("%P: Could not assign `%pA' to an output section. "
++    info->callbacks->fatal (_("%F%P: Could not assign `%pA' to an output section. "
+                              "Retry without --enable-non-contiguous-regions.\n"),
+                            hstub->target_section);
+ 
+diff --git a/ld/emulparams/call_nop.sh b/ld/emulparams/call_nop.sh
+index 7dd6dfb1..450d05ab 100644
+--- a/ld/emulparams/call_nop.sh
++++ b/ld/emulparams/call_nop.sh
+@@ -20,7 +20,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_CALL_NOP='
+              char *end;
+              params.call_nop_byte = strtoul (optarg + 16 , &end, 0);
+              if (*end)
+-               fatal (_("%P: invalid number for -z call-nop=prefix-: %s\n"),
++               fatal (_("%F%P: invalid number for -z call-nop=prefix-: %s\n"),
+                       optarg + 16);
+              params.call_nop_as_suffix = false;
+            }
+@@ -29,12 +29,12 @@ PARSE_AND_LIST_ARGS_CASE_Z_CALL_NOP='
+              char *end;
+              params.call_nop_byte = strtoul (optarg + 16, &end, 0);
+              if (*end)
+-               fatal (_("%P: invalid number for -z call-nop=suffix-: %s\n"),
++               fatal (_("%F%P: invalid number for -z call-nop=suffix-: %s\n"),
+                       optarg + 16);
+              params.call_nop_as_suffix = true;
+            }
+          else
+-           fatal (_("%P: unsupported option: -z %s\n"), optarg);
++           fatal (_("%F%P: unsupported option: -z %s\n"), optarg);
+        }
+ '
+ 
+diff --git a/ld/emulparams/cet.sh b/ld/emulparams/cet.sh
+index e463441d..824bcf0e 100644
+--- a/ld/emulparams/cet.sh
++++ b/ld/emulparams/cet.sh
+@@ -29,7 +29,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_CET='
+                                 | prop_report_ibt
+                                 | prop_report_shstk);
+          else
+-           fatal (_("%P: invalid option for -z cet-report=: %s\n"),
++           fatal (_("%F%P: invalid option for -z cet-report=: %s\n"),
+                   optarg + 11);
+        }
+ '
+diff --git a/ld/emulparams/elf32mcore.sh b/ld/emulparams/elf32mcore.sh
+index 275a796f..99261ca8 100644
+--- a/ld/emulparams/elf32mcore.sh
++++ b/ld/emulparams/elf32mcore.sh
+@@ -46,6 +46,6 @@ PARSE_AND_LIST_ARGS_CASES='
+     case OPTION_BASE_FILE:
+       link_info.base_file = fopen (optarg, FOPEN_WB);
+       if (link_info.base_file == NULL)
+-       fatal (_("%P: cannot open base file %s\n"), optarg);
++       fatal (_("%F%P: cannot open base file %s\n"), optarg);
+       break;
+ '
+diff --git a/ld/emulparams/x86-64-lam.sh b/ld/emulparams/x86-64-lam.sh
+index 6e629ebb..8675a01f 100644
+--- a/ld/emulparams/x86-64-lam.sh
++++ b/ld/emulparams/x86-64-lam.sh
+@@ -25,7 +25,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_LAM='
+          else if (strcmp (optarg + 15, "error") == 0)
+            params.lam_u48_report = prop_report_error;
+          else
+-           fatal (_("%P: invalid option for -z lam-u48-report=: %s\n"),
++           fatal (_("%F%P: invalid option for -z lam-u48-report=: %s\n"),
+                   optarg + 15);
+        }
+       else if (strcmp (optarg, "lam-u57") == 0)
+@@ -39,7 +39,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_LAM='
+          else if (strcmp (optarg + 15, "error") == 0)
+            params.lam_u57_report = prop_report_error;
+          else
+-           fatal (_("%P: invalid option for -z lam-u57-report=: %s\n"),
++           fatal (_("%F%P: invalid option for -z lam-u57-report=: %s\n"),
+                   optarg + 15);
+        }
+       else if (strncmp (optarg, "lam-report=", 11) == 0)
+@@ -60,7 +60,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_LAM='
+              params.lam_u57_report = prop_report_error;
+            }
+          else
+-           fatal (_("%P: invalid option for -z lam-report=: %s\n"),
++           fatal (_("%F%P: invalid option for -z lam-report=: %s\n"),
+                   optarg + 11);
+        }
+ '
+diff --git a/ld/emulparams/x86-64-level.sh b/ld/emulparams/x86-64-level.sh
+index 7e27cf1e..3002a1f7 100644
+--- a/ld/emulparams/x86-64-level.sh
++++ b/ld/emulparams/x86-64-level.sh
+@@ -10,7 +10,7 @@ PARSE_AND_LIST_ARGS_CASE_Z_X86_64_LEVEL='
+          char *end;
+          unsigned int level = strtoul (optarg + 8 , &end, 10);
+          if (*end != '\0' || level < 2 || level > 4)
+-           fatal (_("%P: invalid x86-64 ISA level: %s\n"), optarg);
++           fatal (_("%F%P: invalid x86-64 ISA level: %s\n"), optarg);
+          params.isa_level = level;
+        }
+ '
+diff --git a/ld/emultempl/aarch64elf.em b/ld/emultempl/aarch64elf.em
+index a6637718..1cdd433d 100644
+--- a/ld/emultempl/aarch64elf.em
++++ b/ld/emultempl/aarch64elf.em
+@@ -316,7 +316,7 @@ aarch64_elf_create_output_section_statements (void)
+         These will only be created if the output format is an arm format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      fatal (_("%P: error: cannot change output format "
++      fatal (_("%F%P: error: cannot change output format "
+               "whilst linking %s binaries\n"), "AArch64");
+       return;
+     }
+@@ -342,7 +342,7 @@ aarch64_elf_create_output_section_statements (void)
+                              bfd_get_arch (link_info.output_bfd),
+                              bfd_get_mach (link_info.output_bfd)))
+     {
+-      fatal (_("%P: can not create BFD: %E\n"));
++      fatal (_("%F%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -468,7 +468,7 @@ PARSE_AND_LIST_ARGS_CASES='
+ 
+        group_size = bfd_scan_vma (optarg, &end, 0);
+        if (*end)
+-         fatal (_("%P: invalid number `%s'\''\n"), optarg);
++         fatal (_("%F%P: invalid number `%s'\''\n"), optarg);
+       }
+       break;
+ '
+diff --git a/ld/emultempl/aix.em b/ld/emultempl/aix.em
+index 29acdbc9..85bd45fa 100644
+--- a/ld/emultempl/aix.em
++++ b/ld/emultempl/aix.em
+@@ -335,7 +335,7 @@ read_file_list (const char *filename)
+   f = fopen (filename, FOPEN_RT);
+   if (f == NULL)
+     {
+-      fatal (_("%P: cannot open %s\n"), filename);
++      fatal (_("%F%P: cannot open %s\n"), filename);
+       return;
+     }
+   if (fseek (f, 0L, SEEK_END) == -1)
+@@ -383,7 +383,7 @@ read_file_list (const char *filename)
+ 
+  error:
+   fclose (f);
+-  fatal (_("%P: cannot read %s\n"), optarg);
++  fatal (_("%F%P: cannot read %s\n"), optarg);
+ }
+ 
+ static bool
+@@ -734,7 +734,7 @@ gld${EMULATION_NAME}_after_open (void)
+       size = (p->count + 2) * 4;
+       if (!bfd_xcoff_link_record_set (link_info.output_bfd, &link_info,
+                                      p->h, size))
+-       fatal (_("%P: bfd_xcoff_link_record_set failed: %E\n"));
++       fatal (_("%F%P: bfd_xcoff_link_record_set failed: %E\n"));
+     }
+ }
+ 
+@@ -764,9 +764,9 @@ gld${EMULATION_NAME}_before_allocation (void)
+ 
+       h = bfd_link_hash_lookup (link_info.hash, el->name, false, false, false);
+       if (h == NULL)
+-       fatal (_("%P: bfd_link_hash_lookup of export symbol failed: %E\n"));
++       fatal (_("%F%P: bfd_link_hash_lookup of export symbol failed: %E\n"));
+       if (!bfd_xcoff_export_symbol (link_info.output_bfd, &link_info, h))
+-       fatal (_("%P: bfd_xcoff_export_symbol failed: %E\n"));
++       fatal (_("%F%P: bfd_xcoff_export_symbol failed: %E\n"));
+     }
+ 
+   /* Track down all relocations called for by the linker script (these
+@@ -849,7 +849,7 @@ gld${EMULATION_NAME}_before_allocation (void)
+       (link_info.output_bfd, &link_info, libpath, entry_symbol.name,
+        file_align, maxstack, maxdata, gc && !unix_ld,
+        modtype, textro, flags, special_sections, rtld))
+-    fatal (_("%P: failed to set dynamic section sizes: %E\n"));
++    fatal (_("%F%P: failed to set dynamic section sizes: %E\n"));
+ 
+   /* Look through the special sections, and put them in the right
+      place in the link ordering.  This is especially magic.  */
+@@ -871,8 +871,8 @@ gld${EMULATION_NAME}_before_allocation (void)
+       is = NULL;
+       os = lang_output_section_get (sec->output_section);
+       if (os == NULL)
+-       fatal (_("%P: can't find output section %pA\n"),
+-              sec->output_section);
++       fatal (_("%F%P: can't find output section %s\n"),
++              sec->output_section->name);
+ 
+       for (pls = &os->children.head; *pls != NULL; pls = &(*pls)->header.next)
+        {
+@@ -908,7 +908,8 @@ gld${EMULATION_NAME}_before_allocation (void)
+ 
+       if (is == NULL)
+        {
+-         fatal (_("%P: can't find %pA in output section\n"), sec);
++         fatal (_("%F%P: can't find %s in output section\n"),
++                bfd_section_name (sec));
+        }
+ 
+       /* Now figure out where the section should go.  */
+@@ -1161,7 +1162,7 @@ gld${EMULATION_NAME}_after_allocation (void)
+ 
+   /* Now that everything is in place, finalize the dynamic sections.  */
+   if (!bfd_xcoff_build_dynamic_sections (link_info.output_bfd, &link_info))
+-    fatal (_("%P: failed to layout dynamic sections: %E\n"));
++    fatal (_("%F%P: failed to layout dynamic sections: %E\n"));
+ 
+   if (!bfd_link_relocatable (&link_info))
+     {
+@@ -1312,7 +1313,7 @@ gld${EMULATION_NAME}_read_file (const char *filename, bool import)
+   if (f == NULL)
+     {
+       bfd_set_error (bfd_error_system_call);
+-      fatal ("%P: %s: %E\n", filename);
++      fatal ("%F%P: %s: %E\n", filename);
+       return;
+     }
+ 
+@@ -1374,7 +1375,7 @@ gld${EMULATION_NAME}_read_file (const char *filename, bool import)
+              obstack_free (o, obstack_base (o));
+            }
+          else if (*s == '(')
+-           fatal (_("%P:%s:%d: #! ([member]) is not supported "
++           fatal (_("%F%P:%s:%d: #! ([member]) is not supported "
+                     "in import files\n"),
+                   filename, lineno);
+          else
+@@ -1391,7 +1392,7 @@ gld${EMULATION_NAME}_read_file (const char *filename, bool import)
+              *s = '\0';
+              if (!bfd_xcoff_split_import_path (link_info.output_bfd,
+                                                start, &imppath, &impfile))
+-               fatal (_("%P: could not parse import path: %E\n"));
++               fatal (_("%F%P: could not parse import path: %E\n"));
+              while (ISSPACE (cs))
+                {
+                  ++s;
+@@ -1546,10 +1547,10 @@ gld${EMULATION_NAME}_find_relocs (lang_statement_union_type *s)
+ 
+       rs = &s->reloc_statement;
+       if (rs->name == NULL)
+-       fatal (_("%P: only relocations against symbols are permitted\n"));
++       fatal (_("%F%P: only relocations against symbols are permitted\n"));
+       if (!bfd_xcoff_link_count_reloc (link_info.output_bfd, &link_info,
+                                       rs->name))
+-       fatal (_("%P: bfd_xcoff_link_count_reloc failed: %E\n"));
++       fatal (_("%F%P: bfd_xcoff_link_count_reloc failed: %E\n"));
+     }
+ 
+   if (s->header.type == lang_assignment_statement_enum)
+@@ -1578,7 +1579,7 @@ gld${EMULATION_NAME}_find_exp_assignment (etree_type *exp)
+          if (!bfd_xcoff_record_link_assignment (link_info.output_bfd,
+                                                 &link_info,
+                                                 exp->assign.dst))
+-           fatal (_("%P: failed to record assignment to %s: %E\n"),
++           fatal (_("%F%P: failed to record assignment to %s: %E\n"),
+                   exp->assign.dst);
+        }
+       gld${EMULATION_NAME}_find_exp_assignment (exp->assign.src);
+@@ -1673,7 +1674,7 @@ gld${EMULATION_NAME}_create_output_section_statements (void)
+                             bfd_get_arch (link_info.output_bfd),
+                             bfd_get_mach (link_info.output_bfd)))
+     {
+-      fatal (_("%P: can not create stub BFD: %E\n"));
++      fatal (_("%F%P: can not create stub BFD: %E\n"));
+       return;
+     }
+ 
+@@ -1683,7 +1684,7 @@ gld${EMULATION_NAME}_create_output_section_statements (void)
+ 
+   /* Pass linker params to the back-end. */
+   if (!bfd_xcoff_link_init (&link_info, &params))
+-    fatal (_("%P: can not init BFD: %E\n"));
++    fatal (_("%F%P: can not init BFD: %E\n"));
+ 
+   /* __rtinit */
+   if (link_info.init_function != NULL
+@@ -1700,7 +1701,7 @@ gld${EMULATION_NAME}_create_output_section_statements (void)
+                                  bfd_get_arch (link_info.output_bfd),
+                                  bfd_get_mach (link_info.output_bfd)))
+        {
+-         fatal (_("%P: can not create BFD: %E\n"));
++         fatal (_("%F%P: can not create BFD: %E\n"));
+          return;
+        }
+ 
+@@ -1710,7 +1711,7 @@ gld${EMULATION_NAME}_create_output_section_statements (void)
+                                            link_info.fini_function,
+                                            rtld))
+        {
+-         fatal (_("%P: can not create BFD: %E\n"));
++         fatal (_("%F%P: can not create BFD: %E\n"));
+          return;
+        }
+ 
+diff --git a/ld/emultempl/armelf.em b/ld/emultempl/armelf.em
+index 504fb0cd..4240f4e7 100644
+--- a/ld/emultempl/armelf.em
++++ b/ld/emultempl/armelf.em
+@@ -521,7 +521,7 @@ arm_elf_create_output_section_statements (void)
+         These will only be created if the output format is an arm format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      fatal (_("%P: error: cannot change output format "
++      fatal (_("%F%P: error: cannot change output format "
+               "whilst linking %s binaries\n"), "ARM");
+       return;
+     }
+@@ -532,10 +532,10 @@ arm_elf_create_output_section_statements (void)
+                                        bfd_get_target (link_info.output_bfd));
+ 
+       if (params.in_implib_bfd == NULL)
+-       fatal (_("%P: %s: can't open: %E\n"), in_implib_filename);
++       fatal (_("%F%P: %s: can't open: %E\n"), in_implib_filename);
+ 
+       if (!bfd_check_format (params.in_implib_bfd, bfd_object))
+-       fatal (_("%P: %s: not a relocatable file: %E\n"), in_implib_filename);
++       fatal (_("%F%P: %s: not a relocatable file: %E\n"), in_implib_filename);
+     }
+ 
+   bfd_elf32_arm_set_target_params (link_info.output_bfd, &link_info, &params);
+@@ -549,7 +549,7 @@ arm_elf_create_output_section_statements (void)
+                              bfd_get_arch (link_info.output_bfd),
+                              bfd_get_mach (link_info.output_bfd)))
+     {
+-      fatal (_("%P: can not create BFD: %E\n"));
++      fatal (_("%F%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -734,7 +734,7 @@ PARSE_AND_LIST_ARGS_CASES='
+ 
+        group_size = bfd_scan_vma (optarg, &end, 0);
+        if (*end)
+-         fatal (_("%P: invalid number `%s'\''\n"), optarg);
++         fatal (_("%F%P: invalid number `%s'\''\n"), optarg);
+       }
+       break;
+ 
+diff --git a/ld/emultempl/avrelf.em b/ld/emultempl/avrelf.em
+index dd5b57d1..854c57bb 100644
+--- a/ld/emultempl/avrelf.em
++++ b/ld/emultempl/avrelf.em
+@@ -116,7 +116,7 @@ avr_elf_create_output_section_statements (void)
+ 
+   if (bfd_get_flavour (link_info.output_bfd) != bfd_target_elf_flavour)
+     {
+-      fatal (_("%P: error: cannot change output format "
++      fatal (_("%F%P: error: cannot change output format "
+               "whilst linking %s binaries\n"), "AVR");
+       return;
+     }
+diff --git a/ld/emultempl/beos.em b/ld/emultempl/beos.em
+index 81878b02..e936b4f5 100644
+--- a/ld/emultempl/beos.em
++++ b/ld/emultempl/beos.em
+@@ -227,7 +227,7 @@ set_pe_subsystem (void)
+          return;
+        }
+     }
+-  fatal (_("%P: invalid subsystem type %s\n"), optarg);
++  fatal (_("%F%P: invalid subsystem type %s\n"), optarg);
+ }
+ 
+ 
+@@ -237,7 +237,7 @@ set_pe_value (char *name)
+   char *end;
+   set_pe_name (name,  strtoul (optarg, &end, 0));
+   if (end == optarg)
+-    fatal (_("%P: invalid hex number for PE parameter '%s'\n"), optarg);
++    fatal (_("%F%P: invalid hex number for PE parameter '%s'\n"), optarg);
+ 
+   optarg = end;
+ }
+@@ -252,7 +252,7 @@ set_pe_stack_heap (char *resname, char *comname)
+       set_pe_value (comname);
+     }
+   else if (*optarg)
+-    fatal (_("%P: strange hex info for PE parameter '%s'\n"), optarg);
++    fatal (_("%F%P: strange hex info for PE parameter '%s'\n"), optarg);
+ }
+ 
+ 
+@@ -267,7 +267,7 @@ gld${EMULATION_NAME}_handle_option (int optc)
+     case OPTION_BASE_FILE:
+       link_info.base_file = fopen (optarg, FOPEN_WB);
+       if (link_info.base_file == NULL)
+-       fatal (_("%P: cannot open base file %s\n"), optarg);
++       fatal (_("%F%P: cannot open base file %s\n"), optarg);
+       break;
+ 
+       /* PE options */
+@@ -376,7 +376,7 @@ gld${EMULATION_NAME}_after_open (void)
+      FIXME: This should be done via a function, rather than by
+      including an internal BFD header.  */
+   if (!obj_pe (link_info.output_bfd))
+-    fatal (_("%P: PE operations on non PE file\n"));
++    fatal (_("%F%P: PE operations on non PE file\n"));
+ 
+   pe_data(link_info.output_bfd)->pe_opthdr = pe;
+   pe_data(link_info.output_bfd)->dll = init[DLLOFF].value;
+@@ -425,12 +425,12 @@ sort_by_file_name (const void *a, const void *b)
+ 
+       if (!bfd_get_section_contents (sa->owner, sa, &a_sec, (file_ptr) 0,
+                                     (bfd_size_type) sizeof (a_sec)))
+-       fatal (_("%P: %pB: can't read contents of section .idata: %E\n"),
++       fatal (_("%F%P: %pB: can't read contents of section .idata: %E\n"),
+               sa->owner);
+ 
+       if (!bfd_get_section_contents (sb->owner, sb, &b_sec, (file_ptr) 0,
+                                     (bfd_size_type) sizeof (b_sec)))
+-       fatal (_("%P: %pB: can't read contents of section .idata: %E\n"),
++       fatal (_("%F%P: %pB: can't read contents of section .idata: %E\n"),
+               sb->owner);
+ 
+       i = a_sec < b_sec ? -1 : 0;
+@@ -662,7 +662,7 @@ gld${EMULATION_NAME}_place_orphan (asection *s,
+   /* Everything from the '\$' on gets deleted so don't allow '\$' as the
+      first character.  */
+   if (*secname == '\$')
+-    fatal (_("%P: section %s has '\$' as first character\n"), secname);
++    fatal (_("%F%P: section %s has '\$' as first character\n"), secname);
+   if (strchr (secname + 1, '\$') == NULL)
+     return NULL;
+ 
+@@ -692,7 +692,7 @@ gld${EMULATION_NAME}_place_orphan (asection *s,
+       }
+   ps[0] = 0;
+   if (l == NULL)
+-    fatal (_("%P: *(%s\$) missing from linker script\n"), output_secname);
++    fatal (_("%F%P: *(%s\$) missing from linker script\n"), output_secname);
+ 
+   /* Link the input section in and we're done for now.
+      The sections still have to be sorted, but that has to wait until
+diff --git a/ld/emultempl/cr16elf.em b/ld/emultempl/cr16elf.em
+index 5464edf1..cd24728c 100644
+--- a/ld/emultempl/cr16elf.em
++++ b/ld/emultempl/cr16elf.em
+@@ -58,7 +58,7 @@ cr16_elf_after_open (void)
+             COFF and ELF.  */
+          if (bfd_get_flavour (abfd) != bfd_target_coff_flavour
+              && bfd_get_flavour (abfd) != bfd_target_elf_flavour)
+-           fatal (_("%P: %pB: all input objects must be COFF or ELF "
++           fatal (_("%F%P: %pB: all input objects must be COFF or ELF "
+                     "for --embedded-relocs\n"));
+ 
+          datasec = bfd_get_section_by_name (abfd, ".data.rel");
+@@ -82,7 +82,7 @@ cr16_elf_after_open (void)
+                                                      | SEC_IN_MEMORY))
+                  || !bfd_set_section_alignment (relsec, 2)
+                  || !bfd_set_section_size (relsec, datasec->reloc_count * 8))
+-               fatal (_("%P: %pB: can not create .emreloc section: %E\n"));
++               fatal (_("%F%P: %pB: can not create .emreloc section: %E\n"));
+            }
+ 
+          /* Double check that all other data sections are empty, as is
+diff --git a/ld/emultempl/cskyelf.em b/ld/emultempl/cskyelf.em
+index 9c91d7ac..b4896c45 100644
+--- a/ld/emultempl/cskyelf.em
++++ b/ld/emultempl/cskyelf.em
+@@ -151,7 +151,7 @@ csky_elf_create_output_section_statements (void)
+          bfd_get_arch (link_info.output_bfd),
+          bfd_get_mach (link_info.output_bfd)))
+     {
+-      fatal (_("%P: can not create BFD: %E\n"));
++      fatal (_("%F%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -324,7 +324,7 @@ PARSE_AND_LIST_ARGS_CASES='
+ 
+       group_size = bfd_scan_vma (optarg, &end, 0);
+       if (*end)
+-       fatal (_("%P: invalid number `%s'\''\n"), optarg);
++       fatal (_("%F%P: invalid number `%s'\''\n"), optarg);
+     }
+     break;
+ '
+diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em
+index 5cc38194..fbbff87f 100644
+--- a/ld/emultempl/elf.em
++++ b/ld/emultempl/elf.em
+@@ -667,12 +667,12 @@ gld${EMULATION_NAME}_handle_option (int optc)
+        {
+ #ifndef HAVE_ZSTD
+          if (config.compress_debug == COMPRESS_DEBUG_ZSTD)
+-           fatal (_("%P: --compress-debug-sections=zstd: ld is not built "
++           fatal (_("%F%P: --compress-debug-sections=zstd: ld is not built "
+                     "with zstd support\n"));
+ #endif
+        }
+       if (config.compress_debug == COMPRESS_UNKNOWN)
+-       fatal (_("%P: invalid --compress-debug-sections option: \`%s'\n"),
++       fatal (_("%F%P: invalid --compress-debug-sections option: \`%s'\n"),
+                optarg);
+       break;
+ EOF
+@@ -727,7 +727,7 @@ fragment <<EOF
+          link_info.emit_gnu_hash = true;
+        }
+       else
+-       fatal (_("%P: invalid hash style \`%s'\n"), optarg);
++       fatal (_("%F%P: invalid hash style \`%s'\n"), optarg);
+       break;
+ 
+ EOF
+@@ -747,7 +747,7 @@ fragment <<EOF
+          link_info.maxpagesize = strtoul (optarg + 14, &end, 0);
+          if (*end
+              || (link_info.maxpagesize & (link_info.maxpagesize - 1)) != 0)
+-           fatal (_("%P: invalid maximum page size \`%s'\n"),
++           fatal (_("%F%P: invalid maximum page size \`%s'\n"),
+                   optarg + 14);
+          link_info.maxpagesize_is_set = true;
+        }
+@@ -757,7 +757,7 @@ fragment <<EOF
+          link_info.commonpagesize = strtoul (optarg + 17, &end, 0);
+          if (*end
+              || (link_info.commonpagesize & (link_info.commonpagesize - 1)) != 0)
+-           fatal (_("%P: invalid common page size \`%s'\n"),
++           fatal (_("%F%P: invalid common page size \`%s'\n"),
+                   optarg + 17);
+          link_info.commonpagesize_is_set = true;
+        }
+@@ -766,7 +766,7 @@ fragment <<EOF
+          char *end;
+          link_info.stacksize = strtoul (optarg + 11, &end, 0);
+          if (*end || link_info.stacksize < 0)
+-           fatal (_("%P: invalid stack size \`%s'\n"), optarg + 11);
++           fatal (_("%F%P: invalid stack size \`%s'\n"), optarg + 11);
+          if (!link_info.stacksize)
+            /* Use -1 for explicit no-stack, because zero means
+               'default'.   */
+@@ -805,7 +805,7 @@ fragment <<EOF
+          else if (strcmp (optarg, "start-stop-visibility=protected") == 0)
+            link_info.start_stop_visibility = STV_PROTECTED;
+          else
+-           fatal (_("%P: invalid visibility in \`-z %s'; "
++           fatal (_("%F%P: invalid visibility in \`-z %s'; "
+                     "must be default, internal, hidden, or protected"),
+                   optarg);
+        }
+diff --git a/ld/emultempl/hppaelf.em b/ld/emultempl/hppaelf.em
+index f0284ea3..e8e98a49 100644
+--- a/ld/emultempl/hppaelf.em
++++ b/ld/emultempl/hppaelf.em
+@@ -82,7 +82,7 @@ hppaelf_create_output_section_statements (void)
+                              bfd_get_arch (link_info.output_bfd),
+                              bfd_get_mach (link_info.output_bfd)))
+     {
+-      fatal (_("%P: can not create BFD: %E\n"));
++      fatal (_("%F%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -351,7 +351,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        const char *end;
+        group_size = bfd_scan_vma (optarg, &end, 0);
+        if (*end)
+-         fatal (_("%P: invalid number `%s'\''\n"), optarg);
++         fatal (_("%F%P: invalid number `%s'\''\n"), optarg);
+       }
+       break;
+ '
+diff --git a/ld/emultempl/kvxelf.em b/ld/emultempl/kvxelf.em
+index 1ffbd1db..81713678 100644
+--- a/ld/emultempl/kvxelf.em
++++ b/ld/emultempl/kvxelf.em
+@@ -36,7 +36,7 @@ EOF
+ if test x"${EMULATION_NAME}" != x"elf64kvx_linux"; then
+ fragment <<EOF
+   if (bfd_link_pie (&link_info))
+-    fatal (_(":%P: -pie not supported\n"));
++    fatal (_("%F:%P: -pie not supported\n"));
+ EOF
+ fi
+ fragment <<EOF
+@@ -299,7 +299,7 @@ kvx_elf_create_output_section_statements (void)
+   ldlang_add_file (stub_file);
+ 
+   if (!kvx_elf${ELFSIZE}_init_stub_bfd (&link_info, stub_file->the_bfd))
+-    einfo ("%P: can not init BFD: %E\n");
++    fatal ("%F%P: can not init BFD: %E\n");
+ }
+ 
+ 
+diff --git a/ld/emultempl/loongarchelf.em b/ld/emultempl/loongarchelf.em
+index 5a3d7b79..153094b0 100644
+--- a/ld/emultempl/loongarchelf.em
++++ b/ld/emultempl/loongarchelf.em
+@@ -71,7 +71,7 @@ gld${EMULATION_NAME}_after_allocation (void)
+       if (!_bfd_elf_map_sections_to_segments (link_info.output_bfd,
+                                              &link_info,
+                                              NULL))
+-       fatal (_("%P: map sections to segments failed: %E\n"));
++        fatal (_("%F%P: map sections to segments failed: %E\n"));
+     }
+ 
+   /* Adjust program header size and .eh_frame_hdr size before
+diff --git a/ld/emultempl/m68hc1xelf.em b/ld/emultempl/m68hc1xelf.em
+index 36f5f068..fe6dd85b 100644
+--- a/ld/emultempl/m68hc1xelf.em
++++ b/ld/emultempl/m68hc1xelf.em
+@@ -159,7 +159,7 @@ m68hc11elf_create_output_section_statements (void)
+                             bfd_get_arch (link_info.output_bfd),
+                             bfd_get_mach (link_info.output_bfd)))
+     {
+-      fatal (_("%P: can not create BFD: %E\n"));
++      fatal (_("%F%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+diff --git a/ld/emultempl/m68kelf.em b/ld/emultempl/m68kelf.em
+index f9a5bec2..e6eed5cc 100644
+--- a/ld/emultempl/m68kelf.em
++++ b/ld/emultempl/m68kelf.em
+@@ -82,7 +82,7 @@ m68k_elf_after_open (void)
+          asection *datasec;
+ 
+          if (bfd_get_flavour (abfd) != bfd_target_elf_flavour)
+-           fatal (_("%P: %pB: all input objects must be ELF "
++           fatal (_("%F%P: %pB: all input objects must be ELF "
+                     "for --embedded-relocs\n"));
+ 
+          datasec = bfd_get_section_by_name (abfd, ".data");
+@@ -106,7 +106,7 @@ m68k_elf_after_open (void)
+              if (relsec == NULL
+                  || !bfd_set_section_alignment (relsec, 2)
+                  || !bfd_set_section_size (relsec, datasec->reloc_count * 12))
+-               fatal (_("%P: %pB: can not create .emreloc section: %E\n"));
++               fatal (_("%F%P: %pB: can not create .emreloc section: %E\n"));
+            }
+ 
+          /* Double check that all other data sections are empty, as is
+diff --git a/ld/emultempl/metagelf.em b/ld/emultempl/metagelf.em
+index 313d7ed5..95655ad0 100644
+--- a/ld/emultempl/metagelf.em
++++ b/ld/emultempl/metagelf.em
+@@ -59,7 +59,7 @@ metagelf_create_output_section_statements (void)
+                              bfd_get_arch (link_info.output_bfd),
+                              bfd_get_mach (link_info.output_bfd)))
+     {
+-      fatal (_("%P: can not create BFD: %E\n"));
++      fatal (_("%F%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -309,7 +309,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        const char *end;
+        group_size = bfd_scan_vma (optarg, &end, 0);
+        if (*end)
+-         fatal (_("%P: invalid number `%s'\''\n"), optarg);
++         fatal (_("%F%P: invalid number `%s'\''\n"), optarg);
+       }
+       break;
+ '
+diff --git a/ld/emultempl/mipself.em b/ld/emultempl/mipself.em
+index 2a22ba49..a4f158b7 100644
+--- a/ld/emultempl/mipself.em
++++ b/ld/emultempl/mipself.em
+@@ -152,7 +152,7 @@ mips_add_stub_section (const char *stub_sec_name, asection *input_section,
+                                 bfd_get_arch (link_info.output_bfd),
+                                 bfd_get_mach (link_info.output_bfd)))
+        {
+-         fatal (_("%P: can not create BFD: %E\n"));
++         fatal (_("%F%P: can not create BFD: %E\n"));
+          return NULL;
+        }
+       stub_bfd->flags |= BFD_LINKER_CREATED;
+diff --git a/ld/emultempl/mmix-elfnmmo.em b/ld/emultempl/mmix-elfnmmo.em
+index 03186363..c4288d82 100644
+--- a/ld/emultempl/mmix-elfnmmo.em
++++ b/ld/emultempl/mmix-elfnmmo.em
+@@ -113,7 +113,7 @@ mmix_after_allocation (void)
+     bfd_set_section_vma (sec, 0);
+ 
+   if (!_bfd_mmix_after_linker_allocation (link_info.output_bfd, &link_info))
+-    fatal (_("%P: can't finalize linker-allocated global registers\n"));
++    fatal (_("%F%P: can't finalize linker-allocated global registers\n"));
+ }
+ EOF
+ 
+diff --git a/ld/emultempl/nds32elf.em b/ld/emultempl/nds32elf.em
+index 36260573..8598d0a8 100644
+--- a/ld/emultempl/nds32elf.em
++++ b/ld/emultempl/nds32elf.em
+@@ -44,7 +44,7 @@ nds32_elf_create_output_section_statements (void)
+   if (strstr (bfd_get_target (link_info.output_bfd), "nds32") == NULL)
+     {
+       /* Check the output target is nds32.  */
+-      fatal (_("%P: error: cannot change output format whilst "
++      fatal (_("%F%P: error: cannot change output format whilst "
+               "linking %s binaries\n"), "NDS32");
+       return;
+     }
+@@ -96,7 +96,7 @@ nds32_elf_after_open (void)
+               && abi_ver != (elf_elfheader (abfd)->e_flags & EF_NDS_ABI))
+        {
+          /* Incompatible objects.  */
+-         fatal (_("%P: %pB: ABI version of object files mismatched\n"),
++         fatal (_("%F%P: %pB: ABI version of object files mismatched\n"),
+                 abfd);
+        }
+     }
+@@ -195,7 +195,7 @@ PARSE_AND_LIST_ARGS_CASES='
+       {
+        sym_ld_script = fopen (optarg, FOPEN_WT);
+        if(sym_ld_script == NULL)
+-         fatal (_("%P: cannot open map file %s: %E\n"), optarg);
++         fatal (_("%F%P: cannot open map file %s: %E\n"), optarg);
+       }
+     break;
+   case OPTION_HYPER_RELAX:
+diff --git a/ld/emultempl/nto.em b/ld/emultempl/nto.em
+index 609d0217..bed2d374 100644
+--- a/ld/emultempl/nto.em
++++ b/ld/emultempl/nto.em
+@@ -51,7 +51,7 @@ nto_create_QNX_note_section(int type)
+      is called before this function, stub_file should already be defined.  */
+   if (!stub_file)
+     {
+-      fatal (_("%P: cannot create .note section in stub BFD.\n"));
++      fatal (_("%F%P: cannot create .note section in stub BFD.\n"));
+       return NULL;
+     }
+ 
+@@ -60,7 +60,7 @@ nto_create_QNX_note_section(int type)
+   note_sec = bfd_make_section_anyway_with_flags (stub_file->the_bfd, ".note", flags);
+   if (! note_sec)
+     {
+-      fatal (_("%P: failed to create .note section\n"));
++      fatal (_("%F%P: failed to create .note section\n"));
+       return NULL;
+     }
+ 
+@@ -101,7 +101,7 @@ nto_lookup_QNX_note_section(int type)
+       sec->contents = xmalloc(sec->size);
+       if (!bfd_get_section_contents (sec->owner, sec, sec->contents, (file_ptr) 0,
+                                     sec->size))
+-       fatal (_("%P: %pB: can't read contents of section .note: %E\n"),
++       fatal (_("%F%P: %pB: can't read contents of section .note: %E\n"),
+               sec->owner);
+ 
+       e_note = (Elf_External_Note *) sec->contents;
+@@ -144,7 +144,7 @@ nto_add_note_section (void) {
+ 
+   if (nto_lazy_stack && !link_info.stacksize)
+     {
+-      fatal (_("%P: error: --lazy-stack must follow -zstack-size=<size>\n"));
++      fatal (_("%F%P: error: --lazy-stack must follow -zstack-size=<size>\n"));
+       return;
+     }
+ 
+@@ -216,7 +216,7 @@ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+        char *end;
+        link_info.stacksize = strtoul (optarg, &end, 0);
+        if (*end || link_info.stacksize < 0)
+-         fatal (_("%P: invalid stack size `%s'\''\n"), optarg + 11);
++         fatal (_("%F%P: invalid stack size `%s'\''\n"), optarg + 11);
+        if (!link_info.stacksize)
+          /* Use -1 for explicit no-stack, because zero means
+             'default'.   */
+diff --git a/ld/emultempl/pe.em b/ld/emultempl/pe.em
+index 4cb1488e..3eeaffec 100644
+--- a/ld/emultempl/pe.em
++++ b/ld/emultempl/pe.em
+@@ -726,7 +726,7 @@ set_pe_subsystem (void)
+ 
+       if (v[i].name == NULL)
+        {
+-         fatal (_("%P: invalid subsystem type %s\n"), optarg);
++         fatal (_("%F%P: invalid subsystem type %s\n"), optarg);
+          return;
+        }
+ 
+@@ -747,7 +747,7 @@ set_pe_value (char *name)
+   set_pe_name (name,  strtoul (optarg, &end, 0));
+ 
+   if (end == optarg)
+-    fatal (_("%P: invalid hex number for PE parameter '%s'\n"), optarg);
++    fatal (_("%F%P: invalid hex number for PE parameter '%s'\n"), optarg);
+ 
+   optarg = end;
+ }
+@@ -764,7 +764,7 @@ set_pe_stack_heap (char *resname, char *comname)
+       set_pe_value (comname);
+     }
+   else if (*optarg)
+-    fatal (_("%P: strange hex info for PE parameter '%s'\n"), optarg);
++    fatal (_("%F%P: strange hex info for PE parameter '%s'\n"), optarg);
+ }
+ 
+ #define DEFAULT_BUILD_ID_STYLE "md5"
+@@ -780,7 +780,7 @@ gld${EMULATION_NAME}_handle_option (int optc)
+     case OPTION_BASE_FILE:
+       link_info.base_file = fopen (optarg, FOPEN_WB);
+       if (link_info.base_file == NULL)
+-       fatal (_("%P: cannot open base file %s\n"), optarg);
++       fatal (_("%F%P: cannot open base file %s\n"), optarg);
+       break;
+ 
+       /* PE options.  */
+@@ -1309,7 +1309,7 @@ make_runtime_ref (void)
+     = bfd_wrapped_link_hash_lookup (link_info.output_bfd, &link_info,
+                                    rr, true, false, true);
+   if (!h)
+-    fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
++    fatal (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
+   else
+     {
+       if (h->type == bfd_link_hash_new)
+@@ -1607,7 +1607,7 @@ gld${EMULATION_NAME}_after_open (void)
+   if (bfd_get_flavour (link_info.output_bfd) != bfd_target_coff_flavour
+       || coff_data (link_info.output_bfd) == NULL
+       || !obj_pe (link_info.output_bfd))
+-    fatal (_("%P: cannot perform PE operations on non PE output file '%pB'\n"),
++    fatal (_("%F%P: cannot perform PE operations on non PE output file '%pB'\n"),
+           link_info.output_bfd);
+ 
+   pe_data (link_info.output_bfd)->pe_opthdr = pe;
+@@ -1680,7 +1680,7 @@ gld${EMULATION_NAME}_after_open (void)
+         These will only be created if the output format is an arm format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      fatal (_("%P: error: cannot change output format "
++      fatal (_("%F%P: error: cannot change output format "
+               "whilst linking %s binaries\n"), "ARM");
+       return;
+     }
+@@ -1740,7 +1740,7 @@ gld${EMULATION_NAME}_after_open (void)
+ 
+                    if (!bfd_generic_link_read_symbols (is->the_bfd))
+                      {
+-                       fatal (_("%P: %pB: could not read symbols: %E\n"),
++                       fatal (_("%F%P: %pB: could not read symbols: %E\n"),
+                               is->the_bfd);
+                        return;
+                      }
+@@ -1912,7 +1912,7 @@ gld${EMULATION_NAME}_after_open (void)
+ 
+                if (!bfd_generic_link_read_symbols (is->the_bfd))
+                  {
+-                   fatal (_("%P: %pB: could not read symbols: %E\n"),
++                   fatal (_("%F%P: %pB: could not read symbols: %E\n"),
+                           is->the_bfd);
+                    return;
+                  }
+@@ -2023,7 +2023,7 @@ gld${EMULATION_NAME}_unrecognized_file (lang_input_statement_type *entry ATTRIBU
+ 
+              h = bfd_link_hash_lookup (link_info.hash, buf, true, true, true);
+              if (h == (struct bfd_link_hash_entry *) NULL)
+-               fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
++               fatal (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
+              if (h->type == bfd_link_hash_new)
+                {
+                  h->type = bfd_link_hash_undefined;
+diff --git a/ld/emultempl/pep.em b/ld/emultempl/pep.em
+index 2d033dd3..ac0e192f 100644
+--- a/ld/emultempl/pep.em
++++ b/ld/emultempl/pep.em
+@@ -698,7 +698,7 @@ set_pep_subsystem (void)
+ 
+       if (v[i].name == NULL)
+        {
+-         fatal (_("%P: invalid subsystem type %s\n"), optarg);
++         fatal (_("%F%P: invalid subsystem type %s\n"), optarg);
+          return;
+        }
+ 
+@@ -719,7 +719,7 @@ set_pep_value (char *name)
+   set_pep_name (name,  (bfd_vma) strtoull (optarg, &end, 0));
+ 
+   if (end == optarg)
+-    fatal (_("%P: invalid hex number for PE parameter '%s'\n"), optarg);
++    fatal (_("%F%P: invalid hex number for PE parameter '%s'\n"), optarg);
+ 
+   optarg = end;
+ }
+@@ -736,7 +736,7 @@ set_pep_stack_heap (char *resname, char *comname)
+       set_pep_value (comname);
+     }
+   else if (*optarg)
+-    fatal (_("%P: strange hex info for PE parameter '%s'\n"), optarg);
++    fatal (_("%F%P: strange hex info for PE parameter '%s'\n"), optarg);
+ }
+ 
+ #define DEFAULT_BUILD_ID_STYLE "md5"
+@@ -753,7 +753,7 @@ gld${EMULATION_NAME}_handle_option (int optc)
+     case OPTION_BASE_FILE:
+       link_info.base_file = fopen (optarg, FOPEN_WB);
+       if (link_info.base_file == NULL)
+-       fatal (_("%P: cannot open base file %s\n"), optarg);
++       fatal (_("%F%P: cannot open base file %s\n"), optarg);
+       break;
+ 
+       /* PE options.  */
+@@ -1306,7 +1306,7 @@ make_runtime_ref (void)
+     = bfd_wrapped_link_hash_lookup (link_info.output_bfd, &link_info,
+                                    rr, true, false, true);
+   if (!h)
+-    fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
++    fatal (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
+   else
+     {
+       if (h->type == bfd_link_hash_new)
+@@ -1606,7 +1606,7 @@ gld${EMULATION_NAME}_after_open (void)
+   if (bfd_get_flavour (link_info.output_bfd) != bfd_target_coff_flavour
+       || coff_data (link_info.output_bfd) == NULL
+       || !obj_pe (link_info.output_bfd))
+-    fatal (_("%P: cannot perform PE operations on non PE output file '%pB'\n"),
++    fatal (_("%F%P: cannot perform PE operations on non PE output file '%pB'\n"),
+           link_info.output_bfd);
+ 
+   pe_data (link_info.output_bfd)->pe_opthdr = pep;
+@@ -1718,7 +1718,7 @@ gld${EMULATION_NAME}_after_open (void)
+ 
+                    if (!bfd_generic_link_read_symbols (is->the_bfd))
+                      {
+-                       fatal (_("%P: %pB: could not read symbols: %E\n"),
++                       fatal (_("%F%P: %pB: could not read symbols: %E\n"),
+                               is->the_bfd);
+                        return;
+                      }
+@@ -1907,7 +1907,7 @@ gld${EMULATION_NAME}_unrecognized_file (lang_input_statement_type *entry ATTRIBU
+ 
+              h = bfd_link_hash_lookup (link_info.hash, buf, true, true, true);
+              if (h == (struct bfd_link_hash_entry *) NULL)
+-               fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
++               fatal (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
+              if (h->type == bfd_link_hash_new)
+                {
+                  h->type = bfd_link_hash_undefined;
+diff --git a/ld/emultempl/ppc32elf.em b/ld/emultempl/ppc32elf.em
+index ffacadc6..73bad022 100644
+--- a/ld/emultempl/ppc32elf.em
++++ b/ld/emultempl/ppc32elf.em
+@@ -386,7 +386,7 @@ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+          char *end;
+          unsigned long val = strtoul (optarg, &end, 0);
+          if (*end || val > 5)
+-           fatal (_("%P: invalid --plt-align `%s'\''\n"), optarg);
++           fatal (_("%F%P: invalid --plt-align `%s'\''\n"), optarg);
+          params.plt_stub_align = val;
+        }
+       else
+@@ -419,7 +419,7 @@ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+          if (*end
+              || (params.pagesize < 4096 && params.pagesize != 0)
+              || params.pagesize != (params.pagesize & -params.pagesize))
+-           fatal (_("%P: invalid pagesize `%s'\''\n"), optarg);
++           fatal (_("%F%P: invalid pagesize `%s'\''\n"), optarg);
+        }
+       break;
+ 
+diff --git a/ld/emultempl/ppc64elf.em b/ld/emultempl/ppc64elf.em
+index 92bf4f58..a884f6b5 100644
+--- a/ld/emultempl/ppc64elf.em
++++ b/ld/emultempl/ppc64elf.em
+@@ -91,7 +91,7 @@ ppc_create_output_section_statements (void)
+                             bfd_get_arch (link_info.output_bfd),
+                             bfd_get_mach (link_info.output_bfd)))
+     {
+-      fatal (_("%P: can not create BFD: %E\n"));
++      fatal (_("%F%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -101,7 +101,7 @@ ppc_create_output_section_statements (void)
+   if (params.save_restore_funcs < 0)
+     params.save_restore_funcs = !bfd_link_relocatable (&link_info);
+   if (!ppc64_elf_init_stub_bfd (&link_info, &params))
+-    fatal (_("%P: can not init BFD: %E\n"));
++    fatal (_("%F%P: can not init BFD: %E\n"));
+ }
+ 
+ /* Called after opening files but before mapping sections.  */
+@@ -860,7 +860,7 @@ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+        const char *end;
+        params.group_size = bfd_scan_vma (optarg, &end, 0);
+        if (*end)
+-         fatal (_("%P: invalid number `%s'\''\n"), optarg);
++         fatal (_("%F%P: invalid number `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -886,7 +886,7 @@ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+          char *end;
+          long val = strtol (optarg, &end, 0);
+          if (*end || (unsigned long) val + 8 > 16)
+-           fatal (_("%P: invalid --plt-align `%s'\''\n"), optarg);
++           fatal (_("%F%P: invalid --plt-align `%s'\''\n"), optarg);
+          params.plt_stub_align = val;
+        }
+       else
+@@ -915,7 +915,7 @@ PARSE_AND_LIST_ARGS_CASES=${PARSE_AND_LIST_ARGS_CASES}'
+          else if (strcasecmp (optarg, "no") == 0)
+            params.power10_stubs = 0;
+          else
+-           fatal (_("%P: invalid --power10-stubs argument `%s'\''\n"),
++           fatal (_("%F%P: invalid --power10-stubs argument `%s'\''\n"),
+                   optarg);
+        }
+       else
+diff --git a/ld/emultempl/riscvelf.em b/ld/emultempl/riscvelf.em
+index 006e4edb..d5012b33 100644
+--- a/ld/emultempl/riscvelf.em
++++ b/ld/emultempl/riscvelf.em
+@@ -141,7 +141,7 @@ riscv_create_output_section_statements (void)
+         These will only be created if the output format is a RISC-V format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      fatal (_("%P: error: cannot change output format"
++      fatal (_("%F%P: error: cannot change output format"
+               " whilst linking %s binaries\n"), "RISC-V");
+       return;
+     }
+diff --git a/ld/emultempl/s390.em b/ld/emultempl/s390.em
+index 0a93d76b..bb589069 100644
+--- a/ld/emultempl/s390.em
++++ b/ld/emultempl/s390.em
+@@ -34,7 +34,7 @@ static void
+ s390_elf_create_output_section_statements (void)
+ {
+   if (!bfd_elf_s390_set_options (&link_info, &params))
+-    fatal (_("%P: can not init BFD: %E\n"));
++    fatal (_("%F%P: can not init BFD: %E\n"));
+ }
+ 
+ EOF
+diff --git a/ld/emultempl/scoreelf.em b/ld/emultempl/scoreelf.em
+index 6413f330..e420a7bd 100644
+--- a/ld/emultempl/scoreelf.em
++++ b/ld/emultempl/scoreelf.em
+@@ -62,7 +62,7 @@ score_elf_after_open (void)
+         These will only be created if the output format is an score format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      fatal (_("%P: error: cannot change output format "
++      fatal (_("%F%P: error: cannot change output format "
+               "whilst linking %s binaries\n"), "S+core");
+       return;
+     }
+diff --git a/ld/emultempl/spuelf.em b/ld/emultempl/spuelf.em
+index c694b828..800cca30 100644
+--- a/ld/emultempl/spuelf.em
++++ b/ld/emultempl/spuelf.em
+@@ -202,7 +202,7 @@ spu_elf_load_ovl_mgr (void)
+       /* User supplied __ovly_load.  */
+     }
+   else if (mgr_stream->start == mgr_stream->end)
+-    fatal (_("%P: no built-in overlay manager\n"));
++    fatal (_("%F%P: no built-in overlay manager\n"));
+   else
+     {
+       lang_input_statement_type *ovl_is;
+@@ -379,7 +379,7 @@ spu_elf_open_overlay_script (void)
+   if (script == NULL)
+     {
+     file_err:
+-      fatal (_("%P: can not open script: %E\n"));
++      fatal (_("%F%P: can not open script: %E\n"));
+     }
+   return script;
+ }
+@@ -719,7 +719,7 @@ PARSE_AND_LIST_ARGS_CASES='
+            if (*end == 0)
+              break;
+          }
+-       fatal (_("%P: invalid --local-store address range `%s'\''\n"), optarg);
++       fatal (_("%F%P: invalid --local-store address range `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -755,12 +755,12 @@ PARSE_AND_LIST_ARGS_CASES='
+       if (!num_lines_set)
+        params.num_lines = 32;
+       else if ((params.num_lines & -params.num_lines) != params.num_lines)
+-       fatal (_("%P: invalid --num-lines/--num-regions `%u'\''\n"),
++       fatal (_("%F%P: invalid --num-lines/--num-regions `%u'\''\n"),
+               params.num_lines);
+       if (!line_size_set)
+        params.line_size = 1024;
+       else if ((params.line_size & -params.line_size) != params.line_size)
+-       fatal (_("%P: invalid --line-size/--region-size `%u'\''\n"),
++       fatal (_("%F%P: invalid --line-size/--region-size `%u'\''\n"),
+               params.line_size);
+       break;
+ 
+@@ -781,7 +781,7 @@ PARSE_AND_LIST_ARGS_CASES='
+            && (params.ovly_flavour != ovly_soft_icache
+                || (params.num_lines & -params.num_lines) == params.num_lines))
+          break;
+-       fatal (_("%P: invalid --num-lines/--num-regions `%s'\''\n"), optarg);
++       fatal (_("%F%P: invalid --num-lines/--num-regions `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -794,7 +794,7 @@ PARSE_AND_LIST_ARGS_CASES='
+            && (params.ovly_flavour != ovly_soft_icache
+                || (params.line_size & -params.line_size) == params.line_size))
+          break;
+-       fatal (_("%P: invalid --line-size/--region-size `%s'\''\n"), optarg);
++       fatal (_("%F%P: invalid --line-size/--region-size `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -803,7 +803,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        char *end;
+        params.auto_overlay_fixed = strtoul (optarg, &end, 0);
+        if (*end != 0)
+-         fatal (_("%P: invalid --fixed-space value `%s'\''\n"), optarg);
++         fatal (_("%F%P: invalid --fixed-space value `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -812,7 +812,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        char *end;
+        params.auto_overlay_reserved = strtoul (optarg, &end, 0);
+        if (*end != 0)
+-         fatal (_("%P: invalid --reserved-space value `%s'\''\n"), optarg);
++         fatal (_("%F%P: invalid --reserved-space value `%s'\''\n"), optarg);
+       }
+       break;
+ 
+@@ -821,7 +821,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        char *end;
+        params.extra_stack_space = strtol (optarg, &end, 0);
+        if (*end != 0)
+-         fatal (_("%P: invalid --extra-stack-space value `%s'\''\n"), optarg);
++         fatal (_("%F%P: invalid --extra-stack-space value `%s'\''\n"), optarg);
+       }
+       break;
+ 
+diff --git a/ld/emultempl/tic6xdsbt.em b/ld/emultempl/tic6xdsbt.em
+index a830be7e..7d3b97cc 100644
+--- a/ld/emultempl/tic6xdsbt.em
++++ b/ld/emultempl/tic6xdsbt.em
+@@ -59,7 +59,7 @@ tic6x_after_open (void)
+   if (is_tic6x_target ())
+     {
+       if (params.dsbt_index >= params.dsbt_size)
+-       fatal (_("%P: invalid --dsbt-index %d, outside DSBT size\n"),
++       fatal (_("%F%P: invalid --dsbt-index %d, outside DSBT size\n"),
+               params.dsbt_index);
+       elf32_tic6x_setup (&link_info, &params);
+     }
+@@ -190,7 +190,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        if (*end == 0
+            && params.dsbt_index >= 0 && params.dsbt_index < 0x7fff)
+          break;
+-       fatal (_("%P: invalid --dsbt-index %s\n"), optarg);
++       fatal (_("%F%P: invalid --dsbt-index %s\n"), optarg);
+       }
+       break;
+     case OPTION_DSBT_SIZE:
+@@ -200,7 +200,7 @@ PARSE_AND_LIST_ARGS_CASES='
+        if (*end == 0
+            && params.dsbt_size >= 0 && params.dsbt_size < 0x7fff)
+          break;
+-       fatal (_("%P: invalid --dsbt-size %s\n"), optarg);
++       fatal (_("%F%P: invalid --dsbt-size %s\n"), optarg);
+       }
+       break;
+    case OPTION_NO_MERGE_EXIDX_ENTRIES:
+diff --git a/ld/emultempl/ticoff.em b/ld/emultempl/ticoff.em
+index bbf30f4a..5d0feede 100644
+--- a/ld/emultempl/ticoff.em
++++ b/ld/emultempl/ticoff.em
+@@ -88,7 +88,7 @@ gld${EMULATION_NAME}_handle_option (int optc)
+          lang_add_output_format (buf, NULL, NULL, 0);
+        }
+       else
+-       fatal (_("%P: invalid COFF format version %s\n"), optarg);
++       fatal (_("%F%P: invalid COFF format version %s\n"), optarg);
+       break;
+     }
+   return false;
+diff --git a/ld/emultempl/v850elf.em b/ld/emultempl/v850elf.em
+index 49ad2cc8..925e3994 100644
+--- a/ld/emultempl/v850elf.em
++++ b/ld/emultempl/v850elf.em
+@@ -63,7 +63,7 @@ v850_create_output_section_statements (void)
+         These will only be created if the output format is an arm format,
+         hence we do not support linking and changing output formats at the
+         same time.  Use a link followed by objcopy to change output formats.  */
+-      fatal (_("%P: error: cannot change output format"
++      fatal (_("%F%P: error: cannot change output format"
+               " whilst linking %s binaries\n"), "V850");
+       return;
+     }
+diff --git a/ld/emultempl/vms.em b/ld/emultempl/vms.em
+index 4ca2c942..1c7b426c 100644
+--- a/ld/emultempl/vms.em
++++ b/ld/emultempl/vms.em
+@@ -201,7 +201,7 @@ gld${EMULATION_NAME}_before_allocation (void)
+       && bed->elf_backend_size_dynamic_sections
+       && ! (*bed->elf_backend_size_dynamic_sections) (link_info.output_bfd,
+                                                      &link_info))
+-    fatal (_("%P: failed to set dynamic section sizes: %E\n"));
++    fatal (_("%F%P: failed to set dynamic section sizes: %E\n"));
+ 
+   before_allocation_default ();
+ }
+diff --git a/ld/emultempl/xtensaelf.em b/ld/emultempl/xtensaelf.em
+index 208f730d..751e7762 100644
+--- a/ld/emultempl/xtensaelf.em
++++ b/ld/emultempl/xtensaelf.em
+@@ -388,7 +388,7 @@ check_xtensa_info (bfd *abfd, asection *info_sec)
+ 
+   data = xmalloc (info_sec->size);
+   if (! bfd_get_section_contents (abfd, info_sec, data, 0, info_sec->size))
+-    fatal (_("%P: %pB: cannot read contents of section %pA\n"), abfd, info_sec);
++    fatal (_("%F%P: %pB: cannot read contents of section %pA\n"), abfd, info_sec);
+ 
+   if (info_sec->size > 24
+       && info_sec->size >= 24 + bfd_get_32 (abfd, data + 4)
+@@ -429,13 +429,13 @@ elf_xtensa_before_allocation (void)
+   if (is_big_endian
+       && link_info.output_bfd->xvec->byteorder == BFD_ENDIAN_LITTLE)
+     {
+-      fatal (_("%P: little endian output does not match "
++      fatal (_("%F%P: little endian output does not match "
+               "Xtensa configuration\n"));
+     }
+   if (!is_big_endian
+       && link_info.output_bfd->xvec->byteorder == BFD_ENDIAN_BIG)
+     {
+-      fatal (_("%P: big endian output does not match "
++      fatal (_("%F%P: big endian output does not match "
+               "Xtensa configuration\n"));
+     }
+ 
+@@ -454,7 +454,7 @@ elf_xtensa_before_allocation (void)
+         cannot go any further if there are any mismatches.  */
+       if ((is_big_endian && f->the_bfd->xvec->byteorder == BFD_ENDIAN_LITTLE)
+          || (!is_big_endian && f->the_bfd->xvec->byteorder == BFD_ENDIAN_BIG))
+-       fatal (_("%P: cross-endian linking for %pB not supported\n"),
++       fatal (_("%F%P: cross-endian linking for %pB not supported\n"),
+               f->the_bfd);
+ 
+       if (! first_bfd)
+@@ -485,7 +485,7 @@ elf_xtensa_before_allocation (void)
+       info_sec = bfd_make_section_with_flags (first_bfd, ".xtensa.info",
+                                              SEC_HAS_CONTENTS | SEC_READONLY);
+       if (! info_sec)
+-       fatal (_("%P: failed to create .xtensa.info section\n"));
++       fatal (_("%F%P: failed to create .xtensa.info section\n"));
+     }
+   if (info_sec)
+     {
+@@ -1224,7 +1224,7 @@ ld_build_required_section_dependence (lang_statement_union_type *s)
+       lang_statement_union_type *l = iter_stack_current (&stack);
+ 
+       if (l == NULL && link_info.non_contiguous_regions)
+-       fatal (_("%P: Relaxation not supported with "
++       fatal (_("%F%P: Relaxation not supported with "
+                 "--enable-non-contiguous-regions.\n"));
+ 
+       if (l->header.type == lang_input_section_enum)
+diff --git a/ld/emultempl/z80.em b/ld/emultempl/z80.em
+index 555f6024..06cfa72e 100644
+--- a/ld/emultempl/z80.em
++++ b/ld/emultempl/z80.em
+@@ -48,7 +48,7 @@ z80_after_open (void)
+       const bfd_arch_info_type *info;
+       info = bfd_arch_get_compatible (link_info.output_bfd, abfd, false);
+       if (info == NULL)
+-       fatal (_("%P: %pB: Instruction sets of object files incompatible\n"),
++       fatal (_("%F%P: %pB: Instruction sets of object files incompatible\n"),
+               abfd);
+       else
+         bfd_set_arch_info (link_info.output_bfd, info);
+diff --git a/ld/ldcref.c b/ld/ldcref.c
+index 572d4f4d..68dd2a5f 100644
+--- a/ld/ldcref.c
++++ b/ld/ldcref.c
+@@ -514,7 +514,7 @@ check_local_sym_xref (lang_input_statement_type *statement)
+     return;
+ 
+   if (!bfd_generic_link_read_symbols (abfd))
+-    fatal (_("%P: %pB: could not read symbols: %E\n"), abfd);
++    fatal (_("%F%P: %pB: could not read symbols: %E\n"), abfd);
+ 
+   for (syms = bfd_get_outsymbols (abfd); *syms; ++syms)
+     {
+@@ -625,7 +625,7 @@ check_refs (const char *name,
+      BFD might contain a prohibited cross reference.  */
+ 
+   if (!bfd_generic_link_read_symbols (abfd))
+-    fatal (_("%P: %pB: could not read symbols: %E\n"), abfd);
++    fatal (_("%F%P: %pB: could not read symbols: %E\n"), abfd);
+ 
+   info.sym_name = name;
+   info.global = global;
+@@ -687,14 +687,14 @@ check_reloc_refs (bfd *abfd, asection *sec, void *iarg)
+ 
+   relsize = bfd_get_reloc_upper_bound (abfd, sec);
+   if (relsize < 0)
+-    fatal (_("%P: %pB: could not read relocs: %E\n"), abfd);
++    fatal (_("%F%P: %pB: could not read relocs: %E\n"), abfd);
+   if (relsize == 0)
+     return;
+ 
+   relpp = (arelent **) xmalloc (relsize);
+   relcount = bfd_canonicalize_reloc (abfd, sec, relpp, info->asymbols);
+   if (relcount < 0)
+-    fatal (_("%P: %pB: could not read relocs: %E\n"), abfd);
++    fatal (_("%F%P: %pB: could not read relocs: %E\n"), abfd);
+ 
+   p = relpp;
+   pend = p + relcount;
+diff --git a/ld/ldelf.c b/ld/ldelf.c
+index fb95b7a9..d8c0817b 100644
+--- a/ld/ldelf.c
++++ b/ld/ldelf.c
+@@ -94,7 +94,7 @@ ldelf_after_parse (void)
+       else if (!link_info.maxpagesize_is_set)
+        link_info.maxpagesize = link_info.commonpagesize;
+       else
+-       fatal (_("%P: common page size (0x%v) > maximum page size (0x%v)\n"),
++       fatal (_("%F%P: common page size (0x%v) > maximum page size (0x%v)\n"),
+               link_info.commonpagesize, link_info.maxpagesize);
+     }
+ }
+@@ -120,7 +120,7 @@ ldelf_load_symbols (lang_input_statement_type *entry)
+ 
+   if (entry->flags.just_syms
+       && (bfd_get_file_flags (entry->the_bfd) & DYNAMIC) != 0)
+-    fatal (_("%P: %pB: --just-symbols may not be used on DSO\n"),
++    fatal (_("%F%P: %pB: --just-symbols may not be used on DSO\n"),
+           entry->the_bfd);
+ 
+   if (link_class == 0
+@@ -320,7 +320,7 @@ ldelf_try_needed (struct dt_needed *needed, int force, int is_linux)
+       struct bfd_link_needed_list *needs;
+ 
+       if (! bfd_elf_get_bfd_needed_list (abfd, &needs))
+-       fatal (_("%P: %pB: bfd_elf_get_bfd_needed_list failed: %E\n"), abfd);
++       fatal (_("%F%P: %pB: bfd_elf_get_bfd_needed_list failed: %E\n"), abfd);
+ 
+       if (needs != NULL)
+        {
+@@ -368,7 +368,7 @@ ldelf_try_needed (struct dt_needed *needed, int force, int is_linux)
+      can only check that using stat.  */
+ 
+   if (bfd_stat (abfd, &global_stat) != 0)
+-    fatal (_("%P: %pB: bfd_stat failed: %E\n"), abfd);
++    fatal (_("%F%P: %pB: bfd_stat failed: %E\n"), abfd);
+ 
+   /* First strip off everything before the last '/'.  */
+   soname = lbasename (bfd_get_filename (abfd));
+@@ -407,7 +407,7 @@ ldelf_try_needed (struct dt_needed *needed, int force, int is_linux)
+ 
+   /* Add this file into the symbol table.  */
+   if (! bfd_link_add_symbols (abfd, &link_info))
+-    fatal (_("%P: %pB: error adding symbols: %E\n"), abfd);
++    fatal (_("%F%P: %pB: error adding symbols: %E\n"), abfd);
+ 
+   return true;
+ }
+@@ -1205,7 +1205,7 @@ ldelf_handle_dt_needed (struct elf_link_hash_table *htab,
+          && elf_dt_name (abfd) != NULL)
+        {
+          if (bfd_elf_add_dt_needed_tag (abfd, &link_info) < 0)
+-           fatal (_("%P: failed to add DT_NEEDED dynamic tag\n"));
++           fatal (_("%F%P: failed to add DT_NEEDED dynamic tag\n"));
+        }
+ 
+   link_info.input_bfds_tail = save_input_bfd_tail;
+@@ -1256,7 +1256,7 @@ ldelf_after_open (int use_libpath, int native, int is_linux, int is_freebsd,
+                     bfd_get_target (link_info.output_bfd));
+ 
+       if (link_info.out_implib_bfd == NULL)
+-       fatal (_("%P: %s: can't open for writing: %E\n"),
++       fatal (_("%F%P: %s: can't open for writing: %E\n"),
+               command_line.out_implib_filename);
+     }
+ 
+@@ -1311,7 +1311,7 @@ ldelf_after_open (int use_libpath, int native, int is_linux, int is_freebsd,
+          && (elf_tdata (abfd)->elf_header->e_type == ET_EXEC
+              || (elf_tdata (abfd)->elf_header->e_type == ET_DYN
+                  && elf_tdata (abfd)->is_pie)))
+-       fatal (_("%P: cannot use executable file '%pB' as input to a link\n"),
++       fatal (_("%F%P: cannot use executable file '%pB' as input to a link\n"),
+               abfd);
+     }
+ 
+@@ -1365,7 +1365,7 @@ ldelf_after_open (int use_libpath, int native, int is_linux, int is_freebsd,
+                }
+              else if (seen_type != type)
+                {
+-                 fatal (_("%P: compact frame descriptions incompatible with"
++                 fatal (_("%F%P: compact frame descriptions incompatible with"
+                           " DWARF2 .eh_frame from %pB\n"),
+                         type == DWARF2_EH_HDR ? abfd : elfbfd);
+                  break;
+@@ -1407,7 +1407,7 @@ ldelf_after_open (int use_libpath, int native, int is_linux, int is_freebsd,
+ 
+   if (link_info.eh_frame_hdr_type == COMPACT_EH_HDR)
+     if (!bfd_elf_parse_eh_frame_entries (NULL, &link_info))
+-      fatal (_("%P: failed to parse EH frame entries\n"));
++      fatal (_("%F%P: failed to parse EH frame entries\n"));
+ 
+   ldelf_handle_dt_needed (htab, use_libpath, native, is_linux,
+                          is_freebsd, elfsize, prefix);
+@@ -1664,7 +1664,7 @@ ldelf_find_exp_assignment (etree_type *exp)
+                                               &link_info,
+                                               exp->assign.dst, provide,
+                                               exp->assign.hidden))
+-           fatal (_("%P: failed to record assignment to %s: %E\n"),
++           fatal (_("%F%P: failed to record assignment to %s: %E\n"),
+                   exp->assign.dst);
+        }
+       ldelf_find_exp_assignment (exp->assign.src);
+@@ -1844,7 +1844,7 @@ ldelf_before_allocation (char *audit, char *depaudit,
+          command_line.filter_shlib, audit, depaudit,
+          (const char * const *) command_line.auxiliary_filters,
+          &link_info, &sinterp)))
+-    fatal (_("%P: failed to set dynamic section sizes: %E\n"));
++    fatal (_("%F%P: failed to set dynamic section sizes: %E\n"));
+ 
+   if (sinterp != NULL)
+     {
+@@ -1881,8 +1881,8 @@ ldelf_before_allocation (char *audit, char *depaudit,
+        msg = (char *) xmalloc ((size_t) (sz + 1));
+        if (! bfd_get_section_contents (is->the_bfd, s, msg,
+                                        (file_ptr) 0, sz))
+-         fatal (_("%P: %pB: can't read contents of section %pA: %E\n"),
+-                is->the_bfd, s);
++         fatal (_("%F%P: %pB: can't read contents of section .gnu.warning: %E\n"),
++                is->the_bfd);
+        msg[sz] = '\0';
+        (*link_info.callbacks->warning) (&link_info, msg,
+                                         (const char *) NULL, is->the_bfd,
+@@ -1909,7 +1909,7 @@ ldelf_before_allocation (char *audit, char *depaudit,
+   before_allocation_default ();
+ 
+   if (!bfd_elf_size_dynsym_hash_dynstr (link_info.output_bfd, &link_info))
+-    fatal (_("%P: failed to set dynamic section sizes: %E\n"));
++    fatal (_("%F%P: failed to set dynamic section sizes: %E\n"));
+ 
+   if (ehdr_start != NULL)
+     {
+diff --git a/ld/ldelfgen.c b/ld/ldelfgen.c
+index 1b1e49ce..cceefc6d 100644
+--- a/ld/ldelfgen.c
++++ b/ld/ldelfgen.c
+@@ -282,7 +282,7 @@ ldelf_map_segments (bool need_layout)
+                  if (os_info->ordered != os_info->count
+                      && bfd_link_relocatable (&link_info))
+                    {
+-                     fatal (_("%P: "
++                     fatal (_("%F%P: "
+                               "%pA has both ordered and unordered sections\n"),
+                             os->bfd_section);
+                      return;
+@@ -307,7 +307,7 @@ ldelf_map_segments (bool need_layout)
+          if (!_bfd_elf_map_sections_to_segments (link_info.output_bfd,
+                                                  &link_info,
+                                                  &need_layout))
+-           fatal (_("%P: map sections to segments failed: %E\n"));
++           fatal (_("%F%P: map sections to segments failed: %E\n"));
+ 
+          if (phdr_size != elf_program_header_size (link_info.output_bfd))
+            {
+@@ -327,7 +327,7 @@ ldelf_map_segments (bool need_layout)
+   while (need_layout && --tries);
+ 
+   if (tries == 0)
+-    fatal (_("%P: looping in map_segments\n"));
++    fatal (_("%F%P: looping in map_segments\n"));
+ 
+   if (bfd_get_flavour (link_info.output_bfd) == bfd_target_elf_flavour
+       && lang_phdr_list == NULL)
+@@ -338,7 +338,7 @@ ldelf_map_segments (bool need_layout)
+        = get_elf_backend_data (link_info.output_bfd);
+       if (bed->elf_backend_strip_zero_sized_dynamic_sections
+          && !bed->elf_backend_strip_zero_sized_dynamic_sections (&link_info))
+-       fatal (_("%P: failed to strip zero-sized dynamic sections\n"));
++         fatal (_("%F%P: failed to strip zero-sized dynamic sections\n"));
+     }
+ }
+ 
+@@ -416,7 +416,7 @@ ldelf_acquire_strings_for_ctf
+     {
+       if (ctf_link_add_strtab (ctf_output, ldelf_ctf_strtab_iter_cb,
+                               &args) < 0)
+-       fatal (_("%P: warning: CTF strtab association failed; strings will "
++       fatal (_("%F%P: warning: CTF strtab association failed; strings will "
+                 "not be shared: %s\n"),
+               ctf_errmsg (ctf_errno (ctf_output)));
+     }
+@@ -443,7 +443,7 @@ ldelf_new_dynsym_for_ctf (struct ctf_dict *ctf_output, int symidx,
+       lsym.st_value = sym->st_value;
+       if (ctf_link_add_linker_symbol (ctf_output, &lsym) < 0)
+        {
+-         fatal (_("%P: warning: CTF symbol addition failed; CTF will "
++         fatal (_("%F%P: warning: CTF symbol addition failed; CTF will "
+                   "not be tied to symbols: %s\n"),
+                 ctf_errmsg (ctf_errno (ctf_output)));
+        }
+@@ -453,7 +453,7 @@ ldelf_new_dynsym_for_ctf (struct ctf_dict *ctf_output, int symidx,
+       /* Shuffle all the symbols.  */
+ 
+       if (ctf_link_shuffle_syms (ctf_output) < 0)
+-       fatal (_("%P: warning: CTF symbol shuffling failed; CTF will "
++       fatal (_("%F%P: warning: CTF symbol shuffling failed; CTF will "
+                 "not be tied to symbols: %s\n"),
+               ctf_errmsg (ctf_errno (ctf_output)));
+     }
+diff --git a/ld/ldexp.c b/ld/ldexp.c
+index 45dffbc6..86f82a09 100644
+--- a/ld/ldexp.c
++++ b/ld/ldexp.c
+@@ -282,7 +282,7 @@ definedness_newfunc (struct bfd_hash_entry *entry,
+       bfd_hash_allocate (table, sizeof (struct definedness_hash_entry));
+ 
+   if (ret == NULL)
+-    fatal (_("%P: bfd_hash_allocate failed creating symbol %s\n"), name);
++    fatal (_("%F%P: bfd_hash_allocate failed creating symbol %s\n"), name);
+ 
+   ret->by_object = 0;
+   ret->iteration = 0;
+@@ -313,7 +313,7 @@ update_definedness (const char *name, struct bfd_link_hash_entry *h)
+     bfd_hash_lookup (&definedness_table, name, true, false);
+ 
+   if (defentry == NULL)
+-    fatal (_("%P: bfd_hash_lookup failed creating symbol %s\n"), name);
++    fatal (_("%F%P: bfd_hash_lookup failed creating symbol %s\n"), name);
+ 
+   /* If the symbol was already defined, and not by a script, then it
+      must be defined by an object file or by the linker target code.  */
+@@ -638,7 +638,7 @@ fold_binary (etree_type *tree)
+            expld.result.value = ((bfd_signed_vma) lhs.value
+                                  % (bfd_signed_vma) expld.result.value);
+          else if (expld.phase != lang_mark_phase_enum)
+-           fatal (_("%P:%pS %% by zero\n"), tree->binary.rhs);
++           fatal (_("%F%P:%pS %% by zero\n"), tree->binary.rhs);
+          arith_result_section (&lhs);
+          break;
+ 
+@@ -647,7 +647,7 @@ fold_binary (etree_type *tree)
+            expld.result.value = ((bfd_signed_vma) lhs.value
+                                  / (bfd_signed_vma) expld.result.value);
+          else if (expld.phase != lang_mark_phase_enum)
+-           fatal (_("%P:%pS / by zero\n"), tree->binary.rhs);
++           fatal (_("%F%P:%pS / by zero\n"), tree->binary.rhs);
+          arith_result_section (&lhs);
+          break;
+ 
+@@ -761,7 +761,7 @@ fold_name (etree_type *tree)
+          if (!h)
+            {
+              if (expld.phase != lang_first_phase_enum)
+-               fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
++               fatal (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
+            }
+          else if (h->type == bfd_link_hash_defined
+                   || h->type == bfd_link_hash_defweak)
+@@ -789,7 +789,7 @@ fold_name (etree_type *tree)
+          else if (expld.phase == lang_final_phase_enum
+                   || (expld.phase != lang_mark_phase_enum
+                       && expld.assigning_to_dot))
+-           fatal (_("%P:%pS: undefined symbol `%s'"
++           fatal (_("%F%P:%pS: undefined symbol `%s'"
+                     " referenced in expression\n"),
+                   tree, tree->name.name);
+          else if (h->type == bfd_link_hash_new)
+@@ -827,7 +827,7 @@ fold_name (etree_type *tree)
+          if (os == NULL)
+            {
+              if (expld.phase == lang_final_phase_enum)
+-               fatal (_("%P:%pS: undefined section `%s'"
++               fatal (_("%F%P:%pS: undefined section `%s'"
+                         " referenced in expression\n"),
+                       tree, tree->name.name);
+            }
+@@ -845,7 +845,7 @@ fold_name (etree_type *tree)
+          if (os == NULL)
+            {
+              if (expld.phase == lang_final_phase_enum)
+-               fatal (_("%P:%pS: undefined section `%s'"
++               fatal (_("%F%P:%pS: undefined section `%s'"
+                         " referenced in expression\n"),
+                       tree, tree->name.name);
+            }
+@@ -873,7 +873,7 @@ fold_name (etree_type *tree)
+          if (os == NULL)
+            {
+              if (expld.phase == lang_final_phase_enum)
+-               fatal (_("%P:%pS: undefined section `%s'"
++               fatal (_("%F%P:%pS: undefined section `%s'"
+                         " referenced in expression\n"),
+                       tree, tree->name.name);
+              new_number (0);
+@@ -912,7 +912,7 @@ fold_name (etree_type *tree)
+        if (mem != NULL)
+          new_number (mem->length);
+        else
+-         fatal (_("%P:%pS: undefined MEMORY region `%s'"
++         fatal (_("%F%P:%pS: undefined MEMORY region `%s'"
+                   " referenced in expression\n"),
+                 tree, tree->name.name);
+       }
+@@ -926,7 +926,7 @@ fold_name (etree_type *tree)
+        if (mem != NULL)
+          new_rel_from_abs (mem->origin);
+        else
+-         fatal (_("%P:%pS: undefined MEMORY region `%s'"
++         fatal (_("%F%P:%pS: undefined MEMORY region `%s'"
+                   " referenced in expression\n"),
+                 tree, tree->name.name);
+       }
+@@ -938,7 +938,7 @@ fold_name (etree_type *tree)
+       else if (strcmp (tree->name.name, "COMMONPAGESIZE") == 0)
+        new_number (link_info.commonpagesize);
+       else
+-       fatal (_("%P:%pS: unknown constant `%s' referenced in expression\n"),
++       fatal (_("%F%P:%pS: unknown constant `%s' referenced in expression\n"),
+               tree, tree->name.name);
+       break;
+ 
+@@ -1086,7 +1086,7 @@ exp_fold_tree_1 (etree_type *tree)
+       if (tree->assign.dst[0] == '.' && tree->assign.dst[1] == 0)
+        {
+          if (tree->type.node_class != etree_assign)
+-           fatal (_("%P:%pS can not PROVIDE assignment to"
++           fatal (_("%F%P:%pS can not PROVIDE assignment to"
+                     " location counter\n"), tree);
+          if (expld.phase != lang_first_phase_enum)
+            {
+@@ -1119,11 +1119,11 @@ exp_fold_tree_1 (etree_type *tree)
+                  || expld.section == bfd_und_section_ptr)
+                {
+                  if (expld.phase != lang_mark_phase_enum)
+-                   fatal (_("%P:%pS invalid assignment to"
++                   fatal (_("%F%P:%pS invalid assignment to"
+                             " location counter\n"), tree);
+                }
+              else if (expld.dotp == NULL)
+-               fatal (_("%P:%pS assignment to location counter"
++               fatal (_("%F%P:%pS assignment to location counter"
+                         " invalid outside of SECTIONS\n"), tree);
+ 
+              /* After allocation, assignment to dot should not be
+@@ -1142,7 +1142,7 @@ exp_fold_tree_1 (etree_type *tree)
+                    nextdot += expld.section->vma;
+                  if (nextdot < expld.dot
+                      && expld.section != bfd_abs_section_ptr)
+-                   fatal (_("%P:%pS cannot move location counter backwards"
++                   fatal (_("%F%P:%pS cannot move location counter backwards"
+                             " (from %V to %V)\n"),
+                           tree, expld.dot, nextdot);
+                  else
+@@ -1202,7 +1202,7 @@ exp_fold_tree_1 (etree_type *tree)
+                  h = bfd_link_hash_lookup (link_info.hash, tree->assign.dst,
+                                            true, false, true);
+                  if (h == NULL)
+-                   fatal (_("%P:%s: hash creation failed\n"),
++                   fatal (_("%F%P:%s: hash creation failed\n"),
+                           tree->assign.dst);
+                }
+ 
+@@ -1578,7 +1578,7 @@ exp_get_vma (etree_type *tree, lang_output_section_statement_type *os,
+       if (expld.result.valid_p)
+        return expld.result.value;
+       else if (name != NULL && expld.phase != lang_mark_phase_enum)
+-       fatal (_("%P:%pS: nonconstant expression for %s\n"),
++       fatal (_("%F%P:%pS: nonconstant expression for %s\n"),
+               tree, name);
+     }
+   return def;
+@@ -1621,7 +1621,7 @@ exp_get_fill (etree_type *tree, fill_type *def, char *name)
+   if (!expld.result.valid_p)
+     {
+       if (name != NULL && expld.phase != lang_mark_phase_enum)
+-       fatal (_("%P:%pS: nonconstant expression for %s\n"),
++       fatal (_("%F%P:%pS: nonconstant expression for %s\n"),
+               tree, name);
+       return def;
+     }
+@@ -1681,7 +1681,7 @@ exp_get_abs_int (etree_type *tree, int def, char *name)
+        }
+       else if (name != NULL && expld.phase != lang_mark_phase_enum)
+        {
+-         fatal (_("%P:%pS: nonconstant expression for %s\n"),
++         fatal (_("%F%P:%pS: nonconstant expression for %s\n"),
+                 tree, name);
+        }
+     }
+@@ -1707,7 +1707,7 @@ ldexp_init (void)
+                              definedness_newfunc,
+                              sizeof (struct definedness_hash_entry),
+                              13))
+-    fatal (_("%P: can not create hash table: %E\n"));
++    fatal (_("%F%P: can not create hash table: %E\n"));
+ }
+ 
+ /* Convert absolute symbols defined by a script from "dot" (also
+diff --git a/ld/ldfile.c b/ld/ldfile.c
+index ddab0d37..040a8886 100644
+--- a/ld/ldfile.c
++++ b/ld/ldfile.c
+@@ -183,7 +183,7 @@ ldfile_add_remap_file (const char * file)
+ 
+       if (*p == '\0')
+        {
+-         fatal ("%P: malformed remap file entry: %s\n", line);
++         fatal ("%F%P: malformed remap file entry: %s\n", line);
+          continue;
+        }
+ 
+@@ -195,7 +195,7 @@ ldfile_add_remap_file (const char * file)
+ 
+       if (*p == '\0')
+        {
+-         fatal ("%P: malformed remap file entry: %s\n", line);
++         fatal ("%F%P: malformed remap file entry: %s\n", line);
+          continue;
+        }
+ 
+@@ -365,7 +365,7 @@ ldfile_try_open_bfd (const char *attempt,
+   if (entry->the_bfd == NULL)
+     {
+       if (bfd_get_error () == bfd_error_invalid_target)
+-       fatal (_("%P: invalid BFD target `%s'\n"), entry->target);
++       fatal (_("%F%P: invalid BFD target `%s'\n"), entry->target);
+       return false;
+     }
+ 
+@@ -508,7 +508,7 @@ ldfile_try_open_bfd (const char *attempt,
+ 
+          if (!entry->flags.dynamic && (entry->the_bfd->flags & DYNAMIC) != 0)
+            {
+-             fatal (_("%P: attempted static link of dynamic object `%s'\n"),
++             fatal (_("%F%P: attempted static link of dynamic object `%s'\n"),
+                     attempt);
+              bfd_close (entry->the_bfd);
+              entry->the_bfd = NULL;
+@@ -919,7 +919,7 @@ ldfile_open_command_file_1 (const char *name, enum script_open_style open_how)
+       if ((open_how != script_nonT || script->open_how != script_nonT)
+          && strcmp (name, script->name) == 0)
+        {
+-         fatal (_("%P: error: linker script file '%s'"
++         fatal (_("%F%P: error: linker script file '%s'"
+                   " appears multiple times\n"), name);
+          return;
+        }
+@@ -941,7 +941,7 @@ ldfile_open_command_file_1 (const char *name, enum script_open_style open_how)
+   if (ldlex_input_stack == NULL)
+     {
+       bfd_set_error (bfd_error_system_call);
+-      fatal (_("%P: cannot open linker script file %s: %E\n"), name);
++      fatal (_("%F%P: cannot open linker script file %s: %E\n"), name);
+       return;
+     }
+ 
+@@ -1012,5 +1012,5 @@ ldfile_set_output_arch (const char *string, enum bfd_architecture defarch)
+   else if (defarch != bfd_arch_unknown)
+     ldfile_output_architecture = defarch;
+   else
+-    fatal (_("%P: cannot represent machine `%s'\n"), string);
++    fatal (_("%F%P: cannot represent machine `%s'\n"), string);
+ }
+diff --git a/ld/ldgram.y b/ld/ldgram.y
+index c2f1e298..81bb8fd8 100644
+--- a/ld/ldgram.y
++++ b/ld/ldgram.y
+@@ -209,7 +209,7 @@ mri_script_command:
+                CHIP  exp
+        |       CHIP  exp ',' exp
+        |       NAME    {
+-                       fatal (_("%P: unrecognised keyword in MRI style script '%s'\n"), $1);
++                       fatal(_("%F%P: unrecognised keyword in MRI style script '%s'\n"),$1);
+                        }
+        |       LIST    {
+                        config.map_filename = "-";
+@@ -1547,7 +1547,7 @@ yyerror (const char *arg)
+     einfo (_("%P:%s: file format not recognized; treating as linker script\n"),
+           ldlex_filename ());
+   if (error_index > 0 && error_index < ERROR_NAME_MAX)
+-    fatal (_("%P:%pS: %s in %s\n"), NULL, arg, error_names[error_index - 1]);
++    fatal (_("%F%P:%pS: %s in %s\n"), NULL, arg, error_names[error_index - 1]);
+   else
+-    fatal ("%P:%pS: %s\n", NULL, arg);
++    fatal ("%F%P:%pS: %s\n", NULL, arg);
+ }
+diff --git a/ld/ldlang.c b/ld/ldlang.c
+index 9bf5fcbe..57d9a777 100644
+--- a/ld/ldlang.c
++++ b/ld/ldlang.c
+@@ -1325,7 +1325,7 @@ output_section_statement_table_init (void)
+                              output_section_statement_newfunc,
+                              sizeof (struct out_section_hash_entry),
+                              61))
+-    fatal (_("%P: can not create hash table: %E\n"));
++    fatal (_("%F%P: can not create hash table: %E\n"));
+ }
+ 
+ static void
+@@ -1453,7 +1453,7 @@ lang_memory_region_alias (const char *alias, const char *region_name)
+      the default memory region.  */
+   if (strcmp (region_name, DEFAULT_MEMORY_REGION) == 0
+       || strcmp (alias, DEFAULT_MEMORY_REGION) == 0)
+-    fatal (_("%P:%pS: error: alias for default memory region\n"), NULL);
++    fatal (_("%F%P:%pS: error: alias for default memory region\n"), NULL);
+ 
+   /* Look for the target region and check if the alias is not already
+      in use.  */
+@@ -1464,14 +1464,14 @@ lang_memory_region_alias (const char *alias, const char *region_name)
+        if (region == NULL && strcmp (n->name, region_name) == 0)
+          region = r;
+        if (strcmp (n->name, alias) == 0)
+-         fatal (_("%P:%pS: error: redefinition of memory region "
++         fatal (_("%F%P:%pS: error: redefinition of memory region "
+                   "alias `%s'\n"),
+                 NULL, alias);
+       }
+ 
+   /* Check if the target region exists.  */
+   if (region == NULL)
+-    fatal (_("%P:%pS: error: memory region `%s' "
++    fatal (_("%F%P:%pS: error: memory region `%s' "
+             "for alias `%s' does not exist\n"),
+           NULL, region_name, alias);
+ 
+@@ -1532,7 +1532,7 @@ lang_output_section_statement_lookup (const char *name,
+   if (entry == NULL)
+     {
+       if (create)
+-       fatal (_("%P: failed creating section `%s': %E\n"), name);
++       fatal (_("%F%P: failed creating section `%s': %E\n"), name);
+       return NULL;
+     }
+ 
+@@ -2426,7 +2426,7 @@ static void
+ init_os (lang_output_section_statement_type *s, flagword flags)
+ {
+   if (strcmp (s->name, DISCARD_SECTION_NAME) == 0)
+-    fatal (_("%P: illegal use of `%s' section\n"), DISCARD_SECTION_NAME);
++    fatal (_("%F%P: illegal use of `%s' section\n"), DISCARD_SECTION_NAME);
+ 
+   if (!s->dup_output)
+     s->bfd_section = bfd_get_section_by_name (link_info.output_bfd, s->name);
+@@ -2435,7 +2435,7 @@ init_os (lang_output_section_statement_type *s, flagword flags)
+                                                         s->name, flags);
+   if (s->bfd_section == NULL)
+     {
+-      fatal (_("%P: output format %s cannot represent section"
++      fatal (_("%F%P: output format %s cannot represent section"
+               " called %s: %E\n"),
+             link_info.output_bfd->xvec->name, s->name);
+     }
+@@ -3027,7 +3027,7 @@ load_symbols (lang_input_statement_type *entry,
+        }
+       else if (err != bfd_error_file_not_recognized
+               || place == NULL)
+-       fatal (_("%P: %pB: file not recognized: %E\n"), entry->the_bfd);
++       fatal (_("%F%P: %pB: file not recognized: %E\n"), entry->the_bfd);
+ 
+       bfd_close (entry->the_bfd);
+       entry->the_bfd = NULL;
+@@ -3100,7 +3100,7 @@ load_symbols (lang_input_statement_type *entry,
+ 
+              if (!bfd_check_format (member, bfd_object))
+                {
+-                 fatal (_("%P: %pB: member %pB in archive is not an object\n"),
++                 fatal (_("%F%P: %pB: member %pB in archive is not an object\n"),
+                         entry->the_bfd, member);
+                  loaded = false;
+                }
+@@ -3115,7 +3115,7 @@ load_symbols (lang_input_statement_type *entry,
+                 substitute BFD for us.  */
+              if (!bfd_link_add_symbols (subsbfd, &link_info))
+                {
+-                 fatal (_("%P: %pB: error adding symbols: %E\n"), member);
++                 fatal (_("%F%P: %pB: error adding symbols: %E\n"), member);
+                  loaded = false;
+                }
+            }
+@@ -3129,7 +3129,7 @@ load_symbols (lang_input_statement_type *entry,
+   if (bfd_link_add_symbols (entry->the_bfd, &link_info))
+     entry->flags.loaded = true;
+   else
+-    fatal (_("%P: %pB: error adding symbols: %E\n"), entry->the_bfd);
++    fatal (_("%F%P: %pB: error adding symbols: %E\n"), entry->the_bfd);
+ 
+   return entry->flags.loaded;
+ }
+@@ -3370,7 +3370,7 @@ open_output (const char *name)
+       {
+        char *in = lrealpath (f->local_sym_name);
+        if (filename_cmp (in, out) == 0)
+-         fatal (_("%P: input file '%s' is the same as output file\n"),
++         fatal (_("%F%P: input file '%s' is the same as output file\n"),
+                 f->filename);
+        free (in);
+       }
+@@ -3432,23 +3432,23 @@ open_output (const char *name)
+   if (link_info.output_bfd == NULL)
+     {
+       if (bfd_get_error () == bfd_error_invalid_target)
+-       fatal (_("%P: target %s not found\n"), output_target);
++       fatal (_("%F%P: target %s not found\n"), output_target);
+ 
+-      fatal (_("%P: cannot open output file %s: %E\n"), name);
++      fatal (_("%F%P: cannot open output file %s: %E\n"), name);
+     }
+ 
+   delete_output_file_on_failure = true;
+ 
+   if (!bfd_set_format (link_info.output_bfd, bfd_object))
+-    fatal (_("%P: %s: can not make object file: %E\n"), name);
++    fatal (_("%F%P: %s: can not make object file: %E\n"), name);
+   if (!bfd_set_arch_mach (link_info.output_bfd,
+                          ldfile_output_architecture,
+                          ldfile_output_machine))
+-    fatal (_("%P: %s: can not set architecture: %E\n"), name);
++    fatal (_("%F%P: %s: can not set architecture: %E\n"), name);
+ 
+   link_info.hash = bfd_link_hash_table_create (link_info.output_bfd);
+   if (link_info.hash == NULL)
+-    fatal (_("%P: can not create hash table: %E\n"));
++    fatal (_("%F%P: can not create hash table: %E\n"));
+ 
+   bfd_set_gp_size (link_info.output_bfd, g_switch_value);
+ }
+@@ -3973,7 +3973,7 @@ insert_undefined (const char *name)
+ 
+   h = bfd_link_hash_lookup (link_info.hash, name, true, false, true);
+   if (h == NULL)
+-    fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
++    fatal (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
+   if (h->type == bfd_link_hash_new)
+     {
+       h->type = bfd_link_hash_undefined;
+@@ -4259,7 +4259,7 @@ map_input_to_output_sections
+                  else if (strcmp (name, "SHT_PREINIT_ARRAY") == 0)
+                    type = SHT_PREINIT_ARRAY;
+                  else
+-                   fatal (_ ("%P: invalid type for output section `%s'\n"),
++                   fatal (_ ("%F%P: invalid type for output section `%s'\n"),
+                           os->name);
+                }
+             else
+@@ -4268,7 +4268,7 @@ map_input_to_output_sections
+                 if (expld.result.valid_p)
+                   type = expld.result.value;
+                 else
+-                  fatal (_ ("%P: invalid type for output section `%s'\n"),
++                  fatal (_ ("%F%P: invalid type for output section `%s'\n"),
+                          os->name);
+               }
+              break;
+@@ -4417,7 +4417,7 @@ process_insert_statements (lang_statement_union_type **start)
+            }
+          if (where == NULL)
+            {
+-             fatal (_("%P: %s not found for insert\n"), i->where);
++             fatal (_("%F%P: %s not found for insert\n"), i->where);
+              return;
+            }
+ 
+@@ -5499,12 +5499,12 @@ size_input_section
+              if (dot + TO_ADDR (i->size) > end)
+                {
+                  if (i->flags & SEC_LINKER_CREATED)
+-                   fatal (_("%P: Output section `%pA' not large enough for "
++                   fatal (_("%F%P: Output section `%pA' not large enough for "
+                             "the linker-created stubs section `%pA'.\n"),
+                           i->output_section, i);
+ 
+                  if (i->rawsize && i->rawsize != i->size)
+-                   fatal (_("%P: Relaxation not supported with "
++                   fatal (_("%F%P: Relaxation not supported with "
+                             "--enable-non-contiguous-regions (section `%pA' "
+                             "would overflow `%pA' after it changed size).\n"),
+                           i, i->output_section);
+@@ -5860,7 +5860,7 @@ lang_size_sections_1
+                      dot += expld.result.section->vma;
+                  }
+                else if (expld.phase != lang_mark_phase_enum)
+-                 fatal (_("%P:%pS: non constant or forward reference"
++                 fatal (_("%F%P:%pS: non constant or forward reference"
+                           " address expression for section %s\n"),
+                         os->addr_tree, os->name);
+              }
+@@ -5943,7 +5943,7 @@ lang_size_sections_1
+                           overridden by the using the --no-check-sections
+                           switch.  */
+                        if (command_line.check_section_addresses)
+-                         fatal (_("%P: error: no memory region specified"
++                         fatal (_("%F%P: error: no memory region specified"
+                                   " for loadable section `%s'\n"),
+                                 bfd_section_name (os->bfd_section));
+                        else
+@@ -6250,7 +6250,7 @@ lang_size_sections_1
+                bool again;
+ 
+                if (!bfd_relax_section (i->owner, i, &link_info, &again))
+-                 fatal (_("%P: can't relax section: %E\n"));
++                 fatal (_("%F%P: can't relax section: %E\n"));
+                if (again)
+                  *relax = true;
+              }
+@@ -6659,7 +6659,7 @@ lang_do_assignments_1 (lang_statement_union_type *s,
+                s->data_statement.value += expld.result.section->vma;
+            }
+          else if (expld.phase == lang_final_phase_enum)
+-           fatal (_("%P: invalid data statement\n"));
++           fatal (_("%F%P: invalid data statement\n"));
+          {
+            unsigned int size;
+            switch (s->data_statement.type)
+@@ -6692,7 +6692,7 @@ lang_do_assignments_1 (lang_statement_union_type *s,
+          if (expld.result.valid_p)
+            s->reloc_statement.addend_value = expld.result.value;
+          else if (expld.phase == lang_final_phase_enum)
+-           fatal (_("%P: invalid reloc statement\n"));
++           fatal (_("%F%P: invalid reloc statement\n"));
+          dot += TO_ADDR (bfd_get_reloc_size (s->reloc_statement.howto));
+          break;
+ 
+@@ -7110,7 +7110,7 @@ lang_end (void)
+            break;
+        }
+       if (!sym)
+-       fatal (_("%P: --gc-sections requires a defined symbol root "
++       fatal (_("%F%P: --gc-sections requires a defined symbol root "
+                 "specified by -e or -u\n"));
+     }
+ 
+@@ -7135,7 +7135,7 @@ lang_end (void)
+             + bfd_section_vma (h->u.def.section->output_section)
+             + h->u.def.section->output_offset);
+       if (!bfd_set_start_address (link_info.output_bfd, val))
+-       fatal (_("%P: %s: can't set start address\n"), entry_symbol.name);
++       fatal (_("%F%P: %s: can't set start address\n"), entry_symbol.name);
+     }
+   else
+     {
+@@ -7148,7 +7148,7 @@ lang_end (void)
+       if (*send == '\0')
+        {
+          if (!bfd_set_start_address (link_info.output_bfd, val))
+-           fatal (_("%P: can't set start address\n"));
++           fatal (_("%F%P: can't set start address\n"));
+        }
+       /* BZ 2004952: Only use the start of the entry section for executables.  */
+       else if bfd_link_executable (&link_info)
+@@ -7167,7 +7167,7 @@ lang_end (void)
+                       bfd_section_vma (ts));
+              if (!bfd_set_start_address (link_info.output_bfd,
+                                          bfd_section_vma (ts)))
+-               fatal (_("%P: can't set start address\n"));
++               fatal (_("%F%P: can't set start address\n"));
+            }
+          else
+            {
+@@ -7236,7 +7236,7 @@ lang_check (void)
+                  != bfd_get_flavour (link_info.output_bfd)))
+          && (bfd_get_file_flags (input_bfd) & HAS_RELOC) != 0)
+        {
+-         fatal (_("%P: relocatable linking with relocations from"
++         fatal (_("%F%P: relocatable linking with relocations from"
+                   " format %s (%pB) to format %s (%pB) is not supported\n"),
+                 bfd_get_target (input_bfd), input_bfd,
+                 bfd_get_target (link_info.output_bfd), link_info.output_bfd);
+@@ -7340,7 +7340,7 @@ lang_one_common (struct bfd_link_hash_entry *h, void *info)
+ 
+   section = h->u.c.p->section;
+   if (!bfd_define_common_symbol (link_info.output_bfd, &link_info, h))
+-    fatal (_("%P: could not define common symbol `%pT': %E\n"),
++    fatal (_("%F%P: could not define common symbol `%pT': %E\n"),
+           h->root.string);
+ 
+   if (config.map_file != NULL)
+@@ -7518,7 +7518,7 @@ lang_set_flags (lang_memory_region_type *ptr, const char *flags, int invert)
+          break;
+ 
+        default:
+-         fatal (_("%P: invalid character %c (%d) in flags\n"),
++         fatal (_("%F%P: invalid character %c (%d) in flags\n"),
+                 *flags, *flags);
+          break;
+        }
+@@ -7630,7 +7630,7 @@ lang_enter_output_section_statement (const char *output_section_statement_name,
+ 
+   os->align_lma_with_input = align_with_input == ALIGN_WITH_INPUT;
+   if (os->align_lma_with_input && align != NULL)
+-    fatal (_("%P:%pS: error: align with input and explicit align specified\n"),
++    fatal (_("%F%P:%pS: error: align with input and explicit align specified\n"),
+           NULL);
+ 
+   os->subsection_alignment = subalign;
+@@ -8142,7 +8142,7 @@ lang_process (void)
+   lang_place_undefineds ();
+ 
+   if (!bfd_section_already_linked_table_init ())
+-    fatal (_("%P: can not create hash table: %E\n"));
++    fatal (_("%F%P: can not create hash table: %E\n"));
+ 
+   /* A first pass through the memory regions ensures that if any region
+      references a symbol for its origin or length then this symbol will be
+@@ -8180,7 +8180,7 @@ lang_process (void)
+       files = file_chain;
+       inputfiles = input_file_chain;
+       if (plugin_call_all_symbols_read ())
+-       fatal (_("%P: %s: plugin reported error after all symbols read\n"),
++       fatal (_("%F%P: %s: plugin reported error after all symbols read\n"),
+               plugin_error_plugin ());
+       link_info.lto_all_symbols_read = true;
+       /* Open any newly added files, updating the file chains.  */
+@@ -8757,7 +8757,7 @@ void
+ lang_startup (const char *name)
+ {
+   if (first_file->filename != NULL)
+-    fatal (_("%P: multiple STARTUP files\n"));
++    fatal (_("%F%P: multiple STARTUP files\n"));
+   first_file->filename = name;
+   first_file->local_sym_name = name;
+   first_file->flags.real = true;
+@@ -8981,7 +8981,7 @@ lang_record_phdrs (void)
+                        break;
+                      }
+                  if (last == NULL)
+-                   fatal (_("%P: no sections assigned to phdrs\n"));
++                   fatal (_("%F%P: no sections assigned to phdrs\n"));
+                }
+              pl = last;
+            }
+@@ -9019,7 +9019,7 @@ lang_record_phdrs (void)
+       if (!bfd_record_phdr (link_info.output_bfd, l->type,
+                            l->flags != NULL, flags, l->at != NULL,
+                            at, l->filehdr, l->phdrs, c, secs))
+-       fatal (_("%P: bfd_record_phdr failed: %E\n"));
++       fatal (_("%F%P: bfd_record_phdr failed: %E\n"));
+     }
+ 
+   free (secs);
+diff --git a/ld/ldlex.l b/ld/ldlex.l
+index 7cbade08..0a7d63e6 100644
+--- a/ld/ldlex.l
++++ b/ld/ldlex.l
+@@ -504,7 +504,7 @@ void
+ lex_push_file (FILE *file, const char *name, unsigned int sysrooted)
+ {
+   if (include_stack_ptr >= MAX_INCLUDE_DEPTH)
+-    fatal (_("%P: includes nested too deeply\n"));
++    fatal (_("%F:includes nested too deeply\n"));
+   file_name_stack[include_stack_ptr] = name;
+   lineno_stack[include_stack_ptr] = lineno;
+   sysrooted_stack[include_stack_ptr] = input_flags.sysrooted;
+@@ -566,7 +566,7 @@ lex_redirect (const char *string, const char *fake_filename, unsigned int count)
+ 
+   yy_init = 0;
+   if (include_stack_ptr >= MAX_INCLUDE_DEPTH)
+-    fatal (_("%P: macros nested too deeply\n"));
++    fatal (_("%F: macros nested too deeply\n"));
+   file_name_stack[include_stack_ptr] = fake_filename;
+   lineno_stack[include_stack_ptr] = lineno;
+   include_stack[include_stack_ptr] = YY_CURRENT_BUFFER;
+@@ -670,7 +670,7 @@ yy_input (char *buf, int max_size)
+        {
+          result = fread (buf, 1, max_size, yyin);
+          if (result < max_size && ferror (yyin))
+-           fatal (_("%P: read in flex scanner failed\n"));
++           fatal (_("%F%P: read in flex scanner failed\n"));
+        }
+     }
+   return result;
+@@ -707,7 +707,7 @@ comment (void)
+ 
+       if (c == 0)
+        {
+-         fatal (_("%P: EOF in comment\n"));
++         fatal (_("%F%P: EOF in comment\n"));
+          break;
+        }
+     }
+@@ -728,7 +728,7 @@ lex_warn_invalid (char *where, char *what)
+   if (ldfile_assumed_script)
+     {
+       bfd_set_error (bfd_error_file_not_recognized);
+-      fatal (_("%s: file not recognized: %E\n"), ldlex_filename ());
++      fatal (_("%F%s: file not recognized: %E\n"), ldlex_filename ());
+     }
+ 
+   if (! ISPRINT (*what))
+diff --git a/ld/ldmain.c b/ld/ldmain.c
+index a61086c3..8250ae08 100644
+--- a/ld/ldmain.c
++++ b/ld/ldmain.c
+@@ -193,7 +193,7 @@ write_dependency_file (void)
+   out = fopen (config.dependency_file, FOPEN_WT);
+   if (out == NULL)
+     {
+-      fatal (_("%P: cannot open dependency file %s: %E\n"),
++      fatal (_("%F%P: cannot open dependency file %s: %E\n"),
+             config.dependency_file);
+     }
+ 
+@@ -266,7 +266,7 @@ main (int argc, char **argv)
+   expandargv (&argc, &argv);
+ 
+   if (bfd_init () != BFD_INIT_MAGIC)
+-    fatal (_("%P: fatal error: libbfd ABI mismatch\n"));
++    fatal (_("%F%P: fatal error: libbfd ABI mismatch\n"));
+ 
+   bfd_set_error_program_name (program_name);
+ 
+@@ -468,13 +468,13 @@ main (int argc, char **argv)
+     xexit (0);
+ 
+   if (link_info.inhibit_common_definition && !bfd_link_dll (&link_info))
+-    fatal (_("%P: --no-define-common may not be used without -shared\n"));
++    fatal (_("%F%P: --no-define-common may not be used without -shared\n"));
+ 
+   if (!lang_has_input_file)
+     {
+       if (version_printed || command_line.print_output_format)
+        xexit (0);
+-      fatal (_("%P: no input files\n"));
++      fatal (_("%F%P: no input files\n"));
+     }
+ 
+   if (verbose)
+@@ -494,7 +494,7 @@ main (int argc, char **argv)
+          if (config.map_file == (FILE *) NULL)
+            {
+              bfd_set_error (bfd_error_system_call);
+-             einfo (_("%P: cannot open map file %s: %E\n"),
++             fatal (_("%F%P: cannot open map file %s: %E\n"),
+                     config.map_filename);
+            }
+        }
+@@ -569,7 +569,7 @@ main (int argc, char **argv)
+       bfd *obfd = link_info.output_bfd;
+       link_info.output_bfd = NULL;
+       if (!bfd_close (obfd))
+-       fatal (_("%P: %s: final close failed: %E\n"), output_filename);
++       fatal (_("%F%P: %s: final close failed: %E\n"), output_filename);
+ 
+       /* If the --force-exe-suffix is enabled, and we're making an
+         executable file and it doesn't end in .exe, copy it to one
+@@ -596,10 +596,10 @@ main (int argc, char **argv)
+              dst = fopen (dst_name, FOPEN_WB);
+ 
+              if (!src)
+-               fatal (_("%P: unable to open for source of copy `%s'\n"),
++               fatal (_("%F%P: unable to open for source of copy `%s'\n"),
+                       output_filename);
+              if (!dst)
+-               fatal (_("%P: unable to open for destination of copy `%s'\n"),
++               fatal (_("%F%P: unable to open for destination of copy `%s'\n"),
+                       dst_name);
+              while ((l = fread (buf, 1, bsize, src)) > 0)
+                {
+@@ -710,7 +710,7 @@ get_emulation (int argc, char **argv)
+                  i++;
+                }
+              else
+-               fatal (_("%P: missing argument to -m\n"));
++               fatal (_("%F%P: missing argument to -m\n"));
+            }
+          else if (strcmp (argv[i], "-mips1") == 0
+                   || strcmp (argv[i], "-mips2") == 0
+@@ -764,11 +764,11 @@ add_ysym (const char *name)
+                                  bfd_hash_newfunc,
+                                  sizeof (struct bfd_hash_entry),
+                                  61))
+-       fatal (_("%P: bfd_hash_table_init failed: %E\n"));
++       fatal (_("%F%P: bfd_hash_table_init failed: %E\n"));
+     }
+ 
+   if (bfd_hash_lookup (link_info.notice_hash, name, true, true) == NULL)
+-    fatal (_("%P: bfd_hash_lookup failed: %E\n"));
++    fatal (_("%F%P: bfd_hash_lookup failed: %E\n"));
+ }
+ 
+ void
+@@ -781,11 +781,11 @@ add_ignoresym (struct bfd_link_info *info, const char *name)
+                                  bfd_hash_newfunc,
+                                  sizeof (struct bfd_hash_entry),
+                                  61))
+-       fatal (_("%P: bfd_hash_table_init failed: %E\n"));
++       fatal (_("%F%P: bfd_hash_table_init failed: %E\n"));
+     }
+ 
+   if (bfd_hash_lookup (info->ignore_hash, name, true, true) == NULL)
+-    fatal (_("%P: bfd_hash_lookup failed: %E\n"));
++    fatal (_("%F%P: bfd_hash_lookup failed: %E\n"));
+ }
+ 
+ /* Record a symbol to be wrapped, from the --wrap option.  */
+@@ -801,11 +801,11 @@ add_wrap (const char *name)
+                                  bfd_hash_newfunc,
+                                  sizeof (struct bfd_hash_entry),
+                                  61))
+-       fatal (_("%P: bfd_hash_table_init failed: %E\n"));
++       fatal (_("%F%P: bfd_hash_table_init failed: %E\n"));
+     }
+ 
+   if (bfd_hash_lookup (link_info.wrap_hash, name, true, true) == NULL)
+-    fatal (_("%P: bfd_hash_lookup failed: %E\n"));
++    fatal (_("%F%P: bfd_hash_lookup failed: %E\n"));
+ }
+ 
+ /* Handle the -retain-symbols-file option.  */
+@@ -833,7 +833,7 @@ add_keepsyms_file (const char *filename)
+       xmalloc (sizeof (struct bfd_hash_table));
+   if (!bfd_hash_table_init (link_info.keep_hash, bfd_hash_newfunc,
+                            sizeof (struct bfd_hash_entry)))
+-    fatal (_("%P: bfd_hash_table_init failed: %E\n"));
++    fatal (_("%F%P: bfd_hash_table_init failed: %E\n"));
+ 
+   bufsize = 100;
+   buf = (char *) xmalloc (bufsize);
+@@ -863,7 +863,7 @@ add_keepsyms_file (const char *filename)
+          buf[len] = '\0';
+ 
+          if (bfd_hash_lookup (link_info.keep_hash, buf, true, true) == NULL)
+-           fatal (_("%P: bfd_hash_lookup for insertion failed: %E\n"));
++           fatal (_("%F%P: bfd_hash_lookup for insertion failed: %E\n"));
+        }
+     }
+ 
+@@ -1270,7 +1270,7 @@ constructor_callback (struct bfd_link_info *info,
+   if (bfd_reloc_type_lookup (info->output_bfd, BFD_RELOC_CTOR) == NULL
+       && (bfd_link_relocatable (info)
+          || bfd_reloc_type_lookup (abfd, BFD_RELOC_CTOR) == NULL))
+-    fatal (_("%P: BFD backend error: BFD_RELOC_CTOR unsupported\n"));
++    fatal (_("%F%P: BFD backend error: BFD_RELOC_CTOR unsupported\n"));
+ 
+   s = set_name;
+   if (bfd_get_symbol_leading_char (abfd) != '\0')
+@@ -1282,7 +1282,7 @@ constructor_callback (struct bfd_link_info *info,
+ 
+   h = bfd_link_hash_lookup (info->hash, set_name, true, true, true);
+   if (h == (struct bfd_link_hash_entry *) NULL)
+-    fatal (_("%P: bfd_link_hash_lookup failed: %E\n"));
++    fatal (_("%F%P: bfd_link_hash_lookup failed: %E\n"));
+   if (h->type == bfd_link_hash_new)
+     {
+       h->type = bfd_link_hash_undefined;
+@@ -1315,7 +1315,7 @@ symbol_warning (const char *warning, const char *symbol, bfd *abfd)
+   struct warning_callback_info cinfo;
+ 
+   if (!bfd_generic_link_read_symbols (abfd))
+-    fatal (_("%P: %pB: could not read symbols: %E\n"), abfd);
++    fatal (_("%F%P: %pB: could not read symbols: %E\n"), abfd);
+ 
+   cinfo.found = false;
+   cinfo.warning = warning;
+@@ -1377,14 +1377,14 @@ warning_find_reloc (bfd *abfd, asection *sec, void *iarg)
+ 
+   relsize = bfd_get_reloc_upper_bound (abfd, sec);
+   if (relsize < 0)
+-    fatal (_("%P: %pB: could not read relocs: %E\n"), abfd);
++    fatal (_("%F%P: %pB: could not read relocs: %E\n"), abfd);
+   if (relsize == 0)
+     return;
+ 
+   relpp = (arelent **) xmalloc (relsize);
+   relcount = bfd_canonicalize_reloc (abfd, sec, relpp, info->asymbols);
+   if (relcount < 0)
+-    fatal (_("%P: %pB: could not read relocs: %E\n"), abfd);
++    fatal (_("%F%P: %pB: could not read relocs: %E\n"), abfd);
+ 
+   p = relpp;
+   pend = p + relcount;
+diff --git a/ld/ldmisc.c b/ld/ldmisc.c
+index d1257214..1d9d0cf2 100644
+--- a/ld/ldmisc.c
++++ b/ld/ldmisc.c
+@@ -324,7 +324,7 @@ vfinfo (FILE *fp, const char *fmt, va_list ap, bool is_warning)
+                if (abfd != NULL)
+                  {
+                    if (!bfd_generic_link_read_symbols (abfd))
+-                     fatal (_("%P: %pB: could not read symbols: %E\n"), abfd);
++                     fatal (_("%F%P: %pB: could not read symbols: %E\n"), abfd);
+ 
+                    asymbols = bfd_get_outsymbols (abfd);
+                  }
+@@ -638,7 +638,7 @@ fatal (const char *fmt, ...)
+ void
+ info_assert (const char *file, unsigned int line)
+ {
+-  fatal (_("%P: internal error %s %d\n"), file, line);
++  fatal (_("%F%P: internal error %s %d\n"), file, line);
+ }
+ 
+ /* ('m' for map) Format info message and print on map.  */
+@@ -707,5 +707,5 @@ ld_abort (const char *file, int line, const char *fn)
+   else
+     einfo (_("%P: internal error: aborting at %s:%d\n"),
+           file, line);
+-  fatal (_("%P: please report this bug\n"));
++  fatal (_("%F%P: please report this bug\n"));
+ }
+diff --git a/ld/ldwrite.c b/ld/ldwrite.c
+index ace5e564..216d3583 100644
+--- a/ld/ldwrite.c
++++ b/ld/ldwrite.c
+@@ -57,14 +57,14 @@ build_link_order (lang_statement_union_type *statement)
+ 
+        link_order = bfd_new_link_order (link_info.output_bfd, output_section);
+        if (link_order == NULL)
+-         fatal (_("%P: bfd_new_link_order failed: %E\n"));
++         fatal (_("%F%P: bfd_new_link_order failed: %E\n"));
+ 
+        link_order->type = bfd_data_link_order;
+        link_order->offset = statement->data_statement.output_offset;
+        link_order->u.data.contents = bfd_alloc (link_info.output_bfd,
+                                                 QUAD_SIZE);
+        if (link_order->u.data.contents == NULL)
+-         fatal (_("%P: bfd_new_link_order failed: %E\n"));
++         fatal (_("%F%P: bfd_new_link_order failed: %E\n"));
+ 
+        value = statement->data_statement.value;
+ 
+@@ -170,7 +170,7 @@ build_link_order (lang_statement_union_type *statement)
+ 
+        link_order = bfd_new_link_order (link_info.output_bfd, output_section);
+        if (link_order == NULL)
+-         fatal (_("%P: bfd_new_link_order failed: %E\n"));
++         fatal (_("%F%P: bfd_new_link_order failed: %E\n"));
+ 
+        link_order->offset = rs->output_offset;
+        link_order->size = bfd_get_reloc_size (rs->howto);
+@@ -178,7 +178,7 @@ build_link_order (lang_statement_union_type *statement)
+        link_order->u.reloc.p = (struct bfd_link_order_reloc *)
+          bfd_alloc (link_info.output_bfd, sizeof (struct bfd_link_order_reloc));
+        if (link_order->u.reloc.p == NULL)
+-         fatal (_("%P: bfd_new_link_order failed: %E\n"));
++         fatal (_("%F%P: bfd_new_link_order failed: %E\n"));
+ 
+        link_order->u.reloc.p->reloc = rs->reloc;
+        link_order->u.reloc.p->addend = rs->addend_value;
+@@ -224,7 +224,7 @@ build_link_order (lang_statement_union_type *statement)
+            link_order = bfd_new_link_order (link_info.output_bfd,
+                                             output_section);
+            if (link_order == NULL)
+-             fatal (_("%P: bfd_new_link_order failed: %E\n"));
++             fatal (_("%F%P: bfd_new_link_order failed: %E\n"));
+ 
+            if ((i->flags & SEC_NEVER_LOAD) != 0
+                && (i->flags & SEC_DEBUGGING) == 0)
+@@ -265,7 +265,7 @@ build_link_order (lang_statement_union_type *statement)
+        link_order = bfd_new_link_order (link_info.output_bfd,
+                                         output_section);
+        if (link_order == NULL)
+-         fatal (_("%P: bfd_new_link_order failed: %E\n"));
++         fatal (_("%F%P: bfd_new_link_order failed: %E\n"));
+        link_order->type = bfd_data_link_order;
+        link_order->size = statement->padding_statement.size;
+        link_order->offset = statement->padding_statement.output_offset;
+@@ -334,7 +334,7 @@ clone_section (bfd *abfd, asection *s, const char *name, int *count)
+       if (startswith (name, ".stab")
+          || strcmp (name, "$GDB_SYMBOLS$") == 0)
+        {
+-         fatal (_ ("%P: cannot create split section name for %s\n"), name);
++         fatal (_ ("%F%P: cannot create split section name for %s\n"), name);
+          return NULL;
+        }
+       tname[5] = 0;
+@@ -345,7 +345,7 @@ clone_section (bfd *abfd, asection *s, const char *name, int *count)
+       || (h = bfd_link_hash_lookup (link_info.hash,
+                                    sname, true, true, false)) == NULL)
+     {
+-      fatal (_("%P: clone section failed: %E\n"));
++      fatal (_("%F%P: clone section failed: %E\n"));
+       return NULL;
+     }
+   free (tname);
+@@ -552,7 +552,7 @@ ldwrite (void)
+         out.  */
+ 
+       if (bfd_get_error () != bfd_error_no_error)
+-       fatal (_("%P: final link failed: %E\n"));
++       fatal (_("%F%P: final link failed: %E\n"));
+       else
+        xexit (1);
+     }
+diff --git a/ld/lexsup.c b/ld/lexsup.c
+index 00346348..2b17499c 100644
+--- a/ld/lexsup.c
++++ b/ld/lexsup.c
+@@ -810,7 +810,7 @@ parse_args (unsigned argc, char **argv)
+               && optc != argv[last_optind][1])
+        {
+          if (optarg)
+-           fatal (_("%P: Error: unable to disambiguate: "
++           fatal (_("%F%P: Error: unable to disambiguate: "
+                     "%s (did you mean -%s ?)\n"),
+                   argv[last_optind], argv[last_optind]);
+          else
+@@ -851,7 +851,7 @@ parse_args (unsigned argc, char **argv)
+          /* Fall through.  */
+ 
+        default:
+-         fatal (_("%P: use the --help option for usage information\n"));
++         fatal (_("%F%P: use the --help option for usage information\n"));
+          break;
+ 
+        case 1:                 /* File name.  */
+@@ -870,7 +870,7 @@ parse_args (unsigned argc, char **argv)
+                   || strcmp (optarg, "default") == 0)
+            input_flags.dynamic = true;
+          else
+-           fatal (_("%P: unrecognized -a option `%s'\n"), optarg);
++           fatal (_("%F%P: unrecognized -a option `%s'\n"), optarg);
+          break;
+        case OPTION_ASSERT:
+          /* FIXME: We just ignore these, but we should handle them.  */
+@@ -883,7 +883,7 @@ parse_args (unsigned argc, char **argv)
+          else if (strcmp (optarg, "pure-text") == 0)
+            ;
+          else
+-           fatal (_("%P: unrecognized -assert option `%s'\n"), optarg);
++           fatal (_("%F%P: unrecognized -assert option `%s'\n"), optarg);
+          break;
+        case 'A':
+          ldfile_add_arch (optarg);
+@@ -927,7 +927,7 @@ parse_args (unsigned argc, char **argv)
+ 
+              style = cplus_demangle_name_to_style (optarg);
+              if (style == unknown_demangling)
+-               fatal (_("%P: unknown demangling style `%s'\n"), optarg);
++               fatal (_("%F%P: unknown demangling style `%s'\n"), optarg);
+ 
+              cplus_demangle_set_style (style);
+            }
+@@ -1034,7 +1034,7 @@ parse_args (unsigned argc, char **argv)
+            char *end;
+            g_switch_value = strtoul (optarg, &end, 0);
+            if (*end)
+-             fatal (_("%P: invalid number `%s'\n"), optarg);
++             fatal (_("%F%P: invalid number `%s'\n"), optarg);
+          }
+          break;
+        case 'g':
+@@ -1130,7 +1130,7 @@ parse_args (unsigned argc, char **argv)
+              link_info.unresolved_syms_in_shared_libs = RM_IGNORE;
+            }
+          else
+-           fatal (_("%P: bad --unresolved-symbols option: %s\n"), optarg);
++           fatal (_("%F%P: bad --unresolved-symbols option: %s\n"), optarg);
+          break;
+        case OPTION_WARN_UNRESOLVED_SYMBOLS:
+          link_info.warn_unresolved_syms = true;
+@@ -1217,7 +1217,7 @@ parse_args (unsigned argc, char **argv)
+          break;
+        case OPTION_PLUGIN_OPT:
+          if (plugin_opt_plugin_arg (optarg))
+-           fatal (_("%P: bad -plugin-opt option\n"));
++           fatal (_("%F%P: bad -plugin-opt option\n"));
+          break;
+ #endif /* BFD_SUPPORTS_PLUGINS */
+        case 'q':
+@@ -1234,10 +1234,10 @@ parse_args (unsigned argc, char **argv)
+               an error message here.  We cannot just make this a warning,
+               increment optind, and continue because getopt is too confused
+               and will seg-fault the next time around.  */
+-           fatal(_("%P: unrecognised option: %s\n"), argv[optind]);
++           fatal(_("%F%P: unrecognised option: %s\n"), argv[optind]);
+ 
+          if (bfd_link_pic (&link_info))
+-           fatal (_("%P: -r and %s may not be used together\n"),
++           fatal (_("%F%P: -r and %s may not be used together\n"),
+                   bfd_link_dll (&link_info) ? "-shared" : "-pie");
+ 
+          link_info.type = type_relocatable;
+@@ -1347,7 +1347,7 @@ parse_args (unsigned argc, char **argv)
+          if (config.has_shared)
+            {
+              if (bfd_link_relocatable (&link_info))
+-               fatal (_("%P: -r and %s may not be used together\n"),
++               fatal (_("%F%P: -r and %s may not be used together\n"),
+                       "-shared");
+ 
+              link_info.type = type_dll;
+@@ -1359,7 +1359,7 @@ parse_args (unsigned argc, char **argv)
+                link_info.unresolved_syms_in_shared_libs = RM_IGNORE;
+            }
+          else
+-           fatal (_("%P: -shared not supported\n"));
++           fatal (_("%F%P: -shared not supported\n"));
+          break;
+        case OPTION_NO_PIE:
+          link_info.type = type_pde;
+@@ -1368,12 +1368,12 @@ parse_args (unsigned argc, char **argv)
+          if (config.has_shared)
+            {
+              if (bfd_link_relocatable (&link_info))
+-               fatal (_("%P: -r and %s may not be used together\n"), "-pie");
++               fatal (_("%F%P: -r and %s may not be used together\n"), "-pie");
+ 
+              link_info.type = type_pie;
+            }
+          else
+-           fatal (_("%P: -pie not supported\n"));
++           fatal (_("%F%P: -pie not supported\n"));
+          break;
+        case 'h':               /* Used on Solaris.  */
+        case OPTION_SONAME:
+@@ -1390,7 +1390,7 @@ parse_args (unsigned argc, char **argv)
+          else if (strcmp (optarg, N_("ascending")) == 0)
+            config.sort_common = sort_ascending;
+          else
+-           fatal (_("%P: invalid common section sorting option: %s\n"),
++           fatal (_("%F%P: invalid common section sorting option: %s\n"),
+                   optarg);
+          break;
+        case OPTION_SORT_SECTION:
+@@ -1399,7 +1399,7 @@ parse_args (unsigned argc, char **argv)
+          else if (strcmp (optarg, N_("alignment")) == 0)
+            sort_section = by_alignment;
+          else
+-           fatal (_("%P: invalid section sorting option: %s\n"), optarg);
++           fatal (_("%F%P: invalid section sorting option: %s\n"), optarg);
+          break;
+        case OPTION_STATS:
+          config.stats = true;
+@@ -1435,14 +1435,14 @@ parse_args (unsigned argc, char **argv)
+            /* Check for <something>=<somthing>...  */
+            optarg2 = strchr (optarg, '=');
+            if (optarg2 == NULL)
+-             fatal (_("%P: invalid argument to option"
++             fatal (_("%F%P: invalid argument to option"
+                       " \"--section-start\"\n"));
+ 
+            optarg2++;
+ 
+            /* So far so good.  Are all the args present?  */
+            if ((*optarg == '\0') || (*optarg2 == '\0'))
+-             fatal (_("%P: missing argument(s) to option"
++             fatal (_("%F%P: missing argument(s) to option"
+                       " \"--section-start\"\n"));
+ 
+            /* We must copy the section name as set_section_start
+@@ -1486,7 +1486,7 @@ parse_args (unsigned argc, char **argv)
+          /* Fall through.  */
+        case OPTION_UR:
+          if (bfd_link_pic (&link_info))
+-           fatal (_("%P: -r and %s may not be used together\n"),
++           fatal (_("%F%P: -r and %s may not be used together\n"),
+                   bfd_link_dll (&link_info) ? "-shared" : "-pie");
+ 
+          link_info.type = type_relocatable;
+@@ -1517,7 +1517,7 @@ parse_args (unsigned argc, char **argv)
+              char *end;
+              int level ATTRIBUTE_UNUSED = strtoul (optarg, &end, 0);
+              if (*end)
+-               fatal (_("%P: invalid number `%s'\n"), optarg);
++               fatal (_("%F%P: invalid number `%s'\n"), optarg);
+ #if BFD_SUPPORTS_PLUGINS
+              report_plugin_symbols = level > 1;
+ #endif /* BFD_SUPPORTS_PLUGINS */
+@@ -1712,7 +1712,7 @@ parse_args (unsigned argc, char **argv)
+          break;
+        case ')':
+          if (! ingroup)
+-           fatal (_("%P: group ended before it began (--help for usage)\n"));
++           fatal (_("%F%P: group ended before it began (--help for usage)\n"));
+ 
+          lang_leave_group ();
+          ingroup--;
+@@ -1728,7 +1728,7 @@ parse_args (unsigned argc, char **argv)
+ 
+        case OPTION_REMAP_INPUTS_FILE:
+          if (! ldfile_add_remap_file (optarg))
+-           fatal (_("%P: failed to add remap file %s\n"), optarg);
++           fatal (_("%F%P: failed to add remap file %s\n"), optarg);
+          break;
+ 
+        case OPTION_REMAP_INPUTS:
+@@ -1737,7 +1737,7 @@ parse_args (unsigned argc, char **argv)
+            if (optarg2 == NULL)
+              /* FIXME: Should we allow --remap-inputs=@myfile as a synonym
+                 for --remap-inputs-file=myfile ?  */
+-             fatal (_("%P: invalid argument to option --remap-inputs\n"));
++             fatal (_("%F%P: invalid argument to option --remap-inputs\n"));
+            size_t len = optarg2 - optarg;
+            char * pattern = xmalloc (len + 1);
+            memcpy (pattern, optarg, len);
+@@ -1758,7 +1758,7 @@ parse_args (unsigned argc, char **argv)
+            char *end;
+            bfd_size_type cache_size = strtoul (optarg, &end, 0);
+            if (*end != '\0')
+-             fatal (_("%P: invalid cache memory size: %s\n"), optarg);
++             fatal (_("%F%P: invalid cache memory size: %s\n"), optarg);
+            link_info.max_cache_size = cache_size;
+          }
+          break;
+@@ -1783,7 +1783,7 @@ parse_args (unsigned argc, char **argv)
+ 
+        case OPTION_POP_STATE:
+          if (input_flags.pushed == NULL)
+-           fatal (_("%P: no state pushed before popping\n"));
++           fatal (_("%F%P: no state pushed before popping\n"));
+          else
+            {
+              struct lang_input_statement_flags *oldp = input_flags.pushed;
+@@ -1806,7 +1806,7 @@ parse_args (unsigned argc, char **argv)
+          else if (strcasecmp (optarg, "discard") == 0)
+            config.orphan_handling = orphan_handling_discard;
+          else
+-           fatal (_("%P: invalid argument to option"
++           fatal (_("%F%P: invalid argument to option"
+                     " \"--orphan-handling\"\n"));
+          break;
+ 
+@@ -1851,7 +1851,7 @@ parse_args (unsigned argc, char **argv)
+          else if (strcmp (optarg, "share-duplicated") == 0)
+            config.ctf_share_duplicated = true;
+          else
+-           fatal (_("%P: bad --ctf-share-types option: %s\n"), optarg);
++           fatal (_("%F%P: bad --ctf-share-types option: %s\n"), optarg);
+          break;
+        }
+     }
+@@ -2046,7 +2046,7 @@ parse_args (unsigned argc, char **argv)
+   if (config.no_section_header)
+     {
+       if (bfd_link_relocatable (&link_info))
+-       fatal (_("%P: -r and -z nosectionheader may not be used together\n"));
++       fatal (_("%F%P: -r and -z nosectionheader may not be used together\n"));
+ 
+       link_info.strip = strip_all;
+     }
+@@ -2054,9 +2054,9 @@ parse_args (unsigned argc, char **argv)
+   if (!bfd_link_dll (&link_info))
+     {
+       if (command_line.filter_shlib)
+-       fatal (_("%P: -F may not be used without -shared\n"));
++       fatal (_("%F%P: -F may not be used without -shared\n"));
+       if (command_line.auxiliary_filters)
+-       fatal (_("%P: -f may not be used without -shared\n"));
++       fatal (_("%F%P: -f may not be used without -shared\n"));
+     }
+ 
+   /* Treat ld -r -s as ld -r -S -x (i.e., strip all local symbols).  I
+@@ -2097,7 +2097,7 @@ set_section_start (char *sect, char *valstr)
+   const char *end;
+   bfd_vma val = bfd_scan_vma (valstr, &end, 16);
+   if (*end)
+-    fatal (_("%P: invalid hex number `%s'\n"), valstr);
++    fatal (_("%F%P: invalid hex number `%s'\n"), valstr);
+   lang_section_start (sect, exp_intop (val), NULL);
+ }
+ 
+@@ -2110,7 +2110,7 @@ set_segment_start (const char *section, char *valstr)
+ 
+   bfd_vma val = bfd_scan_vma (valstr, &end, 16);
+   if (*end)
+-    fatal (_("%P: invalid hex number `%s'\n"), valstr);
++    fatal (_("%F%P: invalid hex number `%s'\n"), valstr);
+   /* If we already have an entry for this segment, update the existing
+      value.  */
+   name = section + 1;
+diff --git a/ld/mri.c b/ld/mri.c
+index 7c8e59fa..aea2bd44 100644
+--- a/ld/mri.c
++++ b/ld/mri.c
+@@ -288,7 +288,7 @@ mri_format (const char *name)
+     lang_add_output_format ("srec", NULL, NULL, 1);
+ 
+   else
+-    fatal (_("%P: unknown format type %s\n"), name);
++    fatal (_("%F%P: unknown format type %s\n"), name);
+ }
+ 
+ void
+diff --git a/ld/pe-dll.c b/ld/pe-dll.c
+index 800d00c8..ae294986 100644
+--- a/ld/pe-dll.c
++++ b/ld/pe-dll.c
+@@ -756,7 +756,7 @@ process_def_file_and_drectve (bfd *abfd ATTRIBUTE_UNUSED, struct bfd_link_info *
+ 
+          if (!bfd_generic_link_read_symbols (b))
+            {
+-             fatal (_("%P: %pB: could not read symbols: %E\n"), b);
++             fatal (_("%F%P: %pB: could not read symbols: %E\n"), b);
+              return;
+            }
+ 
+@@ -1048,7 +1048,7 @@ build_filler_bfd (bool include_edata)
+                             bfd_get_arch (link_info.output_bfd),
+                             bfd_get_mach (link_info.output_bfd)))
+     {
+-      fatal (_("%P: can not create BFD: %E\n"));
++      fatal (_("%F%P: can not create BFD: %E\n"));
+       return;
+     }
+ 
+@@ -1326,7 +1326,7 @@ pe_walk_relocs (struct bfd_link_info *info,
+ 
+       if (!bfd_generic_link_read_symbols (b))
+        {
+-         fatal (_("%P: %pB: could not read symbols: %E\n"), b);
++         fatal (_("%F%P: %pB: could not read symbols: %E\n"), b);
+          return;
+        }
+ 
+@@ -1407,7 +1407,7 @@ pe_find_data_imports (const char *symhead,
+       if (!bfd_hash_table_init (import_hash,
+                                bfd_hash_newfunc,
+                                sizeof (struct bfd_hash_entry)))
+-       fatal (_("%P: bfd_hash_table_init failed: %E\n"));
++       fatal (_("%F%P: bfd_hash_table_init failed: %E\n"));
+     }
+   else
+     import_hash = NULL;
+@@ -1447,7 +1447,7 @@ pe_find_data_imports (const char *symhead,
+ 
+                if (!bfd_generic_link_read_symbols (b))
+                  {
+-                   fatal (_("%P: %pB: could not read symbols: %E\n"), b);
++                   fatal (_("%F%P: %pB: could not read symbols: %E\n"), b);
+                    return;
+                  }
+ 
+@@ -1549,7 +1549,7 @@ generate_reloc (bfd *abfd, struct bfd_link_info *info)
+ 
+       if (!bfd_generic_link_read_symbols (b))
+        {
+-         fatal (_("%P: %pB: could not read symbols: %E\n"), b);
++         fatal (_("%F%P: %pB: could not read symbols: %E\n"), b);
+          return;
+        }
+ 
+diff --git a/ld/plugin.c b/ld/plugin.c
+index 0a99d406..27f69b97 100644
+--- a/ld/plugin.c
++++ b/ld/plugin.c
+@@ -252,7 +252,7 @@ plugin_opt_plugin (const char *plugin)
+   newplug->name = plugin;
+   newplug->dlhandle = dlopen (plugin, RTLD_NOW);
+   if (!newplug->dlhandle)
+-    fatal (_("%P: %s: error loading plugin: %s\n"), plugin, dlerror ());
++    fatal (_("%F%P: %s: error loading plugin: %s\n"), plugin, dlerror ());
+ 
+   /* Check if plugin has been loaded already.  */
+   while (curplug)
+@@ -345,7 +345,7 @@ plugin_get_ir_dummy_bfd (const char *name, bfd *srctemplate)
+        }
+     }
+  report_error:
+-  fatal (_("%P: could not create dummy IR bfd: %E\n"));
++  fatal (_("%F%P: could not create dummy IR bfd: %E\n"));
+   return NULL;
+ }
+ 
+@@ -426,7 +426,7 @@ asymbol_from_plugin_symbol (bfd *abfd, asymbol *asym,
+       unsigned char visibility;
+ 
+       if (!elfsym)
+-       fatal (_("%P: %s: non-ELF symbol in ELF BFD!\n"), asym->name);
++       fatal (_("%F%P: %s: non-ELF symbol in ELF BFD!\n"), asym->name);
+ 
+       if (ldsym->def == LDPK_COMMON)
+        {
+@@ -437,7 +437,7 @@ asymbol_from_plugin_symbol (bfd *abfd, asymbol *asym,
+       switch (ldsym->visibility)
+        {
+        default:
+-         fatal (_("%P: unknown ELF symbol visibility: %d!\n"),
++         fatal (_("%F%P: unknown ELF symbol visibility: %d!\n"),
+                 ldsym->visibility);
+          return LDPS_ERR;
+ 
+@@ -555,7 +555,7 @@ get_view (const void *handle, const void **viewp)
+ 
+   /* FIXME: einfo should support %lld.  */
+   if ((off_t) size != input->filesize)
+-    fatal (_("%P: unsupported input file size: %s (%ld bytes)\n"),
++    fatal (_("%F%P: unsupported input file size: %s (%ld bytes)\n"),
+           input->name, (long) input->filesize);
+ 
+   /* Check the cached view buffer.  */
+@@ -826,7 +826,7 @@ get_symbols (const void *handle, int nsyms, struct ld_plugin_symbol *syms,
+          && blhe->type != bfd_link_hash_common)
+        {
+          /* We should not have a new, indirect or warning symbol here.  */
+-         fatal (_("%P: %s: plugin symbol table corrupt (sym type %d)\n"),
++         fatal (_("%F%P: %s: plugin symbol table corrupt (sym type %d)\n"),
+                 called_plugin->name, blhe->type);
+        }
+ 
+@@ -978,14 +978,13 @@ message (int level, const char *format, ...)
+     case LDPL_ERROR:
+     default:
+       {
+-       char *newfmt = concat (_("%X%P: error: "), format, "\n",
++       char *newfmt = concat (level == LDPL_FATAL ? "%F" : "%X",
++                              _("%P: error: "), format, "\n",
+                               (const char *) NULL);
+        fflush (stdout);
+        vfinfo (stderr, newfmt, args, true);
+        fflush (stderr);
+        free (newfmt);
+-       if (level == LDPL_FATAL)
+-         fatal ("");
+       }
+       break;
+     }
+@@ -1128,14 +1127,14 @@ plugin_load_plugins (void)
+       if (!onloadfn)
+        onloadfn = (ld_plugin_onload) dlsym (curplug->dlhandle, "_onload");
+       if (!onloadfn)
+-       fatal (_("%P: %s: error loading plugin: %s\n"),
++       fatal (_("%F%P: %s: error loading plugin: %s\n"),
+               curplug->name, dlerror ());
+       set_tv_plugin_args (curplug, &my_tv[tv_header_size]);
+       called_plugin = curplug;
+       rv = (*onloadfn) (my_tv);
+       called_plugin = NULL;
+       if (rv != LDPS_OK)
+-       fatal (_("%P: %s: plugin error: %d\n"), curplug->name, rv);
++       fatal (_("%F%P: %s: plugin error: %d\n"), curplug->name, rv);
+       curplug = curplug->next;
+     }
+ 
+@@ -1194,7 +1193,7 @@ plugin_strdup (bfd *abfd, const char *str)
+   strlength = strlen (str) + 1;
+   copy = bfd_alloc (abfd, strlength);
+   if (copy == NULL)
+-    fatal (_("%P: plugin_strdup failed to allocate memory: %s\n"),
++    fatal (_("%F%P: plugin_strdup failed to allocate memory: %s\n"),
+           bfd_get_error ());
+   memcpy (copy, str, strlength);
+   return copy;
+@@ -1231,7 +1230,7 @@ plugin_object_p (bfd *ibfd, bool known_used)
+ 
+   input = bfd_alloc (abfd, sizeof (*input));
+   if (input == NULL)
+-    fatal (_("%P: plugin failed to allocate memory for input: %s\n"),
++    fatal (_("%F%P: plugin failed to allocate memory for input: %s\n"),
+           bfd_get_error ());
+ 
+   if (!bfd_plugin_open_input (ibfd, &file))
+@@ -1259,7 +1258,7 @@ plugin_object_p (bfd *ibfd, bool known_used)
+   claimed = 0;
+ 
+   if (plugin_call_claim_file (&file, &claimed, known_used))
+-    fatal (_("%P: %s: plugin reported error claiming file\n"),
++    fatal (_("%F%P: %s: plugin reported error claiming file\n"),
+           plugin_error_plugin ());
+ 
+   if (input->fd != -1
+-- 
+2.43.0
+
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch
new file mode 100644
index 0000000000..e8855a4b4b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch
@@ -0,0 +1,25 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 10 Apr 2025 19:41:49 +0930
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d1458933830456e54223d9fc61f0d9b3a19256f5]
+CVE: CVE-2025-5244
+
+PR32858 ld segfault on fuzzed object
+We missed one place where it is necessary to check for empty groups.
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index a76e8e38da7..549b7b7dd92 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -14408,7 +14408,8 @@ elf_gc_sweep (bfd *abfd, struct bfd_link_info *info)
+          if (o->flags & SEC_GROUP)
+            {
+              asection *first = elf_next_in_group (o);
+-             o->gc_mark = first->gc_mark;
++             if (first != NULL)
++               o->gc_mark = first->gc_mark;
+            }
+ 
+          if (o->gc_mark)
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch
new file mode 100644
index 0000000000..d4b7d55966
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch
@@ -0,0 +1,38 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 1 Apr 2025 22:36:54 +1030
+
+PR32829, SEGV on objdump function debug_type_samep
+u.kenum is always non-NULL, see debug_make_enum_type.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a]
+CVE: CVE-2025-5245
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/binutils/debug.c b/binutils/debug.c
+index dcc8ccde..465b18e7 100644
+--- a/binutils/debug.c
++++ b/binutils/debug.c
+@@ -2554,9 +2554,6 @@ debug_write_type (struct debug_handle *info,
+     case DEBUG_KIND_UNION_CLASS:
+       return debug_write_class_type (info, fns, fhandle, type, tag);
+     case DEBUG_KIND_ENUM:
+-      if (type->u.kenum == NULL)
+-       return (*fns->enum_type) (fhandle, tag, (const char **) NULL,
+-                                 (bfd_signed_vma *) NULL);
+       return (*fns->enum_type) (fhandle, tag, type->u.kenum->names,
+                                type->u.kenum->values);
+     case DEBUG_KIND_POINTER:
+@@ -3097,9 +3094,9 @@ debug_type_samep (struct debug_handle *info, struct debug_type_s *t1,
+       break;
+ 
+     case DEBUG_KIND_ENUM:
+-      if (t1->u.kenum == NULL)
+-       ret = t2->u.kenum == NULL;
+-      else if (t2->u.kenum == NULL)
++      if (t1->u.kenum->names == NULL)
++       ret = t2->u.kenum->names == NULL;
++      else if (t2->u.kenum->names == NULL)
+        ret = false;
+       else
+        {
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2024-57360.patch b/meta/recipes-devtools/binutils/binutils/CVE-2024-57360.patch
new file mode 100644
index 0000000000..6d9720414b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2024-57360.patch
@@ -0,0 +1,75 @@
+From 5f8987d3999edb26e757115fe87be55787d510b9 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Dec 2024 09:18:57 +0000
+Subject: [PATCH] nm: Avoid potential segmentation fault when displaying
+ symbols without version info.
+
+PR 32467
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0]
+CVE: CVE-2024-57360
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ binutils/nm.c | 24 ++++++++++++++++--------
+ 1 file changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/binutils/nm.c b/binutils/nm.c
+index faf27c59b4d..0ba7604d34f 100644
+--- a/binutils/nm.c
++++ b/binutils/nm.c
+@@ -682,7 +682,7 @@ print_symname (const char *form, struct extended_symbol_info *info,
+               const char *name, bfd *abfd)
+ {
+   char *alloc = NULL;
+-  char *atver = NULL;
++  char *atname = NULL;
+ 
+   if (name == NULL)
+     name = info->sinfo->name;
+@@ -690,9 +690,19 @@ print_symname (const char *form, struct extended_symbol_info *info,
+   if (!with_symbol_versions
+       && bfd_get_flavour (abfd) == bfd_target_elf_flavour)
+     {
+-      atver = strchr (name, '@');
++      char *atver = strchr (name, '@');
++
+       if (atver)
+-       *atver = 0;
++       {
++         /* PR 32467 - Corrupt binaries might include an @ character in a
++            symbol name.  Since non-versioned symbol names can be in
++            read-only memory (via memory mapping of a file's contents) we
++            cannot just replace the @ character with a NUL.  Instead we
++            create a truncated copy of the name.  */
++         atname = xstrdup (name);
++         atname [atver - name] = 0;
++         name = atname;
++       }
+     }
+ 
+   if (do_demangle && *name)
+@@ -703,9 +713,7 @@ print_symname (const char *form, struct extended_symbol_info *info,
+     }
+ 
+   if (unicode_display != unicode_default)
+-    {
+-      name = convert_utf8 (name);
+-    }
++    name = convert_utf8 (name);
+ 
+   if (info != NULL && info->elfinfo && with_symbol_versions)
+     {
+@@ -726,8 +734,8 @@ print_symname (const char *form, struct extended_symbol_info *info,
+        }
+     }
+   printf (form, name);
+-  if (atver)
+-    *atver = '@';
++
++  free (atname);
+   free (alloc);
+ }
+ 
+-- 
+2.43.5
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1176.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1176.patch
new file mode 100644
index 0000000000..1ecf09569d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1176.patch
@@ -0,0 +1,156 @@
+From f9978defb6fab0bd8583942d97c112b0932ac814 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 11:15:11 +0000
+Subject: [PATCH] Prevent illegal memory access when indexing into the
+ sym_hashes array of the elf bfd cookie structure.
+
+PR 32636
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/binutils/plain/debian/patches/CVE-2025-1176.patch?h=applied/ubuntu/jammy-security&id=62a5cc5a49f4be036cf98d2b8fc7d618620ba672
+Upstream commit https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=f9978defb6fab0bd8583942d97c112b0932ac814]
+CVE: CVE-2025-1176
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+Index: binutils-2.38/bfd/elflink.c
+===================================================================
+--- binutils-2.38.orig/bfd/elflink.c
++++ binutils-2.38/bfd/elflink.c
+@@ -62,15 +62,16 @@ struct elf_find_verdep_info
+ static bool _bfd_elf_fix_symbol_flags
+   (struct elf_link_hash_entry *, struct elf_info_failed *);
+ 
+-asection *
+-_bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
+-                            unsigned long r_symndx,
+-                            bool discard)
++static struct elf_link_hash_entry *
++get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
+ {
+-  if (r_symndx >= cookie->locsymcount
+-      || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
++  struct elf_link_hash_entry *h = NULL;
++
++  if ((r_symndx >= cookie->locsymcount
++       || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
++      /* Guard against corrupt input.  See PR 32636 for an example.  */
++      && r_symndx >= cookie->extsymoff)
+     {
+-      struct elf_link_hash_entry *h;
+ 
+       h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
+ 
+@@ -78,6 +79,22 @@ _bfd_elf_section_for_symbol (struct elf_
+             || h->root.type == bfd_link_hash_warning)
+        h = (struct elf_link_hash_entry *) h->root.u.i.link;
+ 
++    }
++
++  return h;
++}
++ 
++asection *
++_bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
++                            unsigned long r_symndx,
++                            bool discard)
++{
++  struct elf_link_hash_entry *h;
++
++  h = get_ext_sym_hash (cookie, r_symndx);
++  
++  if (h != NULL)
++    {
+       if ((h->root.type == bfd_link_hash_defined
+           || h->root.type == bfd_link_hash_defweak)
+           && discarded_section (h->root.u.def.section))
+@@ -85,21 +102,20 @@ _bfd_elf_section_for_symbol (struct elf_
+       else
+        return NULL;
+     }
+-  else
+-    {
+-      /* It's not a relocation against a global symbol,
+-        but it could be a relocation against a local
+-        symbol for a discarded section.  */
+-      asection *isec;
+-      Elf_Internal_Sym *isym;
+ 
+-      /* Need to: get the symbol; get the section.  */
+-      isym = &cookie->locsyms[r_symndx];
+-      isec = bfd_section_from_elf_index (cookie->abfd, isym->st_shndx);
+-      if (isec != NULL
+-         && discard ? discarded_section (isec) : 1)
+-       return isec;
+-     }
++  /* It's not a relocation against a global symbol,
++     but it could be a relocation against a local
++     symbol for a discarded section.  */
++  asection *isec;
++  Elf_Internal_Sym *isym;
++
++  /* Need to: get the symbol; get the section.  */
++  isym = &cookie->locsyms[r_symndx];
++  isec = bfd_section_from_elf_index (cookie->abfd, isym->st_shndx);
++  if (isec != NULL
++      && discard ? discarded_section (isec) : 1)
++    return isec;
++
+   return NULL;
+ }
+ 
+@@ -13642,22 +13658,12 @@ _bfd_elf_gc_mark_rsec (struct bfd_link_i
+   if (r_symndx == STN_UNDEF)
+     return NULL;
+ 
+-  if (r_symndx >= cookie->locsymcount
+-      || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
++  h = get_ext_sym_hash (cookie, r_symndx);
++  
++  if (h != NULL)
+     {
+       bool was_marked;
+ 
+-      h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
+-      if (h == NULL)
+-       {
+-         info->callbacks->einfo (_("%F%P: corrupt input: %pB\n"),
+-                                 sec->owner);
+-         return NULL;
+-       }
+-      while (h->root.type == bfd_link_hash_indirect
+-            || h->root.type == bfd_link_hash_warning)
+-       h = (struct elf_link_hash_entry *) h->root.u.i.link;
+-
+       was_marked = h->mark;
+       h->mark = 1;
+       /* Keep all aliases of the symbol too.  If an object symbol
+@@ -14703,17 +14709,12 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma
+       if (r_symndx == STN_UNDEF)
+        return true;
+ 
+-      if (r_symndx >= rcookie->locsymcount
+-         || ELF_ST_BIND (rcookie->locsyms[r_symndx].st_info) != STB_LOCAL)
+-       {
+-         struct elf_link_hash_entry *h;
+-
+-         h = rcookie->sym_hashes[r_symndx - rcookie->extsymoff];
+-
+-         while (h->root.type == bfd_link_hash_indirect
+-                || h->root.type == bfd_link_hash_warning)
+-           h = (struct elf_link_hash_entry *) h->root.u.i.link;
++      struct elf_link_hash_entry *h;
+ 
++      h = get_ext_sym_hash (rcookie, r_symndx);
++      
++      if (h != NULL)
++       {
+          if ((h->root.type == bfd_link_hash_defined
+               || h->root.type == bfd_link_hash_defweak)
+              && (h->root.u.def.section->owner != rcookie->abfd
+@@ -14737,6 +14738,7 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma
+                  || discarded_section (isec)))
+            return true;
+        }
++
+       return false;
+     }
+   return false;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1178.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1178.patch
new file mode 100644
index 0000000000..a68a5e1c3c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1178.patch
@@ -0,0 +1,38 @@
+From 75086e9de1707281172cc77f178e7949a4414ed0 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 13:26:51 +0000
+Subject: [PATCH] Prevent an abort in the bfd linker when attempting to
+ generate dynamic relocs for a corrupt input file.
+
+PR 32638
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0]
+CVE: CVE-2025-1178
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ bfd/elf64-x86-64.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
+index 61334c3ab04..32db254ba6c 100644
+--- a/bfd/elf64-x86-64.c
++++ b/bfd/elf64-x86-64.c
+@@ -5303,6 +5303,15 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
+ 
+       if (generate_dynamic_reloc)
+        {
++         /* If the relgot section has not been created, then
++            generate an error instead of a reloc.  cf PR 32638.  */
++         if (relgot == NULL || relgot->size == 0)
++           {
++             info->callbacks->einfo (_("%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n"),
++                                       output_bfd);
++             return false;
++           }
++         
+          if (relative_reloc_name != NULL
+              && htab->params->report_relative_reloc)
+            _bfd_x86_elf_link_report_relative_reloc
+-- 
+2.43.5
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1179-pre.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1179-pre.patch
new file mode 100644
index 0000000000..b5bf27ec6d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1179-pre.patch
@@ -0,0 +1,1086 @@
+From 1d68a49ac5d71b648304f69af978fce0f4413800 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Tue, 23 Jul 2024 23:39:50 -0700
+Subject: [PATCH 1/2] x86: Improve TLS transition error check
+
+Provide detailed TLS transition errors when unsupported instructions are
+used.  Treat R_X86_64_CODE_4_GOTTPOFF and R_X86_64_CODE_6_GOTTPOFF as
+R_X86_64_GOTTPOFF when performing TLS transition.
+
+bfd/
+
+        PR ld/32017
+        * elf32-i386.c (elf_i386_check_tls_transition): Return different
+        enums for different errors.
+        (elf_i386_tls_transition): Change argument from r_symndx to sym.
+        Call _bfd_x86_elf_link_report_tls_transition_error to report TLS
+        transition errors.
+        (elf_i386_scan_relocs): Pass isym instead of r_symndx to
+        elf_i386_tls_transition.
+        (elf_i386_relocate_section): Pass sym instead of r_symndx to
+        elf_i386_tls_transition.
+        * elf64-x86-64.c (elf_x86_64_check_tls_transition): Return
+        different enums for different errors.
+        (elf_x86_64_tls_transition): Change argument from r_symndx to sym.
+        Treat R_X86_64_CODE_4_GOTTPOFF and R_X86_64_CODE_6_GOTTPOFF as
+        R_X86_64_GOTTPOFF.  Call
+        _bfd_x86_elf_link_report_tls_transition_error to report TLS
+        transition errors.
+        (elf_x86_64_scan_relocs): Pass isym instead of r_symndx to
+        elf_x86_64_tls_transition.
+        (elf_x86_64_relocate_section): Pass sym instead of r_symndx to
+        elf_x86_64_tls_transition.
+        * elfxx-x86.c (_bfd_x86_elf_link_report_tls_transition_error): New.
+        * elfxx-x86.h (elf_x86_tls_error_type): Likewise.
+        (_bfd_x86_elf_link_report_tls_transition_error): Likewise.
+
+ld/
+
+        PR ld/32017
+        * testsuite/ld-i386/i386.exp: Run tlsgdesc1 and tlsgdesc2.
+        * testsuite/ld-i386/tlsie2.d: Updated.
+        * testsuite/ld-i386/tlsie3.d: Likewise.
+        * testsuite/ld-i386/tlsie4.d: Likewise.
+        * testsuite/ld-i386/tlsie5.d: Likewise.
+        * testsuite/ld-x86-64/tlsie2.d: Likewise.
+        * testsuite/ld-x86-64/tlsie3.d: Likewise.
+        * testsuite/ld-i386/tlsgdesc1.d: New file.
+        * testsuite/ld-i386/tlsgdesc1.s: Likewise.
+        * testsuite/ld-i386/tlsgdesc2.d: Likewise.
+        * testsuite/ld-i386/tlsgdesc2.s: Likewise.
+        * testsuite/ld-x86-64/tlsdesc3.d: Likewise.
+        * testsuite/ld-x86-64/tlsdesc3.s: Likewise.
+        * testsuite/ld-x86-64/tlsdesc4.d: Likewise.
+        * testsuite/ld-x86-64/tlsdesc4.s: Likewise.
+        * testsuite/ld-x86-64/tlsie5.d: Likewise.
+        * testsuite/ld-x86-64/tlsie5.s: Likewise.
+        * testsuite/ld-x86-64/x86-64.exp: Run tlsie5, tlsdesc3 and
+        tlsdesc4.
+
+(cherry picked from commit:1d68a49ac5d71b648304f69af978fce0f4413800)
+Upstream-Status: Submitted [https://sourceware.org/pipermail/binutils/2025-May/141322.html]
+CVE: CVE-2025-1179
+
+Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
+---
+ bfd/elf32-i386.c                  | 118 +++++++++++++-------------
+ bfd/elf64-x86-64.c                | 133 ++++++++++++++++--------------
+ bfd/elfxx-x86.c                   |  85 +++++++++++++++++++
+ bfd/elfxx-x86.h                   |  18 ++++
+ ld/testsuite/ld-i386/i386.exp     |   2 +
+ ld/testsuite/ld-i386/tlsgdesc1.d  |   4 +
+ ld/testsuite/ld-i386/tlsgdesc1.s  |  11 +++
+ ld/testsuite/ld-i386/tlsgdesc2.d  |   4 +
+ ld/testsuite/ld-i386/tlsgdesc2.s  |  11 +++
+ ld/testsuite/ld-i386/tlsie2.d     |   2 +-
+ ld/testsuite/ld-i386/tlsie3.d     |   2 +-
+ ld/testsuite/ld-i386/tlsie4.d     |   2 +-
+ ld/testsuite/ld-i386/tlsie5.d     |   2 +-
+ ld/testsuite/ld-x86-64/tlsdesc3.d |   4 +
+ ld/testsuite/ld-x86-64/tlsdesc3.s |  13 +++
+ ld/testsuite/ld-x86-64/tlsdesc4.d |   4 +
+ ld/testsuite/ld-x86-64/tlsdesc4.s |  13 +++
+ ld/testsuite/ld-x86-64/tlsie2.d   |   2 +-
+ ld/testsuite/ld-x86-64/tlsie3.d   |   2 +-
+ ld/testsuite/ld-x86-64/tlsie5.d   |   4 +
+ ld/testsuite/ld-x86-64/tlsie5.s   |  12 +++
+ ld/testsuite/ld-x86-64/x86-64.exp |   3 +
+ 22 files changed, 319 insertions(+), 132 deletions(-)
+ create mode 100644 ld/testsuite/ld-i386/tlsgdesc1.d
+ create mode 100644 ld/testsuite/ld-i386/tlsgdesc1.s
+ create mode 100644 ld/testsuite/ld-i386/tlsgdesc2.d
+ create mode 100644 ld/testsuite/ld-i386/tlsgdesc2.s
+ create mode 100644 ld/testsuite/ld-x86-64/tlsdesc3.d
+ create mode 100644 ld/testsuite/ld-x86-64/tlsdesc3.s
+ create mode 100644 ld/testsuite/ld-x86-64/tlsdesc4.d
+ create mode 100644 ld/testsuite/ld-x86-64/tlsdesc4.s
+ create mode 100644 ld/testsuite/ld-x86-64/tlsie5.d
+ create mode 100644 ld/testsuite/ld-x86-64/tlsie5.s
+
+diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
+index e2f88a11487..18a28d2491c 100644
+--- a/bfd/elf32-i386.c
++++ b/bfd/elf32-i386.c
+@@ -839,7 +839,7 @@ static const struct elf_x86_non_lazy_plt_layout elf_i386_non_lazy_ibt_plt =
+ /* Return TRUE if the TLS access code sequence support transition
+    from R_TYPE.  */
+ 
+-static bool
++static enum elf_x86_tls_error_type
+ elf_i386_check_tls_transition (asection *sec,
+                               bfd_byte *contents,
+                               Elf_Internal_Shdr *symtab_hdr,
+@@ -861,7 +861,7 @@ elf_i386_check_tls_transition (asection *sec,
+     case R_386_TLS_GD:
+     case R_386_TLS_LDM:
+       if (offset < 2 || (rel + 1) >= relend)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       indirect_call = false;
+       call = contents + offset + 4;
+@@ -884,19 +884,19 @@ elf_i386_check_tls_transition (asection *sec,
+             can transit to different access model.  */
+          if ((offset + 10) > sec->size
+              || (type != 0x8d && type != 0x04))
+-           return false;
++           return elf_x86_tls_error_yes;
+ 
+          if (type == 0x04)
+            {
+              /* leal foo@tlsgd(,%ebx,1), %eax
+                 call ___tls_get_addr@PLT  */
+              if (offset < 3)
+-               return false;
++               return elf_x86_tls_error_yes;
+ 
+              if (*(call - 7) != 0x8d
+                  || val != 0x1d
+                  || call[0] != 0xe8)
+-               return false;
++               return elf_x86_tls_error_yes;
+            }
+          else
+            {
+@@ -914,7 +914,7 @@ elf_i386_check_tls_transition (asection *sec,
+                 is used to pass parameter to ___tls_get_addr.  */
+              reg = val & 7;
+              if ((val & 0xf8) != 0x80 || reg == 4 || reg == 0)
+-               return false;
++               return elf_x86_tls_error_yes;
+ 
+              indirect_call = call[0] == 0xff;
+              if (!(reg == 3 && call[0] == 0xe8 && call[5] == 0x90)
+@@ -922,7 +922,7 @@ elf_i386_check_tls_transition (asection *sec,
+                  && !(indirect_call
+                       && (call[1] & 0xf8) == 0x90
+                       && (call[1] & 0x7) == reg))
+-               return false;
++               return elf_x86_tls_error_yes;
+            }
+        }
+       else
+@@ -937,13 +937,13 @@ elf_i386_check_tls_transition (asection *sec,
+                addr32 call ___tls_get_addr
+             can transit to different access model.  */
+          if (type != 0x8d || (offset + 9) > sec->size)
+-           return false;
++           return elf_x86_tls_error_yes;
+ 
+          /* %eax can't be used as the GOT base register since it is
+             used to pass parameter to ___tls_get_addr.  */
+          reg = val & 7;
+          if ((val & 0xf8) != 0x80 || reg == 4 || reg == 0)
+-           return false;
++           return elf_x86_tls_error_yes;
+ 
+          indirect_call = call[0] == 0xff;
+          if (!(reg == 3 && call[0] == 0xe8)
+@@ -951,23 +951,27 @@ elf_i386_check_tls_transition (asection *sec,
+              && !(indirect_call
+                   && (call[1] & 0xf8) == 0x90
+                   && (call[1] & 0x7) == reg))
+-           return false;
++           return elf_x86_tls_error_yes;
+        }
+ 
+       r_symndx = ELF32_R_SYM (rel[1].r_info);
+       if (r_symndx < symtab_hdr->sh_info)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       h = sym_hashes[r_symndx - symtab_hdr->sh_info];
+       if (h == NULL
+          || !((struct elf_x86_link_hash_entry *) h)->tls_get_addr)
+-       return false;
++       return elf_x86_tls_error_yes;
+       else if (indirect_call)
+-       return (ELF32_R_TYPE (rel[1].r_info) == R_386_GOT32X
+-               || ELF32_R_TYPE (rel[1].r_info) == R_386_GOT32);
++       return ((ELF32_R_TYPE (rel[1].r_info) == R_386_GOT32X
++                || ELF32_R_TYPE (rel[1].r_info) == R_386_GOT32)
++               ? elf_x86_tls_error_none
++               : elf_x86_tls_error_yes);
+       else
+-       return (ELF32_R_TYPE (rel[1].r_info) == R_386_PC32
+-               || ELF32_R_TYPE (rel[1].r_info) == R_386_PLT32);
++       return ((ELF32_R_TYPE (rel[1].r_info) == R_386_PC32
++               || ELF32_R_TYPE (rel[1].r_info) == R_386_PLT32)
++               ? elf_x86_tls_error_none
++               : elf_x86_tls_error_yes);
+ 
+     case R_386_TLS_IE:
+       /* Check transition from IE access model:
+@@ -977,20 +981,23 @@ elf_i386_check_tls_transition (asection *sec,
+        */
+ 
+       if (offset < 1 || (offset + 4) > sec->size)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       /* Check "movl foo@tpoff(%rip), %eax" first.  */
+       val = bfd_get_8 (abfd, contents + offset - 1);
+       if (val == 0xa1)
+-       return true;
++       return elf_x86_tls_error_none;
+ 
+       if (offset < 2)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       /* Check movl|addl foo@tpoff(%rip), %reg.   */
+       type = bfd_get_8 (abfd, contents + offset - 2);
+-      return ((type == 0x8b || type == 0x03)
+-             && (val & 0xc7) == 0x05);
++      if (type != 0x8b && type != 0x03)
++       return elf_x86_tls_error_add_mov;
++      return ((val & 0xc7) == 0x05
++             ? elf_x86_tls_error_none
++             : elf_x86_tls_error_yes);
+ 
+     case R_386_TLS_GOTIE:
+     case R_386_TLS_IE_32:
+@@ -1001,14 +1008,16 @@ elf_i386_check_tls_transition (asection *sec,
+        */
+ 
+       if (offset < 2 || (offset + 4) > sec->size)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       val = bfd_get_8 (abfd, contents + offset - 1);
+       if ((val & 0xc0) != 0x80 || (val & 7) == 4)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       type = bfd_get_8 (abfd, contents + offset - 2);
+-      return type == 0x8b || type == 0x2b || type == 0x03;
++      return (type == 0x8b || type == 0x2b || type == 0x03
++             ? elf_x86_tls_error_none
++             : elf_x86_tls_error_add_sub_mov);
+ 
+     case R_386_TLS_GOTDESC:
+       /* Check transition from GDesc access model:
+@@ -1019,13 +1028,15 @@ elf_i386_check_tls_transition (asection *sec,
+         going to be eax.  */
+ 
+       if (offset < 2 || (offset + 4) > sec->size)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       if (bfd_get_8 (abfd, contents + offset - 2) != 0x8d)
+-       return false;
++       return elf_x86_tls_error_lea;
+ 
+       val = bfd_get_8 (abfd, contents + offset - 1);
+-      return (val & 0xc7) == 0x83;
++      return ((val & 0xc7) == 0x83
++             ? elf_x86_tls_error_none
++             : elf_x86_tls_error_yes);
+ 
+     case R_386_TLS_DESC_CALL:
+       /* Check transition from GDesc access model:
+@@ -1035,10 +1046,12 @@ elf_i386_check_tls_transition (asection *sec,
+        {
+          /* Make sure that it's a call *x@tlsdesc(%eax).  */
+          call = contents + offset;
+-         return call[0] == 0xff && call[1] == 0x10;
++         return (call[0] == 0xff && call[1] == 0x10
++                 ? elf_x86_tls_error_none
++                 : elf_x86_tls_error_indirect_call);
+        }
+ 
+-      return false;
++      return elf_x86_tls_error_yes;
+ 
+     default:
+       abort ();
+@@ -1057,7 +1070,7 @@ elf_i386_tls_transition (struct bfd_link_info *info, bfd *abfd,
+                         const Elf_Internal_Rela *rel,
+                         const Elf_Internal_Rela *relend,
+                         struct elf_link_hash_entry *h,
+-                        unsigned long r_symndx,
++                        Elf_Internal_Sym *sym,
+                         bool from_relocate_section)
+ {
+   unsigned int from_type = *r_type;
+@@ -1142,43 +1155,24 @@ elf_i386_tls_transition (struct bfd_link_info *info, bfd *abfd,
+     return true;
+ 
+   /* Check if the transition can be performed.  */
++  enum elf_x86_tls_error_type tls_error;
+   if (check
+-      && ! elf_i386_check_tls_transition (sec, contents,
+-                                         symtab_hdr, sym_hashes,
+-                                         from_type, rel, relend))
++      && ((tls_error = elf_i386_check_tls_transition (sec, contents,
++                                                     symtab_hdr,
++                                                     sym_hashes,
++                                                     from_type, rel,
++                                                     relend))
++         != elf_x86_tls_error_none))
+     {
+       reloc_howto_type *from, *to;
+-      const char *name;
+ 
+       from = elf_i386_rtype_to_howto (from_type);
+       to = elf_i386_rtype_to_howto (to_type);
+ 
+-      if (h)
+-       name = h->root.root.string;
+-      else
+-       {
+-         struct elf_x86_link_hash_table *htab;
+-
+-         htab = elf_x86_hash_table (info, I386_ELF_DATA);
+-         if (htab == NULL)
+-           name = "*unknown*";
+-         else
+-           {
+-             Elf_Internal_Sym *isym;
+-
+-             isym = bfd_sym_from_r_symndx (&htab->elf.sym_cache,
+-                                           abfd, r_symndx);
+-             name = bfd_elf_sym_name (abfd, symtab_hdr, isym, NULL);
+-           }
+-       }
++      _bfd_x86_elf_link_report_tls_transition_error
++       (info, abfd, sec, symtab_hdr, h, sym, rel, from->name,
++        to->name, tls_error);
+ 
+-      _bfd_error_handler
+-       /* xgettext:c-format */
+-       (_("%pB: TLS transition from %s to %s against `%s'"
+-          " at %#" PRIx64 " in section `%pA' failed"),
+-        abfd, from->name, to->name, name,
+-        (uint64_t) rel->r_offset, sec);
+-      bfd_set_error (bfd_error_bad_value);
+       return false;
+     }
+ 
+@@ -1600,7 +1594,7 @@ elf_i386_scan_relocs (bfd *abfd,
+       if (! elf_i386_tls_transition (info, abfd, sec, contents,
+                                     symtab_hdr, sym_hashes,
+                                     &r_type, GOT_UNKNOWN,
+-                                    rel, rel_end, h, r_symndx, false))
++                                    rel, rel_end, h, isym, false))
+        goto error_return;
+ 
+       /* Check if _GLOBAL_OFFSET_TABLE_ is referenced.  */
+@@ -2875,7 +2869,7 @@ elf_i386_relocate_section (bfd *output_bfd,
+                                         input_section, contents,
+                                         symtab_hdr, sym_hashes,
+                                         &r_type_tls, tls_type, rel,
+-                                        relend, h, r_symndx, true))
++                                        relend, h, sym, true))
+            return false;
+ 
+          expected_tls_le = htab->elf.target_os == is_solaris
+@@ -3365,7 +3359,7 @@ elf_i386_relocate_section (bfd *output_bfd,
+                                         input_section, contents,
+                                         symtab_hdr, sym_hashes,
+                                         &r_type, GOT_UNKNOWN, rel,
+-                                        relend, h, r_symndx, true))
++                                        relend, h, sym, true))
+            return false;
+ 
+          if (r_type != R_386_TLS_LDM)
+diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
+index 2ed120af780..f116e423f61 100644
+--- a/bfd/elf64-x86-64.c
++++ b/bfd/elf64-x86-64.c
+@@ -1120,7 +1120,7 @@ elf32_x86_64_elf_object_p (bfd *abfd)
+ /* Return TRUE if the TLS access code sequence support transition
+    from R_TYPE.  */
+ 
+-static bool
++static enum elf_x86_tls_error_type
+ elf_x86_64_check_tls_transition (bfd *abfd,
+                                 struct bfd_link_info *info,
+                                 asection *sec,
+@@ -1147,7 +1147,7 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+     case R_X86_64_TLSGD:
+     case R_X86_64_TLSLD:
+       if ((rel + 1) >= relend)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       if (r_type == R_X86_64_TLSGD)
+        {
+@@ -1184,7 +1184,7 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+          static const unsigned char leaq[] = { 0x66, 0x48, 0x8d, 0x3d };
+ 
+          if ((offset + 12) > sec->size)
+-           return false;
++           return elf_x86_tls_error_yes;
+ 
+          call = contents + offset + 4;
+          if (call[0] != 0x66
+@@ -1208,20 +1208,20 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+                  || call[14] != 0xd0
+                  || !((call[10] == 0x48 && call[12] == 0xd8)
+                       || (call[10] == 0x4c && call[12] == 0xf8)))
+-               return false;
++               return elf_x86_tls_error_yes;
+              largepic = true;
+            }
+          else if (ABI_64_P (abfd))
+            {
+              if (offset < 4
+                  || memcmp (contents + offset - 4, leaq, 4) != 0)
+-               return false;
++               return elf_x86_tls_error_yes;
+            }
+          else
+            {
+              if (offset < 3
+                  || memcmp (contents + offset - 3, leaq + 1, 3) != 0)
+-               return false;
++               return elf_x86_tls_error_yes;
+            }
+          indirect_call = call[2] == 0xff;
+        }
+@@ -1250,10 +1250,10 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+          static const unsigned char lea[] = { 0x48, 0x8d, 0x3d };
+ 
+          if (offset < 3 || (offset + 9) > sec->size)
+-           return false;
++           return elf_x86_tls_error_yes;
+ 
+          if (memcmp (contents + offset - 3, lea, 3) != 0)
+-           return false;
++           return elf_x86_tls_error_yes;
+ 
+          call = contents + offset + 4;
+          if (!(call[0] == 0xe8
+@@ -1268,7 +1268,7 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+                  || call[14] != 0xd0
+                  || !((call[10] == 0x48 && call[12] == 0xd8)
+                       || (call[10] == 0x4c && call[12] == 0xf8)))
+-               return false;
++               return elf_x86_tls_error_yes;
+              largepic = true;
+            }
+          indirect_call = call[0] == 0xff;
+@@ -1276,22 +1276,30 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+ 
+       r_symndx = htab->r_sym (rel[1].r_info);
+       if (r_symndx < symtab_hdr->sh_info)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       h = sym_hashes[r_symndx - symtab_hdr->sh_info];
+       if (h == NULL
+          || !((struct elf_x86_link_hash_entry *) h)->tls_get_addr)
+-       return false;
++       return elf_x86_tls_error_yes;
+       else
+        {
+          r_type = (ELF32_R_TYPE (rel[1].r_info)
+                    & ~R_X86_64_converted_reloc_bit);
+          if (largepic)
+-           return r_type == R_X86_64_PLTOFF64;
++           return (r_type == R_X86_64_PLTOFF64
++                   ? elf_x86_tls_error_none
++                   : elf_x86_tls_error_yes);
+          else if (indirect_call)
+-           return (r_type == R_X86_64_GOTPCRELX || r_type == R_X86_64_GOTPCREL);
++           return ((r_type == R_X86_64_GOTPCRELX
++                    || r_type == R_X86_64_GOTPCREL)
++                   ? elf_x86_tls_error_none
++                   : elf_x86_tls_error_yes);
+          else
+-           return (r_type == R_X86_64_PC32 || r_type == R_X86_64_PLT32);
++           return ((r_type == R_X86_64_PC32
++                    || r_type == R_X86_64_PLT32)
++                   ? elf_x86_tls_error_none
++                   : elf_x86_tls_error_yes);
+        }
+ 
+     case R_X86_64_CODE_4_GOTTPOFF:
+@@ -1303,7 +1311,7 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+       if (offset < 4
+          || (offset + 4) > sec->size
+          || contents[offset - 4] != 0xd5)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       goto check_gottpoff;
+ 
+@@ -1315,14 +1323,16 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+       if (offset < 6
+          || (offset + 4) > sec->size
+          || contents[offset - 6] != 0x62)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       val = bfd_get_8 (abfd, contents + offset - 2);
+       if (val != 0x01 && val != 0x03)
+-       return false;
++       return elf_x86_tls_error_add;
+ 
+       val = bfd_get_8 (abfd, contents + offset - 1);
+-      return (val & 0xc7) == 5;
++      return ((val & 0xc7) == 5
++             ? elf_x86_tls_error_none
++             : elf_x86_tls_error_yes);
+ 
+     case R_X86_64_GOTTPOFF:
+       /* Check transition from IE access model:
+@@ -1338,25 +1348,27 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+            {
+              /* X32 may have 0x44 REX prefix or no REX prefix.  */
+              if (ABI_64_P (abfd))
+-               return false;
++               return elf_x86_tls_error_yes;
+            }
+        }
+       else
+        {
+          /* X32 may not have any REX prefix.  */
+          if (ABI_64_P (abfd))
+-           return false;
++           return elf_x86_tls_error_yes;
+          if (offset < 2 || (offset + 3) > sec->size)
+-           return false;
++           return elf_x86_tls_error_yes;
+        }
+ 
+  check_gottpoff:
+       val = bfd_get_8 (abfd, contents + offset - 2);
+       if (val != 0x8b && val != 0x03)
+-       return false;
++       return elf_x86_tls_error_add_mov;
+ 
+       val = bfd_get_8 (abfd, contents + offset - 1);
+-      return (val & 0xc7) == 5;
++      return ((val & 0xc7) == 5
++             ? elf_x86_tls_error_none
++             : elf_x86_tls_error_yes);
+ 
+     case R_X86_64_CODE_4_GOTPC32_TLSDESC:
+       /* Check transition from GDesc access model:
+@@ -1366,7 +1378,7 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+       if (offset < 4
+          || (offset + 4) > sec->size
+          || contents[offset - 4] != 0xd5)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       goto check_tlsdesc;
+ 
+@@ -1380,19 +1392,21 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+         going to be rax.  */
+ 
+       if (offset < 3 || (offset + 4) > sec->size)
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+       val = bfd_get_8 (abfd, contents + offset - 3);
+       val &= 0xfb;
+       if (val != 0x48 && (ABI_64_P (abfd) || val != 0x40))
+-       return false;
++       return elf_x86_tls_error_yes;
+ 
+  check_tlsdesc:
+       if (bfd_get_8 (abfd, contents + offset - 2) != 0x8d)
+-       return false;
++       return elf_x86_tls_error_lea;
+ 
+       val = bfd_get_8 (abfd, contents + offset - 1);
+-      return (val & 0xc7) == 0x05;
++      return ((val & 0xc7) == 0x05
++             ? elf_x86_tls_error_none
++             : elf_x86_tls_error_yes);
+ 
+     case R_X86_64_TLSDESC_CALL:
+       /* Check transition from GDesc access model:
+@@ -1411,14 +1425,16 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+                {
+                  prefix = 1;
+                  if (offset + 3 > sec->size)
+-                   return false;
++                   return elf_x86_tls_error_yes;
+                }
+            }
+          /* Make sure that it's a call *x@tlsdesc(%rax).  */
+-         return call[prefix] == 0xff && call[1 + prefix] == 0x10;
++         return (call[prefix] == 0xff && call[1 + prefix] == 0x10
++                 ? elf_x86_tls_error_none
++                 : elf_x86_tls_error_indirect_call);
+        }
+ 
+-      return false;
++      return elf_x86_tls_error_yes;
+ 
+     default:
+       abort ();
+@@ -1437,7 +1453,7 @@ elf_x86_64_tls_transition (struct bfd_link_info *info, bfd *abfd,
+                           const Elf_Internal_Rela *rel,
+                           const Elf_Internal_Rela *relend,
+                           struct elf_link_hash_entry *h,
+-                          unsigned long r_symndx,
++                          Elf_Internal_Sym *sym,
+                           bool from_relocate_section)
+ {
+   unsigned int from_type = *r_type;
+@@ -1488,7 +1504,12 @@ elf_x86_64_tls_transition (struct bfd_link_info *info, bfd *abfd,
+          /* We checked the transition before when we were called from
+             elf_x86_64_scan_relocs.  We only want to check the new
+             transition which hasn't been checked before.  */
+-         check = new_to_type != to_type && from_type == to_type;
++         check = (new_to_type != to_type
++                  && (from_type == to_type
++                      || (from_type == R_X86_64_CODE_4_GOTTPOFF
++                          && to_type == R_X86_64_GOTTPOFF)
++                      || (from_type == R_X86_64_CODE_6_GOTTPOFF
++                          && to_type == R_X86_64_GOTTPOFF)));
+          to_type = new_to_type;
+        }
+ 
+@@ -1512,13 +1533,18 @@ elf_x86_64_tls_transition (struct bfd_link_info *info, bfd *abfd,
+     return true;
+ 
+   /* Check if the transition can be performed.  */
++  enum elf_x86_tls_error_type tls_error;
+   if (check
+-      && ! elf_x86_64_check_tls_transition (abfd, info, sec, contents,
+-                                           symtab_hdr, sym_hashes,
+-                                           from_type, rel, relend))
++      && ((tls_error = elf_x86_64_check_tls_transition (abfd, info, sec,
++                                                       contents,
++                                                       symtab_hdr,
++                                                       sym_hashes,
++                                                       from_type, rel,
++                                                       relend))
++         != elf_x86_tls_error_none))
++
+     {
+       reloc_howto_type *from, *to;
+-      const char *name;
+ 
+       from = elf_x86_64_rtype_to_howto (abfd, from_type);
+       to = elf_x86_64_rtype_to_howto (abfd, to_type);
+@@ -1526,31 +1552,10 @@ elf_x86_64_tls_transition (struct bfd_link_info *info, bfd *abfd,
+       if (from == NULL || to == NULL)
+        return false;
+ 
+-      if (h)
+-       name = h->root.root.string;
+-      else
+-       {
+-         struct elf_x86_link_hash_table *htab;
+-
+-         htab = elf_x86_hash_table (info, X86_64_ELF_DATA);
+-         if (htab == NULL)
+-           name = "*unknown*";
+-         else
+-           {
+-             Elf_Internal_Sym *isym;
++      _bfd_x86_elf_link_report_tls_transition_error
++       (info, abfd, sec, symtab_hdr, h, sym, rel, from->name,
++        to->name, tls_error);
+ 
+-             isym = bfd_sym_from_r_symndx (&htab->elf.sym_cache,
+-                                           abfd, r_symndx);
+-             name = bfd_elf_sym_name (abfd, symtab_hdr, isym, NULL);
+-           }
+-       }
+-
+-      _bfd_error_handler
+-       /* xgettext:c-format */
+-       (_("%pB: TLS transition from %s to %s against `%s' at %#" PRIx64
+-          " in section `%pA' failed"),
+-        abfd, from->name, to->name, name, (uint64_t) rel->r_offset, sec);
+-      bfd_set_error (bfd_error_bad_value);
+       return false;
+     }
+ 
+@@ -2198,7 +2203,7 @@ elf_x86_64_scan_relocs (bfd *abfd, struct bfd_link_info *info,
+       if (! elf_x86_64_tls_transition (info, abfd, sec, contents,
+                                       symtab_hdr, sym_hashes,
+                                       &r_type, GOT_UNKNOWN,
+-                                      rel, rel_end, h, r_symndx, false))
++                                      rel, rel_end, h, isym, false))
+        goto error_return;
+ 
+       /* Check if _GLOBAL_OFFSET_TABLE_ is referenced.  */
+@@ -3648,7 +3653,7 @@ elf_x86_64_relocate_section (bfd *output_bfd,
+                                           input_section, contents,
+                                           symtab_hdr, sym_hashes,
+                                           &r_type_tls, tls_type, rel,
+-                                          relend, h, r_symndx, true))
++                                          relend, h, sym, true))
+            return false;
+ 
+          if (r_type_tls == R_X86_64_TPOFF32)
+@@ -4308,7 +4313,7 @@ elf_x86_64_relocate_section (bfd *output_bfd,
+                                           input_section, contents,
+                                           symtab_hdr, sym_hashes,
+                                           &r_type, GOT_UNKNOWN, rel,
+-                                          relend, h, r_symndx, true))
++                                          relend, h, sym, true))
+            return false;
+ 
+          if (r_type != R_X86_64_TLSLD)
+diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
+index 508fd771da3..b17dad759c8 100644
+--- a/bfd/elfxx-x86.c
++++ b/bfd/elfxx-x86.c
+@@ -3202,6 +3202,91 @@ _bfd_x86_elf_link_report_relative_reloc
+        asect, abfd);
+ }
+ 
++/* Report TLS transition error.  */
++
++void
++_bfd_x86_elf_link_report_tls_transition_error
++  (struct bfd_link_info *info, bfd *abfd, asection *asect,
++   Elf_Internal_Shdr *symtab_hdr, struct elf_link_hash_entry *h,
++   Elf_Internal_Sym *sym, const Elf_Internal_Rela *rel,
++   const char *from_reloc_name, const char *to_reloc_name,
++   enum elf_x86_tls_error_type tls_error)
++{
++  const char *name;
++
++  if (h)
++    name = h->root.root.string;
++  else
++    {
++      const struct elf_backend_data *bed
++       = get_elf_backend_data (abfd);
++      struct elf_x86_link_hash_table *htab
++       = elf_x86_hash_table (info, bed->target_id);
++      if (htab == NULL)
++       name = "*unknown*";
++      else
++       name = bfd_elf_sym_name (abfd, symtab_hdr, sym, NULL);
++    }
++
++  switch (tls_error)
++    {
++    case elf_x86_tls_error_yes:
++      info->callbacks->einfo
++       /* xgettext:c-format */
++       (_("%pB: TLS transition from %s to %s against `%s' at 0x%v in "
++          "section `%pA' failed"),
++        abfd, from_reloc_name, to_reloc_name, name, rel->r_offset,
++        asect);
++      break;
++
++    case elf_x86_tls_error_add:
++      info->callbacks->einfo
++       /* xgettext:c-format */
++       (_("%pB(%pA+0x%v): relocation %s against `%s' must be used "
++          "in ADD only"),
++        abfd, asect, rel->r_offset, from_reloc_name, name);
++      break;
++
++    case elf_x86_tls_error_add_mov:
++      info->callbacks->einfo
++       /* xgettext:c-format */
++       (_("%pB(%pA+0x%v): relocation %s against `%s' must be used "
++          "in ADD or MOV only"),
++        abfd, asect, rel->r_offset, from_reloc_name, name);
++      break;
++
++    case elf_x86_tls_error_add_sub_mov:
++      info->callbacks->einfo
++       /* xgettext:c-format */
++       (_("%pB(%pA+0x%v): relocation %s against `%s' must be used "
++          "in ADD, SUB or MOV only"),
++        abfd, asect, rel->r_offset, from_reloc_name, name);
++      break;
++
++    case elf_x86_tls_error_indirect_call:
++      info->callbacks->einfo
++       /* xgettext:c-format */
++       (_("%pB(%pA+0x%v): relocation %s against `%s' must be used "
++          "in indirect CALL only"),
++        abfd, asect, rel->r_offset, from_reloc_name, name);
++      break;
++
++    case elf_x86_tls_error_lea:
++      info->callbacks->einfo
++       /* xgettext:c-format */
++       (_("%pB(%pA+0x%v): relocation %s against `%s' must be used "
++          "in LEA only"),
++        abfd, asect, rel->r_offset, from_reloc_name, name);
++      break;
++
++    default:
++      abort ();
++      break;
++    }
++
++  bfd_set_error (bfd_error_bad_value);
++}
++
+ /* Return TRUE if symbol should be hashed in the `.gnu.hash' section.  */
+ 
+ bool
+diff --git a/bfd/elfxx-x86.h b/bfd/elfxx-x86.h
+index 110bcb9ad71..02e2efa6c56 100644
+--- a/bfd/elfxx-x86.h
++++ b/bfd/elfxx-x86.h
+@@ -767,6 +767,18 @@ struct elf_x86_plt
+   long count;
+ };
+ 
++enum elf_x86_tls_error_type
++{
++  elf_x86_tls_error_none,
++  elf_x86_tls_error_add,
++  elf_x86_tls_error_add_mov,
++  elf_x86_tls_error_add_sub_mov,
++  elf_x86_tls_error_indirect_call,
++  elf_x86_tls_error_lea,
++  elf_x86_tls_error_yes
++};
++
++
+ /* Set if a relocation is converted from a GOTPCREL relocation.  */
+ #define R_X86_64_converted_reloc_bit (1 << 7)
+ 
+@@ -908,6 +920,12 @@ extern void _bfd_x86_elf_link_fixup_ifunc_symbol
+ extern void _bfd_x86_elf_link_report_relative_reloc
+   (struct bfd_link_info *, asection *, struct elf_link_hash_entry *,
+    Elf_Internal_Sym *, const char *, const void *);
++extern void _bfd_x86_elf_link_report_tls_transition_error
++  (struct bfd_link_info *, bfd *, asection *, Elf_Internal_Shdr *,
++   struct elf_link_hash_entry *, Elf_Internal_Sym *,
++   const Elf_Internal_Rela *, const char *, const char *,
++   enum elf_x86_tls_error_type);
++
+ 
+ #define bfd_elf64_mkobject \
+   _bfd_x86_elf_mkobject
+diff --git a/ld/testsuite/ld-i386/i386.exp b/ld/testsuite/ld-i386/i386.exp
+index 18d1c9198ca..a8db2c713f3 100644
+--- a/ld/testsuite/ld-i386/i386.exp
++++ b/ld/testsuite/ld-i386/i386.exp
+@@ -541,6 +541,8 @@ run_dump_test "tlsdesc2"
+ run_dump_test "report-reloc-1"
+ run_dump_test "pr27998a"
+ run_dump_test "pr27998b"
++run_dump_test "tlsgdesc1"
++run_dump_test "tlsgdesc2"
+ 
+ proc undefined_weak {cflags ldflags} {
+     set testname "Undefined weak symbol"
+diff --git a/ld/testsuite/ld-i386/tlsgdesc1.d b/ld/testsuite/ld-i386/tlsgdesc1.d
+new file mode 100644
+index 00000000000..2a70e81c444
+--- /dev/null
++++ b/ld/testsuite/ld-i386/tlsgdesc1.d
+@@ -0,0 +1,4 @@
++#name: TLS GDesc->LE transition check (LEA)
++#as: --32
++#ld: -melf_i386
++#error: .*: relocation R_386_TLS_GOTDESC against `foo' must be used in LEA only
+diff --git a/ld/testsuite/ld-i386/tlsgdesc1.s b/ld/testsuite/ld-i386/tlsgdesc1.s
+new file mode 100644
+index 00000000000..c30f7523462
+--- /dev/null
++++ b/ld/testsuite/ld-i386/tlsgdesc1.s
+@@ -0,0 +1,11 @@
++       .text
++       .globl _start
++_start:
++       movl    foo@tlsdesc(%ebx), %eax
++       call    *foo@tlscall(%eax)
++       .section        .tdata,"awT",@progbits
++       .align 4
++       .type   foo, @object
++       .size   foo, 4
++foo:
++       .long   100
+diff --git a/ld/testsuite/ld-i386/tlsgdesc2.d b/ld/testsuite/ld-i386/tlsgdesc2.d
+new file mode 100644
+index 00000000000..2e6a66d372c
+--- /dev/null
++++ b/ld/testsuite/ld-i386/tlsgdesc2.d
+@@ -0,0 +1,4 @@
++#name: TLS GDesc->LE transition check (indirect CALL)
++#as: --32
++#ld: -melf_i386
++#error: .*: relocation R_386_TLS_DESC_CALL against `foo' must be used in indirect CALL only
+diff --git a/ld/testsuite/ld-i386/tlsgdesc2.s b/ld/testsuite/ld-i386/tlsgdesc2.s
+new file mode 100644
+index 00000000000..7d9d556e2ab
+--- /dev/null
++++ b/ld/testsuite/ld-i386/tlsgdesc2.s
+@@ -0,0 +1,11 @@
++       .text
++       .globl _start
++_start:
++       leal    foo@tlsdesc(%ebx), %eax
++       jmp     *foo@tlscall(%eax)
++       .section        .tdata,"awT",@progbits
++       .align 4
++       .type   foo, @object
++       .size   foo, 4
++foo:
++       .long   100
+diff --git a/ld/testsuite/ld-i386/tlsie2.d b/ld/testsuite/ld-i386/tlsie2.d
+index ebb85fde7e7..9f9e63029d6 100644
+--- a/ld/testsuite/ld-i386/tlsie2.d
++++ b/ld/testsuite/ld-i386/tlsie2.d
+@@ -1,4 +1,4 @@
+ #name: TLS IE->LE transition check (R_386_TLS_GOTIE with %eax)
+ #as: --32
+ #ld: -melf_i386
+-#error: .*TLS transition from R_386_TLS_GOTIE to R_386_TLS_LE_32 against `foo'.*failed.*
++#error: .*: relocation R_386_TLS_GOTIE against `foo' must be used in ADD, SUB or MOV only
+diff --git a/ld/testsuite/ld-i386/tlsie3.d b/ld/testsuite/ld-i386/tlsie3.d
+index d993f303c25..506f1a02605 100644
+--- a/ld/testsuite/ld-i386/tlsie3.d
++++ b/ld/testsuite/ld-i386/tlsie3.d
+@@ -1,4 +1,4 @@
+ #name: TLS IE->LE transition check (R_386_TLS_GOTIE)
+ #as: --32
+ #ld: -melf_i386
+-#error: .*TLS transition from R_386_TLS_GOTIE to R_386_TLS_LE_32 against `foo'.*failed.*
++#error: .*: relocation R_386_TLS_GOTIE against `foo' must be used in ADD, SUB or MOV only
+diff --git a/ld/testsuite/ld-i386/tlsie4.d b/ld/testsuite/ld-i386/tlsie4.d
+index 3ca8fddf5dd..a516d002660 100644
+--- a/ld/testsuite/ld-i386/tlsie4.d
++++ b/ld/testsuite/ld-i386/tlsie4.d
+@@ -1,4 +1,4 @@
+ #name: TLS IE->LE transition check (R_386_TLS_IE with %eax)
+ #as: --32
+ #ld: -melf_i386
+-#error: .*TLS transition from R_386_TLS_IE to R_386_TLS_LE_32 against `foo'.*failed.*
++#error: .*: relocation R_386_TLS_IE against `foo' must be used in ADD or MOV only
+diff --git a/ld/testsuite/ld-i386/tlsie5.d b/ld/testsuite/ld-i386/tlsie5.d
+index 3febeb159a9..d3447182e19 100644
+--- a/ld/testsuite/ld-i386/tlsie5.d
++++ b/ld/testsuite/ld-i386/tlsie5.d
+@@ -1,4 +1,4 @@
+ #name: TLS IE->LE transition check (R_386_TLS_IE)
+ #as: --32
+ #ld: -melf_i386
+-#error: .*TLS transition from R_386_TLS_IE to R_386_TLS_LE_32 against `foo'.*failed.*
++#error: .*: relocation R_386_TLS_IE against `foo' must be used in ADD or MOV only
+diff --git a/ld/testsuite/ld-x86-64/tlsdesc3.d b/ld/testsuite/ld-x86-64/tlsdesc3.d
+new file mode 100644
+index 00000000000..bbf22ebeafe
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/tlsdesc3.d
+@@ -0,0 +1,4 @@
++#name: TLS GDesc->LE transition check (LEA)
++#as: --64
++#ld: -melf_x86_64
++#error: .*: relocation R_X86_64_GOTPC32_TLSDESC against `foo' must be used in LEA only
+diff --git a/ld/testsuite/ld-x86-64/tlsdesc3.s b/ld/testsuite/ld-x86-64/tlsdesc3.s
+new file mode 100644
+index 00000000000..45310654ffc
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/tlsdesc3.s
+@@ -0,0 +1,13 @@
++       .text
++       .globl  _start
++       .type   _start,@function
++_start:
++       movq    foo@tlsdesc(%rip), %rax
++       call    *foo@tlscall(%rax)
++       .globl foo
++       .section        .tdata,"awT",@progbits
++       .align 8
++       .type   foo, @object
++       .size   foo, 8
++foo:
++       .quad   100
+diff --git a/ld/testsuite/ld-x86-64/tlsdesc4.d b/ld/testsuite/ld-x86-64/tlsdesc4.d
+new file mode 100644
+index 00000000000..b50115c7178
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/tlsdesc4.d
+@@ -0,0 +1,4 @@
++#name: TLS GDesc->LE transition check (indirect CALL)
++#as: --64
++#ld: -melf_x86_64
++#error: .*: relocation R_X86_64_TLSDESC_CALL against `foo' must be used in indirect CALL only
+diff --git a/ld/testsuite/ld-x86-64/tlsdesc4.s b/ld/testsuite/ld-x86-64/tlsdesc4.s
+new file mode 100644
+index 00000000000..b3d6c12d4fc
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/tlsdesc4.s
+@@ -0,0 +1,13 @@
++       .text
++       .globl  _start
++       .type   _start,@function
++_start:
++       leaq    foo@tlsdesc(%rip), %rax
++       jmp     *foo@tlscall(%rax)
++       .globl foo
++       .section        .tdata,"awT",@progbits
++       .align 8
++       .type   foo, @object
++       .size   foo, 8
++foo:
++       .quad   100
+diff --git a/ld/testsuite/ld-x86-64/tlsie2.d b/ld/testsuite/ld-x86-64/tlsie2.d
+index 97dcc288a3d..bf8a8198b5b 100644
+--- a/ld/testsuite/ld-x86-64/tlsie2.d
++++ b/ld/testsuite/ld-x86-64/tlsie2.d
+@@ -1,4 +1,4 @@
+ #name: TLS IE->LE transition check
+ #as: --64
+ #ld: -melf_x86_64
+-#error: .*TLS transition from R_X86_64_GOTTPOFF to R_X86_64_TPOFF32 against `foo'.*failed.*
++#error: .*: relocation R_X86_64_GOTTPOFF against `foo' must be used in ADD or MOV only
+diff --git a/ld/testsuite/ld-x86-64/tlsie3.d b/ld/testsuite/ld-x86-64/tlsie3.d
+index 8c982a69838..49d8464fbaf 100644
+--- a/ld/testsuite/ld-x86-64/tlsie3.d
++++ b/ld/testsuite/ld-x86-64/tlsie3.d
+@@ -1,4 +1,4 @@
+ #name: TLS IE->LE transition check (%r12)
+ #as: --64
+ #ld: -melf_x86_64
+-#error: .*TLS transition from R_X86_64_GOTTPOFF to R_X86_64_TPOFF32 against `foo'.*failed.*
++#error: .*: relocation R_X86_64_GOTTPOFF against `foo' must be used in ADD or MOV only
+diff --git a/ld/testsuite/ld-x86-64/tlsie5.d b/ld/testsuite/ld-x86-64/tlsie5.d
+new file mode 100644
+index 00000000000..29de1cebf8e
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/tlsie5.d
+@@ -0,0 +1,4 @@
++#name: TLS IE->LE transition check (APX)
++#as: --64
++#ld: -melf_x86_64
++#error: .*: relocation R_X86_64_CODE_6_GOTTPOFF against `foo' must be used in ADD only
+diff --git a/ld/testsuite/ld-x86-64/tlsie5.s b/ld/testsuite/ld-x86-64/tlsie5.s
+new file mode 100644
+index 00000000000..c39e46fd97b
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/tlsie5.s
+@@ -0,0 +1,12 @@
++       .text
++       .globl _start
++_start:
++       xorq    %rax, foo@GOTTPOFF(%rip), %rax
++       movq    (%rax), %rax
++       .globl  foo
++       .section        .tdata,"awT",@progbits
++       .align 4
++       .type   foo, @object
++       .size   foo, 4
++foo:
++       .long   100
+diff --git a/ld/testsuite/ld-x86-64/x86-64.exp b/ld/testsuite/ld-x86-64/x86-64.exp
+index 2a40f0b095b..811813466f8 100644
+--- a/ld/testsuite/ld-x86-64/x86-64.exp
++++ b/ld/testsuite/ld-x86-64/x86-64.exp
+@@ -741,6 +741,9 @@ run_dump_test "pr27016b"
+ run_dump_test "report-reloc-1"
+ run_dump_test "report-reloc-1-x32"
+ run_dump_test "pr29820"
++run_dump_test "tlsie5"
++run_dump_test "tlsdesc3"
++run_dump_test "tlsdesc4"
+ 
+ proc undefined_weak {cflags ldflags} {
+     set testname "Undefined weak symbol"
+-- 
+2.49.0
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1179.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1179.patch
new file mode 100644
index 0000000000..89312d8501
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1179.patch
@@ -0,0 +1,269 @@
+From 67e30b15212adc1502b898a1ca224fdf65dc110d Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Thu, 29 Aug 2024 08:47:00 -0700
+Subject: [PATCH] x86: Check invalid TLS descriptor call TLS descriptor
+ call,
+
+call *x@tlsdesc(%rax)
+
+or
+
+call *x@tlsdesc(%eax)
+
+calls _dl_tlsdesc_return which expects that RAX/EAX points to the TLS
+descriptor.  Update x86 linker to issue an error with or without TLS
+transition.
+
+bfd/
+
+        PR ld/32123
+        * elf32-i386.c (elf_i386_check_tls_transition): Move
+        R_386_TLS_DESC_CALL to ...
+        (elf_i386_tls_transition): Here.
+        * elf64-x86-64.c (elf_x86_64_check_tls_transition): Move.
+        R_X86_64_TLSDESC_CALL check to ...
+        (elf_x86_64_tls_transition): Here.
+
+ld/
+
+        PR ld/32123
+        * testsuite/ld-i386/i386.exp: Run tlsgdesc3.
+        * testsuite/ld-i386/tlsgdesc3.d: New file.
+        * testsuite/ld-x86-64/tlsdesc5.d: Likewise.
+        * testsuite/ld-x86-64/x86-64.exp: Run tlsdesc5.
+
+(cherry picked from commit:67e30b15212adc1502b898a1ca224fdf65dc110d)
+Upstream-Status: Submitted [https://sourceware.org/pipermail/binutils/2025-May/141321.html]
+CVE: CVE-2025-1179
+
+Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
+---
+ bfd/elf32-i386.c                  | 44 +++++++++++++------
+ bfd/elf64-x86-64.c                | 71 +++++++++++++++++++------------
+ ld/testsuite/ld-i386/i386.exp     |  1 +
+ ld/testsuite/ld-i386/tlsgdesc3.d  |  5 +++
+ ld/testsuite/ld-x86-64/tlsdesc5.d |  5 +++
+ ld/testsuite/ld-x86-64/x86-64.exp |  1 +
+ 6 files changed, 86 insertions(+), 41 deletions(-)
+ create mode 100644 ld/testsuite/ld-i386/tlsgdesc3.d
+ create mode 100644 ld/testsuite/ld-x86-64/tlsdesc5.d
+
+diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
+index 18a28d2491c..9dea465f721 100644
+--- a/bfd/elf32-i386.c
++++ b/bfd/elf32-i386.c
+@@ -1039,19 +1039,8 @@ elf_i386_check_tls_transition (asection *sec,
+              : elf_x86_tls_error_yes);
+ 
+     case R_386_TLS_DESC_CALL:
+-      /* Check transition from GDesc access model:
+-               call *x@tlsdesc(%eax)
+-       */
+-      if (offset + 2 <= sec->size)
+-       {
+-         /* Make sure that it's a call *x@tlsdesc(%eax).  */
+-         call = contents + offset;
+-         return (call[0] == 0xff && call[1] == 0x10
+-                 ? elf_x86_tls_error_none
+-                 : elf_x86_tls_error_indirect_call);
+-       }
+-
+-      return elf_x86_tls_error_yes;
++      /* It has been checked in elf_i386_tls_transition.  */
++      return elf_x86_tls_error_none;
+ 
+     default:
+       abort ();
+@@ -1077,6 +1066,8 @@ elf_i386_tls_transition (struct bfd_link_info *info, bfd *abfd,
+   unsigned int to_type = from_type;
+   bool check = true;
+   unsigned int to_le_type, to_ie_type;
++  bfd_vma offset;
++  bfd_byte *call;
+ 
+   /* Skip TLS transition for functions.  */
+   if (h != NULL
+@@ -1098,9 +1089,34 @@ elf_i386_tls_transition (struct bfd_link_info *info, bfd *abfd,
+ 
+   switch (from_type)
+     {
++    case R_386_TLS_DESC_CALL:
++      /* Check valid GDesc call:
++               call *x@tlsdesc(%eax)
++       */
++      offset = rel->r_offset;
++      call = NULL;
++      if (offset + 2 <= sec->size)
++       {
++         /* Make sure that it's a call *x@tlsdesc(%eax).  */
++         call = contents + offset;
++         if (call[0] != 0xff || call[1] != 0x10)
++           call = NULL;
++       }
++
++      if (call == NULL)
++       {
++         _bfd_x86_elf_link_report_tls_transition_error
++           (info, abfd, sec, symtab_hdr, h, sym, rel,
++            "R_386_TLS_DESC_CALL", NULL,
++            elf_x86_tls_error_indirect_call);
++
++         return false;
++       }
++
++      /* Fall through.  */
++
+     case R_386_TLS_GD:
+     case R_386_TLS_GOTDESC:
+-    case R_386_TLS_DESC_CALL:
+     case R_386_TLS_IE_32:
+     case R_386_TLS_IE:
+     case R_386_TLS_GOTIE:
+diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
+index f116e423f61..7af2e607b02 100644
+--- a/bfd/elf64-x86-64.c
++++ b/bfd/elf64-x86-64.c
+@@ -1409,32 +1409,8 @@ elf_x86_64_check_tls_transition (bfd *abfd,
+              : elf_x86_tls_error_yes);
+ 
+     case R_X86_64_TLSDESC_CALL:
+-      /* Check transition from GDesc access model:
+-               call *x@tlsdesc(%rax) <--- LP64 mode.
+-               call *x@tlsdesc(%eax) <--- X32 mode.
+-       */
+-      if (offset + 2 <= sec->size)
+-       {
+-         unsigned int prefix;
+-         call = contents + offset;
+-         prefix = 0;
+-         if (!ABI_64_P (abfd))
+-           {
+-             /* Check for call *x@tlsdesc(%eax).  */
+-             if (call[0] == 0x67)
+-               {
+-                 prefix = 1;
+-                 if (offset + 3 > sec->size)
+-                   return elf_x86_tls_error_yes;
+-               }
+-           }
+-         /* Make sure that it's a call *x@tlsdesc(%rax).  */
+-         return (call[prefix] == 0xff && call[1 + prefix] == 0x10
+-                 ? elf_x86_tls_error_none
+-                 : elf_x86_tls_error_indirect_call);
+-       }
+-
+-      return elf_x86_tls_error_yes;
++      /* It has been checked in elf_x86_64_tls_transition.  */
++      return elf_x86_tls_error_none;
+ 
+     default:
+       abort ();
+@@ -1459,6 +1435,8 @@ elf_x86_64_tls_transition (struct bfd_link_info *info, bfd *abfd,
+   unsigned int from_type = *r_type;
+   unsigned int to_type = from_type;
+   bool check = true;
++  bfd_vma offset;
++  bfd_byte *call;
+ 
+   /* Skip TLS transition for functions.  */
+   if (h != NULL
+@@ -1468,10 +1446,49 @@ elf_x86_64_tls_transition (struct bfd_link_info *info, bfd *abfd,
+ 
+   switch (from_type)
+     {
++    case R_X86_64_TLSDESC_CALL:
++      /* Check valid GDesc call:
++               call *x@tlsdesc(%rax) <--- LP64 mode.
++               call *x@tlsdesc(%eax) <--- X32 mode.
++       */
++      offset = rel->r_offset;
++      call = NULL;
++      if (offset + 2 <= sec->size)
++       {
++         unsigned int prefix;
++         call = contents + offset;
++         prefix = 0;
++         if (!ABI_64_P (abfd))
++           {
++             /* Check for call *x@tlsdesc(%eax).  */
++             if (call[0] == 0x67)
++               {
++                 prefix = 1;
++                 if (offset + 3 > sec->size)
++                   call = NULL;
++               }
++           }
++
++         /* Make sure that it's a call *x@tlsdesc(%rax).  */
++         if (call != NULL
++             && (call[prefix] != 0xff || call[1 + prefix] != 0x10))
++           call = NULL;
++       }
++
++      if (call == NULL)
++       {
++         _bfd_x86_elf_link_report_tls_transition_error
++           (info, abfd, sec, symtab_hdr, h, sym, rel,
++            "R_X86_64_TLSDESC_CALL", NULL,
++            elf_x86_tls_error_indirect_call);
++         return false;
++       }
++
++      /* Fall through.  */
++
+     case R_X86_64_TLSGD:
+     case R_X86_64_GOTPC32_TLSDESC:
+     case R_X86_64_CODE_4_GOTPC32_TLSDESC:
+-    case R_X86_64_TLSDESC_CALL:
+     case R_X86_64_GOTTPOFF:
+     case R_X86_64_CODE_4_GOTTPOFF:
+     case R_X86_64_CODE_6_GOTTPOFF:
+diff --git a/ld/testsuite/ld-i386/i386.exp b/ld/testsuite/ld-i386/i386.exp
+index a8db2c713f3..41e8725d059 100644
+--- a/ld/testsuite/ld-i386/i386.exp
++++ b/ld/testsuite/ld-i386/i386.exp
+@@ -543,6 +543,7 @@ run_dump_test "pr27998a"
+ run_dump_test "pr27998b"
+ run_dump_test "tlsgdesc1"
+ run_dump_test "tlsgdesc2"
++run_dump_test "tlsgdesc3"
+ 
+ proc undefined_weak {cflags ldflags} {
+     set testname "Undefined weak symbol"
+diff --git a/ld/testsuite/ld-i386/tlsgdesc3.d b/ld/testsuite/ld-i386/tlsgdesc3.d
+new file mode 100644
+index 00000000000..f2c29d880f2
+--- /dev/null
++++ b/ld/testsuite/ld-i386/tlsgdesc3.d
+@@ -0,0 +1,5 @@
++#source: tlsgdesc2.s
++#name: TLS GDesc call (indirect CALL)
++#as: --32
++#ld: -shared -melf_i386
++#error: .*: relocation R_386_TLS_DESC_CALL against `foo' must be used in indirect CALL with EAX register only
+diff --git a/ld/testsuite/ld-x86-64/tlsdesc5.d b/ld/testsuite/ld-x86-64/tlsdesc5.d
+new file mode 100644
+index 00000000000..6a0158b44b7
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/tlsdesc5.d
+@@ -0,0 +1,5 @@
++#source: tlsdesc4.s
++#name: TLS GDesc call (indirect CALL)
++#as: --64
++#ld: -shared -melf_x86_64
++#error: .*: relocation R_X86_64_TLSDESC_CALL against `foo' must be used in indirect CALL with RAX register only
+diff --git a/ld/testsuite/ld-x86-64/x86-64.exp b/ld/testsuite/ld-x86-64/x86-64.exp
+index 811813466f8..82b0520c52a 100644
+--- a/ld/testsuite/ld-x86-64/x86-64.exp
++++ b/ld/testsuite/ld-x86-64/x86-64.exp
+@@ -744,6 +744,7 @@ run_dump_test "pr29820"
+ run_dump_test "tlsie5"
+ run_dump_test "tlsdesc3"
+ run_dump_test "tlsdesc4"
++run_dump_test "tlsdesc5"
+ 
+ proc undefined_weak {cflags ldflags} {
+     set testname "Undefined weak symbol"
+-- 
+2.49.0
+
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch
new file mode 100644
index 0000000000..280e522a28
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch
@@ -0,0 +1,151 @@
+Backported of:
+
+From 18cc11a2771d9e40180485da9a4fb660c03efac3 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 14:31:10 +0000
+Subject: [PATCH] Prevent illegal memory access when checking relocs in a
+ corrupt ELF binary.
+
+PR 32641
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/binutils/plain/debian/patches/CVE-2025-1181-pre.patch?h=applied/ubuntu/noble-security&id=d6b5bf57cf048c42e4bcd3a4ab32116d0b809774]
+Upstream commit [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24]
+
+CVE: CVE-2025-1181
+
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ bfd/elf-bfd.h      |  3 +++
+ bfd/elf64-x86-64.c | 10 +++++-----
+ bfd/elflink.c      | 24 ++++++++++++++++++++++++
+ bfd/elfxx-x86.c    | 20 +++++++-------------
+ 4 files changed, 39 insertions(+), 18 deletions(-)
+diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h
+index 3ed22fa6..07add7d0 100644
+--- a/bfd/elf-bfd.h
++++ b/bfd/elf-bfd.h
+@@ -3126,6 +3126,9 @@ extern bool _bfd_elf_maybe_set_textrel
+ extern bool _bfd_elf_add_dynamic_tags
+   (bfd *, struct bfd_link_info *, bool);
+ 
++extern struct elf_link_hash_entry * _bfd_elf_get_link_hash_entry
++  (struct elf_link_hash_entry **, unsigned int, Elf_Internal_Shdr *);
++
+ /* Large common section.  */
+ extern asection _bfd_elf_large_com_section;
+ 
+diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
+index d0d3b0e5..c3fb375c 100644
+--- a/bfd/elf64-x86-64.c
++++ b/bfd/elf64-x86-64.c
+@@ -1665,7 +1665,7 @@ elf_x86_64_convert_load_reloc (bfd *abfd,
+   bool to_reloc_pc32;
+   bool abs_symbol;
+   bool local_ref;
+-  asection *tsec;
++  asection *tsec = NULL;
+   bfd_signed_vma raddend;
+   unsigned int opcode;
+   unsigned int modrm;
+@@ -1831,6 +1831,9 @@ elf_x86_64_convert_load_reloc (bfd *abfd,
+        return true;
+     }
+ 
++  if (tsec == NULL)
++    return false;
++
+   /* Don't convert GOTPCREL relocation against large section.  */
+   if (elf_section_data (tsec) !=  NULL
+       && (elf_section_flags (tsec) & SHF_X86_64_LARGE) != 0)
+@@ -2127,10 +2130,7 @@ elf_x86_64_scan_relocs (bfd *abfd, struct bfd_link_info *info,
+       else
+        {
+          isym = NULL;
+-         h = sym_hashes[r_symndx - symtab_hdr->sh_info];
+-         while (h->root.type == bfd_link_hash_indirect
+-                || h->root.type == bfd_link_hash_warning)
+-           h = (struct elf_link_hash_entry *) h->root.u.i.link;
++         h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
+        }
+ 
+       /* Check invalid x32 relocations.  */
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index 11ec6bd9..e5521d7b 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -49,6 +49,27 @@ struct elf_info_failed
+ static bool _bfd_elf_fix_symbol_flags
+   (struct elf_link_hash_entry *, struct elf_info_failed *);
+ 
++struct elf_link_hash_entry *
++_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
++                             unsigned int                   symndx,
++                             Elf_Internal_Shdr *            symtab_hdr)
++{
++  if (symndx < symtab_hdr->sh_info)
++    return NULL;
++
++  struct elf_link_hash_entry *h = sym_hashes[symndx - symtab_hdr->sh_info];
++
++  /* The hash might be empty.  See PR 32641 for an example of this.  */
++  if (h == NULL)
++    return NULL;
++
++  while (h->root.type == bfd_link_hash_indirect
++        || h->root.type == bfd_link_hash_warning)
++    h = (struct elf_link_hash_entry *) h->root.u.i.link;
++
++  return h;
++}
++
+ static struct elf_link_hash_entry *
+ get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
+ {
+@@ -62,6 +83,9 @@ get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
+ 
+       h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
+ 
++      if (h == NULL)
++       return NULL;
++
+       while (h->root.type == bfd_link_hash_indirect
+             || h->root.type == bfd_link_hash_warning)
+        h = (struct elf_link_hash_entry *) h->root.u.i.link;
+diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
+index 508fd771..8c261cf8 100644
+--- a/bfd/elfxx-x86.c
++++ b/bfd/elfxx-x86.c
+@@ -972,15 +972,7 @@ _bfd_x86_elf_check_relocs (bfd *abfd,
+          goto error_return;
+        }
+ 
+-      if (r_symndx < symtab_hdr->sh_info)
+-       h = NULL;
+-      else
+-       {
+-         h = sym_hashes[r_symndx - symtab_hdr->sh_info];
+-         while (h->root.type == bfd_link_hash_indirect
+-                || h->root.type == bfd_link_hash_warning)
+-           h = (struct elf_link_hash_entry *) h->root.u.i.link;
+-       }
++      h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
+ 
+       if (X86_NEED_DYNAMIC_RELOC_TYPE_P (is_x86_64, r_type)
+          && NEED_DYNAMIC_RELOCATION_P (is_x86_64, info, true, h, sec,
+@@ -1205,10 +1197,12 @@ _bfd_x86_elf_link_relax_section (bfd *abfd ATTRIBUTE_UNUSED,
+       else
+        {
+          /* Get H and SEC for GENERATE_DYNAMIC_RELOCATION_P below.  */
+-         h = sym_hashes[r_symndx - symtab_hdr->sh_info];
+-         while (h->root.type == bfd_link_hash_indirect
+-                || h->root.type == bfd_link_hash_warning)
+-           h = (struct elf_link_hash_entry *) h->root.u.i.link;
++         h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
++         if (h == NULL)
++           {
++             /* FIXMEL: Issue an error message ?  */
++             continue;
++           }
+ 
+          if (h->root.type == bfd_link_hash_defined
+              || h->root.type == bfd_link_hash_defweak)
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch
new file mode 100644
index 0000000000..70b7485777
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch
@@ -0,0 +1,345 @@
+Backported of:
+
+From 931494c9a89558acb36a03a340c01726545eef24 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 15:43:04 +0000
+Subject: [PATCH] Add even more checks for corrupt input when processing
+ relocations for ELF files.
+
+PR 32643
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/binutils/plain/debian/patches/CVE-2025-1181.patch?h=applied/ubuntu/noble-security&id=d6b5bf57cf048c42e4bcd3a4ab32116d0b809774]
+Upstream commit [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24]
+
+CVE: CVE-2025-1181
+
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index e5521d7b..ff84229c 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -49,15 +49,17 @@ struct elf_info_failed
+ static bool _bfd_elf_fix_symbol_flags
+   (struct elf_link_hash_entry *, struct elf_info_failed *);
+ 
+-struct elf_link_hash_entry *
+-_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
+-                             unsigned int                   symndx,
+-                             Elf_Internal_Shdr *            symtab_hdr)
++static struct elf_link_hash_entry *
++get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
++                    unsigned int                   symndx,
++                    unsigned int                   ext_sym_start)
+ {
+-  if (symndx < symtab_hdr->sh_info)
++  if (sym_hashes == NULL
++      /* Guard against corrupt input.  See PR 32636 for an example.  */
++      || symndx < ext_sym_start)
+     return NULL;
+ 
+-  struct elf_link_hash_entry *h = sym_hashes[symndx - symtab_hdr->sh_info];
++  struct elf_link_hash_entry *h = sym_hashes[symndx - ext_sym_start];
+ 
+   /* The hash might be empty.  See PR 32641 for an example of this.  */
+   if (h == NULL)
+@@ -70,29 +72,28 @@ _bfd_elf_get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
+   return h;
+ }
+ 
+-static struct elf_link_hash_entry *
+-get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
++struct elf_link_hash_entry *
++_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
++                             unsigned int                   symndx,
++                             Elf_Internal_Shdr *            symtab_hdr)
+ {
+-  struct elf_link_hash_entry *h = NULL;
+-
+-  if ((r_symndx >= cookie->locsymcount
+-       || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
+-      /* Guard against corrupt input.  See PR 32636 for an example.  */
+-      && r_symndx >= cookie->extsymoff)
+-    {
+-
+-      h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
+-
+-      if (h == NULL)
+-       return NULL;
++  if (symtab_hdr == NULL)
++    return NULL;
+ 
+-      while (h->root.type == bfd_link_hash_indirect
+-            || h->root.type == bfd_link_hash_warning)
+-       h = (struct elf_link_hash_entry *) h->root.u.i.link;
++  return get_link_hash_entry (sym_hashes, symndx, symtab_hdr->sh_info);
++}
+ 
+-    }
++static struct elf_link_hash_entry *
++get_ext_sym_hash_from_cookie (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
++{
++  if (cookie == NULL || cookie->sym_hashes == NULL)
++    return NULL;
++  
++  if (r_symndx >= cookie->locsymcount
++      || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
++    return get_link_hash_entry (cookie->sym_hashes, r_symndx, cookie->extsymoff);
+ 
+-  return h;
++  return NULL;
+ }
+  
+ asection *
+@@ -102,7 +103,7 @@ _bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
+ {
+   struct elf_link_hash_entry *h;
+ 
+-  h = get_ext_sym_hash (cookie, r_symndx);
++  h = get_ext_sym_hash_from_cookie (cookie, r_symndx);
+   
+   if (h != NULL)
+     {
+@@ -8906,7 +8907,6 @@ set_symbol_value (bfd *bfd_with_globals,
+                  size_t symidx,
+                  bfd_vma val)
+ {
+-  struct elf_link_hash_entry **sym_hashes;
+   struct elf_link_hash_entry *h;
+   size_t extsymoff = locsymcount;
+ 
+@@ -8929,12 +8929,12 @@ set_symbol_value (bfd *bfd_with_globals,
+ 
+   /* It is a global symbol: set its link type
+      to "defined" and give it a value.  */
+-
+-  sym_hashes = elf_sym_hashes (bfd_with_globals);
+-  h = sym_hashes [symidx - extsymoff];
+-  while (h->root.type == bfd_link_hash_indirect
+-        || h->root.type == bfd_link_hash_warning)
+-    h = (struct elf_link_hash_entry *) h->root.u.i.link;
++  h = get_link_hash_entry (elf_sym_hashes (bfd_with_globals), symidx, extsymoff);
++  if (h == NULL)
++    {
++      /* FIXMEL What should we do ?  */
++      return;
++    }
+   h->root.type = bfd_link_hash_defined;
+   h->root.u.def.value = val;
+   h->root.u.def.section = bfd_abs_section_ptr;
+@@ -11405,10 +11405,19 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd)
+              || (elf_bad_symtab (input_bfd)
+                  && flinfo->sections[symndx] == NULL))
+            {
+-             struct elf_link_hash_entry *h = sym_hashes[symndx - extsymoff];
+-             while (h->root.type == bfd_link_hash_indirect
+-                    || h->root.type == bfd_link_hash_warning)
+-               h = (struct elf_link_hash_entry *) h->root.u.i.link;
++             struct elf_link_hash_entry *h;
++
++             h = get_link_hash_entry (sym_hashes, symndx, extsymoff);
++             if (h == NULL)
++               {
++                 _bfd_error_handler
++                   /* xgettext:c-format */
++                   (_("error: %pB: unable to create group section symbol"),
++                    input_bfd);
++                 bfd_set_error (bfd_error_bad_value);
++                 return false;
++               }             
++
+              /* Arrange for symbol to be output.  */
+              h->indx = -2;
+              elf_section_data (osec)->this_hdr.sh_info = -2;
+@@ -11542,7 +11551,7 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd)
+                  || (elf_bad_symtab (input_bfd)
+                      && flinfo->sections[r_symndx] == NULL))
+                {
+-                 h = sym_hashes[r_symndx - extsymoff];
++                 h = get_link_hash_entry (sym_hashes, r_symndx, extsymoff);
+ 
+                  /* Badly formatted input files can contain relocs that
+                     reference non-existant symbols.  Check here so that
+@@ -11551,17 +11560,13 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd)
+                    {
+                      _bfd_error_handler
+                        /* xgettext:c-format */
+-                       (_("error: %pB contains a reloc (%#" PRIx64 ") for section %pA "
++                       (_("error: %pB contains a reloc (%#" PRIx64 ") for section '%pA' "
+                           "that references a non-existent global symbol"),
+                         input_bfd, (uint64_t) rel->r_info, o);
+                      bfd_set_error (bfd_error_bad_value);
+                      return false;
+                    }
+ 
+-                 while (h->root.type == bfd_link_hash_indirect
+-                        || h->root.type == bfd_link_hash_warning)
+-                   h = (struct elf_link_hash_entry *) h->root.u.i.link;
+-
+                  s_type = h->type;
+ 
+                  /* If a plugin symbol is referenced from a non-IR file,
+@@ -11777,7 +11782,6 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd)
+                          && flinfo->sections[r_symndx] == NULL))
+                    {
+                      struct elf_link_hash_entry *rh;
+-                     unsigned long indx;
+ 
+                      /* This is a reloc against a global symbol.  We
+                         have not yet output all the local symbols, so
+@@ -11786,15 +11790,16 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd)
+                         reloc to point to the global hash table entry
+                         for this symbol.  The symbol index is then
+                         set at the end of bfd_elf_final_link.  */
+-                     indx = r_symndx - extsymoff;
+-                     rh = elf_sym_hashes (input_bfd)[indx];
+-                     while (rh->root.type == bfd_link_hash_indirect
+-                            || rh->root.type == bfd_link_hash_warning)
+-                       rh = (struct elf_link_hash_entry *) rh->root.u.i.link;
+-
+-                     /* Setting the index to -2 tells
+-                        elf_link_output_extsym that this symbol is
+-                        used by a reloc.  */
++                     rh = get_link_hash_entry (elf_sym_hashes (input_bfd),
++                                               r_symndx, extsymoff);
++                     if (rh == NULL)
++                       {
++                         /* FIXME: Generate an error ?  */
++                         continue;
++                       }
++
++                     /* Setting the index to -2 tells elf_link_output_extsym
++                        that this symbol is used by a reloc.  */
+                      BFD_ASSERT (rh->indx < 0);
+                      rh->indx = -2;
+                      *rel_hash = rh;
+@@ -13758,25 +13763,21 @@ _bfd_elf_gc_mark_hook (asection *sec,
+                       struct elf_link_hash_entry *h,
+                       Elf_Internal_Sym *sym)
+ {
+-  if (h != NULL)
++  if (h == NULL)
++    return bfd_section_from_elf_index (sec->owner, sym->st_shndx);
++
++  switch (h->root.type)
+     {
+-      switch (h->root.type)
+-       {
+-       case bfd_link_hash_defined:
+-       case bfd_link_hash_defweak:
+-         return h->root.u.def.section;
++    case bfd_link_hash_defined:
++    case bfd_link_hash_defweak:
++      return h->root.u.def.section;
+ 
+-       case bfd_link_hash_common:
+-         return h->root.u.c.p->section;
++    case bfd_link_hash_common:
++      return h->root.u.c.p->section;
+ 
+-       default:
+-         break;
+-       }
++    default:
++      return NULL;
+     }
+-  else
+-    return bfd_section_from_elf_index (sec->owner, sym->st_shndx);
+-
+-  return NULL;
+ }
+ 
+ /* Return the debug definition section.  */
+@@ -13825,46 +13826,49 @@ _bfd_elf_gc_mark_rsec (struct bfd_link_info *info, asection *sec,
+   if (r_symndx == STN_UNDEF)
+     return NULL;
+ 
+-  h = get_ext_sym_hash (cookie, r_symndx);
+-  
+-  if (h != NULL)
++  h = get_ext_sym_hash_from_cookie (cookie, r_symndx);
++  if (h == NULL)
+     {
+-      bool was_marked;
++      /* A corrup tinput file can lead to a situation where the index
++        does not reference either a local or an external symbol.  */
++      if (r_symndx >= cookie->locsymcount)
++       return NULL;
+ 
+-      was_marked = h->mark;
+-      h->mark = 1;
+-      /* Keep all aliases of the symbol too.  If an object symbol
+-        needs to be copied into .dynbss then all of its aliases
+-        should be present as dynamic symbols, not just the one used
+-        on the copy relocation.  */
+-      hw = h;
+-      while (hw->is_weakalias)
+-       {
+-         hw = hw->u.alias;
+-         hw->mark = 1;
+-       }
++      return (*gc_mark_hook) (sec, info, cookie->rel, NULL,
++                             &cookie->locsyms[r_symndx]);
++    }
+ 
+-      if (!was_marked && h->start_stop && !h->root.ldscript_def)
+-       {
+-         if (info->start_stop_gc)
+-           return NULL;
++  bool was_marked = h->mark;
+ 
+-         /* To work around a glibc bug, mark XXX input sections
+-            when there is a reference to __start_XXX or __stop_XXX
+-            symbols.  */
+-         else if (start_stop != NULL)
+-           {
+-             asection *s = h->u2.start_stop_section;
+-             *start_stop = true;
+-             return s;
+-           }
+-       }
++  h->mark = 1;
++  /* Keep all aliases of the symbol too.  If an object symbol
++     needs to be copied into .dynbss then all of its aliases
++     should be present as dynamic symbols, not just the one used
++     on the copy relocation.  */
++  hw = h;
++  while (hw->is_weakalias)
++    {
++      hw = hw->u.alias;
++      hw->mark = 1;
++    }
+ 
+-      return (*gc_mark_hook) (sec, info, cookie->rel, h, NULL);
++  if (!was_marked && h->start_stop && !h->root.ldscript_def)
++    {
++      if (info->start_stop_gc)
++       return NULL;
++
++      /* To work around a glibc bug, mark XXX input sections
++        when there is a reference to __start_XXX or __stop_XXX
++        symbols.  */
++      else if (start_stop != NULL)
++       {
++         asection *s = h->u2.start_stop_section;
++         *start_stop = true;
++         return s;
++       }
+     }
+ 
+-  return (*gc_mark_hook) (sec, info, cookie->rel, NULL,
+-                         &cookie->locsyms[r_symndx]);
++  return (*gc_mark_hook) (sec, info, cookie->rel, h, NULL);
+ }
+ 
+ /* COOKIE->rel describes a relocation against section SEC, which is
+@@ -14878,7 +14882,7 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
+ 
+       struct elf_link_hash_entry *h;
+ 
+-      h = get_ext_sym_hash (rcookie, r_symndx);
++      h = get_ext_sym_hash_from_cookie (rcookie, r_symndx);
+       
+       if (h != NULL)
+        {
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch
new file mode 100644
index 0000000000..15b40fddb6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch
@@ -0,0 +1,33 @@
+From b425859021d17adf62f06fb904797cf8642986ad Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 16:27:38 +0000
+Subject: [PATCH] Fix another illegal memory access triggered by corrupt ELF
+ input files.
+
+PR 32644
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad]
+CVE: CVE-2025-1182
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ bfd/elflink.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index bf940942ec3..df6eb250961 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -15116,6 +15116,10 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
+        }
+       else
+        {
++         if (r_symndx >= rcookie->locsymcount)
++           /* This can happen with corrupt input.  */
++           return false;
++
+          /* It's not a relocation against a global symbol,
+             but it could be a relocation against a local
+             symbol for a discarded section.  */
+-- 
+2.43.5
+
diff --git a/meta/recipes-devtools/binutils/binutils_2.42.bb b/meta/recipes-devtools/binutils/binutils_2.42.bb
index 2cce40f1ef..8594db9bfb 100644
--- a/meta/recipes-devtools/binutils/binutils_2.42.bb
+++ b/meta/recipes-devtools/binutils/binutils_2.42.bb
@@ -72,5 +72,9 @@ SRC_URI:append:class-nativesdk =  " file://0003-binutils-nativesdk-Search-for-al
 
 USE_ALTERNATIVES_FOR:class-nativesdk = ""
 FILES:${PN}:append:class-nativesdk = " ${bindir}"
+RDEPENDS:gprofng:class-nativesdk = " nativesdk-perl-module-bignum \
+                                     nativesdk-perl-module-bigint \
+                                     nativesdk-perl-module-math-bigint \
+"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-devtools/cmake/cmake-native_3.28.3.bb b/meta/recipes-devtools/cmake/cmake-native_3.28.3.bb
index 546d117156..376da3254b 100644
--- a/meta/recipes-devtools/cmake/cmake-native_3.28.3.bb
+++ b/meta/recipes-devtools/cmake/cmake-native_3.28.3.bb
@@ -51,7 +51,7 @@ do_compile() {
 do_install() {
         oe_runmake 'DESTDIR=${D}' install
 
-        # The following codes are here because eSDK needs to provide compatibilty
+        # The following codes are here because eSDK needs to provide compatibility
         # for SDK. That is, eSDK could also be used like traditional SDK.
         mkdir -p ${D}${datadir}/cmake
         install -m 644 ${WORKDIR}/OEToolchainConfig.cmake ${D}${datadir}/cmake/
diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index ab9f459c05..a52506a8ea 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -17,7 +17,8 @@ LIC_FILES_CHKSUM = "file://Copyright.txt;md5=9d3d12c5f3b4c1f83650adcc65b59c06 \
 CMAKE_MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}"
 
 SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
-"
+           file://0001-CMakeDetermineCompilerABI-Strip-pipe-from-compile-fl.patch \
+           "
 
 SRC_URI[sha256sum] = "72b7570e5c8593de6ac4ab433b73eab18c5fb328880460c86ce32608141ad5c1"
 
diff --git a/meta/recipes-devtools/cmake/cmake/0001-CMakeDetermineCompilerABI-Strip-pipe-from-compile-fl.patch b/meta/recipes-devtools/cmake/cmake/0001-CMakeDetermineCompilerABI-Strip-pipe-from-compile-fl.patch
new file mode 100644
index 0000000000..7ffcc95ac3
--- /dev/null
+++ b/meta/recipes-devtools/cmake/cmake/0001-CMakeDetermineCompilerABI-Strip-pipe-from-compile-fl.patch
@@ -0,0 +1,52 @@
+From bd94bbdc35a9da4c73d538e0cc55bc95944f620d Mon Sep 17 00:00:00 2001
+From: Philip Lorenz <philip.lorenz@bmw.de>
+Date: Mon, 3 Jun 2024 13:19:24 +0200
+Subject: [PATCH] CMakeDetermineCompilerABI: Strip -pipe from compile flags
+
+When `-pipe` is enabled, GCC passes data between its different
+executables using pipes instead of temporary files. This leads to issues
+when cmake attempts to infer compiler internals via the `-v` parameter
+as each executable will print to `stderr` in parallel.
+
+For example we have observed the following outputs in our builds which
+sporadically lead to build failures as system include directories were
+not detected reliably:
+
+Parsed CXX implicit include dir info from above output: rv=done
+  found start of include info
+  found start of implicit include info
+    add: [.../usr/bin/x86_64-poky-linux/../../lib/x86_64-poky-linux/gcc/x86_64-poky-linux/11.4.0/include]
+    add: [.../usr/bin/x86_64-poky-linux/../../lib/x86_64-poky-linux/gcc/x86_64-poky-linux/11.4.0/include-fixed]
+    add: [.../usr/include/c++/11.4.0]
+    add: [.../usr/include/c++/11.4.0/x86_64-poky-linux]
+    add: [.../usr/include/c++/11.4.0/backward]
+    add: [.../usr/lib/x86_64-poky-linux/11.4.0/include]
+    add: [...GNU assembler version 2.38 (x86_64-poky-linux) using BFD version (GNU Binutils) 2.38.20220708]
+    add: [/usr/include]
+  end of search list found
+
+Fix this issue by stripping the `-pipe` parameter from the compilation
+flag when determining the toolchain configuration.
+
+Upstream-Status: Backport [3.32.0, 71be059f3f32b6791427893a48ba4815a19e2e78]
+Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
+---
+ Modules/CMakeDetermineCompilerABI.cmake | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/Modules/CMakeDetermineCompilerABI.cmake b/Modules/CMakeDetermineCompilerABI.cmake
+index efc18f93c2..f2e40479b1 100644
+--- a/Modules/CMakeDetermineCompilerABI.cmake
++++ b/Modules/CMakeDetermineCompilerABI.cmake
+@@ -43,6 +43,11 @@ function(CMAKE_DETERMINE_COMPILER_ABI lang src)
+ 
+     # Avoid failing ABI detection on warnings.
+     string(REGEX REPLACE "(^| )-Werror([= ][^-][^ ]*)?( |$)" " " CMAKE_${lang}_FLAGS "${CMAKE_${lang}_FLAGS}")
++    # Avoid passing of "-pipe" when determining the compiler internals. With
++    # "-pipe" GCC will use pipes to pass data between the involved
++    # executables.  This may lead to issues when their stderr output (which
++    # contains the relevant compiler internals) becomes interweaved.
++    string(REGEX REPLACE "(^| )-pipe( |$)" " " CMAKE_${lang}_FLAGS "${CMAKE_${lang}_FLAGS}")
+ 
+     # Save the current LC_ALL, LC_MESSAGES, and LANG environment variables
+     # and set them to "C" that way GCC's "search starts here" text is in
diff --git a/meta/recipes-devtools/cmake/cmake/0001-ctest-Allow-arbitrary-characters-in-test-names-of-CT.patch b/meta/recipes-devtools/cmake/cmake/0001-ctest-Allow-arbitrary-characters-in-test-names-of-CT.patch
new file mode 100644
index 0000000000..77c1d6378d
--- /dev/null
+++ b/meta/recipes-devtools/cmake/cmake/0001-ctest-Allow-arbitrary-characters-in-test-names-of-CT.patch
@@ -0,0 +1,205 @@
+From 49576cf1df618609be4aa1000749ad087c143df0 Mon Sep 17 00:00:00 2001
+From: John Drouhard <john@drouhard.dev>
+Date: Thu, 9 Jan 2025 20:34:42 -0600
+Subject: [PATCH] ctest: Allow arbitrary characters in test names of
+ CTestCostData.txt
+
+This changes the way lines in CTestCostData.txt are parsed to allow for
+spaces in the test name.
+
+It does so by looking for space characters from the end; and once two
+have been found, assumes everything from the beginning up to that
+second-to-last-space is the test name.
+
+Additionally, parsing the file should be much more efficient since there
+is no string or vector heap allocation per line. The std::string used by
+the parse function to convert the int and float should be within most
+standard libraries' small string optimization.
+
+Fixes: #26594
+
+Upstream-Status: Backport [4.0.0, 040da7d83216ace59710407e8ce35d5fd38e1340]
+Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
+---
+ Source/CTest/cmCTestMultiProcessHandler.cxx | 80 +++++++++++++++------
+ Source/CTest/cmCTestMultiProcessHandler.h   |  3 +-
+ Tests/CTestTestScheduler/CMakeLists.txt     |  4 +-
+ 3 files changed, 64 insertions(+), 23 deletions(-)
+
+diff --git a/Source/CTest/cmCTestMultiProcessHandler.cxx b/Source/CTest/cmCTestMultiProcessHandler.cxx
+index ca07a081eafced40697d82b08c0e2a504939fc4d..59a101454b84367d219e79a01ff72702df0dfa7f 100644
+--- a/Source/CTest/cmCTestMultiProcessHandler.cxx
++++ b/Source/CTest/cmCTestMultiProcessHandler.cxx
+@@ -20,6 +20,7 @@
+ 
+ #include <cm/memory>
+ #include <cm/optional>
++#include <cm/string_view>
+ #include <cmext/algorithm>
+ 
+ #include <cm3p/json/value.h>
+@@ -43,6 +44,51 @@
+ #include "cmUVSignalHackRAII.h" // IWYU pragma: keep
+ #include "cmWorkingDirectory.h"
+ 
++namespace {
++
++struct CostEntry
++{
++  cm::string_view name;
++  int prevRuns;
++  float cost;
++};
++
++cm::optional<CostEntry> splitCostLine(cm::string_view line)
++{
++  std::string part;
++  cm::string_view::size_type pos1 = line.size();
++  cm::string_view::size_type pos2 = line.find_last_of(' ', pos1);
++  auto findNext = [line, &part, &pos1, &pos2]() -> bool {
++    if (pos2 != cm::string_view::npos) {
++      cm::string_view sub = line.substr(pos2 + 1, pos1 - pos2 - 1);
++      part.assign(sub.begin(), sub.end());
++      pos1 = pos2;
++      if (pos1 > 0) {
++        pos2 = line.find_last_of(' ', pos1 - 1);
++      }
++      return true;
++    }
++    return false;
++  };
++
++  // parse the cost
++  if (!findNext()) {
++    return cm::nullopt;
++  }
++  float cost = static_cast<float>(atof(part.c_str()));
++
++  // parse the previous runs
++  if (!findNext()) {
++    return cm::nullopt;
++  }
++  int prev = atoi(part.c_str());
++
++  // from start to the last found space is the name
++  return CostEntry{ line.substr(0, pos1), prev, cost };
++}
++
++}
++
+ namespace cmsys {
+ class RegularExpression;
+ }
+@@ -697,24 +743,21 @@ void cmCTestMultiProcessHandler::UpdateCostData()
+       if (line == "---") {
+         break;
+       }
+-      std::vector<std::string> parts = cmSystemTools::SplitString(line, ' ');
+       // Format: <name> <previous_runs> <avg_cost>
+-      if (parts.size() < 3) {
++      cm::optional<CostEntry> entry = splitCostLine(line);
++      if (!entry) {
+         break;
+       }
+ 
+-      std::string name = parts[0];
+-      int prev = atoi(parts[1].c_str());
+-      float cost = static_cast<float>(atof(parts[2].c_str()));
+-
+-      int index = this->SearchByName(name);
++      int index = this->SearchByName(entry->name);
+       if (index == -1) {
+         // This test is not in memory. We just rewrite the entry
+-        fout << name << " " << prev << " " << cost << "\n";
++        fout << entry->name << " " << entry->prevRuns << " " << entry->cost
++             << "\n";
+       } else {
+         // Update with our new average cost
+-        fout << name << " " << this->Properties[index]->PreviousRuns << " "
+-             << this->Properties[index]->Cost << "\n";
++        fout << entry->name << " " << this->Properties[index]->PreviousRuns
++             << " " << this->Properties[index]->Cost << "\n";
+         temp.erase(index);
+       }
+     }
+@@ -750,28 +793,25 @@ void cmCTestMultiProcessHandler::ReadCostData()
+         break;
+       }
+ 
+-      std::vector<std::string> parts = cmSystemTools::SplitString(line, ' ');
++      // Format: <name> <previous_runs> <avg_cost>
++      cm::optional<CostEntry> entry = splitCostLine(line);
+ 
+       // Probably an older version of the file, will be fixed next run
+-      if (parts.size() < 3) {
++      if (!entry) {
+         fin.close();
+         return;
+       }
+ 
+-      std::string name = parts[0];
+-      int prev = atoi(parts[1].c_str());
+-      float cost = static_cast<float>(atof(parts[2].c_str()));
+-
+-      int index = this->SearchByName(name);
++      int index = this->SearchByName(entry->name);
+       if (index == -1) {
+         continue;
+       }
+ 
+-      this->Properties[index]->PreviousRuns = prev;
++      this->Properties[index]->PreviousRuns = entry->prevRuns;
+       // When not running in parallel mode, don't use cost data
+       if (this->ParallelLevel > 1 && this->Properties[index] &&
+           this->Properties[index]->Cost == 0) {
+-        this->Properties[index]->Cost = cost;
++        this->Properties[index]->Cost = entry->cost;
+       }
+     }
+     // Next part of the file is the failed tests
+@@ -784,7 +824,7 @@ void cmCTestMultiProcessHandler::ReadCostData()
+   }
+ }
+ 
+-int cmCTestMultiProcessHandler::SearchByName(std::string const& name)
++int cmCTestMultiProcessHandler::SearchByName(cm::string_view name)
+ {
+   int index = -1;
+ 
+diff --git a/Source/CTest/cmCTestMultiProcessHandler.h b/Source/CTest/cmCTestMultiProcessHandler.h
+index 3b4e9c59ad1871168d8528be0586831e2416ae36..8d33dabcf0d9fc6e11459105c65eadaa1de33e42 100644
+--- a/Source/CTest/cmCTestMultiProcessHandler.h
++++ b/Source/CTest/cmCTestMultiProcessHandler.h
+@@ -12,6 +12,7 @@
+ #include <vector>
+ 
+ #include <cm/optional>
++#include <cm/string_view>
+ 
+ #include <cm3p/uv.h>
+ 
+@@ -113,7 +114,7 @@ protected:
+   void UpdateCostData();
+   void ReadCostData();
+   // Return index of a test based on its name
+-  int SearchByName(std::string const& name);
++  int SearchByName(cm::string_view name);
+ 
+   void CreateTestCostList();
+ 
+diff --git a/Tests/CTestTestScheduler/CMakeLists.txt b/Tests/CTestTestScheduler/CMakeLists.txt
+index 91d565d4020aafda6d49462cd8616d168d5844b6..daf6ce2b23d8c048334ae1047759130b246dccef 100644
+--- a/Tests/CTestTestScheduler/CMakeLists.txt
++++ b/Tests/CTestTestScheduler/CMakeLists.txt
+@@ -1,9 +1,9 @@
+-cmake_minimum_required (VERSION 3.5)
++cmake_minimum_required(VERSION 3.19)
+ project (CTestTestScheduler)
+ include (CTest)
+ 
+ add_executable (Sleep sleep.c)
+ 
+ foreach (time RANGE 1 4)
+-  add_test (TestSleep${time} Sleep ${time})
++  add_test ("TestSleep ${time}" Sleep ${time})
+ endforeach ()
diff --git a/meta/recipes-devtools/cmake/cmake_3.28.3.bb b/meta/recipes-devtools/cmake/cmake_3.28.3.bb
index 6a9a3266df..63d483801a 100644
--- a/meta/recipes-devtools/cmake/cmake_3.28.3.bb
+++ b/meta/recipes-devtools/cmake/cmake_3.28.3.bb
@@ -5,6 +5,7 @@ inherit cmake bash-completion
 DEPENDS += "curl expat zlib libarchive xz ncurses bzip2"
 
 SRC_URI:append:class-nativesdk = " \
+    file://0001-ctest-Allow-arbitrary-characters-in-test-names-of-CT.patch \
     file://OEToolchainConfig.cmake \
     file://SDKToolchainConfig.cmake.template \
     file://cmake-setup.py \
diff --git a/meta/recipes-devtools/dnf/dnf_4.19.0.bb b/meta/recipes-devtools/dnf/dnf_4.19.0.bb
index 37a2cc7de2..9c7c59818e 100644
--- a/meta/recipes-devtools/dnf/dnf_4.19.0.bb
+++ b/meta/recipes-devtools/dnf/dnf_4.19.0.bb
@@ -27,7 +27,7 @@ S = "${WORKDIR}/git"
 
 inherit cmake gettext bash-completion setuptools3-base systemd
 
-DEPENDS += "libdnf librepo libcomps python3-iniparse"
+DEPENDS += "libdnf librepo libcomps"
 
 # manpages generation requires http://www.sphinx-doc.org/
 EXTRA_OECMAKE = " -DWITH_MAN=0 -DPYTHON_INSTALL_DIR=${PYTHON_SITEPACKAGES_DIR} -DPYTHON_DESIRED=3"
@@ -49,7 +49,6 @@ RDEPENDS:${PN} += " \
   python3-sqlite3 \
   python3-compression \
   python3-rpm \
-  python3-iniparse \
   python3-json \
   python3-curses \
   python3-misc \
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest b/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
index 279923db8e..1857a17189 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
@@ -1,7 +1,8 @@
 #!/bin/sh
 
+set -eux
 cd ./test
-SKIP_SLOW_TESTS=yes ./test_script | sed -u -e '/:[[:space:]]ok/s/^/PASS: /' -e '/:[[:space:]]failed/s/^/FAIL: /' -e '/:[[:space:]]skipped/s/^/SKIP: /'
+SKIP_SLOW_TESTS=yes ./test_script | sed -e '/:[[:space:]]ok/s/^/PASS: /' -e '/:[[:space:]]failed/s/^/FAIL: /' -e '/:[[:space:]]skipped/s/^/SKIP: /'
 rm -rf /var/volatile/tmp/*e2fsprogs*
 rm -f tmp-*
 rm -f *.tmp
diff --git a/meta/recipes-devtools/elfutils/elfutils_0.191.bb b/meta/recipes-devtools/elfutils/elfutils_0.191.bb
index c4d872430b..bab3d94d12 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.191.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.191.bb
@@ -23,6 +23,10 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
            file://0001-tests-Makefile.am-compile-test_nlist-with-standard-C.patch \
            file://0001-debuginfod-Remove-unused-variable.patch \
            file://0001-srcfiles-fix-unused-variable-BUFFER_SIZE.patch \
+           file://CVE-2025-1352.patch \
+           file://CVE-2025-1365.patch \
+           file://CVE-2025-1372.patch \
+           file://CVE-2025-1371.patch \
            "
 SRC_URI:append:libc-musl = " \
            file://0003-musl-utils.patch \
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1352.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1352.patch
new file mode 100644
index 0000000000..5710905449
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1352.patch
@@ -0,0 +1,153 @@
+From 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sat, 8 Feb 2025 20:00:12 +0100
+Subject: [PATCH] libdw: Simplify __libdw_getabbrev and fix dwarf_offabbrev
+ issue
+
+__libdw_getabbrev could crash on reading a bad abbrev by trying to
+deallocate memory it didn't allocate itself. This could happen because
+dwarf_offabbrev would supply its own memory when calling
+__libdw_getabbrev. No other caller did this.
+
+Simplify the __libdw_getabbrev common code by not taking external
+memory to put the abbrev result in (this would also not work correctly
+if the abbrev was already cached). And make dwarf_offabbrev explicitly
+copy the result (if there was no error or end of abbrev).
+
+     * libdw/dwarf_getabbrev.c (__libdw_getabbrev): Don't take
+     Dwarf_Abbrev result argument. Always just allocate abb when
+     abbrev not found in cache.
+     (dwarf_getabbrev): Don't pass NULL as last argument to
+     __libdw_getabbrev.
+    * libdw/dwarf_tag.c (__libdw_findabbrev): Likewise.
+    * libdw/dwarf_offabbrev.c (dwarf_offabbrev): Likewise. And copy
+    abbrev into abbrevp on success.
+    * libdw/libdw.h (dwarf_offabbrev): Document return values.
+    * libdw/libdwP.h (__libdw_getabbrev): Don't take Dwarf_Abbrev
+    result argument.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32650
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=2636426a091bd6c6f7f02e49ab20d4cdc6bfc753]
+CVE: CVE-2025-1352
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libdw/dwarf_getabbrev.c | 12 ++++--------
+ libdw/dwarf_offabbrev.c | 10 +++++++---
+ libdw/dwarf_tag.c       |  3 +--
+ libdw/libdw.h           |  4 +++-
+ libdw/libdwP.h          |  3 +--
+ 5 files changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/libdw/dwarf_getabbrev.c b/libdw/dwarf_getabbrev.c
+index 5b02333..d9a6c02 100644
+--- a/libdw/dwarf_getabbrev.c
++++ b/libdw/dwarf_getabbrev.c
+@@ -1,5 +1,6 @@
+ /* Get abbreviation at given offset.
+    Copyright (C) 2003, 2004, 2005, 2006, 2014, 2017 Red Hat, Inc.
++   Copyright (C) 2025 Mark J. Wielaard <mark@klomp.org>
+    This file is part of elfutils.
+    Written by Ulrich Drepper <drepper@redhat.com>, 2003.
+ 
+@@ -38,7 +39,7 @@
+ Dwarf_Abbrev *
+ internal_function
+ __libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu, Dwarf_Off offset,
+-                  size_t *lengthp, Dwarf_Abbrev *result)
++                  size_t *lengthp)
+ {
+   /* Don't fail if there is not .debug_abbrev section.  */
+   if (dbg->sectiondata[IDX_debug_abbrev] == NULL)
+@@ -85,12 +86,7 @@ __libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu, Dwarf_Off offset,
+   Dwarf_Abbrev *abb = NULL;
+   if (cu == NULL
+       || (abb = Dwarf_Abbrev_Hash_find (&cu->abbrev_hash, code)) == NULL)
+-    {
+-      if (result == NULL)
+-       abb = libdw_typed_alloc (dbg, Dwarf_Abbrev);
+-      else
+-       abb = result;
+-    }
++    abb = libdw_typed_alloc (dbg, Dwarf_Abbrev);
+   else
+     {
+       foundit = true;
+@@ -183,5 +179,5 @@ dwarf_getabbrev (Dwarf_Die *die, Dwarf_Off offset, size_t *lengthp)
+       return NULL;
+     }
+ 
+-  return __libdw_getabbrev (dbg, cu, abbrev_offset + offset, lengthp, NULL);
++  return __libdw_getabbrev (dbg, cu, abbrev_offset + offset, lengthp);
+ }
+diff --git a/libdw/dwarf_offabbrev.c b/libdw/dwarf_offabbrev.c
+index 27cdad6..41df69b 100644
+--- a/libdw/dwarf_offabbrev.c
++++ b/libdw/dwarf_offabbrev.c
+@@ -41,11 +41,15 @@ dwarf_offabbrev (Dwarf *dbg, Dwarf_Off offset, size_t *lengthp,
+   if (dbg == NULL)
+     return -1;
+ 
+-  Dwarf_Abbrev *abbrev = __libdw_getabbrev (dbg, NULL, offset, lengthp,
+-                                           abbrevp);
++  Dwarf_Abbrev *abbrev = __libdw_getabbrev (dbg, NULL, offset, lengthp);
+ 
+   if (abbrev == NULL)
+     return -1;
+ 
+-  return abbrev == DWARF_END_ABBREV ? 1 : 0;
++  if (abbrev == DWARF_END_ABBREV)
++    return 1;
++
++  *abbrevp = *abbrev;
++
++  return 0;
+ }
+diff --git a/libdw/dwarf_tag.c b/libdw/dwarf_tag.c
+index d784970..218382a 100644
+--- a/libdw/dwarf_tag.c
++++ b/libdw/dwarf_tag.c
+@@ -53,8 +53,7 @@ __libdw_findabbrev (struct Dwarf_CU *cu, unsigned int code)
+ 
+        /* Find the next entry.  It gets automatically added to the
+           hash table.  */
+-       abb = __libdw_getabbrev (cu->dbg, cu, cu->last_abbrev_offset, &length,
+-                                NULL);
++       abb = __libdw_getabbrev (cu->dbg, cu, cu->last_abbrev_offset, &length);
+        if (abb == NULL || abb == DWARF_END_ABBREV)
+          {
+            /* Make sure we do not try to search for it again.  */
+diff --git a/libdw/libdw.h b/libdw/libdw.h
+index d53dc78..ec4713a 100644
+--- a/libdw/libdw.h
++++ b/libdw/libdw.h
+@@ -587,7 +587,9 @@ extern int dwarf_srclang (Dwarf_Die *die);
+ extern Dwarf_Abbrev *dwarf_getabbrev (Dwarf_Die *die, Dwarf_Off offset,
+                                      size_t *lengthp);
+ 
+-/* Get abbreviation at given offset in .debug_abbrev section.  */
++/* Get abbreviation at given offset in .debug_abbrev section.  On
++   success return zero and fills in ABBREVP.  When there is no (more)
++   abbrev at offset returns one.  On error returns a negative value.  */
+ extern int dwarf_offabbrev (Dwarf *dbg, Dwarf_Off offset, size_t *lengthp,
+                            Dwarf_Abbrev *abbrevp)
+      __nonnull_attribute__ (4);
+diff --git a/libdw/libdwP.h b/libdw/libdwP.h
+index 8b2f06f..f0f4b78 100644
+--- a/libdw/libdwP.h
++++ b/libdw/libdwP.h
+@@ -783,8 +783,7 @@ extern Dwarf_Abbrev *__libdw_findabbrev (struct Dwarf_CU *cu,
+ 
+ /* Get abbreviation at given offset.  */
+ extern Dwarf_Abbrev *__libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu,
+-                                       Dwarf_Off offset, size_t *lengthp,
+-                                       Dwarf_Abbrev *result)
++                                       Dwarf_Off offset, size_t *lengthp)
+      __nonnull_attribute__ (1) internal_function;
+ 
+ /* Get abbreviation of given DIE, and optionally set *READP to the DIE memory
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1365.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1365.patch
new file mode 100644
index 0000000000..002ce334a3
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1365.patch
@@ -0,0 +1,151 @@
+From 5e5c0394d82c53e97750fe7b18023e6f84157b81 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sat, 8 Feb 2025 21:44:56 +0100
+Subject: [PATCH] libelf, readelf: Use validate_str also to check dynamic
+ symstr data
+
+When dynsym/str was read through eu-readelf --dynamic by readelf
+process_symtab the string data was not validated, possibly printing
+unallocated memory past the end of the symstr data. Fix this by
+turning the elf_strptr validate_str function into a generic
+lib/system.h helper function and use it in readelf to validate the
+strings before use.
+
+        * libelf/elf_strptr.c (validate_str): Remove to...
+        * lib/system.h (validate_str): ... here. Make inline, simplify
+        check and document.
+        * src/readelf.c (process_symtab): Use validate_str on symstr_data.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32654
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=5e5c0394d82c53e97750fe7b18023e6f84157b81]
+CVE: CVE-2025-1365
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ lib/system.h        | 27 +++++++++++++++++++++++++++
+ libelf/elf_strptr.c | 18 ------------------
+ src/readelf.c       | 18 +++++++++++++++---
+ 3 files changed, 42 insertions(+), 21 deletions(-)
+
+diff --git a/lib/system.h b/lib/system.h
+index 0db12d9..0698e5f 100644
+--- a/lib/system.h
++++ b/lib/system.h
+@@ -34,6 +34,7 @@
+ #include <config.h>
+ 
+ #include <errno.h>
++#include <stdbool.h>
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <string.h>
+@@ -117,6 +118,32 @@ startswith (const char *str, const char *prefix)
+   return strncmp (str, prefix, strlen (prefix)) == 0;
+ }
+ 
++/* Return TRUE if STR[FROM] is a valid string with a zero terminator
++   at or before STR[TO - 1].  Note FROM is an index into the STR
++   array, while TO is the maximum size of the STR array.  This
++   function returns FALSE when TO is zero or FROM >= TO.  */
++static inline bool
++validate_str (const char *str, size_t from, size_t to)
++{
++#if HAVE_DECL_MEMRCHR
++  // Check end first, which is likely a zero terminator,
++  // to prevent function call
++  return (to > 0
++         && (str[to - 1] == '\0'
++             || (to > from
++                 && memrchr (&str[from], '\0', to - from - 1) != NULL)));
++#else
++  do {
++    if (to <= from)
++      return false;
++
++    to--;
++  } while (str[to]);
++
++  return true;
++#endif
++}
++
+ /* A special gettext function we use if the strings are too short.  */
+ #define sgettext(Str) \
+   ({ const char *__res = strrchr (_(Str), '|');                              \
+diff --git a/libelf/elf_strptr.c b/libelf/elf_strptr.c
+index 79a24d2..c5a94f8 100644
+--- a/libelf/elf_strptr.c
++++ b/libelf/elf_strptr.c
+@@ -53,24 +53,6 @@ get_zdata (Elf_Scn *strscn)
+   return zdata;
+ }
+ 
+-static bool validate_str (const char *str, size_t from, size_t to)
+-{
+-#if HAVE_DECL_MEMRCHR
+-  // Check end first, which is likely a zero terminator, to prevent function call
+-  return ((to > 0 && str[to - 1]  == '\0')
+-         || (to - from > 0 && memrchr (&str[from], '\0', to - from - 1) != NULL));
+-#else
+-  do {
+-    if (to <= from)
+-      return false;
+-
+-    to--;
+-  } while (str[to]);
+-
+-  return true;
+-#endif
+-}
+-
+ char *
+ elf_strptr (Elf *elf, size_t idx, size_t offset)
+ {
+diff --git a/src/readelf.c b/src/readelf.c
+index 0e93118..63eb548 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -2639,6 +2639,7 @@ process_symtab (Ebl *ebl, unsigned int nsyms, Elf64_Word idx,
+       char typebuf[64];
+       char bindbuf[64];
+       char scnbuf[64];
++      const char *sym_name;
+       Elf32_Word xndx;
+       GElf_Sym sym_mem;
+       GElf_Sym *sym
+@@ -2650,6 +2651,19 @@ process_symtab (Ebl *ebl, unsigned int nsyms, Elf64_Word idx,
+       /* Determine the real section index.  */
+       if (likely (sym->st_shndx != SHN_XINDEX))
+         xndx = sym->st_shndx;
++      if (use_dynamic_segment == true)
++       {
++         if (validate_str (symstr_data->d_buf, sym->st_name,
++                           symstr_data->d_size))
++           sym_name = (char *)symstr_data->d_buf + sym->st_name;
++         else
++           sym_name = NULL;
++       }
++      else
++       sym_name = elf_strptr (ebl->elf, idx, sym->st_name);
++
++      if (sym_name == NULL)
++       sym_name = "???";
+ 
+       printf (_ ("\
+ %5u: %0*" PRIx64 " %6" PRId64 " %-7s %-6s %-9s %6s %s"),
+@@ -2662,9 +2676,7 @@ process_symtab (Ebl *ebl, unsigned int nsyms, Elf64_Word idx,
+               get_visibility_type (GELF_ST_VISIBILITY (sym->st_other)),
+               ebl_section_name (ebl, sym->st_shndx, xndx, scnbuf,
+                                 sizeof (scnbuf), NULL, shnum),
+-              use_dynamic_segment == true
+-                  ? (char *)symstr_data->d_buf + sym->st_name
+-                  : elf_strptr (ebl->elf, idx, sym->st_name));
++              sym_name);
+ 
+       if (versym_data != NULL)
+         {
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1371.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1371.patch
new file mode 100644
index 0000000000..ebb57bd4e5
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1371.patch
@@ -0,0 +1,41 @@
+From b38e562a4c907e08171c76b8b2def8464d5a104a Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sun, 9 Feb 2025 00:07:13 +0100
+Subject: [PATCH] readelf: Handle NULL phdr in handle_dynamic_symtab
+
+A corrupt ELF file can have broken program headers, in which case
+gelf_getphdr returns NULL. This could crash handle_dynamic_symtab
+while searching for the PT_DYNAMIC phdr. Fix this by checking whether
+gelf_phdr returns NULL.
+
+          * src/readelf.c (handle_dynamic_symtab): Check whether
+          gelf_getphdr returns NULL.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32655
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+CVE: CVE-2025-1371
+
+Upstream-Status: Backport [https://sourceware.org/cgit/elfutils/commit/?id=b38e562a4c907e08171c76b8b2def8464d5a104a]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/readelf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index fc04556..13344bf 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -2912,7 +2912,7 @@ handle_dynamic_symtab (Ebl *ebl)
+   for (size_t i = 0; i < phnum; ++i)
+     {
+       phdr = gelf_getphdr (ebl->elf, i, &phdr_mem);
+-      if (phdr->p_type == PT_DYNAMIC)
++      if (phdr == NULL || phdr->p_type == PT_DYNAMIC)
+        break;
+     }
+   if (phdr == NULL)
+--
+2.40.0
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1372.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1372.patch
new file mode 100644
index 0000000000..812a098447
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1372.patch
@@ -0,0 +1,50 @@
+From 73db9d2021cab9e23fd734b0a76a612d52a6f1db Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sun, 9 Feb 2025 00:07:39 +0100
+Subject: [PATCH] readelf: Skip trying to uncompress sections without a name
+
+When combining eu-readelf -z with -x or -p to dump the data or strings
+in an (corrupted ELF) unnamed numbered section eu-readelf could crash
+trying to check whether the section name starts with .zdebug. Fix this
+by skipping sections without a name.
+
+   * src/readelf.c (dump_data_section): Don't try to gnu decompress a
+   section without a name.
+   (print_string_section): Likewise.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32656
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=73db9d2021cab9e23fd734b0a76a612d52a6f1db]
+CVE: CVE-2025-1372
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 63eb548..fc04556 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -13327,7 +13327,7 @@ dump_data_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
+                        _("Couldn't uncompress section"),
+                        elf_ndxscn (scn));
+            }
+-         else if (startswith (name, ".zdebug"))
++         else if (name && startswith (name, ".zdebug"))
+            {
+              if (elf_compress_gnu (scn, 0, 0) < 0)
+                printf ("WARNING: %s [%zd]\n",
+@@ -13378,7 +13378,7 @@ print_string_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
+                        _("Couldn't uncompress section"),
+                        elf_ndxscn (scn));
+            }
+-         else if (startswith (name, ".zdebug"))
++         else if (name && startswith (name, ".zdebug"))
+            {
+              if (elf_compress_gnu (scn, 0, 0) < 0)
+                printf ("WARNING: %s [%zd]\n",
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/gcc/gcc-13.3.inc b/meta/recipes-devtools/gcc/gcc-13.4.inc
index 90f5ef88a9..eefae13530 100644
--- a/meta/recipes-devtools/gcc/gcc-13.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-13.4.inc
@@ -2,11 +2,11 @@ require gcc-common.inc
 
 # Third digit in PV should be incremented after a minor release
 
-PV = "13.3.0"
+PV = "13.4.0"
 
 # BINV should be incremented to a revision after a minor gcc release
 
-BINV = "13.3.0"
+BINV = "13.4.0"
 
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc:${FILE_DIRNAME}/gcc/backport:"
 
@@ -67,7 +67,7 @@ SRC_URI = "${BASEURI} \
            file://0025-gcc-testsuite-tweaks-for-mips-OE.patch \
            file://0027-Fix-gcc-vect-module-testcases.patch \
 "
-SRC_URI[sha256sum] = "0845e9621c9543a13f484e94584a49ffc0129970e9914624235fc1d061a0c083"
+SRC_URI[sha256sum] = "9c4ce6dbb040568fdc545588ac03c5cbc95a8dbf0c7aa490170843afb59ca8f5"
 
 S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/${SOURCEDIR}"
 B = "${WORKDIR}/gcc-${PV}/build.${HOST_SYS}.${TARGET_SYS}"
diff --git a/meta/recipes-devtools/gcc/gcc-common.inc b/meta/recipes-devtools/gcc/gcc-common.inc
index 5ac82b1b57..01de93cc3c 100644
--- a/meta/recipes-devtools/gcc/gcc-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-common.inc
@@ -116,3 +116,29 @@ target_prefix ?= "${prefix}"
 # The real WORKDIR location isn't a dependency for the shared workdir.
 src_patches[vardepsexclude] = "WORKDIR"
 should_apply[vardepsexclude] += "PN"
+
+remove_sysroot_paths_from_configargs () {
+        replacement=${1}
+        # Prevent sysroot path from being used in configargs.h header, as it will
+        # be rewritten when used by other sysroots preventing support for gcc
+        # plugins. Additionally the path is embeddeded into the output binary, this
+        # prevents building a reproducible binary.
+        oe_runmake configure-gcc
+        sed -i "s@${STAGING_DIR_TARGET}@$replacement@g" ${B}/gcc/configargs.h
+        sed -i "s@${STAGING_DIR_HOST}@/$replacement@g" ${B}/gcc/configargs.h
+}
+
+remove_sysroot_paths_from_checksum_options () {
+        stagingdir=${1}
+        replacement=${2}
+        # Prevent sysroot/workdir paths from being used in checksum-options.
+        # checksum-options is used to generate a checksum which is embedded into
+        # the output binary.
+        oe_runmake TARGET-gcc=checksum-options all-gcc
+        sed -i "s@${DEBUG_PREFIX_MAP}@@g" ${B}/gcc/checksum-options
+        sed -i "s@$stagingdir@$replacement@g" ${B}/gcc/checksum-options
+}
+
+cleanup_installed_include_fixed () {
+        find ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include-fixed -type f -not -name "README" -not -name limits.h -not -name syslimits.h | xargs rm -f
+}
diff --git a/meta/recipes-devtools/gcc/gcc-configure-common.inc b/meta/recipes-devtools/gcc/gcc-configure-common.inc
index dba25eb754..bc17f10468 100644
--- a/meta/recipes-devtools/gcc/gcc-configure-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-configure-common.inc
@@ -119,4 +119,3 @@ do_configure () {
 
         oe_runconf
 }
-
diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian.inc b/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
index ec87b46219..69ca18bf6e 100644
--- a/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
+++ b/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
@@ -63,6 +63,9 @@ do_configure () {
 }
 
 do_compile () {
+        remove_sysroot_paths_from_configargs '/host'
+        remove_sysroot_paths_from_checksum_options '${STAGING_DIR_HOST}' '/host'
+
         oe_runmake all-host configure-target-libgcc
         (cd ${B}/${TARGET_SYS}/libgcc; oe_runmake enable-execute-stack.c unwind.h md-unwind-support.h sfp-machine.h gthr-default.h)
 }
@@ -171,6 +174,8 @@ do_install () {
                         done
                 done
         done
+
+        cleanup_installed_include_fixed
 }
 
 ELFUTILS = "nativesdk-elfutils"
diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian_13.3.bb b/meta/recipes-devtools/gcc/gcc-cross-canadian_13.4.bb
index bf53c5cd78..bf53c5cd78 100644
--- a/meta/recipes-devtools/gcc/gcc-cross-canadian_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-cross-canadian_13.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-cross.inc b/meta/recipes-devtools/gcc/gcc-cross.inc
index a540fb2434..9c8cc94c3a 100644
--- a/meta/recipes-devtools/gcc/gcc-cross.inc
+++ b/meta/recipes-devtools/gcc/gcc-cross.inc
@@ -61,19 +61,8 @@ do_compile () {
         export CXXFLAGS_FOR_TARGET="${TARGET_CXXFLAGS}"
         export LDFLAGS_FOR_TARGET="${TARGET_LDFLAGS}"
 
-        # Prevent native/host sysroot path from being used in configargs.h header,
-        # as it will be rewritten when used by other sysroots preventing support
-        # for gcc plugins
-        oe_runmake configure-gcc
-        sed -i 's@${STAGING_DIR_TARGET}@/host@g' ${B}/gcc/configargs.h
-        sed -i 's@${STAGING_DIR_HOST}@/host@g' ${B}/gcc/configargs.h
-
-        # Prevent sysroot/workdir paths from being used in checksum-options.
-        # checksum-options is used to generate a checksum which is embedded into
-        # the output binary.
-        oe_runmake TARGET-gcc=checksum-options all-gcc
-        sed -i 's@${DEBUG_PREFIX_MAP}@@g' ${B}/gcc/checksum-options
-        sed -i 's@${STAGING_DIR_HOST}@/host@g' ${B}/gcc/checksum-options
+        remove_sysroot_paths_from_configargs '/host'
+        remove_sysroot_paths_from_checksum_options '${STAGING_DIR_HOST}' '/host'
 
         oe_runmake all-host configure-target-libgcc
         (cd ${B}/${TARGET_SYS}/libgcc; oe_runmake enable-execute-stack.c unwind.h md-unwind-support.h sfp-machine.h gthr-default.h)
@@ -119,7 +108,7 @@ do_install () {
         cp ${S}/libquadmath/quadmath.h ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include/
         cp ${S}/libquadmath/quadmath_weak.h ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include/
 
-        find ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include-fixed -type f -not -name "README" -not -name limits.h -not -name syslimits.h | xargs rm -f
+        cleanup_installed_include_fixed
 
         # install LTO linker plugins where binutils tools can find it
         install -d ${D}${libdir}/bfd-plugins
diff --git a/meta/recipes-devtools/gcc/gcc-cross_13.3.bb b/meta/recipes-devtools/gcc/gcc-cross_13.4.bb
index b43cca0c52..b43cca0c52 100644
--- a/meta/recipes-devtools/gcc/gcc-cross_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-cross_13.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk_13.3.bb b/meta/recipes-devtools/gcc/gcc-crosssdk_13.4.bb
index 40a6c4feff..40a6c4feff 100644
--- a/meta/recipes-devtools/gcc/gcc-crosssdk_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-crosssdk_13.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-runtime_13.3.bb b/meta/recipes-devtools/gcc/gcc-runtime_13.4.bb
index dd430b57eb..dd430b57eb 100644
--- a/meta/recipes-devtools/gcc/gcc-runtime_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-runtime_13.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-sanitizers_13.3.bb b/meta/recipes-devtools/gcc/gcc-sanitizers_13.4.bb
index 8bda2ccad6..8bda2ccad6 100644
--- a/meta/recipes-devtools/gcc/gcc-sanitizers_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-sanitizers_13.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-source_13.3.bb b/meta/recipes-devtools/gcc/gcc-source_13.4.bb
index b890fa33ea..b890fa33ea 100644
--- a/meta/recipes-devtools/gcc/gcc-source_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-source_13.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-target.inc b/meta/recipes-devtools/gcc/gcc-target.inc
index 7dac3ef422..08141f32e6 100644
--- a/meta/recipes-devtools/gcc/gcc-target.inc
+++ b/meta/recipes-devtools/gcc/gcc-target.inc
@@ -140,20 +140,8 @@ FILES:${PN}-doc = "\
 "
 
 do_compile () {
-        # Prevent full target sysroot path from being used in configargs.h header,
-        # as it will be rewritten when used by other sysroots preventing support
-        # for gcc plugins. Additionally the path is embeddeded into the output
-        # binary, this prevents building a reproducible binary.
-        oe_runmake configure-gcc
-        sed -i 's@${STAGING_DIR_TARGET}@/@g' ${B}/gcc/configargs.h
-        sed -i 's@${STAGING_DIR_HOST}@/@g' ${B}/gcc/configargs.h
-
-        # Prevent sysroot/workdir paths from being used in checksum-options.
-        # checksum-options is used to generate a checksum which is embedded into
-        # the output binary.
-        oe_runmake TARGET-gcc=checksum-options all-gcc
-        sed -i 's@${DEBUG_PREFIX_MAP}@@g' ${B}/gcc/checksum-options
-        sed -i 's@${STAGING_DIR_TARGET}@/@g' ${B}/gcc/checksum-options
+        remove_sysroot_paths_from_configargs '/'
+        remove_sysroot_paths_from_checksum_options '${STAGING_DIR_TARGET}' '/'
 
         oe_runmake all-host
 }
@@ -218,37 +206,8 @@ do_install () {
         install -d ${D}${libdir}/bfd-plugins
         ln -sf ${libexecdir}/gcc/${TARGET_SYS}/${BINV}/liblto_plugin.so ${D}${libdir}/bfd-plugins/liblto_plugin.so
         chown -R root:root ${D}
-}
 
-do_install:append () {
-        #
-        # Thefixinc.sh script, run on the gcc's compile phase, looks into sysroot header
-        # files and places the modified files into
-        # {D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include-fixed folder. This makes the
-        # build not deterministic. The following code prunes all those headers
-        # except those under include-fixed/linux, *limits.h and README, yielding
-        # the same include-fixed folders no matter what sysroot
-
-        include_fixed="${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include-fixed"
-        for f in $(find ${include_fixed} -type f); do
-                case $f in
-                */include-fixed/linux/*)
-                    continue
-                    ;;
-                */include-fixed/*limits.h)
-                    continue
-                    ;;
-                */include-fixed/README)
-                    continue
-                    ;;
-                *)
-                    # remove file and directory if empty
-                    bbdebug 2 "Pruning $f"
-                    rm $f
-                    find $(dirname $f) -maxdepth 0 -empty -exec rmdir {} \;
-                    ;;
-                esac
-        done
+        cleanup_installed_include_fixed
 }
 
 # Installing /usr/lib/gcc/* means we'd have two copies, one from gcc-cross
diff --git a/meta/recipes-devtools/gcc/gcc-testsuite.inc b/meta/recipes-devtools/gcc/gcc-testsuite.inc
index f16d471478..eb9ddead08 100644
--- a/meta/recipes-devtools/gcc/gcc-testsuite.inc
+++ b/meta/recipes-devtools/gcc/gcc-testsuite.inc
@@ -53,8 +53,8 @@ python check_prepare() {
         #   - valid for x86*, powerpc, arm, arm64
         if qemu_binary.endswith(("x86_64", "i386", "arm", "aarch64")):
             args += ["-cpu", "max"]
-        elif qemu_binary.endswith(("ppc", "mips", "mips64")):
-            extra = d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH'))
+        else:
+            extra = d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('TUNE_PKGARCH'))
             if extra:
                 args += extra.split()
         # For mips64 we could set a maximal CPU (e.g. Loongson-3A4000) however they either have MSA
diff --git a/meta/recipes-devtools/gcc/gcc_13.3.bb b/meta/recipes-devtools/gcc/gcc_13.4.bb
index 255fe552bd..255fe552bd 100644
--- a/meta/recipes-devtools/gcc/gcc_13.3.bb
+++ b/meta/recipes-devtools/gcc/gcc_13.4.bb
diff --git a/meta/recipes-devtools/gcc/libgcc-initial_13.3.bb b/meta/recipes-devtools/gcc/libgcc-initial_13.4.bb
index a259082b47..a259082b47 100644
--- a/meta/recipes-devtools/gcc/libgcc-initial_13.3.bb
+++ b/meta/recipes-devtools/gcc/libgcc-initial_13.4.bb
diff --git a/meta/recipes-devtools/gcc/libgcc_13.3.bb b/meta/recipes-devtools/gcc/libgcc_13.4.bb
index fdcd6cc0da..fdcd6cc0da 100644
--- a/meta/recipes-devtools/gcc/libgcc_13.3.bb
+++ b/meta/recipes-devtools/gcc/libgcc_13.4.bb
diff --git a/meta/recipes-devtools/gcc/libgfortran.inc b/meta/recipes-devtools/gcc/libgfortran.inc
index c68645e392..2a08872c25 100644
--- a/meta/recipes-devtools/gcc/libgfortran.inc
+++ b/meta/recipes-devtools/gcc/libgfortran.inc
@@ -8,7 +8,7 @@ EXTRA_OECONF_PATHS = "\
 # An arm hard float target like raspberrypi4 won't build
 # as CFLAGS don't make it to the fortran compiler otherwise
 # (the configure script sets FC to $GFORTRAN unconditionally)
-export GFORTRAN = "${FC}"
+export GFORTRAN = "${FC} -fcanon-prefix-map -fdebug-prefix-map=${S}=${TARGET_DBGSRC_DIR} -fdebug-prefix-map=${B}=${TARGET_DBGSRC_DIR} -gno-record-gcc-switches"
 
 do_configure () {
         for target in libbacktrace libgfortran
diff --git a/meta/recipes-devtools/gcc/libgfortran_13.3.bb b/meta/recipes-devtools/gcc/libgfortran_13.4.bb
index 71dd8b4bdc..71dd8b4bdc 100644
--- a/meta/recipes-devtools/gcc/libgfortran_13.3.bb
+++ b/meta/recipes-devtools/gcc/libgfortran_13.4.bb
diff --git a/meta/recipes-devtools/git/git/environment.d-git.sh b/meta/recipes-devtools/git/git/environment.d-git.sh
new file mode 100644
index 0000000000..9c7b5a9251
--- /dev/null
+++ b/meta/recipes-devtools/git/git/environment.d-git.sh
@@ -0,0 +1,19 @@
+# Respect host env GIT_SSL_CAINFO/GIT_SSL_CAPATH first, then auto-detected host cert, then cert in buildtools
+# CAFILE/CAPATH is auto-deteced when source buildtools
+if [ -z "$GIT_SSL_CAINFO" ]; then
+        if [ -n "$CAFILE" ];then
+                export GIT_SSL_CAINFO="$CAFILE"
+        elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+                export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
+        fi
+fi
+
+if [ -z "$GIT_SSL_CAPATH" ]; then
+        if [ -n "$CAPATH" ];then
+                export GIT_SSL_CAPATH="$CAPATH"
+        elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+                export GIT_SSL_CAPATH="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs"
+        fi
+fi
+
+export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} GIT_SSL_CAINFO GIT_SSL_CAPATH"
diff --git a/meta/recipes-devtools/git/git_2.44.1.bb b/meta/recipes-devtools/git/git_2.44.3.bb
index 53d67eb40a..7b33d6071e 100644
--- a/meta/recipes-devtools/git/git_2.44.1.bb
+++ b/meta/recipes-devtools/git/git_2.44.3.bb
@@ -13,6 +13,10 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
            file://0001-config.mak.uname-do-not-force-RHEL-7-specific-build-.patch \
            "
 
+SRC_URI:append:class-nativesdk = " \
+           file://environment.d-git.sh \
+           "
+
 S = "${WORKDIR}/git-${PV}"
 
 LIC_FILES_CHKSUM = "\
@@ -115,6 +119,9 @@ do_install:append:class-nativesdk() {
                 GIT_EXEC_PATH='`dirname $''realpath`'/${REL_GIT_EXEC_PATH} \
                 GIT_TEMPLATE_DIR='`dirname $''realpath`'/${REL_GIT_TEMPLATE_DIR}
         perl_native_fixup
+
+        mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+        install -m 644 ${WORKDIR}/environment.d-git.sh ${D}${SDKPATHNATIVE}/environment-setup.d/git.sh
 }
 
 FILES:${PN} += "${datadir}/git-core ${libexecdir}/git-core/"
@@ -155,6 +162,7 @@ FILES:${PN}-tk = " \
 
 PACKAGES =+ "gitweb"
 FILES:gitweb = "${datadir}/gitweb/"
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/git.sh"
 RDEPENDS:gitweb = "perl"
 
 BBCLASSEXTEND = "native nativesdk"
@@ -164,4 +172,4 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
                  "
 EXTRA_OEMAKE += "NO_GETTEXT=1"
 
-SRC_URI[tarball.sha256sum] = "118214bb8d7ba971a62741416e757562b8f5451cefc087a407e91857897c92cc"
+SRC_URI[tarball.sha256sum] = "4237c37cdf7b3d38102117b22993b2f761a4c02758dfbe33f7b7423c0b096ca9"
diff --git a/meta/recipes-devtools/go/go-1.22.6.inc b/meta/recipes-devtools/go/go-1.22.12.inc
index 834debaf9b..b154aa3984 100644
--- a/meta/recipes-devtools/go/go-1.22.6.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -14,5 +14,7 @@ SRC_URI += "\
     file://0007-exec.go-filter-out-build-specific-paths-from-linker-.patch \
     file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
     file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
+    file://CVE-2025-22870.patch \
+    file://CVE-2025-22871.patch \
 "
-SRC_URI[main.sha256sum] = "9e48d99d519882579917d8189c17e98c373ce25abaebb98772e2927088992a51"
+SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.22.6.bb b/meta/recipes-devtools/go/go-binary-native_1.22.12.bb
index ea4577f20a..b15b60a691 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.22.6.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.22.12.bb
@@ -9,14 +9,15 @@ PROVIDES = "go-native"
 
 # Checksums available at https://go.dev/dl/
 SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "999805bed7d9039ec3da1a53bfbcafc13e367da52aa823cb60b68ba22d44c616"
-SRC_URI[go_linux_arm64.sha256sum] = "c15fa895341b8eaf7f219fada25c36a610eb042985dc1a912410c1c90098eaf2"
-SRC_URI[go_linux_ppc64le.sha256sum] = "9d99fce3f6f72a76630fe91ec0884dfe3db828def4713368424900fa98bb2bd6"
+SRC_URI[go_linux_amd64.sha256sum] = "4fa4f869b0f7fc6bb1eb2660e74657fbf04cdd290b5aef905585c86051b34d43"
+SRC_URI[go_linux_arm64.sha256sum] = "fd017e647ec28525e86ae8203236e0653242722a7436929b1f775744e26278e7"
+SRC_URI[go_linux_ppc64le.sha256sum] = "9573d30003b0796717a99d9e2e96c48fddd4fc0f29d840f212c503b03d7de112"
 
 UPSTREAM_CHECK_URI = "https://golang.org/dl/"
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
 
 CVE_PRODUCT = "golang:go"
+CVE_STATUS[CVE-2024-3566] = "not-applicable-platform: Issue only applies on Windows"
 
 S = "${WORKDIR}/go"
 
diff --git a/meta/recipes-devtools/go/go-common.inc b/meta/recipes-devtools/go/go-common.inc
index db165792dc..a39dea6c1c 100644
--- a/meta/recipes-devtools/go/go-common.inc
+++ b/meta/recipes-devtools/go/go-common.inc
@@ -21,6 +21,7 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar"
 
 # all recipe variants are created from the same product
 CVE_PRODUCT = "golang:go"
+CVE_STATUS[CVE-2024-3566] = "not-applicable-platform: Issue only applies on Windows"
 
 INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
 SSTATE_SCAN_CMD = "true"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.22.6.bb b/meta/recipes-devtools/go/go-cross-canadian_1.22.12.bb
index 7ac9449e47..7ac9449e47 100644
--- a/meta/recipes-devtools/go/go-cross-canadian_1.22.6.bb
+++ b/meta/recipes-devtools/go/go-cross-canadian_1.22.12.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.22.6.bb b/meta/recipes-devtools/go/go-cross_1.22.12.bb
index 80b5a03f6c..80b5a03f6c 100644
--- a/meta/recipes-devtools/go/go-cross_1.22.6.bb
+++ b/meta/recipes-devtools/go/go-cross_1.22.12.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.22.6.bb b/meta/recipes-devtools/go/go-crosssdk_1.22.12.bb
index 1857c8a577..1857c8a577 100644
--- a/meta/recipes-devtools/go/go-crosssdk_1.22.6.bb
+++ b/meta/recipes-devtools/go/go-crosssdk_1.22.12.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.22.6.bb b/meta/recipes-devtools/go/go-runtime_1.22.12.bb
index 63464a1501..63464a1501 100644
--- a/meta/recipes-devtools/go/go-runtime_1.22.6.bb
+++ b/meta/recipes-devtools/go/go-runtime_1.22.12.bb
diff --git a/meta/recipes-devtools/go/go/CVE-2025-22870.patch b/meta/recipes-devtools/go/go/CVE-2025-22870.patch
new file mode 100644
index 0000000000..6ed394c8e5
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2025-22870.patch
@@ -0,0 +1,80 @@
+From 25177ecde0922c50753c043579d17828b7ee88e7 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Wed, 26 Feb 2025 16:08:57 -0800
+Subject: [PATCH] all: updated vendored x/net with security fix
+
+0b6d719 [internal-branch.go1.23-vendor] proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
+
+Fixes CVE-2025-22870
+For #71985
+
+Change-Id: Ib72c96bd0ab44d9ed2ac1428e0a9fc245464b3fc
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2141
+Commit-Queue: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Neal Patel <nealpatel@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/654695
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-by: Michael Pratt <mpratt@google.com>
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+Auto-Submit: Junyang Shao <shaojunyang@google.com>
+
+CVE: CVE-2025-22870
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/cmd/internal/moddeps/moddeps_test.go            |  1 +
+ src/vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go
+index 3d4c99e..ffaa16c 100644
+--- a/src/cmd/internal/moddeps/moddeps_test.go
++++ b/src/cmd/internal/moddeps/moddeps_test.go
+@@ -33,6 +33,7 @@ import (
+ // See issues 36852, 41409, and 43687.
+ // (Also see golang.org/issue/27348.)
+ func TestAllDependencies(t *testing.T) {
++       t.Skip("TODO(#71985) 1.23.7 contains unreleased changes from vendored modules")
+        goBin := testenv.GoToolPath(t)
+
+        // Ensure that all packages imported within GOROOT
+diff --git a/src/vendor/golang.org/x/net/http/httpproxy/proxy.go b/src/vendor/golang.org/x/net/http/httpproxy/proxy.go
+index c3bd9a1..864961c 100644
+--- a/src/vendor/golang.org/x/net/http/httpproxy/proxy.go
++++ b/src/vendor/golang.org/x/net/http/httpproxy/proxy.go
+@@ -14,6 +14,7 @@ import (
+        "errors"
+        "fmt"
+        "net"
++       "net/netip"
+        "net/url"
+        "os"
+        "strings"
+@@ -180,8 +181,10 @@ func (cfg *config) useProxy(addr string) bool {
+        if host == "localhost" {
+                return false
+        }
+-       ip := net.ParseIP(host)
+-       if ip != nil {
++       nip, err := netip.ParseAddr(host)
++       var ip net.IP
++       if err == nil {
++               ip = net.IP(nip.AsSlice())
+                if ip.IsLoopback() {
+                        return false
+                }
+@@ -363,6 +366,9 @@ type domainMatch struct {
+ }
+
+ func (m domainMatch) match(host, port string, ip net.IP) bool {
++       if ip != nil {
++               return false
++       }
+        if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) {
+                return m.port == "" || m.port == port
+        }
+--
+2.40.0
diff --git a/meta/recipes-devtools/go/go/CVE-2025-22871.patch b/meta/recipes-devtools/go/go/CVE-2025-22871.patch
new file mode 100644
index 0000000000..2750178a42
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2025-22871.patch
@@ -0,0 +1,172 @@
+From 15e01a2e43ecb8c7e15ff7e9d62fe3f10dcac931 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Wed, 26 Feb 2025 13:40:00 -0800
+Subject: [PATCH] [release-branch.go1.23] net/http: reject newlines in
+ chunk-size lines
+
+Unlike request headers, where we are allowed to leniently accept
+a bare LF in place of a CRLF, chunked bodies must always use CRLF
+line terminators. We were already enforcing this for chunk-data lines;
+do so for chunk-size lines as well. Also reject bare CRs anywhere
+other than as part of the CRLF terminator.
+
+Fixes CVE-2025-22871
+Fixes #72010
+For #71988
+
+Change-Id: Ib0e21af5a8ba28c2a1ca52b72af8e2265ec79e4a
+Reviewed-on: https://go-review.googlesource.com/c/go/+/652998
+Reviewed-by: Jonathan Amsterdam <jba@google.com>
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+(cherry picked from commit d31c805535f3fde95646ee4d87636aaaea66847b)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/657216
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/15e01a2e43ecb8c7e15ff7e9d62fe3f10dcac931]
+CVE: CVE-2025-22871
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/net/http/internal/chunked.go      | 19 +++++++++--
+ src/net/http/internal/chunked_test.go | 27 +++++++++++++++
+ src/net/http/serve_test.go            | 49 +++++++++++++++++++++++++++
+ 3 files changed, 92 insertions(+), 3 deletions(-)
+
+diff --git a/src/net/http/internal/chunked.go b/src/net/http/internal/chunked.go
+index 196b5d8..0b08a97 100644
+--- a/src/net/http/internal/chunked.go
++++ b/src/net/http/internal/chunked.go
+@@ -164,6 +164,19 @@ func readChunkLine(b *bufio.Reader) ([]byte, error) {
+                }
+                return nil, err
+        }
++
++       // RFC 9112 permits parsers to accept a bare \n as a line ending in headers,
++       // but not in chunked encoding lines. See https://www.rfc-editor.org/errata/eid7633,
++       // which explicitly rejects a clarification permitting \n as a chunk terminator.
++       //
++       // Verify that the line ends in a CRLF, and that no CRs appear before the end.
++       if idx := bytes.IndexByte(p, '\r'); idx == -1 {
++               return nil, errors.New("chunked line ends with bare LF")
++       } else if idx != len(p)-2 {
++               return nil, errors.New("invalid CR in chunked line")
++       }
++       p = p[:len(p)-2] // trim CRLF
++
+        if len(p) >= maxLineLength {
+                return nil, ErrLineTooLong
+        }
+@@ -171,14 +184,14 @@ func readChunkLine(b *bufio.Reader) ([]byte, error) {
+ }
+ 
+ func trimTrailingWhitespace(b []byte) []byte {
+-       for len(b) > 0 && isASCIISpace(b[len(b)-1]) {
++       for len(b) > 0 && isOWS(b[len(b)-1]) {
+                b = b[:len(b)-1]
+        }
+        return b
+ }
+ 
+-func isASCIISpace(b byte) bool {
+-       return b == ' ' || b == '\t' || b == '\n' || b == '\r'
++func isOWS(b byte) bool {
++       return b == ' ' || b == '\t'
+ }
+ 
+ var semi = []byte(";")
+diff --git a/src/net/http/internal/chunked_test.go b/src/net/http/internal/chunked_test.go
+index af79711..312f173 100644
+--- a/src/net/http/internal/chunked_test.go
++++ b/src/net/http/internal/chunked_test.go
+@@ -280,6 +280,33 @@ func TestChunkReaderByteAtATime(t *testing.T) {
+        }
+ }
+ 
++func TestChunkInvalidInputs(t *testing.T) {
++       for _, test := range []struct {
++               name string
++               b    string
++       }{{
++               name: "bare LF in chunk size",
++               b:    "1\na\r\n0\r\n",
++       }, {
++               name: "extra LF in chunk size",
++               b:    "1\r\r\na\r\n0\r\n",
++       }, {
++               name: "bare LF in chunk data",
++               b:    "1\r\na\n0\r\n",
++       }, {
++               name: "bare LF in chunk extension",
++               b:    "1;\na\r\n0\r\n",
++       }} {
++               t.Run(test.name, func(t *testing.T) {
++                       r := NewChunkedReader(strings.NewReader(test.b))
++                       got, err := io.ReadAll(r)
++                       if err == nil {
++                               t.Fatalf("unexpectedly parsed invalid chunked data:\n%q", got)
++                       }
++               })
++       }
++}
++
+ type funcReader struct {
+        f   func(iteration int) ([]byte, error)
+        i   int
+diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
+index 0c76f1b..0e8af02 100644
+--- a/src/net/http/serve_test.go
++++ b/src/net/http/serve_test.go
+@@ -6980,3 +6980,52 @@ func testDisableContentLength(t *testing.T, mode testMode) {
+                t.Fatal(err)
+        }
+ }
++
++func TestInvalidChunkedBodies(t *testing.T) {
++       for _, test := range []struct {
++               name string
++               b    string
++       }{{
++               name: "bare LF in chunk size",
++               b:    "1\na\r\n0\r\n\r\n",
++       }, {
++               name: "bare LF at body end",
++               b:    "1\r\na\r\n0\r\n\n",
++       }} {
++               t.Run(test.name, func(t *testing.T) {
++                       reqc := make(chan error)
++                       ts := newClientServerTest(t, http1Mode, HandlerFunc(func(w ResponseWriter, r *Request) {
++                               got, err := io.ReadAll(r.Body)
++                               if err == nil {
++                                       t.Logf("read body: %q", got)
++                               }
++                               reqc <- err
++                       })).ts
++
++                       serverURL, err := url.Parse(ts.URL)
++                       if err != nil {
++                               t.Fatal(err)
++                       }
++
++                       conn, err := net.Dial("tcp", serverURL.Host)
++                       if err != nil {
++                               t.Fatal(err)
++                       }
++
++                       if _, err := conn.Write([]byte(
++                               "POST / HTTP/1.1\r\n" +
++                                       "Host: localhost\r\n" +
++                                       "Transfer-Encoding: chunked\r\n" +
++                                       "Connection: close\r\n" +
++                                       "\r\n" +
++                                       test.b)); err != nil {
++                               t.Fatal(err)
++                       }
++                       conn.(*net.TCPConn).CloseWrite()
++
++                       if err := <-reqc; err == nil {
++                               t.Errorf("server handler: io.ReadAll(r.Body) succeeded, want error")
++                       }
++               })
++       }
++}
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/go/go_1.22.6.bb b/meta/recipes-devtools/go/go_1.22.12.bb
index 46f5fbc6be..46f5fbc6be 100644
--- a/meta/recipes-devtools/go/go_1.22.6.bb
+++ b/meta/recipes-devtools/go/go_1.22.12.bb
diff --git a/meta/recipes-devtools/libtool/libtool_2.4.7.bb b/meta/recipes-devtools/libtool/libtool_2.4.7.bb
index 44a4950574..c1e315aece 100644
--- a/meta/recipes-devtools/libtool/libtool_2.4.7.bb
+++ b/meta/recipes-devtools/libtool/libtool_2.4.7.bb
@@ -1,4 +1,5 @@
 require libtool-${PV}.inc
+require remove-buildpaths.inc
 
 SRC_URI += "file://multilib.patch"
 
@@ -15,20 +16,6 @@ SYSROOT_DIRS_IGNORE += " \
 
 ACLOCALEXTRAPATH:class-target = ""
 
-do_install:append () {
-        sed -e 's@--sysroot=${STAGING_DIR_HOST}@@g' \
-            -e "s@${DEBUG_PREFIX_MAP}@@g" \
-            -e 's@${STAGING_DIR_HOST}@@g' \
-            -e 's@${STAGING_DIR_NATIVE}@@g' \
-            -e 's@^\(sys_lib_search_path_spec="\).*@\1${libdir} ${base_libdir}"@' \
-            -e 's@^\(compiler_lib_search_dirs="\).*@\1${libdir} ${base_libdir}"@' \
-            -e 's@^\(compiler_lib_search_path="\).*@\1${libdir} ${base_libdir}"@' \
-            -e 's@^\(predep_objects="\).*@\1"@' \
-            -e 's@^\(postdep_objects="\).*@\1"@' \
-            -e "s@${HOSTTOOLS_DIR}/@@g" \
-            -i ${D}${bindir}/libtool
-}
-
 inherit multilib_script
 
 MULTILIB_SCRIPTS = "${PN}:${bindir}/libtool"
diff --git a/meta/recipes-devtools/libtool/nativesdk-libtool_2.4.7.bb b/meta/recipes-devtools/libtool/nativesdk-libtool_2.4.7.bb
index 86c55ded7b..ac460decf6 100644
--- a/meta/recipes-devtools/libtool/nativesdk-libtool_2.4.7.bb
+++ b/meta/recipes-devtools/libtool/nativesdk-libtool_2.4.7.bb
@@ -1,4 +1,5 @@
 require libtool-${PV}.inc
+require remove-buildpaths.inc
 
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/libtool:"
 
diff --git a/meta/recipes-devtools/libtool/remove-buildpaths.inc b/meta/recipes-devtools/libtool/remove-buildpaths.inc
new file mode 100644
index 0000000000..1ca95aeace
--- /dev/null
+++ b/meta/recipes-devtools/libtool/remove-buildpaths.inc
@@ -0,0 +1,13 @@
+do_install:append () {
+        sed -e 's@--sysroot=${STAGING_DIR_HOST}@@g' \
+            -e "s@${DEBUG_PREFIX_MAP}@@g" \
+            -e 's@${STAGING_DIR_HOST}@@g' \
+            -e 's@${STAGING_DIR_NATIVE}@@g' \
+            -e 's@^\(sys_lib_search_path_spec="\).*@\1${libdir} ${base_libdir}"@' \
+            -e 's@^\(compiler_lib_search_dirs="\).*@\1${libdir} ${base_libdir}"@' \
+            -e 's@^\(compiler_lib_search_path="\).*@\1${libdir} ${base_libdir}"@' \
+            -e 's@^\(predep_objects="\).*@\1"@' \
+            -e 's@^\(postdep_objects="\).*@\1"@' \
+            -e "s@${HOSTTOOLS_DIR}/@@g" \
+            -i ${D}${bindir}/libtool
+}
diff --git a/meta/recipes-devtools/llvm/llvm_18.1.6.bb b/meta/recipes-devtools/llvm/llvm_18.1.6.bb
index 0496b8ed14..caad611d7a 100644
--- a/meta/recipes-devtools/llvm/llvm_18.1.6.bb
+++ b/meta/recipes-devtools/llvm/llvm_18.1.6.bb
@@ -93,6 +93,8 @@ EXTRA_OECMAKE:append:class-nativesdk = "\
                   -DLLVM_TABLEGEN=${STAGING_BINDIR_NATIVE}/llvm-tblgen${PV} \
                   -DLLVM_CONFIG_PATH=${STAGING_BINDIR_NATIVE}/llvm-config${PV} \
                  "
+# Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of the debug symbols
+DEBUG_FLAGS:append = "${@oe.utils.vartrue('DEBUG_BUILD', '', ' -g1', d)}"
 
 # patch out build host paths for reproducibility
 do_compile:prepend:class-target() {
diff --git a/meta/recipes-devtools/makedevs/makedevs/makedevs.c b/meta/recipes-devtools/makedevs/makedevs/makedevs.c
index df2e3cfad5..411a669153 100644
--- a/meta/recipes-devtools/makedevs/makedevs/makedevs.c
+++ b/meta/recipes-devtools/makedevs/makedevs/makedevs.c
@@ -36,6 +36,7 @@ static const char *const app_name = "makedevs";
 static const char *const memory_exhausted = "memory exhausted";
 static char default_rootdir[]=".";
 static char *rootdir = default_rootdir;
+static char *rootdir_prepend = default_rootdir;
 static int trace = 0;
 
 struct name_id {
@@ -201,7 +202,7 @@ static unsigned long convert2guid(char *id_buf, struct name_id *search_list)
                 // Check for bad user/group name
                 node = search_list;
                 while (node != NULL) {
-                        if (!strncmp(node->name, id_buf, strlen(id_buf))) {
+                        if (!strncmp(node->name, id_buf, MAX_ID_LEN)) {
                                 fprintf(stderr, "WARNING: Bad user/group name %s detected\n", id_buf);
                                 break;
                         }
@@ -211,12 +212,15 @@ static unsigned long convert2guid(char *id_buf, struct name_id *search_list)
         } else {
                 node = search_list;
                 while (node != NULL) {
-                        if (!strncmp(node->name, id_buf, strlen(id_buf)))
+                        if (!strncmp(node->name, id_buf, MAX_ID_LEN))
                                 return node->id;
                         node = node->next;
                 }
                 error_msg_and_die("No entry for %s in search list", id_buf);
         }
+
+        // Unreachable, but avoid an error with -Werror=return-type
+        return 0;
 }
 
 static void free_list(struct name_id *list)
@@ -358,13 +362,13 @@ static void add_new_fifo(char *name, char *path, unsigned long uid,
 static int interpret_table_entry(char *line)
 {
         char *name;
-        char usr_buf[MAX_ID_LEN];
-        char grp_buf[MAX_ID_LEN];
-        char path[4096], type;
+        char usr_buf[MAX_ID_LEN+1];
+        char grp_buf[MAX_ID_LEN+1];
+        char path[PATH_MAX], type;
         unsigned long mode = 0755, uid = 0, gid = 0, major = 0, minor = 0;
         unsigned long start = 0, increment = 1, count = 0;
 
-        if (0 > sscanf(line, "%4095s %c %lo %39s %39s %lu %lu %lu %lu %lu", path,
+        if (0 > sscanf(line, "%4095s %c %lo %40s %40s %lu %lu %lu %lu %lu", path,
                     &type, &mode, usr_buf, grp_buf, &major, &minor, &start,
                     &increment, &count))
         {
@@ -379,8 +383,8 @@ static int interpret_table_entry(char *line)
                 error_msg_and_die("Device table entries require absolute paths");
         }
         name = xstrdup(path + 1);
-        /* prefix path with rootdir */
-        sprintf(path, "%s/%s", rootdir, name);
+        /* prefix path with rootdir_prepend */
+        sprintf(path, "%s/%s", rootdir_prepend, name);
 
         /* XXX Why is name passed into all of the add_new_*() routines? */
         switch (type) {
@@ -406,11 +410,11 @@ static int interpret_table_entry(char *line)
 
                         for (i = start; i < start + count; i++) {
                                 sprintf(buf, "%s%d", name, i);
-                                sprintf(path, "%s/%s%d", rootdir, name, i);
+                                sprintf(path, "%s/%s%d", rootdir_prepend, name, i);
                                 /* FIXME:  MKDEV uses illicit insider knowledge of kernel
                                  * major/minor representation...  */
                                 rdev = MKDEV(major, minor + (i - start) * increment);
-                                sprintf(path, "%s/%s\0", rootdir, buf);
+                                sprintf(path, "%s/%s\0", rootdir_prepend, buf);
                                 add_new_device(buf, path, uid, gid, mode, rdev);
                         }
                 } else {
@@ -541,12 +545,11 @@ int main(int argc, char **argv)
                         } else {
                                 closedir(dir);
                         }
-                        /* If "/" is specified, use "" because rootdir is always prepended to a
-                         * string that starts with "/" */
-                        if (0 == strcmp(optarg, "/"))
-                                rootdir = xstrdup("");
+                        rootdir = xstrdup(optarg);
+                        if (0 == strcmp(rootdir, "/"))
+                                rootdir_prepend = xstrdup("");
                         else
-                                rootdir = xstrdup(optarg);
+                                rootdir_prepend = xstrdup(rootdir);
                         break;
 
                 case 't':
diff --git a/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch b/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch
new file mode 100644
index 0000000000..b23bedd04b
--- /dev/null
+++ b/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch
@@ -0,0 +1,62 @@
+From 9cf13cd1ecb7ae649394f4133d121a01e191560b Mon Sep 17 00:00:00 2001
+From: Byoungchan Lee <byoungchan.lee@gmx.com>
+Date: Mon, 9 Oct 2023 20:13:20 +0900
+Subject: [PATCH 1/2] Replace pipes.quote with shlex.quote in configure.py
+
+Python 3.12 deprecated the pipes module and it will be removed
+in Python 3.13. In configure.py, I have replaced the usage of pipes.quote
+with shlex.quote, which is the exactly same function as pipes.quote.
+
+For more details, refer to PEP 0594: https://peps.python.org/pep-0594
+
+Upstream-Status: Backport [https://github.com/ninja-build/ninja/commit/885b4efb41c039789b81f0dc0d67c1ed0faea17c]
+
+Signed-off-by: Markus Volk <f_l_k@t-online.de>
+---
+ configure.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.py b/configure.py
+index 588250aa8a..c6973cd1a5 100755
+--- a/configure.py
++++ b/configure.py
+@@ -21,7 +21,7 @@
+ 
+ from optparse import OptionParser
+ import os
+-import pipes
++import shlex
+ import string
+ import subprocess
+ import sys
+@@ -262,7 +262,7 @@ def _run_command(self, cmdline):
+ env_keys = set(['CXX', 'AR', 'CFLAGS', 'CXXFLAGS', 'LDFLAGS'])
+ configure_env = dict((k, os.environ[k]) for k in os.environ if k in env_keys)
+ if configure_env:
+-    config_str = ' '.join([k + '=' + pipes.quote(configure_env[k])
++    config_str = ' '.join([k + '=' + shlex.quote(configure_env[k])
+                            for k in configure_env])
+     n.variable('configure_env', config_str + '$ ')
+ n.newline()
+
+From 0a9c9c5f50c60de4a7acfed8aaa048c74cd2f43b Mon Sep 17 00:00:00 2001
+From: Byoungchan Lee <byoungchan.lee@gmx.com>
+Date: Mon, 9 Oct 2023 20:13:50 +0900
+Subject: [PATCH 2/2] Remove unused module string in configure.py
+
+---
+ configure.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/configure.py b/configure.py
+index c6973cd1a5..939153df60 100755
+--- a/configure.py
++++ b/configure.py
+@@ -22,7 +22,6 @@
+ from optparse import OptionParser
+ import os
+ import shlex
+-import string
+ import subprocess
+ import sys
+ 
diff --git a/meta/recipes-devtools/ninja/ninja_1.11.1.bb b/meta/recipes-devtools/ninja/ninja_1.11.1.bb
index 8e297ec4d4..b74150bc64 100644
--- a/meta/recipes-devtools/ninja/ninja_1.11.1.bb
+++ b/meta/recipes-devtools/ninja/ninja_1.11.1.bb
@@ -8,7 +8,10 @@ DEPENDS = "re2c-native ninja-native"
 
 SRCREV = "a524bf3f6bacd1b4ad85d719eed2737d8562f27a"
 
-SRC_URI = "git://github.com/ninja-build/ninja.git;branch=release;protocol=https"
+SRC_URI = " \
+        git://github.com/ninja-build/ninja.git;branch=release;protocol=https \
+        file://885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch \
+"
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
 
 S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/orc/orc_0.4.39.bb b/meta/recipes-devtools/orc/orc_0.4.40.bb
index 320abf536a..e437831cd7 100644
--- a/meta/recipes-devtools/orc/orc_0.4.39.bb
+++ b/meta/recipes-devtools/orc/orc_0.4.40.bb
@@ -5,7 +5,7 @@ LICENSE = "BSD-2-Clause & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=1400bd9d09e8af56b9ec982b3d85797e"
 
 SRC_URI = "http://gstreamer.freedesktop.org/src/orc/orc-${PV}.tar.xz"
-SRC_URI[sha256sum] = "33ed2387f49b825fa1b9c3b0072e05f259141b895474ad085ae51143d3040cc0"
+SRC_URI[sha256sum] = "3fc2bee78dfb7c41fd9605061fc69138db7df007eae2f669a1f56e8bacef74ab"
 
 inherit meson pkgconfig gtk-doc
 
diff --git a/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch b/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch
index 4e9153ebf1..7efee733c6 100644
--- a/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch
+++ b/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch
@@ -1,4 +1,4 @@
-From 3eb33dce6e3c93e1b3efcc9649f871100adada30 Mon Sep 17 00:00:00 2001
+From d0292a4f91ca22f8919a0f13d8961f98743bdbf1 Mon Sep 17 00:00:00 2001
 From: Mingli Yu <mingli.yu@windriver.com>
 Date: Fri, 2 Jul 2021 09:08:21 +0000
 Subject: [PATCH] Makefile: check the file if patched or not
@@ -9,7 +9,6 @@ one time.
 Upstream-Status: Inappropriate (OE-specific)
 
 Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
-
 ---
  Makefile | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/perl-cross/files/0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch b/meta/recipes-devtools/perl-cross/files/0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch
index 6c3f08c432..6d387fe66a 100644
--- a/meta/recipes-devtools/perl-cross/files/0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch
+++ b/meta/recipes-devtools/perl-cross/files/0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch
@@ -1,4 +1,4 @@
-From f824cbec9ac8f113a4ae35d57bd18625d415a71b Mon Sep 17 00:00:00 2001
+From c4ebb6d11d690185f66a3f0a591f193fd6611122 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Tue, 27 Nov 2018 15:37:40 +0100
 Subject: [PATCH] perl-cross: add LDFLAGS when linking libperl
@@ -10,10 +10,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 01644cd..be811a7 100644
+index 4b80079..c6d6042 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -180,7 +180,7 @@ endif
+@@ -191,7 +191,7 @@ endif
  
  ifeq ($(useshrplib),true)
  $(LIBPERL):
@@ -22,6 +22,3 @@ index 01644cd..be811a7 100644
  else
  $(LIBPERL):
         $(AR) cru $@ $(filter %$o,$^)
--- 
-2.17.1
-
diff --git a/meta/recipes-devtools/perl-cross/files/determinism.patch b/meta/recipes-devtools/perl-cross/files/determinism.patch
index e9bf752bcb..ef11b12a35 100644
--- a/meta/recipes-devtools/perl-cross/files/determinism.patch
+++ b/meta/recipes-devtools/perl-cross/files/determinism.patch
@@ -1,4 +1,7 @@
-Fixes to make the perl build reproducible:
+From 8fd84d6d760b21bad2c499b572951cc3f2235953 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Wed, 5 Feb 2020 23:54:02 +0000
+Subject: [PATCH] Fixes to make the perl build reproducible:
 
 a) Remove the \n from configure_attr.sh since it gets quoted differently depending on
    whether the shell is bash or dash which can cause the test result to be incorrect.
@@ -8,7 +11,7 @@ b) Sort the order of the module lists from configure_mods.sh since otherwise
    the result isn't the same leading to makefile differences.
    Reported upstream: https://github.com/arsv/perl-cross/issues/88
 
-c) Sort the Encode::Byte byte_t.fnm file output (and the makefile depends whilst 
+c) Sort the Encode::Byte byte_t.fnm file output (and the makefile depends whilst
    there for good measure)
    This needs to go to upstream perl (not done)
 
@@ -20,12 +23,26 @@ RP 2020/2/7
 
 Upstream-Status: Pending [75% submitted]
 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org
+---
+ cnf/configure         | 2 +-
+ cnf/configure_mods.sh | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
 
-Index: perl-5.30.1/cnf/configure_mods.sh
-===================================================================
---- perl-5.30.1.orig/cnf/configure_mods.sh
-+++ perl-5.30.1/cnf/configure_mods.sh
-@@ -82,7 +82,7 @@ extonlyif() {
+diff --git a/cnf/configure b/cnf/configure
+index 2f451c6..86bc865 100755
+--- a/cnf/configure
++++ b/cnf/configure
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ base=${0%/*}; test -z "$base" && base=.
+
+diff --git a/cnf/configure_mods.sh b/cnf/configure_mods.sh
+index d4ef5a7..8e88b48 100644
+--- a/cnf/configure_mods.sh
++++ b/cnf/configure_mods.sh
+@@ -108,7 +108,7 @@ extonlyif() {
  }
  
  definetrimspaces() {
@@ -34,13 +51,3 @@ Index: perl-5.30.1/cnf/configure_mods.sh
         define $1 "$v"
  }
  
-Index: perl-5.30.1/cnf/configure
-===================================================================
---- perl-5.30.1.orig/cnf/configure
-+++ perl-5.30.1/cnf/configure
-@@ -1,4 +1,4 @@
--#!/bin/sh
-+#!/bin/bash
- 
- base=${0%/*}; test -z "$base" && base=.
- 
diff --git a/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb b/meta/recipes-devtools/perl-cross/perlcross_1.6.2.bb
index b41c182fad..e4bd90c572 100644
--- a/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb
+++ b/meta/recipes-devtools/perl-cross/perlcross_1.6.2.bb
@@ -18,7 +18,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/perl-cross-${PV}.tar.gz;name=perl-c
            "
 GITHUB_BASE_URI = "https://github.com/arsv/perl-cross/releases/"
 
-SRC_URI[perl-cross.sha256sum] = "584dc54c48dca25e032b676a15bef377c1fed9de318b4fc140292a5dbf326e90"
+SRC_URI[perl-cross.sha256sum] = "131f7496152ee32067dbac2bc9b44b2f582fc778140e545701b3b2faee782f1d"
 
 S = "${WORKDIR}/perl-cross-${PV}"
 
diff --git a/meta/recipes-devtools/perl/libxml-parser-perl_2.47.bb b/meta/recipes-devtools/perl/libxml-parser-perl_2.47.bb
index cffc133a45..803164f713 100644
--- a/meta/recipes-devtools/perl/libxml-parser-perl_2.47.bb
+++ b/meta/recipes-devtools/perl/libxml-parser-perl_2.47.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=4342f85bf14a1fdd6a751573f1e61c03"
 
 DEPENDS += "expat"
 
-SRC_URI = "${CPAN_MIRROR}/modules/by-module/XML/XML-Parser-${PV}.tar.gz \
+SRC_URI = "${CPAN_MIRROR}/authors/id/T/TO/TODDR/XML-Parser-${PV}.tar.gz \
            file://0001-Makefile.PL-make-check_lib-cross-friendly.patch \
            "
 
diff --git a/meta/recipes-devtools/perl/perl_5.38.2.bb b/meta/recipes-devtools/perl/perl_5.38.4.bb
index b6c9cda7ae..e59022e2bd 100644
--- a/meta/recipes-devtools/perl/perl_5.38.2.bb
+++ b/meta/recipes-devtools/perl/perl_5.38.4.bb
@@ -26,7 +26,7 @@ SRC_URI:append:class-target = " \
            file://encodefix.patch \
 "
 
-SRC_URI[perl.sha256sum] = "a0a31534451eb7b83c7d6594a497543a54d488bc90ca00f5e34762577f40655e"
+SRC_URI[perl.sha256sum] = "fb888accf8b50b5180e91166e5153608be294c57c19878e95f7659c1f1f12758"
 
 B = "${WORKDIR}/perl-${PV}-build"
 
diff --git a/meta/recipes-devtools/pkgconf/pkgconf/pkg-config-native.in b/meta/recipes-devtools/pkgconf/pkgconf/pkg-config-native.in
index 9ed30a0d80..fd5ab6b1fa 100644
--- a/meta/recipes-devtools/pkgconf/pkgconf/pkg-config-native.in
+++ b/meta/recipes-devtools/pkgconf/pkgconf/pkg-config-native.in
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-PKG_CONFIG_PATH="@PATH_NATIVE@"
+PKG_CONFIG_PATH="$EXTRA_NATIVE_PKGCONFIG_PATH@PATH_NATIVE@"
 unset PKG_CONFIG_SYSROOT_DIR
 
 pkg-config "$@"
diff --git a/meta/recipes-devtools/pkgconfig/pkgconfig/pkg-config-native.in b/meta/recipes-devtools/pkgconfig/pkgconfig/pkg-config-native.in
index a9324de4cf..d4bb4f8c06 100644
--- a/meta/recipes-devtools/pkgconfig/pkgconfig/pkg-config-native.in
+++ b/meta/recipes-devtools/pkgconfig/pkgconfig/pkg-config-native.in
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-export PKG_CONFIG_PATH="@PATH_NATIVE@"
+export PKG_CONFIG_PATH="$EXTRA_NATIVE_PKGCONFIG_PATH@PATH_NATIVE@"
 export PKG_CONFIG_LIBDIR="@LIBDIR_NATIVE@"
 unset PKG_CONFIG_SYSROOT_DIR
 
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 7d8f71f65d..87c62e0678 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "374089f2ed83da4d0d4e58df067142ff99c7eb12"
+SRCREV = "28dcefb809ce95db997811b5662f0b893b9923e0"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git"
 
diff --git a/meta/recipes-devtools/python/python3-jinja2_3.1.4.bb b/meta/recipes-devtools/python/python3-jinja2_3.1.6.bb
index 2c02037011..de2b251049 100644
--- a/meta/recipes-devtools/python/python3-jinja2_3.1.4.bb
+++ b/meta/recipes-devtools/python/python3-jinja2_3.1.6.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://pypi.org/project/Jinja2/"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462"
 
-SRC_URI[sha256sum] = "4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"
+SRC_URI[sha256sum] = "0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d"
 
 PYPI_PACKAGE = "jinja2"
 
@@ -21,6 +21,9 @@ SRC_URI += " \
 do_install_ptest() {
     install -d ${D}${PTEST_PATH}/tests
     cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/
+
+    # test_async items require trio module
+    rm -f ${D}${PTEST_PATH}/tests/test_async.py ${D}${PTEST_PATH}/tests/test_async_filters.py
 }
 
 RDEPENDS:${PN}-ptest += " \
diff --git a/meta/recipes-devtools/python/python3-lxml_5.0.0.bb b/meta/recipes-devtools/python/python3-lxml_5.0.2.bb
index 66cb8b0938..c0b385c7ea 100644
--- a/meta/recipes-devtools/python/python3-lxml_5.0.0.bb
+++ b/meta/recipes-devtools/python/python3-lxml_5.0.2.bb
@@ -18,11 +18,10 @@ LIC_FILES_CHKSUM = "file://LICENSES.txt;md5=e4c045ebad958ead4b48008f70838403 \
 
 DEPENDS += "libxml2 libxslt"
 
-SRC_URI[sha256sum] = "2219cbf790e701acf9a21a31ead75f983e73daf0eceb9da6990212e4d20ebefe"
+SRC_URI[sha256sum] = "6399703c40ba53e2c3b72fdb56cb908d2b83c08082ecf17de839b27e68d1e598"
 
 SRC_URI += "${PYPI_SRC_URI}"
 inherit pkgconfig pypi setuptools3
-PYPI_PACKAGE_EXT = "zip"
 
 # {standard input}: Assembler messages:
 # {standard input}:1488805: Error: branch out of range
diff --git a/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb b/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb
index 540fdffaed..d1a8b939c0 100644
--- a/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb
+++ b/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb
@@ -36,7 +36,6 @@ RDEPENDS:${PN}:append:class-target = "\
 
 RDEPENDS:${PN} += "\
     python3-pip \
-    python3-six \
 "
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
new file mode 100644
index 0000000000..492177a9c3
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
@@ -0,0 +1,11 @@
+# Respect host env REQUESTS_CA_BUNDLE first, then auto-detected host cert, then cert in buildtools
+# CAFILE/CAPATH is auto-deteced when source buildtools
+if [ -z "$REQUESTS_CA_BUNDLE" ]; then
+        if [ -n "$CAFILE" ];then
+                export REQUESTS_CA_BUNDLE="$CAFILE"
+        elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+                export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
+        fi
+fi
+
+export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} REQUESTS_CA_BUNDLE"
diff --git a/meta/recipes-devtools/python/python3-requests_2.31.0.bb b/meta/recipes-devtools/python/python3-requests_2.31.0.bb
deleted file mode 100644
index 287b4f8eee..0000000000
--- a/meta/recipes-devtools/python/python3-requests_2.31.0.bb
+++ /dev/null
@@ -1,24 +0,0 @@
-SUMMARY = "Python HTTP for Humans."
-HOMEPAGE = "https://requests.readthedocs.io"
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
-
-SRC_URI[sha256sum] = "942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"
-
-inherit pypi setuptools3
-
-RDEPENDS:${PN} += " \
-    python3-certifi \
-    python3-email \
-    python3-json \
-    python3-netserver \
-    python3-pysocks \
-    python3-urllib3 \
-    python3-chardet \
-    python3-idna \
-    python3-compression \
-"
-
-CVE_PRODUCT = "requests"
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-devtools/python/python3-requests_2.32.4.bb b/meta/recipes-devtools/python/python3-requests_2.32.4.bb
new file mode 100644
index 0000000000..b86ecfba52
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-requests_2.32.4.bb
@@ -0,0 +1,35 @@
+SUMMARY = "Python HTTP for Humans."
+HOMEPAGE = "https://requests.readthedocs.io"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
+
+SRC_URI:append:class-nativesdk = " \
+           file://environment.d-python3-requests.sh \
+"
+
+SRC_URI[sha256sum] = "27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422"
+
+inherit pypi python_setuptools_build_meta
+
+do_install:append:class-nativesdk() {
+        mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+        install -m 644 ${WORKDIR}/environment.d-python3-requests.sh ${D}${SDKPATHNATIVE}/environment-setup.d/python3-requests.sh
+}
+
+RDEPENDS:${PN} += " \
+    python3-certifi \
+    python3-email \
+    python3-json \
+    python3-netserver \
+    python3-pysocks \
+    python3-urllib3 \
+    python3-chardet \
+    python3-idna \
+    python3-compression \
+"
+
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/python3-requests.sh"
+
+CVE_PRODUCT = "requests"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-devtools/python/python3-setuptools-scm/0001-respect-GIT_CEILING_DIRECTORIES.patch b/meta/recipes-devtools/python/python3-setuptools-scm/0001-respect-GIT_CEILING_DIRECTORIES.patch
new file mode 100644
index 0000000000..7d2808cc0c
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-setuptools-scm/0001-respect-GIT_CEILING_DIRECTORIES.patch
@@ -0,0 +1,36 @@
+From a1cc419a118560d63e1ab8838c256a3622185750 Mon Sep 17 00:00:00 2001
+From: Etienne Cordonnier <ecordonnier@snap.com>
+Date: Thu, 13 Feb 2025 15:44:40 +0100
+Subject: [PATCH] respect GIT_CEILING_DIRECTORIES
+
+Fix for https://github.com/pypa/setuptools-scm/issues/1103
+
+When searching for the root-directory of the git repository e.g. with git rev-parse --show-toplevel,
+git stops the search when reaching $GIT_CEILING_DIRECTORIES. By ignoring this variable, the function
+_git_toplevel can go above the real git repository (e.g. when packaging a tarball without .git repository),
+and then runs "git archive" on an unrelated git repository.
+
+Upstream-Status: Pending
+
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
+---
+ src/setuptools_scm/_run_cmd.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/setuptools_scm/_run_cmd.py b/src/setuptools_scm/_run_cmd.py
+index f2a8285..7e13d9f 100644
+--- a/src/setuptools_scm/_run_cmd.py
++++ b/src/setuptools_scm/_run_cmd.py
+@@ -98,7 +98,7 @@ def no_git_env(env: Mapping[str, str]) -> dict[str, str]:
+         k: v
+         for k, v in env.items()
+         if not k.startswith("GIT_")
+-        or k in ("GIT_EXEC_PATH", "GIT_SSH", "GIT_SSH_COMMAND")
++        or k in ("GIT_CEILING_DIRECTORIES", "GIT_EXEC_PATH", "GIT_SSH", "GIT_SSH_COMMAND")
+     }
+ 
+ 
+-- 
+2.43.0
+
diff --git a/meta/recipes-devtools/python/python3-setuptools-scm_8.0.4.bb b/meta/recipes-devtools/python/python3-setuptools-scm_8.0.4.bb
index 64b5050c3b..d5f8358a61 100644
--- a/meta/recipes-devtools/python/python3-setuptools-scm_8.0.4.bb
+++ b/meta/recipes-devtools/python/python3-setuptools-scm_8.0.4.bb
@@ -6,6 +6,7 @@ argument or in a SCM managed file."
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=838c366f69b72c5df05c96dff79b35f2"
 
+SRC_URI += "file://0001-respect-GIT_CEILING_DIRECTORIES.patch"
 SRC_URI[sha256sum] = "b5f43ff6800669595193fd09891564ee9d1d7dcb196cab4b2506d53a2e1c95c7"
 
 inherit pypi python_setuptools_build_meta
diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch
new file mode 100644
index 0000000000..72bcaea435
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch
@@ -0,0 +1,54 @@
+From d8390feaa99091d1ba9626bec0e4ba7072fc507a Mon Sep 17 00:00:00 2001
+From: "Jason R. Coombs" <jaraco@jaraco.com>
+Date: Sat, 19 Apr 2025 12:49:55 -0400
+Subject: [PATCH] Extract _resolve_download_filename with test.
+
+Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a]
+CVE: CVE-2025-47273 #Dependency Patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ setuptools/package_index.py | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/setuptools/package_index.py b/setuptools/package_index.py
+index 00a972d..d460fcb 100644
+--- a/setuptools/package_index.py
++++ b/setuptools/package_index.py
+@@ -815,9 +815,16 @@ class PackageIndex(Environment):
+             else:
+                 raise DistutilsError("Download error for %s: %s" % (url, v)) from v
+ 
+-    def _download_url(self, url, tmpdir):
+-        # Determine download filename
+-        #
++    @staticmethod
++    def _resolve_download_filename(url, tmpdir):
++        """
++        >>> du = PackageIndex._resolve_download_filename
++        >>> root = getfixture('tmp_path')
++        >>> url = 'https://files.pythonhosted.org/packages/a9/5a/0db.../setuptools-78.1.0.tar.gz'
++        >>> import pathlib
++        >>> str(pathlib.Path(du(url, root)).relative_to(root))
++        'setuptools-78.1.0.tar.gz'
++        """
+         name, fragment = egg_info_for_url(url)
+         if name:
+             while '..' in name:
+@@ -828,8 +835,13 @@ class PackageIndex(Environment):
+         if name.endswith('.egg.zip'):
+             name = name[:-4]  # strip the extra .zip before download
+ 
+-        filename = os.path.join(tmpdir, name)
++        return os.path.join(tmpdir, name)
+ 
++    def _download_url(self, url, tmpdir):
++        """
++        Determine the download filename.
++        """
++        filename = self._resolve_download_filename(url, tmpdir)
+         return self._download_vcs(url, filename) or self._download_other(url, filename)
+ 
+     @staticmethod
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch
new file mode 100644
index 0000000000..be6617e0f6
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch
@@ -0,0 +1,59 @@
+From 250a6d17978f9f6ac3ac887091f2d32886fbbb0b Mon Sep 17 00:00:00 2001
+From: "Jason R. Coombs" <jaraco@jaraco.com>
+Date: Sat, 19 Apr 2025 13:03:47 -0400
+Subject: [PATCH] Add a check to ensure the name resolves relative to the
+ tmpdir.
+
+Closes #4946
+
+Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b]
+CVE: CVE-2025-47273
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ setuptools/package_index.py | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/setuptools/package_index.py b/setuptools/package_index.py
+index d460fcb..6c7874d 100644
+--- a/setuptools/package_index.py
++++ b/setuptools/package_index.py
+@@ -818,12 +818,20 @@ class PackageIndex(Environment):
+     @staticmethod
+     def _resolve_download_filename(url, tmpdir):
+         """
++        >>> import pathlib
+         >>> du = PackageIndex._resolve_download_filename
+         >>> root = getfixture('tmp_path')
+         >>> url = 'https://files.pythonhosted.org/packages/a9/5a/0db.../setuptools-78.1.0.tar.gz'
+-        >>> import pathlib
+         >>> str(pathlib.Path(du(url, root)).relative_to(root))
+         'setuptools-78.1.0.tar.gz'
++
++        Ensures the target is always in tmpdir.
++
++        >>> url = 'https://anyhost/%2fhome%2fuser%2f.ssh%2fauthorized_keys'
++        >>> du(url, root)
++        Traceback (most recent call last):
++        ...
++        ValueError: Invalid filename...
+         """
+         name, fragment = egg_info_for_url(url)
+         if name:
+@@ -835,7 +843,13 @@ class PackageIndex(Environment):
+         if name.endswith('.egg.zip'):
+             name = name[:-4]  # strip the extra .zip before download
+ 
+-        return os.path.join(tmpdir, name)
++        filename = os.path.join(tmpdir, name)
++
++        # ensure path resolves within the tmpdir
++        if not filename.startswith(str(tmpdir)):
++            raise ValueError(f"Invalid filename {filename}")
++
++        return filename
+ 
+     def _download_url(self, url, tmpdir):
+         """
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb b/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb
index 7b9b02059f..46b2f0ab00 100644
--- a/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb
+++ b/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb
@@ -6,11 +6,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f"
 
 inherit pypi python_setuptools_build_meta
 
+CVE_PRODUCT = "python3-setuptools python:setuptools"
+
 SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch"
 
 SRC_URI += " \
             file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch \
             file://CVE-2024-6345.patch \
+            file://CVE-2025-47273-pre1.patch \
+            file://CVE-2025-47273.patch \
 "
 
 SRC_URI[sha256sum] = "5c0806c7d9af348e6dd3777b4f4dbb42c7ad85b190104837488eab9a7c945cf8"
diff --git a/meta/recipes-devtools/python/python3-urllib3_2.2.1.bb b/meta/recipes-devtools/python/python3-urllib3_2.2.2.bb
index fc1828b4ee..31a03a60b3 100644
--- a/meta/recipes-devtools/python/python3-urllib3_2.2.1.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_2.2.2.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda"
 
-SRC_URI[sha256sum] = "d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19"
+SRC_URI[sha256sum] = "dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168"
 
 inherit pypi python_hatchling
 
diff --git a/meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch b/meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch
new file mode 100644
index 0000000000..1cc43243bf
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch
@@ -0,0 +1,138 @@
+From b1804347ec2db16452a7bff2b469d2c66776b904 Mon Sep 17 00:00:00 2001
+From: "Jason R. Coombs" <jaraco@jaraco.com>
+Date: Fri, 31 May 2024 11:20:57 -0400
+Subject: [PATCH] fix CVE-2024-5569
+
+The patch includes the following changes:
+c18417e Add news fragment.
+58115d2 Employ SanitizedNames in CompleteDirs. Fixes broken test.
+564fcc1 Add SanitizedNames mixin.
+79a309f Add some assertions about malformed paths.
+
+Upstream-Status: Backport
+[https://github.com/jaraco/zipp/pull/120/commits/79a309fe54dc6b7934fb72e9f31bcb58f2e9f547]
+[https://github.com/jaraco/zipp/pull/120/commits/564fcc10cdbfdaecdb33688e149827465931c9e0]
+[https://github.com/jaraco/zipp/pull/120/commits/58115d2be968644ce71ce6bcc9b79826c82a1806]
+[https://github.com/jaraco/zipp/pull/120/commits/c18417ed2953e181728a7dac07bff88a2190abf7]
+
+CVE: CVE-2024-5569
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ newsfragments/119.bugfix.rst |  1 +
+ tests/test_path.py           | 17 ++++++++++
+ zipp/__init__.py             | 64 +++++++++++++++++++++++++++++++++++-
+ 3 files changed, 81 insertions(+), 1 deletion(-)
+ create mode 100644 newsfragments/119.bugfix.rst
+
+diff --git a/newsfragments/119.bugfix.rst b/newsfragments/119.bugfix.rst
+new file mode 100644
+index 0000000..6c72e2d
+--- /dev/null
++++ b/newsfragments/119.bugfix.rst
+@@ -0,0 +1 @@
++Improved handling of malformed zip files.
+\ No newline at end of file
+diff --git a/tests/test_path.py b/tests/test_path.py
+index a77a5de..3752243 100644
+--- a/tests/test_path.py
++++ b/tests/test_path.py
+@@ -575,3 +575,20 @@ class TestPath(unittest.TestCase):
+         zipp.Path(alpharep)
+         with self.assertRaises(KeyError):
+             alpharep.getinfo('does-not-exist')
++    
++    def test_malformed_paths(self):
++        """
++        Path should handle malformed paths.
++        """
++        data = io.BytesIO()
++        zf = zipfile.ZipFile(data, "w")
++        zf.writestr("/one-slash.txt", b"content")
++        zf.writestr("//two-slash.txt", b"content")
++        zf.writestr("../parent.txt", b"content")
++        zf.filename = ''
++        root = zipfile.Path(zf)
++        assert list(map(str, root.iterdir())) == [
++            'one-slash.txt',
++            'two-slash.txt',
++            'parent.txt',
++        ]
+diff --git a/zipp/__init__.py b/zipp/__init__.py
+index becd010..e980e9b 100644
+--- a/zipp/__init__.py
++++ b/zipp/__init__.py
+@@ -84,7 +84,69 @@ class InitializedState:
+         super().__init__(*args, **kwargs)
+ 
+ 
+-class CompleteDirs(InitializedState, zipfile.ZipFile):
++class SanitizedNames:
++    """
++    ZipFile mix-in to ensure names are sanitized.
++    """
++
++    def namelist(self):
++        return list(map(self._sanitize, super().namelist()))
++
++    @staticmethod
++    def _sanitize(name):
++        r"""
++        Ensure a relative path with posix separators and no dot names.
++
++        Modeled after
++        https://github.com/python/cpython/blob/bcc1be39cb1d04ad9fc0bd1b9193d3972835a57c/Lib/zipfile/__init__.py#L1799-L1813
++        but provides consistent cross-platform behavior.
++
++        >>> san = SanitizedNames._sanitize
++        >>> san('/foo/bar')
++        'foo/bar'
++        >>> san('//foo.txt')
++        'foo.txt'
++        >>> san('foo/.././bar.txt')
++        'foo/bar.txt'
++        >>> san('foo../.bar.txt')
++        'foo../.bar.txt'
++        >>> san('\\foo\\bar.txt')
++        'foo/bar.txt'
++        >>> san('D:\\foo.txt')
++        'D/foo.txt'
++        >>> san('\\\\server\\share\\file.txt')
++        'server/share/file.txt'
++        >>> san('\\\\?\\GLOBALROOT\\Volume3')
++        '?/GLOBALROOT/Volume3'
++        >>> san('\\\\.\\PhysicalDrive1\\root')
++        'PhysicalDrive1/root'
++
++        Retain any trailing slash.
++        >>> san('abc/')
++        'abc/'
++
++        Raises a ValueError if the result is empty.
++        >>> san('../..')
++        Traceback (most recent call last):
++        ...
++        ValueError: Empty filename
++        """
++
++        def allowed(part):
++            return part and part not in {'..', '.'}
++
++        # Remove the drive letter.
++        # Don't use ntpath.splitdrive, because that also strips UNC paths
++        bare = re.sub('^([A-Z]):', r'\1', name, flags=re.IGNORECASE)
++        clean = bare.replace('\\', '/')
++        parts = clean.split('/')
++        joined = '/'.join(filter(allowed, parts))
++        if not joined:
++            raise ValueError("Empty filename")
++        return joined + '/' * name.endswith('/')
++
++
++class CompleteDirs(InitializedState, SanitizedNames, zipfile.ZipFile):
+     """
+     A ZipFile subclass that ensures that implied directories
+     are always included in the namelist.
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/python/python3-zipp_3.17.0.bb b/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
index e9e220e315..9f756887b5 100644
--- a/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
+++ b/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
@@ -3,6 +3,7 @@ HOMEPAGE = "https://github.com/jaraco/zipp"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f"
 
+SRC_URI += "file://CVE-2024-5569.patch"
 SRC_URI[sha256sum] = "84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0"
 
 DEPENDS += "python3-setuptools-scm-native"
diff --git a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
index 0d807db39f..a8f98d873e 100644
--- a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
+++ b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
@@ -1,4 +1,4 @@
-From 365399f17d35719d828ddd49182dcb401fb7791c Mon Sep 17 00:00:00 2001
+From e8bd4f8ee56cbb12a61c1dcabf35a1835a863132 Mon Sep 17 00:00:00 2001
 From: Paulo Neves <ptsneves@gmail.com>
 Date: Tue, 7 Jun 2022 16:16:41 +0200
 Subject: [PATCH] Avoid shebang overflow on python-config.py
@@ -16,10 +16,10 @@ Upstream-Status: Denied [distribution]
  1 file changed, 2 insertions(+)
 
 diff --git a/Makefile.pre.in b/Makefile.pre.in
-index 77bf09a..6353c57 100644
+index 2d235d2..1ac2263 100644
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -2339,6 +2339,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
+@@ -2356,6 +2356,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
         @ # Substitution happens here, as the completely-expanded BINDIR
         @ # is not available in configure
         sed -e "s,@EXENAME@,$(EXENAME)," < $(srcdir)/Misc/python-config.in >python-config.py
diff --git a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
index 026150f0e2..5ca09c6f3c 100644
--- a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
+++ b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
@@ -1,4 +1,4 @@
-From f8a664cf1fc73e381d57d6927207286059744837 Mon Sep 17 00:00:00 2001
+From bbfb7fdf01f0502c7bf3d418f3a912ea76c93f24 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Thu, 16 Sep 2021 16:35:37 +0200
 Subject: [PATCH] Lib/pty.py: handle stdin I/O errors same way as master I/O
@@ -24,7 +24,6 @@ So let's treat both channels the same.
 
 Upstream-Status: Submitted [https://github.com/python/cpython/pull/28388]
 Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
 ---
  Lib/pty.py | 5 ++++-
  1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
index 680254fab9..c42a56bcb3 100644
--- a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
+++ b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
@@ -1,4 +1,4 @@
-From 71c194077bb907bfe423d3f3275f33a6c8ca0e74 Mon Sep 17 00:00:00 2001
+From c739bf214b9dd6060db216b79077806fccb582ae Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Fri, 17 Nov 2023 14:26:32 +0100
 Subject: [PATCH] Lib/sysconfig.py: use prefix value from build configuration
@@ -9,16 +9,15 @@ native python.
 
 Upstream-Status: Inappropriate [oe-core cross builds]
 Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
 ---
  Lib/sysconfig.py | 5 +++++
  1 file changed, 5 insertions(+)
 
 diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py
-index 79c0510..91ebcb6 100644
+index 6258b68..d59ec6e 100644
 --- a/Lib/sysconfig.py
 +++ b/Lib/sysconfig.py
-@@ -668,6 +668,11 @@ def _init_config_vars():
+@@ -675,6 +675,11 @@ def _init_config_vars():
          _CONFIG_VARS['VPATH'] = sys._vpath
      if os.name == 'posix':
          _init_posix(_CONFIG_VARS)
diff --git a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
index ee33128fa1..b78f619958 100644
--- a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
+++ b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
@@ -1,4 +1,4 @@
-From 38278339832a57dbf5fa3ef21accaa03e2c814d7 Mon Sep 17 00:00:00 2001
+From b9081b2e21983f2a828bc40a47ab278ef69f4dfe Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Wed, 30 Jan 2019 12:41:04 +0100
 Subject: [PATCH] Makefile.pre: use qemu wrapper when gathering profile data
@@ -10,10 +10,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  1 file changed, 1 insertion(+), 2 deletions(-)
 
 diff --git a/Makefile.pre.in b/Makefile.pre.in
-index dd5e69f..381feb0 100644
+index 083f4c7..dce36a5 100644
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -658,8 +658,7 @@ profile-run-stamp:
+@@ -660,8 +660,7 @@ profile-run-stamp:
         # enabled.
         $(MAKE) profile-gen-stamp
         # Next, run the profile task to generate the profile information.
diff --git a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
index 197daa71a5..051ec2c635 100644
--- a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
+++ b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
@@ -1,4 +1,4 @@
-From 3471e3478e0760c42e04f8046cee2367ab5706d2 Mon Sep 17 00:00:00 2001
+From b4014e3d1d9e38b25f2840e65e2acd757f3e5d41 Mon Sep 17 00:00:00 2001
 From: Yi Fan Yu <yifan.yu@windriver.com>
 Date: Thu, 1 Apr 2021 13:08:37 -0700
 Subject: [PATCH] Skip failing tests due to load variability on YP AB
@@ -23,10 +23,10 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
  2 files changed, 5 insertions(+)
 
 diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py
-index e42c7ab..dff5227 100644
+index 3b4415b..1f94dec 100644
 --- a/Lib/test/_test_multiprocessing.py
 +++ b/Lib/test/_test_multiprocessing.py
-@@ -682,6 +682,7 @@ class _TestProcess(BaseTestCase):
+@@ -692,6 +692,7 @@ class _TestProcess(BaseTestCase):
          close_queue(q)
  
      @support.requires_resource('walltime')
@@ -34,7 +34,7 @@ index e42c7ab..dff5227 100644
      def test_many_processes(self):
          if self.TYPE == 'threads':
              self.skipTest('test not appropriate for {}'.format(self.TYPE))
-@@ -2066,6 +2067,7 @@ class _TestBarrier(BaseTestCase):
+@@ -2223,6 +2224,7 @@ class _TestBarrier(BaseTestCase):
          except threading.BrokenBarrierError:
              results.append(True)
  
@@ -42,7 +42,7 @@ index e42c7ab..dff5227 100644
      def test_timeout(self):
          """
          Test wait(timeout)
-@@ -5024,6 +5026,7 @@ class TestWait(unittest.TestCase):
+@@ -5220,6 +5222,7 @@ class TestWait(unittest.TestCase):
          time.sleep(period)
  
      @support.requires_resource('walltime')
@@ -51,10 +51,10 @@ index e42c7ab..dff5227 100644
          from multiprocessing.connection import wait
  
 diff --git a/Lib/test/test_time.py b/Lib/test/test_time.py
-index 02cc3f4..51a4548 100644
+index 9463add..4e0f39d 100644
 --- a/Lib/test/test_time.py
 +++ b/Lib/test/test_time.py
-@@ -492,6 +492,7 @@ class TimeTestCase(unittest.TestCase):
+@@ -536,6 +536,7 @@ class TimeTestCase(unittest.TestCase):
      @unittest.skipIf(
          support.is_wasi, "process_time not available on WASI"
      )
@@ -62,7 +62,7 @@ index 02cc3f4..51a4548 100644
      def test_process_time(self):
          # process_time() should not include time spend during a sleep
          start = time.process_time()
-@@ -505,6 +506,7 @@ class TimeTestCase(unittest.TestCase):
+@@ -549,6 +550,7 @@ class TimeTestCase(unittest.TestCase):
          self.assertTrue(info.monotonic)
          self.assertFalse(info.adjustable)
  
diff --git a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
index b6c6ac5a28..08142617c0 100644
--- a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
+++ b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
@@ -1,4 +1,4 @@
-From 37d058e841ba3bd89b5746cc5381afb014b11581 Mon Sep 17 00:00:00 2001
+From 5224cc0ac21f4c2574c24e0fee38b145ca15175b Mon Sep 17 00:00:00 2001
 From: Wentao Zhang <wentao.zhang@windriver.com>
 Date: Mon, 20 Mar 2023 13:39:52 +0800
 Subject: [PATCH] Update test_sysconfig for posix_user purelib
@@ -17,16 +17,15 @@ Update test_sysconfig.test_user_similar() for the posix_user scheme:
 
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
-
 ---
  Lib/test/test_sysconfig.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py
-index b6dbf3d..5672590 100644
+index 3468d0c..9ff174c 100644
 --- a/Lib/test/test_sysconfig.py
 +++ b/Lib/test/test_sysconfig.py
-@@ -372,7 +372,7 @@ class TestSysConfig(unittest.TestCase):
+@@ -390,7 +390,7 @@ class TestSysConfig(unittest.TestCase):
                  expected = os.path.normpath(global_path.replace(base, user, 1))
                  # bpo-44860: platlib of posix_user doesn't use sys.platlibdir,
                  # whereas posix_prefix does.
diff --git a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
index 88b84c6024..1cffdd6e05 100644
--- a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
+++ b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
@@ -1,4 +1,4 @@
-From 999d4e74d34afa233ad8ad0c70b989d77a21957f Mon Sep 17 00:00:00 2001
+From 6e3868c8c330f997bc242a8d51d742baac449ecc Mon Sep 17 00:00:00 2001
 From: Petr Viktorin <encukou@gmail.com>
 Date: Wed, 23 Aug 2023 20:00:07 +0200
 Subject: [PATCH] gh-107811: tarfile: treat overflow in UID/GID as failure to
@@ -13,10 +13,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  create mode 100644 Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst
 
 diff --git a/Lib/tarfile.py b/Lib/tarfile.py
-index 3bbbcaa..473167d 100755
+index 0a0f31e..4dfb67d 100755
 --- a/Lib/tarfile.py
 +++ b/Lib/tarfile.py
-@@ -2557,7 +2557,8 @@ class TarFile(object):
+@@ -2685,7 +2685,8 @@ class TarFile(object):
                      os.lchown(targetpath, u, g)
                  else:
                      os.chown(targetpath, u, g)
@@ -35,6 +35,3 @@ index 0000000..ffca413
 +:mod:`tarfile`: extraction of members with overly large UID or GID (e.g. on
 +an OS with 32-bit :c:type:`!id_t`) now fails in the same way as failing to
 +set the ID.
--- 
-2.45.0
-
diff --git a/meta/recipes-devtools/python/python3/0001-gh-114492-Initialize-struct-termios-before-calling-t.patch b/meta/recipes-devtools/python/python3/0001-gh-114492-Initialize-struct-termios-before-calling-t.patch
deleted file mode 100644
index 8406ef30a2..0000000000
--- a/meta/recipes-devtools/python/python3/0001-gh-114492-Initialize-struct-termios-before-calling-t.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 439aa02f42d6e6715c172076261757fcb89a936a Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Tue, 23 Jan 2024 23:02:02 +0100
-Subject: [PATCH] gh-114492: Initialize struct termios before calling
- tcgetattr() (GH-114495) (GH-114502)
-
-On Alpine Linux it could leave some field non-initialized.
-(cherry picked from commit d22c066b802592932f9eb18434782299e80ca42e)
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/386c72d9928c51aa2c855ce592bd8022da3b407f]
-Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- .../next/Library/2024-01-23-21-20-40.gh-issue-114492.vKxl5o.rst | 2 ++
- 1 file changed, 2 insertions(+)
- create mode 100644 Misc/NEWS.d/next/Library/2024-01-23-21-20-40.gh-issue-114492.vKxl5o.rst
-
-diff --git a/Misc/NEWS.d/next/Library/2024-01-23-21-20-40.gh-issue-114492.vKxl5o.rst b/Misc/NEWS.d/next/Library/2024-01-23-21-20-40.gh-issue-114492.vKxl5o.rst
-new file mode 100644
-index 0000000..8df8299
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2024-01-23-21-20-40.gh-issue-114492.vKxl5o.rst
-@@ -0,0 +1,2 @@
-+Make the result of :func:`termios.tcgetattr` reproducible on Alpine Linux.
-+Previously it could leave a random garbage in some fields.
diff --git a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
index bbeabe4389..5a1f9ffccf 100644
--- a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
+++ b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
@@ -1,4 +1,4 @@
-From ababc7b1db8c406910766e11cdd04cbef7a706c9 Mon Sep 17 00:00:00 2001
+From 82576cdb9d6d9736ba122592974b0e7727216a3f Mon Sep 17 00:00:00 2001
 From: Changqing Li <changqing.li@windriver.com>
 Date: Mon, 22 Oct 2018 15:19:51 +0800
 Subject: [PATCH] python3: use cc_basename to replace CC for checking compiler
@@ -26,7 +26,7 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
  1 file changed, 10 insertions(+), 9 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 384718d..5a1d58b 100644
+index 9270b5f..955daad 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -137,6 +137,7 @@ AC_CONFIG_HEADERS([pyconfig.h])
@@ -46,7 +46,7 @@ index 384718d..5a1d58b 100644
          gcc)    AC_PATH_TOOL([CXX], [g++], [g++], [notfound]) ;;
          cc)     AC_PATH_TOOL([CXX], [c++], [c++], [notfound]) ;;
          clang|*/clang)     AC_PATH_TOOL([CXX], [clang++], [clang++], [notfound]) ;;
-@@ -1328,7 +1329,7 @@ rmdir CaseSensitiveTestDir
+@@ -1331,7 +1332,7 @@ rmdir CaseSensitiveTestDir
  
  case $ac_sys_system in
  hp*|HP*)
@@ -55,7 +55,7 @@ index 384718d..5a1d58b 100644
      cc|*/cc) CC="$CC -Ae";;
      esac;;
  esac
-@@ -1854,7 +1855,7 @@ esac
+@@ -1857,7 +1858,7 @@ esac
  ],
  [AC_MSG_RESULT([no])])
  if test "$Py_LTO" = 'true' ; then
@@ -64,7 +64,7 @@ index 384718d..5a1d58b 100644
      *clang*)
        LDFLAGS_NOLTO="-fno-lto"
        dnl Clang linker requires -flto in order to link objects with LTO information.
-@@ -1983,7 +1984,7 @@ then
+@@ -1986,7 +1987,7 @@ then
    fi
  fi
  LLVM_PROF_ERR=no
@@ -73,7 +73,7 @@ index 384718d..5a1d58b 100644
    *clang*)
      # Any changes made here should be reflected in the GCC+Darwin case below
      PGO_PROF_GEN_FLAG="-fprofile-instr-generate"
-@@ -2147,7 +2148,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS])
+@@ -2179,7 +2180,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS])
  # compiler and platform.  BASECFLAGS tweaks need to be made even if the
  # user set OPT.
  
@@ -82,7 +82,7 @@ index 384718d..5a1d58b 100644
      *clang*)
          cc_is_clang=1
          ;;
-@@ -2419,7 +2420,7 @@ yes)
+@@ -2451,7 +2452,7 @@ yes)
  
      # ICC doesn't recognize the option, but only emits a warning
      ## XXX does it emit an unused result warning and can it be disabled?
@@ -91,7 +91,7 @@ index 384718d..5a1d58b 100644
              [*icc*], [ac_cv_disable_unused_result_warning=no]
              [PY_CHECK_CC_WARNING([disable], [unused-result])])
      AS_VAR_IF([ac_cv_disable_unused_result_warning], [yes],
-@@ -2665,7 +2666,7 @@ yes)
+@@ -2697,7 +2698,7 @@ yes)
      ;;
  esac
  
@@ -100,7 +100,7 @@ index 384718d..5a1d58b 100644
  *mpicc*)
      CFLAGS_NODIST="$CFLAGS_NODIST"
      ;;
-@@ -3482,7 +3483,7 @@ then
+@@ -3532,7 +3533,7 @@ then
                 then
                         LINKFORSHARED="-Wl,--export-dynamic"
                 fi;;
@@ -109,7 +109,7 @@ index 384718d..5a1d58b 100644
                   *gcc*)
                     if $CC -Xlinker --help 2>&1 | grep export-dynamic >/dev/null
                     then
-@@ -6803,7 +6804,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then
+@@ -6853,7 +6854,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then
      # Some versions of gcc miscompile inline asm:
      # http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46491
      # http://gcc.gnu.org/ml/gcc/2010-11/msg00366.html
diff --git a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
index 2d7bca6a77..4920cb9ad9 100644
--- a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
+++ b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
@@ -1,4 +1,4 @@
-From 217cea231462e7703e8c9ea39c0a6833f799a420 Mon Sep 17 00:00:00 2001
+From 5944f707fc04fb65caec3f0e1ce3a42169426c47 Mon Sep 17 00:00:00 2001
 From: Trevor Gamblin <tgamblin@baylibre.com>
 Date: Fri, 15 Sep 2023 08:48:33 -0400
 Subject: [PATCH] skip no_stdout_fileno test due to load variability
@@ -16,10 +16,10 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
  1 file changed, 1 insertion(+)
 
 diff --git a/Lib/test/test_builtin.py b/Lib/test/test_builtin.py
-index 4d03c46..b329b7a 100644
+index c71c568..e41ab5e 100644
 --- a/Lib/test/test_builtin.py
 +++ b/Lib/test/test_builtin.py
-@@ -2326,6 +2326,7 @@ class PtyTests(unittest.TestCase):
+@@ -2375,6 +2375,7 @@ class PtyTests(unittest.TestCase):
          # Check stdin/stdout error handler is used when invoking PyOS_Readline()
          self.check_input_tty("prompté", b"quux\xe9", "ascii")
  
diff --git a/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch b/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
index fc52fdac26..c7ac43cc85 100644
--- a/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
+++ b/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
@@ -1,4 +1,4 @@
-From a5d429a0e1a4809c1ded7be7e45dcabeb82c53d8 Mon Sep 17 00:00:00 2001
+From 3aeeddb1325679d5c0471ad86806e92e72187138 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Sun, 12 Sep 2021 21:44:36 +0200
 Subject: [PATCH] sysconfig.py: use platlibdir also for purelib
@@ -8,13 +8,12 @@ is not correct.
 
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
 ---
  Lib/sysconfig.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py
-index 122d441..79c0510 100644
+index 517b13a..6258b68 100644
 --- a/Lib/sysconfig.py
 +++ b/Lib/sysconfig.py
 @@ -28,7 +28,7 @@ _INSTALL_SCHEMES = {
diff --git a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
index 6ebbaf10e0..164c8b5180 100644
--- a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
@@ -1,4 +1,4 @@
-From bf3eb28bba24509a3e1cd40f1f0e26db833779a2 Mon Sep 17 00:00:00 2001
+From a83311a1030b816f422dbb4457fc38c1289c224d Mon Sep 17 00:00:00 2001
 From: Trevor Gamblin <tgamblin@baylibre.com>
 Date: Thu, 13 Jun 2024 10:54:31 -0400
 Subject: [PATCH] test_active_children: skip problematic test
@@ -14,10 +14,10 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
  1 file changed, 1 insertion(+)
 
 diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py
-index 3955123455..a1861fa3a0 100644
+index 1f94dec..3632219 100644
 --- a/Lib/test/_test_multiprocessing.py
 +++ b/Lib/test/_test_multiprocessing.py
-@@ -579,6 +579,7 @@ def test_cpu_count(self):
+@@ -585,6 +585,7 @@ class _TestProcess(BaseTestCase):
          self.assertTrue(type(cpus) is int)
          self.assertTrue(cpus >= 1)
  
@@ -25,6 +25,3 @@ index 3955123455..a1861fa3a0 100644
      def test_active_children(self):
          self.assertEqual(type(self.active_children()), list)
  
--- 
-2.45.2
-
diff --git a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
index b4fe946cba..307e4bf306 100644
--- a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
@@ -1,4 +1,4 @@
-From b64c131a576a4b4f821514e711ab91b1394fb4ff Mon Sep 17 00:00:00 2001
+From fbbf04dbeae217b985073263499174960e5fd142 Mon Sep 17 00:00:00 2001
 From: Tim Orling <timothy.t.orling@intel.com>
 Date: Fri, 18 Jun 2021 11:56:50 -0700
 Subject: [PATCH] test_ctypes.test_find: skip without tools-sdk
@@ -10,13 +10,12 @@ easiest way to dynamically check for that is looking for
 Upstream-Status: Inappropriate [oe-specific]
 
 Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
-
 ---
  Lib/test/test_ctypes/test_find.py | 2 ++
  1 file changed, 2 insertions(+)
 
 diff --git a/Lib/test/test_ctypes/test_find.py b/Lib/test/test_ctypes/test_find.py
-index 1ff9d01..59def26 100644
+index a41e949..eb5fe19 100644
 --- a/Lib/test/test_ctypes/test_find.py
 +++ b/Lib/test/test_ctypes/test_find.py
 @@ -113,10 +113,12 @@ class FindLibraryLinux(unittest.TestCase):
diff --git a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
index f0a7cfd39b..e07f7392f6 100644
--- a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
@@ -1,4 +1,4 @@
-From d7e3f26e7094fbe20e2271d75f18ac3b23a67f58 Mon Sep 17 00:00:00 2001
+From 9d658dd20f02edcf878b245d638c474c808ab8d1 Mon Sep 17 00:00:00 2001
 From: Trevor Gamblin <tgamblin@baylibre.com>
 Date: Wed, 12 Jun 2024 10:29:03 -0400
 Subject: [PATCH] test_deadlock: skip problematic test
@@ -14,10 +14,10 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
  1 file changed, 1 insertion(+)
 
 diff --git a/Lib/test/test_concurrent_futures/test_deadlock.py b/Lib/test/test_concurrent_futures/test_deadlock.py
-index 1db4cd0099..fd07895a17 100644
+index e8cd8f6..021906b 100644
 --- a/Lib/test/test_concurrent_futures/test_deadlock.py
 +++ b/Lib/test/test_concurrent_futures/test_deadlock.py
-@@ -90,6 +90,7 @@ def __reduce__(self):
+@@ -90,6 +90,7 @@ class ErrorAtUnpickle(object):
          return _raise_error_ignore_stderr, (UnpicklingError, )
  
  
@@ -25,6 +25,3 @@ index 1db4cd0099..fd07895a17 100644
  class ExecutorDeadlockTest:
      TIMEOUT = support.LONG_TIMEOUT
  
--- 
-2.45.2
-
diff --git a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
index 410a9fc7f1..535c48c769 100644
--- a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
@@ -1,4 +1,4 @@
-From ef5728f0af14da5c9f80b0f038fe5bf6d44cb0e9 Mon Sep 17 00:00:00 2001
+From fcd5b7d30d3245ce92ea45dfbab3c7b7da690c20 Mon Sep 17 00:00:00 2001
 From: Mingli Yu <mingli.yu@windriver.com>
 Date: Mon, 5 Aug 2019 15:57:39 +0800
 Subject: [PATCH] test_locale.py: correct the test output format
@@ -26,16 +26,15 @@ Upstream-Status: Submitted [https://github.com/python/cpython/pull/15132]
 Rebased for 3.9.4, still not accepted upstream Signed-off-by: Alejandro Hernandez <alejandro@enedino.org>
 
 Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
-
 ---
  Lib/test/test_locale.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Lib/test/test_locale.py b/Lib/test/test_locale.py
-index b0d7998..cb12153 100644
+index cde80a4..e8ffd71 100644
 --- a/Lib/test/test_locale.py
 +++ b/Lib/test/test_locale.py
-@@ -557,7 +557,7 @@ class TestMiscellaneous(unittest.TestCase):
+@@ -561,7 +561,7 @@ class TestMiscellaneous(unittest.TestCase):
              self.skipTest('test needs Turkish locale')
          loc = locale.getlocale(locale.LC_CTYPE)
          if verbose:
diff --git a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
index e8d297c721..f9dc0ddcda 100644
--- a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
@@ -1,4 +1,4 @@
-From d9d916d5ea946c945323679d1709de1b87029b96 Mon Sep 17 00:00:00 2001
+From 34fd0bc8afc67a11eea5d73f9e0edf045c5ce541 Mon Sep 17 00:00:00 2001
 From: Trevor Gamblin <tgamblin@baylibre.com>
 Date: Tue, 13 Aug 2024 11:07:05 -0400
 Subject: [PATCH] test_readline: skip limited history test
@@ -16,11 +16,11 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
  Lib/test/test_readline.py | 2 ++
  1 file changed, 2 insertions(+)
 
-Index: Python-3.12.6/Lib/test/test_readline.py
-===================================================================
---- Python-3.12.6.orig/Lib/test/test_readline.py
-+++ Python-3.12.6/Lib/test/test_readline.py
-@@ -133,6 +133,7 @@ class TestHistoryManipulation (unittest.
+diff --git a/Lib/test/test_readline.py b/Lib/test/test_readline.py
+index fab124a..291dd48 100644
+--- a/Lib/test/test_readline.py
++++ b/Lib/test/test_readline.py
+@@ -141,6 +141,7 @@ class TestHistoryManipulation (unittest.TestCase):
          self.assertEqual(readline.get_history_item(1), "entrée 1")
          self.assertEqual(readline.get_history_item(2), "entrée 22")
  
@@ -28,7 +28,7 @@ Index: Python-3.12.6/Lib/test/test_readline.py
      def test_write_read_limited_history(self):
          previous_length = readline.get_history_length()
          self.addCleanup(readline.set_history_length, previous_length)
-@@ -371,6 +372,7 @@ readline.write_history_file(history_file
+@@ -379,6 +380,7 @@ readline.write_history_file(history_file)
          self.assertIn(b"done", output)
  
  
diff --git a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
index 1d4cda18b1..61fe5e9ba1 100644
--- a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
@@ -1,4 +1,4 @@
-From 9d4cdbde100798ba9fa1cf3f82dbaf18fd10a543 Mon Sep 17 00:00:00 2001
+From d09a034acba8922158d38fd16be970b5a454428a Mon Sep 17 00:00:00 2001
 From: Trevor Gamblin <tgamblin@baylibre.com>
 Date: Wed, 8 May 2024 11:58:09 -0400
 Subject: [PATCH] test_shutdown: skip problematic test
@@ -14,7 +14,7 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
  1 file changed, 3 insertions(+)
 
 diff --git a/Lib/test/test_concurrent_futures/test_shutdown.py b/Lib/test/test_concurrent_futures/test_shutdown.py
-index 7a4065afd4..6b878a48bf 100644
+index 7a4065a..6b878a4 100644
 --- a/Lib/test/test_concurrent_futures/test_shutdown.py
 +++ b/Lib/test/test_concurrent_futures/test_shutdown.py
 @@ -20,6 +20,7 @@ def sleep_and_print(t, msg):
@@ -25,7 +25,7 @@ index 7a4065afd4..6b878a48bf 100644
  class ExecutorShutdownTest:
      def test_run_after_shutdown(self):
          self.executor.shutdown()
-@@ -156,6 +157,7 @@ def timeout(_signum, _frame):
+@@ -156,6 +157,7 @@ class ExecutorShutdownTest:
              signal.signal(signal.SIGALRM, old_handler)
  
  
@@ -33,7 +33,7 @@ index 7a4065afd4..6b878a48bf 100644
  class ThreadPoolShutdownTest(ThreadPoolMixin, ExecutorShutdownTest, BaseTestCase):
      def test_threads_terminate(self):
          def acquire_lock(lock):
-@@ -252,6 +254,7 @@ def test_cancel_futures_wait_false(self):
+@@ -252,6 +254,7 @@ class ThreadPoolShutdownTest(ThreadPoolMixin, ExecutorShutdownTest, BaseTestCase
          self.assertIn(out.strip(), [b"apple", b""])
  
  
@@ -41,6 +41,3 @@ index 7a4065afd4..6b878a48bf 100644
  class ProcessPoolShutdownTest(ExecutorShutdownTest):
      def test_processes_terminate(self):
          def acquire_lock(lock):
--- 
-2.45.0
-
diff --git a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
index 0d0eb08459..88cd93a51f 100644
--- a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
@@ -1,4 +1,4 @@
-From dc69a1afdb3ba619705ff71e14f19ed3142e422f Mon Sep 17 00:00:00 2001
+From 6715560de4d622c2d72ee7b587c916ac647c54bb Mon Sep 17 00:00:00 2001
 From: Trevor Gamblin <tgamblin@baylibre.com>
 Date: Fri, 6 Oct 2023 10:59:44 -0400
 Subject: [PATCH] test_storlines: skip due to load variability
@@ -11,16 +11,15 @@ Upstream-Status: Inappropriate [OE-Specific]
 [YOCTO #14933]
 
 Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
-
 ---
  Lib/test/test_ftplib.py | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
-index 2f191ea..dc29346 100644
+index 4c4a449..b8c79a4 100644
 --- a/Lib/test/test_ftplib.py
 +++ b/Lib/test/test_ftplib.py
-@@ -626,6 +626,7 @@ class TestFTPClass(TestCase):
+@@ -629,6 +629,7 @@ class TestFTPClass(TestCase):
              self.client.storbinary('stor', f, rest=r)
              self.assertEqual(self.server.handler_instance.rest, str(r))
  
diff --git a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
index 0661249bfd..e917c8bdf0 100644
--- a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
+++ b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
@@ -1,4 +1,4 @@
-From d0205c60d08f51d84bd8ddc07a57e8c71710fdad Mon Sep 17 00:00:00 2001
+From 011b21dc9b090c0b97eaecbd80a9e0c1cd39b12d Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Fri, 17 Nov 2023 14:16:40 +0100
 Subject: [PATCH] configure.ac: do not add a curses include path from the host
@@ -15,10 +15,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  1 file changed, 6 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index c49cd4f..affdedf 100644
+index 6e465a4..13c4835 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -6508,12 +6508,6 @@ AS_VAR_IF([have_panel], [no], [
+@@ -6558,12 +6558,6 @@ AS_VAR_IF([have_panel], [no], [
    AC_MSG_RESULT([$have_panel (CFLAGS: $PANEL_CFLAGS, LIBS: $PANEL_LIBS)])
  ])
  
diff --git a/meta/recipes-devtools/python/python3/cgi_py.patch b/meta/recipes-devtools/python/python3/cgi_py.patch
index 8262c88e73..880a463760 100644
--- a/meta/recipes-devtools/python/python3/cgi_py.patch
+++ b/meta/recipes-devtools/python/python3/cgi_py.patch
@@ -1,4 +1,4 @@
-From a56778372fe8dc7c42f5ffd911d89498c22dd064 Mon Sep 17 00:00:00 2001
+From 6ebd9de3505be0965cfc37e2e4d0d882d75f0ec2 Mon Sep 17 00:00:00 2001
 From: Mark Hatle <mark.hatle@windriver.com>
 Date: Wed, 21 Sep 2011 20:55:33 -0500
 Subject: [PATCH] Lib/cgi.py: Update the script as mentioned in the comment
@@ -6,7 +6,6 @@ Subject: [PATCH] Lib/cgi.py: Update the script as mentioned in the comment
 Upstream-Status: Inappropriate [distribution]
 
 Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
-
 ---
  Lib/cgi.py | 11 +----------
  1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/meta/recipes-devtools/python/python3/crosspythonpath.patch b/meta/recipes-devtools/python/python3/crosspythonpath.patch
index 2c4aef0511..24268fb91a 100644
--- a/meta/recipes-devtools/python/python3/crosspythonpath.patch
+++ b/meta/recipes-devtools/python/python3/crosspythonpath.patch
@@ -1,4 +1,4 @@
-From 5b66463c10fec1440e977d5a21a0167862d6d79c Mon Sep 17 00:00:00 2001
+From 0bcdb84db7801507b155a40db2228ba516edeb73 Mon Sep 17 00:00:00 2001
 From: Ricardo Ribalda <ricardo@ribalda.com>
 Date: Tue, 18 Nov 2014 03:35:33 -0500
 Subject: [PATCH] configure.ac: add CROSSPYTHONPATH into PYTHONPATH for
@@ -14,13 +14,12 @@ Upstream-Status: Inappropriate [OE-Core integration specific]
 Credits-to: Mark Hatle <mark.hatle@windriver.com>
 Credits-to: Jackie Huang <jackie.huang@windriver.com>
 Signed-off-by: Ricardo Ribalda <ricardo@ribalda.com>
-
 ---
  configure.ac | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index cb9e198..d81c19a 100644
+index 955daad..6e465a4 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -165,7 +165,7 @@ AC_ARG_WITH([build-python],
diff --git a/meta/recipes-devtools/python/python3/deterministic_imports.patch b/meta/recipes-devtools/python/python3/deterministic_imports.patch
index 2de6ae2e98..9bfdf5cd47 100644
--- a/meta/recipes-devtools/python/python3/deterministic_imports.patch
+++ b/meta/recipes-devtools/python/python3/deterministic_imports.patch
@@ -1,4 +1,4 @@
-From 039d5e652796b55f1132afa568c7432b6ed89afd Mon Sep 17 00:00:00 2001
+From 1d6f0f5f8a1279fc9bc06266caa3f3b6f234c4cb Mon Sep 17 00:00:00 2001
 From: Richard Purdie <richard.purdie@linuxfoundation.org>
 Date: Fri, 27 May 2022 17:05:44 +0100
 Subject: [PATCH] python3: Ensure stale empty python module directories don't
@@ -13,13 +13,12 @@ As a result, patch this to a behaviour which works for us.
 
 Upstream-Status: Submitted [https://github.com/python/cpython/issues/120492; need to first talk to upstream to see if they'll take one or both fixes]
 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-
 ---
  Lib/importlib/metadata/__init__.py | 9 ++++++++-
  1 file changed, 8 insertions(+), 1 deletion(-)
 
 diff --git a/Lib/importlib/metadata/__init__.py b/Lib/importlib/metadata/__init__.py
-index 82e0ce1..969cac4 100644
+index e6ca178..ac5a75b 100644
 --- a/Lib/importlib/metadata/__init__.py
 +++ b/Lib/importlib/metadata/__init__.py
 @@ -710,7 +710,14 @@ class Lookup:
diff --git a/meta/recipes-devtools/python/python3/makerace.patch b/meta/recipes-devtools/python/python3/makerace.patch
index c1b20703e6..fbe12a5fca 100644
--- a/meta/recipes-devtools/python/python3/makerace.patch
+++ b/meta/recipes-devtools/python/python3/makerace.patch
@@ -1,4 +1,4 @@
-From 9f827c29adbe656af3c8fc963fdd8f47aec0c442 Mon Sep 17 00:00:00 2001
+From be22dd9b091af8f971f924fdbce5b439d9b2e850 Mon Sep 17 00:00:00 2001
 From: Richard Purdie <richard.purdie@linuxfoundation.org>
 Date: Tue, 13 Jul 2021 23:19:29 +0100
 Subject: [PATCH] python3: Fix make race
@@ -17,10 +17,10 @@ Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile.pre.in b/Makefile.pre.in
-index 381feb0..77bf09a 100644
+index dce36a5..2d235d2 100644
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -2250,7 +2250,7 @@ COMPILEALL_OPTS=-j0
+@@ -2267,7 +2267,7 @@ COMPILEALL_OPTS=-j0
  TEST_MODULES=@TEST_MODULES@
  
  .PHONY: libinstall
diff --git a/meta/recipes-devtools/python/python3/python3-manifest.json b/meta/recipes-devtools/python/python3/python3-manifest.json
index 46092d4004..292c5bbc5d 100644
--- a/meta/recipes-devtools/python/python3/python3-manifest.json
+++ b/meta/recipes-devtools/python/python3/python3-manifest.json
@@ -216,7 +216,7 @@
     },
     "core": {
         "summary": "Python interpreter and core modules",
-        "rdepends": [],
+        "rdepends": ["compression"],
         "files": [
             "${bindir}/python${PYTHON_MAJMIN}",
             "${bindir}/python${PYTHON_MAJMIN}.real",
diff --git a/meta/recipes-devtools/python/python3_3.12.6.bb b/meta/recipes-devtools/python/python3_3.12.11.bb
index ae69f0e781..706dabb5cd 100644
--- a/meta/recipes-devtools/python/python3_3.12.6.bb
+++ b/meta/recipes-devtools/python/python3_3.12.11.bb
@@ -29,7 +29,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://0001-Update-test_sysconfig-for-posix_user-purelib.patch \
            file://0001-skip-no_stdout_fileno-test-due-to-load-variability.patch \
            file://0001-test_storlines-skip-due-to-load-variability.patch \
-           file://0001-gh-114492-Initialize-struct-termios-before-calling-t.patch \
            file://0001-test_shutdown-skip-problematic-test.patch \
            file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \
            file://0001-test_deadlock-skip-problematic-test.patch \
@@ -41,7 +40,7 @@ SRC_URI:append:class-native = " \
            file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
            "
 
-SRC_URI[sha256sum] = "1999658298cf2fb837dffed8ff3c033ef0c98ef20cf73c5d5f66bed5ab89697c"
+SRC_URI[sha256sum] = "c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
diff --git a/meta/recipes-devtools/qemu/qemu-native_8.2.3.bb b/meta/recipes-devtools/qemu/qemu-native_8.2.7.bb
index a77953529b..a77953529b 100644
--- a/meta/recipes-devtools/qemu/qemu-native_8.2.3.bb
+++ b/meta/recipes-devtools/qemu/qemu-native_8.2.7.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb b/meta/recipes-devtools/qemu/qemu-system-native_8.2.7.bb
index 0634b34242..0634b34242 100644
--- a/meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb
+++ b/meta/recipes-devtools/qemu/qemu-system-native_8.2.7.bb
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index e9f63b9eaf..38ed637b93 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -38,20 +38,9 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://0003-linux-user-Add-strace-for-shmat.patch \
            file://0004-linux-user-Rewrite-target_shmat.patch \
            file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \
+           file://0001-sched_attr-Do-not-define-for-glibc-2.41.patch \
            file://qemu-guest-agent.init \
            file://qemu-guest-agent.udev \
-           file://CVE-2024-4467-0001.patch \
-           file://CVE-2024-4467-0002.patch \
-           file://CVE-2024-4467-0003.patch \
-           file://CVE-2024-4467-0004.patch \
-           file://CVE-2024-4467-0005.patch \
-           file://CVE-2024-7409-0001.patch \
-           file://CVE-2024-7409-0002.patch \
-           file://CVE-2024-7409-0003.patch \
-           file://CVE-2024-7409-0004.patch \
-           file://0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch \
-           file://0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch \
-           file://0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
@@ -68,7 +57,7 @@ SRC_URI:append:class-native = " \
         file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \
         "
 
-SRC_URI[sha256sum] = "dc747fb366809455317601c4876bd1f6829a32a23e83fb76e45ab12c2a569964"
+SRC_URI[sha256sum] = "1f0604f296ab9acb4854c054764a1ba408643fc299bd54a6500cccfaaca65b55"
 
 CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."
 
@@ -90,6 +79,11 @@ CVE_STATUS[CVE-2023-6683] = "cpe-incorrect: Applies only against version 8.2.1 a
 
 CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 and earlier"
 
+# NVD DB has this CVE as version-less (with "-")
+CVE_STATUS[CVE-2024-6505] = "fixed-version: this CVE is fixed since 9.1.0"
+
+CVE_STATUS[CVE-2023-1386] = "disputed: not an issue as per https://bugzilla.redhat.com/show_bug.cgi?id=2223985"
+
 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
 COMPATIBLE_HOST:riscv32 = "null"
diff --git a/meta/recipes-devtools/qemu/qemu/0001-sched_attr-Do-not-define-for-glibc-2.41.patch b/meta/recipes-devtools/qemu/qemu/0001-sched_attr-Do-not-define-for-glibc-2.41.patch
new file mode 100644
index 0000000000..edb3e304c9
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0001-sched_attr-Do-not-define-for-glibc-2.41.patch
@@ -0,0 +1,47 @@
+From ddb27569449c941014fa44b1b542de0831d993a0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 10 Oct 2024 22:40:32 -0700
+Subject: [PATCH v2] sched_attr: Do not define for glibc >= 2.41
+
+glibc 2.41+ has added [1] definitions for sched_setattr and sched_getattr functions
+and struct sched_attr. Therefore, it needs to be checked for here as well before
+defining sched_attr
+
+Define sched_attr conditionally on SCHED_ATTR_SIZE_VER0
+
+Fixes builds with glibc/trunk
+
+[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=21571ca0d70302909cf72707b2a7736cf12190a0;hp=298bc488fdc047da37482f4003023cb9adef78f8
+
+Upstream-Status: Submitted [https://patchwork.ozlabs.org/project/qemu-devel/patch/20241011193140.1047648-1-raj.khem@gmail.com/]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Cc: Laurent Vivier <laurent@vivier.eu>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+---
+v2: Use SCHED_ATTR_SIZE_VER0 instead of glibc version check
+
+ linux-user/syscall.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index 1354e75694..caecbb765d 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -359,7 +359,8 @@ _syscall3(int, sys_sched_getaffinity, pid_t, pid, unsigned int, len,
+ #define __NR_sys_sched_setaffinity __NR_sched_setaffinity
+ _syscall3(int, sys_sched_setaffinity, pid_t, pid, unsigned int, len,
+           unsigned long *, user_mask_ptr);
+-/* sched_attr is not defined in glibc */
++/* sched_attr is not defined in glibc < 2.41 */
++#ifndef SCHED_ATTR_SIZE_VER0
+ struct sched_attr {
+     uint32_t size;
+     uint32_t sched_policy;
+@@ -372,6 +373,7 @@ struct sched_attr {
+     uint32_t sched_util_min;
+     uint32_t sched_util_max;
+ };
++#endif
+ #define __NR_sys_sched_getattr __NR_sched_getattr
+ _syscall4(int, sys_sched_getattr, pid_t, pid, struct sched_attr *, attr,
+           unsigned int, size, unsigned int, flags);
diff --git a/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch b/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch
deleted file mode 100644
index 39a6a85162..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9 Mon Sep 17 00:00:00 2001
-From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Date: Fri, 8 Dec 2023 15:38:31 -0300
-Subject: [PATCH 1/3] target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32
-
-KVM_REG_RISCV_FP_F regs have u32 size according to the API, but by using
-kvm_riscv_reg_id() in RISCV_FP_F_REG() we're returning u64 sizes when
-running with TARGET_RISCV64. The most likely reason why no one noticed
-this is because we're not implementing kvm_cpu_synchronize_state() in
-RISC-V yet.
-
-Create a new helper that returns a KVM ID with u32 size and use it in
-RISCV_FP_F_REG().
-
-Reported-by: Andrew Jones <ajones@ventanamicro.com>
-Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
-Message-ID: <20231208183835.2411523-2-dbarboza@ventanamicro.com>
-Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
-(cherry picked from commit 49c211ffca00fdf7c0c29072c224e88527a14838)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-
-Upstream-Status: Backport [bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- target/riscv/kvm/kvm-cpu.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
-index c1675158fe..2eef2be86a 100644
---- a/target/riscv/kvm/kvm-cpu.c
-+++ b/target/riscv/kvm/kvm-cpu.c
-@@ -72,6 +72,11 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
-     return id;
- }
- 
-+static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx)
-+{
-+    return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx;
-+}
-+
- #define RISCV_CORE_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \
-                  KVM_REG_RISCV_CORE_REG(name))
- 
-@@ -81,7 +86,7 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
- #define RISCV_TIMER_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, \
-                  KVM_REG_RISCV_TIMER_REG(name))
- 
--#define RISCV_FP_F_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_F, idx)
-+#define RISCV_FP_F_REG(idx)  kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
- 
- #define RISCV_FP_D_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, idx)
- 
-@@ -586,7 +591,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs)
-     if (riscv_has_ext(env, RVF)) {
-         uint32_t reg;
-         for (i = 0; i < 32; i++) {
--            ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(env, i), &reg);
-+            ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(i), &reg);
-             if (ret) {
-                 return ret;
-             }
-@@ -620,7 +625,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs)
-         uint32_t reg;
-         for (i = 0; i < 32; i++) {
-             reg = env->fpr[i];
--            ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(env, i), &reg);
-+            ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(i), &reg);
-             if (ret) {
-                 return ret;
-             }
--- 
-2.25.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch b/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch
deleted file mode 100644
index 9480d3e0b5..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 125b95d79e746cbab6b72683b3382dd372e38c61 Mon Sep 17 00:00:00 2001
-From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Date: Fri, 8 Dec 2023 15:38:32 -0300
-Subject: [PATCH 2/3] target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64
-
-KVM_REG_RISCV_FP_D regs are always u64 size. Using kvm_riscv_reg_id() in
-RISCV_FP_D_REG() ends up encoding the wrong size if we're running with
-TARGET_RISCV32.
-
-Create a new helper that returns a KVM ID with u64 size and use it with
-RISCV_FP_D_REG().
-
-Reported-by: Andrew Jones <ajones@ventanamicro.com>
-Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
-Message-ID: <20231208183835.2411523-3-dbarboza@ventanamicro.com>
-Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
-(cherry picked from commit 450bd6618fda3d2e2ab02b2fce1c79efd5b66084)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-
-Upstream-Status: Backport [125b95d79e746cbab6b72683b3382dd372e38c61]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- target/riscv/kvm/kvm-cpu.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
-index 2eef2be86a..82ed4455a5 100644
---- a/target/riscv/kvm/kvm-cpu.c
-+++ b/target/riscv/kvm/kvm-cpu.c
-@@ -77,6 +77,11 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx)
-     return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx;
- }
- 
-+static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx)
-+{
-+    return KVM_REG_RISCV | KVM_REG_SIZE_U64 | type | idx;
-+}
-+
- #define RISCV_CORE_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \
-                  KVM_REG_RISCV_CORE_REG(name))
- 
-@@ -88,7 +93,7 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx)
- 
- #define RISCV_FP_F_REG(idx)  kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
- 
--#define RISCV_FP_D_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, idx)
-+#define RISCV_FP_D_REG(idx)  kvm_riscv_reg_id_u64(KVM_REG_RISCV_FP_D, idx)
- 
- #define KVM_RISCV_GET_CSR(cs, env, csr, reg) \
-     do { \
-@@ -579,7 +584,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs)
-     if (riscv_has_ext(env, RVD)) {
-         uint64_t reg;
-         for (i = 0; i < 32; i++) {
--            ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(env, i), &reg);
-+            ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(i), &reg);
-             if (ret) {
-                 return ret;
-             }
-@@ -613,7 +618,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs)
-         uint64_t reg;
-         for (i = 0; i < 32; i++) {
-             reg = env->fpr[i];
--            ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(env, i), &reg);
-+            ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(i), &reg);
-             if (ret) {
-                 return ret;
-             }
--- 
-2.25.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch b/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch
deleted file mode 100644
index 1ea1bcfe70..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From cbae1080988e0f1af0fb4c816205f7647f6de16f Mon Sep 17 00:00:00 2001
-From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Date: Fri, 8 Dec 2023 15:38:33 -0300
-Subject: [PATCH 3/3] target/riscv/kvm: change timer regs size to u64
-
-KVM_REG_RISCV_TIMER regs are always u64 according to the KVM API, but at
-this moment we'll return u32 regs if we're running a RISCV32 target.
-
-Use the kvm_riscv_reg_id_u64() helper in RISCV_TIMER_REG() to fix it.
-
-Reported-by: Andrew Jones <ajones@ventanamicro.com>
-Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
-Message-ID: <20231208183835.2411523-4-dbarboza@ventanamicro.com>
-Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
-(cherry picked from commit 10f86d1b845087d14b58d65dd2a6e3411d1b6529)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-
-Upstream-Status: Backport [cbae1080988e0f1af0fb4c816205f7647f6de16f]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- target/riscv/kvm/kvm-cpu.c | 26 +++++++++++++-------------
- 1 file changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
-index 82ed4455a5..ddbe820e10 100644
---- a/target/riscv/kvm/kvm-cpu.c
-+++ b/target/riscv/kvm/kvm-cpu.c
-@@ -88,7 +88,7 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx)
- #define RISCV_CSR_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CSR, \
-                  KVM_REG_RISCV_CSR_REG(name))
- 
--#define RISCV_TIMER_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, \
-+#define RISCV_TIMER_REG(name)  kvm_riscv_reg_id_u64(KVM_REG_RISCV_TIMER, \
-                  KVM_REG_RISCV_TIMER_REG(name))
- 
- #define RISCV_FP_F_REG(idx)  kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
-@@ -111,17 +111,17 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx)
-         } \
-     } while (0)
- 
--#define KVM_RISCV_GET_TIMER(cs, env, name, reg) \
-+#define KVM_RISCV_GET_TIMER(cs, name, reg) \
-     do { \
--        int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(env, name), &reg); \
-+        int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(name), &reg); \
-         if (ret) { \
-             abort(); \
-         } \
-     } while (0)
- 
--#define KVM_RISCV_SET_TIMER(cs, env, name, reg) \
-+#define KVM_RISCV_SET_TIMER(cs, name, reg) \
-     do { \
--        int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(env, name), &reg); \
-+        int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(name), &reg); \
-         if (ret) { \
-             abort(); \
-         } \
-@@ -649,10 +649,10 @@ static void kvm_riscv_get_regs_timer(CPUState *cs)
-         return;
-     }
- 
--    KVM_RISCV_GET_TIMER(cs, env, time, env->kvm_timer_time);
--    KVM_RISCV_GET_TIMER(cs, env, compare, env->kvm_timer_compare);
--    KVM_RISCV_GET_TIMER(cs, env, state, env->kvm_timer_state);
--    KVM_RISCV_GET_TIMER(cs, env, frequency, env->kvm_timer_frequency);
-+    KVM_RISCV_GET_TIMER(cs, time, env->kvm_timer_time);
-+    KVM_RISCV_GET_TIMER(cs, compare, env->kvm_timer_compare);
-+    KVM_RISCV_GET_TIMER(cs, state, env->kvm_timer_state);
-+    KVM_RISCV_GET_TIMER(cs, frequency, env->kvm_timer_frequency);
- 
-     env->kvm_timer_dirty = true;
- }
-@@ -666,8 +666,8 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
-         return;
-     }
- 
--    KVM_RISCV_SET_TIMER(cs, env, time, env->kvm_timer_time);
--    KVM_RISCV_SET_TIMER(cs, env, compare, env->kvm_timer_compare);
-+    KVM_RISCV_SET_TIMER(cs, time, env->kvm_timer_time);
-+    KVM_RISCV_SET_TIMER(cs, compare, env->kvm_timer_compare);
- 
-     /*
-      * To set register of RISCV_TIMER_REG(state) will occur a error from KVM
-@@ -676,7 +676,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
-      * TODO If KVM changes, adapt here.
-      */
-     if (env->kvm_timer_state) {
--        KVM_RISCV_SET_TIMER(cs, env, state, env->kvm_timer_state);
-+        KVM_RISCV_SET_TIMER(cs, state, env->kvm_timer_state);
-     }
- 
-     /*
-@@ -685,7 +685,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
-      * during the migration.
-      */
-     if (migration_is_running(migrate_get_current()->state)) {
--        KVM_RISCV_GET_TIMER(cs, env, frequency, reg);
-+        KVM_RISCV_GET_TIMER(cs, frequency, reg);
-         if (reg != env->kvm_timer_frequency) {
-             error_report("Dst Hosts timer frequency != Src Hosts");
-         }
--- 
-2.25.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch
deleted file mode 100644
index dbcc71bb4e..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From bd385a5298d7062668e804d73944d52aec9549f1 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 16 Aug 2024 08:29:04 +0000
-Subject: [PATCH] qcow2: Don't open data_file with BDRV_O_NO_IO
-
-One use case for 'qemu-img info' is verifying that untrusted images
-don't reference an unwanted external file, be it as a backing file or an
-external data file. To make sure that calling 'qemu-img info' can't
-already have undesired side effects with a malicious image, just don't
-open the data file at all with BDRV_O_NO_IO. If nothing ever tries to do
-I/O, we don't need to have it open.
-
-This changes the output of iotests case 061, which used 'qemu-img info'
-to show that opening an image with an invalid data file fails. After
-this patch, it succeeds. Replace this part of the test with a qemu-io
-call, but keep the final 'qemu-img info' to show that the invalid data
-file is correctly displayed in the output.
-
-Fixes: CVE-2024-4467
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
-
-CVE: CVE-2024-4667
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
----
- block/qcow2.c              | 17 ++++++++++++++++-
- tests/qemu-iotests/061     |  6 ++++--
- tests/qemu-iotests/061.out |  8 ++++++--
- 3 files changed, 26 insertions(+), 5 deletions(-)
-
-diff --git a/block/qcow2.c b/block/qcow2.c
-index 13e032bd5..7af7c0bee 100644
---- a/block/qcow2.c
-+++ b/block/qcow2.c
-@@ -1636,7 +1636,22 @@ qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
-         goto fail;
-     }
-
--    if (open_data_file) {
-+    if (open_data_file && (flags & BDRV_O_NO_IO)) {
-+        /*
-+         * Don't open the data file for 'qemu-img info' so that it can be used
-+         * to verify that an untrusted qcow2 image doesn't refer to external
-+         * files.
-+         *
-+         * Note: This still makes has_data_file() return true.
-+         */
-+        if (s->incompatible_features & QCOW2_INCOMPAT_DATA_FILE) {
-+            s->data_file = NULL;
-+        } else {
-+            s->data_file = bs->file;
-+        }
-+        qdict_extract_subqdict(options, NULL, "data-file.");
-+        qdict_del(options, "data-file");
-+    } else if (open_data_file) {
-         /* Open external data file */
-         bdrv_graph_co_rdunlock();
-         s->data_file = bdrv_co_open_child(NULL, options, "data-file", bs,
-diff --git a/tests/qemu-iotests/061 b/tests/qemu-iotests/061
-index 53c7d428e..b71ac097d 100755
---- a/tests/qemu-iotests/061
-+++ b/tests/qemu-iotests/061
-@@ -326,12 +326,14 @@ $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG"
- echo
- _make_test_img -o "compat=1.1,data_file=$TEST_IMG.data" 64M
- $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG"
--_img_info --format-specific
-+$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt
-+$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io
- TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts
-
- echo
- $QEMU_IMG amend -o "data_file=" --image-opts "data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG"
--_img_info --format-specific
-+$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt
-+$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io
- TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts
-
- echo
-diff --git a/tests/qemu-iotests/061.out b/tests/qemu-iotests/061.out
-index 139fc6817..24c33add7 100644
---- a/tests/qemu-iotests/061.out
-+++ b/tests/qemu-iotests/061.out
-@@ -545,7 +545,9 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
- qemu-img: data-file can only be set for images that use an external data file
-
- Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 data_file=TEST_DIR/t.IMGFMT.data
--qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Could not open 'foo': No such file or directory
-+qemu-io: can't open device TEST_DIR/t.IMGFMT: Could not open 'foo': No such file or directory
-+read 4096/4096 bytes at offset 0
-+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
- image: TEST_DIR/t.IMGFMT
- file format: IMGFMT
- virtual size: 64 MiB (67108864 bytes)
-@@ -560,7 +562,9 @@ Format specific information:
-     corrupt: false
-     extended l2: false
-
--qemu-img: Could not open 'TEST_DIR/t.IMGFMT': 'data-file' is required for this image
-+qemu-io: can't open device TEST_DIR/t.IMGFMT: 'data-file' is required for this image
-+read 4096/4096 bytes at offset 0
-+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
- image: TEST_DIR/t.IMGFMT
- file format: IMGFMT
- virtual size: 64 MiB (67108864 bytes)
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch
deleted file mode 100644
index 686176189c..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 2eb42a728d27a43fdcad5f37d3f65706ce6deba5 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 16 Aug 2024 09:35:24 +0000
-Subject: [PATCH] iotests/244: Don't store data-file with protocol in image
-
-We want to disable filename parsing for data files because it's too easy
-to abuse in malicious image files. Make the test ready for the change by
-passing the data file explicitly in command line options.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
-
-CVE: CVE-2024-4467
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
----
- tests/qemu-iotests/244 | 19 ++++++++++++++++---
- 1 file changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/tests/qemu-iotests/244 b/tests/qemu-iotests/244
-index 3e61fa25b..bb9cc6512 100755
---- a/tests/qemu-iotests/244
-+++ b/tests/qemu-iotests/244
-@@ -215,9 +215,22 @@ $QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG"
- $QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG"
-
- # blkdebug doesn't support copy offloading, so this tests the error path
--$QEMU_IMG amend -f $IMGFMT -o "data_file=blkdebug::$TEST_IMG.data" "$TEST_IMG"
--$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG"
--$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG"
-+test_img_with_blkdebug="json:{
-+    'driver': 'qcow2',
-+    'file': {
-+        'driver': 'file',
-+        'filename': '$TEST_IMG'
-+    },
-+    'data-file': {
-+        'driver': 'blkdebug',
-+        'image': {
-+            'driver': 'file',
-+            'filename': '$TEST_IMG.data'
-+        }
-+    }
-+}"
-+$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$test_img_with_blkdebug"
-+$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$test_img_with_blkdebug"
-
- echo
- echo "=== Flushing should flush the data file ==="
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch
deleted file mode 100644
index 02611d6732..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 7e1110664ecbc4826f3c978ccb06b6c1bce823e6 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 16 Aug 2024 10:24:58 +0000
-Subject: [PATCH] iotests/270: Don't store data-file with json: prefix in image
-
-We want to disable filename parsing for data files because it's too easy
-to abuse in malicious image files. Make the test ready for the change by
-passing the data file explicitly in command line options.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
-
-CVE: CVE-2024-4467
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
----
- tests/qemu-iotests/270 | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/tests/qemu-iotests/270 b/tests/qemu-iotests/270
-index 74352342d..c37b674aa 100755
---- a/tests/qemu-iotests/270
-+++ b/tests/qemu-iotests/270
-@@ -60,8 +60,16 @@ _make_test_img -o cluster_size=2M,data_file="$TEST_IMG.orig" \
- # "write" 2G of data without using any space.
- # (qemu-img create does not like it, though, because null-co does not
- # support image creation.)
--$QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \
--    "$TEST_IMG"
-+test_img_with_null_data="json:{
-+    'driver': '$IMGFMT',
-+    'file': {
-+        'filename': '$TEST_IMG'
-+    },
-+    'data-file': {
-+        'driver': 'null-co',
-+        'size':'4294967296'
-+    }
-+}"
-
- # This gives us a range of:
- #   2^31 - 512 + 768 - 1 = 2^31 + 255 > 2^31
-@@ -74,7 +82,7 @@ $QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \
- # on L2 boundaries, we need large L2 tables; hence the cluster size of
- # 2 MB.  (Anything from 256 kB should work, though, because then one L2
- # table covers 8 GB.)
--$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$TEST_IMG" | _filter_qemu_io
-+$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$test_img_with_null_data" | _filter_qemu_io
-
- _check_test_img
-
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch
deleted file mode 100644
index 7568a453c4..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch
+++ /dev/null
@@ -1,1187 +0,0 @@
-From 6bc30f19498547fac9cef98316a65cf6c1f14205 Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Tue, 5 Dec 2023 13:20:02 -0500
-Subject: [PATCH] graph-lock: remove AioContext locking
-
-Stop acquiring/releasing the AioContext lock in
-bdrv_graph_wrlock()/bdrv_graph_unlock() since the lock no longer has any
-effect.
-
-The distinction between bdrv_graph_wrunlock() and
-bdrv_graph_wrunlock_ctx() becomes meaningless and they can be collapsed
-into one function.
-
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Kevin Wolf <kwolf@redhat.com>
-Message-ID: <20231205182011.1976568-6-stefanha@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-
-CVE: CVE-2024-4467
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/6bc30f19498547fac9cef98316a65cf6c1f14205]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
----
- block.c                            | 50 +++++++++++++++---------------
- block/backup.c                     |  4 +--
- block/blklogwrites.c               |  8 ++---
- block/blkverify.c                  |  4 +--
- block/block-backend.c              | 11 +++----
- block/commit.c                     | 16 +++++-----
- block/graph-lock.c                 | 44 ++------------------------
- block/mirror.c                     | 22 ++++++-------
- block/qcow2.c                      |  4 +--
- block/quorum.c                     |  8 ++---
- block/replication.c                | 14 ++++-----
- block/snapshot.c                   |  4 +--
- block/stream.c                     | 12 +++----
- block/vmdk.c                       | 20 ++++++------
- blockdev.c                         |  8 ++---
- blockjob.c                         | 12 +++----
- include/block/graph-lock.h         | 21 ++-----------
- scripts/block-coroutine-wrapper.py |  4 +--
- tests/unit/test-bdrv-drain.c       | 40 ++++++++++++------------
- tests/unit/test-bdrv-graph-mod.c   | 20 ++++++------
- 20 files changed, 133 insertions(+), 193 deletions(-)
-
-diff --git a/block.c b/block.c
-index bfb0861ec..25e1ebc60 100644
---- a/block.c
-+++ b/block.c
-@@ -1708,12 +1708,12 @@ bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv, const char *node_name,
- open_failed:
-     bs->drv = NULL;
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     if (bs->file != NULL) {
-         bdrv_unref_child(bs, bs->file);
-         assert(!bs->file);
-     }
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     g_free(bs->opaque);
-     bs->opaque = NULL;
-@@ -3575,9 +3575,9 @@ int bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
-
-     bdrv_ref(drain_bs);
-     bdrv_drained_begin(drain_bs);
--    bdrv_graph_wrlock(backing_hd);
-+    bdrv_graph_wrlock();
-     ret = bdrv_set_backing_hd_drained(bs, backing_hd, errp);
--    bdrv_graph_wrunlock(backing_hd);
-+    bdrv_graph_wrunlock();
-     bdrv_drained_end(drain_bs);
-     bdrv_unref(drain_bs);
-
-@@ -3790,13 +3790,13 @@ BdrvChild *bdrv_open_child(const char *filename,
-         return NULL;
-     }
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     ctx = bdrv_get_aio_context(bs);
-     aio_context_acquire(ctx);
-     child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
-                               errp);
-     aio_context_release(ctx);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     return child;
- }
-@@ -4650,9 +4650,9 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
-         aio_context_release(ctx);
-     }
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     tran_commit(tran);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
-         BlockDriverState *bs = bs_entry->state.bs;
-@@ -4669,9 +4669,9 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
-     goto cleanup;
-
- abort:
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     tran_abort(tran);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
-         if (bs_entry->prepared) {
-@@ -4852,12 +4852,12 @@ bdrv_reopen_parse_file_or_backing(BDRVReopenState *reopen_state,
-     }
-
-     bdrv_graph_rdunlock_main_loop();
--    bdrv_graph_wrlock(new_child_bs);
-+    bdrv_graph_wrlock();
-
-     ret = bdrv_set_file_or_backing_noperm(bs, new_child_bs, is_backing,
-                                           tran, errp);
-
--    bdrv_graph_wrunlock_ctx(ctx);
-+    bdrv_graph_wrunlock();
-
-     if (old_ctx != ctx) {
-         aio_context_release(ctx);
-@@ -5209,14 +5209,14 @@ static void bdrv_close(BlockDriverState *bs)
-         bs->drv = NULL;
-     }
-
--    bdrv_graph_wrlock(bs);
-+    bdrv_graph_wrlock();
-     QLIST_FOREACH_SAFE(child, &bs->children, next, next) {
-         bdrv_unref_child(bs, child);
-     }
-
-     assert(!bs->backing);
-     assert(!bs->file);
--    bdrv_graph_wrunlock(bs);
-+    bdrv_graph_wrunlock();
-
-     g_free(bs->opaque);
-     bs->opaque = NULL;
-@@ -5509,9 +5509,9 @@ int bdrv_drop_filter(BlockDriverState *bs, Error **errp)
-     bdrv_graph_rdunlock_main_loop();
-
-     bdrv_drained_begin(child_bs);
--    bdrv_graph_wrlock(bs);
-+    bdrv_graph_wrlock();
-     ret = bdrv_replace_node_common(bs, child_bs, true, true, errp);
--    bdrv_graph_wrunlock(bs);
-+    bdrv_graph_wrunlock();
-     bdrv_drained_end(child_bs);
-
-     return ret;
-@@ -5561,7 +5561,7 @@ int bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
-     aio_context_acquire(old_context);
-     new_context = NULL;
-
--    bdrv_graph_wrlock(bs_top);
-+    bdrv_graph_wrlock();
-
-     child = bdrv_attach_child_noperm(bs_new, bs_top, "backing",
-                                      &child_of_bds, bdrv_backing_role(bs_new),
-@@ -5593,7 +5593,7 @@ out:
-     tran_finalize(tran, ret);
-
-     bdrv_refresh_limits(bs_top, NULL, NULL);
--    bdrv_graph_wrunlock(bs_top);
-+    bdrv_graph_wrunlock();
-
-     bdrv_drained_end(bs_top);
-     bdrv_drained_end(bs_new);
-@@ -5620,7 +5620,7 @@ int bdrv_replace_child_bs(BdrvChild *child, BlockDriverState *new_bs,
-     bdrv_ref(old_bs);
-     bdrv_drained_begin(old_bs);
-     bdrv_drained_begin(new_bs);
--    bdrv_graph_wrlock(new_bs);
-+    bdrv_graph_wrlock();
-
-     bdrv_replace_child_tran(child, new_bs, tran);
-
-@@ -5631,7 +5631,7 @@ int bdrv_replace_child_bs(BdrvChild *child, BlockDriverState *new_bs,
-
-     tran_finalize(tran, ret);
-
--    bdrv_graph_wrunlock(new_bs);
-+    bdrv_graph_wrunlock();
-     bdrv_drained_end(old_bs);
-     bdrv_drained_end(new_bs);
-     bdrv_unref(old_bs);
-@@ -5718,9 +5718,9 @@ BlockDriverState *bdrv_insert_node(BlockDriverState *bs, QDict *options,
-     bdrv_ref(bs);
-     bdrv_drained_begin(bs);
-     bdrv_drained_begin(new_node_bs);
--    bdrv_graph_wrlock(new_node_bs);
-+    bdrv_graph_wrlock();
-     ret = bdrv_replace_node(bs, new_node_bs, errp);
--    bdrv_graph_wrunlock(new_node_bs);
-+    bdrv_graph_wrunlock();
-     bdrv_drained_end(new_node_bs);
-     bdrv_drained_end(bs);
-     bdrv_unref(bs);
-@@ -5975,7 +5975,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base,
-
-     bdrv_ref(top);
-     bdrv_drained_begin(base);
--    bdrv_graph_wrlock(base);
-+    bdrv_graph_wrlock();
-
-     if (!top->drv || !base->drv) {
-         goto exit_wrlock;
-@@ -6015,7 +6015,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base,
-      * That's a FIXME.
-      */
-     bdrv_replace_node_common(top, base, false, false, &local_err);
--    bdrv_graph_wrunlock(base);
-+    bdrv_graph_wrunlock();
-
-     if (local_err) {
-         error_report_err(local_err);
-@@ -6052,7 +6052,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base,
-     goto exit;
-
- exit_wrlock:
--    bdrv_graph_wrunlock(base);
-+    bdrv_graph_wrunlock();
- exit:
-     bdrv_drained_end(base);
-     bdrv_unref(top);
-diff --git a/block/backup.c b/block/backup.c
-index 8aae5836d..ec29d6b81 100644
---- a/block/backup.c
-+++ b/block/backup.c
-@@ -496,10 +496,10 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
-     block_copy_set_speed(bcs, speed);
-
-     /* Required permissions are taken by copy-before-write filter target */
--    bdrv_graph_wrlock(target);
-+    bdrv_graph_wrlock();
-     block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL,
-                        &error_abort);
--    bdrv_graph_wrunlock(target);
-+    bdrv_graph_wrunlock();
-
-     return &job->common;
-
-diff --git a/block/blklogwrites.c b/block/blklogwrites.c
-index 84e03f309..ba717dab4 100644
---- a/block/blklogwrites.c
-+++ b/block/blklogwrites.c
-@@ -251,9 +251,9 @@ static int blk_log_writes_open(BlockDriverState *bs, QDict *options, int flags,
-     ret = 0;
- fail_log:
-     if (ret < 0) {
--        bdrv_graph_wrlock(NULL);
-+        bdrv_graph_wrlock();
-         bdrv_unref_child(bs, s->log_file);
--        bdrv_graph_wrunlock(NULL);
-+        bdrv_graph_wrunlock();
-         s->log_file = NULL;
-     }
- fail:
-@@ -265,10 +265,10 @@ static void blk_log_writes_close(BlockDriverState *bs)
- {
-     BDRVBlkLogWritesState *s = bs->opaque;
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     bdrv_unref_child(bs, s->log_file);
-     s->log_file = NULL;
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
- }
-
- static int64_t coroutine_fn GRAPH_RDLOCK
-diff --git a/block/blkverify.c b/block/blkverify.c
-index 9b17c4664..ec45d8335 100644
---- a/block/blkverify.c
-+++ b/block/blkverify.c
-@@ -151,10 +151,10 @@ static void blkverify_close(BlockDriverState *bs)
- {
-     BDRVBlkverifyState *s = bs->opaque;
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     bdrv_unref_child(bs, s->test_file);
-     s->test_file = NULL;
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
- }
-
- static int64_t coroutine_fn GRAPH_RDLOCK
-diff --git a/block/block-backend.c b/block/block-backend.c
-index 86315d62c..a2348b31e 100644
---- a/block/block-backend.c
-+++ b/block/block-backend.c
-@@ -885,7 +885,6 @@ void blk_remove_bs(BlockBackend *blk)
- {
-     ThrottleGroupMember *tgm = &blk->public.throttle_group_member;
-     BdrvChild *root;
--    AioContext *ctx;
-
-     GLOBAL_STATE_CODE();
-
-@@ -915,10 +914,9 @@ void blk_remove_bs(BlockBackend *blk)
-     root = blk->root;
-     blk->root = NULL;
-
--    ctx = bdrv_get_aio_context(root->bs);
--    bdrv_graph_wrlock(root->bs);
-+    bdrv_graph_wrlock();
-     bdrv_root_unref_child(root);
--    bdrv_graph_wrunlock_ctx(ctx);
-+    bdrv_graph_wrunlock();
- }
-
- /*
-@@ -929,16 +927,15 @@ void blk_remove_bs(BlockBackend *blk)
- int blk_insert_bs(BlockBackend *blk, BlockDriverState *bs, Error **errp)
- {
-     ThrottleGroupMember *tgm = &blk->public.throttle_group_member;
--    AioContext *ctx = bdrv_get_aio_context(bs);
-
-     GLOBAL_STATE_CODE();
-     bdrv_ref(bs);
--    bdrv_graph_wrlock(bs);
-+    bdrv_graph_wrlock();
-     blk->root = bdrv_root_attach_child(bs, "root", &child_root,
-                                        BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY,
-                                        blk->perm, blk->shared_perm,
-                                        blk, errp);
--    bdrv_graph_wrunlock_ctx(ctx);
-+    bdrv_graph_wrunlock();
-     if (blk->root == NULL) {
-         return -EPERM;
-     }
-diff --git a/block/commit.c b/block/commit.c
-index 69cc75be0..1dd7a65ff 100644
---- a/block/commit.c
-+++ b/block/commit.c
-@@ -100,9 +100,9 @@ static void commit_abort(Job *job)
-     bdrv_graph_rdunlock_main_loop();
-
-     bdrv_drained_begin(commit_top_backing_bs);
--    bdrv_graph_wrlock(commit_top_backing_bs);
-+    bdrv_graph_wrlock();
-     bdrv_replace_node(s->commit_top_bs, commit_top_backing_bs, &error_abort);
--    bdrv_graph_wrunlock(commit_top_backing_bs);
-+    bdrv_graph_wrunlock();
-     bdrv_drained_end(commit_top_backing_bs);
-
-     bdrv_unref(s->commit_top_bs);
-@@ -339,7 +339,7 @@ void commit_start(const char *job_id, BlockDriverState *bs,
-      * this is the responsibility of the interface (i.e. whoever calls
-      * commit_start()).
-      */
--    bdrv_graph_wrlock(top);
-+    bdrv_graph_wrlock();
-     s->base_overlay = bdrv_find_overlay(top, base);
-     assert(s->base_overlay);
-
-@@ -370,19 +370,19 @@ void commit_start(const char *job_id, BlockDriverState *bs,
-         ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
-                                  iter_shared_perms, errp);
-         if (ret < 0) {
--            bdrv_graph_wrunlock(top);
-+            bdrv_graph_wrunlock();
-             goto fail;
-         }
-     }
-
-     if (bdrv_freeze_backing_chain(commit_top_bs, base, errp) < 0) {
--        bdrv_graph_wrunlock(top);
-+        bdrv_graph_wrunlock();
-         goto fail;
-     }
-     s->chain_frozen = true;
-
-     ret = block_job_add_bdrv(&s->common, "base", base, 0, BLK_PERM_ALL, errp);
--    bdrv_graph_wrunlock(top);
-+    bdrv_graph_wrunlock();
-
-     if (ret < 0) {
-         goto fail;
-@@ -434,9 +434,9 @@ fail:
-      * otherwise this would fail because of lack of permissions. */
-     if (commit_top_bs) {
-         bdrv_drained_begin(top);
--        bdrv_graph_wrlock(top);
-+        bdrv_graph_wrlock();
-         bdrv_replace_node(commit_top_bs, top, &error_abort);
--        bdrv_graph_wrunlock(top);
-+        bdrv_graph_wrunlock();
-         bdrv_drained_end(top);
-     }
- }
-diff --git a/block/graph-lock.c b/block/graph-lock.c
-index 079e878d9..c81162b14 100644
---- a/block/graph-lock.c
-+++ b/block/graph-lock.c
-@@ -106,27 +106,12 @@ static uint32_t reader_count(void)
-     return rd;
- }
-
--void no_coroutine_fn bdrv_graph_wrlock(BlockDriverState *bs)
-+void no_coroutine_fn bdrv_graph_wrlock(void)
- {
--    AioContext *ctx = NULL;
--
-     GLOBAL_STATE_CODE();
-     assert(!qatomic_read(&has_writer));
-     assert(!qemu_in_coroutine());
-
--    /*
--     * Release only non-mainloop AioContext. The mainloop often relies on the
--     * BQL and doesn't lock the main AioContext before doing things.
--     */
--    if (bs) {
--        ctx = bdrv_get_aio_context(bs);
--        if (ctx != qemu_get_aio_context()) {
--            aio_context_release(ctx);
--        } else {
--            ctx = NULL;
--        }
--    }
--
-     /* Make sure that constantly arriving new I/O doesn't cause starvation */
-     bdrv_drain_all_begin_nopoll();
-
-@@ -155,27 +140,13 @@ void no_coroutine_fn bdrv_graph_wrlock(BlockDriverState *bs)
-     } while (reader_count() >= 1);
-
-     bdrv_drain_all_end();
--
--    if (ctx) {
--        aio_context_acquire(bdrv_get_aio_context(bs));
--    }
- }
-
--void no_coroutine_fn bdrv_graph_wrunlock_ctx(AioContext *ctx)
-+void no_coroutine_fn bdrv_graph_wrunlock(void)
- {
-     GLOBAL_STATE_CODE();
-     assert(qatomic_read(&has_writer));
-
--    /*
--     * Release only non-mainloop AioContext. The mainloop often relies on the
--     * BQL and doesn't lock the main AioContext before doing things.
--     */
--    if (ctx && ctx != qemu_get_aio_context()) {
--        aio_context_release(ctx);
--    } else {
--        ctx = NULL;
--    }
--
-     WITH_QEMU_LOCK_GUARD(&aio_context_list_lock) {
-         /*
-          * No need for memory barriers, this works in pair with
-@@ -197,17 +168,6 @@ void no_coroutine_fn bdrv_graph_wrunlock_ctx(AioContext *ctx)
-      * progress.
-      */
-     aio_bh_poll(qemu_get_aio_context());
--
--    if (ctx) {
--        aio_context_acquire(ctx);
--    }
--}
--
--void no_coroutine_fn bdrv_graph_wrunlock(BlockDriverState *bs)
--{
--    AioContext *ctx = bs ? bdrv_get_aio_context(bs) : NULL;
--
--    bdrv_graph_wrunlock_ctx(ctx);
- }
-
- void coroutine_fn bdrv_graph_co_rdlock(void)
-diff --git a/block/mirror.c b/block/mirror.c
-index abbddb39e..f9db6f0f7 100644
---- a/block/mirror.c
-+++ b/block/mirror.c
-@@ -768,7 +768,7 @@ static int mirror_exit_common(Job *job)
-          * check for an op blocker on @to_replace, and we have our own
-          * there.
-          */
--        bdrv_graph_wrlock(target_bs);
-+        bdrv_graph_wrlock();
-         if (bdrv_recurse_can_replace(src, to_replace)) {
-             bdrv_replace_node(to_replace, target_bs, &local_err);
-         } else {
-@@ -777,7 +777,7 @@ static int mirror_exit_common(Job *job)
-                        "would not lead to an abrupt change of visible data",
-                        to_replace->node_name, target_bs->node_name);
-         }
--        bdrv_graph_wrunlock(target_bs);
-+        bdrv_graph_wrunlock();
-         bdrv_drained_end(to_replace);
-         if (local_err) {
-             error_report_err(local_err);
-@@ -800,9 +800,9 @@ static int mirror_exit_common(Job *job)
-      * valid.
-      */
-     block_job_remove_all_bdrv(bjob);
--    bdrv_graph_wrlock(mirror_top_bs);
-+    bdrv_graph_wrlock();
-     bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
--    bdrv_graph_wrunlock(mirror_top_bs);
-+    bdrv_graph_wrunlock();
-
-     bdrv_drained_end(target_bs);
-     bdrv_unref(target_bs);
-@@ -1916,13 +1916,13 @@ static BlockJob *mirror_start_job(
-      */
-     bdrv_disable_dirty_bitmap(s->dirty_bitmap);
-
--    bdrv_graph_wrlock(bs);
-+    bdrv_graph_wrlock();
-     ret = block_job_add_bdrv(&s->common, "source", bs, 0,
-                              BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE |
-                              BLK_PERM_CONSISTENT_READ,
-                              errp);
-     if (ret < 0) {
--        bdrv_graph_wrunlock(bs);
-+        bdrv_graph_wrunlock();
-         goto fail;
-     }
-
-@@ -1967,17 +1967,17 @@ static BlockJob *mirror_start_job(
-             ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
-                                      iter_shared_perms, errp);
-             if (ret < 0) {
--                bdrv_graph_wrunlock(bs);
-+                bdrv_graph_wrunlock();
-                 goto fail;
-             }
-         }
-
-         if (bdrv_freeze_backing_chain(mirror_top_bs, target, errp) < 0) {
--            bdrv_graph_wrunlock(bs);
-+            bdrv_graph_wrunlock();
-             goto fail;
-         }
-     }
--    bdrv_graph_wrunlock(bs);
-+    bdrv_graph_wrunlock();
-
-     QTAILQ_INIT(&s->ops_in_flight);
-
-@@ -2003,12 +2003,12 @@ fail:
-
-     bs_opaque->stop = true;
-     bdrv_drained_begin(bs);
--    bdrv_graph_wrlock(bs);
-+    bdrv_graph_wrlock();
-     assert(mirror_top_bs->backing->bs == bs);
-     bdrv_child_refresh_perms(mirror_top_bs, mirror_top_bs->backing,
-                              &error_abort);
-     bdrv_replace_node(mirror_top_bs, bs, &error_abort);
--    bdrv_graph_wrunlock(bs);
-+    bdrv_graph_wrunlock();
-     bdrv_drained_end(bs);
-
-     bdrv_unref(mirror_top_bs);
-diff --git a/block/qcow2.c b/block/qcow2.c
-index 7af7c0bee..77dd49d4f 100644
---- a/block/qcow2.c
-+++ b/block/qcow2.c
-@@ -2822,9 +2822,9 @@ qcow2_do_close(BlockDriverState *bs, bool close_data_file)
-     if (close_data_file && has_data_file(bs)) {
-         GLOBAL_STATE_CODE();
-         bdrv_graph_rdunlock_main_loop();
--        bdrv_graph_wrlock(NULL);
-+        bdrv_graph_wrlock();
-         bdrv_unref_child(bs, s->data_file);
--        bdrv_graph_wrunlock(NULL);
-+        bdrv_graph_wrunlock();
-         s->data_file = NULL;
-         bdrv_graph_rdlock_main_loop();
-     }
-diff --git a/block/quorum.c b/block/quorum.c
-index 505b8b3e1..db8fe891c 100644
---- a/block/quorum.c
-+++ b/block/quorum.c
-@@ -1037,14 +1037,14 @@ static int quorum_open(BlockDriverState *bs, QDict *options, int flags,
-
- close_exit:
-     /* cleanup on error */
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     for (i = 0; i < s->num_children; i++) {
-         if (!opened[i]) {
-             continue;
-         }
-         bdrv_unref_child(bs, s->children[i]);
-     }
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-     g_free(s->children);
-     g_free(opened);
- exit:
-@@ -1057,11 +1057,11 @@ static void quorum_close(BlockDriverState *bs)
-     BDRVQuorumState *s = bs->opaque;
-     int i;
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     for (i = 0; i < s->num_children; i++) {
-         bdrv_unref_child(bs, s->children[i]);
-     }
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     g_free(s->children);
- }
-diff --git a/block/replication.c b/block/replication.c
-index 5ded5f1ca..424b537ff 100644
---- a/block/replication.c
-+++ b/block/replication.c
-@@ -560,7 +560,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
-             return;
-         }
-
--        bdrv_graph_wrlock(bs);
-+        bdrv_graph_wrlock();
-
-         bdrv_ref(hidden_disk->bs);
-         s->hidden_disk = bdrv_attach_child(bs, hidden_disk->bs, "hidden disk",
-@@ -568,7 +568,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
-                                            &local_err);
-         if (local_err) {
-             error_propagate(errp, local_err);
--            bdrv_graph_wrunlock(bs);
-+            bdrv_graph_wrunlock();
-             aio_context_release(aio_context);
-             return;
-         }
-@@ -579,7 +579,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
-                                               BDRV_CHILD_DATA, &local_err);
-         if (local_err) {
-             error_propagate(errp, local_err);
--            bdrv_graph_wrunlock(bs);
-+            bdrv_graph_wrunlock();
-             aio_context_release(aio_context);
-             return;
-         }
-@@ -592,7 +592,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
-         if (!top_bs || !bdrv_is_root_node(top_bs) ||
-             !check_top_bs(top_bs, bs)) {
-             error_setg(errp, "No top_bs or it is invalid");
--            bdrv_graph_wrunlock(bs);
-+            bdrv_graph_wrunlock();
-             reopen_backing_file(bs, false, NULL);
-             aio_context_release(aio_context);
-             return;
-@@ -600,7 +600,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
-         bdrv_op_block_all(top_bs, s->blocker);
-         bdrv_op_unblock(top_bs, BLOCK_OP_TYPE_DATAPLANE, s->blocker);
-
--        bdrv_graph_wrunlock(bs);
-+        bdrv_graph_wrunlock();
-
-         s->backup_job = backup_job_create(
-                                 NULL, s->secondary_disk->bs, s->hidden_disk->bs,
-@@ -691,12 +691,12 @@ static void replication_done(void *opaque, int ret)
-     if (ret == 0) {
-         s->stage = BLOCK_REPLICATION_DONE;
-
--        bdrv_graph_wrlock(NULL);
-+        bdrv_graph_wrlock();
-         bdrv_unref_child(bs, s->secondary_disk);
-         s->secondary_disk = NULL;
-         bdrv_unref_child(bs, s->hidden_disk);
-         s->hidden_disk = NULL;
--        bdrv_graph_wrunlock(NULL);
-+        bdrv_graph_wrunlock();
-
-         s->error = 0;
-     } else {
-diff --git a/block/snapshot.c b/block/snapshot.c
-index c4d40e80d..6fd720aef 100644
---- a/block/snapshot.c
-+++ b/block/snapshot.c
-@@ -292,9 +292,9 @@ int bdrv_snapshot_goto(BlockDriverState *bs,
-         }
-
-         /* .bdrv_open() will re-attach it */
--        bdrv_graph_wrlock(NULL);
-+        bdrv_graph_wrlock();
-         bdrv_unref_child(bs, fallback);
--        bdrv_graph_wrunlock(NULL);
-+        bdrv_graph_wrunlock();
-
-         ret = bdrv_snapshot_goto(fallback_bs, snapshot_id, errp);
-         open_ret = drv->bdrv_open(bs, options, bs->open_flags, &local_err);
-diff --git a/block/stream.c b/block/stream.c
-index 01fe7c0f1..048c2d282 100644
---- a/block/stream.c
-+++ b/block/stream.c
-@@ -99,9 +99,9 @@ static int stream_prepare(Job *job)
-             }
-         }
-
--        bdrv_graph_wrlock(s->target_bs);
-+        bdrv_graph_wrlock();
-         bdrv_set_backing_hd_drained(unfiltered_bs, base, &local_err);
--        bdrv_graph_wrunlock(s->target_bs);
-+        bdrv_graph_wrunlock();
-
-         /*
-          * This call will do I/O, so the graph can change again from here on.
-@@ -366,10 +366,10 @@ void stream_start(const char *job_id, BlockDriverState *bs,
-      * already have our own plans. Also don't allow resize as the image size is
-      * queried only at the job start and then cached.
-      */
--    bdrv_graph_wrlock(bs);
-+    bdrv_graph_wrlock();
-     if (block_job_add_bdrv(&s->common, "active node", bs, 0,
-                            basic_flags | BLK_PERM_WRITE, errp)) {
--        bdrv_graph_wrunlock(bs);
-+        bdrv_graph_wrunlock();
-         goto fail;
-     }
-
-@@ -389,11 +389,11 @@ void stream_start(const char *job_id, BlockDriverState *bs,
-         ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
-                                  basic_flags, errp);
-         if (ret < 0) {
--            bdrv_graph_wrunlock(bs);
-+            bdrv_graph_wrunlock();
-             goto fail;
-         }
-     }
--    bdrv_graph_wrunlock(bs);
-+    bdrv_graph_wrunlock();
-
-     s->base_overlay = base_overlay;
-     s->above_base = above_base;
-diff --git a/block/vmdk.c b/block/vmdk.c
-index d6971c706..bf78e1238 100644
---- a/block/vmdk.c
-+++ b/block/vmdk.c
-@@ -272,7 +272,7 @@ static void vmdk_free_extents(BlockDriverState *bs)
-     BDRVVmdkState *s = bs->opaque;
-     VmdkExtent *e;
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     for (i = 0; i < s->num_extents; i++) {
-         e = &s->extents[i];
-         g_free(e->l1_table);
-@@ -283,7 +283,7 @@ static void vmdk_free_extents(BlockDriverState *bs)
-             bdrv_unref_child(bs, e->file);
-         }
-     }
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     g_free(s->extents);
- }
-@@ -1247,9 +1247,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options,
-                             0, 0, 0, 0, 0, &extent, errp);
-             if (ret < 0) {
-                 bdrv_graph_rdunlock_main_loop();
--                bdrv_graph_wrlock(NULL);
-+                bdrv_graph_wrlock();
-                 bdrv_unref_child(bs, extent_file);
--                bdrv_graph_wrunlock(NULL);
-+                bdrv_graph_wrunlock();
-                 bdrv_graph_rdlock_main_loop();
-                 goto out;
-             }
-@@ -1266,9 +1266,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options,
-             g_free(buf);
-             if (ret) {
-                 bdrv_graph_rdunlock_main_loop();
--                bdrv_graph_wrlock(NULL);
-+                bdrv_graph_wrlock();
-                 bdrv_unref_child(bs, extent_file);
--                bdrv_graph_wrunlock(NULL);
-+                bdrv_graph_wrunlock();
-                 bdrv_graph_rdlock_main_loop();
-                 goto out;
-             }
-@@ -1277,9 +1277,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options,
-             ret = vmdk_open_se_sparse(bs, extent_file, bs->open_flags, errp);
-             if (ret) {
-                 bdrv_graph_rdunlock_main_loop();
--                bdrv_graph_wrlock(NULL);
-+                bdrv_graph_wrlock();
-                 bdrv_unref_child(bs, extent_file);
--                bdrv_graph_wrunlock(NULL);
-+                bdrv_graph_wrunlock();
-                 bdrv_graph_rdlock_main_loop();
-                 goto out;
-             }
-@@ -1287,9 +1287,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options,
-         } else {
-             error_setg(errp, "Unsupported extent type '%s'", type);
-             bdrv_graph_rdunlock_main_loop();
--            bdrv_graph_wrlock(NULL);
-+            bdrv_graph_wrlock();
-             bdrv_unref_child(bs, extent_file);
--            bdrv_graph_wrunlock(NULL);
-+            bdrv_graph_wrunlock();
-             bdrv_graph_rdlock_main_loop();
-             ret = -ENOTSUP;
-             goto out;
-diff --git a/blockdev.c b/blockdev.c
-index c91f49e7b..9e1381169 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -1611,9 +1611,9 @@ static void external_snapshot_abort(void *opaque)
-             }
-
-             bdrv_drained_begin(state->new_bs);
--            bdrv_graph_wrlock(state->old_bs);
-+            bdrv_graph_wrlock();
-             bdrv_replace_node(state->new_bs, state->old_bs, &error_abort);
--            bdrv_graph_wrunlock(state->old_bs);
-+            bdrv_graph_wrunlock();
-             bdrv_drained_end(state->new_bs);
-
-             bdrv_unref(state->old_bs); /* bdrv_replace_node() ref'ed old_bs */
-@@ -3657,7 +3657,7 @@ void qmp_x_blockdev_change(const char *parent, const char *child,
-     BlockDriverState *parent_bs, *new_bs = NULL;
-     BdrvChild *p_child;
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-
-     parent_bs = bdrv_lookup_bs(parent, parent, errp);
-     if (!parent_bs) {
-@@ -3693,7 +3693,7 @@ void qmp_x_blockdev_change(const char *parent, const char *child,
-     }
-
- out:
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
- }
-
- BlockJobInfoList *qmp_query_block_jobs(Error **errp)
-diff --git a/blockjob.c b/blockjob.c
-index b7a29052b..731041231 100644
---- a/blockjob.c
-+++ b/blockjob.c
-@@ -199,7 +199,7 @@ void block_job_remove_all_bdrv(BlockJob *job)
-      * to process an already freed BdrvChild.
-      */
-     aio_context_release(job->job.aio_context);
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     aio_context_acquire(job->job.aio_context);
-     while (job->nodes) {
-         GSList *l = job->nodes;
-@@ -212,7 +212,7 @@ void block_job_remove_all_bdrv(BlockJob *job)
-
-         g_slist_free_1(l);
-     }
--    bdrv_graph_wrunlock_ctx(job->job.aio_context);
-+    bdrv_graph_wrunlock();
- }
-
- bool block_job_has_bdrv(BlockJob *job, BlockDriverState *bs)
-@@ -514,7 +514,7 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,
-     int ret;
-     GLOBAL_STATE_CODE();
-
--    bdrv_graph_wrlock(bs);
-+    bdrv_graph_wrlock();
-
-     if (job_id == NULL && !(flags & JOB_INTERNAL)) {
-         job_id = bdrv_get_device_name(bs);
-@@ -523,7 +523,7 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,
-     job = job_create(job_id, &driver->job_driver, txn, bdrv_get_aio_context(bs),
-                      flags, cb, opaque, errp);
-     if (job == NULL) {
--        bdrv_graph_wrunlock(bs);
-+        bdrv_graph_wrunlock();
-         return NULL;
-     }
-
-@@ -563,11 +563,11 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,
-         goto fail;
-     }
-
--    bdrv_graph_wrunlock(bs);
-+    bdrv_graph_wrunlock();
-     return job;
-
- fail:
--    bdrv_graph_wrunlock(bs);
-+    bdrv_graph_wrunlock();
-     job_early_fail(&job->job);
-     return NULL;
- }
-diff --git a/include/block/graph-lock.h b/include/block/graph-lock.h
-index 22b5db1ed..d7545e82d 100644
---- a/include/block/graph-lock.h
-+++ b/include/block/graph-lock.h
-@@ -110,34 +110,17 @@ void unregister_aiocontext(AioContext *ctx);
-  *
-  * The wrlock can only be taken from the main loop, with BQL held, as only the
-  * main loop is allowed to modify the graph.
-- *
-- * If @bs is non-NULL, its AioContext is temporarily released.
-- *
-- * This function polls. Callers must not hold the lock of any AioContext other
-- * than the current one and the one of @bs.
-  */
- void no_coroutine_fn TSA_ACQUIRE(graph_lock) TSA_NO_TSA
--bdrv_graph_wrlock(BlockDriverState *bs);
-+bdrv_graph_wrlock(void);
-
- /*
-  * bdrv_graph_wrunlock:
-  * Write finished, reset global has_writer to 0 and restart
-  * all readers that are waiting.
-- *
-- * If @bs is non-NULL, its AioContext is temporarily released.
-- */
--void no_coroutine_fn TSA_RELEASE(graph_lock) TSA_NO_TSA
--bdrv_graph_wrunlock(BlockDriverState *bs);
--
--/*
-- * bdrv_graph_wrunlock_ctx:
-- * Write finished, reset global has_writer to 0 and restart
-- * all readers that are waiting.
-- *
-- * If @ctx is non-NULL, its lock is temporarily released.
-  */
- void no_coroutine_fn TSA_RELEASE(graph_lock) TSA_NO_TSA
--bdrv_graph_wrunlock_ctx(AioContext *ctx);
-+bdrv_graph_wrunlock(void);
-
- /*
-  * bdrv_graph_co_rdlock:
-diff --git a/scripts/block-coroutine-wrapper.py b/scripts/block-coroutine-wrapper.py
-index a38e5833f..38364fa55 100644
---- a/scripts/block-coroutine-wrapper.py
-+++ b/scripts/block-coroutine-wrapper.py
-@@ -261,8 +261,8 @@ def gen_no_co_wrapper(func: FuncDecl) -> str:
-         graph_lock='    bdrv_graph_rdlock_main_loop();'
-         graph_unlock='    bdrv_graph_rdunlock_main_loop();'
-     elif func.graph_wrlock:
--        graph_lock='    bdrv_graph_wrlock(NULL);'
--        graph_unlock='    bdrv_graph_wrunlock(NULL);'
-+        graph_lock='    bdrv_graph_wrlock();'
-+        graph_unlock='    bdrv_graph_wrunlock();'
-
-     return f"""\
- /*
-diff --git a/tests/unit/test-bdrv-drain.c b/tests/unit/test-bdrv-drain.c
-index 704d1a3f3..d9754dfeb 100644
---- a/tests/unit/test-bdrv-drain.c
-+++ b/tests/unit/test-bdrv-drain.c
-@@ -807,9 +807,9 @@ static void test_blockjob_common_drain_node(enum drain_type drain_type,
-     tjob->bs = src;
-     job = &tjob->common;
-
--    bdrv_graph_wrlock(target);
-+    bdrv_graph_wrlock();
-     block_job_add_bdrv(job, "target", target, 0, BLK_PERM_ALL, &error_abort);
--    bdrv_graph_wrunlock(target);
-+    bdrv_graph_wrunlock();
-
-     switch (result) {
-     case TEST_JOB_SUCCESS:
-@@ -991,11 +991,11 @@ static void bdrv_test_top_close(BlockDriverState *bs)
- {
-     BdrvChild *c, *next_c;
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     QLIST_FOREACH_SAFE(c, &bs->children, next, next_c) {
-         bdrv_unref_child(bs, c);
-     }
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
- }
-
- static int coroutine_fn GRAPH_RDLOCK
-@@ -1085,10 +1085,10 @@ static void do_test_delete_by_drain(bool detach_instead_of_delete,
-
-     null_bs = bdrv_open("null-co://", NULL, NULL, BDRV_O_RDWR | BDRV_O_PROTOCOL,
-                         &error_abort);
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     bdrv_attach_child(bs, null_bs, "null-child", &child_of_bds,
-                       BDRV_CHILD_DATA, &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     /* This child will be the one to pass to requests through to, and
-      * it will stall until a drain occurs */
-@@ -1096,21 +1096,21 @@ static void do_test_delete_by_drain(bool detach_instead_of_delete,
-                                     &error_abort);
-     child_bs->total_sectors = 65536 >> BDRV_SECTOR_BITS;
-     /* Takes our reference to child_bs */
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     tts->wait_child = bdrv_attach_child(bs, child_bs, "wait-child",
-                                         &child_of_bds,
-                                         BDRV_CHILD_DATA | BDRV_CHILD_PRIMARY,
-                                         &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     /* This child is just there to be deleted
-      * (for detach_instead_of_delete == true) */
-     null_bs = bdrv_open("null-co://", NULL, NULL, BDRV_O_RDWR | BDRV_O_PROTOCOL,
-                         &error_abort);
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     bdrv_attach_child(bs, null_bs, "null-child", &child_of_bds, BDRV_CHILD_DATA,
-                       &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     blk = blk_new(qemu_get_aio_context(), BLK_PERM_ALL, BLK_PERM_ALL);
-     blk_insert_bs(blk, bs, &error_abort);
-@@ -1193,14 +1193,14 @@ static void no_coroutine_fn detach_indirect_bh(void *opaque)
-
-     bdrv_dec_in_flight(data->child_b->bs);
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     bdrv_unref_child(data->parent_b, data->child_b);
-
-     bdrv_ref(data->c);
-     data->child_c = bdrv_attach_child(data->parent_b, data->c, "PB-C",
-                                       &child_of_bds, BDRV_CHILD_DATA,
-                                       &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
- }
-
- static void coroutine_mixed_fn detach_by_parent_aio_cb(void *opaque, int ret)
-@@ -1298,7 +1298,7 @@ static void TSA_NO_TSA test_detach_indirect(bool by_parent_cb)
-     /* Set child relationships */
-     bdrv_ref(b);
-     bdrv_ref(a);
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     child_b = bdrv_attach_child(parent_b, b, "PB-B", &child_of_bds,
-                                 BDRV_CHILD_DATA, &error_abort);
-     child_a = bdrv_attach_child(parent_b, a, "PB-A", &child_of_bds,
-@@ -1308,7 +1308,7 @@ static void TSA_NO_TSA test_detach_indirect(bool by_parent_cb)
-     bdrv_attach_child(parent_a, a, "PA-A",
-                       by_parent_cb ? &child_of_bds : &detach_by_driver_cb_class,
-                       BDRV_CHILD_DATA, &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     g_assert_cmpint(parent_a->refcnt, ==, 1);
-     g_assert_cmpint(parent_b->refcnt, ==, 1);
-@@ -1727,7 +1727,7 @@ static void test_drop_intermediate_poll(void)
-      * Establish the chain last, so the chain links are the first
-      * elements in the BDS.parents lists
-      */
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     for (i = 0; i < 3; i++) {
-         if (i) {
-             /* Takes the reference to chain[i - 1] */
-@@ -1735,7 +1735,7 @@ static void test_drop_intermediate_poll(void)
-                               &chain_child_class, BDRV_CHILD_COW, &error_abort);
-         }
-     }
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     job = block_job_create("job", &test_simple_job_driver, NULL, job_node,
-                            0, BLK_PERM_ALL, 0, 0, NULL, NULL, &error_abort);
-@@ -1982,10 +1982,10 @@ static void do_test_replace_child_mid_drain(int old_drain_count,
-     new_child_bs->total_sectors = 1;
-
-     bdrv_ref(old_child_bs);
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     bdrv_attach_child(parent_bs, old_child_bs, "child", &child_of_bds,
-                       BDRV_CHILD_COW, &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-     parent_s->setup_completed = true;
-
-     for (i = 0; i < old_drain_count; i++) {
-@@ -2016,9 +2016,9 @@ static void do_test_replace_child_mid_drain(int old_drain_count,
-     g_assert(parent_bs->quiesce_counter == old_drain_count);
-     bdrv_drained_begin(old_child_bs);
-     bdrv_drained_begin(new_child_bs);
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     bdrv_replace_node(old_child_bs, new_child_bs, &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-     bdrv_drained_end(new_child_bs);
-     bdrv_drained_end(old_child_bs);
-     g_assert(parent_bs->quiesce_counter == new_drain_count);
-diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
-index 074adcbb9..8ee6ef38d 100644
---- a/tests/unit/test-bdrv-graph-mod.c
-+++ b/tests/unit/test-bdrv-graph-mod.c
-@@ -137,10 +137,10 @@ static void test_update_perm_tree(void)
-
-     blk_insert_bs(root, bs, &error_abort);
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     bdrv_attach_child(filter, bs, "child", &child_of_bds,
-                       BDRV_CHILD_DATA, &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     aio_context_acquire(qemu_get_aio_context());
-     ret = bdrv_append(filter, bs, NULL);
-@@ -206,11 +206,11 @@ static void test_should_update_child(void)
-
-     bdrv_set_backing_hd(target, bs, &error_abort);
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     g_assert(target->backing->bs == bs);
-     bdrv_attach_child(filter, target, "target", &child_of_bds,
-                       BDRV_CHILD_DATA, &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-     aio_context_acquire(qemu_get_aio_context());
-     bdrv_append(filter, bs, &error_abort);
-     aio_context_release(qemu_get_aio_context());
-@@ -248,7 +248,7 @@ static void test_parallel_exclusive_write(void)
-     bdrv_ref(base);
-     bdrv_ref(fl1);
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     bdrv_attach_child(top, fl1, "backing", &child_of_bds,
-                       BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY,
-                       &error_abort);
-@@ -260,7 +260,7 @@ static void test_parallel_exclusive_write(void)
-                       &error_abort);
-
-     bdrv_replace_node(fl1, fl2, &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     bdrv_drained_end(fl2);
-     bdrv_drained_end(fl1);
-@@ -367,7 +367,7 @@ static void test_parallel_perm_update(void)
-      */
-     bdrv_ref(base);
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     bdrv_attach_child(top, ws, "file", &child_of_bds, BDRV_CHILD_DATA,
-                       &error_abort);
-     c_fl1 = bdrv_attach_child(ws, fl1, "first", &child_of_bds,
-@@ -380,7 +380,7 @@ static void test_parallel_perm_update(void)
-     bdrv_attach_child(fl2, base, "backing", &child_of_bds,
-                       BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY,
-                       &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     /* Select fl1 as first child to be active */
-     s->selected = c_fl1;
-@@ -434,11 +434,11 @@ static void test_append_greedy_filter(void)
-     BlockDriverState *base = no_perm_node("base");
-     BlockDriverState *fl = exclusive_writer_node("fl1");
-
--    bdrv_graph_wrlock(NULL);
-+    bdrv_graph_wrlock();
-     bdrv_attach_child(top, base, "backing", &child_of_bds,
-                       BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY,
-                       &error_abort);
--    bdrv_graph_wrunlock(NULL);
-+    bdrv_graph_wrunlock();
-
-     aio_context_acquire(qemu_get_aio_context());
-     bdrv_append(fl, base, &error_abort);
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch
deleted file mode 100644
index bcdd0fbed8..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch
+++ /dev/null
@@ -1,239 +0,0 @@
-From 7ead946998610657d38d1a505d5f25300d4ca613 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 25 Apr 2024 14:56:02 +0000
-Subject: [PATCH] block: Parse filenames only when explicitly requested
-
-When handling image filenames from legacy options such as -drive or from
-tools, these filenames are parsed for protocol prefixes, including for
-the json:{} pseudo-protocol.
-
-This behaviour is intended for filenames that come directly from the
-command line and for backing files, which may come from the image file
-itself. Higher level management tools generally take care to verify that
-untrusted images don't contain a bad (or any) backing file reference;
-'qemu-img info' is a suitable tool for this.
-
-However, for other files that can be referenced in images, such as
-qcow2 data files or VMDK extents, the string from the image file is
-usually not verified by management tools - and 'qemu-img info' wouldn't
-be suitable because in contrast to backing files, it already opens these
-other referenced files. So here the string should be interpreted as a
-literal local filename. More complex configurations need to be specified
-explicitly on the command line or in QMP...
-
-CVE: CVE-2024-4467
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/7ead946998610657d38d1a505d5f25300d4ca613]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
----
- block.c | 94 ++++++++++++++++++++++++++++++++++-----------------------
- 1 file changed, 57 insertions(+), 37 deletions(-)
-
-diff --git a/block.c b/block.c
-index 25e1ebc60..f3cb32cd7 100644
---- a/block.c
-+++ b/block.c
-@@ -86,6 +86,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
-                                            BlockDriverState *parent,
-                                            const BdrvChildClass *child_class,
-                                            BdrvChildRole child_role,
-+                                           bool parse_filename,
-                                            Error **errp);
-
- static bool bdrv_recurse_has_child(BlockDriverState *bs,
-@@ -2047,7 +2048,8 @@ static void parse_json_protocol(QDict *options, const char **pfilename,
-  * block driver has been specified explicitly.
-  */
- static int bdrv_fill_options(QDict **options, const char *filename,
--                             int *flags, Error **errp)
-+                             int *flags, bool allow_parse_filename,
-+                             Error **errp)
- {
-     const char *drvname;
-     bool protocol = *flags & BDRV_O_PROTOCOL;
-@@ -2089,7 +2091,7 @@ static int bdrv_fill_options(QDict **options, const char *filename,
-     if (protocol && filename) {
-         if (!qdict_haskey(*options, "filename")) {
-             qdict_put_str(*options, "filename", filename);
--            parse_filename = true;
-+            parse_filename = allow_parse_filename;
-         } else {
-             error_setg(errp, "Can't specify 'file' and 'filename' options at "
-                              "the same time");
-@@ -3675,7 +3677,8 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options,
-     }
-
-     backing_hd = bdrv_open_inherit(backing_filename, reference, options, 0, bs,
--                                   &child_of_bds, bdrv_backing_role(bs), errp);
-+                                   &child_of_bds, bdrv_backing_role(bs), true,
-+                                   errp);
-     if (!backing_hd) {
-         bs->open_flags |= BDRV_O_NO_BACKING;
-         error_prepend(errp, "Could not open backing file: ");
-@@ -3712,7 +3715,8 @@ free_exit:
- static BlockDriverState *
- bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
-                    BlockDriverState *parent, const BdrvChildClass *child_class,
--                   BdrvChildRole child_role, bool allow_none, Error **errp)
-+                   BdrvChildRole child_role, bool allow_none,
-+                   bool parse_filename, Error **errp)
- {
-     BlockDriverState *bs = NULL;
-     QDict *image_options;
-@@ -3743,7 +3747,8 @@ bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
-     }
-
-     bs = bdrv_open_inherit(filename, reference, image_options, 0,
--                           parent, child_class, child_role, errp);
-+                           parent, child_class, child_role, parse_filename,
-+                           errp);
-     if (!bs) {
-         goto done;
-     }
-@@ -3753,6 +3758,33 @@ done:
-     return bs;
- }
-
-+static BdrvChild *bdrv_open_child_common(const char *filename,
-+                                         QDict *options, const char *bdref_key,
-+                                         BlockDriverState *parent,
-+                                         const BdrvChildClass *child_class,
-+                                         BdrvChildRole child_role,
-+                                         bool allow_none, bool parse_filename,
-+                                         Error **errp)
-+{
-+    BlockDriverState *bs;
-+    BdrvChild *child;
-+
-+    GLOBAL_STATE_CODE();
-+
-+    bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class,
-+                            child_role, allow_none, parse_filename, errp);
-+    if (bs == NULL) {
-+        return NULL;
-+    }
-+
-+    bdrv_graph_wrlock();
-+    child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
-+                              errp);
-+    bdrv_graph_wrunlock();
-+
-+    return child;
-+}
-+
- /*
-  * Opens a disk image whose options are given as BlockdevRef in another block
-  * device's options.
-@@ -3778,31 +3810,15 @@ BdrvChild *bdrv_open_child(const char *filename,
-                            BdrvChildRole child_role,
-                            bool allow_none, Error **errp)
- {
--    BlockDriverState *bs;
--    BdrvChild *child;
--    AioContext *ctx;
--
--    GLOBAL_STATE_CODE();
--
--    bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class,
--                            child_role, allow_none, errp);
--    if (bs == NULL) {
--        return NULL;
--    }
--
--    bdrv_graph_wrlock();
--    ctx = bdrv_get_aio_context(bs);
--    aio_context_acquire(ctx);
--    child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
--                              errp);
--    aio_context_release(ctx);
--    bdrv_graph_wrunlock();
--
--    return child;
-+   return bdrv_open_child_common(filename, options, bdref_key, parent,
-+                                  child_class, child_role, allow_none, false,
-+                                  errp);
- }
-
- /*
-- * Wrapper on bdrv_open_child() for most popular case: open primary child of bs.
-+ * This does mostly the same as bdrv_open_child(), but for opening the primary
-+ * child of a node. A notable difference from bdrv_open_child() is that it
-+ * enables filename parsing for protocol names (including json:).
-  *
-  * The caller must hold the lock of the main AioContext and no other AioContext.
-  * @parent can move to a different AioContext in this function. Callers must
-@@ -3819,8 +3835,8 @@ int bdrv_open_file_child(const char *filename,
-     role = parent->drv->is_filter ?
-         (BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY) : BDRV_CHILD_IMAGE;
-
--    if (!bdrv_open_child(filename, options, bdref_key, parent,
--                         &child_of_bds, role, false, errp))
-+    if (!bdrv_open_child_common(filename, options, bdref_key, parent,
-+                                &child_of_bds, role, false, true, errp))
-     {
-         return -EINVAL;
-     }
-@@ -3865,7 +3881,8 @@ BlockDriverState *bdrv_open_blockdev_ref(BlockdevRef *ref, Error **errp)
-
-     }
-
--    bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, errp);
-+    bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, false,
-+                           errp);
-     obj = NULL;
-     qobject_unref(obj);
-     visit_free(v);
-@@ -3962,7 +3979,7 @@ static BlockDriverState * no_coroutine_fn
- bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
-                   int flags, BlockDriverState *parent,
-                   const BdrvChildClass *child_class, BdrvChildRole child_role,
--                  Error **errp)
-+                  bool parse_filename, Error **errp)
- {
-     int ret;
-     BlockBackend *file = NULL;
-@@ -4011,9 +4028,11 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
-     }
-
-     /* json: syntax counts as explicit options, as if in the QDict */
--    parse_json_protocol(options, &filename, &local_err);
--    if (local_err) {
--        goto fail;
-+    if (parse_filename) {
-+        parse_json_protocol(options, &filename, &local_err);
-+        if (local_err) {
-+            goto fail;
-+        }
-     }
-
-     bs->explicit_options = qdict_clone_shallow(options);
-@@ -4038,7 +4057,8 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
-                                      parent->open_flags, parent->options);
-     }
-
--    ret = bdrv_fill_options(&options, filename, &flags, &local_err);
-+    ret = bdrv_fill_options(&options, filename, &flags, parse_filename,
-+                            &local_err);
-     if (ret < 0) {
-         goto fail;
-     }
-@@ -4107,7 +4127,7 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
-
-         file_bs = bdrv_open_child_bs(filename, options, "file", bs,
-                                      &child_of_bds, BDRV_CHILD_IMAGE,
--                                     true, &local_err);
-+                                     true, true, &local_err);
-         if (local_err) {
-             goto fail;
-         }
-@@ -4270,7 +4290,7 @@ BlockDriverState *bdrv_open(const char *filename, const char *reference,
-     GLOBAL_STATE_CODE();
-
-     return bdrv_open_inherit(filename, reference, options, flags, NULL,
--                             NULL, 0, errp);
-+                             NULL, 0, true, errp);
- }
-
- /* Return true if the NULL-terminated @list contains @str */
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch
deleted file mode 100644
index 631e93a6d2..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-From fb1c2aaa981e0a2fa6362c9985f1296b74f055ac Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 7 Aug 2024 08:50:01 -0500
-Subject: [PATCH] nbd/server: Plumb in new args to nbd_client_add()
-
-Upcoming patches to fix a CVE need to track an opaque pointer passed
-in by the owner of a client object, as well as request for a time
-limit on how fast negotiation must complete.  Prepare for that by
-changing the signature of nbd_client_new() and adding an accessor to
-get at the opaque pointer, although for now the two servers
-(qemu-nbd.c and blockdev-nbd.c) do not change behavior even though
-they pass in a new default timeout value.
-
-Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-11-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[eblake: s/LIMIT/MAX_SECS/ as suggested by Dan]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-
-CVE: CVE-2024-7409
-
-Upstream-Status: Backport [https://github.com/qemu/qemu/commit/fb1c2aaa981e0a2fa6362c9985f1296b74f055ac]
-
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
----
- blockdev-nbd.c      |  6 ++++--
- include/block/nbd.h | 11 ++++++++++-
- nbd/server.c        | 20 +++++++++++++++++---
- qemu-nbd.c          |  4 +++-
- 4 files changed, 34 insertions(+), 7 deletions(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 213012435..267a1de90 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -64,8 +64,10 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
-     nbd_update_server_watch(nbd_server);
-
-     qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
--    nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz,
--                   nbd_blockdev_client_closed);
-+    /* TODO - expose handshake timeout as QMP option */
-+    nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
-+                   nbd_server->tlscreds, nbd_server->tlsauthz,
-+                   nbd_blockdev_client_closed, NULL);
- }
-
- static void nbd_update_server_watch(NBDServerData *s)
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 4e7bd6342..1d4d65922 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -33,6 +33,12 @@ typedef struct NBDMetaContexts NBDMetaContexts;
-
- extern const BlockExportDriver blk_exp_nbd;
-
-+/*
-+ * NBD_DEFAULT_HANDSHAKE_MAX_SECS: Number of seconds in which client must
-+ * succeed at NBD_OPT_GO before being forcefully dropped as too slow.
-+ */
-+#define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10
-+
- /* Handshake phase structs - this struct is passed on the wire */
-
- typedef struct NBDOption {
-@@ -403,9 +409,12 @@ AioContext *nbd_export_aio_context(NBDExport *exp);
- NBDExport *nbd_export_find(const char *name);
-
- void nbd_client_new(QIOChannelSocket *sioc,
-+                    uint32_t handshake_max_secs,
-                     QCryptoTLSCreds *tlscreds,
-                     const char *tlsauthz,
--                    void (*close_fn)(NBDClient *, bool));
-+                    void (*close_fn)(NBDClient *, bool),
-+                    void *owner);
-+void *nbd_client_owner(NBDClient *client);
- void nbd_client_get(NBDClient *client);
- void nbd_client_put(NBDClient *client);
-
-diff --git a/nbd/server.c b/nbd/server.c
-index 091b57119..f8881936e 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -124,12 +124,14 @@ struct NBDMetaContexts {
- struct NBDClient {
-     int refcount; /* atomic */
-     void (*close_fn)(NBDClient *client, bool negotiated);
-+    void *owner;
-
-     QemuMutex lock;
-
-     NBDExport *exp;
-     QCryptoTLSCreds *tlscreds;
-     char *tlsauthz;
-+    uint32_t handshake_max_secs;
-     QIOChannelSocket *sioc; /* The underlying data channel */
-     QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */
-
-@@ -3160,6 +3162,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
-
-     qemu_co_mutex_init(&client->send_lock);
-
-+    /* TODO - utilize client->handshake_max_secs */
-     if (nbd_negotiate(client, &local_err)) {
-         if (local_err) {
-             error_report_err(local_err);
-@@ -3174,14 +3177,17 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
- }
-
- /*
-- * Create a new client listener using the given channel @sioc.
-+ * Create a new client listener using the given channel @sioc and @owner.
-  * Begin servicing it in a coroutine.  When the connection closes, call
-- * @close_fn with an indication of whether the client completed negotiation.
-+ * @close_fn with an indication of whether the client completed negotiation
-+ * within @handshake_max_secs seconds (0 for unbounded).
-  */
- void nbd_client_new(QIOChannelSocket *sioc,
-+                    uint32_t handshake_max_secs,
-                     QCryptoTLSCreds *tlscreds,
-                     const char *tlsauthz,
--                    void (*close_fn)(NBDClient *, bool))
-+                    void (*close_fn)(NBDClient *, bool),
-+                    void *owner)
- {
-     NBDClient *client;
-     Coroutine *co;
-@@ -3194,13 +3200,21 @@ void nbd_client_new(QIOChannelSocket *sioc,
-         object_ref(OBJECT(client->tlscreds));
-     }
-     client->tlsauthz = g_strdup(tlsauthz);
-+    client->handshake_max_secs = handshake_max_secs;
-     client->sioc = sioc;
-     qio_channel_set_delay(QIO_CHANNEL(sioc), false);
-     object_ref(OBJECT(client->sioc));
-     client->ioc = QIO_CHANNEL(sioc);
-     object_ref(OBJECT(client->ioc));
-     client->close_fn = close_fn;
-+    client->owner = owner;
-
-     co = qemu_coroutine_create(nbd_co_client_start, client);
-     qemu_coroutine_enter(co);
- }
-+
-+void *
-+nbd_client_owner(NBDClient *client)
-+{
-+    return client->owner;
-+}
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index 186e6468b..5fa399c0b 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -389,7 +389,9 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
-
-     nb_fds++;
-     nbd_update_server_watch();
--    nbd_client_new(cioc, tlscreds, tlsauthz, nbd_client_closed);
-+    /* TODO - expose handshake timeout as command line option */
-+    nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
-+                   tlscreds, tlsauthz, nbd_client_closed, NULL);
- }
-
- static void nbd_update_server_watch(void)
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch
deleted file mode 100644
index ca8ef0b44d..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch
+++ /dev/null
@@ -1,175 +0,0 @@
-From c8a76dbd90c2f48df89b75bef74917f90a59b623 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Tue, 6 Aug 2024 13:53:00 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Cap default max-connections to 100
-
-Allowing an unlimited number of clients to any web service is a recipe
-for a rudimentary denial of service attack: the client merely needs to
-open lots of sockets without closing them, until qemu no longer has
-any more fds available to allocate.
-
-For qemu-nbd, we default to allowing only 1 connection unless more are
-explicitly asked for (-e or --shared); this was historically picked as
-a nice default (without an explicit -t, a non-persistent qemu-nbd goes
-away after a client disconnects, without needing any additional
-follow-up commands), and we are not going to change that interface now
-(besides, someday we want to point people towards qemu-storage-daemon
-instead of qemu-nbd).
-
-But for qemu proper, and the newer qemu-storage-daemon, the QMP
-nbd-server-start command has historically had a default of unlimited
-number of connections, in part because unlike qemu-nbd it is
-inherently persistent until nbd-server-stop.  Allowing multiple client
-sockets is particularly useful for clients that can take advantage of
-MULTI_CONN (creating parallel sockets to increase throughput),
-although known clients that do so (such as libnbd's nbdcopy) typically
-use only 8 or 16 connections (the benefits of scaling diminish once
-more sockets are competing for kernel attention).  Picking a number
-large enough for typical use cases, but not unlimited, makes it
-slightly harder for a malicious client to perform a denial of service
-merely by opening lots of connections withot progressing through the
-handshake.
-
-This change does not eliminate CVE-2024-7409 on its own, but reduces
-the chance for fd exhaustion or unlimited memory usage as an attack
-surface.  On the other hand, by itself, it makes it more obvious that
-with a finite limit, we have the problem of an unauthenticated client
-holding 100 fds opened as a way to block out a legitimate client from
-being able to connect; thus, later patches will further add timeouts
-to reject clients that are not making progress.
-
-This is an INTENTIONAL change in behavior, and will break any client
-of nbd-server-start that was not passing an explicit max-connections
-parameter, yet expects more than 100 simultaneous connections.  We are
-not aware of any such client (as stated above, most clients aware of
-MULTI_CONN get by just fine on 8 or 16 connections, and probably cope
-with later connections failing by relying on the earlier connections;
-libvirt has not yet been passing max-connections, but generally
-creates NBD servers with the intent for a single client for the sake
-of live storage migration; meanwhile, the KubeSAN project anticipates
-a large cluster sharing multiple clients [up to 8 per node, and up to
-100 nodes in a cluster], but it currently uses qemu-nbd with an
-explicit --shared=0 rather than qemu-storage-daemon with
-nbd-server-start).
-
-We considered using a deprecation period (declare that omitting
-max-parameters is deprecated, and make it mandatory in 3 releases -
-then we don't need to pick an arbitrary default); that has zero risk
-of breaking any apps that accidentally depended on more than 100
-connections, and where such breakage might not be noticed under unit
-testing but only under the larger loads of production usage.  But it
-does not close the denial-of-service hole until far into the future,
-and requires all apps to change to add the parameter even if 100 was
-good enough.  It also has a drawback that any app (like libvirt) that
-is accidentally relying on an unlimited default should seriously
-consider their own CVE now, at which point they are going to change to
-pass explicit max-connections sooner than waiting for 3 qemu releases.
-Finally, if our changed default breaks an app, that app can always
-pass in an explicit max-parameters with a larger value.
-
-It is also intentional that the HMP interface to nbd-server-start is
-not changed to expose max-connections (any client needing to fine-tune
-things should be using QMP).
-
-Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-12-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[ericb: Expand commit message to summarize Dan's argument for why we
-break corner-case back-compat behavior without a deprecation period]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-
-CVE: CVE-2024-7409
-
-Upstream-Status: Backport [https://github.com/qemu/qemu/commit/c8a76dbd90c2f48df89b75bef74917f90a59b623]
-
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
----
- block/monitor/block-hmp-cmds.c | 3 ++-
- blockdev-nbd.c                 | 8 ++++++++
- include/block/nbd.h            | 7 +++++++
- qapi/block-export.json         | 4 ++--
- 4 files changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index c729cbf1e..78a697585 100644
---- a/block/monitor/block-hmp-cmds.c
-+++ b/block/monitor/block-hmp-cmds.c
-@@ -415,7 +415,8 @@ void hmp_nbd_server_start(Monitor *mon, const QDict *qdict)
-         goto exit;
-     }
-
--    nbd_server_start(addr, NULL, NULL, 0, &local_err);
-+    nbd_server_start(addr, NULL, NULL, NBD_DEFAULT_MAX_CONNECTIONS,
-+                     &local_err);
-     qapi_free_SocketAddress(addr);
-     if (local_err != NULL) {
-         goto exit;
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 267a1de90..24ba5382d 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -170,6 +170,10 @@ void nbd_server_start(SocketAddress *addr, const char *tls_creds,
-
- void nbd_server_start_options(NbdServerOptions *arg, Error **errp)
- {
-+    if (!arg->has_max_connections) {
-+        arg->max_connections = NBD_DEFAULT_MAX_CONNECTIONS;
-+    }
-+
-     nbd_server_start(arg->addr, arg->tls_creds, arg->tls_authz,
-                      arg->max_connections, errp);
- }
-@@ -182,6 +186,10 @@ void qmp_nbd_server_start(SocketAddressLegacy *addr,
- {
-     SocketAddress *addr_flat = socket_address_flatten(addr);
-
-+    if (!has_max_connections) {
-+        max_connections = NBD_DEFAULT_MAX_CONNECTIONS;
-+    }
-+
-     nbd_server_start(addr_flat, tls_creds, tls_authz, max_connections, errp);
-     qapi_free_SocketAddress(addr_flat);
- }
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 1d4d65922..d4f8b21ae 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -39,6 +39,13 @@ extern const BlockExportDriver blk_exp_nbd;
-  */
- #define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10
-
-+/*
-+ * NBD_DEFAULT_MAX_CONNECTIONS: Number of client sockets to allow at
-+ * once; must be large enough to allow a MULTI_CONN-aware client like
-+ * nbdcopy to create its typical number of 8-16 sockets.
-+ */
-+#define NBD_DEFAULT_MAX_CONNECTIONS 100
-+
- /* Handshake phase structs - this struct is passed on the wire */
-
- typedef struct NBDOption {
-diff --git a/qapi/block-export.json b/qapi/block-export.json
-index 7874a49ba..1d255d77e 100644
---- a/qapi/block-export.json
-+++ b/qapi/block-export.json
-@@ -28,7 +28,7 @@
- # @max-connections: The maximum number of connections to allow at the
- #     same time, 0 for unlimited.  Setting this to 1 also stops the
- #     server from advertising multiple client support (since 5.2;
--#     default: 0)
-+#     default: 100)
- #
- # Since: 4.2
- ##
-@@ -63,7 +63,7 @@
- # @max-connections: The maximum number of connections to allow at the
- #     same time, 0 for unlimited.  Setting this to 1 also stops the
- #     server from advertising multiple client support (since 5.2;
--#     default: 0).
-+#     default: 100).
- #
- # Returns: error if the server is already running.
- #
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch
deleted file mode 100644
index b2b9b15c54..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-From b9b72cb3ce15b693148bd09cef7e50110566d8a0 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Thu, 8 Aug 2024 16:05:08 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Drop non-negotiating clients
-
-A client that opens a socket but does not negotiate is merely hogging
-qemu's resources (an open fd and a small amount of memory); and a
-malicious client that can access the port where NBD is listening can
-attempt a denial of service attack by intentionally opening and
-abandoning lots of unfinished connections.  The previous patch put a
-default bound on the number of such ongoing connections, but once that
-limit is hit, no more clients can connect (including legitimate ones).
-The solution is to insist that clients complete handshake within a
-reasonable time limit, defaulting to 10 seconds.  A client that has
-not successfully completed NBD_OPT_GO by then (including the case of
-where the client didn't know TLS credentials to even reach the point
-of NBD_OPT_GO) is wasting our time and does not deserve to stay
-connected.  Later patches will allow fine-tuning the limit away from
-the default value (including disabling it for doing integration
-testing of the handshake process itself).
-
-Note that this patch in isolation actually makes it more likely to see
-qemu SEGV after nbd-server-stop, as any client socket still connected
-when the server shuts down will now be closed after 10 seconds rather
-than at the client's whims.  That will be addressed in the next patch.
-
-For a demo of this patch in action:
-$ qemu-nbd -f raw -r -t -e 10 file &
-$ nbdsh --opt-mode -c '
-H = list()
-for i in range(20):
-  print(i)
-  H.insert(i, nbd.NBD())
-  H[i].set_opt_mode(True)
-  H[i].connect_uri("nbd://localhost")
-'
-$ kill $!
-
-where later connections get to start progressing once earlier ones are
-forcefully dropped for taking too long, rather than hanging.
-
-Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-13-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[eblake: rebase to changes earlier in series, reduce scope of timer]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-
-CVE: CVE-2024-7409
-
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/b9b72cb3ce15b693148bd09cef7e50110566d8a0]
-
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
----
- nbd/server.c     | 28 +++++++++++++++++++++++++++-
- nbd/trace-events |  1 +
- 2 files changed, 28 insertions(+), 1 deletion(-)
-
-diff --git a/nbd/server.c b/nbd/server.c
-index f8881936e..6155e329a 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -3155,22 +3155,48 @@ static void nbd_client_receive_next_request(NBDClient *client)
-     }
- }
-
-+static void nbd_handshake_timer_cb(void *opaque)
-+{
-+    QIOChannel *ioc = opaque;
-+
-+    trace_nbd_handshake_timer_cb();
-+    qio_channel_shutdown(ioc, QIO_CHANNEL_SHUTDOWN_BOTH, NULL);
-+}
-+
- static coroutine_fn void nbd_co_client_start(void *opaque)
- {
-     NBDClient *client = opaque;
-     Error *local_err = NULL;
-+    QEMUTimer *handshake_timer = NULL;
-
-     qemu_co_mutex_init(&client->send_lock);
-
--    /* TODO - utilize client->handshake_max_secs */
-+    /*
-+     * Create a timer to bound the time spent in negotiation. If the
-+     * timer expires, it is likely nbd_negotiate will fail because the
-+     * socket was shutdown.
-+     */
-+    if (client->handshake_max_secs > 0) {
-+        handshake_timer = aio_timer_new(qemu_get_aio_context(),
-+                                        QEMU_CLOCK_REALTIME,
-+                                        SCALE_NS,
-+                                        nbd_handshake_timer_cb,
-+                                        client->sioc);
-+        timer_mod(handshake_timer,
-+                  qemu_clock_get_ns(QEMU_CLOCK_REALTIME) +
-+                  client->handshake_max_secs * NANOSECONDS_PER_SECOND);
-+    }
-+
-     if (nbd_negotiate(client, &local_err)) {
-         if (local_err) {
-             error_report_err(local_err);
-         }
-+        timer_free(handshake_timer);
-         client_close(client, false);
-         return;
-     }
-
-+    timer_free(handshake_timer);
-     WITH_QEMU_LOCK_GUARD(&client->lock) {
-         nbd_client_receive_next_request(client);
-     }
-diff --git a/nbd/trace-events b/nbd/trace-events
-index 00ae3216a..cbd0a4ab7 100644
---- a/nbd/trace-events
-+++ b/nbd/trace-events
-@@ -76,6 +76,7 @@ nbd_co_receive_request_payload_received(uint64_t cookie, uint64_t len) "Payload
- nbd_co_receive_ext_payload_compliance(uint64_t from, uint64_t len) "client sent non-compliant write without payload flag: from=0x%" PRIx64 ", len=0x%" PRIx64
- nbd_co_receive_align_compliance(const char *op, uint64_t from, uint64_t len, uint32_t align) "client sent non-compliant unaligned %s request: from=0x%" PRIx64 ", len=0x%" PRIx64 ", align=0x%" PRIx32
- nbd_trip(void) "Reading request"
-+nbd_handshake_timer_cb(void) "client took too long to negotiate"
-
- # client-connection.c
- nbd_connect_thread_sleep(uint64_t timeout) "timeout %" PRIu64
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch
deleted file mode 100644
index 9515c631ad..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From 3e7ef738c8462c45043a1d39f702a0990406a3b3 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 7 Aug 2024 12:23:13 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Close stray clients at server-stop
-
-A malicious client can attempt to connect to an NBD server, and then
-intentionally delay progress in the handshake, including if it does
-not know the TLS secrets.  Although the previous two patches reduce
-this behavior by capping the default max-connections parameter and
-killing slow clients, they did not eliminate the possibility of a
-client waiting to close the socket until after the QMP nbd-server-stop
-command is executed, at which point qemu would SEGV when trying to
-dereference the NULL nbd_server global which is no longer present.
-This amounts to a denial of service attack.  Worse, if another NBD
-server is started before the malicious client disconnects, I cannot
-rule out additional adverse effects when the old client interferes
-with the connection count of the new server (although the most likely
-is a crash due to an assertion failure when checking
-nbd_server->connections > 0).
-
-For environments without this patch, the CVE can be mitigated by
-ensuring (such as via a firewall) that only trusted clients can
-connect to an NBD server.  Note that using frameworks like libvirt
-that ensure that TLS is used and that nbd-server-stop is not executed
-while any trusted clients are still connected will only help if there
-is also no possibility for an untrusted client to open a connection
-but then stall on the NBD handshake.
-
-Given the previous patches, it would be possible to guarantee that no
-clients remain connected by having nbd-server-stop sleep for longer
-than the default handshake deadline before finally freeing the global
-nbd_server object, but that could make QMP non-responsive for a long
-time.  So intead, this patch fixes the problem by tracking all client
-sockets opened while the server is running, and forcefully closing any
-such sockets remaining without a completed handshake at the time of
-nbd-server-stop, then waiting until the coroutines servicing those
-sockets notice the state change.  nbd-server-stop now has a second
-AIO_WAIT_WHILE_UNLOCKED (the first is indirectly through the
-blk_exp_close_all_type() that disconnects all clients that completed
-handshakes), but forced socket shutdown is enough to progress the
-coroutines and quickly tear down all clients before the server is
-freed, thus finally fixing the CVE.
-
-This patch relies heavily on the fact that nbd/server.c guarantees
-that it only calls nbd_blockdev_client_closed() from the main loop
-(see the assertion in nbd_client_put() and the hoops used in
-nbd_client_put_nonzero() to achieve that); if we did not have that
-guarantee, we would also need a mutex protecting our accesses of the
-list of connections to survive re-entrancy from independent iothreads.
-
-Although I did not actually try to test old builds, it looks like this
-problem has existed since at least commit 862172f45c (v2.12.0, 2017) -
-even back when that patch started using a QIONetListener to handle
-listening on multiple sockets, nbd_server_free() was already unaware
-that the nbd_blockdev_client_closed callback can be reached later by a
-client thread that has not completed handshakes (and therefore the
-client's socket never got added to the list closed in
-nbd_export_close_all), despite that patch intentionally tearing down
-the QIONetListener to prevent new clients.
-
-Reported-by: Alexander Ivanov <alexander.ivanov@virtuozzo.com>
-Fixes: CVE-2024-7409
-CC: qemu-stable@nongnu.org
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-14-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-
-CVE: CVE-2024-7409
-
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/3e7ef738c8462c45043a1d39f702a0990406a3b3]
-
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
----
- blockdev-nbd.c | 35 ++++++++++++++++++++++++++++++++++-
- 1 file changed, 34 insertions(+), 1 deletion(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 24ba5382d..f73409ae4 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -21,12 +21,18 @@
- #include "io/channel-socket.h"
- #include "io/net-listener.h"
-
-+typedef struct NBDConn {
-+    QIOChannelSocket *cioc;
-+    QLIST_ENTRY(NBDConn) next;
-+} NBDConn;
-+
- typedef struct NBDServerData {
-     QIONetListener *listener;
-     QCryptoTLSCreds *tlscreds;
-     char *tlsauthz;
-     uint32_t max_connections;
-     uint32_t connections;
-+    QLIST_HEAD(, NBDConn) conns;
- } NBDServerData;
-
- static NBDServerData *nbd_server;
-@@ -51,6 +57,14 @@ int nbd_server_max_connections(void)
-
- static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
- {
-+    NBDConn *conn = nbd_client_owner(client);
-+
-+    assert(qemu_in_main_thread() && nbd_server);
-+
-+    object_unref(OBJECT(conn->cioc));
-+    QLIST_REMOVE(conn, next);
-+    g_free(conn);
-+
-     nbd_client_put(client);
-     assert(nbd_server->connections > 0);
-     nbd_server->connections--;
-@@ -60,14 +74,20 @@ static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
- static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
-                        gpointer opaque)
- {
-+    NBDConn *conn = g_new0(NBDConn, 1);
-+
-+    assert(qemu_in_main_thread() && nbd_server);
-     nbd_server->connections++;
-+    object_ref(OBJECT(cioc));
-+    conn->cioc = cioc;
-+    QLIST_INSERT_HEAD(&nbd_server->conns, conn, next);
-     nbd_update_server_watch(nbd_server);
-
-     qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
-     /* TODO - expose handshake timeout as QMP option */
-     nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
-                    nbd_server->tlscreds, nbd_server->tlsauthz,
--                   nbd_blockdev_client_closed, NULL);
-+                   nbd_blockdev_client_closed, conn);
- }
-
- static void nbd_update_server_watch(NBDServerData *s)
-@@ -81,12 +101,25 @@ static void nbd_update_server_watch(NBDServerData *s)
-
- static void nbd_server_free(NBDServerData *server)
- {
-+    NBDConn *conn, *tmp;
-+
-     if (!server) {
-         return;
-     }
-
-+    /*
-+     * Forcefully close the listener socket, and any clients that have
-+     * not yet disconnected on their own.
-+     */
-     qio_net_listener_disconnect(server->listener);
-     object_unref(OBJECT(server->listener));
-+    QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) {
-+        qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH,
-+                             NULL);
-+    }
-+
-+    AIO_WAIT_WHILE_UNLOCKED(NULL, server->connections > 0);
-+
-     if (server->tlscreds) {
-         object_unref(OBJECT(server->tlscreds));
-     }
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu_8.2.3.bb b/meta/recipes-devtools/qemu/qemu_8.2.7.bb
index dc1352232e..dc1352232e 100644
--- a/meta/recipes-devtools/qemu/qemu_8.2.3.bb
+++ b/meta/recipes-devtools/qemu/qemu_8.2.7.bb
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch
new file mode 100644
index 0000000000..d654067fab
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch
@@ -0,0 +1,156 @@
+From 0902b52f6687b1f7952422080d50b93108742e53 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Tue, 29 Oct 2024 22:55:29 -0700
+Subject: [PATCH] Some checksum buffer fixes.
+
+- Put sum2_array into sum_struct to hold an array of sum2 checksums
+  that are each xfer_sum_len bytes.
+- Remove sum2 buf from sum_buf.
+- Add macro sum2_at() to access each sum2 array element.
+- Throw an error if a sums header has an s2length larger than
+  xfer_sum_len.
+
+CVE: CVE-2024-12084
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=0902b52f6687b1f7952422080d50b93108742e53]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ io.c     | 3 ++-
+ match.c  | 8 ++++----
+ rsync.c  | 5 ++++-
+ rsync.h  | 4 +++-
+ sender.c | 4 +++-
+ 5 files changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/io.c b/io.c
+index a99ac0ec..bb60eeca 100644
+--- a/io.c
++++ b/io.c
+@@ -55,6 +55,7 @@ extern int read_batch;
+ extern int compat_flags;
+ extern int protect_args;
+ extern int checksum_seed;
++extern int xfer_sum_len;
+ extern int daemon_connection;
+ extern int protocol_version;
+ extern int remove_source_files;
+@@ -1977,7 +1978,7 @@ void read_sum_head(int f, struct sum_struct *sum)
+                exit_cleanup(RERR_PROTOCOL);
+        }
+        sum->s2length = protocol_version < 27 ? csum_length : (int)read_int(f);
+-       if (sum->s2length < 0 || sum->s2length > MAX_DIGEST_LEN) {
++       if (sum->s2length < 0 || sum->s2length > xfer_sum_len) {
+                rprintf(FERROR, "Invalid checksum length %d [%s]\n",
+                        sum->s2length, who_am_i());
+                exit_cleanup(RERR_PROTOCOL);
+diff --git a/match.c b/match.c
+index cdb30a15..36e78ed2 100644
+--- a/match.c
++++ b/match.c
+@@ -232,7 +232,7 @@ static void hash_search(int f,struct sum_struct *s,
+                                done_csum2 = 1;
+                        }
+
+-                       if (memcmp(sum2,s->sums[i].sum2,s->s2length) != 0) {
++                       if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) {
+                                false_alarms++;
+                                continue;
+                        }
+@@ -252,7 +252,7 @@ static void hash_search(int f,struct sum_struct *s,
+                                        if (i != aligned_i) {
+                                                if (sum != s->sums[aligned_i].sum1
+                                                 || l != s->sums[aligned_i].len
+-                                                || memcmp(sum2, s->sums[aligned_i].sum2, s->s2length) != 0)
++                                                || memcmp(sum2, sum2_at(s, aligned_i), s->s2length) != 0)
+                                                        goto check_want_i;
+                                                i = aligned_i;
+                                        }
+@@ -271,7 +271,7 @@ static void hash_search(int f,struct sum_struct *s,
+                                                if (sum != s->sums[i].sum1)
+                                                        goto check_want_i;
+                                                get_checksum2((char *)map, l, sum2);
+-                                               if (memcmp(sum2, s->sums[i].sum2, s->s2length) != 0)
++                                               if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0)
+                                                        goto check_want_i;
+                                                /* OK, we have a re-alignment match.  Bump the offset
+                                                 * forward to the new match point. */
+@@ -290,7 +290,7 @@ static void hash_search(int f,struct sum_struct *s,
+                         && (!updating_basis_file || s->sums[want_i].offset >= offset
+                          || s->sums[want_i].flags & SUMFLG_SAME_OFFSET)
+                         && sum == s->sums[want_i].sum1
+-                        && memcmp(sum2, s->sums[want_i].sum2, s->s2length) == 0) {
++                        && memcmp(sum2, sum2_at(s, want_i), s->s2length) == 0) {
+                                /* we've found an adjacent match - the RLL coder
+                                 * will be happy */
+                                i = want_i;
+diff --git a/rsync.c b/rsync.c
+index cd288f57..b130aba5 100644
+--- a/rsync.c
++++ b/rsync.c
+@@ -437,7 +437,10 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, cha
+   */
+ void free_sums(struct sum_struct *s)
+ {
+-       if (s->sums) free(s->sums);
++       if (s->sums) {
++               free(s->sums);
++               free(s->sum2_array);
++       }
+        free(s);
+ }
+
+diff --git a/rsync.h b/rsync.h
+index d3709fe0..8ddbe702 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -958,12 +958,12 @@ struct sum_buf {
+        uint32 sum1;            /**< simple checksum */
+        int32 chain;            /**< next hash-table collision */
+        short flags;            /**< flag bits */
+-       char sum2[SUM_LENGTH];  /**< checksum  */
+ };
+
+ struct sum_struct {
+        OFF_T flength;          /**< total file length */
+        struct sum_buf *sums;   /**< points to info for each chunk */
++       char *sum2_array;       /**< checksums of length xfer_sum_len */
+        int32 count;            /**< how many chunks */
+        int32 blength;          /**< block_length */
+        int32 remainder;        /**< flength % block_length */
+@@ -982,6 +982,8 @@ struct map_struct {
+        int status;             /* first errno from read errors         */
+ };
+
++#define sum2_at(s, i)  ((s)->sum2_array + ((OFF_T)(i) * xfer_sum_len))
++
+ #define NAME_IS_FILE           (0)    /* filter name as a file */
+ #define NAME_IS_DIR            (1<<0) /* filter name as a dir */
+ #define NAME_IS_XATTR          (1<<2) /* filter name as an xattr */
+diff --git a/sender.c b/sender.c
+index 3d4f052e..ab205341 100644
+--- a/sender.c
++++ b/sender.c
+@@ -31,6 +31,7 @@ extern int log_before_transfer;
+ extern int stdout_format_has_i;
+ extern int logfile_format_has_i;
+ extern int want_xattr_optim;
++extern int xfer_sum_len;
+ extern int csum_length;
+ extern int append_mode;
+ extern int copy_links;
+@@ -94,10 +95,11 @@ static struct sum_struct *receive_sums(int f)
+                return(s);
+
+        s->sums = new_array(struct sum_buf, s->count);
++       s->sum2_array = new_array(char, s->count * xfer_sum_len);
+
+        for (i = 0; i < s->count; i++) {
+                s->sums[i].sum1 = read_int(f);
+-               read_buf(f, s->sums[i].sum2, s->s2length);
++               read_buf(f, sum2_at(s, i), s->s2length);
+
+                s->sums[i].offset = offset;
+                s->sums[i].flags = 0;
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch
new file mode 100644
index 0000000000..266b80c241
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch
@@ -0,0 +1,43 @@
+From 42e2b56c4ede3ab164f9a5c6dae02aa84606a6c1 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Tue, 5 Nov 2024 11:01:03 -0800
+Subject: [PATCH] Another cast when multiplying integers.
+
+CVE: CVE-2024-12084
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=42e2b56c4ede3ab164f9a5c6dae02aa84606a6c1]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ rsync.h  | 2 +-
+ sender.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rsync.h b/rsync.h
+index 8ddbe702..0f9e277f 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -982,7 +982,7 @@ struct map_struct {
+        int status;             /* first errno from read errors         */
+ };
+
+-#define sum2_at(s, i)  ((s)->sum2_array + ((OFF_T)(i) * xfer_sum_len))
++#define sum2_at(s, i)  ((s)->sum2_array + ((size_t)(i) * xfer_sum_len))
+
+ #define NAME_IS_FILE           (0)    /* filter name as a file */
+ #define NAME_IS_DIR            (1<<0) /* filter name as a dir */
+diff --git a/sender.c b/sender.c
+index ab205341..2bbff2fa 100644
+--- a/sender.c
++++ b/sender.c
+@@ -95,7 +95,7 @@ static struct sum_struct *receive_sums(int f)
+                return(s);
+
+        s->sums = new_array(struct sum_buf, s->count);
+-       s->sum2_array = new_array(char, s->count * xfer_sum_len);
++       s->sum2_array = new_array(char, (size_t)s->count * xfer_sum_len);
+
+        for (i = 0; i < s->count; i++) {
+                s->sums[i].sum1 = read_int(f);
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
new file mode 100644
index 0000000000..165d5a62f9
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
@@ -0,0 +1,32 @@
+From 589b0691e59f761ccb05ddb8e1124991440db2c7 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Thu, 14 Nov 2024 09:57:08 +1100
+Subject: [PATCH] prevent information leak off the stack
+
+prevent leak of uninitialised stack data in hash_search
+
+CVE: CVE-2024-12085
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=589b0691e59f761ccb05ddb8e1124991440db2c7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ match.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/match.c b/match.c
+index 36e78ed2..dfd6af2c 100644
+--- a/match.c
++++ b/match.c
+@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s,
+        int more;
+        schar *map;
+
++       // prevent possible memory leaks
++       memset(sum2, 0, sizeof sum2);
++
+        /* want_i is used to encourage adjacent matches, allowing the RLL
+         * coding of the output to work more efficiently. */
+        want_i = 0;
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch
new file mode 100644
index 0000000000..958a25a37b
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch
@@ -0,0 +1,42 @@
+From 8ad4b5d912fad1df29717dddaa775724da77d299 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Sat, 23 Nov 2024 11:08:03 +1100
+Subject: [PATCH] refuse fuzzy options when fuzzy not selected
+
+this prevents a malicious server providing a file to compare to when
+the user has not given the fuzzy option
+
+CVE: CVE-2024-12086
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=8ad4b5d912fad1df29717dddaa775724da77d299]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ receiver.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/receiver.c b/receiver.c
+index 6b4b369e..2d7f6033 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN];
+ extern struct file_list *cur_flist, *first_flist, *dir_flist;
+ extern filter_rule_list daemon_filter_list;
+ extern OFF_T preallocated_len;
++extern int fuzzy_basis;
+
+ extern struct name_num_item *xfer_sum_nni;
+ extern int xfer_sum_len;
+@@ -716,6 +717,10 @@ int recv_files(int f_in, int f_out, char *local_name)
+                                fnamecmp = get_backup_name(fname);
+                                break;
+                        case FNAMECMP_FUZZY:
++                               if (fuzzy_basis == 0) {
++                                       rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname);
++                                       exit_cleanup(RERR_PROTOCOL);
++                               }
+                                if (file->dirname) {
+                                        pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname);
+                                        fnamecmp = fnamecmpbuf;
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch
new file mode 100644
index 0000000000..5d25f12dd8
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch
@@ -0,0 +1,108 @@
+From b4a27ca25d0abb6fcf14f41b7e11f3a6e1d8a4ff Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Sat, 23 Nov 2024 12:26:10 +1100
+Subject: [PATCH] added secure_relative_open()
+
+this is an open that enforces no symlink following for all path
+components in a relative path
+
+CVE: CVE-2024-12086
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=b4a27ca25d0abb6fcf14f41b7e11f3a6e1d8a4ff]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ syscall.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 74 insertions(+)
+
+diff --git a/syscall.c b/syscall.c
+index b4b0f1f1..cffc814b 100644
+--- a/syscall.c
++++ b/syscall.c
+@@ -33,6 +33,8 @@
+ #include <sys/syscall.h>
+ #endif
+
++#include "ifuncs.h"
++
+ extern int dry_run;
+ extern int am_root;
+ extern int am_sender;
+@@ -707,3 +709,75 @@ int do_open_nofollow(const char *pathname, int flags)
+
+        return fd;
+ }
++
++/*
++  open a file relative to a base directory. The basedir can be NULL,
++  in which case the current working directory is used. The relpath
++  must be a relative path, and the relpath must not contain any
++  elements in the path which follow symlinks (ie. like O_NOFOLLOW, but
++  applies to all path components, not just the last component)
++*/
++int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
++{
++       if (!relpath || relpath[0] == '/') {
++               // must be a relative path
++               errno = EINVAL;
++               return -1;
++       }
++
++#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
++       // really old system, all we can do is live with the risks
++       if (!basedir) {
++               return open(relpath, flags, mode);
++       }
++       char fullpath[MAXPATHLEN];
++       pathjoin(fullpath, sizeof fullpath, basedir, relpath);
++       return open(fullpath, flags, mode);
++#else
++       int dirfd = AT_FDCWD;
++       if (basedir != NULL) {
++               dirfd = openat(AT_FDCWD, basedir, O_RDONLY | O_DIRECTORY);
++               if (dirfd == -1) {
++                       return -1;
++               }
++       }
++       int retfd = -1;
++
++       char *path_copy = my_strdup(relpath, __FILE__, __LINE__);
++       if (!path_copy) {
++               return -1;
++       }
++
++       for (const char *part = strtok(path_copy, "/");
++            part != NULL;
++            part = strtok(NULL, "/"))
++       {
++               int next_fd = openat(dirfd, part, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
++               if (next_fd == -1 && errno == ENOTDIR) {
++                       if (strtok(NULL, "/") != NULL) {
++                               // this is not the last component of the path
++                               errno = ELOOP;
++                               goto cleanup;
++                       }
++                       // this could be the last component of the path, try as a file
++                       retfd = openat(dirfd, part, flags | O_NOFOLLOW, mode);
++                       goto cleanup;
++               }
++               if (next_fd == -1) {
++                       goto cleanup;
++               }
++               if (dirfd != AT_FDCWD) close(dirfd);
++               dirfd = next_fd;
++       }
++
++       // the path must be a directory
++       errno = EINVAL;
++
++cleanup:
++       free(path_copy);
++       if (dirfd != AT_FDCWD) {
++               close(dirfd);
++       }
++       return retfd;
++#endif // O_NOFOLLOW, O_DIRECTORY
++}
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch
new file mode 100644
index 0000000000..de1747adf2
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch
@@ -0,0 +1,108 @@
+From c35e28331f10ba6eba370611abd78bde32d54da7 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Sat, 23 Nov 2024 12:28:13 +1100
+Subject: [PATCH] receiver: use secure_relative_open() for basis file
+
+this prevents attacks where the basis file is manipulated by a
+malicious sender to gain information about files outside the
+destination tree
+
+CVE: CVE-2024-12086
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=c35e28331f10ba6eba370611abd78bde32d54da7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ receiver.c | 42 ++++++++++++++++++++++++++----------------
+ 1 file changed, 26 insertions(+), 16 deletions(-)
+
+diff --git a/receiver.c b/receiver.c
+index 2d7f6033..8031b8f4 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -552,6 +552,8 @@ int recv_files(int f_in, int f_out, char *local_name)
+        progress_init();
+
+        while (1) {
++               const char *basedir = NULL;
++
+                cleanup_disable();
+
+                /* This call also sets cur_flist. */
+@@ -722,27 +724,29 @@ int recv_files(int f_in, int f_out, char *local_name)
+                                        exit_cleanup(RERR_PROTOCOL);
+                                }
+                                if (file->dirname) {
+-                                       pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname);
+-                                       fnamecmp = fnamecmpbuf;
+-                               } else
+-                                       fnamecmp = xname;
++                                       basedir = file->dirname;
++                               }
++                               fnamecmp = xname;
+                                break;
+                        default:
+                                if (fnamecmp_type > FNAMECMP_FUZZY && fnamecmp_type-FNAMECMP_FUZZY <= basis_dir_cnt) {
+                                        fnamecmp_type -= FNAMECMP_FUZZY + 1;
+                                        if (file->dirname) {
+-                                               stringjoin(fnamecmpbuf, sizeof fnamecmpbuf,
+-                                                          basis_dir[fnamecmp_type], "/", file->dirname, "/", xname, NULL);
+-                                       } else
+-                                               pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], xname);
++                                               pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], file->dirname);
++                                               basedir = fnamecmpbuf;
++                                       } else {
++                                               basedir = basis_dir[fnamecmp_type];
++                                       }
++                                       fnamecmp = xname;
+                                } else if (fnamecmp_type >= basis_dir_cnt) {
+                                        rprintf(FERROR,
+                                                "invalid basis_dir index: %d.\n",
+                                                fnamecmp_type);
+                                        exit_cleanup(RERR_PROTOCOL);
+-                               } else
+-                                       pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], fname);
+-                               fnamecmp = fnamecmpbuf;
++                               } else {
++                                       basedir = basis_dir[fnamecmp_type];
++                                       fnamecmp = fname;
++                               }
+                                break;
+                        }
+                        if (!fnamecmp || (daemon_filter_list.head
+@@ -765,7 +769,7 @@ int recv_files(int f_in, int f_out, char *local_name)
+                }
+
+                /* open the file */
+-               fd1 = do_open(fnamecmp, O_RDONLY, 0);
++               fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0);
+
+                if (fd1 == -1 && protocol_version < 29) {
+                        if (fnamecmp != fname) {
+@@ -776,14 +780,20 @@ int recv_files(int f_in, int f_out, char *local_name)
+
+                        if (fd1 == -1 && basis_dir[0]) {
+                                /* pre-29 allowed only one alternate basis */
+-                               pathjoin(fnamecmpbuf, sizeof fnamecmpbuf,
+-                                        basis_dir[0], fname);
+-                               fnamecmp = fnamecmpbuf;
++                               basedir = basis_dir[0];
++                               fnamecmp = fname;
+                                fnamecmp_type = FNAMECMP_BASIS_DIR_LOW;
+-                               fd1 = do_open(fnamecmp, O_RDONLY, 0);
++                               fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0);
+                        }
+                }
+
++               if (basedir) {
++                       // for the following code we need the full
++                       // path name as a single string
++                       pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basedir, fnamecmp);
++                       fnamecmp = fnamecmpbuf;
++               }
++
+                one_inplace = inplace_partial && fnamecmp_type == FNAMECMP_PARTIAL_DIR;
+                updating_basis_or_equiv = one_inplace
+                    || (inplace && (fnamecmp == fname || fnamecmp_type == FNAMECMP_BACKUP));
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch
new file mode 100644
index 0000000000..b85e1dfae4
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch
@@ -0,0 +1,41 @@
+From 9f86ddc9652247233f32b241a79d5aa4fb9d4afa Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Tue, 26 Nov 2024 09:16:31 +1100
+Subject: [PATCH] disallow ../ elements in relpath for secure_relative_open
+
+CVE: CVE-2024-12086
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=9f86ddc9652247233f32b241a79d5aa4fb9d4afa]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ syscall.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/syscall.c b/syscall.c
+index cffc814b..081357bb 100644
+--- a/syscall.c
++++ b/syscall.c
+@@ -716,6 +716,8 @@ int do_open_nofollow(const char *pathname, int flags)
+   must be a relative path, and the relpath must not contain any
+   elements in the path which follow symlinks (ie. like O_NOFOLLOW, but
+   applies to all path components, not just the last component)
++
++  The relpath must also not contain any ../ elements in the path
+ */
+ int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
+ {
+@@ -724,6 +726,11 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo
+                errno = EINVAL;
+                return -1;
+        }
++       if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) {
++               // no ../ elements allowed in the relpath
++               errno = EINVAL;
++               return -1;
++       }
+
+ #if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
+        // really old system, all we can do is live with the risks
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch
new file mode 100644
index 0000000000..67abc64a62
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch
@@ -0,0 +1,49 @@
+From 688f5c379a433038bde36897a156d589be373a98 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Thu, 14 Nov 2024 15:46:50 -0800
+Subject: [PATCH] Refuse a duplicate dirlist.
+
+CVE: CVE-2024-12087
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=688f5c379a433038bde36897a156d589be373a98]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ flist.c | 9 +++++++++
+ rsync.h | 1 +
+ 2 files changed, 10 insertions(+)
+
+diff --git a/flist.c b/flist.c
+index 464d556e..847b1054 100644
+--- a/flist.c
++++ b/flist.c
+@@ -2584,6 +2584,15 @@ struct file_list *recv_file_list(int f, int dir_ndx)
+                init_hard_links();
+ #endif
+
++       if (inc_recurse && dir_ndx >= 0) {
++               struct file_struct *file = dir_flist->files[dir_ndx];
++               if (file->flags & FLAG_GOT_DIR_FLIST) {
++                       rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
++                       exit_cleanup(RERR_PROTOCOL);
++               }
++               file->flags |= FLAG_GOT_DIR_FLIST;
++       }
++
+        flist = flist_new(0, "recv_file_list");
+        flist_expand(flist, FLIST_START_LARGE);
+
+diff --git a/rsync.h b/rsync.h
+index 0f9e277f..b9a7101a 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -84,6 +84,7 @@
+ #define FLAG_DUPLICATE (1<<4)  /* sender */
+ #define FLAG_MISSING_DIR (1<<4)        /* generator */
+ #define FLAG_HLINKED (1<<5)    /* receiver/generator (checked on all types) */
++#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */
+ #define FLAG_HLINK_FIRST (1<<6)        /* receiver/generator (w/FLAG_HLINKED) */
+ #define FLAG_IMPLIED_DIR (1<<6)        /* sender/receiver/generator (dirs only) */
+ #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch
new file mode 100644
index 0000000000..8a22e0c371
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch
@@ -0,0 +1,31 @@
+From 344327385fa47fa5bb67a32c237735e6240cfb93 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Tue, 26 Nov 2024 16:12:45 +1100
+Subject: [PATCH] range check dir_ndx before use
+
+CVE: CVE-2024-12087
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=344327385fa47fa5bb67a32c237735e6240cfb93]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ flist.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/flist.c b/flist.c
+index 847b1054..087f9da6 100644
+--- a/flist.c
++++ b/flist.c
+@@ -2585,6 +2585,10 @@ struct file_list *recv_file_list(int f, int dir_ndx)
+ #endif
+
+        if (inc_recurse && dir_ndx >= 0) {
++               if (dir_ndx >= dir_flist->used) {
++                       rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used);
++                       exit_cleanup(RERR_PROTOCOL);
++               }
+                struct file_struct *file = dir_flist->files[dir_ndx];
+                if (file->flags & FLAG_GOT_DIR_FLIST) {
+                        rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch
new file mode 100644
index 0000000000..0ece69c4e7
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch
@@ -0,0 +1,40 @@
+From 996af4a79f9afe4d7158ecdd87c78cee382c6b39 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 15 Jan 2025 15:10:24 +0100
+Subject: [PATCH] Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
+
+fixes commit 688f5c379a43 (Refuse a duplicate dirlist.)
+
+Fixes: https://github.com/RsyncProject/rsync/issues/702
+Fixes: https://github.com/RsyncProject/rsync/issues/697
+CVE: CVE-2024-12087
+
+Upstream-Status: Backport [https://github.com/RsyncProject/rsync/commit/996af4a79f9afe4d7158ecdd87c78cee382c6b39]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ rsync.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rsync.h b/rsync.h
+index 9be1297b..479ac484 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -84,7 +84,6 @@
+ #define FLAG_DUPLICATE (1<<4)  /* sender */
+ #define FLAG_MISSING_DIR (1<<4)        /* generator */
+ #define FLAG_HLINKED (1<<5)    /* receiver/generator (checked on all types) */
+-#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */
+ #define FLAG_HLINK_FIRST (1<<6)        /* receiver/generator (w/FLAG_HLINKED) */
+ #define FLAG_IMPLIED_DIR (1<<6)        /* sender/receiver/generator (dirs only) */
+ #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */
+@@ -93,6 +92,7 @@
+ #define FLAG_SKIP_GROUP (1<<10)        /* receiver/generator */
+ #define FLAG_TIME_FAILED (1<<11)/* generator */
+ #define FLAG_MOD_NSEC (1<<12)  /* sender/receiver/generator */
++#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */
+
+ /* These flags are passed to functions but not stored. */
+
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12088.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12088.patch
new file mode 100644
index 0000000000..b2a3a86e1a
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12088.patch
@@ -0,0 +1,141 @@
+From 407c71c7ce562137230e8ba19149c81ccc47c387 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Sat, 23 Nov 2024 15:15:53 +1100
+Subject: [PATCH] make --safe-links stricter
+
+when --safe-links is used also reject links where a '../' component is
+included in the destination as other than the leading part of the
+filename
+
+CVE: CVE-2024-12088
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=407c71c7ce562137230e8ba19149c81ccc47c387]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ testsuite/safe-links.test    | 55 ++++++++++++++++++++++++++++++++++++
+ testsuite/unsafe-byname.test |  2 +-
+ util1.c                      | 26 ++++++++++++++++-
+ 3 files changed, 81 insertions(+), 2 deletions(-)
+ create mode 100644 testsuite/safe-links.test
+
+diff --git a/testsuite/safe-links.test b/testsuite/safe-links.test
+new file mode 100644
+index 00000000..6e95a4b9
+--- /dev/null
++++ b/testsuite/safe-links.test
+@@ -0,0 +1,55 @@
++#!/bin/sh
++
++. "$suitedir/rsync.fns"
++
++test_symlink() {
++       is_a_link "$1" || test_fail "File $1 is not a symlink"
++}
++
++test_regular() {
++       if [ ! -f "$1" ]; then
++               test_fail "File $1 is not regular file or not exists"
++       fi
++}
++
++test_notexist() {
++        if [ -e "$1" ]; then
++                test_fail "File $1 exists"
++       fi
++        if [ -h "$1" ]; then
++                test_fail "File $1 exists as a symlink"
++       fi
++}
++
++cd "$tmpdir"
++
++mkdir from
++
++mkdir "from/safe"
++mkdir "from/unsafe"
++
++mkdir "from/safe/files"
++mkdir "from/safe/links"
++
++touch "from/safe/files/file1"
++touch "from/safe/files/file2"
++touch "from/unsafe/unsafefile"
++
++ln -s ../files/file1 "from/safe/links/"
++ln -s ../files/file2 "from/safe/links/"
++ln -s ../../unsafe/unsafefile "from/safe/links/"
++ln -s a/a/a/../../../unsafe2 "from/safe/links/"
++
++#echo "LISTING FROM"
++#ls -lR from
++
++echo "rsync with relative path and just -a"
++$RSYNC -avv --safe-links from/safe/ to
++
++#echo "LISTING TO"
++#ls -lR to
++
++test_symlink to/links/file1
++test_symlink to/links/file2
++test_notexist to/links/unsafefile
++test_notexist to/links/unsafe2
+diff --git a/testsuite/unsafe-byname.test b/testsuite/unsafe-byname.test
+index 75e72014..d2e318ef 100644
+--- a/testsuite/unsafe-byname.test
++++ b/testsuite/unsafe-byname.test
+@@ -40,7 +40,7 @@ test_unsafe ..//../dest               from/dir                        unsafe
+ test_unsafe ..                         from/file                       safe
+ test_unsafe ../..                      from/file                       unsafe
+ test_unsafe ..//..                     from//file                      unsafe
+-test_unsafe dir/..                     from                            safe
++test_unsafe dir/..                     from                            unsafe
+ test_unsafe dir/../..                  from                            unsafe
+ test_unsafe dir/..//..                 from                            unsafe
+
+diff --git a/util1.c b/util1.c
+index da50ff1e..f260d398 100644
+--- a/util1.c
++++ b/util1.c
+@@ -1318,7 +1318,14 @@ int handle_partial_dir(const char *fname, int create)
+  *
+  * "src" is the top source directory currently applicable at the level
+  * of the referenced symlink.  This is usually the symlink's full path
+- * (including its name), as referenced from the root of the transfer. */
++ * (including its name), as referenced from the root of the transfer.
++ *
++ * NOTE: this also rejects dest names with a .. component in other
++ * than the first component of the name ie. it rejects names such as
++ * a/b/../x/y. This needs to be done as the leading subpaths 'a' or
++ * 'b' could later be replaced with symlinks such as a link to '.'
++ * resulting in the link being transferred now becoming unsafe
++ */
+ int unsafe_symlink(const char *dest, const char *src)
+ {
+        const char *name, *slash;
+@@ -1328,6 +1335,23 @@ int unsafe_symlink(const char *dest, const char *src)
+        if (!dest || !*dest || *dest == '/')
+                return 1;
+
++       // reject destinations with /../ in the name other than at the start of the name
++       const char *dest2 = dest;
++       while (strncmp(dest2, "../", 3) == 0) {
++           dest2 += 3;
++           while (*dest2 == '/') {
++               // allow for ..//..///../foo
++               dest2++;
++           }
++       }
++       if (strstr(dest2, "/../"))
++           return 1;
++
++       // reject if the destination ends in /..
++       const size_t dlen = strlen(dest);
++       if (dlen > 3 && strcmp(&dest[dlen-3], "/..") == 0)
++           return 1;
++
+        /* find out what our safety margin is */
+        for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) {
+                /* ".." segment starts the count over.  "." segment is ignored. */
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12747.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12747.patch
new file mode 100644
index 0000000000..b1dd0a03b9
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12747.patch
@@ -0,0 +1,192 @@
+From 0590b09d9a34ae72741b91ec0708a820650198b0 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Wed, 18 Dec 2024 08:59:42 +1100
+Subject: [PATCH] fixed symlink race condition in sender
+
+when we open a file that we don't expect to be a symlink use
+O_NOFOLLOW to prevent a race condition where an attacker could change
+a file between being a normal file and a symlink
+
+CVE: CVE-2024-12747
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=0590b09d9a34ae72741b91ec0708a820650198b0]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ checksum.c  |  2 +-
+ flist.c     |  2 +-
+ generator.c |  4 ++--
+ receiver.c  |  2 +-
+ sender.c    |  2 +-
+ syscall.c   | 20 ++++++++++++++++++++
+ t_unsafe.c  |  3 +++
+ tls.c       |  3 +++
+ trimslash.c |  2 ++
+ util1.c     |  2 +-
+ 10 files changed, 35 insertions(+), 7 deletions(-)
+
+diff --git a/checksum.c b/checksum.c
+index cb21882c..66e80896 100644
+--- a/checksum.c
++++ b/checksum.c
+@@ -406,7 +406,7 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum)
+        int32 remainder;
+        int fd;
+
+-       fd = do_open(fname, O_RDONLY, 0);
++       fd = do_open_checklinks(fname);
+        if (fd == -1) {
+                memset(sum, 0, file_sum_len);
+                return;
+diff --git a/flist.c b/flist.c
+index 087f9da6..17832533 100644
+--- a/flist.c
++++ b/flist.c
+@@ -1390,7 +1390,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist,
+
+        if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) {
+                if (st.st_size == 0) {
+-                       int fd = do_open(fname, O_RDONLY, 0);
++                       int fd = do_open_checklinks(fname);
+                        if (fd >= 0) {
+                                st.st_size = get_device_size(fd, fname);
+                                close(fd);
+diff --git a/generator.c b/generator.c
+index 110db28f..3f13bb95 100644
+--- a/generator.c
++++ b/generator.c
+@@ -1798,7 +1798,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
+
+        if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) {
+                /* This early open into fd skips the regular open below. */
+-               if ((fd = do_open(fnamecmp, O_RDONLY, 0)) >= 0)
++               if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0)
+                        real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp);
+        }
+
+@@ -1867,7 +1867,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
+        }
+
+        /* open the file */
+-       if (fd < 0 && (fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) {
++       if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) {
+                rsyserr(FERROR, errno, "failed to open %s, continuing",
+                        full_fname(fnamecmp));
+          pretend_missing:
+diff --git a/receiver.c b/receiver.c
+index 8031b8f4..edfbb210 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -775,7 +775,7 @@ int recv_files(int f_in, int f_out, char *local_name)
+                        if (fnamecmp != fname) {
+                                fnamecmp = fname;
+                                fnamecmp_type = FNAMECMP_FNAME;
+-                               fd1 = do_open(fnamecmp, O_RDONLY, 0);
++                               fd1 = do_open_nofollow(fnamecmp, O_RDONLY);
+                        }
+
+                        if (fd1 == -1 && basis_dir[0]) {
+diff --git a/sender.c b/sender.c
+index 2bbff2fa..a4d46c39 100644
+--- a/sender.c
++++ b/sender.c
+@@ -350,7 +350,7 @@ void send_files(int f_in, int f_out)
+                        exit_cleanup(RERR_PROTOCOL);
+                }
+
+-               fd = do_open(fname, O_RDONLY, 0);
++               fd = do_open_checklinks(fname);
+                if (fd == -1) {
+                        if (errno == ENOENT) {
+                                enum logcode c = am_daemon && protocol_version < 28 ? FERROR : FWARNING;
+diff --git a/syscall.c b/syscall.c
+index 081357bb..8cea2900 100644
+--- a/syscall.c
++++ b/syscall.c
+@@ -45,6 +45,8 @@ extern int preallocate_files;
+ extern int preserve_perms;
+ extern int preserve_executability;
+ extern int open_noatime;
++extern int copy_links;
++extern int copy_unsafe_links;
+
+ #ifndef S_BLKSIZE
+ # if defined hpux || defined __hpux__ || defined __hpux
+@@ -788,3 +790,21 @@ cleanup:
+        return retfd;
+ #endif // O_NOFOLLOW, O_DIRECTORY
+ }
++
++/*
++  varient of do_open/do_open_nofollow which does do_open() if the
++  copy_links or copy_unsafe_links options are set and does
++  do_open_nofollow() otherwise
++
++  This is used to prevent a race condition where an attacker could be
++  switching a file between being a symlink and being a normal file
++
++  The open is always done with O_RDONLY flags
++ */
++int do_open_checklinks(const char *pathname)
++{
++       if (copy_links || copy_unsafe_links) {
++               return do_open(pathname, O_RDONLY, 0);
++       }
++       return do_open_nofollow(pathname, O_RDONLY);
++}
+diff --git a/t_unsafe.c b/t_unsafe.c
+index 010cac50..e10619a2 100644
+--- a/t_unsafe.c
++++ b/t_unsafe.c
+@@ -28,6 +28,9 @@ int am_root = 0;
+ int am_sender = 1;
+ int read_only = 0;
+ int list_only = 0;
++int copy_links = 0;
++int copy_unsafe_links = 0;
++
+ short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG];
+
+ int
+diff --git a/tls.c b/tls.c
+index e6b0708a..858f8f10 100644
+--- a/tls.c
++++ b/tls.c
+@@ -49,6 +49,9 @@ int list_only = 0;
+ int link_times = 0;
+ int link_owner = 0;
+ int nsec_times = 0;
++int safe_symlinks = 0;
++int copy_links = 0;
++int copy_unsafe_links = 0;
+
+ #ifdef SUPPORT_XATTRS
+
+diff --git a/trimslash.c b/trimslash.c
+index 1ec928ca..f2774cd7 100644
+--- a/trimslash.c
++++ b/trimslash.c
+@@ -26,6 +26,8 @@ int am_root = 0;
+ int am_sender = 1;
+ int read_only = 1;
+ int list_only = 0;
++int copy_links = 0;
++int copy_unsafe_links = 0;
+
+ int
+ main(int argc, char **argv)
+diff --git a/util1.c b/util1.c
+index f260d398..d84bc414 100644
+--- a/util1.c
++++ b/util1.c
+@@ -365,7 +365,7 @@ int copy_file(const char *source, const char *dest, int tmpfilefd, mode_t mode)
+        int len;   /* Number of bytes read into `buf'. */
+        OFF_T prealloc_len = 0, offset = 0;
+
+-       if ((ifd = do_open(source, O_RDONLY, 0)) < 0) {
++       if ((ifd = do_open_nofollow(source, O_RDONLY)) < 0) {
+                int save_errno = errno;
+                rsyserr(FERROR_XFER, errno, "open %s", full_fname(source));
+                errno = save_errno;
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 130581a785..d0796d3c12 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -15,6 +15,18 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
            file://makefile-no-rebuild.patch \
            file://determism.patch \
            file://0001-Add-missing-prototypes-to-function-declarations.patch \
+           file://CVE-2024-12084-0001.patch \
+           file://CVE-2024-12084-0002.patch \
+           file://CVE-2024-12085.patch \
+           file://CVE-2024-12086-0001.patch \
+           file://CVE-2024-12086-0002.patch \
+           file://CVE-2024-12086-0003.patch \
+           file://CVE-2024-12086-0004.patch \
+           file://CVE-2024-12087-0001.patch \
+           file://CVE-2024-12087-0002.patch \
+           file://CVE-2024-12087-0003.patch \
+           file://CVE-2024-12088.patch \
+           file://CVE-2024-12747.patch \
            "
 SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
 
diff --git a/meta/recipes-devtools/ruby/ruby/0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch b/meta/recipes-devtools/ruby/ruby/0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch
deleted file mode 100644
index 1dff9c0f8c..0000000000
--- a/meta/recipes-devtools/ruby/ruby/0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 6b3c202b46b9312c5bb0789145f13d8086e70948 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sun, 15 Jan 2023 02:34:17 -0800
-Subject: [PATCH] fiddle: Use C11 _Alignof to define ALIGN_OF when possible
-
-WG14 N2350 made very clear that it is an UB having type definitions
-within "offsetof" [1]. This patch enhances the implementation of macro
-ALIGN_OF to use builtin "_Alignof" to avoid undefined behavior
-when using std=c11 or newer
-
-clang 16+ has started to flag this [2]
-
-Fixes build when using -std >= gnu11 and using clang16+
-
-Older compilers gcc < 4.9 or clang < 8 has buggy _Alignof even though it
-may support C11, exclude those compiler versions
-
-[1] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2350.htm
-[2] https://reviews.llvm.org/D133574
-
-Upstream-Status: Submitted [https://github.com/ruby/fiddle/pull/120]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- ext/fiddle/fiddle.h | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/ext/fiddle/fiddle.h b/ext/fiddle/fiddle.h
-index 10eb9ce..ffb395e 100644
---- a/ext/fiddle/fiddle.h
-+++ b/ext/fiddle/fiddle.h
-@@ -196,7 +196,17 @@
- #endif
- #define TYPE_UINTPTR_T (-TYPE_INTPTR_T)
- 
--#define ALIGN_OF(type) offsetof(struct {char align_c; type align_x;}, align_x)
-+/* GCC releases before GCC 4.9 had a bug in _Alignof.  See GCC bug 52023
-+   <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52023>.
-+   clang versions < 8.0.0 have the same bug.  */
-+#if (!defined __STDC_VERSION__ || __STDC_VERSION__ < 201112 \
-+     || (defined __GNUC__ && __GNUC__ < 4 + (__GNUC_MINOR__ < 9) \
-+         && !defined __clang__) \
-+     || (defined __clang__ && __clang_major__ < 8))
-+# define ALIGN_OF(type) offsetof(struct {char align_c; type align_x;}, align_x)
-+#else
-+# define ALIGN_OF(type) _Alignof(type)
-+#endif
- 
- #define ALIGN_VOIDP  ALIGN_OF(void*)
- #define ALIGN_CHAR   ALIGN_OF(char)
--- 
-2.39.0
-
diff --git a/meta/recipes-devtools/ruby/ruby/0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch b/meta/recipes-devtools/ruby/ruby/0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch
deleted file mode 100644
index 226ef3af75..0000000000
--- a/meta/recipes-devtools/ruby/ruby/0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 2368d07660a93a2c41d63f3ab6054ca4daeef820 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Tue, 17 Nov 2020 18:31:40 +0000
-Subject: [PATCH] template/Makefile.in: do not write host cross-cc items into
- target config
-
-This helps reproducibility.
-
-Upstream-Status: Inappropriate [oe-core specific]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- template/Makefile.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/template/Makefile.in b/template/Makefile.in
-index 10dc826..940ee07 100644
---- a/template/Makefile.in
-+++ b/template/Makefile.in
-@@ -657,11 +657,11 @@ mjit_config.h:
-        echo '#endif'; \
-        quote MJIT_MIN_HEADER_NAME "$(MJIT_MIN_HEADER_NAME)"; \
-        sep=,; \
--       quote "MJIT_CC_COMMON  " $(MJIT_CC); \
-+       quote "MJIT_CC_COMMON  " ; \
-        quote "MJIT_CFLAGS      MJIT_ARCHFLAG" $(MJIT_CFLAGS); \
-        quote "MJIT_OPTFLAGS   " $(MJIT_OPTFLAGS); \
-        quote "MJIT_DEBUGFLAGS " $(MJIT_DEBUGFLAGS); \
--       quote "MJIT_LDSHARED   " $(MJIT_LDSHARED); \
-+       quote "MJIT_LDSHARED   " ; \
-        quote "MJIT_DLDFLAGS    MJIT_ARCHFLAG" $(MJIT_DLDFLAGS); \
-        quote "MJIT_LIBS       " $(LIBRUBYARG_SHARED); \
-        quote 'PRELOADENV       "@PRELOADENV@"'; \
diff --git a/meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch b/meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
deleted file mode 100644
index 96ae86263b..0000000000
--- a/meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 21d8e7700fa0a9c4bf569dd366134060ae858832 Mon Sep 17 00:00:00 2001
-From: Christopher Larson <chris_larson@mentor.com>
-Date: Thu, 5 May 2016 10:59:07 -0700
-Subject: [PATCH] Obey LDFLAGS for the link of libruby
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Upstream-Status: Pending
-
----
- template/Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/template/Makefile.in b/template/Makefile.in
-index 1456313..15b98a4 100644
---- a/template/Makefile.in
-+++ b/template/Makefile.in
-@@ -127,7 +127,7 @@ ENABLE_SHARED = @ENABLE_SHARED@
- LDSHARED = @LIBRUBY_LDSHARED@
- DLDSHARED = @DLDSHARED@
- XDLDFLAGS = @DLDFLAGS@
--DLDFLAGS = @LIBRUBY_DLDFLAGS@ $(XLDFLAGS) $(ARCH_FLAG)
-+DLDFLAGS = @LIBRUBY_DLDFLAGS@ @LDFLAGS@ $(XLDFLAGS) $(ARCH_FLAG)
- SOLIBS = @SOLIBS@
- ENABLE_DEBUG_ENV = @ENABLE_DEBUG_ENV@
- MAINLIBS = $(YJIT_LIBS) @MAINLIBS@
diff --git a/meta/recipes-devtools/ruby/ruby/0002-template-Makefile.in-filter-out-f-prefix-map.patch b/meta/recipes-devtools/ruby/ruby/0002-template-Makefile.in-filter-out-f-prefix-map.patch
deleted file mode 100644
index 2efbad7513..0000000000
--- a/meta/recipes-devtools/ruby/ruby/0002-template-Makefile.in-filter-out-f-prefix-map.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Subject: [PATCH] template/Makefile.in: filter out -f*prefix-map
-
-If we add DEBUG_PREFIX_MAP into LDFLAGS, ruby and ruby-dbg are no longer
-reproducible.  Fix this.
-
-Upstream-Status: Inappropriate [oe-core specific]
-Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
----
---- a/tool/mjit_archflag.sh
-+++ b/tool/mjit_archflag.sh
-@@ -7,6 +7,20 @@ quote() {
-     echo
- }
- 
-+quote_filtered() {
-+    printf "#${indent}define $1"
-+    while shift && [ "$#" -gt 0 ]; do
-+       case "$1" in
-+           -ffile-prefix-map=*|-fdebug-prefix-map=*|-fmacro-prefix-map=*)
-+               ;;
-+           *)
-+               printf ' "%s"'$sep "$1"
-+               ;;
-+       esac
-+    done
-+    echo
-+}
-+
- archs=""
- arch_flag=""
- 
---- a/template/Makefile.in
-+++ b/template/Makefile.in
-@@ -666,7 +666,7 @@ mjit_config.h:
-        quote "MJIT_OPTFLAGS   " $(MJIT_OPTFLAGS); \
-        quote "MJIT_DEBUGFLAGS " $(MJIT_DEBUGFLAGS); \
-        quote "MJIT_LDSHARED   " ; \
--       quote "MJIT_DLDFLAGS    MJIT_ARCHFLAG" $(MJIT_DLDFLAGS); \
-+       quote_filtered "MJIT_DLDFLAGS    MJIT_ARCHFLAG" $(MJIT_DLDFLAGS); \
-        quote "MJIT_LIBS       " $(LIBRUBYARG_SHARED); \
-        quote 'PRELOADENV       "@PRELOADENV@"'; \
-        indent=$${archs:+'  '}; \
diff --git a/meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch b/meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch
index 41f206523e..0902a201ec 100644
--- a/meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch
+++ b/meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch
@@ -12,20 +12,20 @@ Upstream-Status: Backport [debian]
  1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb
-index 0d72cee..eb7bc25 100644
+index d6eac7f..4b2e95e 100644
 --- a/lib/rubygems/specification.rb
 +++ b/lib/rubygems/specification.rb
-@@ -1691,7 +1691,9 @@ class Gem::Specification < Gem::BasicSpecification
-         raise(Gem::InvalidSpecificationException,
-               "invalid date format in specification: #{date.inspect}")
-       end
--    when Time, DateLike then
-+    when Time then
-+      Time.utc(date.utc.year, date.utc.month, date.utc.day)
-+    when DateLike then
-       Time.utc(date.year, date.month, date.day)
-     else
-       TODAY
+@@ -1707,7 +1707,9 @@ class Gem::Specification < Gem::BasicSpecification
+                 raise(Gem::InvalidSpecificationException,
+                       "invalid date format in specification: #{date.inspect}")
+               end
+-            when Time, DateLike then
++            when Time then
++              Time.utc(date.utc.year, date.utc.month, date.utc.day)
++            when DateLike then
+               Time.utc(date.year, date.month, date.day)
+             else
+               TODAY
 -- 
-2.25.1
+2.40.0
 
diff --git a/meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch b/meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch
index 0a87cae17f..d32e209129 100644
--- a/meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch
+++ b/meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch
@@ -7,7 +7,6 @@ Without an explicit date, they will get the current date and make the
 build unreproducible
 
 Upstream-Status: Backport [debian]
-
 ---
  ext/bigdecimal/bigdecimal.gemspec | 1 +
  ext/fiddle/fiddle.gemspec         | 1 +
@@ -17,12 +16,12 @@ Upstream-Status: Backport [debian]
  5 files changed, 5 insertions(+)
 
 diff --git a/ext/bigdecimal/bigdecimal.gemspec b/ext/bigdecimal/bigdecimal.gemspec
-index d215757..5148d56 100644
+index f9f3b45..b9a469d 100644
 --- a/ext/bigdecimal/bigdecimal.gemspec
 +++ b/ext/bigdecimal/bigdecimal.gemspec
-@@ -4,6 +4,7 @@ Gem::Specification.new do |s|
-   s.name          = "bigdecimal"
-   s.version       = "3.1.3"
+@@ -14,6 +14,7 @@ Gem::Specification.new do |s|
+   s.name          = name
+   s.version       = source_version
    s.authors       = ["Kenta Murata", "Zachary Scott", "Shigeo Kobayashi"]
 +  s.date          = RUBY_RELEASE_DATE
    s.email         = ["mrkn@mrkn.jp"]
@@ -41,10 +40,10 @@ index 8781093..efdca32 100644
    spec.email         = ["aaron@tenderlovemaking.com", "hsbt@ruby-lang.org"]
  
 diff --git a/ext/io/console/io-console.gemspec b/ext/io/console/io-console.gemspec
-index d26a757..cc88c55 100644
+index d4f5276..8f89611 100644
 --- a/ext/io/console/io-console.gemspec
 +++ b/ext/io/console/io-console.gemspec
-@@ -4,6 +4,7 @@ _VERSION = "0.6.0"
+@@ -4,6 +4,7 @@ _VERSION = "0.7.1"
  Gem::Specification.new do |s|
    s.name = "io-console"
    s.version = _VERSION
@@ -65,7 +64,7 @@ index 1f4798e..48743cf 100644
    spec.email         = ["knu@idaemons.org", "ume@mahoroba.org"]
  
 diff --git a/lib/rdoc/rdoc.gemspec b/lib/rdoc/rdoc.gemspec
-index 3c96f7d..fec0872 100644
+index 93a281c..cc5c155 100644
 --- a/lib/rdoc/rdoc.gemspec
 +++ b/lib/rdoc/rdoc.gemspec
 @@ -7,6 +7,7 @@ end
@@ -76,3 +75,6 @@ index 3c96f7d..fec0872 100644
    s.version = RDoc::VERSION
  
    s.authors = [
+-- 
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
deleted file mode 100644
index 17c7e30176..0000000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 2ebb50d2dc302917a6f57c1239dc9e700dfe0e34 Mon Sep 17 00:00:00 2001
-From: Nobuyoshi Nakada <nobu@ruby-lang.org>
-Date: Thu, 27 Jul 2023 15:53:01 +0800
-Subject: [PATCH] Fix quadratic backtracking on invalid relative URI
-
-https://hackerone.com/reports/1958260
-
-CVE: CVE-2023-36617
-
-Upstream-Status: Backport [https://github.com/ruby/uri/commit/9010ee2536adda10a0555ae1ed6fe2f5808e6bf1]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- lib/uri/rfc2396_parser.rb |  4 ++--
- test/uri/test_parser.rb   | 12 ++++++++++++
- 2 files changed, 14 insertions(+), 2 deletions(-)
-
-diff --git a/lib/uri/rfc2396_parser.rb b/lib/uri/rfc2396_parser.rb
-index 76a8f99..00c66cf 100644
---- a/lib/uri/rfc2396_parser.rb
-+++ b/lib/uri/rfc2396_parser.rb
-@@ -497,8 +497,8 @@ module URI
-       ret = {}
- 
-       # for URI::split
--      ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
--      ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
-+      ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
-+      ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
- 
-       # for URI::extract
-       ret[:URI_REF]     = Regexp.new(pattern[:URI_REF])
-diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
-index 72fb590..721e05e 100644
---- a/test/uri/test_parser.rb
-+++ b/test/uri/test_parser.rb
-@@ -79,4 +79,16 @@ class URI::TestParser < Test::Unit::TestCase
-     assert_equal([nil, nil, "example.com", nil, nil, "", nil, nil, nil], URI.split("//example.com"))
-     assert_equal([nil, nil, "[0::0]", nil, nil, "", nil, nil, nil], URI.split("//[0::0]"))
-   end
-+
-+  def test_rfc2822_parse_relative_uri
-+    pre = ->(length) {
-+      " " * length + "\0"
-+    }
-+    parser = URI::RFC2396_Parser.new
-+    assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |uri|
-+      assert_raise(URI::InvalidURIError) do
-+        parser.split(uri)
-+      end
-+    end
-+  end
- end
--- 
-2.25.1
-
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
deleted file mode 100644
index 7c51deaa42..0000000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From eea5868120509c245216c4b5c2d4b5db1c593d0e Mon Sep 17 00:00:00 2001
-From: Nobuyoshi Nakada <nobu@ruby-lang.org>
-Date: Thu, 27 Jul 2023 16:16:30 +0800
-Subject: [PATCH] Fix quadratic backtracking on invalid port number
-
-https://hackerone.com/reports/1958260
-
-CVE: CVE-2023-36617
-
-Upstream-Status: Backport [https://github.com/ruby/uri/commit/9d7bcef1e6ad23c9c6e4932f297fb737888144c8]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- lib/uri/rfc3986_parser.rb |  2 +-
- test/uri/test_parser.rb   | 10 ++++++++++
- 2 files changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb
-index dd24a40..9b1663d 100644
---- a/lib/uri/rfc3986_parser.rb
-+++ b/lib/uri/rfc3986_parser.rb
-@@ -100,7 +100,7 @@ module URI
-         QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
-         FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
-         OPAQUE: /\A(?:[^\/].*)?\z/,
--        PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
-+        PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
-       }
-     end
- 
-diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
-index 721e05e..cee0acb 100644
---- a/test/uri/test_parser.rb
-+++ b/test/uri/test_parser.rb
-@@ -91,4 +91,14 @@ class URI::TestParser < Test::Unit::TestCase
-       end
-     end
-   end
-+
-+  def test_rfc3986_port_check
-+    pre = ->(length) {"\t" * length + "a"}
-+    uri = URI.parse("http://my.example.com")
-+    assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |port|
-+      assert_raise(URI::InvalidComponentError) do
-+        uri.port = port
-+      end
-+    end
-+  end
- end
--- 
-2.25.1
-
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch
deleted file mode 100644
index f69f3bcf4f..0000000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From da7a0c7553ef7250ca665a3fecdc01dbaacbb43d Mon Sep 17 00:00:00 2001
-From: Nobuyoshi Nakada <nobu@...>
-Date: Mon, 15 Apr 2024 11:40:00 +0000
-Subject: [PATCH] Filter marshaled objets
-
-CVE: CVE-2024-27281
-Upstream-Status: Backport [https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- lib/rdoc/store.rb | 45 ++++++++++++++++++++++++++-------------------
- 1 file changed, 26 insertions(+), 19 deletions(-)
-
-diff --git a/lib/rdoc/store.rb b/lib/rdoc/store.rb
-index 9fc540d..5b663d7 100644
---- a/lib/rdoc/store.rb
-+++ b/lib/rdoc/store.rb
-@@ -556,9 +556,7 @@ class RDoc::Store
-   def load_cache
-     #orig_enc = @encoding
- 
--    File.open cache_path, 'rb' do |io|
--      @cache = Marshal.load io
--    end
-+    @cache = marshal_load(cache_path)
- 
-     load_enc = @cache[:encoding]
- 
-@@ -615,9 +613,7 @@ class RDoc::Store
-   def load_class_data klass_name
-     file = class_file klass_name
- 
--    File.open file, 'rb' do |io|
--      Marshal.load io
--    end
-+    marshal_load(file)
-   rescue Errno::ENOENT => e
-     error = MissingFileError.new(self, file, klass_name)
-     error.set_backtrace e.backtrace
-@@ -630,14 +626,10 @@ class RDoc::Store
-   def load_method klass_name, method_name
-     file = method_file klass_name, method_name
- 
--    File.open file, 'rb' do |io|
--      obj = Marshal.load io
--      obj.store = self
--      obj.parent =
--        find_class_or_module(klass_name) || load_class(klass_name) unless
--          obj.parent
--      obj
--    end
-+    obj = marshal_load(file)
-+    obj.store = self
-+    obj.parent ||= find_class_or_module(klass_name) || load_class(klass_name)
-+    obj
-   rescue Errno::ENOENT => e
-     error = MissingFileError.new(self, file, klass_name + method_name)
-     error.set_backtrace e.backtrace
-@@ -650,11 +642,9 @@ class RDoc::Store
-   def load_page page_name
-     file = page_file page_name
- 
--    File.open file, 'rb' do |io|
--      obj = Marshal.load io
--      obj.store = self
--      obj
--    end
-+    obj = marshal_load(file)
-+    obj.store = self
-+    obj
-   rescue Errno::ENOENT => e
-     error = MissingFileError.new(self, file, page_name)
-     error.set_backtrace e.backtrace
-@@ -976,4 +966,21 @@ class RDoc::Store
-     @unique_modules
-   end
- 
-+  private
-+  def marshal_load(file)
-+    File.open(file, 'rb') {|io| Marshal.load(io, MarshalFilter)}
-+  end
-+
-+  MarshalFilter = proc do |obj|
-+    case obj
-+    when true, false, nil, Array, Class, Encoding, Hash, Integer, String, Symbol, RDoc::Text
-+    else
-+      unless obj.class.name.start_with("RDoc::")
-+        raise TypeError, "not permitted class: #{obj.class.name}"
-+      end
-+    end
-+    obj
-+  end
-+  private_constant :MarshalFilter
-+
- end
--- 
-2.25.1
-
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
deleted file mode 100644
index dde7979278..0000000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 989a2355808a63fc45367785c82ffd46d18c900a Mon Sep 17 00:00:00 2001
-From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
-Date: Fri, 12 Apr 2024 15:01:47 +1000
-Subject: [PATCH] Fix Use-After-Free issue for Regexp
-
-Co-authored-by: Isaac Peka <7493006+isaac-peka@users.noreply.github.com>
-
-Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
-CVE: CVE-2024-27282
-Signed-off-by: Ashish Sharma <asharma@mvista.com>
-
- regexec.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/regexec.c b/regexec.c
-index 73694ab14a0b0a..140691ad42489f 100644
---- a/regexec.c
-+++ b/regexec.c
-@@ -3449,8 +3449,8 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
-     CASE(OP_MEMORY_END_PUSH_REC)  MOP_IN(OP_MEMORY_END_PUSH_REC);
-       GET_MEMNUM_INC(mem, p);
-       STACK_GET_MEM_START(mem, stkp); /* should be before push mem-end. */
--      STACK_PUSH_MEM_END(mem, s);
-       mem_start_stk[mem] = GET_STACK_INDEX(stkp);
-+      STACK_PUSH_MEM_END(mem, s);
-       MOP_OUT;
-       JUMP;
- 
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2025-27219.patch b/meta/recipes-devtools/ruby/ruby/CVE-2025-27219.patch
new file mode 100644
index 0000000000..7813a6143c
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2025-27219.patch
@@ -0,0 +1,31 @@
+From 9907b76dad0777ee300de236dad4b559e07596ab Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Fri, 21 Feb 2025 16:01:17 +0900
+Subject: [PATCH] Use String#concat instead of String#+ for reducing cpu usage
+
+Co-authored-by: "Yusuke Endoh" <mame@ruby-lang.org>
+
+Upstream-Status: Backport [https://github.com/ruby/cgi/commit/9907b76dad0777ee300de236dad4b559e07596ab]
+CVE: CVE-2025-27219
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ lib/cgi/cookie.rb | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
+index 9498e2f..1c4ef6a 100644
+--- a/lib/cgi/cookie.rb
++++ b/lib/cgi/cookie.rb
+@@ -190,9 +190,10 @@ def self.parse(raw_cookie)
+         values ||= ""
+         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
+         if cookies.has_key?(name)
+-          values = cookies[name].value + values
++          cookies[name].concat(values)
++        else
++          cookies[name] = Cookie.new(name, *values)
+         end
+-        cookies[name] = Cookie.new(name, *values)
+       end
+ 
+       cookies
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch b/meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch
new file mode 100644
index 0000000000..f2f8bc7f76
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch
@@ -0,0 +1,78 @@
+From cd1eb08076c8b8e310d4d553d427763f2577a1b6 Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Fri, 21 Feb 2025 15:53:31 +0900
+Subject: [PATCH] Escape/unescape unclosed tags as well
+
+Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
+
+CVE: CVE-2025-27220
+
+Upstream-Status: Backport [https://github.com/ruby/cgi/commit/cd1eb08076c8b8e310d4d553d427763f2577a1b6]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ lib/cgi/util.rb           |  4 ++--
+ test/cgi/test_cgi_util.rb | 18 ++++++++++++++++++
+ 2 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb
+index 4986e54..5f12eae 100644
+--- a/lib/cgi/util.rb
++++ b/lib/cgi/util.rb
+@@ -184,7 +184,7 @@ module CGI::Util
+   def escapeElement(string, *elements)
+     elements = elements[0] if elements[0].kind_of?(Array)
+     unless elements.empty?
+-      string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
++      string.gsub(/<\/?(?:#{elements.join("|")})\b[^<>]*+>?/im) do
+         CGI.escapeHTML($&)
+       end
+     else
+@@ -204,7 +204,7 @@ module CGI::Util
+   def unescapeElement(string, *elements)
+     elements = elements[0] if elements[0].kind_of?(Array)
+     unless elements.empty?
+-      string.gsub(/&lt;\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?&gt;/i) do
++      string.gsub(/&lt;\/?(?:#{elements.join("|")})\b(?>[^&]+|&(?![gl]t;)\w+;)*(?:&gt;)?/im) do
+         unescapeHTML($&)
+       end
+     else
+diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb
+index b0612fc..bff77f7 100644
+--- a/test/cgi/test_cgi_util.rb
++++ b/test/cgi/test_cgi_util.rb
+@@ -269,6 +269,14 @@ class CGIUtilTest < Test::Unit::TestCase
+     assert_equal("<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"]))
+     assert_equal("<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escape_element('<BR><A HREF="url"></A>', "A", "IMG"))
+     assert_equal("<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escape_element('<BR><A HREF="url"></A>', ["A", "IMG"]))
++
++    assert_equal("&lt;A &lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escapeElement('<A <A HREF="url"></A>', "A", "IMG"))
++    assert_equal("&lt;A &lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escapeElement('<A <A HREF="url"></A>', ["A", "IMG"]))
++    assert_equal("&lt;A &lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escape_element('<A <A HREF="url"></A>', "A", "IMG"))
++    assert_equal("&lt;A &lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt;", escape_element('<A <A HREF="url"></A>', ["A", "IMG"]))
++
++    assert_equal("&lt;A &lt;A ", escapeElement('<A <A ', "A", "IMG"))
++    assert_equal("&lt;A &lt;A ", escapeElement('<A <A ', ["A", "IMG"]))
+   end
+ 
+ 
+@@ -277,6 +285,16 @@ class CGIUtilTest < Test::Unit::TestCase
+     assert_equal('&lt;BR&gt;<A HREF="url"></A>', unescapeElement(escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"]))
+     assert_equal('&lt;BR&gt;<A HREF="url"></A>', unescape_element(escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG"))
+     assert_equal('&lt;BR&gt;<A HREF="url"></A>', unescape_element(escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"]))
++
++    assert_equal('<A <A HREF="url"></A>', unescapeElement(escapeHTML('<A <A HREF="url"></A>'), "A", "IMG"))
++    assert_equal('<A <A HREF="url"></A>', unescapeElement(escapeHTML('<A <A HREF="url"></A>'), ["A", "IMG"]))
++    assert_equal('<A <A HREF="url"></A>', unescape_element(escapeHTML('<A <A HREF="url"></A>'), "A", "IMG"))
++    assert_equal('<A <A HREF="url"></A>', unescape_element(escapeHTML('<A <A HREF="url"></A>'), ["A", "IMG"]))
++
++    assert_equal('<A <A ', unescapeElement(escapeHTML('<A <A '), "A", "IMG"))
++    assert_equal('<A <A ', unescapeElement(escapeHTML('<A <A '), ["A", "IMG"]))
++    assert_equal('<A <A ', unescape_element(escapeHTML('<A <A '), "A", "IMG"))
++    assert_equal('<A <A ', unescape_element(escapeHTML('<A <A '), ["A", "IMG"]))
+   end
+ end
+ 
+-- 
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0001.patch b/meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0001.patch
new file mode 100644
index 0000000000..95802d04f9
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0001.patch
@@ -0,0 +1,57 @@
+From 3675494839112b64d5f082a9068237b277ed1495 Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Fri, 21 Feb 2025 16:29:36 +0900
+Subject: [PATCH] Truncate userinfo with URI#join, URI#merge and URI#+
+
+CVE: CVE-2025-27221
+
+Upstream-Status: Backport [https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ lib/uri/generic.rb       |  6 +++++-
+ test/uri/test_generic.rb | 11 +++++++++++
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb
+index f3540a2..ecc78c5 100644
+--- a/lib/uri/generic.rb
++++ b/lib/uri/generic.rb
+@@ -1141,7 +1141,11 @@ module URI
+       end
+ 
+       # RFC2396, Section 5.2, 7)
+-      base.set_userinfo(rel.userinfo) if rel.userinfo
++      if rel.userinfo
++        base.set_userinfo(rel.userinfo)
++      else
++        base.set_userinfo(nil)
++      end
+       base.set_host(rel.host)         if rel.host
+       base.set_port(rel.port)         if rel.port
+       base.query = rel.query       if rel.query
+diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb
+index e661937..17ba2b6 100644
+--- a/test/uri/test_generic.rb
++++ b/test/uri/test_generic.rb
+@@ -164,6 +164,17 @@ class URI::TestGeneric < Test::Unit::TestCase
+     # must be empty string to identify as path-abempty, not path-absolute
+     assert_equal('', url.host)
+     assert_equal('http:////example.com', url.to_s)
++
++    # sec-2957667
++    url = URI.parse('http://user:pass@example.com').merge('//example.net')
++    assert_equal('http://example.net', url.to_s)
++    assert_nil(url.userinfo)
++    url = URI.join('http://user:pass@example.com', '//example.net')
++    assert_equal('http://example.net', url.to_s)
++    assert_nil(url.userinfo)
++    url = URI.parse('http://user:pass@example.com') + '//example.net'
++    assert_equal('http://example.net', url.to_s)
++    assert_nil(url.userinfo)
+   end
+ 
+   def test_parse_scheme_with_symbols
+-- 
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0002.patch b/meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0002.patch
new file mode 100644
index 0000000000..4435b87c34
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0002.patch
@@ -0,0 +1,73 @@
+From 2789182478f42ccbb62197f952eb730e4f02bfc5 Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Fri, 21 Feb 2025 18:16:28 +0900
+Subject: [PATCH] Fix merger of URI with authority component
+
+https://hackerone.com/reports/2957667
+
+Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
+
+CVE: CVE-2025-27221
+
+Upstream-Status: Backport [https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ lib/uri/generic.rb       | 19 +++++++------------
+ test/uri/test_generic.rb |  7 +++++++
+ 2 files changed, 14 insertions(+), 12 deletions(-)
+
+diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb
+index ecc78c5..2c0a88d 100644
+--- a/lib/uri/generic.rb
++++ b/lib/uri/generic.rb
+@@ -1133,21 +1133,16 @@ module URI
+       base.fragment=(nil)
+ 
+       # RFC2396, Section 5.2, 4)
+-      if !authority
+-        base.set_path(merge_path(base.path, rel.path)) if base.path && rel.path
+-      else
+-        # RFC2396, Section 5.2, 4)
+-        base.set_path(rel.path) if rel.path
++      if authority
++        base.set_userinfo(rel.userinfo)
++        base.set_host(rel.host)
++        base.set_port(rel.port || base.default_port)
++        base.set_path(rel.path)
++      elsif base.path && rel.path
++        base.set_path(merge_path(base.path, rel.path))
+       end
+ 
+       # RFC2396, Section 5.2, 7)
+-      if rel.userinfo
+-        base.set_userinfo(rel.userinfo)
+-      else
+-        base.set_userinfo(nil)
+-      end
+-      base.set_host(rel.host)         if rel.host
+-      base.set_port(rel.port)         if rel.port
+       base.query = rel.query       if rel.query
+       base.fragment=(rel.fragment) if rel.fragment
+ 
+diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb
+index 17ba2b6..1a70dd4 100644
+--- a/test/uri/test_generic.rb
++++ b/test/uri/test_generic.rb
+@@ -267,6 +267,13 @@ class URI::TestGeneric < Test::Unit::TestCase
+     assert_equal(u0, u1)
+   end
+ 
++  def test_merge_authority
++    u = URI.parse('http://user:pass@example.com:8080')
++    u0 = URI.parse('http://new.example.org/path')
++    u1 = u.merge('//new.example.org/path')
++    assert_equal(u0, u1)
++  end
++
+   def test_route
+     url = URI.parse('http://hoge/a.html').route_to('http://hoge/b.html')
+     assert_equal('b.html', url.to_s)
+-- 
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/remove_has_include_macros.patch b/meta/recipes-devtools/ruby/ruby/remove_has_include_macros.patch
deleted file mode 100644
index b78e3db892..0000000000
--- a/meta/recipes-devtools/ruby/ruby/remove_has_include_macros.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From e74b57febec9bd806e29025e6eeb8091e7021d75 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sun, 26 Jan 2020 11:27:40 -0800
-Subject: [PATCH] Filter out __has_include* compiler defines
-
-They are internal to compiler and this header is later on includes in C
-files, but newer gcc >= 10 complains about it.
-
-error in initial header file:
-| In file included from /tmp/20200124-86625-14hiju4.c:1:
-| /tmp/20200124-86625-11y6l6i.h:13849:9: error: "__has_include" cannot be used as a macro name
-| 13849 | #define __has_include __has_include
-|       |         ^~~~~~~~~~~~~
-| compilation terminated due to -Wfatal-errors.
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
----
- common.mk | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/common.mk b/common.mk
-index 664f750..3b8fbe6 100644
---- a/common.mk
-+++ b/common.mk
-@@ -238,6 +238,8 @@ $(TIMESTAMPDIR)/$(MJIT_HEADER:.h=)$(MJIT_HEADER_SUFFIX).time: probes.h vm.$(OBJE
-        $(ECHO) building $(@F:.time=.h)
-        $(Q)$(MINIRUBY) $(tooldir)/mjit_tabs.rb "$(MJIT_TABS)" \
-                $(CPP) -DMJIT_HEADER $(MJIT_HEADER_FLAGS) $(CFLAGS) $(XCFLAGS) $(CPPFLAGS) $(srcdir)/vm.c $(CPPOUTFLAG)$(@F:.time=.h).new
-+       $(Q)sed -i -e "/#define __has_include __has_include/d" $(@F:.time=.h).new
-+       $(Q)sed -i -e "/#define __has_include_next __has_include_next/d" $(@F:.time=.h).new
-        $(Q) $(IFCHANGE) "--timestamp=$@" $(@F:.time=.h) $(@F:.time=.h).new
- 
- $(MJIT_HEADER:.h=)$(MJIT_HEADER_SUFFIX).h: $(TIMESTAMPDIR)/$(MJIT_HEADER:.h=)$(MJIT_HEADER_SUFFIX).time
diff --git a/meta/recipes-devtools/ruby/ruby_3.2.2.bb b/meta/recipes-devtools/ruby/ruby_3.3.5.bb
index 508154dad5..b37f0d03e7 100644
--- a/meta/recipes-devtools/ruby/ruby_3.2.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.3.5.bb
@@ -10,7 +10,7 @@ LICENSE = "Ruby | BSD-2-Clause | BSD-3-Clause | GPL-2.0-only | ISC | MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=5b8c87559868796979806100db3f3805 \
                     file://BSDL;md5=8b50bc6de8f586dc66790ba11d064d75 \
                     file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://LEGAL;md5=bcd74b47bbaf2051c5e49811a5faa97a \
+                    file://LEGAL;md5=81e6a4d81533b9263da4c3485a0ad883 \
                     "
 
 DEPENDS = "zlib openssl libyaml gdbm readline libffi"
@@ -20,21 +20,16 @@ DEPENDS:append:class-nativesdk = " ruby-native"
 SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
 SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
            file://0001-extmk-fix-cross-compilation-of-external-gems.patch \
-           file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \
-           file://remove_has_include_macros.patch \
            file://run-ptest \
-           file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
-           file://0002-template-Makefile.in-filter-out-f-prefix-map.patch \
            file://0003-rdoc-build-reproducible-documentation.patch \
            file://0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch \
            file://0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch \
            file://0006-Make-gemspecs-reproducible.patch \
            file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \
-           file://0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch \
-           file://CVE-2023-36617_1.patch \
-           file://CVE-2023-36617_2.patch \
-           file://CVE-2024-27281.patch \
-           file://CVE-2024-27282.patch \
+           file://CVE-2025-27219.patch \
+           file://CVE-2025-27220.patch \
+           file://CVE-2025-27221-0001.patch \
+           file://CVE-2025-27221-0002.patch \
            "
 UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
 
@@ -55,7 +50,7 @@ do_configure:prepend() {
 
 DEPENDS:append:libc-musl = " libucontext"
 
-SRC_URI[sha256sum] = "96c57558871a6748de5bc9f274e93f4b5aad06cd8f37befa0e8d94e7b8a423bc"
+SRC_URI[sha256sum] = "3781a3504222c2f26cb4b9eb9c1a12dbf4944d366ce24a9ff8cf99ecbce75196"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
diff --git a/meta/recipes-devtools/rust/cargo_1.75.0.bb b/meta/recipes-devtools/rust/cargo_1.75.0.bb
index 50b7e7c7b4..a6d3f1754b 100644
--- a/meta/recipes-devtools/rust/cargo_1.75.0.bb
+++ b/meta/recipes-devtools/rust/cargo_1.75.0.bb
@@ -50,8 +50,21 @@ do_install:append:class-nativesdk() {
         # sets to libdir but not base_libdir leading to symbol mismatches depending on the
         # host OS. Fully set LD_LIBRARY_PATH to contain both to avoid this.
         create_wrapper ${D}/${bindir}/cargo LD_LIBRARY_PATH=${libdir}:${base_libdir}
+        
+        ENV_SETUP_DIR=${D}${base_prefix}/environment-setup.d
+        mkdir "${ENV_SETUP_DIR}"
+        CARGO_ENV_SETUP_SH="${ENV_SETUP_DIR}/cargo.sh"
+        
+        cat <<- EOF > "${CARGO_ENV_SETUP_SH}"
+        # Keep the below off as long as HTTP/2 is disabled.
+        export CARGO_HTTP_MULTIPLEXING=false
+        
+        export CARGO_HTTP_CAINFO="\$OECORE_NATIVE_SYSROOT/etc/ssl/certs/ca-certificates.crt"
+        EOF
 }
 
+FILES:${PN} += "${base_prefix}/environment-setup.d"
+
 # Disabled due to incompatibility with libgit2 0.28.x (https://github.com/rust-lang/git2-rs/issues/458, https://bugs.gentoo.org/707746#c1)
 # as shipped by Yocto Dunfell.
 # According to https://github.com/rust-lang/git2-rs/issues/458#issuecomment-522567539, there are no compatibility guarantees between
diff --git a/meta/recipes-devtools/rust/files/0001-cargo-do-not-write-host-information-into-compilation.patch b/meta/recipes-devtools/rust/files/0001-cargo-do-not-write-host-information-into-compilation.patch
new file mode 100644
index 0000000000..a6ee867605
--- /dev/null
+++ b/meta/recipes-devtools/rust/files/0001-cargo-do-not-write-host-information-into-compilation.patch
@@ -0,0 +1,51 @@
+From 065d7c263091118437465d714d8a29dbb6296921 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Mon, 13 May 2024 14:57:54 +0200
+Subject: [PATCH] cargo: do not write host information into compilation unit
+ hashes
+
+This breaks reproducibility in cross-builds where the cross-target
+can be the same, but build hosts are different, as seen with
+"rustc --version -v":
+...
+host: x86_64-unknown-linux-gnu
+
+vs.
+
+host: aarch64-unknown-linux-gnu
+
+This can possibly be improved by only hashing host info if the build
+is a native one (e.g. there's no --target option passed to cargo
+invocation) but I'm not sure how.
+
+Upstream-Status: Inappropriate [reported at https://github.com/rust-lang/cargo/issues/13922]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ .../src/cargo/core/compiler/context/compilation_files.rs      | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/tools/cargo/src/cargo/core/compiler/context/compilation_files.rs b/src/tools/cargo/src/cargo/core/compiler/context/compilation_files.rs
+index d83dbf10c..b2ad8d9f3 100644
+--- a/src/tools/cargo/src/cargo/core/compiler/context/compilation_files.rs
++++ b/src/tools/cargo/src/cargo/core/compiler/context/compilation_files.rs
+@@ -652,7 +652,7 @@ fn hash_rustc_version(bcx: &BuildContext<'_, '_>, hasher: &mut StableHasher) {
+     if vers.pre.is_empty() || bcx.config.cli_unstable().separate_nightlies {
+         // For stable, keep the artifacts separate. This helps if someone is
+         // testing multiple versions, to avoid recompiles.
+-        bcx.rustc().verbose_version.hash(hasher);
++        //bcx.rustc().verbose_version.hash(hasher);
+         return;
+     }
+     // On "nightly"/"beta"/"dev"/etc, keep each "channel" separate. Don't hash
+@@ -665,7 +665,7 @@ fn hash_rustc_version(bcx: &BuildContext<'_, '_>, hasher: &mut StableHasher) {
+     // Keep "host" since some people switch hosts to implicitly change
+     // targets, (like gnu vs musl or gnu vs msvc). In the future, we may want
+     // to consider hashing `unit.kind.short_name()` instead.
+-    bcx.rustc().host.hash(hasher);
++    //bcx.rustc().host.hash(hasher);
+     // None of the other lines are important. Currently they are:
+     // binary: rustc  <-- or "rustdoc"
+     // commit-hash: 38114ff16e7856f98b2b4be7ab4cd29b38bed59a
+-- 
+2.39.2
+
diff --git a/meta/recipes-devtools/rust/files/cargo-path.patch b/meta/recipes-devtools/rust/files/cargo-path.patch
deleted file mode 100644
index 9a50c40220..0000000000
--- a/meta/recipes-devtools/rust/files/cargo-path.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix the cargo binary path error and ensure that it is fetched
-during rustc bootstrap in rust oe-selftest.
-
-======================================================================
-ERROR: test_cargoflags (bootstrap_test.BuildBootstrap)
-----------------------------------------------------------------------
-Traceback (most recent call last):
-  File "/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/src/bootstrap/bootstrap_test.py", line 157, in test_cargoflags
-    args, _ = self.build_args(env={"CARGOFLAGS": "--timings"})
-  File "/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/src/bootstrap/bootstrap_test.py", line 154, in build_args
-    return build.build_bootstrap_cmd(env), env
-  File "/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/src/bootstrap/bootstrap.py", line 960, in build_bootstrap_cmd
-    raise Exception("no cargo executable found at `{}`".format(
-Exception: no cargo executable found at `/home/build-st/tmp/work/cortexa57-poky-linux/rust/1.74.1/rustc-1.74.1-src/build/x86_64-unknown-linux-gnu/stage0/bin/cargo`
-
-Upstream-Status: Submitted [https://github.com/rust-lang/rust/pull/120125]
-
-Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
----
-diff --git a/src/bootstrap/bootstrap.py b/src/bootstrap/bootstrap.py
---- a/src/bootstrap/bootstrap.py
-+++ b/src/bootstrap/bootstrap.py
-@@ -954,9 +954,11 @@
-         if "RUSTFLAGS_BOOTSTRAP" in env:
-             env["RUSTFLAGS"] += " " + env["RUSTFLAGS_BOOTSTRAP"]
-
--        env["PATH"] = os.path.join(self.bin_root(), "bin") + \
--            os.pathsep + env["PATH"]
--        if not os.path.isfile(self.cargo()):
-+        cargo_bin_path = os.path.join(self.bin_root(), "bin", "cargo")
-+        if not os.path.isfile(cargo_bin_path):
-+            cargo_bin_path = os.getenv("RUST_TARGET_PATH") + "rust-snapshot/bin/cargo"
-+            env["PATH"] = os.path.dirname(cargo_bin_path) + os.pathsep + env["PATH"]
-+        else:
-             raise Exception("no cargo executable found at `{}`".format(
-                 self.cargo()))
-         args = [self.cargo(), "build", "--manifest-path",
diff --git a/meta/recipes-devtools/rust/rust-cross-canadian.inc b/meta/recipes-devtools/rust/rust-cross-canadian.inc
index 8a51a02293..ac5f6bd57c 100644
--- a/meta/recipes-devtools/rust/rust-cross-canadian.inc
+++ b/meta/recipes-devtools/rust/rust-cross-canadian.inc
@@ -15,6 +15,10 @@ SRC_URI += "file://target-rust-ccld.c"
 LIC_FILES_CHKSUM = "file://target-rust-ccld.c;md5=af4e0e29f81a34cffe05aa07c89e93e9;endline=7"
 S = "${WORKDIR}"
 
+# As per NVD, this CVE only affects to Windows platform
+# Link: https://nvd.nist.gov/vuln/detail/CVE-2024-43402
+CVE_STATUS[CVE-2024-43402] = "not-applicable-platform: Issue only applies on Windows"
+
 # Need to use our SDK's sh here, see #14878
 create_sdk_wrapper () {
         file="$1"
@@ -53,39 +57,17 @@ do_install () {
 
     ENV_SETUP_DIR=${D}${base_prefix}/environment-setup.d
     mkdir "${ENV_SETUP_DIR}"
-    RUST_ENV_SETUP_SH="${ENV_SETUP_DIR}/rust.sh"
+    RUST_ENV_SETUP_SH="${ENV_SETUP_DIR}/${RUST_TARGET_SYS}_rust.sh"
 
     RUST_TARGET_TRIPLE=`echo ${RUST_TARGET_SYS} | tr '[:lower:]' '[:upper:]' | sed 's/-/_/g'`
-    RUST_HOST_TRIPLE=`echo ${RUST_HOST_SYS} | tr '[:lower:]' '[:upper:]' | sed 's/-/_/g'`
-    SDKLOADER=${@bb.utils.contains('SDK_ARCH', 'x86_64', 'ld-linux-x86-64.so.2', '', d)}${@bb.utils.contains('SDK_ARCH', 'i686', 'ld-linux.so.2', '', d)}${@bb.utils.contains('SDK_ARCH', 'aarch64', 'ld-linux-aarch64.so.1', '', d)}${@bb.utils.contains('SDK_ARCH', 'ppc64le', 'ld64.so.2', '', d)}${@bb.utils.contains('SDK_ARCH', 'riscv64', 'ld-linux-riscv64-lp64d.so.1', '', d)}
 
     cat <<- EOF > "${RUST_ENV_SETUP_SH}"
         export CARGO_TARGET_${RUST_TARGET_TRIPLE}_RUSTFLAGS="--sysroot=\$OECORE_TARGET_SYSROOT/usr -C link-arg=--sysroot=\$OECORE_TARGET_SYSROOT"
-        export CARGO_TARGET_${RUST_HOST_TRIPLE}_RUNNER="\$OECORE_NATIVE_SYSROOT/lib/${SDKLOADER}"
         export RUST_TARGET_PATH="\$OECORE_NATIVE_SYSROOT/usr/lib/${TARGET_SYS}/rustlib"
         EOF
 
     chown -R root.root ${D}
 
-    CARGO_ENV_SETUP_SH="${ENV_SETUP_DIR}/cargo.sh"
-    cat <<- EOF > "${CARGO_ENV_SETUP_SH}"
-        export CARGO_HOME="\$OECORE_TARGET_SYSROOT/home/cargo"
-        mkdir -p "\$CARGO_HOME"
-        # Init the default target once, it might be otherwise user modified.
-        if [ ! -f "\$CARGO_HOME/config" ]; then
-                touch "\$CARGO_HOME/config"
-                echo "[build]" >> "\$CARGO_HOME/config"
-                echo 'target = "'${RUST_TARGET_SYS}'"' >> "\$CARGO_HOME/config"
-                echo '# TARGET_SYS' >> "\$CARGO_HOME/config"
-                echo '[target.'${RUST_TARGET_SYS}']' >> "\$CARGO_HOME/config"
-                echo 'linker = "target-rust-ccld"' >> "\$CARGO_HOME/config"
-    fi
-
-        # Keep the below off as long as HTTP/2 is disabled.
-        export CARGO_HTTP_MULTIPLEXING=false
-
-        export CARGO_HTTP_CAINFO="\$OECORE_NATIVE_SYSROOT/etc/ssl/certs/ca-certificates.crt"
-        EOF
 }
 
 FILES:${PN} += "${base_prefix}/environment-setup.d"
diff --git a/meta/recipes-devtools/rust/rust-llvm/0004-llvm-Fix-CVE-2024-0151.patch b/meta/recipes-devtools/rust/rust-llvm/0004-llvm-Fix-CVE-2024-0151.patch
new file mode 100644
index 0000000000..c05685e64d
--- /dev/null
+++ b/meta/recipes-devtools/rust/rust-llvm/0004-llvm-Fix-CVE-2024-0151.patch
@@ -0,0 +1,1086 @@
+commit 78ff617d3f573fb3a9b2fef180fa0fd43d5584ea
+Author: Lucas Duarte Prates <lucas.prates@arm.com>
+Date:   Thu Jun 20 10:22:01 2024 +0100
+
+    [ARM] CMSE security mitigation on function arguments and returned values (#89944)
+
+    The ABI mandates two things related to function calls:
+     - Function arguments must be sign- or zero-extended to the register
+       size by the caller.
+     - Return values must be sign- or zero-extended to the register size by
+       the callee.
+
+    As consequence, callees can assume that function arguments have been
+    extended and so can callers with regards to return values.
+
+    Here lies the problem: Nonsecure code might deliberately ignore this
+    mandate with the intent of attempting an exploit. It might try to pass
+    values that lie outside the expected type's value range in order to
+    trigger undefined behaviour, e.g. out of bounds access.
+
+    With the mitigation implemented, Secure code always performs extension
+    of values passed by Nonsecure code.
+
+    This addresses the vulnerability described in CVE-2024-0151.
+
+    Patches by Victor Campos.
+
+    ---------
+
+    Co-authored-by: Victor Campos <victor.campos@arm.com>
+
+Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/78ff617d3f573fb3a9b2fef180fa0fd43d5584ea]
+CVE: CVE-2024-0151
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+diff --git a/llvm/lib/Target/ARM/ARMISelLowering.cpp b/llvm/lib/Target/ARM/ARMISelLowering.cpp
+index bfe137b95602..5490c3c9df6c 100644
+--- a/llvm/lib/Target/ARM/ARMISelLowering.cpp
++++ b/llvm/lib/Target/ARM/ARMISelLowering.cpp
+@@ -156,6 +156,17 @@ static const MCPhysReg GPRArgRegs[] = {
+   ARM::R0, ARM::R1, ARM::R2, ARM::R3
+ };
+ 
++static SDValue handleCMSEValue(const SDValue &Value, const ISD::InputArg &Arg,
++                               SelectionDAG &DAG, const SDLoc &DL) {
++  assert(Arg.ArgVT.isScalarInteger());
++  assert(Arg.ArgVT.bitsLT(MVT::i32));
++  SDValue Trunc = DAG.getNode(ISD::TRUNCATE, DL, Arg.ArgVT, Value);
++  SDValue Ext =
++      DAG.getNode(Arg.Flags.isSExt() ? ISD::SIGN_EXTEND : ISD::ZERO_EXTEND, DL,
++                  MVT::i32, Trunc);
++  return Ext;
++}
++
+ void ARMTargetLowering::addTypeForNEON(MVT VT, MVT PromotedLdStVT) {
+   if (VT != PromotedLdStVT) {
+     setOperationAction(ISD::LOAD, VT, Promote);
+@@ -2196,7 +2207,7 @@ SDValue ARMTargetLowering::LowerCallResult(
+     SDValue Chain, SDValue InGlue, CallingConv::ID CallConv, bool isVarArg,
+     const SmallVectorImpl<ISD::InputArg> &Ins, const SDLoc &dl,
+     SelectionDAG &DAG, SmallVectorImpl<SDValue> &InVals, bool isThisReturn,
+-    SDValue ThisVal) const {
++    SDValue ThisVal, bool isCmseNSCall) const {
+   // Assign locations to each value returned by this call.
+   SmallVector<CCValAssign, 16> RVLocs;
+   CCState CCInfo(CallConv, isVarArg, DAG.getMachineFunction(), RVLocs,
+@@ -2274,6 +2285,15 @@ SDValue ARMTargetLowering::LowerCallResult(
+         (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16))
+       Val = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), Val);
+ 
++    // On CMSE Non-secure Calls, call results (returned values) whose bitwidth
++    // is less than 32 bits must be sign- or zero-extended after the call for
++    // security reasons. Although the ABI mandates an extension done by the
++    // callee, the latter cannot be trusted to follow the rules of the ABI.
++    const ISD::InputArg &Arg = Ins[VA.getValNo()];
++    if (isCmseNSCall && Arg.ArgVT.isScalarInteger() &&
++        VA.getLocVT().isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32))
++      Val = handleCMSEValue(Val, Arg, DAG, dl);
++
+     InVals.push_back(Val);
+   }
+ 
+@@ -2888,7 +2908,7 @@ ARMTargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI,
+   // return.
+   return LowerCallResult(Chain, InGlue, CallConv, isVarArg, Ins, dl, DAG,
+                          InVals, isThisReturn,
+-                         isThisReturn ? OutVals[0] : SDValue());
++                         isThisReturn ? OutVals[0] : SDValue(), isCmseNSCall);
+ }
+ 
+ /// HandleByVal - Every parameter *after* a byval parameter is passed
+@@ -4485,8 +4505,6 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+                  *DAG.getContext());
+   CCInfo.AnalyzeFormalArguments(Ins, CCAssignFnForCall(CallConv, isVarArg));
+ 
+-  SmallVector<SDValue, 16> ArgValues;
+-  SDValue ArgValue;
+   Function::const_arg_iterator CurOrigArg = MF.getFunction().arg_begin();
+   unsigned CurArgIdx = 0;
+ 
+@@ -4541,6 +4559,7 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+     // Arguments stored in registers.
+     if (VA.isRegLoc()) {
+       EVT RegVT = VA.getLocVT();
++      SDValue ArgValue;
+ 
+       if (VA.needsCustom() && VA.getLocVT() == MVT::v2f64) {
+         // f64 and vector types are split up into multiple registers or
+@@ -4604,16 +4623,6 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+       case CCValAssign::BCvt:
+         ArgValue = DAG.getNode(ISD::BITCAST, dl, VA.getValVT(), ArgValue);
+         break;
+-      case CCValAssign::SExt:
+-        ArgValue = DAG.getNode(ISD::AssertSext, dl, RegVT, ArgValue,
+-                               DAG.getValueType(VA.getValVT()));
+-        ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue);
+-        break;
+-      case CCValAssign::ZExt:
+-        ArgValue = DAG.getNode(ISD::AssertZext, dl, RegVT, ArgValue,
+-                               DAG.getValueType(VA.getValVT()));
+-        ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue);
+-        break;
+       }
+ 
+       // f16 arguments have their size extended to 4 bytes and passed as if they
+@@ -4623,6 +4632,15 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+           (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16))
+         ArgValue = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), ArgValue);
+ 
++      // On CMSE Entry Functions, formal integer arguments whose bitwidth is
++      // less than 32 bits must be sign- or zero-extended in the callee for
++      // security reasons. Although the ABI mandates an extension done by the
++      // caller, the latter cannot be trusted to follow the rules of the ABI.
++      const ISD::InputArg &Arg = Ins[VA.getValNo()];
++      if (AFI->isCmseNSEntryFunction() && Arg.ArgVT.isScalarInteger() &&
++          RegVT.isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32))
++        ArgValue = handleCMSEValue(ArgValue, Arg, DAG, dl);
++
+       InVals.push_back(ArgValue);
+     } else { // VA.isRegLoc()
+       // Only arguments passed on the stack should make it here.
+diff --git a/llvm/lib/Target/ARM/ARMISelLowering.h b/llvm/lib/Target/ARM/ARMISelLowering.h
+index 62a52bdb03f7..a255e9b6fc36 100644
+--- a/llvm/lib/Target/ARM/ARMISelLowering.h
++++ b/llvm/lib/Target/ARM/ARMISelLowering.h
+@@ -891,7 +891,7 @@ class VectorType;
+                             const SmallVectorImpl<ISD::InputArg> &Ins,
+                             const SDLoc &dl, SelectionDAG &DAG,
+                             SmallVectorImpl<SDValue> &InVals, bool isThisReturn,
+-                            SDValue ThisVal) const;
++                            SDValue ThisVal, bool isCmseNSCall) const;
+ 
+     bool supportSplitCSR(MachineFunction *MF) const override {
+       return MF->getFunction().getCallingConv() == CallingConv::CXX_FAST_TLS &&
+diff --git a/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll
+new file mode 100644
+index 0000000000..58eef443c25e
+--- /dev/null
++++ b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll
+@@ -0,0 +1,552 @@
++; RUN: llc %s -mtriple=thumbv8m.main     -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE
++; RUN: llc %s -mtriple=thumbebv8m.main   -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE
++; RUN: llc %s -mtriple=thumbv8.1m.main   -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE
++; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE
++
++@get_idx = hidden local_unnamed_addr global ptr null, align 4
++@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4
++
++define i32 @access_i16() {
++; V8M-COMMON-LABEL: access_i16:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    push {r7, lr}
++; V8M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT:    ldr r0, [r0]
++; V8M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    bic r0, r0, #1
++; V8M-COMMON-NEXT:    sub sp, #136
++; V8M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    mov r1, r0
++; V8M-COMMON-NEXT:    mov r2, r0
++; V8M-COMMON-NEXT:    mov r3, r0
++; V8M-COMMON-NEXT:    mov r4, r0
++; V8M-COMMON-NEXT:    mov r5, r0
++; V8M-COMMON-NEXT:    mov r6, r0
++; V8M-COMMON-NEXT:    mov r7, r0
++; V8M-COMMON-NEXT:    mov r8, r0
++; V8M-COMMON-NEXT:    mov r9, r0
++; V8M-COMMON-NEXT:    mov r10, r0
++; V8M-COMMON-NEXT:    mov r11, r0
++; V8M-COMMON-NEXT:    mov r12, r0
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT:    blxns r0
++; V8M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    add sp, #136
++; V8M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    sxth r0, r0
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i16:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    push {r7, lr}
++; V81M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT:    ldr r0, [r0]
++; V81M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    bic r0, r0, #1
++; V81M-COMMON-NEXT:    sub sp, #136
++; V81M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT:    blxns r0
++; V81M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    add sp, #136
++; V81M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    sxth r0, r0
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    pop {r7, pc}
++entry:
++  %0 = load ptr, ptr @get_idx, align 4
++  %call = tail call signext i16 %0() "cmse_nonsecure_call"
++  %idxprom = sext i16 %call to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %1 = load i32, ptr %arrayidx, align 4
++  ret i32 %1
++}
++
++define i32 @access_u16() {
++; V8M-COMMON-LABEL: access_u16:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    push {r7, lr}
++; V8M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT:    ldr r0, [r0]
++; V8M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    bic r0, r0, #1
++; V8M-COMMON-NEXT:    sub sp, #136
++; V8M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    mov r1, r0
++; V8M-COMMON-NEXT:    mov r2, r0
++; V8M-COMMON-NEXT:    mov r3, r0
++; V8M-COMMON-NEXT:    mov r4, r0
++; V8M-COMMON-NEXT:    mov r5, r0
++; V8M-COMMON-NEXT:    mov r6, r0
++; V8M-COMMON-NEXT:    mov r7, r0
++; V8M-COMMON-NEXT:    mov r8, r0
++; V8M-COMMON-NEXT:    mov r9, r0
++; V8M-COMMON-NEXT:    mov r10, r0
++; V8M-COMMON-NEXT:    mov r11, r0
++; V8M-COMMON-NEXT:    mov r12, r0
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT:    blxns r0
++; V8M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    add sp, #136
++; V8M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    uxth r0, r0
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u16:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    push {r7, lr}
++; V81M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT:    ldr r0, [r0]
++; V81M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    bic r0, r0, #1
++; V81M-COMMON-NEXT:    sub sp, #136
++; V81M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT:    blxns r0
++; V81M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    add sp, #136
++; V81M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    uxth r0, r0
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    pop {r7, pc}
++entry:
++  %0 = load ptr, ptr @get_idx, align 4
++  %call = tail call zeroext i16 %0() "cmse_nonsecure_call"
++  %idxprom = zext i16 %call to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %1 = load i32, ptr %arrayidx, align 4
++  ret i32 %1
++}
++
++define i32 @access_i8() {
++; V8M-COMMON-LABEL: access_i8:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    push {r7, lr}
++; V8M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT:    ldr r0, [r0]
++; V8M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    bic r0, r0, #1
++; V8M-COMMON-NEXT:    sub sp, #136
++; V8M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    mov r1, r0
++; V8M-COMMON-NEXT:    mov r2, r0
++; V8M-COMMON-NEXT:    mov r3, r0
++; V8M-COMMON-NEXT:    mov r4, r0
++; V8M-COMMON-NEXT:    mov r5, r0
++; V8M-COMMON-NEXT:    mov r6, r0
++; V8M-COMMON-NEXT:    mov r7, r0
++; V8M-COMMON-NEXT:    mov r8, r0
++; V8M-COMMON-NEXT:    mov r9, r0
++; V8M-COMMON-NEXT:    mov r10, r0
++; V8M-COMMON-NEXT:    mov r11, r0
++; V8M-COMMON-NEXT:    mov r12, r0
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT:    blxns r0
++; V8M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    add sp, #136
++; V8M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    sxtb r0, r0
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i8:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    push {r7, lr}
++; V81M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT:    ldr r0, [r0]
++; V81M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    bic r0, r0, #1
++; V81M-COMMON-NEXT:    sub sp, #136
++; V81M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT:    blxns r0
++; V81M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    add sp, #136
++; V81M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    sxtb r0, r0
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    pop {r7, pc}
++entry:
++  %0 = load ptr, ptr @get_idx, align 4
++  %call = tail call signext i8 %0() "cmse_nonsecure_call"
++  %idxprom = sext i8 %call to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %1 = load i32, ptr %arrayidx, align 4
++  ret i32 %1
++}
++
++define i32 @access_u8() {
++; V8M-COMMON-LABEL: access_u8:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    push {r7, lr}
++; V8M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT:    ldr r0, [r0]
++; V8M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    bic r0, r0, #1
++; V8M-COMMON-NEXT:    sub sp, #136
++; V8M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    mov r1, r0
++; V8M-COMMON-NEXT:    mov r2, r0
++; V8M-COMMON-NEXT:    mov r3, r0
++; V8M-COMMON-NEXT:    mov r4, r0
++; V8M-COMMON-NEXT:    mov r5, r0
++; V8M-COMMON-NEXT:    mov r6, r0
++; V8M-COMMON-NEXT:    mov r7, r0
++; V8M-COMMON-NEXT:    mov r8, r0
++; V8M-COMMON-NEXT:    mov r9, r0
++; V8M-COMMON-NEXT:    mov r10, r0
++; V8M-COMMON-NEXT:    mov r11, r0
++; V8M-COMMON-NEXT:    mov r12, r0
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT:    blxns r0
++; V8M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    add sp, #136
++; V8M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    uxtb r0, r0
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u8:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    push {r7, lr}
++; V81M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT:    ldr r0, [r0]
++; V81M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    bic r0, r0, #1
++; V81M-COMMON-NEXT:    sub sp, #136
++; V81M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT:    blxns r0
++; V81M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    add sp, #136
++; V81M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    uxtb r0, r0
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    pop {r7, pc}
++entry:
++  %0 = load ptr, ptr @get_idx, align 4
++  %call = tail call zeroext i8 %0() "cmse_nonsecure_call"
++  %idxprom = zext i8 %call to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %1 = load i32, ptr %arrayidx, align 4
++  ret i32 %1
++}
++
++define i32 @access_i1() {
++; V8M-COMMON-LABEL: access_i1:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    push {r7, lr}
++; V8M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT:    ldr r0, [r0]
++; V8M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    bic r0, r0, #1
++; V8M-COMMON-NEXT:    sub sp, #136
++; V8M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    mov r1, r0
++; V8M-COMMON-NEXT:    mov r2, r0
++; V8M-COMMON-NEXT:    mov r3, r0
++; V8M-COMMON-NEXT:    mov r4, r0
++; V8M-COMMON-NEXT:    mov r5, r0
++; V8M-COMMON-NEXT:    mov r6, r0
++; V8M-COMMON-NEXT:    mov r7, r0
++; V8M-COMMON-NEXT:    mov r8, r0
++; V8M-COMMON-NEXT:    mov r9, r0
++; V8M-COMMON-NEXT:    mov r10, r0
++; V8M-COMMON-NEXT:    mov r11, r0
++; V8M-COMMON-NEXT:    mov r12, r0
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT:    blxns r0
++; V8M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    add sp, #136
++; V8M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    and r0, r0, #1
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i1:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    push {r7, lr}
++; V81M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT:    ldr r0, [r0]
++; V81M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    bic r0, r0, #1
++; V81M-COMMON-NEXT:    sub sp, #136
++; V81M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT:    blxns r0
++; V81M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    add sp, #136
++; V81M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    and r0, r0, #1
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    pop {r7, pc}
++entry:
++  %0 = load ptr, ptr @get_idx, align 4
++  %call = tail call zeroext i1 %0() "cmse_nonsecure_call"
++  %idxprom = zext i1 %call to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %1 = load i32, ptr %arrayidx, align 4
++  ret i32 %1
++}
++
++define i32 @access_i5() {
++; V8M-COMMON-LABEL: access_i5:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    push {r7, lr}
++; V8M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT:    ldr r0, [r0]
++; V8M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    bic r0, r0, #1
++; V8M-COMMON-NEXT:    sub sp, #136
++; V8M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    mov r1, r0
++; V8M-COMMON-NEXT:    mov r2, r0
++; V8M-COMMON-NEXT:    mov r3, r0
++; V8M-COMMON-NEXT:    mov r4, r0
++; V8M-COMMON-NEXT:    mov r5, r0
++; V8M-COMMON-NEXT:    mov r6, r0
++; V8M-COMMON-NEXT:    mov r7, r0
++; V8M-COMMON-NEXT:    mov r8, r0
++; V8M-COMMON-NEXT:    mov r9, r0
++; V8M-COMMON-NEXT:    mov r10, r0
++; V8M-COMMON-NEXT:    mov r11, r0
++; V8M-COMMON-NEXT:    mov r12, r0
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT:    blxns r0
++; V8M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    add sp, #136
++; V8M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    sbfx r0, r0, #0, #5
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i5:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    push {r7, lr}
++; V81M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT:    ldr r0, [r0]
++; V81M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    bic r0, r0, #1
++; V81M-COMMON-NEXT:    sub sp, #136
++; V81M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT:    blxns r0
++; V81M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    add sp, #136
++; V81M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    sbfx r0, r0, #0, #5
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    pop {r7, pc}
++entry:
++  %0 = load ptr, ptr @get_idx, align 4
++  %call = tail call signext i5 %0() "cmse_nonsecure_call"
++  %idxprom = sext i5 %call to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %1 = load i32, ptr %arrayidx, align 4
++  ret i32 %1
++}
++
++define i32 @access_u5() {
++; V8M-COMMON-LABEL: access_u5:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    push {r7, lr}
++; V8M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT:    ldr r0, [r0]
++; V8M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    bic r0, r0, #1
++; V8M-COMMON-NEXT:    sub sp, #136
++; V8M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    mov r1, r0
++; V8M-COMMON-NEXT:    mov r2, r0
++; V8M-COMMON-NEXT:    mov r3, r0
++; V8M-COMMON-NEXT:    mov r4, r0
++; V8M-COMMON-NEXT:    mov r5, r0
++; V8M-COMMON-NEXT:    mov r6, r0
++; V8M-COMMON-NEXT:    mov r7, r0
++; V8M-COMMON-NEXT:    mov r8, r0
++; V8M-COMMON-NEXT:    mov r9, r0
++; V8M-COMMON-NEXT:    mov r10, r0
++; V8M-COMMON-NEXT:    mov r11, r0
++; V8M-COMMON-NEXT:    mov r12, r0
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT:    blxns r0
++; V8M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    add sp, #136
++; V8M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    and r0, r0, #31
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u5:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    push {r7, lr}
++; V81M-COMMON-NEXT:    movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT:    movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT:    ldr r0, [r0]
++; V81M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    bic r0, r0, #1
++; V81M-COMMON-NEXT:    sub sp, #136
++; V81M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT:    blxns r0
++; V81M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    add sp, #136
++; V81M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    and r0, r0, #31
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    pop {r7, pc}
++entry:
++  %0 = load ptr, ptr @get_idx, align 4
++  %call = tail call zeroext i5 %0() "cmse_nonsecure_call"
++  %idxprom = zext i5 %call to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %1 = load i32, ptr %arrayidx, align 4
++  ret i32 %1
++}
++
++define i32 @access_i33(ptr %f) {
++; V8M-COMMON-LABEL: access_i33:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    push {r7, lr}
++; V8M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    bic r0, r0, #1
++; V8M-COMMON-NEXT:    sub sp, #136
++; V8M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    mov r1, r0
++; V8M-COMMON-NEXT:    mov r2, r0
++; V8M-COMMON-NEXT:    mov r3, r0
++; V8M-COMMON-NEXT:    mov r4, r0
++; V8M-COMMON-NEXT:    mov r5, r0
++; V8M-COMMON-NEXT:    mov r6, r0
++; V8M-COMMON-NEXT:    mov r7, r0
++; V8M-COMMON-NEXT:    mov r8, r0
++; V8M-COMMON-NEXT:    mov r9, r0
++; V8M-COMMON-NEXT:    mov r10, r0
++; V8M-COMMON-NEXT:    mov r11, r0
++; V8M-COMMON-NEXT:    mov r12, r0
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT:    blxns r0
++; V8M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    add sp, #136
++; V8M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-LE-NEXT:        and r0, r1, #1
++; V8M-BE-NEXT:        and r0, r0, #1
++; V8M-COMMON-NEXT:    rsb.w r0, r0, #0
++; V8M-COMMON-NEXT:    pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i33:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    push {r7, lr}
++; V81M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    bic r0, r0, #1
++; V81M-COMMON-NEXT:    sub sp, #136
++; V81M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT:    blxns r0
++; V81M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    add sp, #136
++; V81M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-LE-NEXT:        and r0, r1, #1
++; V81M-BE-NEXT:        and r0, r0, #1
++; V81M-COMMON-NEXT:    rsb.w r0, r0, #0
++; V81M-COMMON-NEXT:    pop {r7, pc}
++entry:
++  %call = tail call i33 %f() "cmse_nonsecure_call"
++  %shr = ashr i33 %call, 32
++  %conv = trunc nsw i33 %shr to i32
++  ret i32 %conv
++}
++
++define i32 @access_u33(ptr %f) {
++; V8M-COMMON-LABEL: access_u33:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    push {r7, lr}
++; V8M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT:    bic r0, r0, #1
++; V8M-COMMON-NEXT:    sub sp, #136
++; V8M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    mov r1, r0
++; V8M-COMMON-NEXT:    mov r2, r0
++; V8M-COMMON-NEXT:    mov r3, r0
++; V8M-COMMON-NEXT:    mov r4, r0
++; V8M-COMMON-NEXT:    mov r5, r0
++; V8M-COMMON-NEXT:    mov r6, r0
++; V8M-COMMON-NEXT:    mov r7, r0
++; V8M-COMMON-NEXT:    mov r8, r0
++; V8M-COMMON-NEXT:    mov r9, r0
++; V8M-COMMON-NEXT:    mov r10, r0
++; V8M-COMMON-NEXT:    mov r11, r0
++; V8M-COMMON-NEXT:    mov r12, r0
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT:    blxns r0
++; V8M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT:    add sp, #136
++; V8M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-LE-NEXT:        and r0, r1, #1
++; V8M-BE-NEXT:        and r0, r0, #1
++; V8M-COMMON-NEXT:    pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u33:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    push {r7, lr}
++; V81M-COMMON-NEXT:    push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT:    bic r0, r0, #1
++; V81M-COMMON-NEXT:    sub sp, #136
++; V81M-COMMON-NEXT:    vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT:    blxns r0
++; V81M-COMMON-NEXT:    vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT:    add sp, #136
++; V81M-COMMON-NEXT:    pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-LE-NEXT:        and r0, r1, #1
++; V81M-BE-NEXT:        and r0, r0, #1
++; V81M-COMMON-NEXT:    pop {r7, pc}
++entry:
++  %call = tail call i33 %f() "cmse_nonsecure_call"
++  %shr = lshr i33 %call, 32
++  %conv = trunc nuw nsw i33 %shr to i32
++  ret i32 %conv
++}
+diff --git a/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll
+new file mode 100644
+index 0000000000..c66ab00566dd
+--- /dev/null
++++ b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll
+@@ -0,0 +1,368 @@
++; RUN: llc %s -mtriple=thumbv8m.main     -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE
++; RUN: llc %s -mtriple=thumbebv8m.main   -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE
++; RUN: llc %s -mtriple=thumbv8.1m.main   -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE
++; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE
++
++@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4
++
++define i32 @access_i16(i16 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i16:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    sxth r0, r0
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    mov r2, lr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    mov r1, lr
++; V8M-COMMON-NEXT:    mov r3, lr
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT:    mov r12, lr
++; V8M-COMMON-NEXT:    bxns lr
++;
++; V81M-COMMON-LABEL: access_i16:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    sxth r0, r0
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT:    vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT:    bxns lr
++entry:
++  %idxprom = sext i16 %idx to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %0 = load i32, ptr %arrayidx, align 4
++  ret i32 %0
++}
++
++define i32 @access_u16(i16 zeroext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u16:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    uxth r0, r0
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    mov r2, lr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    mov r1, lr
++; V8M-COMMON-NEXT:    mov r3, lr
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT:    mov r12, lr
++; V8M-COMMON-NEXT:    bxns lr
++;
++; V81M-COMMON-LABEL: access_u16:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    uxth r0, r0
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT:    vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT:    bxns lr
++entry:
++  %idxprom = zext i16 %idx to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %0 = load i32, ptr %arrayidx, align 4
++  ret i32 %0
++}
++
++define i32 @access_i8(i8 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i8:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    sxtb r0, r0
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    mov r2, lr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    mov r1, lr
++; V8M-COMMON-NEXT:    mov r3, lr
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT:    mov r12, lr
++; V8M-COMMON-NEXT:    bxns lr
++;
++; V81M-COMMON-LABEL: access_i8:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    sxtb r0, r0
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT:    vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT:    bxns lr
++entry:
++  %idxprom = sext i8 %idx to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %0 = load i32, ptr %arrayidx, align 4
++  ret i32 %0
++}
++
++define i32 @access_u8(i8 zeroext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u8:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    uxtb r0, r0
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    mov r2, lr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    mov r1, lr
++; V8M-COMMON-NEXT:    mov r3, lr
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT:    mov r12, lr
++; V8M-COMMON-NEXT:    bxns lr
++;
++; V81M-COMMON-LABEL: access_u8:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    uxtb r0, r0
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT:    vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT:    bxns lr
++entry:
++  %idxprom = zext i8 %idx to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %0 = load i32, ptr %arrayidx, align 4
++  ret i32 %0
++}
++
++define i32 @access_i1(i1 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i1:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    and r0, r0, #1
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    rsbs r0, r0, #0
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    and r0, r0, #1
++; V8M-COMMON-NEXT:    mov r2, lr
++; V8M-COMMON-NEXT:    mov r3, lr
++; V8M-COMMON-NEXT:    mov r12, lr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    mov r1, lr
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT:    bxns lr
++;
++; V81M-COMMON-LABEL: access_i1:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT:    and r0, r0, #1
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    rsbs r0, r0, #0
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    and r0, r0, #1
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT:    vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT:    bxns lr
++entry:
++  %idxprom = zext i1 %idx to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %0 = load i32, ptr %arrayidx, align 4
++  ret i32 %0
++}
++
++define i32 @access_i5(i5 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i5:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    sbfx r0, r0, #0, #5
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    mov r2, lr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    mov r1, lr
++; V8M-COMMON-NEXT:    mov r3, lr
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT:    mov r12, lr
++; V8M-COMMON-NEXT:    bxns lr
++;
++; V81M-COMMON-LABEL: access_i5:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    sbfx r0, r0, #0, #5
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT:    vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT:    bxns lr
++entry:
++  %idxprom = sext i5 %idx to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %0 = load i32, ptr %arrayidx, align 4
++  ret i32 %0
++}
++
++define i32 @access_u5(i5 zeroext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u5:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    movw r1, :lower16:arr
++; V8M-COMMON-NEXT:    and r0, r0, #31
++; V8M-COMMON-NEXT:    movt r1, :upper16:arr
++; V8M-COMMON-NEXT:    mov r2, lr
++; V8M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT:    mov r1, lr
++; V8M-COMMON-NEXT:    mov r3, lr
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT:    mov r12, lr
++; V8M-COMMON-NEXT:    bxns lr
++;
++; V81M-COMMON-LABEL: access_u5:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT:    movw r1, :lower16:arr
++; V81M-COMMON-NEXT:    and r0, r0, #31
++; V81M-COMMON-NEXT:    movt r1, :upper16:arr
++; V81M-COMMON-NEXT:    ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT:    vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT:    vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT:    bxns lr
++entry:
++  %idxprom = zext i5 %idx to i32
++  %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++  %0 = load i32, ptr %arrayidx, align 4
++  ret i32 %0
++}
++
++define i32 @access_i33(i33 %arg) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i33:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-LE-NEXT:        and r0, r1, #1
++; V8M-BE-NEXT:        and r0, r0, #1
++; V8M-COMMON-NEXT:    mov r1, lr
++; V8M-COMMON-NEXT:    rsbs r0, r0, #0
++; V8M-COMMON-NEXT:    mov r2, lr
++; V8M-COMMON-NEXT:    mov r3, lr
++; V8M-COMMON-NEXT:    mov r12, lr
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT:    bxns lr
++;
++; V81M-COMMON-LABEL: access_i33:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    vstr fpcxtns, [sp, #-4]!
++; V81M-LE-NEXT:        and r0, r1, #1
++; V81M-BE-NEXT:        and r0, r0, #1
++; V81M-COMMON-NEXT:    vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT:    rsbs r0, r0, #0
++; V81M-COMMON-NEXT:    vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT:    bxns lr
++entry:
++  %shr = ashr i33 %arg, 32
++  %conv = trunc nsw i33 %shr to i32
++  ret i32 %conv
++}
++
++define i32 @access_u33(i33 %arg) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u33:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-LE-NEXT:        and r0, r1, #1
++; V8M-BE-NEXT:        and r0, r0, #1
++; V8M-COMMON-NEXT:    mov r1, lr
++; V8M-COMMON-NEXT:    mov r2, lr
++; V8M-COMMON-NEXT:    mov r3, lr
++; V8M-COMMON-NEXT:    mov r12, lr
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT:    bxns lr
++;
++; V81M-COMMON-LABEL: access_u33:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    vstr fpcxtns, [sp, #-4]!
++; V81M-LE-NEXT:        and r0, r1, #1
++; V81M-BE-NEXT:        and r0, r0, #1
++; V81M-COMMON-NEXT:    vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT:    vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT:    bxns lr
++entry:
++  %shr = lshr i33 %arg, 32
++  %conv = trunc nuw nsw i33 %shr to i32
++  ret i32 %conv
++}
++
++define i32 @access_i65(ptr byval(i65) %0) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i65:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    sub sp, #16
++; V8M-COMMON-NEXT:    stm.w sp, {r0, r1, r2, r3}
++; V8M-LE-NEXT:        ldrb.w r0, [sp, #8]
++; V8M-LE-NEXT:        and r0, r0, #1
++; V8M-LE-NEXT:        rsbs r0, r0, #0
++; V8M-BE-NEXT:        movs r1, #0
++; V8M-BE-NEXT:        sub.w r0, r1, r0, lsr #24
++; V8M-COMMON-NEXT:    add sp, #16
++; V8M-COMMON-NEXT:    mov r1, lr
++; V8M-COMMON-NEXT:    mov r2, lr
++; V8M-COMMON-NEXT:    mov r3, lr
++; V8M-COMMON-NEXT:    mov r12, lr
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT:    bxns lr
++;
++; V81M-COMMON-LABEL: access_i65:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT:    sub sp, #16
++; V81M-COMMON-NEXT:    add sp, #4
++; V81M-COMMON-NEXT:    stm.w sp, {r0, r1, r2, r3}
++; V81M-LE-NEXT:        ldrb.w r0, [sp, #8]
++; V81M-LE-NEXT:        and r0, r0, #1
++; V81M-LE-NEXT:        rsbs r0, r0, #0
++; V81M-BE-NEXT:        movs r1, #0
++; V81M-BE-NEXT:        sub.w r0, r1, r0, lsr #24
++; V81M-COMMON-NEXT:    sub sp, #4
++; V81M-COMMON-NEXT:    add sp, #16
++; V81M-COMMON-NEXT:    vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT:    vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT:    bxns lr
++entry:
++  %arg = load i65, ptr %0, align 8
++  %shr = ashr i65 %arg, 64
++  %conv = trunc nsw i65 %shr to i32
++  ret i32 %conv
++}
++
++define i32 @access_u65(ptr byval(i65) %0) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u65:
++; V8M-COMMON:       @ %bb.0: @ %entry
++; V8M-COMMON-NEXT:    sub sp, #16
++; V8M-COMMON-NEXT:    stm.w sp, {r0, r1, r2, r3}
++; V8M-LE-NEXT:        ldrb.w r0, [sp, #8]
++; V8M-BE-NEXT:        lsrs r0, r0, #24
++; V8M-COMMON-NEXT:    add sp, #16
++; V8M-COMMON-NEXT:    mov r1, lr
++; V8M-COMMON-NEXT:    mov r2, lr
++; V8M-COMMON-NEXT:    mov r3, lr
++; V8M-COMMON-NEXT:    mov r12, lr
++; V8M-COMMON-NEXT:    msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT:    bxns lr
++;
++; V81M-COMMON-LABEL: access_u65:
++; V81M-COMMON:       @ %bb.0: @ %entry
++; V81M-COMMON-NEXT:    vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT:    sub sp, #16
++; V81M-COMMON-NEXT:    add sp, #4
++; V81M-COMMON-NEXT:    stm.w sp, {r0, r1, r2, r3}
++; V81M-LE-NEXT:        ldrb.w r0, [sp, #8]
++; V81M-BE-NEXT:        lsrs r0, r0, #24
++; V81M-COMMON-NEXT:    sub sp, #4
++; V81M-COMMON-NEXT:    add sp, #16
++; V81M-COMMON-NEXT:    vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT:    vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT:    clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT:    bxns lr
++entry:
++  %arg = load i65, ptr %0, align 8
++  %shr = lshr i65 %arg, 64
++  %conv = trunc nuw nsw i65 %shr to i32
++  ret i32 %conv
++}
diff --git a/meta/recipes-devtools/rust/rust-llvm_1.75.0.bb b/meta/recipes-devtools/rust/rust-llvm_1.75.0.bb
index 13bdadb5e7..292fc15c55 100644
--- a/meta/recipes-devtools/rust/rust-llvm_1.75.0.bb
+++ b/meta/recipes-devtools/rust/rust-llvm_1.75.0.bb
@@ -10,7 +10,8 @@ require rust-source.inc
 
 SRC_URI += "file://0002-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
             file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
-            file://0003-llvm-fix-include-benchmarks.patch;striplevel=2"
+            file://0003-llvm-fix-include-benchmarks.patch;striplevel=2 \
+            file://0004-llvm-Fix-CVE-2024-0151.patch;striplevel=2"
 
 S = "${RUSTSRC}/src/llvm-project/llvm"
 
diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc
index b14221b6cb..5b433ceae7 100644
--- a/meta/recipes-devtools/rust/rust-source.inc
+++ b/meta/recipes-devtools/rust/rust-source.inc
@@ -7,12 +7,12 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n
             file://rv32-missing-syscalls.patch;patchdir=${RUSTSRC} \
             file://rv32-rustix-libc-backend.patch;patchdir=${RUSTSRC} \
             file://rv32-cargo-rustix-0.38.19-fix.patch;patchdir=${RUSTSRC} \
-            file://cargo-path.patch;patchdir=${RUSTSRC} \
             file://custom-target-cfg.patch;patchdir=${RUSTSRC} \
             file://rustc-bootstrap.patch;patchdir=${RUSTSRC} \
             file://target-build-value.patch;patchdir=${RUSTSRC} \
             file://0001-Handle-vendored-sources-when-remapping-paths.patch;patchdir=${RUSTSRC} \
             file://repro-issue-fix-with-v175.patch;patchdir=${RUSTSRC} \
+            file://0001-cargo-do-not-write-host-information-into-compilation.patch;patchdir=${RUSTSRC} \
 "
 SRC_URI[rust.sha256sum] = "4526f786d673e4859ff2afa0bab2ba13c918b796519a25c1acce06dba9542340"
 
@@ -22,3 +22,4 @@ UPSTREAM_CHECK_URI = "https://forge.rust-lang.org/infra/other-installation-metho
 UPSTREAM_CHECK_REGEX = "rustc-(?P<pver>\d+(\.\d+)+)-src"
 
 CVE_STATUS[CVE-2024-24576] = "not-applicable-platform: Issue only applies on Windows"
+CVE_STATUS[CVE-2024-43402] = "not-applicable-platform: Issue only applies on Windows"
diff --git a/meta/recipes-devtools/rust/rust_1.75.0.bb b/meta/recipes-devtools/rust/rust_1.75.0.bb
index c33f31d261..b9348bf050 100644
--- a/meta/recipes-devtools/rust/rust_1.75.0.bb
+++ b/meta/recipes-devtools/rust/rust_1.75.0.bb
@@ -11,6 +11,11 @@ DEPENDS += "file-native python3-native"
 DEPENDS:append:class-native = " rust-llvm-native"
 DEPENDS:append:class-nativesdk = " nativesdk-rust-llvm"
 
+# native rust uses cargo/rustc from binary snapshots to bootstrap
+# but everything else should use our native builds
+DEPENDS:append:class-target = " cargo-native rust-native"
+DEPENDS:append:class-nativesdk = " cargo-native rust-native"
+
 DEPENDS += "rust-llvm (=${PV})"
 
 RDEPENDS:${PN}:append:class-target = " gcc g++ binutils"
@@ -35,8 +40,6 @@ RUST_ALTERNATE_EXE_PATH_NATIVE = "${STAGING_LIBDIR_NATIVE}/llvm-rust/bin/llvm-co
 # own vendoring.
 CARGO_DISABLE_BITBAKE_VENDORING = "1"
 
-# We can't use RUST_BUILD_SYS here because that may be "musl" if
-# TCLIBC="musl". Snapshots are always -unknown-linux-gnu
 setup_cargo_environment () {
     # The first step is to build bootstrap and some early stage tools,
     # these are build for the same target as the snapshot, e.g.
@@ -54,8 +57,8 @@ do_rust_setup_snapshot () {
 
     # Some versions of rust (e.g. 1.18.0) tries to find cargo in stage0/bin/cargo
     # and fail without it there.
-    mkdir -p ${RUSTSRC}/build/${BUILD_SYS}
-    ln -sf ${WORKDIR}/rust-snapshot/ ${RUSTSRC}/build/${BUILD_SYS}/stage0
+    mkdir -p ${RUSTSRC}/build/${RUST_BUILD_SYS}
+    ln -sf ${WORKDIR}/rust-snapshot/ ${RUSTSRC}/build/${RUST_BUILD_SYS}/stage0
 
     # Need to use uninative's loader if enabled/present since the library paths
     # are used internally by rust and result in symbol mismatches if we don't
@@ -70,9 +73,10 @@ addtask do_test_compile after do_configure do_rust_gen_targets
 do_rust_setup_snapshot[dirs] += "${WORKDIR}/rust-snapshot"
 do_rust_setup_snapshot[vardepsexclude] += "UNINATIVE_LOADER"
 
-# there is a need to enable some more rust tools for the project
-# We can extend a list of more tools via this variable
-RUST_ENABLE_EXTRA_TOOLS ?= "rust-demangler"
+RUSTC_BOOTSTRAP = "${STAGING_BINDIR_NATIVE}/rustc"
+CARGO_BOOTSTRAP = "${STAGING_BINDIR_NATIVE}/cargo"
+RUSTC_BOOTSTRAP:class-native = "${WORKDIR}/rust-snapshot/bin/rustc"
+CARGO_BOOTSTRAP:class-native = "${WORKDIR}/rust-snapshot/bin/cargo"
 
 python do_configure() {
     import json
@@ -145,12 +149,11 @@ python do_configure() {
     config.add_section("build")
     config.set("build", "submodules", e(False))
     config.set("build", "docs", e(False))
-    config.set("build", "tools", e(d.getVar("RUST_ENABLE_EXTRA_TOOLS").split()))
 
-    rustc = d.expand("${WORKDIR}/rust-snapshot/bin/rustc")
+    rustc = d.getVar('RUSTC_BOOTSTRAP')
     config.set("build", "rustc", e(rustc))
 
-    cargo = d.expand("${WORKDIR}/rust-snapshot/bin/cargo")
+    cargo = d.getVar('CARGO_BOOTSTRAP')
     config.set("build", "cargo", e(cargo))
 
     config.set("build", "vendor", e(True))
@@ -267,8 +270,20 @@ rust_do_install:class-nativesdk() {
     rm ${D}${libdir}/rustlib/uninstall.sh
     rm ${D}${libdir}/rustlib/install.log
     rm ${D}${libdir}/rustlib/manifest*
+
+    ENV_SETUP_DIR=${D}${base_prefix}/environment-setup.d
+    mkdir "${ENV_SETUP_DIR}"
+    RUST_ENV_SETUP_SH="${ENV_SETUP_DIR}/rust.sh"
+    RUST_HOST_TRIPLE=`echo ${RUST_HOST_SYS} | tr '[:lower:]' '[:upper:]' | sed 's/-/_/g'`
+    SDKLOADER=${@bb.utils.contains('SDK_ARCH', 'x86_64', 'ld-linux-x86-64.so.2', '', d)}${@bb.utils.contains('SDK_ARCH', 'i686', 'ld-linux.so.2', '', d)}${@bb.utils.contains('SDK_ARCH', 'aarch64', 'ld-linux-aarch64.so.1', '', d)}${@bb.utils.contains('SDK_ARCH', 'ppc64le', 'ld64.so.2', '', d)}${@bb.utils.contains('SDK_ARCH', 'riscv64', 'ld-linux-riscv64-lp64d.so.1', '', d)}
+
+    cat <<- EOF > "${RUST_ENV_SETUP_SH}"
+        export CARGO_TARGET_${RUST_HOST_TRIPLE}_RUNNER="\$OECORE_NATIVE_SYSROOT/lib/${SDKLOADER}"
+        EOF
 }
 
+FILES:${PN} += "${base_prefix}/environment-setup.d"
+
 EXTRA_TOOLS ?= "cargo-clippy clippy-driver rustfmt"
 rust_do_install:class-target() {
     export PSEUDO_UNLOAD=1
diff --git a/meta/recipes-devtools/strace/strace_6.7.bb b/meta/recipes-devtools/strace/strace_6.7.bb
index f365477ccd..c8c83cdf7c 100644
--- a/meta/recipes-devtools/strace/strace_6.7.bb
+++ b/meta/recipes-devtools/strace/strace_6.7.bb
@@ -5,7 +5,7 @@ SECTION = "console/utils"
 LICENSE = "LGPL-2.1-or-later & GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=2433d82e1432a76dc3eadd9002bfe304"
 
-SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \
+SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/strace-${PV}.tar.xz \
            file://update-gawk-paths.patch \
            file://Makefile-ptest.patch \
            file://run-ptest \
@@ -17,7 +17,7 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \
            "
 SRC_URI[sha256sum] = "2090201e1a3ff32846f4fe421c1163b15f440bb38e31355d09f82d3949922af7"
 
-inherit autotools ptest
+inherit autotools github-releases ptest
 
 # Not yet ported to rv32
 COMPATIBLE_HOST:riscv32 = "null"
diff --git a/meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch b/meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch
new file mode 100644
index 0000000000..4b28a58507
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch
@@ -0,0 +1,161 @@
+From 149e299cd7eaadc8248480300b6e13b097c5b3fa Mon Sep 17 00:00:00 2001
+From: Jiaying Song <jiaying.song.cn@windriver.com>
+Date: Fri, 13 Dec 2024 12:19:43 +0800
+Subject: [PATCH] Fix CVE-2024-46901
+
+It has been discovered that the patch for CVE-2013-1968 was incomplete and unintentionally left mod_dav_svn vulnerable to control characters in filenames.
+
+Upstream-Status: Backport
+[https://subversion.apache.org/security/CVE-2024-46901-advisory.txt]
+
+CVE: CVE-2024-46901
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ .../include/private/svn_repos_private.h       |  8 +++++
+ subversion/libsvn_repos/commit.c              |  3 +-
+ subversion/libsvn_repos/repos.c               | 10 +++++++
+ subversion/mod_dav_svn/lock.c                 |  7 +++++
+ subversion/mod_dav_svn/repos.c                | 29 +++++++++++++++++++
+ 5 files changed, 55 insertions(+), 2 deletions(-)
+
+diff --git a/subversion/include/private/svn_repos_private.h b/subversion/include/private/svn_repos_private.h
+index 1fd34e8..1d5fc9c 100644
+--- a/subversion/include/private/svn_repos_private.h
++++ b/subversion/include/private/svn_repos_private.h
+@@ -390,6 +390,14 @@ svn_repos__get_dump_editor(const svn_delta_editor_t **editor,
+                            const char *update_anchor_relpath,
+                            apr_pool_t *pool);
+ 
++/* Validate that the given PATH is a valid pathname that can be stored in
++ * a Subversion repository, according to the name constraints used by the
++ * svn_repos_* layer.
++ */
++svn_error_t *
++svn_repos__validate_new_path(const char *path,
++                             apr_pool_t *scratch_pool);
++
+ #ifdef __cplusplus
+ }
+ #endif /* __cplusplus */
+diff --git a/subversion/libsvn_repos/commit.c b/subversion/libsvn_repos/commit.c
+index 515600d..aad37ee 100644
+--- a/subversion/libsvn_repos/commit.c
++++ b/subversion/libsvn_repos/commit.c
+@@ -308,8 +308,7 @@ add_file_or_directory(const char *path,
+   svn_boolean_t was_copied = FALSE;
+   const char *full_path, *canonicalized_path;
+ 
+-  /* Reject paths which contain control characters (related to issue #4340). */
+-  SVN_ERR(svn_path_check_valid(path, pool));
++  SVN_ERR(svn_repos__validate_new_path(path, pool));
+ 
+   SVN_ERR(svn_relpath_canonicalize_safe(&canonicalized_path, NULL, path,
+                                         pool, pool));
+diff --git a/subversion/libsvn_repos/repos.c b/subversion/libsvn_repos/repos.c
+index 2189de8..119f04b 100644
+--- a/subversion/libsvn_repos/repos.c
++++ b/subversion/libsvn_repos/repos.c
+@@ -2092,3 +2092,13 @@ svn_repos__fs_type(const char **fs_type,
+                      svn_dirent_join(repos_path, SVN_REPOS__DB_DIR, pool),
+                      pool);
+ }
++
++svn_error_t *
++svn_repos__validate_new_path(const char *path,
++                             apr_pool_t *scratch_pool)
++{
++  /* Reject paths which contain control characters (related to issue #4340). */
++  SVN_ERR(svn_path_check_valid(path, scratch_pool));
++
++  return SVN_NO_ERROR;
++}
+diff --git a/subversion/mod_dav_svn/lock.c b/subversion/mod_dav_svn/lock.c
+index 7e9c94b..d2a6aa9 100644
+--- a/subversion/mod_dav_svn/lock.c
++++ b/subversion/mod_dav_svn/lock.c
+@@ -36,6 +36,7 @@
+ #include "svn_pools.h"
+ #include "svn_props.h"
+ #include "private/svn_log.h"
++#include "private/svn_repos_private.h"
+ 
+ #include "dav_svn.h"
+ 
+@@ -717,6 +718,12 @@ append_locks(dav_lockdb *lockdb,
+ 
+       /* Commit a 0-byte file: */
+ 
++      if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                               resource->pool)))
++        return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                    "Request specifies an invalid path.",
++                                    resource->pool);
++
+       if ((serr = dav_svn__get_youngest_rev(&rev, repos, resource->pool)))
+         return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,
+                                     "Could not determine youngest revision",
+diff --git a/subversion/mod_dav_svn/repos.c b/subversion/mod_dav_svn/repos.c
+index 8cbd5e7..778ae9b 100644
+--- a/subversion/mod_dav_svn/repos.c
++++ b/subversion/mod_dav_svn/repos.c
+@@ -2928,6 +2928,15 @@ open_stream(const dav_resource *resource,
+ 
+   if (kind == svn_node_none) /* No existing file. */
+     {
++      serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                          resource->pool);
++
++      if (serr != NULL)
++        {
++          return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                      "Request specifies an invalid path.",
++                                      resource->pool);
++        }
+       serr = svn_fs_make_file(resource->info->root.root,
+                               resource->info->repos_path,
+                               resource->pool);
+@@ -4120,6 +4129,14 @@ create_collection(dav_resource *resource)
+         return err;
+     }
+ 
++  if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                           resource->pool)) != NULL)
++    {
++      return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                  "Request specifies an invalid path.",
++                                  resource->pool);
++    }
++
+   if ((serr = svn_fs_make_dir(resource->info->root.root,
+                               resource->info->repos_path,
+                               resource->pool)) != NULL)
+@@ -4193,6 +4210,12 @@ copy_resource(const dav_resource *src,
+       if (err)
+         return err;
+     }
++  
++  serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
++  if (serr)
++    return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                "Request specifies an invalid path.",
++                                dst->pool);
+ 
+   src_repos_path = svn_repos_path(src->info->repos->repos, src->pool);
+   dst_repos_path = svn_repos_path(dst->info->repos->repos, dst->pool);
+@@ -4430,6 +4453,12 @@ move_resource(dav_resource *src,
+   if (err)
+     return err;
+ 
++  serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
++  if (serr)
++    return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                "Request specifies an invalid path.",
++                                dst->pool);
++
+   /* Copy the src to the dst. */
+   serr = svn_fs_copy(src->info->root.root,  /* the root object of src rev*/
+                      src->info->repos_path, /* the relative path of src */
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/subversion/subversion_1.14.3.bb b/meta/recipes-devtools/subversion/subversion_1.14.3.bb
index 1cf4e1734b..679228cbb8 100644
--- a/meta/recipes-devtools/subversion/subversion_1.14.3.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.14.3.bb
@@ -10,7 +10,8 @@ DEPENDS:append:class-native = " file-replacement-native"
 
 SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://serfmacro.patch \
-           "
+           file://CVE-2024-46901.patch \
+          "
 
 SRC_URI[sha256sum] = "949efd451a09435f7e8573574c71c7b71b194d844890fa49cd61d2262ea1a440"
 
@@ -18,6 +19,8 @@ inherit autotools pkgconfig gettext python3native
 
 CVE_PRODUCT = "apache:subversion"
 
+CVE_STATUS[CVE-2024-45720] = "not-applicable-platform: Issue only applies on Windows"
+
 PACKAGECONFIG ?= ""
 
 PACKAGECONFIG[boost] = "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--without-boost,boost"
diff --git a/meta/recipes-devtools/tcltk/tcl/run-ptest b/meta/recipes-devtools/tcltk/tcl/run-ptest
index a403a74bb6..c485e535c7 100644
--- a/meta/recipes-devtools/tcltk/tcl/run-ptest
+++ b/meta/recipes-devtools/tcltk/tcl/run-ptest
@@ -15,6 +15,8 @@ SKIP="$SKIP cmdMZ-6.6"
 SKIP="$SKIP exit-1.\*"
 # 15407 15421
 SKIP="$SKIP \*io-46.1"
+# io-13.6 explicitly says it can fail on slow/loaded machines
+SKIP="$SKIP io-13.6"
 # 14825
 SKIP="$SKIP socket-\* socket_inet-\*"
 
diff --git a/meta/recipes-extended/acpica/acpica_20240322.bb b/meta/recipes-extended/acpica/acpica_20240322.bb
index 90e3599d32..1f93c0d435 100644
--- a/meta/recipes-extended/acpica/acpica_20240322.bb
+++ b/meta/recipes-extended/acpica/acpica_20240322.bb
@@ -16,7 +16,8 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
 
 DEPENDS = "m4-native flex-native bison-native"
 
-SRC_URI = "git://github.com/acpica/acpica;protocol=https;branch=master"
+SRC_URI = "git://github.com/acpica/acpica;protocol=https;branch=master \
+           file://CVE-2024-24856.patch"
 SRCREV = "170fc3076a86777077637f10b05c32ac21ac13aa"
 
 S = "${WORKDIR}/git"
diff --git a/meta/recipes-extended/acpica/files/CVE-2024-24856.patch b/meta/recipes-extended/acpica/files/CVE-2024-24856.patch
new file mode 100644
index 0000000000..c0c9c00d12
--- /dev/null
+++ b/meta/recipes-extended/acpica/files/CVE-2024-24856.patch
@@ -0,0 +1,31 @@
+From 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 Mon Sep 17 00:00:00 2001
+From: Huai-Yuan Liu <qq810974084@gmail.com>
+Date: Tue, 9 Apr 2024 23:23:39 +0800
+Subject: [PATCH] check null return of ACPI_ALLOCATE_ZEROED in
+ AcpiDbConvertToPackage
+
+ACPI_ALLOCATE_ZEROED may fails, Elements might be null and will cause null pointer dereference later.
+
+Signed-off-by: Huai-Yuan Liu <qq810974084@gmail.com>
+
+CVE: CVE-2024-24856
+Upstream-Status: Backport [https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ source/components/debugger/dbconvert.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/source/components/debugger/dbconvert.c b/source/components/debugger/dbconvert.c
+index 6a41000036..32ad5be179 100644
+--- a/source/components/debugger/dbconvert.c
++++ b/source/components/debugger/dbconvert.c
+@@ -354,6 +354,8 @@ AcpiDbConvertToPackage (
+ 
+     Elements = ACPI_ALLOCATE_ZEROED (
+         DB_DEFAULT_PKG_ELEMENTS * sizeof (ACPI_OBJECT));
++    if (!Elements)
++        return (AE_NO_MEMORY);
+ 
+     This = String;
+     for (i = 0; i < (DB_DEFAULT_PKG_ELEMENTS - 1); i++)
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index b70ba3ae58..5590eb0fa0 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -15,6 +15,11 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
            file://0004-cups-fix-multilib-install-file-conflicts.patch \
            file://volatiles.99_cups \
            file://cups-volatiles.conf \
+           file://CVE-2024-47175-1.patch \
+           file://CVE-2024-47175-2.patch \
+           file://CVE-2024-47175-3.patch \
+           file://CVE-2024-47175-4.patch \
+           file://CVE-2024-47175-5.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch
new file mode 100644
index 0000000000..8ec720ea0d
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch
@@ -0,0 +1,73 @@
+From 9939a70b750edd9d05270060cc5cf62ca98cfbe5 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Mon, 9 Sep 2024 10:03:10 -0400
+Subject: [PATCH] Mirror IPP Everywhere printer changes from master.
+
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/9939a70b750edd9d05270060cc5cf62ca98cfbe5]
+CVE: CVE-2024-47175
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ cups/ppd-cache.c | 10 +++++-----
+ scheduler/ipp.c  |  7 +++++++
+ 2 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
+index e750fcc..cd2d6cb 100644
+--- a/cups/ppd-cache.c
++++ b/cups/ppd-cache.c
+@@ -3317,10 +3317,10 @@ _ppdCreateFromIPP2(
+   }
+   cupsFilePuts(fp, "\"\n");
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+     cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL));
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+     cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL));
+ 
+   if ((attr = ippFindAttribute(supported, "printer-strings-uri", IPP_TAG_URI)) != NULL)
+@@ -3389,10 +3389,10 @@ _ppdCreateFromIPP2(
+   if (ippGetBoolean(ippFindAttribute(supported, "job-accounting-user-id-supported", IPP_TAG_BOOLEAN), 0))
+     cupsFilePuts(fp, "*cupsJobAccountingUserId: True\n");
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+     cupsFilePrintf(fp, "*cupsPrivacyURI: \"%s\"\n", ippGetString(attr, 0, NULL));
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr))
+   {
+     char       prefix = '\"';          // Prefix for string
+ 
+@@ -3410,7 +3410,7 @@ _ppdCreateFromIPP2(
+     cupsFilePuts(fp, "\"\n");
+   }
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr))
+   {
+     char       prefix = '\"';          // Prefix for string
+ 
+diff --git a/scheduler/ipp.c b/scheduler/ipp.c
+index 37623c5..836e41d 100644
+--- a/scheduler/ipp.c
++++ b/scheduler/ipp.c
+@@ -5417,6 +5417,13 @@ create_local_bg_thread(
+     }
+   }
+ 
++  // Validate response from printer...
++  if (!ippValidateAttributes(response))
++  {
++    cupsdLogMessage(CUPSD_LOG_ERROR, "%s: Printer returned invalid data: %s", printer->name, cupsLastErrorString());
++    return (NULL);
++  }
++
+   // TODO: Grab printer icon file...
+   httpClose(http);
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch
new file mode 100644
index 0000000000..11e8209626
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch
@@ -0,0 +1,151 @@
+From 04bb2af4521b56c1699a2c2431c56c05a7102e69 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Mon, 9 Sep 2024 14:05:42 -0400
+Subject: [PATCH] Refactor make-and-model code.
+
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/04bb2af4521b56c1699a2c2431c56c05a7102e69]
+CVE: CVE-2024-47175
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ cups/ppd-cache.c | 103 +++++++++++++++++++++++++++++++++++++++--------
+ 1 file changed, 87 insertions(+), 16 deletions(-)
+
+diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
+index cd2d6cb..a4d7403 100644
+--- a/cups/ppd-cache.c
++++ b/cups/ppd-cache.c
+@@ -3197,9 +3197,10 @@ _ppdCreateFromIPP2(
+   ipp_t                        *media_col,     /* Media collection */
+                        *media_size;    /* Media size collection */
+   char                 make[256],      /* Make and model */
+-                       *model,         /* Model name */
++                       *mptr,          /* Pointer into make and model */
+                        ppdname[PPD_MAX_NAME];
+                                        /* PPD keyword */
++  const char           *model;         /* Model name */
+   int                  i, j,           /* Looping vars */
+                        count,          /* Number of values */
+                        bottom,         /* Largest bottom margin */
+@@ -3260,34 +3261,104 @@ _ppdCreateFromIPP2(
+   }
+ 
+  /*
+-  * Standard stuff for PPD file...
++  * Get a sanitized make and model...
+   */
+ 
+-  cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n");
+-  cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n");
+-  cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
+-  cupsFilePuts(fp, "*LanguageVersion: English\n");
+-  cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n");
+-  cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n");
+-  cupsFilePuts(fp, "*LanguageLevel: \"3\"\n");
+-  cupsFilePuts(fp, "*FileSystem: False\n");
+-  cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n");
++  if ((attr = ippFindAttribute(supported, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr))
++  {
++   /*
++    * Sanitize the model name to only contain PPD-safe characters.
++    */
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-make-and-model", IPP_TAG_TEXT)) != NULL)
+     strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make));
++
++    for (mptr = make; *mptr; mptr ++)
++    {
++      if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"')
++      {
++       /*
++       * Truncate the make and model on the first bad character...
++       */
++
++       *mptr = '\0';
++       break;
++      }
++    }
++
++    while (mptr > make)
++    {
++     /*
++      * Strip trailing whitespace...
++      */
++
++      mptr --;
++      if (*mptr == ' ')
++       *mptr = '\0';
++    }
++
++    if (!make[0])
++    {
++     /*
++      * Use a default make and model if nothing remains...
++      */
++
++      strlcpy(make, "Unknown", sizeof(make));
++    }
++  }
+   else
+-    strlcpy(make, "Unknown Printer", sizeof(make));
++  {
++   /*
++    * Use a default make and model...
++    */
++
++    strlcpy(make, "Unknown", sizeof(make));
++  }
+ 
+   if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) || !_cups_strncasecmp(make, "Hewlett-Packard ", 16))
+   {
++   /*
++    * Normalize HP printer make and model...
++    */
++
+     model = make + 16;
+     strlcpy(make, "HP", sizeof(make));
++
++    if (!_cups_strncasecmp(model, "HP ", 3))
++      model += 3;
++  }
++  else if ((mptr = strchr(make, ' ')) != NULL)
++  {
++   /*
++    * Separate "MAKE MODEL"...
++    */
++
++    while (*mptr && *mptr == ' ')
++      *mptr++ = '\0';
++
++    model = mptr;
+   }
+-  else if ((model = strchr(make, ' ')) != NULL)
+-    *model++ = '\0';
+   else
+-    model = make;
++  {
++   /*
++    * No separate model name...
++    */
+ 
++    model = "Printer";
++  }
++
++ /*
++  * Standard stuff for PPD file...
++  */
++
++  cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n");
++  cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n");
++  cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
++  cupsFilePuts(fp, "*LanguageVersion: English\n");
++  cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n");
++  cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n");
++  cupsFilePuts(fp, "*LanguageLevel: \"3\"\n");
++  cupsFilePuts(fp, "*FileSystem: False\n");
++  cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n");
+   cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make);
+   cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model);
+   cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model);
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch
new file mode 100644
index 0000000000..e7d012fb8a
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch
@@ -0,0 +1,119 @@
+From e0630cd18f76340d302000f2bf6516e99602b844 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Mon, 9 Sep 2024 15:59:57 -0400
+Subject: [PATCH] PPDize preset and template names.
+
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/e0630cd18f76340d302000f2bf6516e99602b844]
+CVE: CVE-2024-47175
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ cups/ppd-cache.c | 33 ++++++++++++++++++++++++---------
+ 1 file changed, 24 insertions(+), 9 deletions(-)
+
+diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
+index a4d7403..53c22be 100644
+--- a/cups/ppd-cache.c
++++ b/cups/ppd-cache.c
+@@ -4976,12 +4976,14 @@ _ppdCreateFromIPP2(
+ 
+       cupsArrayAdd(templates, (void *)keyword);
+ 
++      pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
++
+       snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword);
+       if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
+        if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
+          msgstr = keyword;
+ 
+-      cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", keyword);
++      cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname);
+       for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col))
+       {
+         if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION)
+@@ -4994,7 +4996,7 @@ _ppdCreateFromIPP2(
+        }
+       }
+       cupsFilePuts(fp, "\"\n");
+-      cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, keyword, msgstr);
++      cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr);
+       cupsFilePuts(fp, "*End\n");
+     }
+ 
+@@ -5040,7 +5042,8 @@ _ppdCreateFromIPP2(
+       if (!preset || !preset_name)
+         continue;
+ 
+-      cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name);
++      pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
++      cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname);
+       for (member = ippFirstAttribute(preset); member; member = ippNextAttribute(preset))
+       {
+         member_name = ippGetName(member);
+@@ -5081,7 +5084,10 @@ _ppdCreateFromIPP2(
+             fin_col = ippGetCollection(member, i);
+ 
+             if ((keyword = ippGetString(ippFindAttribute(fin_col, "finishing-template", IPP_TAG_ZERO), 0, NULL)) != NULL)
+-              cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword);
++            {
++              pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
++              cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname);
++            }
+           }
+         }
+         else if (!strcmp(member_name, "media"))
+@@ -5108,13 +5114,13 @@ _ppdCreateFromIPP2(
+           if ((keyword = ippGetString(ippFindAttribute(media_col, "media-source", IPP_TAG_ZERO), 0, NULL)) != NULL)
+           {
+             pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+-            cupsFilePrintf(fp, "*InputSlot %s\n", keyword);
++            cupsFilePrintf(fp, "*InputSlot %s\n", ppdname);
+          }
+ 
+           if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type", IPP_TAG_ZERO), 0, NULL)) != NULL)
+           {
+             pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+-            cupsFilePrintf(fp, "*MediaType %s\n", keyword);
++            cupsFilePrintf(fp, "*MediaType %s\n", ppdname);
+          }
+         }
+         else if (!strcmp(member_name, "print-quality"))
+@@ -5160,7 +5166,10 @@ _ppdCreateFromIPP2(
+       cupsFilePuts(fp, "\"\n*End\n");
+ 
+       if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name)
+-        cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, preset_name, localized_name);
++      {
++        pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
++        cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name);
++      }
+     }
+   }
+ 
+@@ -5544,7 +5553,7 @@ pwg_ppdize_name(const char *ipp,  /* I - IPP keyword */
+        *end;                           /* End of name buffer */
+ 
+ 
+-  if (!ipp)
++  if (!ipp || !_cups_isalnum(*ipp))
+   {
+     *name = '\0';
+     return;
+@@ -5559,8 +5568,14 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */
+       ipp ++;
+       *ptr++ = (char)toupper(*ipp++ & 255);
+     }
+-    else
++    else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || _cups_isalnum(*ipp))
++    {
+       *ptr++ = *ipp++;
++    }
++    else
++    {
++      ipp ++;
++    }
+   }
+ 
+   *ptr = '\0';
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch
new file mode 100644
index 0000000000..7665513485
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch
@@ -0,0 +1,249 @@
+From 1e6ca5913eceee906038bc04cc7ccfbe2923bdfd Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Mon, 23 Sep 2024 09:36:39 -0400
+Subject: [PATCH] Quote PPD localized strings.
+
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd]
+CVE: CVE-2024-47175
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ cups/ppd-cache.c | 93 +++++++++++++++++++++++++++---------------------
+ 1 file changed, 53 insertions(+), 40 deletions(-)
+
+diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
+index 53c22be..f425ac0 100644
+--- a/cups/ppd-cache.c
++++ b/cups/ppd-cache.c
+@@ -32,6 +32,7 @@
+ static int     cups_connect(http_t **http, const char *url, char *resource, size_t ressize);
+ static int     cups_get_url(http_t **http, const char *url, char *name, size_t namesize);
+ static const char *ppd_inputslot_for_keyword(_ppd_cache_t *pc, const char *keyword);
++static void    ppd_put_string(cups_file_t *fp, cups_lang_t *lang, cups_array_t *strings, const char *ppd_option, const char *ppd_choice, const char *pwg_msgid);
+ static void    pwg_add_finishing(cups_array_t *finishings, ipp_finishings_t template, const char *name, const char *value);
+ static void    pwg_add_message(cups_array_t *a, const char *msg, const char *str);
+ static int     pwg_compare_finishings(_pwg_finishings_t *a, _pwg_finishings_t *b);
+@@ -3394,7 +3395,7 @@ _ppdCreateFromIPP2(
+   if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+     cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL));
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-strings-uri", IPP_TAG_URI)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-strings-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+   {
+     http_t     *http = NULL;           /* Connection to printer */
+     char       stringsfile[1024];      /* Temporary strings file */
+@@ -3438,7 +3439,7 @@ _ppdCreateFromIPP2(
+ 
+          response = cupsDoRequest(http, request, resource);
+ 
+-         if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL)
++         if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+            cupsFilePrintf(fp, "*cupsStringsURI %s: \"%s\"\n", keyword, ippGetString(attr, 0, NULL));
+ 
+          ippDelete(response);
+@@ -4044,18 +4045,16 @@ _ppdCreateFromIPP2(
+        cupsFilePrintf(fp, "*DefaultInputSlot: %s\n", ppdname);
+ 
+       for (j = 0; j < (int)(sizeof(sources) / sizeof(sources[0])); j ++)
++      {
+         if (!strcmp(sources[j], keyword))
+        {
+          snprintf(msgid, sizeof(msgid), "media-source.%s", keyword);
+ 
+-         if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
+-           if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
+-             msgstr = keyword;
+-
+          cupsFilePrintf(fp, "*InputSlot %s: \"<</MediaPosition %d>>setpagedevice\"\n", ppdname, j);
+-         cupsFilePrintf(fp, "*%s.InputSlot %s/%s: \"\"\n", lang->language, ppdname, msgstr);
++         ppd_put_string(fp, lang, strings, "InputSlot", ppdname, msgid);
+          break;
+        }
++      }
+     }
+     cupsFilePuts(fp, "*CloseUI: *InputSlot\n");
+   }
+@@ -4081,12 +4080,9 @@ _ppdCreateFromIPP2(
+       pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+ 
+       snprintf(msgid, sizeof(msgid), "media-type.%s", keyword);
+-      if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
+-       if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
+-         msgstr = keyword;
+ 
+       cupsFilePrintf(fp, "*MediaType %s: \"<</MediaType(%s)>>setpagedevice\"\n", ppdname, ppdname);
+-      cupsFilePrintf(fp, "*%s.MediaType %s/%s: \"\"\n", lang->language, ppdname, msgstr);
++      ppd_put_string(fp, lang, strings, "MediaType", ppdname, msgid);
+     }
+     cupsFilePuts(fp, "*CloseUI: *MediaType\n");
+   }
+@@ -4547,12 +4543,9 @@ _ppdCreateFromIPP2(
+       pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+ 
+       snprintf(msgid, sizeof(msgid), "output-bin.%s", keyword);
+-      if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
+-       if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
+-         msgstr = keyword;
+ 
+       cupsFilePrintf(fp, "*OutputBin %s: \"\"\n", ppdname);
+-      cupsFilePrintf(fp, "*%s.OutputBin %s/%s: \"\"\n", lang->language, ppdname, msgstr);
++      ppd_put_string(fp, lang, strings, "OutputBin", ppdname, msgid);
+ 
+       if ((tray_ptr = ippGetOctetString(trays, i, &tray_len)) != NULL)
+       {
+@@ -4671,9 +4664,6 @@ _ppdCreateFromIPP2(
+         cupsArrayAdd(names, (char *)keyword);
+ 
+        snprintf(msgid, sizeof(msgid), "finishings.%d", value);
+-       if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
+-         if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
+-           msgstr = keyword;
+ 
+         if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE)
+           ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE];
+@@ -4688,7 +4678,7 @@ _ppdCreateFromIPP2(
+           continue;
+ 
+        cupsFilePrintf(fp, "*StapleLocation %s: \"\"\n", ppd_keyword);
+-       cupsFilePrintf(fp, "*%s.StapleLocation %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
++       ppd_put_string(fp, lang, strings, "StapleLocation", ppd_keyword, msgid);
+        cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n", value, keyword, ppd_keyword);
+       }
+ 
+@@ -4751,9 +4741,6 @@ _ppdCreateFromIPP2(
+         cupsArrayAdd(names, (char *)keyword);
+ 
+        snprintf(msgid, sizeof(msgid), "finishings.%d", value);
+-       if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
+-         if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
+-           msgstr = keyword;
+ 
+         if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE)
+           ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE];
+@@ -4768,7 +4755,7 @@ _ppdCreateFromIPP2(
+           continue;
+ 
+        cupsFilePrintf(fp, "*FoldType %s: \"\"\n", ppd_keyword);
+-       cupsFilePrintf(fp, "*%s.FoldType %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
++       ppd_put_string(fp, lang, strings, "FoldType", ppd_keyword, msgid);
+        cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n", value, keyword, ppd_keyword);
+       }
+ 
+@@ -4839,9 +4826,6 @@ _ppdCreateFromIPP2(
+         cupsArrayAdd(names, (char *)keyword);
+ 
+        snprintf(msgid, sizeof(msgid), "finishings.%d", value);
+-       if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
+-         if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
+-           msgstr = keyword;
+ 
+         if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE)
+           ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE];
+@@ -4856,7 +4840,7 @@ _ppdCreateFromIPP2(
+           continue;
+ 
+        cupsFilePrintf(fp, "*PunchMedia %s: \"\"\n", ppd_keyword);
+-       cupsFilePrintf(fp, "*%s.PunchMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
++       ppd_put_string(fp, lang, strings, "PunchMedia", ppd_keyword, msgid);
+        cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n", value, keyword, ppd_keyword);
+       }
+ 
+@@ -4927,9 +4911,6 @@ _ppdCreateFromIPP2(
+         cupsArrayAdd(names, (char *)keyword);
+ 
+        snprintf(msgid, sizeof(msgid), "finishings.%d", value);
+-       if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
+-         if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
+-           msgstr = keyword;
+ 
+         if (value == IPP_FINISHINGS_TRIM)
+           ppd_keyword = "Auto";
+@@ -4937,7 +4918,7 @@ _ppdCreateFromIPP2(
+          ppd_keyword = trim_keywords[value - IPP_FINISHINGS_TRIM_AFTER_PAGES];
+ 
+        cupsFilePrintf(fp, "*CutMedia %s: \"\"\n", ppd_keyword);
+-       cupsFilePrintf(fp, "*%s.CutMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
++       ppd_put_string(fp, lang, strings, "CutMedia", ppd_keyword, msgid);
+        cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*CutMedia %s\"\n", value, keyword, ppd_keyword);
+       }
+ 
+@@ -4979,9 +4960,6 @@ _ppdCreateFromIPP2(
+       pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+ 
+       snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword);
+-      if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
+-       if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
+-         msgstr = keyword;
+ 
+       cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname);
+       for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col))
+@@ -4996,7 +4974,7 @@ _ppdCreateFromIPP2(
+        }
+       }
+       cupsFilePuts(fp, "\"\n");
+-      cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr);
++      ppd_put_string(fp, lang, strings, "cupsFinishingTemplate", ppdname, msgid);
+       cupsFilePuts(fp, "*End\n");
+     }
+ 
+@@ -5165,11 +5143,9 @@ _ppdCreateFromIPP2(
+ 
+       cupsFilePuts(fp, "\"\n*End\n");
+ 
+-      if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name)
+-      {
+-        pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
+-        cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name);
+-      }
++      snprintf(msgid, sizeof(msgid), "preset-name.%s", preset_name);
++      pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
++      ppd_put_string(fp, lang, strings, "APPrinterPreset", ppdname, msgid);
+     }
+   }
+ 
+@@ -5440,6 +5416,43 @@ cups_get_url(http_t     **http,          /* IO - Current HTTP connection */
+ }
+ 
+ 
++/*
++ * 'ppd_put_strings()' - Write localization attributes to a PPD file.
++ */
++
++static void
++ppd_put_string(cups_file_t  *fp,       /* I - PPD file */
++               cups_lang_t  *lang,     /* I - Language */
++               cups_array_t *strings,  /* I - Strings */
++              const char   *ppd_option,/* I - PPD option */
++              const char   *ppd_choice,/* I - PPD choice */
++              const char   *pwg_msgid) /* I - PWG message ID */
++{
++  const char   *text;                  /* Localized text */
++
++
++  if ((text = _cupsLangString(lang, pwg_msgid)) == pwg_msgid || !strcmp(pwg_msgid, text))
++  {
++    if ((text = _cupsMessageLookup(strings, pwg_msgid)) == pwg_msgid)
++      return;
++  }
++
++  // Add the first line of localized text...
++  cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice);
++  while (*text && *text != '\n')
++  {
++    // Escape ":" and "<"...
++    if (*text == ':' || *text == '<')
++      cupsFilePrintf(fp, "<%02X>", *text);
++    else
++      cupsFilePutChar(fp, *text);
++
++    text ++;
++  }
++  cupsFilePuts(fp, ": \"\"\n");
++}
++
++
+ /*
+  * 'pwg_add_finishing()' - Add a finishings value.
+  */
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch
new file mode 100644
index 0000000000..77a30857e2
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch
@@ -0,0 +1,40 @@
+From 2abe1ba8a66864aa82cd9836b37e57103b8e1a3b Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Mon, 23 Sep 2024 10:11:31 -0400
+Subject: [PATCH] Fix warnings for unused vars.
+
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b]
+CVE: CVE-2024-47175
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ cups/ppd-cache.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
+index f425ac0..d2533b7 100644
+--- a/cups/ppd-cache.c
++++ b/cups/ppd-cache.c
+@@ -3223,8 +3223,7 @@ _ppdCreateFromIPP2(
+   int                  have_qdraft = 0,/* Have draft quality? */
+                        have_qhigh = 0; /* Have high quality? */
+   char                 msgid[256];     /* Message identifier (attr.value) */
+-  const char           *keyword,       /* Keyword value */
+-                       *msgstr;        /* Localized string */
++  const char           *keyword;       /* Keyword value */
+   cups_array_t         *strings = NULL;/* Printer strings file */
+   struct lconv         *loc = localeconv();
+                                        /* Locale data */
+@@ -5010,9 +5009,8 @@ _ppdCreateFromIPP2(
+     {
+       ipp_t    *preset = ippGetCollection(attr, i);
+                                        /* Preset collection */
+-      const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL),
++      const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL);
+                                        /* Preset name */
+-               *localized_name;        /* Localized preset name */
+       ipp_attribute_t *member;         /* Member attribute in preset */
+       const char *member_name;         /* Member attribute name */
+       char             member_value[256];      /* Member attribute value */
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch
index 67f14bd368..0546fdf8f0 100644
--- a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch
+++ b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch
@@ -1,4 +1,4 @@
-From b36713c8f1ba0e5755b78845a433354a63663b1a Mon Sep 17 00:00:00 2001
+From 095bb1db8b2e68cac40e985f347a7039573e1e80 Mon Sep 17 00:00:00 2001
 From: Kai Kang <kai.kang@windriver.com>
 Date: Thu, 29 Mar 2018 16:02:05 +0800
 Subject: [PATCH] avoid host contamination
@@ -15,10 +15,10 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/devices/devs.mak b/devices/devs.mak
-index 186f704..88ab8c9 100644
+index a5dbc7a..27b55f2 100644
 --- a/devices/devs.mak
 +++ b/devices/devs.mak
-@@ -397,7 +397,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\
+@@ -403,7 +403,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\
  ### NON PORTABLE, ONLY UNIX WITH GCC SUPPORT
  
  $(DEVOBJ)X11.so : $(x11alt_) $(x11_) $(DEVS_MAK) $(MAKEDIRS)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.03.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
index 0504f5244f..bd34058517 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.03.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
@@ -27,7 +27,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
            file://avoid-host-contamination.patch \
            "
 
-SRC_URI[sha256sum] = "31cd01682ad23a801cc3bbc222a55f07c4ea3e068bdfb447792d54db21a2e8ad"
+SRC_URI[sha256sum] = "121861b6d29b2461dec6575c9f3cab665b810bd408d4ec02c86719fa708b0a49"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"
diff --git a/meta/recipes-extended/groff/files/0001-contrib-hdtbl-hdtbl.am-Fix-race-issues-for-parallel-.patch b/meta/recipes-extended/groff/files/0001-contrib-hdtbl-hdtbl.am-Fix-race-issues-for-parallel-.patch
new file mode 100644
index 0000000000..de4a55bbab
--- /dev/null
+++ b/meta/recipes-extended/groff/files/0001-contrib-hdtbl-hdtbl.am-Fix-race-issues-for-parallel-.patch
@@ -0,0 +1,31 @@
+From 771686c042d5f494550d0399f36e00b1ca557b2d Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Mon, 11 Nov 2024 14:12:51 +0000
+Subject: [PATCH] contrib/hdtbl/hdtbl.am: Fix race issues for parallel build
+
+Fixed race issues for parallel build:
+groff: error: couldn't exec soelim: Permission
+
+And:
+groff: error: couldn't exec grn: Permission denied
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/groff/2024-11/msg00097.html]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ contrib/hdtbl/hdtbl.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/contrib/hdtbl/hdtbl.am b/contrib/hdtbl/hdtbl.am
+index 9384fac..70f7bc9 100644
+--- a/contrib/hdtbl/hdtbl.am
++++ b/contrib/hdtbl/hdtbl.am
+@@ -119,7 +119,7 @@ SUFFIXES += .roff .in .ps
+               -e "s|[@]EGREP[@]|$(EGREP)|" $< >$@
+ 
+ $(HDTBLPROCESSEDEXAMPLEFILES): $(DOC_GNU_EPS) groff troff eqn pic tbl \
+-  grops grn font/devps/stamp contrib/hdtbl/examples/common.roff
++  grops grn soelim font/devps/stamp contrib/hdtbl/examples/common.roff
+ 
+ uninstall_groffdirs: uninstall-hdtbl-hook
+ uninstall-hdtbl-hook:
diff --git a/meta/recipes-extended/groff/files/0001-hdtbl-Fix-Savannah-66316-missing-grn-dep.patch b/meta/recipes-extended/groff/files/0001-hdtbl-Fix-Savannah-66316-missing-grn-dep.patch
new file mode 100644
index 0000000000..d9455af2ac
--- /dev/null
+++ b/meta/recipes-extended/groff/files/0001-hdtbl-Fix-Savannah-66316-missing-grn-dep.patch
@@ -0,0 +1,38 @@
+From 12169aa269341753d491a69e9adb86c58dca039a Mon Sep 17 00:00:00 2001
+From: "G. Branden Robinson" <g.branden.robinson@gmail.com>
+Date: Thu, 10 Oct 2024 18:17:08 -0500
+Subject: [PATCH] [hdtbl]: Fix Savannah #66316 (missing `grn` dep).
+
+* hdtbl.am (HDTBLPROCESSEDEXAMPLEFILES): Declare dependency on `grn`;
+  because `-I` flags are used, it is dragged in even though not
+  explicitly needed.  Resolves race against `grn`'s availability in the
+  build tree.
+
+Fixes <https://savannah.gnu.org/bugs/?66316>.  Thanks to Ross Burton for
+the report.
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ contrib/hdtbl/ChangeLog | 10 ++++++++++
+ contrib/hdtbl/hdtbl.am  |  3 +--
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/contrib/hdtbl/hdtbl.am b/contrib/hdtbl/hdtbl.am
+index b6c334c18..3c37174f2 100644
+--- a/contrib/hdtbl/hdtbl.am
++++ b/contrib/hdtbl/hdtbl.am
+@@ -119,9 +119,8 @@ SUFFIXES += .roff .in .ps
+        && sed -e "s|[@]fontdir[@]|$(fontdir)|" \
+               -e "s|[@]EGREP[@]|$(EGREP)|" $< >$@
+ 
+-
+ $(HDTBLPROCESSEDEXAMPLEFILES): $(DOC_GNU_EPS) groff troff eqn pic tbl \
+-  grops font/devps/stamp contrib/hdtbl/examples/common.roff
++  grops grn font/devps/stamp contrib/hdtbl/examples/common.roff
+ 
+ uninstall_groffdirs: uninstall-hdtbl-hook
+ uninstall-hdtbl-hook:
+-- 
+2.34.1
+
diff --git a/meta/recipes-extended/groff/groff_1.23.0.bb b/meta/recipes-extended/groff/groff_1.23.0.bb
index 0fc4f831d8..34a42c7e26 100644
--- a/meta/recipes-extended/groff/groff_1.23.0.bb
+++ b/meta/recipes-extended/groff/groff_1.23.0.bb
@@ -12,6 +12,8 @@ SRC_URI = "${GNU_MIRROR}/groff/groff-${PV}.tar.gz \
            file://0001-Make-manpages-mulitlib-identical.patch \
            file://0001-build-Fix-Savannah-64681-webpage.ps-deps.patch \
            file://0001-build-meintro_fr.ps-depends-on-tbl.patch \
+           file://0001-hdtbl-Fix-Savannah-66316-missing-grn-dep.patch \
+           file://0001-contrib-hdtbl-hdtbl.am-Fix-race-issues-for-parallel-.patch \
            "
 
 SRC_URI[sha256sum] = "6b9757f592b7518b4902eb6af7e54570bdccba37a871fddb2d30ae3863511c13"
diff --git a/meta/recipes-extended/iputils/iputils/CVE-2025-47268.patch b/meta/recipes-extended/iputils/iputils/CVE-2025-47268.patch
new file mode 100644
index 0000000000..dd31b79031
--- /dev/null
+++ b/meta/recipes-extended/iputils/iputils/CVE-2025-47268.patch
@@ -0,0 +1,143 @@
+From 070cfacd7348386173231fb16fad4983d4e6ae40 Mon Sep 17 00:00:00 2001
+From: Petr Vorel <pvorel@suse.cz>
+Date: Mon, 5 May 2025 23:55:57 +0200
+Subject: [PATCH] ping: Fix signed 64-bit integer overflow in RTT calculation
+
+Crafted ICMP Echo Reply packet can cause signed integer overflow in
+
+1) triptime calculation:
+triptime = tv->tv_sec * 1000000 + tv->tv_usec;
+
+2) tsum2 increment which uses triptime
+rts->tsum2 += (double)((long long)triptime * (long long)triptime);
+
+3) final tmvar:
+tmvar = (rts->tsum2 / total) - (tmavg * tmavg)
+
+    $ export CFLAGS="-O1 -g -fsanitize=address,undefined -fno-omit-frame-pointer"
+    $ export LDFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer"
+    $ meson setup .. -Db_sanitize=address,undefined
+    $ ninja
+    $ ./ping/ping -c2 127.0.0.1
+
+    PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
+    64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.061 ms
+    ../ping/ping_common.c:757:25: runtime error: signed integer overflow: -2513732689199106 * 1000000 cannot be represented in type 'long int'
+    ../ping/ping_common.c:757:12: runtime error: signed integer overflow: -4975495174606980224 + -6510615555425289427 cannot be represented in type 'long int'
+    ../ping/ping_common.c:769:47: runtime error: signed integer overflow: 6960633343677281965 * 6960633343677281965 cannot be represented in type 'long int'
+    24 bytes from 127.0.0.1: icmp_seq=1 ttl=64 (truncated)
+    ./ping/ping: Warning: time of day goes back (-7256972569576721377us), taking countermeasures
+    ./ping/ping: Warning: time of day goes back (-7256972569576721232us), taking countermeasures
+    24 bytes from 127.0.0.1: icmp_seq=1 ttl=64 (truncated)
+    ../ping/ping_common.c:265:16: runtime error: signed integer overflow: 6960633343677281965 * 2 cannot be represented in type 'long int'
+    64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.565 ms
+
+    --- 127.0.0.1 ping statistics ---
+    2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 1002ms
+    ../ping/ping_common.c:940:42: runtime error: signed integer overflow: 1740158335919320832 * 1740158335919320832 cannot be represented in type 'long int'
+    rtt min/avg/max/mdev = 0.000/1740158335919320.832/6960633343677281.965/-1623514645242292.-224 ms
+
+To fix the overflow check allowed ranges of struct timeval members:
+* tv_sec <0, LONG_MAX/1000000>
+* tv_usec <0, 999999>
+
+Fix includes 2 new error messages (needs translation).
+Also existing message "time of day goes back ..." needed to be modified
+as it now prints tv->tv_sec which is a second (needs translation update).
+
+After fix:
+
+    $ ./ping/ping -c2 127.0.0.1
+    64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.057 ms
+    ./ping/ping: Warning: invalid tv_usec -6510615555424928611 us
+    ./ping/ping: Warning: time of day goes back (-3985394643238914 s), taking countermeasures
+    ./ping/ping: Warning: invalid tv_usec -6510615555424928461 us
+    ./ping/ping: Warning: time of day goes back (-3985394643238914 s), taking countermeasures
+    24 bytes from 127.0.0.1: icmp_seq=1 ttl=64 (truncated)
+    ./ping/ping: Warning: invalid tv_usec -6510615555425884541 us
+    ./ping/ping: Warning: time of day goes back (-4243165695442945 s), taking countermeasures
+    24 bytes from 127.0.0.1: icmp_seq=1 ttl=64 (truncated)
+    64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.111 ms
+
+    --- 127.0.0.1 ping statistics ---
+    2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 101ms
+    rtt min/avg/max/mdev = 0.000/0.042/0.111/0.046 ms
+
+Fixes: https://github.com/iputils/iputils/issues/584
+Fixes: CVE-2025-472
+Link: https://github.com/Zephkek/ping-rtt-overflow/
+Co-developed-by: Cyril Hrubis <chrubis@suse.cz>
+Reported-by: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Reviewed-by: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
+Reviewed-by: Noah Meyerhans <noahm@debian.org>
+Signed-off-by: Petr Vorel <pvorel@suse.cz>
+
+CVE: CVE-2025-47268
+
+Upstream-Status: Backport
+[https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ iputils_common.h   |  3 +++
+ ping/ping_common.c | 22 +++++++++++++++++++---
+ 2 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/iputils_common.h b/iputils_common.h
+index 49e790d..829a749 100644
+--- a/iputils_common.h
++++ b/iputils_common.h
+@@ -10,6 +10,9 @@
+          !!__builtin_types_compatible_p(__typeof__(arr), \
+                                         __typeof__(&arr[0]))])) * 0)
+ 
++/* 1000001 = 1000000 tv_sec + 1 tv_usec */
++#define TV_SEC_MAX_VAL (LONG_MAX/1000001)
++
+ #ifdef __GNUC__
+ # define iputils_attribute_format(t, n, m) __attribute__((__format__ (t, n, m)))
+ #else
+diff --git a/ping/ping_common.c b/ping/ping_common.c
+index dadd2a4..4e99d89 100644
+--- a/ping/ping_common.c
++++ b/ping/ping_common.c
+@@ -754,16 +754,32 @@ int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen,
+ 
+ restamp:
+                tvsub(tv, &tmp_tv);
+-               triptime = tv->tv_sec * 1000000 + tv->tv_usec;
+-               if (triptime < 0) {
+-                       error(0, 0, _("Warning: time of day goes back (%ldus), taking countermeasures"), triptime);
++
++               if (tv->tv_usec >= 1000000) {
++                       error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
++                       tv->tv_usec = 999999;
++               }
++
++               if (tv->tv_usec < 0) {
++                       error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
++                       tv->tv_usec = 0;
++               }
++
++               if (tv->tv_sec > TV_SEC_MAX_VAL) {
++                       error(0, 0, _("Warning: invalid tv_sec %ld s"), tv->tv_sec);
++                       triptime = 0;
++               } else if (tv->tv_sec < 0) {
++                       error(0, 0, _("Warning: time of day goes back (%ld s), taking countermeasures"), tv->tv_sec);
+                        triptime = 0;
+                        if (!rts->opt_latency) {
+                                gettimeofday(tv, NULL);
+                                rts->opt_latency = 1;
+                                goto restamp;
+                        }
++               } else {
++                       triptime = tv->tv_sec * 1000000 + tv->tv_usec;
+                }
++
+                if (!csfailed) {
+                        rts->tsum += triptime;
+                        rts->tsum2 += (double)((long long)triptime * (long long)triptime);
+-- 
+2.34.1
+
diff --git a/meta/recipes-extended/iputils/iputils_20240117.bb b/meta/recipes-extended/iputils/iputils_20240117.bb
index 3880689742..5ff5af8847 100644
--- a/meta/recipes-extended/iputils/iputils_20240117.bb
+++ b/meta/recipes-extended/iputils/iputils_20240117.bb
@@ -10,7 +10,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=627cc07ec86a45951d43e30658bbd819"
 
 DEPENDS = "gnutls"
 
-SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https"
+SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \
+           file://CVE-2025-47268.patch \
+          "
 SRCREV = "8372f355bdf7a9b0c79338dd8ef8464c00a5c4e2"
 
 S = "${WORKDIR}/git"
diff --git a/meta/recipes-extended/libarchive/libarchive/configurehack.patch b/meta/recipes-extended/libarchive/libarchive/configurehack.patch
index 44720fdd53..97e42591cb 100644
--- a/meta/recipes-extended/libarchive/libarchive/configurehack.patch
+++ b/meta/recipes-extended/libarchive/libarchive/configurehack.patch
@@ -10,7 +10,7 @@ diff --git a/configure.ac b/configure.ac
 index 5668d41..7e65e49 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -414,6 +414,19 @@ if test "x$with_bz2lib" != "xno"; then
+@@ -435,6 +435,19 @@ if test "x$with_bz2lib" != "xno"; then
    esac
  fi
  
@@ -30,7 +30,7 @@ index 5668d41..7e65e49 100644
  AC_ARG_WITH([libb2],
    AS_HELP_STRING([--without-libb2], [Don't build support for BLAKE2 through libb2]))
  
-@@ -678,19 +691,6 @@ fi
+@@ -694,19 +707,6 @@ fi
  
  AC_SUBST(DEAD_CODE_REMOVAL)
  
diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb b/meta/recipes-extended/libarchive/libarchive_3.7.9.bb
index da85764116..4dd6794bb1 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.7.9.bb
@@ -29,13 +29,12 @@ PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd,"
 
 EXTRA_OECONF += "--enable-largefile --without-iconv"
 
-SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
-SRC_URI += "file://configurehack.patch"
+SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
+           file://configurehack.patch \
+           "
 UPSTREAM_CHECK_URI = "http://libarchive.org/"
 
-SRC_URI[sha256sum] = "7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8"
-
-CVE_STATUS[CVE-2023-30571] = "upstream-wontfix: upstream has documented that reported function is not thread-safe"
+SRC_URI[sha256sum] = "aa90732c5a6bdda52fda2ad468ac98d75be981c15dde263d7b5cf6af66fd009f"
 
 inherit autotools update-alternatives pkgconfig
 
diff --git a/meta/recipes-extended/lsb/lsb-release_1.4.bb b/meta/recipes-extended/lsb/lsb-release_1.4.bb
index 00d8183a4f..a7039ea4d1 100644
--- a/meta/recipes-extended/lsb/lsb-release_1.4.bb
+++ b/meta/recipes-extended/lsb/lsb-release_1.4.bb
@@ -29,7 +29,7 @@ do_install() {
         echo "DISTRIB_ID=${DISTRO}" >> ${D}${sysconfdir}/lsb-release
         echo "DISTRIB_RELEASE=${DISTRO_VERSION}" >> ${D}${sysconfdir}/lsb-release
         if [ -n "${DISTRO_CODENAME}" ]; then
-                echo "DISTRIB_CODENAME=${DISTRO_CODENAME}" >> ${D}${sysconfdir}/lsb-release
+                echo "DISTRIB_CODENAME=\"${DISTRO_CODENAME}\"" >> ${D}${sysconfdir}/lsb-release
         fi
         echo "DISTRIB_DESCRIPTION=\"${DISTRO_NAME} ${DISTRO_VERSION}\"" >> ${D}${sysconfdir}/lsb-release
 }
diff --git a/meta/recipes-extended/mc/mc_4.8.31.bb b/meta/recipes-extended/mc/mc_4.8.31.bb
index 5f8257f71f..69d089d267 100644
--- a/meta/recipes-extended/mc/mc_4.8.31.bb
+++ b/meta/recipes-extended/mc/mc_4.8.31.bb
@@ -31,6 +31,7 @@ CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'"
 CACHED_CONFIGUREVARS += "ac_cv_path_PERL_FOR_BUILD='/usr/bin/env perl'"
 CACHED_CONFIGUREVARS += "ac_cv_path_PYTHON='/usr/bin/env python'"
 CACHED_CONFIGUREVARS += "ac_cv_path_GREP='/usr/bin/env grep'"
+CACHED_CONFIGUREVARS += "ac_cv_path_ZIP='/usr/bin/zip'"
 CACHED_CONFIGUREVARS += "mc_cv_have_zipinfo=yes"
 
 do_install:append () {
diff --git a/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-01.patch b/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-01.patch
new file mode 100644
index 0000000000..0d55512497
--- /dev/null
+++ b/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-01.patch
@@ -0,0 +1,91 @@
+From 7a8f42fb20013a1493d8cae1c43436f85e656f2d Mon Sep 17 00:00:00 2001
+From: Zephkeks <zephyrofficialdiscord@gmail.com>
+Date: Tue, 13 May 2025 11:04:17 +0200
+Subject: [PATCH] CVE-2025-46836: interface.c: Stack-based Buffer Overflow in
+ get_name()
+
+Coordinated as GHSA-pfwf-h6m3-63wf
+
+CVE: CVE-2025-46836
+Upstream-Status: Backport [https://sourceforge.net/p/net-tools/code/ci/7a8f42fb20013a1493d8cae1c43436f85e656f2d/]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/interface.c | 63 ++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 39 insertions(+), 24 deletions(-)
+
+diff --git a/lib/interface.c b/lib/interface.c
+index 71d4163..a054f12 100644
+--- a/lib/interface.c
++++ b/lib/interface.c
+@@ -211,32 +211,47 @@ out:
+ }
+ 
+ static const char *get_name(char *name, const char *p)
++/* Safe version — guarantees at most IFNAMSIZ‑1 bytes are copied
++   and the destination buffer is always NUL‑terminated.             */
+ {
+-    while (isspace(*p))
+-       p++;
+-    while (*p) {
+-       if (isspace(*p))
+-           break;
+-       if (*p == ':') {        /* could be an alias */
+-               const char *dot = p++;
+-               while (*p && isdigit(*p)) p++;
+-               if (*p == ':') {
+-                       /* Yes it is, backup and copy it. */
+-                       p = dot;
+-                       *name++ = *p++;
+-                       while (*p && isdigit(*p)) {
+-                               *name++ = *p++;
+-                       }
+-               } else {
+-                       /* No, it isn't */
+-                       p = dot;
+-           }
+-           p++;
+-           break;
+-       }
+-       *name++ = *p++;
++    char       *dst = name;                 /* current write ptr          */
++    const char *end = name + IFNAMSIZ - 1;  /* last byte we may write     */
++
++    /* Skip leading white‑space. */
++    while (isspace((unsigned char)*p))
++        ++p;
++
++    /* Copy until white‑space, end of string, or buffer full. */
++    while (*p && !isspace((unsigned char)*p) && dst < end) {
++        if (*p == ':') {                    /* possible alias veth0:123:  */
++            const char *dot = p;            /* remember the colon         */
++            ++p;
++            while (*p && isdigit((unsigned char)*p))
++                ++p;
++
++            if (*p == ':') {                /* confirmed alias            */
++                p = dot;                    /* rewind and copy it all     */
++
++                /* copy the colon */
++                if (dst < end)
++                    *dst++ = *p++;
++
++                /* copy the digits */
++                while (*p && isdigit((unsigned char)*p) && dst < end)
++                    *dst++ = *p++;
++
++                if (*p == ':')              /* consume trailing colon     */
++                    ++p;
++            } else {              /* if so treat as normal */
++                p = dot;
++            }
++            break;                          /* interface name ends here   */
++        }
++
++        *dst++ = *p++;                      /* ordinary character copy    */
+     }
+-    *name++ = '\0';
++
++    *dst = '\0';                            /* always NUL‑terminate       */
+     return p;
+ }
+ 
diff --git a/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-02.patch b/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-02.patch
new file mode 100644
index 0000000000..d2c3673a24
--- /dev/null
+++ b/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-02.patch
@@ -0,0 +1,31 @@
+From ddb0e375fb9ca95bb69335540b85bbdaa2714348 Mon Sep 17 00:00:00 2001
+From: Bernd Eckenfels <net-tools@lina.inka.de>
+Date: Sat, 17 May 2025 21:53:23 +0200
+Subject: [PATCH] Interface statistic regression after 7a8f42fb2
+
+CVE: CVE-2025-46836
+Upstream-Status: Backport [https://sourceforge.net/p/net-tools/code/ci/ddb0e375fb9ca95bb69335540b85bbdaa2714348/]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/interface.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/lib/interface.c b/lib/interface.c
+index a054f12..ca4adf1 100644
+--- a/lib/interface.c
++++ b/lib/interface.c
+@@ -239,12 +239,11 @@ static const char *get_name(char *name, const char *p)
+                 /* copy the digits */
+                 while (*p && isdigit((unsigned char)*p) && dst < end)
+                     *dst++ = *p++;
+-
+-                if (*p == ':')              /* consume trailing colon     */
+-                    ++p;
+             } else {              /* if so treat as normal */
+                 p = dot;
+             }
++            if (*p == ':')                  /* consume trailing colon */
++                ++p;
+             break;                          /* interface name ends here   */
+         }
+ 
diff --git a/meta/recipes-extended/net-tools/net-tools_2.10.bb b/meta/recipes-extended/net-tools/net-tools_2.10.bb
index 33304297ec..c4d298181a 100644
--- a/meta/recipes-extended/net-tools/net-tools_2.10.bb
+++ b/meta/recipes-extended/net-tools/net-tools_2.10.bb
@@ -11,6 +11,8 @@ SRC_URI = "git://git.code.sf.net/p/net-tools/code;protocol=https;branch=master \
     file://net-tools-config.h \
     file://net-tools-config.make \
     file://Add_missing_headers.patch \
+    file://CVE-2025-46836-01.patch \
+    file://CVE-2025-46836-02.patch \
 "
 
 S = "${WORKDIR}/git"
diff --git a/meta/recipes-extended/pam/libpam/CVE-2024-10041-1.patch b/meta/recipes-extended/pam/libpam/CVE-2024-10041-1.patch
new file mode 100644
index 0000000000..41949cbf2a
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/CVE-2024-10041-1.patch
@@ -0,0 +1,98 @@
+From b3020da7da384d769f27a8713257fbe1001878be Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@strace.io>
+Date: Mon, 1 Jan 2024 12:00:00 +0000
+Subject: [PATCH] pam_unix/passverify: always run the helper to obtain shadow 
+ password file entries
+
+Initially, when pam_unix.so verified the password, it used to try to
+obtain the shadow password file entry for the given user by invoking
+getspnam(3), and only when that didn't work and the effective uid
+was nonzero, pam_unix.so used to invoke the helper as a fallback.
+
+When SELinux support was introduced by commit
+67aab1ff5515054341a438cf9804e9c9b3a88033, the fallback was extended
+also for the case when SELinux was enabled.
+
+Later, commit f220cace205332a3dc34e7b37a85e7627e097e7d extended the
+fallback conditions for the case when pam_modutil_getspnam() failed
+with EACCES.
+
+Since commit 470823c4aacef5cb3b1180be6ed70846b61a3752, the helper is
+invoked as a fallback when pam_modutil_getspnam() fails for any reason.
+
+The ultimate solution for the case when pam_unix.so does not have
+permissions to obtain the shadow password file entry is to stop trying
+to use pam_modutil_getspnam() and to invoke the helper instead.
+Here are two recent examples.
+
+https://github.com/linux-pam/linux-pam/pull/484 describes a system
+configuration where libnss_systemd is enabled along with libnss_files
+in the shadow entry of nsswitch.conf, so when libnss_files is unable
+to obtain the shadow password file entry for the root user, e.g. when
+SELinux is enabled, NSS falls back to libnss_systemd which returns
+a synthesized shadow password file entry for the root user, which
+in turn locks the root user out.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2150155 describes
+essentially the same problem in a similar system configuration.
+
+This commit is the final step in the direction of addressing the issue:
+for password verification pam_unix.so now invokes the helper instead of
+making the pam_modutil_getspnam() call.
+
+* modules/pam_unix/passverify.c (get_account_info) [!HELPER_COMPILE]:
+Always return PAM_UNIX_RUN_HELPER instead of trying to obtain
+the shadow password file entry.
+
+Complements: https://github.com/linux-pam/linux-pam/pull/386
+Resolves: https://github.com/linux-pam/linux-pam/pull/484
+Link: https://github.com/authselect/authselect/commit/1e78f7e048747024a846fd22d68afc6993734e92
+
+CVE: CVE-2024-10041
+
+Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/b3020da7da384d769f27a8713257fbe1001878be]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ modules/pam_unix/passverify.c | 21 +++++++++++----------
+ 1 file changed, 11 insertions(+), 10 deletions(-)
+
+diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
+index 81b10d8..97a81d6 100644
+--- a/modules/pam_unix/passverify.c
++++ b/modules/pam_unix/passverify.c
+@@ -237,20 +237,21 @@ PAMH_ARG_DECL(int get_account_info,
+                        return PAM_UNIX_RUN_HELPER;
+ #endif
+                } else if (is_pwd_shadowed(*pwd)) {
++#ifdef HELPER_COMPILE
+                        /*
+-                        * ...and shadow password file entry for this user,
++                        * shadow password file entry for this user,
+                         * if shadowing is enabled
+                         */
+-                       *spwdent = pam_modutil_getspnam(pamh, name);
+-                       if (*spwdent == NULL) {
+-#ifndef HELPER_COMPILE
+-                               /* still a chance the user can authenticate */
+-                               return PAM_UNIX_RUN_HELPER;
+-#endif
+-                               return PAM_AUTHINFO_UNAVAIL;
+-                       }
+-                       if ((*spwdent)->sp_pwdp == NULL)
++                       *spwdent = getspnam(name);
++                       if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL)
+                                return PAM_AUTHINFO_UNAVAIL;
++#else
++                       /*
++                        * The helper has to be invoked to deal with
++                        * the shadow password file entry.
++                        */
++                       return PAM_UNIX_RUN_HELPER;
++#endif
+                }
+        } else {
+                return PAM_USER_UNKNOWN;
+-- 
+2.40.0
+
diff --git a/meta/recipes-extended/pam/libpam/CVE-2024-10041-2.patch b/meta/recipes-extended/pam/libpam/CVE-2024-10041-2.patch
new file mode 100644
index 0000000000..6070a26266
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/CVE-2024-10041-2.patch
@@ -0,0 +1,77 @@
+From b7b96362087414e52524d3d9d9b3faa21e1db620 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Wed, 24 Jan 2024 18:57:42 +0100
+Subject: [PATCH] pam_unix: try to set uid to 0 for unix_chkpwd
+
+The geteuid check does not cover all cases. If a program runs with
+elevated capabilities like CAP_SETUID then we can still check
+credentials of other users.
+
+Keep logging for future analysis though.
+
+Resolves: https://github.com/linux-pam/linux-pam/issues/747
+Fixes: b3020da7da38 ("pam_unix/passverify: always run the helper to obtain shadow password file entries")
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+
+Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/b7b96362087414e52524d3d9d9b3faa21e1db620]
+CVE: CVE-2024-10041
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ modules/pam_unix/pam_unix_acct.c | 17 +++++++++--------
+ modules/pam_unix/support.c       | 14 +++++++-------
+ 2 files changed, 16 insertions(+), 15 deletions(-)
+
+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
+index 8f5ed3e0df..7ffcb9e3f2 100644
+--- a/modules/pam_unix/pam_unix_acct.c
++++ b/modules/pam_unix/pam_unix_acct.c
+@@ -110,14 +110,15 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl,
+       _exit(PAM_AUTHINFO_UNAVAIL);
+     }
+
+-    if (geteuid() == 0) {
+-      /* must set the real uid to 0 so the helper will not error
+-         out if pam is called from setuid binary (su, sudo...) */
+-      if (setuid(0) == -1) {
+-          pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
+-          printf("-1\n");
+-          fflush(stdout);
+-          _exit(PAM_AUTHINFO_UNAVAIL);
++    /* must set the real uid to 0 so the helper will not error
++       out if pam is called from setuid binary (su, sudo...) */
++    if (setuid(0) == -1) {
++      uid_t euid = geteuid();
++      pam_syslog(pamh, euid == 0 ? LOG_ERR : LOG_DEBUG, "setuid failed: %m");
++      if (euid == 0) {
++       printf("-1\n");
++       fflush(stdout);
++       _exit(PAM_AUTHINFO_UNAVAIL);
+       }
+     }
+
+diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
+index d391973f95..69811048e6 100644
+--- a/modules/pam_unix/support.c
++++ b/modules/pam_unix/support.c
+@@ -562,13 +562,13 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
+                _exit(PAM_AUTHINFO_UNAVAIL);
+        }
+
+-       if (geteuid() == 0) {
+-          /* must set the real uid to 0 so the helper will not error
+-            out if pam is called from setuid binary (su, sudo...) */
+-         if (setuid(0) == -1) {
+-             D(("setuid failed"));
+-            _exit(PAM_AUTHINFO_UNAVAIL);
+-          }
++       /* must set the real uid to 0 so the helper will not error
++          out if pam is called from setuid binary (su, sudo...) */
++       if (setuid(0) == -1) {
++          D(("setuid failed"));
++          if (geteuid() == 0) {
++             _exit(PAM_AUTHINFO_UNAVAIL);
++          }
+        }
+
+        /* exec binary helper */
diff --git a/meta/recipes-extended/pam/libpam_1.5.3.bb b/meta/recipes-extended/pam/libpam_1.5.3.bb
index bcaa84c9a5..714cdb6552 100644
--- a/meta/recipes-extended/pam/libpam_1.5.3.bb
+++ b/meta/recipes-extended/pam/libpam_1.5.3.bb
@@ -27,11 +27,13 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
            file://0001-pam_namespace-include-stdint-h.patch \
            file://0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch \
            file://CVE-2024-22365.patch \
+           file://CVE-2024-10041-1.patch \
+           file://CVE-2024-10041-2.patch \
            "
 
 SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283"
 
-DEPENDS = "bison-native flex-native cracklib libxml2-native virtual/crypt"
+DEPENDS = "bison-native flex-native libxml2-native virtual/crypt"
 
 EXTRA_OECONF = "--includedir=${includedir}/security \
                 --libdir=${base_libdir} \
diff --git a/meta/recipes-extended/screen/screen/CVE-2025-46802.patch b/meta/recipes-extended/screen/screen/CVE-2025-46802.patch
new file mode 100644
index 0000000000..e46affc480
--- /dev/null
+++ b/meta/recipes-extended/screen/screen/CVE-2025-46802.patch
@@ -0,0 +1,146 @@
+From 049b26b22e197ba3be9c46e5c193032e01a4724a Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@suse.de>
+Date: Mon, 12 May 2025 15:15:38 +0200
+Subject: [PATCH] fix CVE-2025-46802: attacher.c - prevent temporary 0666 mode
+ on PTYs
+
+This temporary chmod of the PTY to mode 0666 is most likely a remnant of
+past times, before the PTY file descriptor was passed to the target
+session via the UNIX domain socket.
+
+This chmod() causes a race condition during which any other user in the
+system can open the PTY for reading and writing, and thus allows PTY
+hijacking.
+
+Simply remove this logic completely.
+
+CVE: CVE-2025-46802
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ attacher.c | 27 ---------------------------
+ screen.c   | 19 -------------------
+ 2 files changed, 46 deletions(-)
+
+diff --git a/attacher.c b/attacher.c
+index c35ae7a..16b151e 100644
+--- a/attacher.c
++++ b/attacher.c
+@@ -73,7 +73,6 @@ extern int MasterPid, attach_fd;
+ #ifdef MULTIUSER
+ extern char *multi;
+ extern int multiattach, multi_uid, own_uid;
+-extern int tty_mode, tty_oldmode;
+ # ifndef USE_SETEUID
+ static int multipipe[2];
+ # endif
+@@ -160,9 +159,6 @@ int how;
+ 
+       if (pipe(multipipe))
+        Panic(errno, "pipe");
+-      if (chmod(attach_tty, 0666))
+-       Panic(errno, "chmod %s", attach_tty);
+-      tty_oldmode = tty_mode;
+       eff_uid = -1;    /* make UserContext fork */
+       real_uid = multi_uid;
+       if ((ret = UserContext()) <= 0)
+@@ -174,11 +170,6 @@ int how;
+            Panic(errno, "UserContext");
+          close(multipipe[1]);
+          read(multipipe[0], &dummy, 1);
+-         if (tty_oldmode >= 0)
+-           {
+-             chmod(attach_tty, tty_oldmode);
+-             tty_oldmode = -1;
+-           }
+          ret = UserStatus();
+ #ifdef LOCK
+          if (ret == SIG_LOCK)
+@@ -224,9 +215,6 @@ int how;
+       xseteuid(multi_uid);
+       xseteuid(own_uid);
+ #endif
+-      if (chmod(attach_tty, 0666))
+-       Panic(errno, "chmod %s", attach_tty);
+-      tty_oldmode = tty_mode;
+     }
+ # endif /* USE_SETEUID */
+ #endif /* MULTIUSER */
+@@ -423,13 +411,6 @@ int how;
+       ContinuePlease = 0;
+ # ifndef USE_SETEUID
+       close(multipipe[1]);
+-# else
+-      xseteuid(own_uid);
+-      if (tty_oldmode >= 0)
+-        if (chmod(attach_tty, tty_oldmode))
+-          Panic(errno, "chmod %s", attach_tty);
+-      tty_oldmode = -1;
+-      xseteuid(real_uid);
+ # endif
+     }
+ #endif
+@@ -505,14 +486,6 @@ AttacherFinit SIGDEFARG
+          close(s);
+        }
+     }
+-#ifdef MULTIUSER
+-  if (tty_oldmode >= 0)
+-    {
+-      if (setuid(own_uid))
+-        Panic(errno, "setuid");
+-      chmod(attach_tty, tty_oldmode);
+-    }
+-#endif
+   exit(0);
+   SIGRETURN;
+ }
+diff --git a/screen.c b/screen.c
+index 7653cd1..1a23e1a 100644
+--- a/screen.c
++++ b/screen.c
+@@ -230,8 +230,6 @@ char *multi_home;
+ int multi_uid;
+ int own_uid;
+ int multiattach;
+-int tty_mode;
+-int tty_oldmode = -1;
+ #endif
+ 
+ char HostName[MAXSTR];
+@@ -1009,9 +1007,6 @@ int main(int ac, char** av)
+ 
+     /* ttyname implies isatty */
+     SetTtyname(true, &st);
+-#ifdef MULTIUSER
+-    tty_mode = (int)st.st_mode & 0777;
+-#endif
+ 
+     fl = fcntl(0, F_GETFL, 0);
+     if (fl != -1 && (fl & (O_RDWR|O_RDONLY|O_WRONLY)) == O_RDWR)
+@@ -2170,20 +2165,6 @@ DEFINE_VARARGS_FN(Panic)
+       if (D_userpid)
+         Kill(D_userpid, SIG_BYE);
+     }
+-#ifdef MULTIUSER
+-  if (tty_oldmode >= 0) {
+-
+-# ifdef USE_SETEUID
+-    if (setuid(own_uid))
+-      xseteuid(own_uid);       /* may be a loop. sigh. */
+-# else
+-      setuid(own_uid);
+-# endif
+-
+-    debug1("Panic: changing back modes from %s\n", attach_tty);
+-    chmod(attach_tty, tty_oldmode);
+-  }
+-#endif
+   eexit(1);
+ }
+ 
+-- 
+2.40.0
+
diff --git a/meta/recipes-extended/screen/screen/CVE-2025-46804.patch b/meta/recipes-extended/screen/screen/CVE-2025-46804.patch
new file mode 100644
index 0000000000..918c2c5ce9
--- /dev/null
+++ b/meta/recipes-extended/screen/screen/CVE-2025-46804.patch
@@ -0,0 +1,131 @@
+From e0eef5aac453fa98a2664416a56c50ad1d00cb30 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@suse.de>
+Date: Mon, 12 May 2025 15:26:11 +0200
+Subject: [PATCH] fix CVE-2025-46804: avoid file existence test information 
+ leaks
+
+In setuid-root context the current error messages give away whether
+certain paths not accessible by the real user exist and what type they
+have. To prevent this only output generic error messages in setuid-root
+context.
+
+In some situations, when an error is pertaining a directory and the
+directory is owner by the real user then we can still output more
+detailed diagnostics.
+
+This change can lead to less helpful error messages when Screen is
+install setuid-root. More complex changes would be needed to avoid this
+(e.g.  only open the `SocketPath` with raised privileges when
+multi-attach is requested).
+
+There might still be lingering some code paths that allow such
+information leaks, since `SocketPath` is a global variable that is used
+across the code base. The majority of issues should be caught with this
+fix, however.
+
+CVE: CVE-2025-46804
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ screen.c | 45 ++++++++++++++++++++++++++++++++++-----------
+ socket.c |  9 +++++++--
+ 2 files changed, 41 insertions(+), 13 deletions(-)
+
+diff --git a/screen.c b/screen.c
+index 1a23e1a..6eec151 100644
+--- a/screen.c
++++ b/screen.c
+@@ -1122,15 +1122,28 @@ int main(int ac, char** av)
+ #endif
+   }
+ 
+-  if (stat(SockPath, &st) == -1)
+-    Panic(errno, "Cannot access %s", SockPath);
+-  else
+-    if (!S_ISDIR(st.st_mode))
++  if (stat(SockPath, &st) == -1) {
++    if (eff_uid == real_uid) {
++      Panic(errno, "Cannot access %s", SockPath);
++    } else {
++      Panic(0, "Error accessing %s", SockPath);
++    }
++  } else if (!S_ISDIR(st.st_mode)) {
++    if (eff_uid == real_uid || st.st_uid == real_uid) {
+       Panic(0, "%s is not a directory.", SockPath);
++    } else {
++      Panic(0, "Error accessing %s", SockPath);
++    }
++  }
+ #ifdef MULTIUSER
+   if (multi) {
+-    if ((int)st.st_uid != multi_uid)
+-      Panic(0, "%s is not the owner of %s.", multi, SockPath);
++    if ((int)st.st_uid != multi_uid) {
++      if (eff_uid == real_uid || st.st_uid == real_uid) {
++        Panic(0, "%s is not the owner of %s.", multi, SockPath);
++      } else {
++        Panic(0, "Error accessing %s", SockPath);
++      }
++    }
+   }
+   else
+ #endif
+@@ -1144,9 +1157,13 @@ int main(int ac, char** av)
+       Panic(0, "You are not the owner of %s.", SockPath);
+ #endif
+   }
+-
+-  if ((st.st_mode & 0777) != 0700)
+-    Panic(0, "Directory %s must have mode 700.", SockPath);
++  if ((st.st_mode & 0777) != 0700) {
++    if (eff_uid == real_uid || st.st_uid == real_uid) {
++      Panic(0, "Directory %s must have mode 700.", SockPath);
++    } else {
++      Panic(0, "Error accessing %s", SockPath);
++    }
++  }
+   if (SockMatch && index(SockMatch, '/'))
+     Panic(0, "Bad session name '%s'", SockMatch);
+   SockName = SockPath + strlen(SockPath) + 1;
+@@ -1184,8 +1201,14 @@ int main(int ac, char** av)
+       else
+         exit(9 + (fo || oth ? 1 : 0) + fo);
+     }
+-    if (fo == 0)
+-      Panic(0, "No Sockets found in %s.\n", SockPath);
++    if (fo == 0) {
++      if (eff_uid == real_uid || st.st_uid == real_uid) {
++        Panic(0, "No Sockets found in %s.\n", SockPath);
++      } else {
++        Panic(0, "Error accessing %s", SockPath);
++      }
++    }
++
+     Msg(0, "%d Socket%s in %s.", fo, fo > 1 ? "s" : "", SockPath);
+     eexit(0);
+   }
+diff --git a/socket.c b/socket.c
+index 54d8cb8..6c3502f 100644
+--- a/socket.c
++++ b/socket.c
+@@ -169,8 +169,13 @@ bool *is_sock;
+   xsetegid(real_gid);
+ #endif
+ 
+-  if ((dirp = opendir(SockPath)) == 0)
+-    Panic(errno, "Cannot opendir %s", SockPath);
++  if ((dirp = opendir(SockPath)) == 0) {
++    if (eff_uid == real_uid) {
++      Panic(errno, "Cannot opendir %s", SockPath);
++    } else {
++      Panic(0, "Error accessing %s", SockPath);
++    }
++  }
+ 
+   slist = 0;
+   slisttail = &slist;
+-- 
+2.40.0
+
diff --git a/meta/recipes-extended/screen/screen/CVE-2025-46805.patch b/meta/recipes-extended/screen/screen/CVE-2025-46805.patch
new file mode 100644
index 0000000000..e0207b6072
--- /dev/null
+++ b/meta/recipes-extended/screen/screen/CVE-2025-46805.patch
@@ -0,0 +1,101 @@
+From aa9f51f996a22470b8461d2b6a32e62c7ec30ed5 Mon Sep 17 00:00:00 2001
+From: Axel Beckert <abe@debian.org>
+Date: Mon, 19 May 2025 00:42:42 +0200
+Subject: fix CVE-2025-46805: socket.c - don't send signals with root
+
+Gbp-Pq: fix-CVE-2025-46805-socket.c-don-t-send-signals-with-.patch.
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/screen/patch/?id=aa9f51f996a22470b8461d2b6a32e62c7ec30ed5 
+Upstream commit https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4]
+CVE: CVE-2025-46805
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ socket.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/socket.c b/socket.c
+index e268e3d..11b5e59 100644
+--- a/socket.c
++++ b/socket.c
+@@ -832,6 +832,11 @@ int pid;
+   return UserStatus();
+ }
+ 
++static void KillUnpriv(pid_t pid, int sig) {
++    UserContext();
++    UserReturn(kill(pid, sig));
++}
++
+ #ifdef hpux
+ /*
+  * From: "F. K. Bruner" <napalm@ugcs.caltech.edu>
+@@ -917,14 +922,14 @@ struct win *wi;
+             {
+              Msg(errno, "Could not perform necessary sanity checks on pts device.");
+              close(i);
+-             Kill(pid, SIG_BYE);
++             KillUnpriv(pid, SIG_BYE);
+              return -1;
+             }
+           if (strcmp(ttyname_in_ns, m->m_tty))
+             {
+              Msg(errno, "Attach: passed fd does not match tty: %s - %s!", ttyname_in_ns, m->m_tty[0] != '\0' ? m->m_tty : "(null)");
+              close(i);
+-             Kill(pid, SIG_BYE);
++             KillUnpriv(pid, SIG_BYE);
+              return -1;
+            }
+          /* m->m_tty so far contains the actual name of the pts device in the
+@@ -941,19 +946,19 @@ struct win *wi;
+        {
+          Msg(errno, "Attach: passed fd does not match tty: %s - %s!", m->m_tty, myttyname ? myttyname : "NULL");
+          close(i);
+-         Kill(pid, SIG_BYE);
++         KillUnpriv(pid, SIG_BYE);
+          return -1;
+        }
+     }
+   else if ((i = secopen(m->m_tty, O_RDWR | O_NONBLOCK, 0)) < 0)
+     {
+       Msg(errno, "Attach: Could not open %s!", m->m_tty);
+-      Kill(pid, SIG_BYE);
++      KillUnpriv(pid, SIG_BYE);
+       return -1;
+     }
+ #ifdef MULTIUSER
+   if (attach)
+-    Kill(pid, SIGCONT);
++    KillUnpriv(pid, SIGCONT);
+ #endif
+ 
+ #if defined(ultrix) || defined(pyr) || defined(NeXT)
+@@ -966,7 +971,7 @@ struct win *wi;
+        {
+          write(i, "Attaching from inside of screen?\n", 33);
+          close(i);
+-         Kill(pid, SIG_BYE);
++         KillUnpriv(pid, SIG_BYE);
+          Msg(0, "Attach msg ignored: coming from inside.");
+          return -1;
+        }
+@@ -977,7 +982,7 @@ struct win *wi;
+          {
+              write(i, "Access to session denied.\n", 26);
+              close(i);
+-             Kill(pid, SIG_BYE);
++             KillUnpriv(pid, SIG_BYE);
+              Msg(0, "Attach: access denied for user %s.", user);
+              return -1;
+          }
+@@ -1295,7 +1300,7 @@ ReceiveMsg()
+             Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
+           }
+           else {
+-            Kill(m.m.command.apid,
++            KillUnpriv(m.m.command.apid,
+                (queryflag >= 0)
+                    ? SIGCONT
+                    : SIG_BYE); /* Send SIG_BYE if an error happened */
+-- 
+cgit v1.2.3
+
diff --git a/meta/recipes-extended/screen/screen_4.9.1.bb b/meta/recipes-extended/screen/screen_4.9.1.bb
index 7b040e6b57..706351a593 100644
--- a/meta/recipes-extended/screen/screen_4.9.1.bb
+++ b/meta/recipes-extended/screen/screen_4.9.1.bb
@@ -21,6 +21,9 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
            file://0002-comm.h-now-depends-on-term.h.patch \
            file://0001-fix-for-multijob-build.patch \
            file://0001-Remove-more-compatibility-stuff.patch \
+           file://CVE-2025-46805.patch \
+           file://CVE-2025-46802.patch \
+           file://CVE-2025-46804.patch \
            "
 
 SRC_URI[sha256sum] = "26cef3e3c42571c0d484ad6faf110c5c15091fbf872b06fa7aa4766c7405ac69"
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index 4734adcc08..f21bedf4fc 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
 LICENSE = "PD & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
 
-PV = "2024a"
+PV = "2025b"
 
 SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \
            http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \
@@ -16,5 +16,5 @@ S = "${WORKDIR}/tz"
 
 UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
 
-SRC_URI[tzcode.sha256sum] = "80072894adff5a458f1d143e16e4ca1d8b2a122c9c5399da482cb68cba6a1ff8"
-SRC_URI[tzdata.sha256sum] = "0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3"
+SRC_URI[tzcode.sha256sum] = "05f8fedb3525ee70d49c87d3fae78a8a0dbae4fe87aa565c65cda9948ae135ec"
+SRC_URI[tzdata.sha256sum] = "11810413345fc7805017e27ea9fa4885fd74cd61b2911711ad038f5d28d71474"
diff --git a/meta/recipes-extended/timezone/tzcode-native.bb b/meta/recipes-extended/timezone/tzcode-native.bb
index d0b23a9d80..dc9f076377 100644
--- a/meta/recipes-extended/timezone/tzcode-native.bb
+++ b/meta/recipes-extended/timezone/tzcode-native.bb
@@ -4,7 +4,7 @@ SUMMARY = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect"
 
 inherit native
 
-EXTRA_OEMAKE += "cc='${CC}'"
+EXTRA_OEMAKE += "CC='${CC}'"
 
 do_install () {
         install -d ${D}${bindir}/
diff --git a/meta/recipes-extended/wget/wget/CVE-2024-10524.patch b/meta/recipes-extended/wget/wget/CVE-2024-10524.patch
new file mode 100644
index 0000000000..21f990ee73
--- /dev/null
+++ b/meta/recipes-extended/wget/wget/CVE-2024-10524.patch
@@ -0,0 +1,197 @@
+From c419542d956a2607bbce5df64b9d378a8588d778 Mon Sep 17 00:00:00 2001
+From: Tim Rühsen <tim.ruehsen@gmx.de>
+Date: Sun, 27 Oct 2024 19:53:14 +0100
+Subject: [PATCH] Fix CVE-2024-10524 (drop support for shorthand URLs)
+
+* doc/wget.texi: Add documentation for removed support for shorthand URLs.
+* src/html-url.c (src/html-url.c): Call maybe_prepend_scheme.
+* src/main.c (main): Likewise.
+* src/retr.c (getproxy): Likewise.
+* src/url.c: Rename definition of rewrite_shorthand_url to maybe_prepend_scheme,
+  add new function is_valid_port.
+* src/url.h: Rename declaration of rewrite_shorthand_url to maybe_prepend_scheme.
+
+Reported-by: Goni Golan <gonig@jfrog.com>
+
+CVE: CVE-2024-10524
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ doc/wget.texi  | 12 ++++-------
+ src/html-url.c |  2 +-
+ src/main.c     |  2 +-
+ src/retr.c     |  2 +-
+ src/url.c      | 57 ++++++++++++++++----------------------------------
+ src/url.h      |  2 +-
+ 6 files changed, 26 insertions(+), 51 deletions(-)
+
+diff --git a/doc/wget.texi b/doc/wget.texi
+index 3c24de2..503a03d 100644
+--- a/doc/wget.texi
++++ b/doc/wget.texi
+@@ -314,8 +314,8 @@ for text files.  Here is an example:
+ ftp://host/directory/file;type=a
+ @end example
+ 
+-Two alternative variants of @sc{url} specification are also supported,
+-because of historical (hysterical?) reasons and their widespreaded use.
++The two alternative variants of @sc{url} specifications are no longer
++supported because of security considerations:
+ 
+ @sc{ftp}-only syntax (supported by @code{NcFTP}):
+ @example
+@@ -327,12 +327,8 @@ host:/dir/file
+ host[:port]/dir/file
+ @end example
+ 
+-These two alternative forms are deprecated, and may cease being
+-supported in the future.
+-
+-If you do not understand the difference between these notations, or do
+-not know which one to use, just use the plain ordinary format you use
+-with your favorite browser, like @code{Lynx} or @code{Netscape}.
++These two alternative forms have been deprecated long time ago,
++and support is removed with version 1.22.0.
+ 
+ @c man begin OPTIONS
+ 
+diff --git a/src/html-url.c b/src/html-url.c
+index 896d6fc..3deea9c 100644
+--- a/src/html-url.c
++++ b/src/html-url.c
+@@ -931,7 +931,7 @@ get_urls_file (const char *file)
+           url_text = merged;
+         }
+ 
+-      new_url = rewrite_shorthand_url (url_text);
++      new_url = maybe_prepend_scheme (url_text);
+       if (new_url)
+         {
+           xfree (url_text);
+diff --git a/src/main.c b/src/main.c
+index d1c3c3e..f1d7792 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -2126,7 +2126,7 @@ only if outputting to a regular file.\n"));
+       struct iri *iri = iri_new ();
+       struct url *url_parsed;
+ 
+-      t = rewrite_shorthand_url (argv[optind]);
++      t = maybe_prepend_scheme (argv[optind]);
+       if (!t)
+         t = argv[optind];
+ 
+diff --git a/src/retr.c b/src/retr.c
+index 38c9fcf..a124046 100644
+--- a/src/retr.c
++++ b/src/retr.c
+@@ -1493,7 +1493,7 @@ getproxy (struct url *u)
+ 
+   /* Handle shorthands.  `rewritten_storage' is a kludge to allow
+      getproxy() to return static storage. */
+-  rewritten_url = rewrite_shorthand_url (proxy);
++  rewritten_url = maybe_prepend_scheme (proxy);
+   if (rewritten_url)
+     return rewritten_url;
+ 
+diff --git a/src/url.c b/src/url.c
+index 0acd3f3..6868825 100644
+--- a/src/url.c
++++ b/src/url.c
+@@ -594,60 +594,39 @@ parse_credentials (const char *beg, const char *end, char **user, char **passwd)
+   return true;
+ }
+ 
+-/* Used by main.c: detect URLs written using the "shorthand" URL forms
+-   originally popularized by Netscape and NcFTP.  HTTP shorthands look
+-   like this:
+-
+-   www.foo.com[:port]/dir/file   -> http://www.foo.com[:port]/dir/file
+-   www.foo.com[:port]            -> http://www.foo.com[:port]
+-
+-   FTP shorthands look like this:
+-
+-   foo.bar.com:dir/file          -> ftp://foo.bar.com/dir/file
+-   foo.bar.com:/absdir/file      -> ftp://foo.bar.com//absdir/file
++static bool is_valid_port(const char *p)
++{
++  unsigned port = (unsigned) atoi (p);
++  if (port == 0 || port > 65535)
++    return false;
+ 
+-   If the URL needs not or cannot be rewritten, return NULL.  */
++  int digits = strspn (p, "0123456789");
++  return digits && (p[digits] == '/' || p[digits] == '\0');
++}
+ 
++/* Prepend "http://" to url if scheme is missing, otherwise return NULL. */
+ char *
+-rewrite_shorthand_url (const char *url)
++maybe_prepend_scheme (const char *url)
+ {
+-  const char *p;
+-  char *ret;
+-
+   if (url_scheme (url) != SCHEME_INVALID)
+     return NULL;
+ 
+-  /* Look for a ':' or '/'.  The former signifies NcFTP syntax, the
+-     latter Netscape.  */
+-  p = strpbrk (url, ":/");
++  const char *p = strchr (url, ':');
+   if (p == url)
+     return NULL;
+ 
+   /* If we're looking at "://", it means the URL uses a scheme we
+      don't support, which may include "https" when compiled without
+-     SSL support.  Don't bogusly rewrite such URLs.  */
++     SSL support.  Don't bogusly prepend "http://" to such URLs.  */
+   if (p && p[0] == ':' && p[1] == '/' && p[2] == '/')
+     return NULL;
+ 
+-  if (p && *p == ':')
+-    {
+-      /* Colon indicates ftp, as in foo.bar.com:path.  Check for
+-         special case of http port number ("localhost:10000").  */
+-      int digits = strspn (p + 1, "0123456789");
+-      if (digits && (p[1 + digits] == '/' || p[1 + digits] == '\0'))
+-        goto http;
+-
+-      /* Turn "foo.bar.com:path" to "ftp://foo.bar.com/path". */
+-      if ((ret = aprintf ("ftp://%s", url)) != NULL)
+-        ret[6 + (p - url)] = '/';
+-    }
+-  else
+-    {
+-    http:
+-      /* Just prepend "http://" to URL. */
+-      ret = aprintf ("http://%s", url);
+-    }
+-  return ret;
++  if (p && p[0] == ':' && !is_valid_port (p + 1))
++    return NULL;
++
++
++  fprintf(stderr, "Prepended http:// to '%s'\n", url);
++  return aprintf ("http://%s", url);
+ }
+ 
+ static void split_path (const char *, char **, char **);
+diff --git a/src/url.h b/src/url.h
+index fb9da33..5f99b0a 100644
+--- a/src/url.h
++++ b/src/url.h
+@@ -128,7 +128,7 @@ char *uri_merge (const char *, const char *);
+ 
+ int mkalldirs (const char *);
+ 
+-char *rewrite_shorthand_url (const char *);
++char *maybe_prepend_scheme (const char *);
+ bool schemes_are_similar_p (enum url_scheme a, enum url_scheme b);
+ 
+ bool are_urls_equal (const char *u1, const char *u2);
+-- 
+2.40.0
+
diff --git a/meta/recipes-extended/wget/wget_1.21.4.bb b/meta/recipes-extended/wget/wget_1.21.4.bb
index bc65a8f7c8..b5f50f6c84 100644
--- a/meta/recipes-extended/wget/wget_1.21.4.bb
+++ b/meta/recipes-extended/wget/wget_1.21.4.bb
@@ -1,6 +1,7 @@
 SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
            file://0002-improve-reproducibility.patch \
            file://CVE-2024-38428.patch \
+           file://CVE-2024-10524.patch \
           "
 
 SRC_URI[sha256sum] = "81542f5cefb8faacc39bbbc6c82ded80e3e4a88505ae72ea51df27525bcde04c"
diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch
new file mode 100644
index 0000000000..efbb9b1e12
--- /dev/null
+++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch
@@ -0,0 +1,29 @@
+From bdb788137e1f1d967e0c9d885b859e5b95c1b5bf Mon Sep 17 00:00:00 2001
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 1/4] liblzma: mt dec: Fix a comment
+
+Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Thanks-to: Sam James <sam@gentoo.org>
+(cherry picked from commit 831b55b971cf579ee16a854f177c36b20d3c6999)
+
+CVE: CVE-2025-31115
+Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/bdb788137e1f1d967e0c9d885b859e5b95c1b5bf]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/liblzma/common/stream_decoder_mt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index 76212b46..8b378852 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -348,7 +348,7 @@ worker_enable_partial_update(void *thr_ptr)
+ 
+ 
+ /// Things do to at THR_STOP or when finishing a Block.
+-/// This is called with thr->mutex locked.
++/// This is called with thr->coder->mutex locked.
+ static void
+ worker_stop(struct worker_thread *thr)
+ {
diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch
new file mode 100644
index 0000000000..9a1351961d
--- /dev/null
+++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch
@@ -0,0 +1,152 @@
+From 2ce9ab6588a94cbf04a9c174e562ea5feb00cfb3 Mon Sep 17 00:00:00 2001
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 2/4] liblzma: mt dec: Simplify by removing the THR_STOP state
+
+The main thread can directly set THR_IDLE in threads_stop() which is
+called when errors are detected. threads_stop() won't return the stopped
+threads to the pool or free the memory pointed by thr->in anymore, but
+it doesn't matter because the existing workers won't be reused after
+an error. The resources will be cleaned up when threads_end() is
+called (reinitializing the decoder always calls threads_end()).
+
+Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Thanks-to: Sam James <sam@gentoo.org>
+(cherry picked from commit c0c835964dfaeb2513a3c0bdb642105152fe9f34)
+
+CVE: CVE-2025-31115
+Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/2ce9ab6588a94cbf04a9c174e562ea5feb00cfb3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/liblzma/common/stream_decoder_mt.c | 75 ++++++++++----------------
+ 1 file changed, 29 insertions(+), 46 deletions(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index 8b378852..e8e53587 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -24,15 +24,10 @@ typedef enum {
+        THR_IDLE,
+ 
+        /// Decoding is in progress.
+-       /// Main thread may change this to THR_STOP or THR_EXIT.
++       /// Main thread may change this to THR_IDLE or THR_EXIT.
+        /// The worker thread may change this to THR_IDLE.
+        THR_RUN,
+ 
+-       /// The main thread wants the thread to stop whatever it was doing
+-       /// but not exit. Main thread may change this to THR_EXIT.
+-       /// The worker thread may change this to THR_IDLE.
+-       THR_STOP,
+-
+        /// The main thread wants the thread to exit.
+        THR_EXIT,
+ 
+@@ -347,27 +342,6 @@ worker_enable_partial_update(void *thr_ptr)
+ }
+ 
+ 
+-/// Things do to at THR_STOP or when finishing a Block.
+-/// This is called with thr->coder->mutex locked.
+-static void
+-worker_stop(struct worker_thread *thr)
+-{
+-       // Update memory usage counters.
+-       thr->coder->mem_in_use -= thr->in_size;
+-       thr->in_size = 0; // thr->in was freed above.
+-
+-       thr->coder->mem_in_use -= thr->mem_filters;
+-       thr->coder->mem_cached += thr->mem_filters;
+-
+-       // Put this thread to the stack of free threads.
+-       thr->next = thr->coder->threads_free;
+-       thr->coder->threads_free = thr;
+-
+-       mythread_cond_signal(&thr->coder->cond);
+-       return;
+-}
+-
+-
+ static MYTHREAD_RET_TYPE
+ worker_decoder(void *thr_ptr)
+ {
+@@ -398,17 +372,6 @@ next_loop_unlocked:
+                return MYTHREAD_RET_VALUE;
+        }
+ 
+-       if (thr->state == THR_STOP) {
+-               thr->state = THR_IDLE;
+-               mythread_mutex_unlock(&thr->mutex);
+-
+-               mythread_sync(thr->coder->mutex) {
+-                       worker_stop(thr);
+-               }
+-
+-               goto next_loop_lock;
+-       }
+-
+        assert(thr->state == THR_RUN);
+ 
+        // Update progress info for get_progress().
+@@ -511,7 +474,22 @@ next_loop_unlocked:
+                                && thr->coder->thread_error == LZMA_OK)
+                        thr->coder->thread_error = ret;
+ 
+-               worker_stop(thr);
++               // Return the worker thread to the stack of available
++               // threads.
++               {
++                       // Update memory usage counters.
++                       thr->coder->mem_in_use -= thr->in_size;
++                       thr->in_size = 0; // thr->in was freed above.
++
++                       thr->coder->mem_in_use -= thr->mem_filters;
++                       thr->coder->mem_cached += thr->mem_filters;
++
++                       // Put this thread to the stack of free threads.
++                       thr->next = thr->coder->threads_free;
++                       thr->coder->threads_free = thr;
++               }
++
++               mythread_cond_signal(&thr->coder->cond);
+        }
+ 
+        goto next_loop_lock;
+@@ -545,17 +523,22 @@ threads_end(struct lzma_stream_coder *coder, const lzma_allocator *allocator)
+ }
+ 
+ 
++/// Tell worker threads to stop without doing any cleaning up.
++/// The clean up will be done when threads_exit() is called;
++/// it's not possible to reuse the threads after threads_stop().
++///
++/// This is called before returning an unrecoverable error code
++/// to the application. It would be waste of processor time
++/// to keep the threads running in such a situation.
+ static void
+ threads_stop(struct lzma_stream_coder *coder)
+ {
+        for (uint32_t i = 0; i < coder->threads_initialized; ++i) {
++               // The threads that are in the THR_RUN state will stop
++               // when they check the state the next time. There's no
++               // need to signal coder->threads[i].cond.
+                mythread_sync(coder->threads[i].mutex) {
+-                       // The state must be changed conditionally because
+-                       // THR_IDLE -> THR_STOP is not a valid state change.
+-                       if (coder->threads[i].state != THR_IDLE) {
+-                               coder->threads[i].state = THR_STOP;
+-                               mythread_cond_signal(&coder->threads[i].cond);
+-                       }
++                       coder->threads[i].state = THR_IDLE;
+                }
+        }
+ 
+@@ -1949,7 +1932,7 @@ stream_decoder_mt_init(lzma_next_coder *next, const lzma_allocator *allocator,
+        // accounting from scratch, too. Changes in filter and block sizes may
+        // affect number of threads.
+        //
+-       // FIXME? Reusing should be easy but unlike the single-threaded
++       // Reusing threads doesn't seem worth it. Unlike the single-threaded
+        // decoder, with some types of input file combinations reusing
+        // could leave quite a lot of memory allocated but unused (first
+        // file could allocate a lot, the next files could use fewer
diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch
new file mode 100644
index 0000000000..a40a024cb0
--- /dev/null
+++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch
@@ -0,0 +1,98 @@
+From 9a9c17712bd2a070581d9239692e527a2fe13845 Mon Sep 17 00:00:00 2001
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 3/4] liblzma: mt dec: Don't free the input buffer too early
+ (CVE-2025-31115)
+
+The input buffer must be valid as long as the main thread is writing
+to the worker-specific input buffer. Fix it by making the worker
+thread not free the buffer on errors and not return the worker thread to
+the pool. The input buffer will be freed when threads_end() is called.
+
+With invalid input, the bug could at least result in a crash. The
+effects include heap use after free and writing to an address based
+on the null pointer plus an offset.
+
+The bug has been there since the first committed version of the threaded
+decoder and thus affects versions from 5.3.3alpha to 5.8.0.
+
+As the commit message in 4cce3e27f529 says, I had made significant
+changes on top of Sebastian's patch. This bug was indeed introduced
+by my changes; it wasn't in Sebastian's version.
+
+Thanks to Harri K. Koskinen for discovering and reporting this issue.
+
+Fixes: 4cce3e27f529 ("liblzma: Add threaded .xz decompressor.")
+Reported-by: Harri K. Koskinen <x64nop@nannu.org>
+Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Thanks-to: Sam James <sam@gentoo.org>
+(cherry picked from commit d5a2ffe41bb77b918a8c96084885d4dbe4bf6480)
+
+CVE: CVE-2025-31115
+Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/9a9c17712bd2a070581d9239692e527a2fe13845]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/liblzma/common/stream_decoder_mt.c | 31 ++++++++++++++++++--------
+ 1 file changed, 22 insertions(+), 9 deletions(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index e8e53587..259c4c65 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -436,8 +436,7 @@ next_loop_unlocked:
+        }
+ 
+        // Either we finished successfully (LZMA_STREAM_END) or an error
+-       // occurred. Both cases are handled almost identically. The error
+-       // case requires updating thr->coder->thread_error.
++       // occurred.
+        //
+        // The sizes are in the Block Header and the Block decoder
+        // checks that they match, thus we know these:
+@@ -445,16 +444,30 @@ next_loop_unlocked:
+        assert(ret != LZMA_STREAM_END
+                || thr->out_pos == thr->block_options.uncompressed_size);
+ 
+-       // Free the input buffer. Don't update in_size as we need
+-       // it later to update thr->coder->mem_in_use.
+-       lzma_free(thr->in, thr->allocator);
+-       thr->in = NULL;
+-
+        mythread_sync(thr->mutex) {
++               // Block decoder ensures this, but do a sanity check anyway
++               // because thr->in_filled < thr->in_size means that the main
++               // thread is still writing to thr->in.
++               if (ret == LZMA_STREAM_END && thr->in_filled != thr->in_size) {
++                       assert(0);
++                       ret = LZMA_PROG_ERROR;
++               }
++
+                if (thr->state != THR_EXIT)
+                        thr->state = THR_IDLE;
+        }
+ 
++       // Free the input buffer. Don't update in_size as we need
++       // it later to update thr->coder->mem_in_use.
++       //
++       // This step is skipped if an error occurred because the main thread
++       // might still be writing to thr->in. The memory will be freed after
++       // threads_end() sets thr->state = THR_EXIT.
++       if (ret == LZMA_STREAM_END) {
++               lzma_free(thr->in, thr->allocator);
++               thr->in = NULL;
++       }
++
+        mythread_sync(thr->coder->mutex) {
+                // Move our progress info to the main thread.
+                thr->coder->progress_in += thr->in_pos;
+@@ -475,8 +488,8 @@ next_loop_unlocked:
+                        thr->coder->thread_error = ret;
+ 
+                // Return the worker thread to the stack of available
+-               // threads.
+-               {
++               // threads only if no errors occurred.
++               if (ret == LZMA_STREAM_END) {
+                        // Update memory usage counters.
+                        thr->coder->mem_in_use -= thr->in_size;
+                        thr->in_size = 0; // thr->in was freed above.
diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch
new file mode 100644
index 0000000000..8dea412281
--- /dev/null
+++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch
@@ -0,0 +1,56 @@
+From c8bb46c5a16ed02401f4a0b46c74f0f46c1b6434 Mon Sep 17 00:00:00 2001
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 4/4] liblzma: mt dec: Don't modify thr->in_size in the worker
+ thread
+
+Don't set thr->in_size = 0 when returning the thread to the stack of
+available threads. Not only is it useless, but the main thread may
+read the value in SEQ_BLOCK_THR_RUN. With valid inputs, it made
+no difference if the main thread saw the original value or 0. With
+invalid inputs (when worker thread stops early), thr->in_size was
+no longer modified after the previous commit with the security fix
+("Don't free the input buffer too early").
+
+So while the bug appears harmless now, it's important to fix it because
+the variable was being modified without proper locking. It's trivial
+to fix because there is no need to change the value. Only main thread
+needs to set the value in (in SEQ_BLOCK_THR_INIT) when starting a new
+Block before the worker thread is activated.
+
+Fixes: 4cce3e27f529 ("liblzma: Add threaded .xz decompressor.")
+Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Thanks-to: Sam James <sam@gentoo.org>
+(cherry picked from commit 8188048854e8d11071b8a50d093c74f4c030acc9)
+
+CVE: CVE-2025-31115
+Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/c8bb46c5a16ed02401f4a0b46c74f0f46c1b6434]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/liblzma/common/stream_decoder_mt.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index 259c4c65..6bbbe53b 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -492,8 +492,6 @@ next_loop_unlocked:
+                if (ret == LZMA_STREAM_END) {
+                        // Update memory usage counters.
+                        thr->coder->mem_in_use -= thr->in_size;
+-                       thr->in_size = 0; // thr->in was freed above.
+-
+                        thr->coder->mem_in_use -= thr->mem_filters;
+                        thr->coder->mem_cached += thr->mem_filters;
+ 
+@@ -1558,6 +1556,10 @@ stream_decode_mt(void *coder_ptr, const lzma_allocator *allocator,
+                }
+ 
+                // Return if the input didn't contain the whole Block.
++               //
++               // NOTE: When we updated coder->thr->in_filled a few lines
++               // above, the worker thread might by now have finished its
++               // work and returned itself back to the stack of free threads.
+                if (coder->thr->in_filled < coder->thr->in_size) {
+                        assert(*in_pos == in_size);
+                        return LZMA_OK;
diff --git a/meta/recipes-extended/xz/xz_5.4.6.bb b/meta/recipes-extended/xz/xz_5.4.7.bb
index 3f82e476bf..563643d4d9 100644
--- a/meta/recipes-extended/xz/xz_5.4.6.bb
+++ b/meta/recipes-extended/xz/xz_5.4.7.bb
@@ -17,7 +17,7 @@ LICENSE:${PN}-dbg = "GPL-2.0-or-later"
 LICENSE:${PN}-locale = "GPL-2.0-or-later"
 LICENSE:liblzma = "PD"
 
-LIC_FILES_CHKSUM = "file://COPYING;md5=d4378ea9d5d1fc9ab0ae10d7948827d9 \
+LIC_FILES_CHKSUM = "file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \
                     file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \
                     file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c \
@@ -26,8 +26,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d4378ea9d5d1fc9ab0ae10d7948827d9 \
 
 SRC_URI = "https://github.com/tukaani-project/xz/releases/download/v${PV}/xz-${PV}.tar.gz \
            file://run-ptest \
+           file://CVE-2025-31115-01.patch \
+           file://CVE-2025-31115-02.patch \
+           file://CVE-2025-31115-03.patch \
+           file://CVE-2025-31115-04.patch \
           "
-SRC_URI[sha256sum] = "aeba3e03bf8140ddedf62a0a367158340520f6b384f75ca6045ccc6c0d43fd5c"
+SRC_URI[sha256sum] = "8db6664c48ca07908b92baedcfe7f3ba23f49ef2476864518ab5db6723836e71"
 UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)"
 UPSTREAM_CHECK_URI = "https://github.com/tukaani-project/xz/releases/"
 
diff --git a/meta/recipes-gnome/gtk+/gtk4_4.14.1.bb b/meta/recipes-gnome/gtk+/gtk4_4.14.1.bb
index 497be6805a..aae69271ac 100644
--- a/meta/recipes-gnome/gtk+/gtk4_4.14.1.bb
+++ b/meta/recipes-gnome/gtk+/gtk4_4.14.1.bb
@@ -16,6 +16,7 @@ DEPENDS = " \
     graphene \
     harfbuzz \
     jpeg \
+    libdrm \
     libepoxy \
     libpng \
     librsvg \
diff --git a/meta/recipes-graphics/builder/builder_0.1.bb b/meta/recipes-graphics/builder/builder_0.1.bb
index 52c9351f93..709a0b4608 100644
--- a/meta/recipes-graphics/builder/builder_0.1.bb
+++ b/meta/recipes-graphics/builder/builder_0.1.bb
@@ -28,4 +28,5 @@ do_install () {
         chown  builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh
 }
 
-CVE_STATUS[CVE-2008-4178] = "cpe-incorrect: This CVE is for an unrelated builder"
+# do not report CVEs for other builder apps
+CVE_PRODUCT = "yoctoproject:builder"
diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch b/meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch
new file mode 100644
index 0000000000..0882b01498
--- /dev/null
+++ b/meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch
@@ -0,0 +1,33 @@
+From 73720c7c9958e87b3d134a7574d1720ad2d24442 Mon Sep 17 00:00:00 2001
+From: Alexei Podtelezhnikov <apodtele@gmail.com>
+Date: Sun, 23 Jun 2024 10:58:00 -0400
+Subject: [PATCH] * src/truetype/ttgload.c (load_truetype_glyph): Unsigned fix.
+
+CVE: CVE-2025-27363
+Upstream-Status: Backport [https://gitlab.freedesktop.org/freetype/freetype/-/commit/73720c7c9958e87b3d134a7574d1720ad2d24442]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/truetype/ttgload.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
+index 8cddc394c..b656ccf04 100644
+--- a/src/truetype/ttgload.c
++++ b/src/truetype/ttgload.c
+@@ -1741,14 +1741,14 @@
+       if ( FT_IS_NAMED_INSTANCE( FT_FACE( face ) ) ||
+            FT_IS_VARIATION( FT_FACE( face ) )      )
+       {
+-        short        i, limit;
++        FT_UShort    i, limit;
+         FT_SubGlyph  subglyph;
+ 
+         FT_Outline  outline = { 0, 0, NULL, NULL, NULL, 0 };
+         FT_Vector*  unrounded = NULL;
+ 
+ 
+-        limit = (short)gloader->current.num_subglyphs;
++        limit = (FT_UShort)gloader->current.num_subglyphs;
+ 
+         /* construct an outline structure for              */
+         /* communication with `TT_Vary_Apply_Glyph_Deltas' */
diff --git a/meta/recipes-graphics/freetype/freetype_2.13.2.bb b/meta/recipes-graphics/freetype/freetype_2.13.2.bb
index 4e7a0ad160..ce7a615a3c 100644
--- a/meta/recipes-graphics/freetype/freetype_2.13.2.bb
+++ b/meta/recipes-graphics/freetype/freetype_2.13.2.bb
@@ -13,7 +13,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=843b6efc16f6b1652ec97f89d5a516c0 \
                     file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec \
                     "
 
-SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz"
+SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz \
+           file://CVE-2025-27363.patch \
+"
 SRC_URI[sha256sum] = "12991c4e55c506dd7f9b765933e62fd2be2e06d421505d7950a132e4f1bb484d"
 
 UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)"
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.30.1.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.30.1.bb
index 891e91190a..7a14104671 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.30.1.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.30.1.bb
@@ -67,6 +67,7 @@ PACKAGECONFIG[directfb]   = "-DSDL_DIRECTFB=ON,-DSDL_DIRECTFB=OFF,directfb,direc
 PACKAGECONFIG[gles2]      = "-DSDL_OPENGLES=ON,-DSDL_OPENGLES=OFF,virtual/libgles2"
 PACKAGECONFIG[jack]       = "-DSDL_JACK=ON,-DSDL_JACK=OFF,jack"
 PACKAGECONFIG[kmsdrm]     = "-DSDL_KMSDRM=ON,-DSDL_KMSDRM=OFF,libdrm virtual/libgbm"
+PACKAGECONFIG[libsamplerate] = "-DSDL_LIBSAMPLERATE=ON,-DSDL_LIBSAMPLERATE=OFF,libsamplerate0"
 # The hidraw support doesn't catch Xbox, PS4 and Nintendo controllers,
 #  so we'll just use libusb when it's available.
 PACKAGECONFIG[libusb] = ",,libusb1"
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/0001-vrend-Fix-int-conversion-fatal-build-error-with-GCC-.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/0001-vrend-Fix-int-conversion-fatal-build-error-with-GCC-.patch
new file mode 100644
index 0000000000..9c49ee512a
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer/0001-vrend-Fix-int-conversion-fatal-build-error-with-GCC-.patch
@@ -0,0 +1,41 @@
+From 464deabe4d1bfce6b8f414ab0945d9a62b66ddd4 Mon Sep 17 00:00:00 2001
+From: Purushottam Choudhary <purushottam27.kumar@lge.com>
+Date: Tue, 8 Oct 2024 11:47:21 +0530
+Subject: [PATCH] vrend: Fix int-conversion fatal build error with GCC-14
+
+Getting below error int conversion during compilation as one the
+platforms where EGLNativeDisplayType is an int instead of a pointer.
+
+| ../git/src/vrend_winsys_egl.c: In function 'virgl_egl_init':
+| ../git/src/vrend_winsys_egl.c:364:62: error: passing argument 2 of 'egl->funcs.epoxy_eglGetPlatformDisplay' makes pointer from
+|   364 |                                                              (EGLNativeDisplayType)egl->gbm->device, NULL);
+|       |                                                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+|       |                                                              |
+|       |                                                              int
+| ../git/src/vrend_winsys_egl.c:364:62: note: expected 'void *' but argument is of type 'int'
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/464deabe4d1bfce6b8f414ab0945d9a62b66ddd4]
+
+Signed-off-by: Purushottam Choudhary <purushottam27.kumar@lge.com>
+Part-of: <https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/1440>
+---
+
+ src/vrend_winsys_egl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/vrend_winsys_egl.c b/src/vrend_winsys_egl.c
+index 9d9f410c..8750f6b2 100644
+--- a/src/vrend_winsys_egl.c
++++ b/src/vrend_winsys_egl.c
+@@ -361,7 +361,7 @@ struct virgl_egl *virgl_egl_init(EGLNativeDisplayType display_id, bool surfacele
+ #ifdef ENABLE_GBM
+       else
+          egl->egl_display = egl->funcs.eglGetPlatformDisplay(EGL_PLATFORM_GBM_KHR,
+-                                                             (EGLNativeDisplayType)egl->gbm->device, NULL);
++                                                             (EGLNativeDisplayType*)egl->gbm->device, NULL);
+ #endif
+    } else {
+ #ifdef ENABLE_GBM
+-- 
+2.34.1
+
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_1.0.1.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_1.0.1.bb
index 0501b0c59c..87f25a3461 100644
--- a/meta/recipes-graphics/virglrenderer/virglrenderer_1.0.1.bb
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer_1.0.1.bb
@@ -12,6 +12,7 @@ DEPENDS = "libdrm libepoxy virtual/egl virtual/libgbm"
 SRCREV = "690680e5f0f952e22424fca1538c1b24457a0868"
 SRC_URI = "git://gitlab.freedesktop.org/virgl/virglrenderer.git;branch=main;protocol=https \
            file://0001-meson.build-use-python3-directly-for-python.patch \
+           file://0001-vrend-Fix-int-conversion-fatal-build-error-with-GCC-.patch \
            "
 
 S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/wayland/weston/0001-vnc-Allow-neatvnc-in-version-0.8.0.patch b/meta/recipes-graphics/wayland/weston/0001-vnc-Allow-neatvnc-in-version-0.8.0.patch
new file mode 100644
index 0000000000..4ac1c075fd
--- /dev/null
+++ b/meta/recipes-graphics/wayland/weston/0001-vnc-Allow-neatvnc-in-version-0.8.0.patch
@@ -0,0 +1,27 @@
+From 534cfa08ea0a0c2646b4aec20b16bf95f6d0aae6 Mon Sep 17 00:00:00 2001
+From: Lukasz Czechowski <lukasz.czechowski@thaumatec.com>
+Date: Mon, 3 Jun 2024 13:39:27 +0200
+Subject: [PATCH] vnc: Allow neatvnc in version 0.8.0
+
+Neat VNC 0.8.0 does not introduce any changes that breaks API used
+by VNC backend, so it is safe to extend compatibility.
+
+Upstream-Status: Backport [05e5405651054c580b248c4ab2791ed8d66369e3]
+Signed-off-by: Lukasz Czechowski <lukasz.czechowski@thaumatec.com>
+---
+ libweston/backend-vnc/meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libweston/backend-vnc/meson.build b/libweston/backend-vnc/meson.build
+index b7b6916..39b15cf 100644
+--- a/libweston/backend-vnc/meson.build
++++ b/libweston/backend-vnc/meson.build
+@@ -3,7 +3,7 @@ if not get_option('backend-vnc')
+ endif
+ 
+ config_h.set('BUILD_VNC_COMPOSITOR', '1')
+-dep_neatvnc = dependency('neatvnc', version: ['>= 0.7.0', '< 0.8.0'], required: false, fallback: ['neatvnc', 'neatvnc_dep'])
++dep_neatvnc = dependency('neatvnc', version: ['>= 0.7.0', '< 0.9.0'], required: false, fallback: ['neatvnc', 'neatvnc_dep'])
+ if not dep_neatvnc.found()
+        error('VNC backend requires neatvnc which was not found. Or, you can use \'-Dbackend-vnc=false\'.')
+ endif
diff --git a/meta/recipes-graphics/wayland/weston_13.0.1.bb b/meta/recipes-graphics/wayland/weston_13.0.1.bb
index dd9517a4dd..d8f0279b65 100644
--- a/meta/recipes-graphics/wayland/weston_13.0.1.bb
+++ b/meta/recipes-graphics/wayland/weston_13.0.1.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d79ee9e66bb0f95d3386a7acae780b70 \
 
 SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz \
            file://0001-libweston-tools-Include-libgen.h-for-basename-signat.patch \
+           file://0001-vnc-Allow-neatvnc-in-version-0.8.0.patch \
            file://weston.png \
            file://weston.desktop \
            file://xwayland.weston-start \
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuall/noblank.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuall/noblank.conf
new file mode 100644
index 0000000000..9d40a9599a
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuall/noblank.conf
@@ -0,0 +1,7 @@
+# Disable screen blanking
+Section "ServerFlags"
+    Option        "BlankTime" "0"
+    Option        "StandbyTime" "0"
+    Option        "SuspendTime" "0"
+    Option        "OffTime" "0"
+EndSection
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuarm/xorg.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuarm/xorg.conf
deleted file mode 100644
index 3eb380a0a4..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuarm/xorg.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-
-Section "Files"
-EndSection
-
-Section "Device"
-    Identifier    "Graphics Controller"
-    Driver        "fbdev"
-EndSection
-
-Section "Monitor"
-    Identifier    "Generic Monitor"
-    Option        "DPMS"
-    # 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz
-    Modeline "1024x600_60.00"   49.00  1024 1072 1168 1312  600 603 613 624 -hsync +vsync
-    # 640x480 @ 60Hz (Industry standard) hsync: 31.5kHz
-    ModeLine "640x480"    25.2  640  656  752  800    480  490  492  525 -hsync -vsync
-    # 640x480 @ 72Hz (VESA) hsync: 37.9kHz
-    ModeLine "640x480"    31.5  640  664  704  832    480  489  491  520 -hsync -vsync
-    # 640x480 @ 75Hz (VESA) hsync: 37.5kHz
-    ModeLine "640x480"    31.5  640  656  720  840    480  481  484  500 -hsync -vsync
-    # 640x480 @ 85Hz (VESA) hsync: 43.3kHz
-    ModeLine "640x480"    36.0  640  696  752  832    480  481  484  509 -hsync -vsync
-EndSection
-
-Section "Screen"
-    Identifier    "Default Screen"
-    Device        "Graphics Controller"
-    Monitor        "Generic Monitor"
-    SubSection "Display"
-        Modes     "640x480"
-    EndSubSection
-EndSection
-
-Section "ServerLayout"
-    Identifier    "Default Layout"
-    Screen        "Default Screen"
-    Option         "AllowEmptyInput" "no"
-    Option        "BlankTime" "0"
-    Option        "StandbyTime" "0"
-    Option        "SuspendTime" "0"
-    Option        "OffTime" "0"
-EndSection
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuppc/xorg.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuppc/xorg.conf
deleted file mode 100644
index 3eb380a0a4..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemuppc/xorg.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-
-Section "Files"
-EndSection
-
-Section "Device"
-    Identifier    "Graphics Controller"
-    Driver        "fbdev"
-EndSection
-
-Section "Monitor"
-    Identifier    "Generic Monitor"
-    Option        "DPMS"
-    # 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz
-    Modeline "1024x600_60.00"   49.00  1024 1072 1168 1312  600 603 613 624 -hsync +vsync
-    # 640x480 @ 60Hz (Industry standard) hsync: 31.5kHz
-    ModeLine "640x480"    25.2  640  656  752  800    480  490  492  525 -hsync -vsync
-    # 640x480 @ 72Hz (VESA) hsync: 37.9kHz
-    ModeLine "640x480"    31.5  640  664  704  832    480  489  491  520 -hsync -vsync
-    # 640x480 @ 75Hz (VESA) hsync: 37.5kHz
-    ModeLine "640x480"    31.5  640  656  720  840    480  481  484  500 -hsync -vsync
-    # 640x480 @ 85Hz (VESA) hsync: 43.3kHz
-    ModeLine "640x480"    36.0  640  696  752  832    480  481  484  509 -hsync -vsync
-EndSection
-
-Section "Screen"
-    Identifier    "Default Screen"
-    Device        "Graphics Controller"
-    Monitor        "Generic Monitor"
-    SubSection "Display"
-        Modes     "640x480"
-    EndSubSection
-EndSection
-
-Section "ServerLayout"
-    Identifier    "Default Layout"
-    Screen        "Default Screen"
-    Option         "AllowEmptyInput" "no"
-    Option        "BlankTime" "0"
-    Option        "StandbyTime" "0"
-    Option        "SuspendTime" "0"
-    Option        "OffTime" "0"
-EndSection
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemush4/xorg.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemush4/xorg.conf
deleted file mode 100644
index 3eb380a0a4..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemush4/xorg.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-
-Section "Files"
-EndSection
-
-Section "Device"
-    Identifier    "Graphics Controller"
-    Driver        "fbdev"
-EndSection
-
-Section "Monitor"
-    Identifier    "Generic Monitor"
-    Option        "DPMS"
-    # 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz
-    Modeline "1024x600_60.00"   49.00  1024 1072 1168 1312  600 603 613 624 -hsync +vsync
-    # 640x480 @ 60Hz (Industry standard) hsync: 31.5kHz
-    ModeLine "640x480"    25.2  640  656  752  800    480  490  492  525 -hsync -vsync
-    # 640x480 @ 72Hz (VESA) hsync: 37.9kHz
-    ModeLine "640x480"    31.5  640  664  704  832    480  489  491  520 -hsync -vsync
-    # 640x480 @ 75Hz (VESA) hsync: 37.5kHz
-    ModeLine "640x480"    31.5  640  656  720  840    480  481  484  500 -hsync -vsync
-    # 640x480 @ 85Hz (VESA) hsync: 43.3kHz
-    ModeLine "640x480"    36.0  640  696  752  832    480  481  484  509 -hsync -vsync
-EndSection
-
-Section "Screen"
-    Identifier    "Default Screen"
-    Device        "Graphics Controller"
-    Monitor        "Generic Monitor"
-    SubSection "Display"
-        Modes     "640x480"
-    EndSubSection
-EndSection
-
-Section "ServerLayout"
-    Identifier    "Default Layout"
-    Screen        "Default Screen"
-    Option         "AllowEmptyInput" "no"
-    Option        "BlankTime" "0"
-    Option        "StandbyTime" "0"
-    Option        "SuspendTime" "0"
-    Option        "OffTime" "0"
-EndSection
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86-64/xorg.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86-64/xorg.conf
deleted file mode 100644
index c01c3331c5..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86-64/xorg.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-
-Section "Files"
-EndSection
-
-Section "Monitor"
-    Identifier    "Generic Monitor"
-    Option        "DPMS"
-    # 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz
-    Modeline "1024x600_60.00"   49.00  1024 1072 1168 1312  600 603 613 624 -hsync +vsync
-    # 640x480 @ 60Hz (Industry standard) hsync: 31.5kHz
-    ModeLine "640x480"    25.2  640  656  752  800    480  490  492  525 -hsync -vsync
-    # 640x480 @ 72Hz (VESA) hsync: 37.9kHz
-    ModeLine "640x480"    31.5  640  664  704  832    480  489  491  520 -hsync -vsync
-    # 640x480 @ 75Hz (VESA) hsync: 37.5kHz
-    ModeLine "640x480"    31.5  640  656  720  840    480  481  484  500 -hsync -vsync
-    # 640x480 @ 85Hz (VESA) hsync: 43.3kHz
-    ModeLine "640x480"    36.0  640  696  752  832    480  481  484  509 -hsync -vsync
-EndSection
-
-Section "Screen"
-    Identifier    "Default Screen"
-    Device        "Graphics Controller"
-    Monitor        "Generic Monitor"
-    SubSection "Display"
-        Modes     "640x480"
-    EndSubSection
-EndSection
-
-Section "ServerLayout"
-    Identifier    "Default Layout"
-    Screen        "Default Screen"
-    Option         "AllowEmptyInput" "no"
-    Option        "BlankTime" "0"
-    Option        "StandbyTime" "0"
-    Option        "SuspendTime" "0"
-    Option        "OffTime" "0"
-EndSection
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86/xorg.conf b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86/xorg.conf
deleted file mode 100644
index c01c3331c5..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config/qemux86/xorg.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-
-Section "Files"
-EndSection
-
-Section "Monitor"
-    Identifier    "Generic Monitor"
-    Option        "DPMS"
-    # 1024x600 59.85 Hz (CVT) hsync: 37.35 kHz; pclk: 49.00 MHz
-    Modeline "1024x600_60.00"   49.00  1024 1072 1168 1312  600 603 613 624 -hsync +vsync
-    # 640x480 @ 60Hz (Industry standard) hsync: 31.5kHz
-    ModeLine "640x480"    25.2  640  656  752  800    480  490  492  525 -hsync -vsync
-    # 640x480 @ 72Hz (VESA) hsync: 37.9kHz
-    ModeLine "640x480"    31.5  640  664  704  832    480  489  491  520 -hsync -vsync
-    # 640x480 @ 75Hz (VESA) hsync: 37.5kHz
-    ModeLine "640x480"    31.5  640  656  720  840    480  481  484  500 -hsync -vsync
-    # 640x480 @ 85Hz (VESA) hsync: 43.3kHz
-    ModeLine "640x480"    36.0  640  696  752  832    480  481  484  509 -hsync -vsync
-EndSection
-
-Section "Screen"
-    Identifier    "Default Screen"
-    Device        "Graphics Controller"
-    Monitor        "Generic Monitor"
-    SubSection "Display"
-        Modes     "640x480"
-    EndSubSection
-EndSection
-
-Section "ServerLayout"
-    Identifier    "Default Layout"
-    Screen        "Default Screen"
-    Option         "AllowEmptyInput" "no"
-    Option        "BlankTime" "0"
-    Option        "StandbyTime" "0"
-    Option        "SuspendTime" "0"
-    Option        "OffTime" "0"
-EndSection
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb
index 03f14cef2b..841d931e82 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb
@@ -5,6 +5,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
 SRC_URI = "file://xorg.conf"
+SRC_URI:append:qemuall = " file://noblank.conf"
 
 S = "${WORKDIR}"
 
@@ -18,4 +19,9 @@ do_install () {
                 install -d ${D}/${sysconfdir}/X11
                 install -m 0644 ${WORKDIR}/xorg.conf ${D}/${sysconfdir}/X11/
         fi
+
+        if test -s ${S}/noblank.conf; then
+                install -d ${D}/${sysconfdir}/X11/xorg.conf.d
+                install -m 0644 ${S}/noblank.conf ${D}/${sysconfdir}/X11/xorg.conf.d/
+        fi
 }
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index e2754426cf..815be6a498 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -177,3 +177,7 @@ python populate_packages:prepend() {
 }
 
 CVE_STATUS[CVE-2023-5574] = "${@bb.utils.contains('PACKAGECONFIG', 'xvfb', 'unpatched', 'not-applicable-config: specific to Xvfb', d)}"
+
+CVE_STATUS_GROUPS = "CVE_STATUS_REDHAT"
+CVE_STATUS_REDHAT = "CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601"
+CVE_STATUS_REDHAT[status] = "fixed-version: these are tracked as versionless redhat CVEs in NVD DB, fixed in 21.1.16"
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.13.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.16.bb
index 1f18c22fa8..38c81f2372 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.13.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.16.bb
@@ -3,7 +3,7 @@ require xserver-xorg.inc
 SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
            file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
            "
-SRC_URI[sha256sum] = "b45a02d5943f72236a360d3cc97e75134aa4f63039ff88c04686b508a3dc740c"
+SRC_URI[sha256sum] = "b14a116d2d805debc5b5b2aac505a279e69b217dae2fae2dfcb62400471a9970"
 
 # These extensions are now integrated into the server, so declare the migration
 # path for in-place upgrades.
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2024-9632.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2024-9632.patch
new file mode 100644
index 0000000000..54888f6347
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2024-9632.patch
@@ -0,0 +1,59 @@
+From ba1d14f8eff2a123bd7ff4d48c02e1d5131358e0 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Thu, 10 Oct 2024 10:37:28 +0200
+Subject: [PATCH] xkb: Fix buffer overflow in _XkbSetCompatMap()
+
+The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
+buffer.
+
+However, It didn't update its size properly. It updated `num_si` only,
+without updating `size_si`.
+
+This may lead to local privilege escalation if the server is run as root
+or remote code execution (e.g. x11 over ssh).
+
+CVE-2024-9632, ZDI-CAN-24756
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Tested-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: José Expósito <jexposit@redhat.com>
+(cherry picked from commit 85b77657)
+
+Part-of: <!1734>
+
+CVE: CVE-2024-9632
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/ba1d14f8eff2a123bd7ff4d48c02e1d5131358e0]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkb.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 276dc19..7da00a0 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -2992,13 +2992,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
+         XkbSymInterpretPtr sym;
+         unsigned int skipped = 0;
+
+-        if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) {
+-            compat->num_si = req->firstSI + req->nSI;
++        if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
++            compat->num_si = compat->size_si = req->firstSI + req->nSI;
+             compat->sym_interpret = reallocarray(compat->sym_interpret,
+-                                                 compat->num_si,
++                                                 compat->size_si,
+                                                  sizeof(XkbSymInterpretRec));
+             if (!compat->sym_interpret) {
+-                compat->num_si = 0;
++                compat->num_si = compat->size_si = 0;
+                 return BadAlloc;
+             }
+         }
+--
+2.40.0
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-1.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-1.patch
new file mode 100644
index 0000000000..f34a89e6ea
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-1.patch
@@ -0,0 +1,54 @@
+From 01642f263f12becf803b19be4db95a4a83f94acc Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 27 Nov 2024 11:27:05 +0100
+Subject: [PATCH] Cursor: Refuse to free the root cursor
+
+If a cursor reference count drops to 0, the cursor is freed.
+
+The root cursor however is referenced with a specific global variable,
+and when the root cursor is freed, the global variable may still point
+to freed memory.
+
+Make sure to prevent the rootCursor from being explicitly freed by a
+client.
+
+CVE-2025-26594, ZDI-CAN-25544
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+v2: Explicitly forbid XFreeCursor() on the root cursor (Peter Hutterer
+<peter.hutterer@who-t.net>)
+v3: Return BadCursor instead of BadValue (Michel Danzer
+<michel@daenzer.net>)
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Suggested-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/01642f26]
+CVE: CVE-2025-26594
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ dix/dispatch.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/dix/dispatch.c b/dix/dispatch.c
+index 4602961..30b95c1 100644
+--- a/dix/dispatch.c
++++ b/dix/dispatch.c
+@@ -3107,6 +3107,10 @@ ProcFreeCursor(ClientPtr client)
+     rc = dixLookupResourceByType((void **) &pCursor, stuff->id, RT_CURSOR,
+                                  client, DixDestroyAccess);
+     if (rc == Success) {
++        if (pCursor == rootCursor) {
++           client->errorValue = stuff->id;
++           return BadCursor;
++       }
+         FreeResource(stuff->id, RT_NONE);
+         return Success;
+     }
+-- 
+2.25.1
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-2.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-2.patch
new file mode 100644
index 0000000000..6ebf540ab9
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-2.patch
@@ -0,0 +1,51 @@
+From b0a09ba6020147961acc62d9c73d807b4cccd9f7 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 4 Dec 2024 15:49:43 +1000
+Subject: [PATCH] dix: keep a ref to the rootCursor
+
+CreateCursor returns a cursor with refcount 1 - that refcount is used by
+the resource system, any caller needs to call RefCursor to get their own
+reference. That happens correctly for normal cursors but for our
+rootCursor we keep a variable to the cursor despite not having a ref for
+ourselves.
+
+Fix this by reffing/unreffing the rootCursor to ensure our pointer is
+valid.
+
+Related to CVE-2025-26594, ZDI-CAN-25544
+
+Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b0a09ba6]
+CVE: CVE-2025-26594
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ dix/main.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/dix/main.c b/dix/main.c
+index bfc8add..38e29ce 100644
+--- a/dix/main.c
++++ b/dix/main.c
+@@ -231,6 +231,8 @@ dix_main(int argc, char *argv[], char *envp[])
+             FatalError("could not open default cursor font");
+         }
+ 
++        rootCursor = RefCursor(rootCursor);
++
+ #ifdef PANORAMIX
+         /*
+          * Consolidate window and colourmap information for each screen
+@@ -271,6 +273,8 @@ dix_main(int argc, char *argv[], char *envp[])
+ 
+         Dispatch();
+ 
++        UnrefCursor(rootCursor);
++
+         UndisplayDevices();
+         DisableAllDevices();
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26595.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26595.patch
new file mode 100644
index 0000000000..a7478d9e2a
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26595.patch
@@ -0,0 +1,65 @@
+From 11fcda8753e994e15eb915d28cf487660ec8e722 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 27 Nov 2024 14:41:45 +0100
+Subject: [PATCH] xkb: Fix buffer overflow in XkbVModMaskText()
+
+The code in XkbVModMaskText() allocates a fixed sized buffer on the
+stack and copies the virtual mod name.
+
+There's actually two issues in the code that can lead to a buffer
+overflow.
+
+First, the bound check mixes pointers and integers using misplaced
+parenthesis, defeating the bound check.
+
+But even though, if the check fails, the data is still copied, so the
+stack overflow will occur regardless.
+
+Change the logic to skip the copy entirely if the bound check fails.
+
+CVE-2025-26595, ZDI-CAN-25545
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda87]
+CVE: CVE-2025-26595
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkbtext.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/xkb/xkbtext.c b/xkb/xkbtext.c
+index 0184664207..93262528bb 100644
+--- a/xkb/xkbtext.c
++++ b/xkb/xkbtext.c
+@@ -173,14 +173,14 @@ XkbVModMaskText(XkbDescPtr xkb,
+                 len = strlen(tmp) + 1 + (str == buf ? 0 : 1);
+                 if (format == XkbCFile)
+                     len += 4;
+-                if ((str - (buf + len)) <= VMOD_BUFFER_SIZE) {
+-                    if (str != buf) {
+-                        if (format == XkbCFile)
+-                            *str++ = '|';
+-                        else
+-                            *str++ = '+';
+-                        len--;
+-                    }
++                if ((str - buf) + len > VMOD_BUFFER_SIZE)
++                    continue; /* Skip */
++                if (str != buf) {
++                    if (format == XkbCFile)
++                        *str++ = '|';
++                    else
++                        *str++ = '+';
++                    len--;
+                 }
+                 if (format == XkbCFile)
+                     sprintf(str, "%sMask", tmp);
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26596.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26596.patch
new file mode 100644
index 0000000000..f9df8d75ea
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26596.patch
@@ -0,0 +1,49 @@
+From 80d69f01423fc065c950e1ff4e8ddf9f675df773 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Thu, 28 Nov 2024 11:49:34 +0100
+Subject: [PATCH] xkb: Fix computation of XkbSizeKeySyms
+
+The computation of the length in XkbSizeKeySyms() differs from what is
+actually written in XkbWriteKeySyms(), leading to a heap overflow.
+
+Fix the calculation in XkbSizeKeySyms() to match what kbWriteKeySyms()
+does.
+
+CVE-2025-26596, ZDI-CAN-25543
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01]
+CVE: CVE-2025-26596
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkb.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 85659382da..744dba63d7 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -1095,10 +1095,10 @@ XkbSizeKeySyms(XkbDescPtr xkb, xkbGetMapReply * rep)
+     len = rep->nKeySyms * SIZEOF(xkbSymMapWireDesc);
+     symMap = &xkb->map->key_sym_map[rep->firstKeySym];
+     for (i = nSyms = 0; i < rep->nKeySyms; i++, symMap++) {
+-        if (symMap->offset != 0) {
+-            nSymsThisKey = XkbNumGroups(symMap->group_info) * symMap->width;
+-            nSyms += nSymsThisKey;
+-        }
++        nSymsThisKey = XkbNumGroups(symMap->group_info) * symMap->width;
++        if (nSymsThisKey == 0)
++            continue;
++        nSyms += nSymsThisKey;
+     }
+     len += nSyms * 4;
+     rep->totalSyms = nSyms;
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26597.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26597.patch
new file mode 100644
index 0000000000..b0735d0b46
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26597.patch
@@ -0,0 +1,46 @@
+From 0e4ed94952b255c04fe910f6a1d9c852878dcd64 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Thu, 28 Nov 2024 14:09:04 +0100
+Subject: [PATCH] xkb: Fix buffer overflow in XkbChangeTypesOfKey()
+
+If XkbChangeTypesOfKey() is called with nGroups == 0, it will resize the
+key syms to 0 but leave the key actions unchanged.
+
+If later, the same function is called with a non-zero value for nGroups,
+this will cause a buffer overflow because the key actions are of the wrong
+size.
+
+To avoid the issue, make sure to resize both the key syms and key actions
+when nGroups is 0.
+
+CVE-2025-26597, ZDI-CAN-25683
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949]
+CVE: CVE-2025-26597
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/XKBMisc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/xkb/XKBMisc.c b/xkb/XKBMisc.c
+index abbfed90eb..fd180fad2c 100644
+--- a/xkb/XKBMisc.c
++++ b/xkb/XKBMisc.c
+@@ -553,6 +553,7 @@ XkbChangeTypesOfKey(XkbDescPtr xkb,
+         i = XkbSetNumGroups(i, 0);
+         xkb->map->key_sym_map[key].group_info = i;
+         XkbResizeKeySyms(xkb, key, 0);
++        XkbResizeKeyActions(xkb, key, 0);
+         return Success;
+     }
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26598.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26598.patch
new file mode 100644
index 0000000000..210a76262a
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26598.patch
@@ -0,0 +1,120 @@
+From bba9df1a9d57234c76c0b93f88dacb143d01bca2 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 16 Dec 2024 11:25:11 +0100
+Subject: [PATCH] Xi: Fix barrier device search
+
+The function GetBarrierDevice() would search for the pointer device
+based on its device id and return the matching value, or supposedly NULL
+if no match was found.
+
+Unfortunately, as written, it would return the last element of the list
+if no matching device id was found which can lead to out of bounds
+memory access.
+
+Fix the search function to return NULL if not matching device is found,
+and adjust the callers to handle the case where the device cannot be
+found.
+
+CVE-2025-26598, ZDI-CAN-25740
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a]
+CVE: CVE-2025-26598
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xi/xibarriers.c | 27 +++++++++++++++++++++++----
+ 1 file changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/Xi/xibarriers.c b/Xi/xibarriers.c
+index 700b2b8c53..6761bcb49a 100644
+--- a/Xi/xibarriers.c
++++ b/Xi/xibarriers.c
+@@ -132,14 +132,15 @@ static void FreePointerBarrierClient(struct PointerBarrierClient *c)
+ 
+ static struct PointerBarrierDevice *GetBarrierDevice(struct PointerBarrierClient *c, int deviceid)
+ {
+-    struct PointerBarrierDevice *pbd = NULL;
++    struct PointerBarrierDevice *p, *pbd = NULL;
+ 
+-    xorg_list_for_each_entry(pbd, &c->per_device, entry) {
+-        if (pbd->deviceid == deviceid)
++    xorg_list_for_each_entry(p, &c->per_device, entry) {
++        if (p->deviceid == deviceid) {
++            pbd = p;
+             break;
++        }
+     }
+ 
+-    BUG_WARN(!pbd);
+     return pbd;
+ }
+ 
+@@ -340,6 +341,9 @@ barrier_find_nearest(BarrierScreenPtr cs, DeviceIntPtr dev,
+         double distance;
+ 
+         pbd = GetBarrierDevice(c, dev->id);
++        if (!pbd)
++            continue;
++
+         if (pbd->seen)
+             continue;
+ 
+@@ -448,6 +452,9 @@ input_constrain_cursor(DeviceIntPtr dev, ScreenPtr screen,
+         nearest = &c->barrier;
+ 
+         pbd = GetBarrierDevice(c, master->id);
++        if (!pbd)
++            continue;
++
+         new_sequence = !pbd->hit;
+ 
+         pbd->seen = TRUE;
+@@ -488,6 +495,9 @@ input_constrain_cursor(DeviceIntPtr dev, ScreenPtr screen,
+         int flags = 0;
+ 
+         pbd = GetBarrierDevice(c, master->id);
++        if (!pbd)
++            continue;
++
+         pbd->seen = FALSE;
+         if (!pbd->hit)
+             continue;
+@@ -682,6 +692,9 @@ BarrierFreeBarrier(void *data, XID id)
+             continue;
+ 
+         pbd = GetBarrierDevice(c, dev->id);
++        if (!pbd)
++            continue;
++
+         if (!pbd->hit)
+             continue;
+ 
+@@ -741,6 +754,8 @@ static void remove_master_func(void *res, XID id, void *devid)
+     barrier = container_of(b, struct PointerBarrierClient, barrier);
+ 
+     pbd = GetBarrierDevice(barrier, *deviceid);
++    if (!pbd)
++        return;
+ 
+     if (pbd->hit) {
+         BarrierEvent ev = {
+@@ -905,6 +920,10 @@ ProcXIBarrierReleasePointer(ClientPtr client)
+         barrier = container_of(b, struct PointerBarrierClient, barrier);
+ 
+         pbd = GetBarrierDevice(barrier, dev->id);
++        if (!pbd) {
++            client->errorValue = dev->id;
++            return BadDevice;
++        }
+ 
+         if (pbd->barrier_event_id == event_id)
+             pbd->release_event_id = event_id;
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-1.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-1.patch
new file mode 100644
index 0000000000..60b68a0d9a
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-1.patch
@@ -0,0 +1,66 @@
+From c1ff84bef2569b4ba4be59323cf575d1798ba9be Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Tue, 17 Dec 2024 15:19:45 +0100
+Subject: [PATCH] composite: Handle failure to redirect in compRedirectWindow()
+
+The function compCheckRedirect() may fail if it cannot allocate the
+backing pixmap.
+
+In that case, compRedirectWindow() will return a BadAlloc error.
+
+However that failure code path will shortcut the validation of the
+window tree marked just before, which leaves the validate data partly
+initialized.
+
+That causes a use of uninitialized pointer later.
+
+The fix is to not shortcut the call to compHandleMarkedWindows() even in
+the case of compCheckRedirect() returning an error.
+
+CVE-2025-26599, ZDI-CAN-25851
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84be]
+CVE: CVE-2025-26599
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ composite/compalloc.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/composite/compalloc.c b/composite/compalloc.c
+index eaabf0d..0bbbc55 100644
+--- a/composite/compalloc.c
++++ b/composite/compalloc.c
+@@ -140,6 +140,7 @@ compRedirectWindow(ClientPtr pClient, WindowPtr pWin, int update)
+     CompScreenPtr cs = GetCompScreen(pWin->drawable.pScreen);
+     WindowPtr pLayerWin;
+     Bool anyMarked = FALSE;
++    int status = Success;
+ 
+     if (pWin == cs->pOverlayWin) {
+         return Success;
+@@ -218,13 +219,13 @@ compRedirectWindow(ClientPtr pClient, WindowPtr pWin, int update)
+ 
+     if (!compCheckRedirect(pWin)) {
+         FreeResource(ccw->id, RT_NONE);
+-        return BadAlloc;
++        status = BadAlloc;
+     }
+ 
+     if (anyMarked)
+         compHandleMarkedWindows(pWin, pLayerWin);
+ 
+-    return Success;
++    return status;
+ }
+ 
+ void
+-- 
+2.25.1
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-2.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-2.patch
new file mode 100644
index 0000000000..252b033261
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-2.patch
@@ -0,0 +1,129 @@
+From b07192a8bedb90b039dc0f70ae69daf047ff9598 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 13 Jan 2025 16:09:43 +0100
+Subject: [PATCH] composite: initialize border clip even when pixmap alloc
+ fails
+
+If it fails to allocate the pixmap, the function compAllocPixmap() would
+return early and leave the borderClip region uninitialized, which may
+lead to the use of uninitialized value as reported by valgrind:
+
+ Conditional jump or move depends on uninitialised value(s)
+    at 0x4F9B33: compClipNotify (compwindow.c:317)
+    by 0x484FC9: miComputeClips (mivaltree.c:476)
+    by 0x48559A: miValidateTree (mivaltree.c:679)
+    by 0x4F0685: MapWindow (window.c:2693)
+    by 0x4A344A: ProcMapWindow (dispatch.c:922)
+    by 0x4A25B5: Dispatch (dispatch.c:560)
+    by 0x4B082A: dix_main (main.c:282)
+    by 0x429233: main (stubmain.c:34)
+  Uninitialised value was created by a heap allocation
+    at 0x4841866: malloc (vg_replace_malloc.c:446)
+    by 0x4F47BC: compRedirectWindow (compalloc.c:171)
+    by 0x4FA8AD: compCreateWindow (compwindow.c:592)
+    by 0x4EBB89: CreateWindow (window.c:925)
+    by 0x4A2E6E: ProcCreateWindow (dispatch.c:768)
+    by 0x4A25B5: Dispatch (dispatch.c:560)
+    by 0x4B082A: dix_main (main.c:282)
+    by 0x429233: main (stubmain.c:34)
+
+ Conditional jump or move depends on uninitialised value(s)
+    at 0x48EEDBC: pixman_region_translate (pixman-region.c:2233)
+    by 0x4F9255: RegionTranslate (regionstr.h:312)
+    by 0x4F9B7E: compClipNotify (compwindow.c:319)
+    by 0x484FC9: miComputeClips (mivaltree.c:476)
+    by 0x48559A: miValidateTree (mivaltree.c:679)
+    by 0x4F0685: MapWindow (window.c:2693)
+    by 0x4A344A: ProcMapWindow (dispatch.c:922)
+    by 0x4A25B5: Dispatch (dispatch.c:560)
+    by 0x4B082A: dix_main (main.c:282)
+    by 0x429233: main (stubmain.c:34)
+  Uninitialised value was created by a heap allocation
+    at 0x4841866: malloc (vg_replace_malloc.c:446)
+    by 0x4F47BC: compRedirectWindow (compalloc.c:171)
+    by 0x4FA8AD: compCreateWindow (compwindow.c:592)
+    by 0x4EBB89: CreateWindow (window.c:925)
+    by 0x4A2E6E: ProcCreateWindow (dispatch.c:768)
+    by 0x4A25B5: Dispatch (dispatch.c:560)
+    by 0x4B082A: dix_main (main.c:282)
+    by 0x429233: main (stubmain.c:34)
+
+ Conditional jump or move depends on uninitialised value(s)
+    at 0x48EEE33: UnknownInlinedFun (pixman-region.c:2241)
+    by 0x48EEE33: pixman_region_translate (pixman-region.c:2225)
+    by 0x4F9255: RegionTranslate (regionstr.h:312)
+    by 0x4F9B7E: compClipNotify (compwindow.c:319)
+    by 0x484FC9: miComputeClips (mivaltree.c:476)
+    by 0x48559A: miValidateTree (mivaltree.c:679)
+    by 0x4F0685: MapWindow (window.c:2693)
+    by 0x4A344A: ProcMapWindow (dispatch.c:922)
+    by 0x4A25B5: Dispatch (dispatch.c:560)
+    by 0x4B082A: dix_main (main.c:282)
+    by 0x429233: main (stubmain.c:34)
+  Uninitialised value was created by a heap allocation
+    at 0x4841866: malloc (vg_replace_malloc.c:446)
+    by 0x4F47BC: compRedirectWindow (compalloc.c:171)
+    by 0x4FA8AD: compCreateWindow (compwindow.c:592)
+    by 0x4EBB89: CreateWindow (window.c:925)
+    by 0x4A2E6E: ProcCreateWindow (dispatch.c:768)
+    by 0x4A25B5: Dispatch (dispatch.c:560)
+    by 0x4B082A: dix_main (main.c:282)
+    by 0x429233: main (stubmain.c:34)
+
+Fix compAllocPixmap() to initialize the border clip even if the creation
+of the backing pixmap has failed, to avoid depending later on
+uninitialized border clip values.
+
+Related to CVE-2025-26599, ZDI-CAN-25851
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8]
+CVE: CVE-2025-26599
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ composite/compalloc.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/composite/compalloc.c b/composite/compalloc.c
+index 7cf7351e00..4a1243170d 100644
+--- a/composite/compalloc.c
++++ b/composite/compalloc.c
+@@ -605,9 +605,12 @@ compAllocPixmap(WindowPtr pWin)
+     int h = pWin->drawable.height + (bw << 1);
+     PixmapPtr pPixmap = compNewPixmap(pWin, x, y, w, h);
+     CompWindowPtr cw = GetCompWindow(pWin);
++    Bool status;
+ 
+-    if (!pPixmap)
+-        return FALSE;
++    if (!pPixmap) {
++        status = FALSE;
++        goto out;
++    }
+     if (cw->update == CompositeRedirectAutomatic)
+         pWin->redirectDraw = RedirectDrawAutomatic;
+     else
+@@ -621,14 +624,16 @@ compAllocPixmap(WindowPtr pWin)
+         DamageRegister(&pWin->drawable, cw->damage);
+         cw->damageRegistered = TRUE;
+     }
++    status = TRUE;
+ 
++out:
+     /* Make sure our borderClip is up to date */
+     RegionUninit(&cw->borderClip);
+     RegionCopy(&cw->borderClip, &pWin->borderClip);
+     cw->borderClipX = pWin->drawable.x;
+     cw->borderClipY = pWin->drawable.y;
+ 
+-    return TRUE;
++    return status;
+ }
+ 
+ void
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26600.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26600.patch
new file mode 100644
index 0000000000..43b47b3ca3
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26600.patch
@@ -0,0 +1,68 @@
+From 6e0f332ba4c8b8c9a9945dc9d7989bfe06f80e14 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 16 Dec 2024 16:18:04 +0100
+Subject: [PATCH] dix: Dequeue pending events on frozen device on removal
+
+When a device is removed while still frozen, the events queued for that
+device remain while the device itself is freed.
+
+As a result, replaying the events will cause a use after free.
+
+To avoid the issue, make sure to dequeue and free any pending events on
+a frozen device when removed.
+
+CVE-2025-26600, ZDI-CAN-25871
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332b]
+CVE: CVE-2025-26600
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ dix/devices.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/dix/devices.c b/dix/devices.c
+index 1516147..459f1ed 100644
+--- a/dix/devices.c
++++ b/dix/devices.c
+@@ -962,6 +962,23 @@ FreeAllDeviceClasses(ClassesPtr classes)
+ 
+ }
+ 
++static void
++FreePendingFrozenDeviceEvents(DeviceIntPtr dev)
++{
++    QdEventPtr qe, tmp;
++
++    if (!dev->deviceGrab.sync.frozen)
++        return;
++
++    /* Dequeue any frozen pending events */
++    xorg_list_for_each_entry_safe(qe, tmp, &syncEvents.pending, next) {
++        if (qe->device == dev) {
++            xorg_list_del(&qe->next);
++            free(qe);
++        }
++    }
++}
++
+ /**
+  * Close down a device and free all resources.
+  * Once closed down, the driver will probably not expect you that you'll ever
+@@ -1026,6 +1043,7 @@ CloseDevice(DeviceIntPtr dev)
+         free(dev->last.touches[j].valuators);
+     free(dev->last.touches);
+     dev->config_info = NULL;
++    FreePendingFrozenDeviceEvents(dev);
+     dixFreePrivates(dev->devPrivates, PRIVATE_DEVICE);
+     free(dev);
+ }
+-- 
+2.25.1
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-1.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-1.patch
new file mode 100644
index 0000000000..df5416a452
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-1.patch
@@ -0,0 +1,71 @@
+From 16a1242d0ffc7f45ed3c595ee7564b5c04287e0b Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 20 Jan 2025 16:52:01 +0100
+Subject: [PATCH] sync: Do not let sync objects uninitialized
+
+When changing an alarm, the change mask values are evaluated one after
+the other, changing the trigger values as requested and eventually,
+SyncInitTrigger() is called.
+
+SyncInitTrigger() will evaluate the XSyncCACounter first and may free
+the existing sync object.
+
+Other changes are then evaluated and may trigger an error and an early
+return, not adding the new sync object.
+
+This can be used to cause a use after free when the alarm eventually
+triggers.
+
+To avoid the issue, delete the existing sync object as late as possible
+only once we are sure that no further error will cause an early exit.
+
+CVE-2025-26601, ZDI-CAN-25870
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242d]
+CVE: CVE-2025-26601
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xext/sync.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/Xext/sync.c b/Xext/sync.c
+index ee0010e657..585cfa6f68 100644
+--- a/Xext/sync.c
++++ b/Xext/sync.c
+@@ -360,11 +360,6 @@ SyncInitTrigger(ClientPtr client, SyncTrigger * pTrigger, XID syncObject,
+             client->errorValue = syncObject;
+             return rc;
+         }
+-        if (pSync != pTrigger->pSync) { /* new counter for trigger */
+-            SyncDeleteTriggerFromSyncObject(pTrigger);
+-            pTrigger->pSync = pSync;
+-            newSyncObject = TRUE;
+-        }
+     }
+ 
+     /* if system counter, ask it what the current value is */
+@@ -432,6 +427,14 @@ SyncInitTrigger(ClientPtr client, SyncTrigger * pTrigger, XID syncObject,
+         }
+     }
+ 
++    if (changes & XSyncCACounter) {
++        if (pSync != pTrigger->pSync) { /* new counter for trigger */
++            SyncDeleteTriggerFromSyncObject(pTrigger);
++            pTrigger->pSync = pSync;
++            newSyncObject = TRUE;
++        }
++    }
++
+     /*  we wait until we're sure there are no errors before registering
+      *  a new counter on a trigger
+      */
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-2.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-2.patch
new file mode 100644
index 0000000000..22e751c017
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-2.patch
@@ -0,0 +1,85 @@
+From f52cea2f93a0c891494eb3334894442a92368030 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 20 Jan 2025 16:54:30 +0100
+Subject: [PATCH] sync: Check values before applying changes
+
+In SyncInitTrigger(), we would set the CheckTrigger function before
+validating the counter value.
+
+As a result, if the counter value overflowed, we would leave the
+function SyncInitTrigger() with the CheckTrigger applied but without
+updating the trigger object.
+
+To avoid that issue, move the portion of code checking for the trigger
+check value before updating the CheckTrigger function.
+
+Related to CVE-2025-26601, ZDI-CAN-25870
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2f]
+CVE: CVE-2025-26601
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xext/sync.c | 36 ++++++++++++++++++------------------
+ 1 file changed, 18 insertions(+), 18 deletions(-)
+
+diff --git a/Xext/sync.c b/Xext/sync.c
+index 585cfa6f68..10302160fb 100644
+--- a/Xext/sync.c
++++ b/Xext/sync.c
+@@ -381,6 +381,24 @@ SyncInitTrigger(ClientPtr client, SyncTrigger * pTrigger, XID syncObject,
+         }
+     }
+ 
++    if (changes & (XSyncCAValueType | XSyncCAValue)) {
++        if (pTrigger->value_type == XSyncAbsolute)
++            pTrigger->test_value = pTrigger->wait_value;
++        else {                  /* relative */
++            Bool overflow;
++
++            if (pCounter == NULL)
++                return BadMatch;
++
++            overflow = checked_int64_add(&pTrigger->test_value,
++                                         pCounter->value, pTrigger->wait_value);
++            if (overflow) {
++                client->errorValue = pTrigger->wait_value >> 32;
++                return BadValue;
++            }
++        }
++    }
++
+     if (changes & XSyncCATestType) {
+ 
+         if (pSync && SYNC_FENCE == pSync->type) {
+@@ -409,24 +427,6 @@ SyncInitTrigger(ClientPtr client, SyncTrigger * pTrigger, XID syncObject,
+         }
+     }
+ 
+-    if (changes & (XSyncCAValueType | XSyncCAValue)) {
+-        if (pTrigger->value_type == XSyncAbsolute)
+-            pTrigger->test_value = pTrigger->wait_value;
+-        else {                  /* relative */
+-            Bool overflow;
+-
+-            if (pCounter == NULL)
+-                return BadMatch;
+-
+-            overflow = checked_int64_add(&pTrigger->test_value,
+-                                         pCounter->value, pTrigger->wait_value);
+-            if (overflow) {
+-                client->errorValue = pTrigger->wait_value >> 32;
+-                return BadValue;
+-            }
+-        }
+-    }
+-
+     if (changes & XSyncCACounter) {
+         if (pSync != pTrigger->pSync) { /* new counter for trigger */
+             SyncDeleteTriggerFromSyncObject(pTrigger);
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-3.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-3.patch
new file mode 100644
index 0000000000..8d714f0302
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-3.patch
@@ -0,0 +1,52 @@
+From 8cbc90c8817306af75a60f494ec9dbb1061e50db Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 20 Jan 2025 17:06:07 +0100
+Subject: [PATCH] sync: Do not fail SyncAddTriggerToSyncObject()
+
+We do not want to return a failure at the very last step in
+SyncInitTrigger() after having all changes applied.
+
+SyncAddTriggerToSyncObject() must not fail on memory allocation, if the
+allocation of the SyncTriggerList fails, trigger a FatalError() instead.
+
+Related to CVE-2025-26601, ZDI-CAN-25870
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8]
+CVE: CVE-2025-26601
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xext/sync.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/Xext/sync.c b/Xext/sync.c
+index 10302160fb..65f2d43780 100644
+--- a/Xext/sync.c
++++ b/Xext/sync.c
+@@ -201,8 +201,8 @@ SyncAddTriggerToSyncObject(SyncTrigger * pTrigger)
+             return Success;
+     }
+ 
+-    if (!(pCur = malloc(sizeof(SyncTriggerList))))
+-        return BadAlloc;
++    /* Failure is not an option, it's succeed or burst! */
++    pCur = XNFalloc(sizeof(SyncTriggerList));
+ 
+     pCur->pTrigger = pTrigger;
+     pCur->next = pTrigger->pSync->pTriglist;
+@@ -439,8 +439,7 @@ SyncInitTrigger(ClientPtr client, SyncTrigger * pTrigger, XID syncObject,
+      *  a new counter on a trigger
+      */
+     if (newSyncObject) {
+-        if ((rc = SyncAddTriggerToSyncObject(pTrigger)) != Success)
+-            return rc;
++        SyncAddTriggerToSyncObject(pTrigger);
+     }
+     else if (pCounter && IsSystemCounter(pCounter)) {
+         SyncComputeBracketValues(pCounter);
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-4.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-4.patch
new file mode 100644
index 0000000000..e2261192fa
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-4.patch
@@ -0,0 +1,132 @@
+From c285798984c6bb99e454a33772cde23d394d3dcd Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 20 Jan 2025 17:10:31 +0100
+Subject: [PATCH] sync: Apply changes last in SyncChangeAlarmAttributes()
+
+SyncChangeAlarmAttributes() would apply the various changes while
+checking for errors.
+
+If one of the changes triggers an error, the changes for the trigger,
+counter or delta value would remain, possibly leading to inconsistent
+changes.
+
+Postpone the actual changes until we're sure nothing else can go wrong.
+
+Related to CVE-2025-26601, ZDI-CAN-25870
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/c2857989]
+CVE: CVE-2025-26601
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xext/sync.c | 42 +++++++++++++++++++++++++++---------------
+ 1 file changed, 27 insertions(+), 15 deletions(-)
+
+diff --git a/Xext/sync.c b/Xext/sync.c
+index 65f2d43780..cab73be927 100644
+--- a/Xext/sync.c
++++ b/Xext/sync.c
+@@ -830,8 +830,14 @@ SyncChangeAlarmAttributes(ClientPtr client, SyncAlarm * pAlarm, Mask mask,
+     int status;
+     XSyncCounter counter;
+     Mask origmask = mask;
++    SyncTrigger trigger;
++    Bool select_events_changed = FALSE;
++    Bool select_events_value = FALSE;
++    int64_t delta;
+ 
+-    counter = pAlarm->trigger.pSync ? pAlarm->trigger.pSync->id : None;
++    trigger = pAlarm->trigger;
++    delta = pAlarm->delta;
++    counter = trigger.pSync ? trigger.pSync->id : None;
+ 
+     while (mask) {
+         int index2 = lowbit(mask);
+@@ -847,24 +853,24 @@ SyncChangeAlarmAttributes(ClientPtr client, SyncAlarm * pAlarm, Mask mask,
+         case XSyncCAValueType:
+             mask &= ~XSyncCAValueType;
+             /* sanity check in SyncInitTrigger */
+-            pAlarm->trigger.value_type = *values++;
++            trigger.value_type = *values++;
+             break;
+ 
+         case XSyncCAValue:
+             mask &= ~XSyncCAValue;
+-            pAlarm->trigger.wait_value = ((int64_t)values[0] << 32) | values[1];
++            trigger.wait_value = ((int64_t)values[0] << 32) | values[1];
+             values += 2;
+             break;
+ 
+         case XSyncCATestType:
+             mask &= ~XSyncCATestType;
+             /* sanity check in SyncInitTrigger */
+-            pAlarm->trigger.test_type = *values++;
++            trigger.test_type = *values++;
+             break;
+ 
+         case XSyncCADelta:
+             mask &= ~XSyncCADelta;
+-            pAlarm->delta = ((int64_t)values[0] << 32) | values[1];
++            delta = ((int64_t)values[0] << 32) | values[1];
+             values += 2;
+             break;
+ 
+@@ -874,10 +880,8 @@ SyncChangeAlarmAttributes(ClientPtr client, SyncAlarm * pAlarm, Mask mask,
+                 client->errorValue = *values;
+                 return BadValue;
+             }
+-            status = SyncEventSelectForAlarm(pAlarm, client,
+-                                             (Bool) (*values++));
+-            if (status != Success)
+-                return status;
++            select_events_value = (Bool) (*values++);
++            select_events_changed = TRUE;
+             break;
+ 
+         default:
+@@ -886,25 +890,33 @@ SyncChangeAlarmAttributes(ClientPtr client, SyncAlarm * pAlarm, Mask mask,
+         }
+     }
+ 
++    if (select_events_changed) {
++        status = SyncEventSelectForAlarm(pAlarm, client, select_events_value);
++        if (status != Success)
++            return status;
++    }
++
+     /* "If the test-type is PositiveComparison or PositiveTransition
+      *  and delta is less than zero, or if the test-type is
+      *  NegativeComparison or NegativeTransition and delta is
+      *  greater than zero, a Match error is generated."
+      */
+     if (origmask & (XSyncCADelta | XSyncCATestType)) {
+-        if ((((pAlarm->trigger.test_type == XSyncPositiveComparison) ||
+-              (pAlarm->trigger.test_type == XSyncPositiveTransition))
+-             && pAlarm->delta < 0)
++        if ((((trigger.test_type == XSyncPositiveComparison) ||
++              (trigger.test_type == XSyncPositiveTransition))
++             && delta < 0)
+             ||
+-            (((pAlarm->trigger.test_type == XSyncNegativeComparison) ||
+-              (pAlarm->trigger.test_type == XSyncNegativeTransition))
+-             && pAlarm->delta > 0)
++            (((trigger.test_type == XSyncNegativeComparison) ||
++              (trigger.test_type == XSyncNegativeTransition))
++             && delta > 0)
+             ) {
+             return BadMatch;
+         }
+     }
+ 
+     /* postpone this until now, when we're sure nothing else can go wrong */
++    pAlarm->delta = delta;
++    pAlarm->trigger = trigger;
+     if ((status = SyncInitTrigger(client, &pAlarm->trigger, counter, RTCounter,
+                                   origmask & XSyncCAAllTrigger)) != Success)
+         return status;
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb b/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
index b934a873d1..0265366393 100644
--- a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
@@ -9,7 +9,22 @@ HOMEPAGE = "https://fedoraproject.org/wiki/Changes/XwaylandStandalone"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
 
-SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz"
+SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz \
+           file://CVE-2024-9632.patch \
+           file://CVE-2025-26594-1.patch \
+           file://CVE-2025-26594-2.patch \
+           file://CVE-2025-26595.patch \
+           file://CVE-2025-26596.patch \
+           file://CVE-2025-26597.patch \
+           file://CVE-2025-26598.patch \
+           file://CVE-2025-26599-1.patch \
+           file://CVE-2025-26599-2.patch \
+           file://CVE-2025-26600.patch \
+           file://CVE-2025-26601-1.patch \
+           file://CVE-2025-26601-2.patch \
+           file://CVE-2025-26601-3.patch \
+           file://CVE-2025-26601-4.patch \
+"
 SRC_URI[sha256sum] = "33ec7ff2687a59faaa52b9b09aa8caf118e7ecb6aed8953f526a625ff9f4bd90"
 
 UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar"
diff --git a/meta/recipes-kernel/cryptodev/cryptodev-linux_1.13.bb b/meta/recipes-kernel/cryptodev/cryptodev-linux_1.14.bb
index d5ea9d8529..d5ea9d8529 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev-linux_1.13.bb
+++ b/meta/recipes-kernel/cryptodev/cryptodev-linux_1.14.bb
diff --git a/meta/recipes-kernel/cryptodev/cryptodev-module_1.13.bb b/meta/recipes-kernel/cryptodev/cryptodev-module_1.14.bb
index 5192cf03ed..6fb75675bb 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev-module_1.13.bb
+++ b/meta/recipes-kernel/cryptodev/cryptodev-module_1.14.bb
@@ -7,9 +7,6 @@ inherit module
 # Header file provided by a separate package
 DEPENDS += "cryptodev-linux"
 
-SRC_URI += "file://0001-Disable-installing-header-file-provided-by-another-p.patch \
-           "
-
 EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
 
 RCONFLICTS:${PN} = "ocf-linux"
diff --git a/meta/recipes-kernel/cryptodev/cryptodev-tests_1.13.bb b/meta/recipes-kernel/cryptodev/cryptodev-tests_1.14.bb
index 458ad8ecf2..f6a286e1b7 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev-tests_1.13.bb
+++ b/meta/recipes-kernel/cryptodev/cryptodev-tests_1.14.bb
@@ -4,10 +4,6 @@ SUMMARY = "A test suite for /dev/crypto device driver"
 
 DEPENDS += "openssl"
 
-SRC_URI += " \
-           file://0001-tests-Makefile-do-not-use-Werror.patch \
-           "
-
 EXTRA_OEMAKE='KERNEL_DIR="${STAGING_EXECPREFIXDIR}" PREFIX="${D}"'
 
 do_compile() {
diff --git a/meta/recipes-kernel/cryptodev/cryptodev.inc b/meta/recipes-kernel/cryptodev/cryptodev.inc
index 64a9c2926b..8d0aad4a01 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev.inc
+++ b/meta/recipes-kernel/cryptodev/cryptodev.inc
@@ -10,8 +10,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
 SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux;branch=master;protocol=https \
            "
-SRCREV = "bb8bc7cf60d2c0b097c8b3b0e807f805b577a53f"
-PV = "1.13+git${SRCPV}"
+SRCREV = "135cbff90af2ba97d88f1472be595ce78721972c"
+PV = "1.14"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta/recipes-kernel/cryptodev/files/0001-Disable-installing-header-file-provided-by-another-p.patch b/meta/recipes-kernel/cryptodev/files/0001-Disable-installing-header-file-provided-by-another-p.patch
deleted file mode 100644
index c7fdef4da4..0000000000
--- a/meta/recipes-kernel/cryptodev/files/0001-Disable-installing-header-file-provided-by-another-p.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 66d85d3f26e21cf7c38b27de0dcc42376f5d853e Mon Sep 17 00:00:00 2001
-From: Denys Dmytriyenko <denys@ti.com>
-Date: Sun, 6 Apr 2014 19:51:39 -0400
-Subject: [PATCH] Disable installing header file provided by another package
-
-Signed-off-by: Denys Dmytriyenko <denys@ti.com>
-
-Upstream-Status: Inappropriate [ OE specific ]
-
----
- Makefile | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index d83aee6..c8d8ae5 100644
---- a/Makefile
-+++ b/Makefile
-@@ -36,7 +36,6 @@ install: modules_install
- 
- modules_install:
-        $(MAKE) $(KERNEL_MAKE_OPTS) modules_install
--       install -m 644 -D crypto/cryptodev.h $(DESTDIR)/$(includedir)/crypto/cryptodev.h
- 
- install_tests: tests
-        $(MAKE) -C tests install DESTDIR=$(PREFIX)
diff --git a/meta/recipes-kernel/cryptodev/files/0001-tests-Makefile-do-not-use-Werror.patch b/meta/recipes-kernel/cryptodev/files/0001-tests-Makefile-do-not-use-Werror.patch
deleted file mode 100644
index 3285548a57..0000000000
--- a/meta/recipes-kernel/cryptodev/files/0001-tests-Makefile-do-not-use-Werror.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 47438e53e1156db0916c0f4683a24fe4d82152f2 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Fri, 10 Sep 2021 10:44:42 +0200
-Subject: [PATCH] tests/Makefile: do not use -Werror
-
-Otherwise, openssl 3 deprecation warnings become errors.
-Reported at https://github.com/cryptodev-linux/cryptodev-linux/issues/67
-
-Upstream-Status: Inappropriate [upstream needs to update the code]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
----
- tests/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/Makefile b/tests/Makefile
-index 2fb7a9a..e94f80e 100644
---- a/tests/Makefile
-+++ b/tests/Makefile
-@@ -1,4 +1,4 @@
--CFLAGS += -I.. $(CRYPTODEV_CFLAGS) -Wall -Werror
-+CFLAGS += -I.. $(CRYPTODEV_CFLAGS) -Wall
- 
- comp_progs := cipher_comp hash_comp hmac_comp
- 
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20240909.bb
index 5819d9287c..30c47d7720 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20240909.bb
@@ -82,7 +82,7 @@ LICENSE = "\
 LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
                     file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
-                    file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \
+                    file://LICENSE.amdgpu;md5=1433dfea38c97a2e563a248a863dcb94 \
                     file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \
                     file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
                     file://LICENSE.amphion_vpu;md5=2bcdc00527b2d0542bd92b52aaec2b60 \
@@ -142,7 +142,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     file://LICENCE.rtlwifi_firmware.txt;md5=00d06cfd3eddd5a2698948ead2ad54a5 \
                     file://LICENSE.sdma_firmware;md5=51e8c19ecc2270f4b8ea30341ad63ce9 \
                     file://LICENCE.siano;md5=4556c1bf830067f12ca151ad953ec2a5 \
-                    file://LICENCE.ti-connectivity;md5=c5e02be633f1499c109d1652514d85ec \
+                    file://LICENCE.ti-connectivity;md5=3b1e9cf54aba8146dad4b735777d406f \
                     file://LICENCE.ti-keystone;md5=3a86335d32864b0bef996bee26cc0f2c \
                     file://LICENCE.ueagle-atm4-firmware;md5=4ed7ea6b507ccc583b9d594417714118 \
                     file://LICENCE.via_vt6656;md5=e4159694cba42d4377a912e78a6e850f \
@@ -154,7 +154,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     "
 # WHENCE checksum is defined separately to ease overriding it if
 # class-devupstream is selected.
-WHENCE_CHKSUM  = "514da1cd8b363373030f0c16749feb8d"
+WHENCE_CHKSUM  = "6ae5ffd807c84809977286ad0b37acdb"
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
 # so that the license files will be copied from fetched source
@@ -241,7 +241,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw
 # Pin this to the 20220509 release, override this in local.conf
 SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
 
-SRC_URI[sha256sum] = "b2327a54ad1897c828008caf63af5ee15469ba723a5016be58f2b44f07bd4b94"
+SRC_URI[sha256sum] = "943fbd19883cf8eadf89e0b22422549db056557b1ecd30a56400615971369671"
 
 inherit allarch
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 2c8725f27a..d855ee3f8a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "f1958988835e4b36462e9a7762001b695989288c"
-SRCREV_meta ?= "c82d4e5d08201d0259c29a4d15ce1e72fc63c65f"
+SRCREV_machine ?= "1933814ca46d38977965bbfe58ee3a1f8aacfb36"
+SRCREV_meta ?= "8e66f449e449f9ae2809b6c395ed7089aa37d7a3"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.50"
+LINUX_VERSION ?= "6.6.92"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index ce20fbc07d..382a74f648 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.50"
+LINUX_VERSION ?= "6.6.92"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "10604010520101e717ca658ada47b394a46e1539"
-SRCREV_meta ?= "c82d4e5d08201d0259c29a4d15ce1e72fc63c65f"
+SRCREV_machine ?= "c72b190dc393b310be436153c864144694b184a6"
+SRCREV_meta ?= "8e66f449e449f9ae2809b6c395ed7089aa37d7a3"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index b871b30157..c1bb736e04 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "36f604ad9d400626d19666688399af0d0ae93e53"
-SRCREV_machine:qemuarm64 ?= "10604010520101e717ca658ada47b394a46e1539"
-SRCREV_machine:qemuloongarch64 ?= "10604010520101e717ca658ada47b394a46e1539"
-SRCREV_machine:qemumips ?= "8ca27eda30aa6ceb72b61c784ebb057de07201ae"
-SRCREV_machine:qemuppc ?= "10604010520101e717ca658ada47b394a46e1539"
-SRCREV_machine:qemuriscv64 ?= "10604010520101e717ca658ada47b394a46e1539"
-SRCREV_machine:qemuriscv32 ?= "10604010520101e717ca658ada47b394a46e1539"
-SRCREV_machine:qemux86 ?= "10604010520101e717ca658ada47b394a46e1539"
-SRCREV_machine:qemux86-64 ?= "10604010520101e717ca658ada47b394a46e1539"
-SRCREV_machine:qemumips64 ?= "72b65c64c2fd2b4d252b4a93642acc268ca2f006"
-SRCREV_machine ?= "10604010520101e717ca658ada47b394a46e1539"
-SRCREV_meta ?= "c82d4e5d08201d0259c29a4d15ce1e72fc63c65f"
+SRCREV_machine:qemuarm ?= "1d95b0a9486ae02a4eb38df55b94cb64485bd4c0"
+SRCREV_machine:qemuarm64 ?= "8cd580eb06e43c9a4e9c26e1dd954a334f656fbd"
+SRCREV_machine:qemuloongarch64 ?= "6032c9c1ac18edd7c8eadd6f9f655556b5f5e77c"
+SRCREV_machine:qemumips ?= "a3bbede9b1c6dbd0b51132b8447adbbde1f46f85"
+SRCREV_machine:qemuppc ?= "a5bba7e08dbb26c0dc7d7ec0624e903b7c6bac94"
+SRCREV_machine:qemuriscv64 ?= "6032c9c1ac18edd7c8eadd6f9f655556b5f5e77c"
+SRCREV_machine:qemuriscv32 ?= "6032c9c1ac18edd7c8eadd6f9f655556b5f5e77c"
+SRCREV_machine:qemux86 ?= "6032c9c1ac18edd7c8eadd6f9f655556b5f5e77c"
+SRCREV_machine:qemux86-64 ?= "6032c9c1ac18edd7c8eadd6f9f655556b5f5e77c"
+SRCREV_machine:qemumips64 ?= "a1ed8408c3b0bc729270cc2bd2c9dd0056ab9271"
+SRCREV_machine ?= "6032c9c1ac18edd7c8eadd6f9f655556b5f5e77c"
+SRCREV_meta ?= "8e66f449e449f9ae2809b6c395ed7089aa37d7a3"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "ad07a29023cebd40848fce81e6732d671ede5fe6"
+SRCREV_machine:class-devupstream ?= "ffaf6178137b9cdcc9742d6677b70be164dfeb8c"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.50"
+LINUX_VERSION ?= "6.6.92"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/lttng/babeltrace2_2.0.6.bb b/meta/recipes-kernel/lttng/babeltrace2_2.0.6.bb
index d6c75d7580..bd6eb9ba1c 100644
--- a/meta/recipes-kernel/lttng/babeltrace2_2.0.6.bb
+++ b/meta/recipes-kernel/lttng/babeltrace2_2.0.6.bb
@@ -93,3 +93,15 @@ do_install_ptest () {
     # Remove architechture specific testfiles
     rm -rf ${D}${PTEST_PATH}/tests/data/plugins/flt.lttng-utils.debug-info/*
 }
+
+do_install:append:class-nativesdk() {
+    mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+    cat <<- EOF > ${D}${SDKPATHNATIVE}/environment-setup.d/babeltrace2.sh
+        export BABELTRACE_PLUGIN_PATH="${libdir}/babeltrace2/plugins"
+        export LIBBABELTRACE2_PLUGIN_PROVIDER_DIR="${libdir}/babeltrace2/plugin-providers"
+        EOF
+}
+
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/babeltrace2.sh"
+
+BBCLASSEXTEND = "nativesdk"
diff --git a/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb b/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
index f4d9b5e42a..2585747fb6 100644
--- a/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
+++ b/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
@@ -96,3 +96,5 @@ do_install_ptest () {
         sed -i 's:^BTBIN.*:BTBIN=/usr/bin/babeltrace:' ${f}
     done
 }
+
+BBCLASSEXTEND = "nativesdk"
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch
new file mode 100644
index 0000000000..3c7731ae8f
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch
@@ -0,0 +1,51 @@
+From a04234d63999f91405574928c80ded870dca157a Mon Sep 17 00:00:00 2001
+From: Kienan Stewart <kstewart@efficios.com>
+Date: Sun, 22 Dec 2024 17:39:35 +0800
+Subject: [PATCH] Fix: sched_stat_runtime changed in Linux 6.6.66
+
+The following commit has been backported into the 6.6.y branch.
+
+See upstream commit:
+
+    commit 5fe6ec8f6ab549b6422e41551abb51802bd48bc7
+    Author: Peter Zijlstra <peterz@infradead.org>
+    Date:   Mon Nov 6 13:41:43 2023 +0100
+
+        sched: Remove vruntime from trace_sched_stat_runtime()
+
+        Tracing the runtime delta makes sense, observer can sum over time.
+        Tracing the absolute vruntime makes less sense, inconsistent:
+        absolute-vs-delta, but also vruntime delta can be computed from
+        runtime delta.
+
+        Removing the vruntime thing also makes the two tracepoint sites
+        identical, allowing to unify the code in a later patch.
+
+Change-Id: I74acf0b8340c371e8411116e07e5c97b10f9c756
+Signed-off-by: Kienan Stewart <kstewart@efficios.com>
+
+Upstream-Status: Pending [https://review.lttng.org/c/lttng-modules/+/13813]
+
+[Xiangyu: BP to fix compile error on linux 6.6.66, Minor conflict resolution]
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ include/instrumentation/events/sched.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/include/instrumentation/events/sched.h b/include/instrumentation/events/sched.h
+index 24cf37c8..637a1e3a 100644
+--- a/include/instrumentation/events/sched.h
++++ b/include/instrumentation/events/sched.h
+@@ -646,7 +646,8 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(sched_stat_template, sched_stat_blocked,
+             TP_ARGS(tsk, delay))
+ #endif
+ 
+-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(6,8,0))
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(6,8,0) || \
++       LTTNG_KERNEL_RANGE(6,6,66, 6,7,0))
+ /*
+  * Tracepoint for accounting runtime (time the task is executing
+  * on a CPU).
+-- 
+2.43.0
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb b/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
index 95d5e2d615..34aff1ba8d 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
@@ -14,6 +14,7 @@ SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://0002-Fix-ASoC-add-component-to-set_bias_level-events-in-l.patch \
            file://0003-Fix-mm_compaction_migratepages-changed-in-linux-6.9-.patch \
            file://0004-Fix-dev_base_lock-removed-in-linux-6.9-rc1.patch \
+           file://0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch \
         "
 
 # Use :append here so that the patch is applied also when using devupstream
diff --git a/meta/recipes-kernel/lttng/lttng-ust/0001-Fix-Build-examples-when-rpath-is-stripped-from-in-bu.patch b/meta/recipes-kernel/lttng/lttng-ust/0001-Fix-Build-examples-when-rpath-is-stripped-from-in-bu.patch
new file mode 100644
index 0000000000..6da675fa31
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-ust/0001-Fix-Build-examples-when-rpath-is-stripped-from-in-bu.patch
@@ -0,0 +1,161 @@
+From 5d10459b6b5182fcbc98240d9dace026c87a5037 Mon Sep 17 00:00:00 2001
+From: Kienan Stewart <kstewart@efficios.com>
+Date: Mon, 5 Aug 2024 15:41:34 -0400
+Subject: [PATCH] Fix: Build examples when rpath is stripped from in-build-tree
+ libs
+
+Observed issue
+==============
+
+Certain tool chains[1, 2] emit warnings or errors when building the
+example applications.
+
+```
+make[3]: Entering directory
+'/home/xxx/src/efficios/lttng/master/src/lttng-ust/doc/examples/easy-ust'
+CC       sample.o
+CC       tp.o
+CCLD     sample
+
+/usr/bin/ld: warning: liblttng-ust-common.so.1, needed by ../../../src/lib/lttng-ust/.libs/liblttng-ust.so, not found (try using -rpath or -rpath-link)
+/usr/bin/ld: warning: liblttng-ust-tracepoint.so.1, needed by ../../../src/lib/lttng-ust/.libs/liblttng-ust.so, not found (try using -rpath or -rpath-link)
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_add_fd_to_tracker'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_after_fork_child'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_common_ctor'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_tp_init'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_tp_probe_register_queue_release'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_cancelstate_disable_pop'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_synchronize_rcu'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_register_thread'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_tp_probe_prune_release_queue'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_cancelstate_disable_push'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_before_fork'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_lock_fd_tracker'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_trace_clock'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_has_sys_membarrier'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_unlock_fd_tracker'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_tp_exit'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_get_cpu_sym'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_common_alloc_tls'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_after_fork_parent'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_delete_fd_from_tracker'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_register'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_reader'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_gp'
+/usr/bin/ld: ../../../src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_tp_probe_unregister_queue_release'
+collect2: error: ld returned 1 exit status
+```
+
+=== Reproducer ===
+
+The easiest way to consistently reproduce this type of build failure
+is to perform the following steps:
+
+```
+./configure
+make -j$(nproc)
+find . -iname '*.so' -exec chrpath -d {} \;
+make -C doc/examples clean
+make -j$(nproc)
+```
+
+As the examples are not built with libtool, finding the libraries to
+link against depends on the shared objects having an rpath.
+
+E.g.
+
+```
+$ chrpath src/lib/lttng-ust/.libs/liblttng-ust.so.1.0.0
+src/lib/lttng-ust/.libs/liblttng-ust.so.1.0.0: RUNPATH=/home/xxx/src/efficios/lttng/master/src/lttng-ust/src/lib/lttng-ust-common/.libs:/home/xxx/src/efficios/lttng/master/src/lttng-ust/src/lib/lttng-ust-tracepoint/.libs:/home/xxx/src/efficios/lttng/master/usr/lib
+```
+
+The current examples build with `-Wl,-rpath`  for `liblttng-ust`, but
+not the dependencies of `liblttng-ust` (which would normally be found
+via it's own rpath). If the `rpath` is stripped from
+`liblttng-ust.so`, or if the tool chain ignores `rpath` explicitly,
+then the build with fail.
+
+In the case of a yocto build environment as in GitHub#61[1], the
+following commands reproduced the warnings and the errors seen in the
+above test case.
+
+```
+git clone git://git.yoctoproject.org/poky && cd poky/
+. oe-init-build-env
+echo "PACKAGECONFIG:pn-lttng-ust = 'examples'" >>conf/local.conf
+bitbake lttng-ust
+```
+
+=== Solution ===
+
+Explicitly add library search paths and set linker rpath-link are set
+for both the standard and cmake examples. Similar changes were
+proposed for each of those parts respectively in GitHub#61[1] and GitHub#63[2].
+
+=== Known issues ===
+
+While the `rpath-link` for the second order library dependencies will
+allow the builds to complete, the examples will not work at
+runtime even when using `rpath`. From `man ld.so`, the rpaths in an
+executable or shared object are only considered for direct
+dependencies. Therefore, without setting `LD_LIBRARY_PATH` or
+installing the libraries test applications will fail as follows:
+
+```
+$ ./doc/examples/easy-ust/sample
+./doc/examples/easy-ust/sample: error while loading shared libraries: liblttng-ust-common.so.1: cannot open shared object file: No such file or directory
+```
+
+References
+==========
+
+[1]: https://github.com/lttng/lttng-ust/pull/61
+[2]: https://github.com/lttng/lttng-ust/pull/63
+
+Change-Id: I273ccddd0d0b7a1b57b9e09ddf48d8b5b41e6f8e
+Signed-off-by: Kienan Stewart <kstewart@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+
+Upstream-Status: Backport [https://github.com/lttng/lttng-ust/commit/5d10459b6b5182fcbc98240d9dace026c87a5037]
+Signed-off-by: Bin Lan <bin.lan.cn@windriver.com>
+
+---
+ doc/examples/Makefile.am | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am
+index aebf63bd..79766ec0 100644
+--- a/doc/examples/Makefile.am
++++ b/doc/examples/Makefile.am
+@@ -169,7 +169,10 @@ all-local:
+                                CFLAGS='$(CFLAGS)' \
+                                AM_CFLAGS='$(AM_CFLAGS)' \
+                                LDFLAGS="$(LDFLAGS)" \
+-                               AM_LDFLAGS='$(AM_LDFLAGS) -L../../../src/lib/lttng-ust/.libs -Wl,-rpath="$(PWD)/../../src/lib/lttng-ust/.libs/" -Wl,-rpath-link="$(PWD)/../../src/lib/lttng-ust/.libs/"' \
++                               AM_LDFLAGS='$(AM_LDFLAGS) -L../../../src/lib/lttng-ust/.libs -L../../../src/lib/lttng-ust-common/.libs -L../../../src/lib/lttng-ust-tracepoint/.libs \
++                               -Wl,-rpath="$(abs_top_builddir)/src/lib/lttng-ust/.libs/" \
++                               -Wl,-rpath-link="$(abs_top_builddir)/src/lib/lttng-ust-common/.libs/" \
++                               -Wl,-rpath-link="$(abs_top_builddir)/src/lib/lttng-ust-tracepoint/.libs/"' \
+                                LTTNG_GEN_TP_PATH="$$rel_src_subdir$(top_srcdir)/tools/" \
+                                AM_V_P="$(AM_V_P)" \
+                                AM_V_at="$(AM_V_at)" \
+@@ -222,10 +225,14 @@ all-local:
+                                        CXX="$(CXX)" \
+                                        $(CMAKE) \
+                                        -DCMAKE_INCLUDE_PATH="$(abs_top_srcdir)/include;$(abs_top_builddir)/include" \
+-                                       -DCMAKE_LIBRARY_PATH="$(abs_top_builddir)/src/lib/lttng-ust/.libs" \
++                                       -DCMAKE_LIBRARY_PATH="$(abs_top_builddir)/src/lib/lttng-ust/.libs;$(abs_top_builddir)/src/lib/lttng-ust-common/.libs;$(abs_top_builddir)/src/lib/lttng-ust-tracepoint/.libs" \
+                                        -DCMAKE_C_FLAGS="$(AM_CFLAGS) $(CPPFLAGS) $(CFLAGS)" \
+                                        -DCMAKE_CXX_FLAGS="$(AM_CXXFLAGS) $(CXXFLAGS) $(CPPFLAGS)" \
+-                                       -DCMAKE_EXE_LINKER_FLAGS="$(AM_LDFLAGS) $(LDFLAGS)" \
++                                       -DCMAKE_EXE_LINKER_FLAGS="$(AM_LDFLAGS) $(LDFLAGS) \
++                                       -L../../../src/lib/lttng-ust/.libs -L../../../src/lib/lttng-ust-common/.libs -L../../../src/lib/lttng-ust-tracepoint/.libs \
++                                       -Wl,-rpath=$(abs_top_builddir)/src/lib/lttng-ust/.libs/ \
++                                       -Wl,-rpath-link=$(abs_top_builddir)/src/lib/lttng-ust-common/.libs/ \
++                                       -Wl,-rpath-link=$(abs_top_builddir)/src/lib/lttng-ust-tracepoint/.libs/" \
+                                        .. && \
+                                $(MAKE) \
+                        ) || exit 1; \
+-- 
+2.43.0
+
diff --git a/meta/recipes-kernel/lttng/lttng-ust/0001-Makefile.am-update-rpath-link.patch b/meta/recipes-kernel/lttng/lttng-ust/0001-Makefile.am-update-rpath-link.patch
deleted file mode 100644
index 6aca8f85fa..0000000000
--- a/meta/recipes-kernel/lttng/lttng-ust/0001-Makefile.am-update-rpath-link.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 7d053804ab3823d40ae10d90f4efc49dbfb4cb66 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Wed, 22 Sep 2021 16:33:10 +0800
-Subject: [PATCH] Makefile.am: update rpath link
-
-since commit 6339062 Move liblttng-ust to 'src/lib/',
-liblttng-ust.so/liblttng-ust-common.so/liblttng-ust-tracepoint.so
-'s location changed from one dir to multiple dirs. which make below
-error:
-ld: warning: liblttng-ust-common.so.1, needed by ../../../src/lib/lttng-ust/.libs/liblttng-ust.so, not found (try using -rpath or -rpath-link)
-ld: warning: liblttng-ust-tracepoint.so.1, needed by ../../../src/lib/lttng-ust/.libs/liblttng-ust.so, not found (try using -rpath or -rpath-link)
-
-Upstream-Status: Submitted [https://github.com/lttng/lttng-ust/pull/61]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
----
- doc/examples/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am
-index 57782cc..d46caa6 100644
---- a/doc/examples/Makefile.am
-+++ b/doc/examples/Makefile.am
-@@ -167,7 +167,7 @@ all-local:
-                                CFLAGS='$(CFLAGS)' \
-                                AM_CFLAGS='$(AM_CFLAGS)' \
-                                LDFLAGS="$(LDFLAGS)" \
--                               AM_LDFLAGS='$(AM_LDFLAGS) -L../../../src/lib/lttng-ust/.libs -Wl,-rpath="$(PWD)/../../src/lib/lttng-ust/.libs/" -Wl,-rpath-link="$(PWD)/../../src/lib/lttng-ust/.libs/"' \
-+                               AM_LDFLAGS='$(AM_LDFLAGS) -L../../../src/lib/lttng-ust/.libs -Wl,-rpath="$(PWD)/../../src/lib/lttng-ust/.libs/" -Wl,-rpath-link="$(PWD)/../../src/lib/lttng-ust/.libs/:$(PWD)/../../src/lib/lttng-ust-tracepoint/.libs:$(PWD)/../../src/lib/lttng-ust-common/.libs/"' \
-                                LTTNG_GEN_TP_PATH="$$rel_src_subdir$(top_srcdir)/tools/" \
-                                AM_V_P="$(AM_V_P)" \
-                                AM_V_at="$(AM_V_at)" \
diff --git a/meta/recipes-kernel/lttng/lttng-ust_2.13.8.bb b/meta/recipes-kernel/lttng/lttng-ust_2.13.8.bb
index dddd3a5004..bf2524bdc0 100644
--- a/meta/recipes-kernel/lttng/lttng-ust_2.13.8.bb
+++ b/meta/recipes-kernel/lttng/lttng-ust_2.13.8.bb
@@ -31,7 +31,7 @@ PE = "2"
 SRC_URI = "https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \
            file://0001-python-lttngust-Makefile.am-Add-install-lib-to-setup.patch \
            file://0001-lttng-ust-common-link-with-liburcu-explicitly.patch \
-           file://0001-Makefile.am-update-rpath-link.patch \
+           file://0001-Fix-Build-examples-when-rpath-is-stripped-from-in-bu.patch \
            "
 
 SRC_URI[sha256sum] = "d4ef98dab9a37ad4f524ccafdfd50af4f266039b528dd5afabce78e49024d937"
diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.07.04.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.10.07.bb
index daf5e6dfcd..0e4100fba7 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.07.04.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.10.07.bb
@@ -5,7 +5,7 @@ LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
 
 SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "9832a14e1be24abff7be30dee3c9a1afb5fdfcf475a0d91aafef039f8d85f5eb"
+SRC_URI[sha256sum] = "f76f2bd79a653e9f9dd50548d99d03a4a4eb157da056dfd5892f403ec28fb3d5"
 
 inherit bin_package allarch
 
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch
new file mode 100644
index 0000000000..80d542952a
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch
@@ -0,0 +1,30 @@
+From 4adb93dff05dd947878c67784d98c9a4e13b57a7 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Thu, 23 Nov 2023 14:58:35 +0100
+Subject: [PATCH] avfilter/asrc_afirsrc: fix by one smaller allocation of
+ buffer
+
+CVE: CVE-2023-49501
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/4adb93dff05dd947878c67784d98c9a4e13b57a7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/asrc_afirsrc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavfilter/asrc_afirsrc.c b/libavfilter/asrc_afirsrc.c
+index e2359c1..ea04c35 100644
+--- a/libavfilter/asrc_afirsrc.c
++++ b/libavfilter/asrc_afirsrc.c
+@@ -480,7 +480,7 @@ static av_cold int config_eq_output(AVFilterLink *outlink)
+         if (ret < 0)
+             return ret;
+
+-        s->magnitude = av_calloc(s->nb_magnitude, sizeof(*s->magnitude));
++        s->magnitude = av_calloc(s->nb_magnitude + 1, sizeof(*s->magnitude));
+         if (!s->magnitude)
+             return AVERROR(ENOMEM);
+         memcpy(s->magnitude, eq_presets[s->preset].gains, sizeof(*s->magnitude) * s->nb_magnitude);
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49528.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49528.patch
new file mode 100644
index 0000000000..37e1ab61d1
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49528.patch
@@ -0,0 +1,58 @@
+From 2d9ed64859c9887d0504cd71dbd5b2c15e14251a Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Sat, 25 Nov 2023 12:54:28 +0100
+Subject: [PATCH 3/3] avfilter/af_dialoguenhance: fix overreads
+
+CVE: CVE-2023-49528
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/2d9ed64859c9887d0504cd71dbd5b2c15e14251a]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/af_dialoguenhance.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/libavfilter/af_dialoguenhance.c b/libavfilter/af_dialoguenhance.c
+index 1762ea7..29c8ab1 100644
+--- a/libavfilter/af_dialoguenhance.c
++++ b/libavfilter/af_dialoguenhance.c
+@@ -96,12 +96,12 @@ static int config_input(AVFilterLink *inlink)
+     if (!s->window)
+         return AVERROR(ENOMEM);
+
+-    s->in_frame       = ff_get_audio_buffer(inlink, s->fft_size * 4);
+-    s->center_frame   = ff_get_audio_buffer(inlink, s->fft_size * 4);
+-    s->out_dist_frame = ff_get_audio_buffer(inlink, s->fft_size * 4);
+-    s->windowed_frame = ff_get_audio_buffer(inlink, s->fft_size * 4);
+-    s->windowed_out   = ff_get_audio_buffer(inlink, s->fft_size * 4);
+-    s->windowed_prev  = ff_get_audio_buffer(inlink, s->fft_size * 4);
++    s->in_frame       = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
++    s->center_frame   = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
++    s->out_dist_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
++    s->windowed_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
++    s->windowed_out   = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
++    s->windowed_prev  = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
+     if (!s->in_frame || !s->windowed_out || !s->windowed_prev ||
+         !s->out_dist_frame || !s->windowed_frame || !s->center_frame)
+         return AVERROR(ENOMEM);
+@@ -250,6 +250,7 @@ static int de_stereo(AVFilterContext *ctx, AVFrame *out)
+     float *right_osamples  = (float *)out->extended_data[1];
+     float *center_osamples = (float *)out->extended_data[2];
+     const int offset = s->fft_size - s->overlap;
++    const int nb_samples = FFMIN(s->overlap, s->in->nb_samples);
+     float vad;
+
+     // shift in/out buffers
+@@ -258,8 +259,8 @@ static int de_stereo(AVFilterContext *ctx, AVFrame *out)
+     memmove(left_out, &left_out[s->overlap], offset * sizeof(float));
+     memmove(right_out, &right_out[s->overlap], offset * sizeof(float));
+
+-    memcpy(&left_in[offset], left_samples, s->overlap * sizeof(float));
+-    memcpy(&right_in[offset], right_samples, s->overlap * sizeof(float));
++    memcpy(&left_in[offset], left_samples, nb_samples * sizeof(float));
++    memcpy(&right_in[offset], right_samples, nb_samples * sizeof(float));
+     memset(&left_out[offset], 0, s->overlap * sizeof(float));
+     memset(&right_out[offset], 0, s->overlap * sizeof(float));
+
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch
new file mode 100644
index 0000000000..d86e39707e
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch
@@ -0,0 +1,78 @@
+From b1942734c7cbcdc9034034373abcc9ecb9644c47 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Mon, 27 Nov 2023 11:45:34 +0100
+Subject: [PATCH 2/3] avfilter/af_afwtdn: fix crash with EOF handling
+
+CVE: CVE-2023-50007
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b1942734c7cbcdc9034034373abcc9ecb9644c47]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/af_afwtdn.c | 34 +++++++++++++++++++---------------
+ 1 file changed, 19 insertions(+), 15 deletions(-)
+
+diff --git a/libavfilter/af_afwtdn.c b/libavfilter/af_afwtdn.c
+index 0fcfa77..63b7f5f 100644
+--- a/libavfilter/af_afwtdn.c
++++ b/libavfilter/af_afwtdn.c
+@@ -408,6 +408,7 @@ typedef struct AudioFWTDNContext {
+
+     uint64_t sn;
+     int64_t eof_pts;
++    int eof;
+
+     int wavelet_type;
+     int channels;
+@@ -1069,7 +1070,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
+         s->drop_samples = 0;
+     } else {
+         if (s->padd_samples < 0 && eof) {
+-            out->nb_samples += s->padd_samples;
++            out->nb_samples = FFMAX(0, out->nb_samples + s->padd_samples);
+             s->padd_samples = 0;
+         }
+         if (!eof)
+@@ -1208,23 +1209,26 @@ static int activate(AVFilterContext *ctx)
+
+     FF_FILTER_FORWARD_STATUS_BACK(outlink, inlink);
+
+-    ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
+-    if (ret < 0)
+-        return ret;
+-    if (ret > 0)
+-        return filter_frame(inlink, in);
++    if (!s->eof) {
++        ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
++        if (ret < 0)
++            return ret;
++        if (ret > 0)
++            return filter_frame(inlink, in);
++    }
+
+     if (ff_inlink_acknowledge_status(inlink, &status, &pts)) {
+-        if (status == AVERROR_EOF) {
+-            while (s->padd_samples != 0) {
+-                ret = filter_frame(inlink, NULL);
+-                if (ret < 0)
+-                    return ret;
+-            }
+-            ff_outlink_set_status(outlink, status, pts);
+-            return ret;
+-        }
++        if (status == AVERROR_EOF)
++            s->eof = 1;
+     }
++
++    if (s->eof && s->padd_samples != 0) {
++        return filter_frame(inlink, NULL);
++    } else if (s->eof) {
++        ff_outlink_set_status(outlink, AVERROR_EOF, s->eof_pts);
++        return 0;
++    }
++
+     FF_FILTER_FORWARD_WANTED(outlink, inlink);
+
+     return FFERROR_NOT_READY;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-28661.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-28661.patch
new file mode 100644
index 0000000000..b42badb567
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-28661.patch
@@ -0,0 +1,37 @@
+From 66b50445cb36cf6adb49c2397362509aedb42c71 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Fri, 16 Feb 2024 11:17:13 -0300
+Subject: [PATCH 1/3] avcodec/speexdec: check for sane frame_size values
+
+Regression since ab39cc36c72bb73318bb911acb66873de850a107.
+
+Fixes heap buffer overflows
+Fixes ticket #10866
+
+Reported-by: sploitem <sploitem@gmail.com>
+Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
+Signed-off-by: James Almer <jamrial@gmail.com>
+
+CVE: CVE-2024-28661
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/66b50445cb36cf6adb49c2397362509aedb42c71]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/speexdec.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libavcodec/speexdec.c b/libavcodec/speexdec.c
+index 08c7e77..23b8605 100644
+--- a/libavcodec/speexdec.c
++++ b/libavcodec/speexdec.c
+@@ -1422,6 +1422,7 @@ static int parse_speex_extradata(AVCodecContext *avctx,
+     s->frame_size = bytestream_get_le32(&buf);
+     if (s->frame_size < NB_FRAME_SIZE << s->mode)
+         return AVERROR_INVALIDDATA;
++    s->frame_size *= 1 + (s->mode > 0);
+     s->vbr = bytestream_get_le32(&buf);
+     s->frames_per_packet = bytestream_get_le32(&buf);
+     if (s->frames_per_packet <= 0 ||
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
deleted file mode 100644
index 0f30c9ecf5..0000000000
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 Mon Sep 17 00:00:00 2001
-From: Michael Niedermayer <michael@niedermayer.cc>
-Date: Mon, 8 Apr 2024 18:38:42 +0200
-Subject: [PATCH]  avcodec/mpegvideo_enc: Fix 1 line and one column images
-
-Fixes: Ticket10952
-Fixes: poc21ffmpeg
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
-CVE: CVE-2024-32230
-
-Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1]
-
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
----
- libavcodec/mpegvideo_enc.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
-index e460ca4..fb4aaa2 100644
---- a/libavcodec/mpegvideo_enc.c
-+++ b/libavcodec/mpegvideo_enc.c
-@@ -1198,8 +1198,8 @@ static int load_input_picture(MpegEncContext *s, const AVFrame *pic_arg)
-                 int dst_stride = i ? s->uvlinesize : s->linesize;
-                 int h_shift = i ? s->chroma_x_shift : 0;
-                 int v_shift = i ? s->chroma_y_shift : 0;
--                int w = s->width  >> h_shift;
--                int h = s->height >> v_shift;
-+                int w = AV_CEIL_RSHIFT(s->width , h_shift);
-+                int h = AV_CEIL_RSHIFT(s->height, v_shift);
-                 const uint8_t *src = pic_arg->data[i];
-                 uint8_t *dst = pic->f->data[i];
-                 int vpad = 16;
--- 
-2.40.0
-
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch
new file mode 100644
index 0000000000..2b5646e07c
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch
@@ -0,0 +1,62 @@
+From ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5 Mon Sep 17 00:00:00 2001
+From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+Date: Mon, 25 Mar 2024 16:54:25 +0100
+Subject: [PATCH] fftools/ffmpeg_mux_init: Fix double-free on error
+
+MATCH_PER_STREAM_OPT iterates over all options of a given
+OptionDef and tests whether they apply to the current stream;
+if so, they are set to ost->apad, otherwise, the code errors
+out. If no error happens, ost->apad is av_strdup'ed in order
+to take ownership of this pointer.
+
+But this means that setting it originally was premature,
+as it leads to double-frees when an error happens lateron.
+This can simply be reproduced with
+ffmpeg -filter_complex anullsrc  -apad bar -apad:n baz -f null -
+This is a regression since 83ace80bfd80fcdba2c65fa1d554923ea931d5bd.
+
+Fix this by using a temporary variable instead of directly
+setting ost->apad. Also only strdup the string if it actually
+is != NULL.
+
+Reviewed-by: Marth64 <marth64@proxyid.net>
+Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+
+CVE: CVE-2024-35365
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ fftools/ffmpeg_mux_init.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c
+index 63a25a3..685c064 100644
+--- a/fftools/ffmpeg_mux_init.c
++++ b/fftools/ffmpeg_mux_init.c
+@@ -845,6 +845,7 @@ static int new_stream_audio(Muxer *mux, const OptionsContext *o,
+         int channels = 0;
+         char *layout = NULL;
+         char *sample_fmt = NULL;
++        const char *apad = NULL;
+
+         MATCH_PER_STREAM_OPT(audio_channels, i, channels, oc, st);
+         if (channels) {
+@@ -882,8 +883,12 @@ static int new_stream_audio(Muxer *mux, const OptionsContext *o,
+
+         MATCH_PER_STREAM_OPT(audio_sample_rate, i, audio_enc->sample_rate, oc, st);
+
+-        MATCH_PER_STREAM_OPT(apad, str, ost->apad, oc, st);
+-        ost->apad = av_strdup(ost->apad);
++        MATCH_PER_STREAM_OPT(apad, str, apad, oc, st);
++        if (apad) {
++            ost->apad = av_strdup(apad);
++            if (!ost->apad)
++                return AVERROR(ENOMEM);
++        }
+
+ #if FFMPEG_OPT_MAP_CHANNEL
+         /* check for channel mapping for this audio stream */
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch
new file mode 100644
index 0000000000..a1bec43c66
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch
@@ -0,0 +1,47 @@
+From 09e6840cf7a3ee07a73c3ae88a020bf27ca1a667 Mon Sep 17 00:00:00 2001
+From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+Date: Wed, 13 Mar 2024 02:10:26 +0100
+Subject: [PATCH] avcodec/ppc/vp8dsp_altivec: Fix out-of-bounds access
+
+h_subpel_filters_inner[i] and h_subpel_filters_outer[i / 2]
+belong together and the former allows the range 0..6,
+so the latter needs to support 0..3. But it has only three
+elements. Add another one.
+The value for the last element has been guesstimated
+from subpel_filters in libavcodec/vp8dsp.c.
+
+This is also intended to fix FATE-failures with UBSan here:
+https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu
+
+Tested-by: Sean McGovern <gseanmcg@gmail.com>
+Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+
+CVE: CVE-2024-35367
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/ppc/vp8dsp_altivec.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libavcodec/ppc/vp8dsp_altivec.c b/libavcodec/ppc/vp8dsp_altivec.c
+index 12dac8b..061914f 100644
+--- a/libavcodec/ppc/vp8dsp_altivec.c
++++ b/libavcodec/ppc/vp8dsp_altivec.c
+@@ -50,11 +50,12 @@ static const vec_s8 h_subpel_filters_inner[7] =
+ // for 6tap filters, these are the outer two taps
+ // The zeros mask off pixels 4-7 when filtering 0-3
+ // and vice-versa
+-static const vec_s8 h_subpel_filters_outer[3] =
++static const vec_s8 h_subpel_filters_outer[4] =
+ {
+     REPT4(0, 0, 2, 1),
+     REPT4(0, 0, 3, 3),
+     REPT4(0, 0, 1, 2),
++    REPT4(0, 0, 0, 0),
+ };
+
+ #define LOAD_H_SUBPEL_FILTER(i) \
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch
new file mode 100644
index 0000000000..7b802762eb
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch
@@ -0,0 +1,41 @@
+From 4513300989502090c4fd6560544dce399a8cd53c Mon Sep 17 00:00:00 2001
+From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+Date: Sun, 24 Sep 2023 13:15:48 +0200
+Subject: [PATCH] avcodec/rkmppdec: Fix double-free on error
+
+After having created the AVBuffer that is put into frame->buf[0],
+ownership of several objects (namely an AVDRMFrameDescriptor,
+an MppFrame and some AVBufferRefs framecontextref and decoder_ref)
+has passed to the AVBuffer and therefore to the frame.
+Yet it has nevertheless been freed manually on error
+afterwards, which would lead to a double-free as soon
+as the AVFrame is unreferenced.
+
+Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+
+CVE: CVE-2024-35368
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/rkmppdec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/rkmppdec.c b/libavcodec/rkmppdec.c
+index 5768568..2ca368e 100644
+--- a/libavcodec/rkmppdec.c
++++ b/libavcodec/rkmppdec.c
+@@ -462,8 +462,8 @@ static int rkmpp_retrieve_frame(AVCodecContext *avctx, AVFrame *frame)
+
+             frame->hw_frames_ctx = av_buffer_ref(decoder->frames_ref);
+             if (!frame->hw_frames_ctx) {
+-                ret = AVERROR(ENOMEM);
+-                goto fail;
++                av_frame_unref(frame);
++                return AVERROR(ENOMEM);
+             }
+
+             return 0;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch
new file mode 100644
index 0000000000..72dc8d14a7
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch
@@ -0,0 +1,37 @@
+From 0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Sat, 17 Feb 2024 09:45:57 -0300
+Subject: [PATCH] avcodec/speexdec: further check for sane frame_size values
+
+Prevent potential integer overflows.
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+
+CVE: CVE-2024-35369
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/speexdec.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/speexdec.c b/libavcodec/speexdec.c
+index 23b8605..a034009 100644
+--- a/libavcodec/speexdec.c
++++ b/libavcodec/speexdec.c
+@@ -1420,9 +1420,10 @@ static int parse_speex_extradata(AVCodecContext *avctx,
+         return AVERROR_INVALIDDATA;
+     s->bitrate = bytestream_get_le32(&buf);
+     s->frame_size = bytestream_get_le32(&buf);
+-    if (s->frame_size < NB_FRAME_SIZE << s->mode)
++    if (s->frame_size < NB_FRAME_SIZE << (s->mode > 0) ||
++        s->frame_size >     INT32_MAX >> (s->mode > 0))
+         return AVERROR_INVALIDDATA;
+-    s->frame_size *= 1 + (s->mode > 0);
++    s->frame_size <<= (s->mode > 0);
+     s->vbr = bytestream_get_le32(&buf);
+     s->frames_per_packet = bytestream_get_le32(&buf);
+     if (s->frames_per_packet <= 0 ||
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch
new file mode 100644
index 0000000000..5caca2da7c
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch
@@ -0,0 +1,36 @@
+From 7a089ed8e049e3bfcb22de1250b86f2106060857 Mon Sep 17 00:00:00 2001
+From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+Date: Tue, 12 Mar 2024 23:23:17 +0100
+Subject: [PATCH] avformat/avidec: Fix integer overflow iff ULONG_MAX <
+ INT64_MAX
+
+Affects many FATE-tests, see
+https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu
+
+Reviewed-by: James Almer <jamrial@gmail.com>
+Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+
+CVE: CVE-2024-36618
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavformat/avidec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavformat/avidec.c b/libavformat/avidec.c
+index 00bd7a9..bc95466 100644
+--- a/libavformat/avidec.c
++++ b/libavformat/avidec.c
+@@ -1696,7 +1696,7 @@ static int check_stream_max_drift(AVFormatContext *s)
+     int *idx = av_calloc(s->nb_streams, sizeof(*idx));
+     if (!idx)
+         return AVERROR(ENOMEM);
+-    for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1LU) {
++    for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1ULL) {
+         int64_t max_dts = INT64_MIN / 2;
+         int64_t min_dts = INT64_MAX / 2;
+         int64_t max_buffer = 0;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
new file mode 100644
index 0000000000..d3e02bebe6
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
@@ -0,0 +1,34 @@
+From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 6 Jan 2025 22:01:39 +0100
+Subject: [PATCH] avfilter/af_pan: Fix sscanf() use
+
+Fixes: Memory Data Leak
+
+Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2025-0518
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/af_pan.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
+index cfed9f1..ffcd214 100644
+--- a/libavfilter/af_pan.c
++++ b/libavfilter/af_pan.c
+@@ -165,7 +165,7 @@ static av_cold int init(AVFilterContext *ctx)
+         sign = 1;
+         while (1) {
+             gain = 1;
+-            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
++            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
+                 arg += len;
+             if (parse_channel_name(&arg, &in_ch_id, &named)){
+                 av_log(ctx, AV_LOG_ERROR,
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch
new file mode 100644
index 0000000000..f895576de3
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch
@@ -0,0 +1,39 @@
+From 1446e37d3d032e1452844778b3e6ba2c20f0c322 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Mon, 30 Dec 2024 00:25:41 -0300
+Subject: [PATCH] avfilter/buffersrc: check for valid sample rate
+
+A sample rate <= 0 is invalid.
+
+Fixes an assert in ffmpeg_enc.c that assumed a valid sample rate would be set.
+Fixes ticket #11385.
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+
+CVE: CVE-2025-22919
+
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1446e37d3d032e1452844778b3e6ba2c20f0c322]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/buffersrc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libavfilter/buffersrc.c b/libavfilter/buffersrc.c
+index 453fc0f..f49aa91 100644
+--- a/libavfilter/buffersrc.c
++++ b/libavfilter/buffersrc.c
+@@ -401,6 +401,11 @@ FF_ENABLE_DEPRECATION_WARNINGS
+         av_channel_layout_describe(&s->ch_layout, buf, sizeof(buf));
+     }
+
++    if (s->sample_rate <= 0) {
++        av_log(ctx, AV_LOG_ERROR, "Sample rate not set\n");
++        return AVERROR(EINVAL);
++    }
++
+     if (!s->time_base.num)
+         s->time_base = (AVRational){1, s->sample_rate};
+
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22921.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22921.patch
new file mode 100644
index 0000000000..20fac68d01
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22921.patch
@@ -0,0 +1,34 @@
+From 7f9c7f9849a2155224711f0ff57ecdac6e4bfb57 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Wed, 1 Jan 2025 23:58:39 -0300
+Subject: [PATCH] avcodec/jpeg2000dec: clear array length when freeing it
+
+Fixes NULL pointer dereferences.
+Fixes ticket #11393.
+
+Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
+Signed-off-by: James Almer <jamrial@gmail.com>
+
+CVE: CVE-2025-22921
+
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/jpeg2000dec.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
+index 691cfbd..b56902c 100644
+--- a/libavcodec/jpeg2000dec.c
++++ b/libavcodec/jpeg2000dec.c
+@@ -1223,6 +1223,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile,
+                 }
+             }
+             av_freep(&cblk->lengthinc);
++            cblk->nb_lengthinc = 0;
+         }
+     }
+     // Save state of stream
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-25473.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-25473.patch
new file mode 100644
index 0000000000..ea619025d1
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-25473.patch
@@ -0,0 +1,36 @@
+From c08d300481b8ebb846cd43a473988fdbc6793d1b Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Fri, 17 Jan 2025 00:05:31 -0300
+Subject: [PATCH] avformat/avformat: also clear FFFormatContext packet queue
+ when closing a muxer
+
+packet_buffer is used in mux.c, and if a muxing process fails at a point where
+packets remained in said queue, they will leak.
+
+Fixes ticket #11419
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+
+CVE: CVE-2025-25473
+
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c08d300481b8ebb846cd43a473988fdbc6793d1b]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavformat/avformat.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libavformat/avformat.c b/libavformat/avformat.c
+index 5b8bb78..73f31cd 100644
+--- a/libavformat/avformat.c
++++ b/libavformat/avformat.c
+@@ -138,6 +138,7 @@ void avformat_free_context(AVFormatContext *s)
+     av_dict_free(&si->id3v2_meta);
+     av_packet_free(&si->pkt);
+     av_packet_free(&si->parse_pkt);
++    avpriv_packet_list_free(&si->packet_buffer);
+     av_freep(&s->streams);
+     ff_flush_packet_queue(s);
+     av_freep(&s->url);
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/vulkan_av1_stable_API.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/vulkan_av1_stable_API.patch
index 74db148b3b..be6c6b7416 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg/vulkan_av1_stable_API.patch
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/vulkan_av1_stable_API.patch
@@ -6,6 +6,9 @@ Subject: [PATCH] vulkan_av1: port to the new stable API
 Co-Authored-by: Dave Airlie <airlied@redhat.com>
 Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
 Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/ecdc94b97f809d5f2b88640842fd0541951ad295]
+
+Comment: Patch is refreshed as per codebase of 6.1.2
+Signed-off-by: Divyanshu Rathore <divyanshu.rathore@kpit.com>
 ---
  configure                                     |   4 +-
  libavcodec/Makefile                           |   5 +-
@@ -26,7 +29,7 @@ diff --git a/configure b/configure
 index e853deb51d..9fa639fca6 100755
 --- a/configure
 +++ b/configure
-@@ -7300,8 +7300,8 @@ enabled vdpau &&
+@@ -7160,8 +7160,8 @@ enabled crystalhd && check_lib crystalhd
           "in maintaining it."
  
  if enabled vulkan; then
@@ -41,21 +44,19 @@ diff --git a/libavcodec/Makefile b/libavcodec/Makefile
 index 7ef2e03ca6..9ce6d445c1 100644
 --- a/libavcodec/Makefile
 +++ b/libavcodec/Makefile
-@@ -1258,8 +1258,7 @@ SKIPHEADERS                            += %_tablegen.h                  \
+@@ -1284,7 +1284,6 @@ SKIPHEADERS                            +
                                            aacenc_quantization.h         \
                                            aacenc_quantization_misc.h    \
                                            bitstream_template.h          \
--                                          vulkan_video_codec_av1std.h   \
--                                          $(ARCH)/vpx_arith.h          \
-+                                          $(ARCH)/vpx_arith.h           \
+-                                          vulkan_video_codec_av1std_mesa.h \
+                                           $(ARCH)/vpx_arith.h          \
  
  SKIPHEADERS-$(CONFIG_AMF)              += amfenc.h
- SKIPHEADERS-$(CONFIG_D3D11VA)          += d3d11va.h dxva2_internal.h
-@@ -1280,7 +1279,7 @@ SKIPHEADERS-$(CONFIG_QSVENC)           += qsvenc.h
+@@ -1306,7 +1305,7 @@ SKIPHEADERS-$(CONFIG_XVMC)             +
  SKIPHEADERS-$(CONFIG_VAAPI)            += vaapi_decode.h vaapi_hevc.h vaapi_encode.h
  SKIPHEADERS-$(CONFIG_VDPAU)            += vdpau.h vdpau_internal.h
  SKIPHEADERS-$(CONFIG_VIDEOTOOLBOX)     += videotoolbox.h vt_internal.h
--SKIPHEADERS-$(CONFIG_VULKAN)           += vulkan.h vulkan_video.h vulkan_decode.h vulkan_video_codec_av1std_decode.h
+-SKIPHEADERS-$(CONFIG_VULKAN)           += vulkan.h vulkan_video.h vulkan_decode.h vulkan_video_codec_av1std_decode_mesa.h
 +SKIPHEADERS-$(CONFIG_VULKAN)           += vulkan.h vulkan_video.h vulkan_decode.h
  SKIPHEADERS-$(CONFIG_V4L2_M2M)         += v4l2_buffers.h v4l2_context.h v4l2_m2m.h
  SKIPHEADERS-$(CONFIG_ZLIB)             += zlib_wrapper.h
@@ -866,19 +867,19 @@ diff --git a/libavcodec/vulkan_video.h b/libavcodec/vulkan_video.h
 index bb69e920bb..01a1de7d9d 100644
 --- a/libavcodec/vulkan_video.h
 +++ b/libavcodec/vulkan_video.h
-@@ -22,8 +22,6 @@
+@@ -23,8 +23,6 @@
  #include "vulkan.h"
  
  #include <vk_video/vulkan_video_codecs_common.h>
--#include "vulkan_video_codec_av1std.h"
--#include "vulkan_video_codec_av1std_decode.h"
+-#include "vulkan_video_codec_av1std_mesa.h"
+-#include "vulkan_video_codec_av1std_decode_mesa.h"
  
  #define CODEC_VER_MAJ(ver) (ver >> 22)
  #define CODEC_VER_MIN(ver) ((ver >> 12) & ((1 << 10) - 1))
-diff --git a/libavcodec/vulkan_video_codec_av1std_decode.h b/libavcodec/vulkan_video_codec_av1std_decode.h
+diff --git a/libavcodec/vulkan_video_codec_av1std_decode_mesa.h b/libavcodec/vulkan_video_codec_av1std_decode_mesa.h
 deleted file mode 100644
 index e2f37b4e6e..0000000000
---- a/libavcodec/vulkan_video_codec_av1std_decode.h
+--- a/libavcodec/vulkan_video_codec_av1std_decode_mesa.h
 +++ /dev/null
 @@ -1,36 +0,0 @@
 -/* Copyright 2023 Lynne
@@ -897,8 +898,8 @@ index e2f37b4e6e..0000000000
 - * limitations under the License.
 - */
 -
--#ifndef VULKAN_VIDEO_CODEC_AV1STD_DECODE_H_
--#define VULKAN_VIDEO_CODEC_AV1STD_DECODE_H_ 1
+-#ifndef VULKAN_VIDEO_CODEC_AV1STD_DECODE_MESA_H_
+-#define VULKAN_VIDEO_CODEC_AV1STD_DECODE_MESA_H_ 1
 -
 -/*
 -** This header is NOT YET generated from the Khronos Vulkan XML API Registry.
@@ -917,10 +918,10 @@ index e2f37b4e6e..0000000000
 -#endif
 -
 -#endif
-diff --git a/libavcodec/vulkan_video_codec_av1std.h b/libavcodec/vulkan_video_codec_av1std.h
+diff --git a/libavcodec/vulkan_video_codec_av1std_mesa.h b/libavcodec/vulkan_video_codec_av1std_mesa.h
 deleted file mode 100644
 index c91589eee2..0000000000
---- a/libavcodec/vulkan_video_codec_av1std.h
+--- a/libavcodec/vulkan_video_codec_av1std_mesa.h
 +++ /dev/null
 @@ -1,403 +0,0 @@
 -/* Copyright 2023 Lynne
@@ -939,8 +940,8 @@ index c91589eee2..0000000000
 - * limitations under the License.
 - */
 -
--#ifndef VULKAN_VIDEO_CODEC_AV1STD_H_
--#define VULKAN_VIDEO_CODEC_AV1STD_H_ 1
+-#ifndef VULKAN_VIDEO_CODEC_AV1STD_MESA_H_
+-#define VULKAN_VIDEO_CODEC_AV1STD_MESA_H_ 1
 -
 -/*
 -** This header is NOT YET generated from the Khronos Vulkan XML API Registry.
@@ -1379,4 +1380,3 @@ diff --git a/libavcodec/vulkan_video.c b/libavcodec/vulkan_video.c
  
 -- 
 2.25.1
-
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.2.bb
index 13051f4e36..a789980dde 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.2.bb
@@ -31,10 +31,22 @@ SRC_URI = " \
     file://CVE-2024-31578.patch \
     file://CVE-2024-31582.patch \
     file://CVE-2023-50008.patch \
-    file://CVE-2024-32230.patch \
+    file://CVE-2023-49501.patch \
+    file://CVE-2024-28661.patch \
+    file://CVE-2023-50007.patch \
+    file://CVE-2023-49528.patch \
+    file://CVE-2024-35367.patch \
+    file://CVE-2024-35368.patch \
+    file://CVE-2024-35365.patch \
+    file://CVE-2024-36618.patch \
+    file://CVE-2024-35369.patch \
+    file://CVE-2025-25473.patch \
+    file://CVE-2025-22919.patch \
+    file://CVE-2025-22921.patch \
+    file://CVE-2025-0518.patch \
 "
 
-SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
+SRC_URI[sha256sum] = "3b624649725ecdc565c903ca6643d41f33bd49239922e45c9b1442c63dca4e38"
 
 # https://nvd.nist.gov/vuln/detail/CVE-2023-39018
 # https://github.com/bramp/ffmpeg-cli-wrapper/issues/291
@@ -43,6 +55,10 @@ SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac08736
 CVE_STATUS[CVE-2023-39018] = "cpe-incorrect: This issue belongs to ffmpeg-cli-wrapper \
 (Java wrapper around the FFmpeg CLI) and not ffmepg itself."
 
+# Introduced: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19f7dae81ab2c19643b97da7556383ee3f721e78
+# Fixed: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13
+CVE_STATUS[CVE-2025-1373]  = "fixed-version: Vulnerable code not present in any release"
+
 # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
 ARM_INSTRUCTION_SET:armv4 = "arm"
 ARM_INSTRUCTION_SET:armv5 = "arm"
@@ -194,3 +210,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel"
 INSANE_SKIP:${MLPREFIX}libswscale = "textrel"
 INSANE_SKIP:${MLPREFIX}libswresample = "textrel"
 INSANE_SKIP:${MLPREFIX}libpostproc = "textrel"
+
+CVE_PRODUCT = "ffmpeg libswresample libavcodec"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch
new file mode 100644
index 0000000000..2c44348a5d
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch
@@ -0,0 +1,35 @@
+From 3eee4954d70accf94262299994eb21107a65dea8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 21:35:07 +0300
+Subject: [PATCH] vorbisdec: Set at most 64 channels to NONE position
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-115
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035>
+
+CVE: CVE-2024-47538
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3eee4954d70accf94262299994eb21107a65dea8]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/vorbis/gstvorbisdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/vorbis/gstvorbisdec.c b/ext/vorbis/gstvorbisdec.c
+index 6a410ed858..1fc4fa883e 100644
+--- a/ext/vorbis/gstvorbisdec.c
++++ b/ext/vorbis/gstvorbisdec.c
+@@ -204,7 +204,7 @@ vorbis_handle_identification_packet (GstVorbisDec * vd)
+     }
+     default:{
+       GstAudioChannelPosition position[64];
+-      gint i, max_pos = MAX (vd->vi.channels, 64);
++      gint i, max_pos = MIN (vd->vi.channels, 64);
+ 
+       GST_ELEMENT_WARNING (vd, STREAM, DECODE,
+           (NULL), ("Using NONE channel layout for more than 8 channels"));
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch
new file mode 100644
index 0000000000..7a27af1291
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch
@@ -0,0 +1,41 @@
+From 2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Tue, 1 Oct 2024 13:22:50 +0300
+Subject: [PATCH] opusdec: Set at most 64 channels to NONE position
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-116
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037>
+
+CVE: CVE-2024-47607
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2838374d6ee4a0c9c4c4221ac46d5c1688f26e59]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/opus/gstopusdec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ext/opus/gstopusdec.c b/ext/opus/gstopusdec.c
+index 99289fa7d2..d3f461d9a8 100644
+--- a/ext/opus/gstopusdec.c
++++ b/ext/opus/gstopusdec.c
+@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec * dec, GstBuffer * buf)
+         posn = gst_opus_channel_positions[dec->n_channels - 1];
+         break;
+       default:{
+-        gint i;
++        guint i, max_pos = MIN (dec->n_channels, 64);
+ 
+         GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE,
+             (NULL), ("Using NONE channel layout for more than 8 channels"));
+ 
+-        for (i = 0; i < dec->n_channels; i++)
++        for (i = 0; i < max_pos; i++)
+           pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
+ 
+         posn = pos;
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch
new file mode 100644
index 0000000000..37d0b463cb
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch
@@ -0,0 +1,80 @@
+From 006047a23a4e4c146e40e5dab765bc6318a94744 Mon Sep 17 00:00:00 2001
+From: Mathieu Duponchelle <mathieu@centricular.com>
+Date: Wed, 2 Oct 2024 15:16:30 +0200
+Subject: [PATCH 1/2] vorbis_parse: check writes to
+ GstOggStream.vorbis_mode_sizes
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-117 Fixes gstreamer#3875
+
+Also perform out-of-bounds check for accesses to op->packet
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038>
+
+CVE: CVE-2024-47615
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/006047a23a4e4c146e40e5dab765bc6318a94744]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/ogg/vorbis_parse.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/ext/ogg/vorbis_parse.c b/ext/ogg/vorbis_parse.c
+index 65ef463808..757c7cd82b 100644
+--- a/ext/ogg/vorbis_parse.c
++++ b/ext/ogg/vorbis_parse.c
+@@ -165,6 +165,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+     if (offset == 0) {
+       offset = 8;
+       current_pos -= 1;
++
++      /* have we underrun? */
++      if (current_pos < op->packet)
++        return -1;
+     }
+   }
+ 
+@@ -178,6 +182,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+     if (offset == 7)
+       current_pos -= 1;
+ 
++    /* have we underrun? */
++    if (current_pos < op->packet + 5)
++      return -1;
++
+     if (((current_pos[-5] & ~((1 << (offset + 1)) - 1)) != 0)
+         ||
+         current_pos[-4] != 0
+@@ -199,9 +207,18 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+   /* Give ourselves a chance to recover if we went back too far by using
+    * the size check. */
+   for (ii = 0; ii < 2; ii++) {
++
+     if (offset > 4) {
++      /* have we underrun? */
++      if (current_pos < op->packet)
++        return -1;
++
+       size_check = (current_pos[0] >> (offset - 5)) & 0x3F;
+     } else {
++      /* have we underrun? */
++      if (current_pos < op->packet + 1)
++        return -1;
++
+       /* mask part of byte from current_pos */
+       size_check = (current_pos[0] & ((1 << (offset + 1)) - 1));
+       /* shift to appropriate position */
+@@ -233,6 +250,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+ 
+   mode_size_ptr = pad->vorbis_mode_sizes;
+ 
++  if (size > G_N_ELEMENTS (pad->vorbis_mode_sizes)) {
++    return -1;
++  }
++
+   for (i = 0; i < size; i++) {
+     offset = (offset + 1) % 8;
+     if (offset == 0)
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch
new file mode 100644
index 0000000000..b469049a94
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch
@@ -0,0 +1,168 @@
+From e633ec642825466b91fc12da6629c307906fa206 Mon Sep 17 00:00:00 2001
+From: Mathieu Duponchelle <mathieu@centricular.com>
+Date: Wed, 2 Oct 2024 16:52:51 +0200
+Subject: [PATCH 2/2] oggstream: review and fix per-format min_packet_size
+
+This addresses all manually detected invalid reads in setup functions.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038>
+
+CVE: CVE-2024-47615
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e633ec642825466b91fc12da6629c307906fa206]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/ogg/gstoggstream.c | 40 ++++++++++++----------------------------
+ 1 file changed, 12 insertions(+), 28 deletions(-)
+
+diff --git a/ext/ogg/gstoggstream.c b/ext/ogg/gstoggstream.c
+index a8883304a5..ab6be238dc 100644
+--- a/ext/ogg/gstoggstream.c
++++ b/ext/ogg/gstoggstream.c
+@@ -665,11 +665,6 @@ setup_vp8_mapper (GstOggStream * pad, ogg_packet * packet)
+ {
+   gint width, height, par_n, par_d, fps_n, fps_d;
+ 
+-  if (packet->bytes < 26) {
+-    GST_DEBUG ("Failed to parse VP8 BOS page");
+-    return FALSE;
+-  }
+-
+   width = GST_READ_UINT16_BE (packet->packet + 8);
+   height = GST_READ_UINT16_BE (packet->packet + 10);
+   par_n = GST_READ_UINT24_BE (packet->packet + 12);
+@@ -1221,11 +1216,6 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
+   gint64 prestime_n, prestime_d;
+   gint64 basetime_n, basetime_d;
+ 
+-  if (packet->bytes < 44) {
+-    GST_DEBUG ("Not enough data for fishead header");
+-    return FALSE;
+-  }
+-
+   data = packet->packet;
+ 
+   data += 8;                    /* header */
+@@ -1256,8 +1246,8 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
+     pad->prestime = -1;
+ 
+   /* Ogg Skeleton 3.3+ streams provide additional information in the header */
+-  if (packet->bytes >= SKELETON_FISHEAD_3_3_MIN_SIZE && pad->skeleton_major == 3
+-      && pad->skeleton_minor > 0) {
++  if (packet->bytes - 44 >= SKELETON_FISHEAD_3_3_MIN_SIZE
++      && pad->skeleton_major == 3 && pad->skeleton_minor > 0) {
+     gint64 firstsampletime_n, firstsampletime_d;
+     gint64 lastsampletime_n, lastsampletime_d;
+     gint64 firstsampletime, lastsampletime;
+@@ -1296,7 +1286,7 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
+ 
+     GST_INFO ("skeleton fishead parsed total: %" GST_TIME_FORMAT,
+         GST_TIME_ARGS (pad->total_time));
+-  } else if (packet->bytes >= SKELETON_FISHEAD_4_0_MIN_SIZE
++  } else if (packet->bytes - 44 >= SKELETON_FISHEAD_4_0_MIN_SIZE
+       && pad->skeleton_major == 4) {
+     guint64 segment_length, content_offset;
+ 
+@@ -1980,9 +1970,6 @@ setup_kate_mapper (GstOggStream * pad, ogg_packet * packet)
+   guint8 *data = packet->packet;
+   const char *category;
+ 
+-  if (packet->bytes < 64)
+-    return FALSE;
+-
+   pad->granulerate_n = GST_READ_UINT32_LE (data + 24);
+   pad->granulerate_d = GST_READ_UINT32_LE (data + 28);
+   pad->granuleshift = GST_READ_UINT8 (data + 15);
+@@ -2111,9 +2098,6 @@ setup_opus_mapper (GstOggStream * pad, ogg_packet * packet)
+ {
+   GstBuffer *buffer;
+ 
+-  if (packet->bytes < 19)
+-    return FALSE;
+-
+   pad->granulerate_n = 48000;
+   pad->granulerate_d = 1;
+   pad->granuleshift = 0;
+@@ -2394,7 +2378,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "\001vorbis", 7, 22,
++    "\001vorbis", 7, 29,
+     "audio/x-vorbis",
+     setup_vorbis_mapper,
+     NULL,
+@@ -2426,7 +2410,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "PCM     ", 8, 0,
++    "PCM     ", 8, 28,
+     "audio/x-raw",
+     setup_pcm_mapper,
+     NULL,
+@@ -2442,7 +2426,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "CMML\0\0\0\0", 8, 0,
++    "CMML\0\0\0\0", 8, 29,
+     "text/x-cmml",
+     setup_cmml_mapper,
+     NULL,
+@@ -2458,7 +2442,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "Annodex", 7, 0,
++    "Annodex", 7, 44,
+     "application/x-annodex",
+     setup_fishead_mapper,
+     NULL,
+@@ -2537,7 +2521,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "CELT    ", 8, 0,
++    "CELT    ", 8, 60,
+     "audio/x-celt",
+     setup_celt_mapper,
+     NULL,
+@@ -2553,7 +2537,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "\200kate\0\0\0", 8, 0,
++    "\200kate\0\0\0", 8, 64,
+     "text/x-kate",
+     setup_kate_mapper,
+     NULL,
+@@ -2585,7 +2569,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "OVP80\1\1", 7, 4,
++    "OVP80\1\1", 7, 26,
+     "video/x-vp8",
+     setup_vp8_mapper,
+     setup_vp8_mapper_from_caps,
+@@ -2601,7 +2585,7 @@ const GstOggMap mappers[] = {
+     update_stats_vp8
+   },
+   {
+-    "OpusHead", 8, 0,
++    "OpusHead", 8, 19,
+     "audio/x-opus",
+     setup_opus_mapper,
+     NULL,
+@@ -2649,7 +2633,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "\001text\0\0\0", 9, 9,
++    "\001text\0\0\0", 9, 25,
+     "application/x-ogm-text",
+     setup_ogmtext_mapper,
+     NULL,
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch
new file mode 100644
index 0000000000..a20d2b4cca
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch
@@ -0,0 +1,38 @@
+From 15bb318416e1bf6b6b557006a37d1da86c3a76a8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 21:40:44 +0300
+Subject: [PATCH 1/2] ssaparse: Search for closing brace after opening brace
+
+Otherwise removing anything between the braces leads to out of bound writes if
+there is a closing brace before the first opening brace.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-228
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3870
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036>
+
+CVE: CVE-2024-47541
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/15bb318416e1bf6b6b557006a37d1da86c3a76a8]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/subparse/gstssaparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c
+index 42fbb42b99..37b892e928 100644
+--- a/gst/subparse/gstssaparse.c
++++ b/gst/subparse/gstssaparse.c
+@@ -238,7 +238,7 @@ gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
+   gboolean removed_any = FALSE;
+ 
+   while ((t = strchr (txt, '{'))) {
+-    end = strchr (txt, '}');
++    end = strchr (t, '}');
+     if (end == NULL) {
+       GST_WARNING_OBJECT (parse, "Missing { for style override code");
+       return removed_any;
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch
new file mode 100644
index 0000000000..e6674c7bfd
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch
@@ -0,0 +1,99 @@
+From 403b10eba06679319aa2e35d310236234782102f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 18:36:19 +0300
+Subject: [PATCH 2/2] ssaparse: Don't use strstr() on strings that are
+ potentially not NULL-terminated
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036>
+
+CVE: CVE-2024-47541
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/403b10eba06679319aa2e35d310236234782102f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/subparse/gstssaparse.c | 36 +++++++++++++++++++++++++++++++++++-
+ meson.build                |  1 +
+ 2 files changed, 36 insertions(+), 1 deletion(-)
+
+diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c
+index 37b892e928..c162a542f5 100644
+--- a/gst/subparse/gstssaparse.c
++++ b/gst/subparse/gstssaparse.c
+@@ -146,6 +146,35 @@ gst_ssa_parse_sink_event (GstPad * pad, GstObject * parent, GstEvent * event)
+   return res;
+ }
+ 
++#ifndef HAVE_MEMMEM
++// memmem() is a GNU extension so if it's not available we'll need
++// our own implementation here. Thanks C.
++static void *
++my_memmem (const void *haystack, size_t haystacklen, const void *needle,
++    size_t needlelen)
++{
++  const guint8 *cur, *end;
++
++  if (needlelen > haystacklen)
++    return NULL;
++  if (needlelen == 0)
++    return (void *) haystack;
++
++
++  cur = haystack;
++  end = cur + haystacklen - needlelen;
++
++  for (; cur <= end; cur++) {
++    if (memcmp (cur, needle, needlelen) == 0)
++      return (void *) cur;
++  }
++
++  return NULL;
++}
++#else
++#define my_memmem memmem
++#endif
++
+ static gboolean
+ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
+ {
+@@ -154,6 +183,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
+   const GValue *val;
+   GstStructure *s;
+   const guchar bom_utf8[] = { 0xEF, 0xBB, 0xBF };
++  const guint8 header[] = "[Script Info]";
+   const gchar *end;
+   GstBuffer *priv;
+   GstMapInfo map;
+@@ -193,7 +223,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
+     left -= 3;
+   }
+ 
+-  if (!strstr (ptr, "[Script Info]"))
++  if (!my_memmem (ptr, left, header, sizeof (header) - 1))
+     goto invalid_init;
+ 
+   if (!g_utf8_validate (ptr, left, &end)) {
+@@ -231,6 +261,10 @@ invalid_init:
+   }
+ }
+ 
++#ifdef my_memmem
++#undef my_memmem
++#endif
++
+ static gboolean
+ gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
+ {
+diff --git a/meson.build b/meson.build
+index d1033bef4a..65d0944114 100644
+--- a/meson.build
++++ b/meson.build
+@@ -199,6 +199,7 @@ check_functions = [
+   ['HAVE_LRINTF', 'lrintf', '#include<math.h>'],
+   ['HAVE_MMAP', 'mmap', '#include<sys/mman.h>'],
+   ['HAVE_LOG2', 'log2', '#include<math.h>'],
++  ['HAVE_MEMMEM', 'memmem', '#include<string.h>'],
+ ]
+ 
+ libm = cc.find_library('m', required : false)
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch
new file mode 100644
index 0000000000..4b514ff875
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch
@@ -0,0 +1,64 @@
+From 537161868f36048571f400648ac7909f26c73d53 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 13:43:06 +0300
+Subject: [PATCH] id3v2: Don't try parsing extended header if not enough data
+ is available
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-235
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3842
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033>
+
+CVE: CVE-2024-47542
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/537161868f36048571f400648ac7909f26c73d53]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst-libs/gst/tag/id3v2.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/gst-libs/gst/tag/id3v2.c b/gst-libs/gst/tag/id3v2.c
+index 7db2cb7e12..70f975d133 100644
+--- a/gst-libs/gst/tag/id3v2.c
++++ b/gst-libs/gst/tag/id3v2.c
+@@ -29,7 +29,7 @@
+ 
+ #define HANDLE_INVALID_SYNCSAFE
+ 
+-static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size);
++static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work);
+ 
+ #ifndef GST_DISABLE_GST_DEBUG
+ 
+@@ -258,7 +258,7 @@ gst_tag_list_from_id3v2_tag (GstBuffer * buffer)
+     GST_MEMDUMP ("ID3v2 tag (un-unsyced)", uu_data, work.hdr.frame_data_size);
+   }
+ 
+-  id3v2_frames_to_tag_list (&work, work.hdr.frame_data_size);
++  id3v2_frames_to_tag_list (&work);
+ 
+   g_free (uu_data);
+ 
+@@ -440,12 +440,17 @@ id3v2_add_id3v2_frame_blob_to_taglist (ID3TagsWorking * work,
+ }
+ 
+ static gboolean
+-id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size)
++id3v2_frames_to_tag_list (ID3TagsWorking * work)
+ {
+   guint frame_hdr_size;
+ 
+   /* Extended header if present */
+   if (work->hdr.flags & ID3V2_HDR_FLAG_EXTHDR) {
++    if (work->hdr.frame_data_size < 4) {
++      GST_DEBUG ("Tag has no extended header data. Broken tag");
++      return FALSE;
++    }
++
+     work->hdr.ext_hdr_size = id3v2_read_synch_uint (work->hdr.frame_data, 4);
+ 
+     /* In id3v2.4.x the header size is the size of the *whole*
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch
new file mode 100644
index 0000000000..6762f256e0
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch
@@ -0,0 +1,38 @@
+From aa07d94c10d71fac389dbbb264a59c1f6117eead Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 18:19:30 +0300
+Subject: [PATCH] discoverer: Don't print channel layout for more than 64
+ channels
+
+64+ channels are always unpositioned / unknown layout.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-248
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034>
+
+CVE: CVE-2024-47600
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa07d94c10d71fac389dbbb264a59c1f6117eead]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tools/gst-discoverer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/gst-discoverer.c b/tools/gst-discoverer.c
+index e3f048bed5..4a2a1b4bc4 100644
+--- a/tools/gst-discoverer.c
++++ b/tools/gst-discoverer.c
+@@ -222,7 +222,7 @@ format_channel_mask (GstDiscovererAudioInfo * ainfo)
+ 
+   channel_mask = gst_discoverer_audio_info_get_channel_mask (ainfo);
+ 
+-  if (channel_mask != 0) {
++  if (channel_mask != 0 && channels <= 64) {
+     gst_audio_channel_positions_from_mask (channels, channel_mask, position);
+ 
+     for (i = 0; i < channels; i++) {
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch
new file mode 100644
index 0000000000..b778e7053b
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch
@@ -0,0 +1,39 @@
+From 4c40f73b7002967e824ef34a5435282f4a0ea363 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 9 Oct 2024 11:23:47 -0400
+Subject: [PATCH] subparse: Check for NULL return of strchr() when parsing LRC
+ subtitles
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-263
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039>
+
+CVE: CVE-2024-47835
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4c40f73b7002967e824ef34a5435282f4a0ea363]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/subparse/gstsubparse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
+index 8d925524a6..7d286ed318 100644
+--- a/gst/subparse/gstsubparse.c
++++ b/gst/subparse/gstsubparse.c
+@@ -1068,6 +1068,11 @@ parse_lrc (ParserState * state, const gchar * line)
+     return NULL;
+ 
+   start = strchr (line, ']');
++  // sscanf() does not check for the trailing ] but only up to the last
++  // placeholder, so there might be no ] at the end.
++  if (!start)
++    return NULL;
++
+   if (start - line == 9)
+     milli = 10;
+   else
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
index 5905c2d5b1..05cb956815 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
@@ -10,6 +10,15 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
            file://0001-ENGR00312515-get-caps-from-src-pad-when-query-caps.patch \
            file://0003-viv-fb-Make-sure-config.h-is-included.patch \
            file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
+           file://0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch \
+           file://0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch \
+           file://0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch \
+           file://0007-oggstream-review-and-fix-per-format-min_packet_size.patch \
+           file://0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch \
+           file://0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch \
+           file://0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch \
+           file://0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch \
+           file://0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch \
            "
 SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"
 
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch
new file mode 100644
index 0000000000..d9f1474ba4
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch
@@ -0,0 +1,124 @@
+From 62de06c7a443a5ac40ab2a4f2589625932bf9632 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Tue, 24 Sep 2024 09:50:34 +0300
+Subject: [PATCH 01/13] qtdemux: Skip zero-sized boxes instead of stopping to
+ look at further boxes
+
+A zero-sized box is not really a problem and can be skipped to look at any
+possibly following ones.
+
+BMD ATEM devices specifically write a zero-sized bmdc box in the sample
+description, followed by the avcC box in case of h264. Previously the avcC box
+would simply not be read at all and the file would be unplayable.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7620>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/62de06c7a443a5ac40ab2a4f2589625932bf9632]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 54 +++++++++++++++++++++++++++++---------------
+ 1 file changed, 36 insertions(+), 18 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index a53d61e649..2f2ca4459b 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -11666,9 +11666,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+               else
+                 size = len - 0x8;
+ 
+-              if (size < 1)
+-                /* No real data, so break out */
+-                break;
++              /* No real data, so skip */
++              if (size < 1) {
++                len -= 8;
++                avc_data += 8;
++                continue;
++              }
+ 
+               switch (QT_FOURCC (avc_data + 0x4)) {
+                 case FOURCC_avcC:
+@@ -11783,9 +11786,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+               else
+                 size = len - 0x8;
+ 
+-              if (size < 1)
+-                /* No real data, so break out */
+-                break;
++              /* No real data, so skip */
++              if (size < 1) {
++                len -= 8;
++                hevc_data += 8;
++                continue;
++              }
+ 
+               switch (QT_FOURCC (hevc_data + 0x4)) {
+                 case FOURCC_hvcC:
+@@ -12207,9 +12213,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+               else
+                 size = len - 8;
+ 
+-              if (size < 1)
+-                /* No real data, so break out */
+-                break;
++              /* No real data, so skip */
++              if (size < 1) {
++                len -= 8;
++                vc1_data += 8;
++                continue;
++              }
+ 
+               switch (QT_FOURCC (vc1_data + 0x4)) {
+                 case GST_MAKE_FOURCC ('d', 'v', 'c', '1'):
+@@ -12249,9 +12258,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+               else
+                 size = len - 0x8;
+ 
+-              if (size < 1)
+-                /* No real data, so break out */
+-                break;
++              /* No real data, so skip */
++              if (size < 1) {
++                len -= 8;
++                av1_data += 8;
++                continue;
++              }
+ 
+               switch (QT_FOURCC (av1_data + 0x4)) {
+                 case FOURCC_av1C:
+@@ -12359,9 +12371,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+               else
+                 size = len - 0x8;
+ 
+-              if (size < 1)
+-                /* No real data, so break out */
+-                break;
++              /* No real data, so skip */
++              if (size < 1) {
++                len -= 8;
++                vpcc_data += 8;
++                continue;
++              }
+ 
+               switch (QT_FOURCC (vpcc_data + 0x4)) {
+                 case FOURCC_vpcC:
+@@ -12861,9 +12876,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+             else
+               size = len - 8;
+ 
+-            if (size < 1)
+-              /* No real data, so break out */
+-              break;
++            /* No real data, so skip */
++            if (size < 1) {
++              len -= 8;
++              wfex_data += 8;
++              continue;
++            }
+ 
+             switch (QT_FOURCC (wfex_data + 4)) {
+               case GST_MAKE_FOURCC ('w', 'f', 'e', 'x'):
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch
new file mode 100644
index 0000000000..4eacb4e198
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch
@@ -0,0 +1,63 @@
+From 0e58b2f7ad7b310201eada442a6782aaebe8e2bd Mon Sep 17 00:00:00 2001
+From: Antonio Morales <antonio-morales@github.com>
+Date: Thu, 26 Sep 2024 18:39:37 +0300
+Subject: [PATCH 02/13] qtdemux: Fix integer overflow when allocating the
+ samples table for fragmented MP4
+
+This can lead to out of bounds writes and NULL pointer dereferences.
+
+Fixes GHSL-2024-094, GHSL-2024-237, GHSL-2024-241
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3839
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47537
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0e58b2f7ad7b310201eada442a6782aaebe8e2bd]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 2ccc9f3595..54f2dfead3 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -3342,6 +3342,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+   gint i;
+   guint8 *data;
+   guint entry_size, dur_offset, size_offset, flags_offset = 0, ct_offset = 0;
++  guint new_n_samples;
+   QtDemuxSample *sample;
+   gboolean ismv = FALSE;
+   gint64 initial_offset;
+@@ -3442,14 +3443,13 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+     goto fail;
+   data = (guint8 *) gst_byte_reader_peek_data_unchecked (trun);
+ 
+-  if (stream->n_samples + samples_count >=
+-      QTDEMUX_MAX_SAMPLE_INDEX_SIZE / sizeof (QtDemuxSample))
++  if (!g_uint_checked_add (&new_n_samples, stream->n_samples, samples_count) ||
++      new_n_samples >= QTDEMUX_MAX_SAMPLE_INDEX_SIZE / sizeof (QtDemuxSample))
+     goto index_too_big;
+ 
+   GST_DEBUG_OBJECT (qtdemux, "allocating n_samples %u * %u (%.2f MB)",
+-      stream->n_samples + samples_count, (guint) sizeof (QtDemuxSample),
+-      (stream->n_samples + samples_count) *
+-      sizeof (QtDemuxSample) / (1024.0 * 1024.0));
++      new_n_samples, (guint) sizeof (QtDemuxSample),
++      (new_n_samples) * sizeof (QtDemuxSample) / (1024.0 * 1024.0));
+ 
+   /* create a new array of samples if it's the first sample parsed */
+   if (stream->n_samples == 0) {
+@@ -3458,7 +3458,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+     /* or try to reallocate it with space enough to insert the new samples */
+   } else
+     stream->samples = g_try_renew (QtDemuxSample, stream->samples,
+-        stream->n_samples + samples_count);
++        new_n_samples);
+   if (stream->samples == NULL)
+     goto out_of_memory;
+ 
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch
new file mode 100644
index 0000000000..298ecb0fe6
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch
@@ -0,0 +1,72 @@
+From c077ff2585927540f038635f26ca4ba99dc92f10 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 18:40:56 +0300
+Subject: [PATCH 03/13] qtdemux: Fix debug output during trun parsing
+
+Various integers are unsigned so print them as such. Also print the actual
+allocation size if allocation fails, not only parts of it.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c077ff2585927540f038635f26ca4ba99dc92f10]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 54f2dfead3..4bb24b1b80 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -3348,8 +3348,8 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+   gint64 initial_offset;
+   gint32 min_ct = 0;
+ 
+-  GST_LOG_OBJECT (qtdemux, "parsing trun track-id %d; "
+-      "default dur %d, size %d, flags 0x%x, base offset %" G_GINT64_FORMAT ", "
++  GST_LOG_OBJECT (qtdemux, "parsing trun track-id %u; "
++      "default dur %u, size %u, flags 0x%x, base offset %" G_GINT64_FORMAT ", "
+       "decode ts %" G_GINT64_FORMAT, stream->track_id, d_sample_duration,
+       d_sample_size, d_sample_flags, *base_offset, decode_ts);
+ 
+@@ -3377,7 +3377,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+     /* note this is really signed */
+     if (!gst_byte_reader_get_int32_be (trun, &data_offset))
+       goto fail;
+-    GST_LOG_OBJECT (qtdemux, "trun data offset %d", data_offset);
++    GST_LOG_OBJECT (qtdemux, "trun data offset %u", data_offset);
+     /* default base offset = first byte of moof */
+     if (*base_offset == -1) {
+       GST_LOG_OBJECT (qtdemux, "base_offset at moof");
+@@ -3399,7 +3399,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+ 
+   GST_LOG_OBJECT (qtdemux, "running offset now %" G_GINT64_FORMAT,
+       *running_offset);
+-  GST_LOG_OBJECT (qtdemux, "trun offset %d, flags 0x%x, entries %d",
++  GST_LOG_OBJECT (qtdemux, "trun offset %u, flags 0x%x, entries %u",
+       data_offset, flags, samples_count);
+ 
+   if (flags & TR_FIRST_SAMPLE_FLAGS) {
+@@ -3608,14 +3608,15 @@ fail:
+   }
+ out_of_memory:
+   {
+-    GST_WARNING_OBJECT (qtdemux, "failed to allocate %d samples",
+-        stream->n_samples);
++    GST_WARNING_OBJECT (qtdemux, "failed to allocate %u + %u samples",
++        stream->n_samples, samples_count);
+     return FALSE;
+   }
+ index_too_big:
+   {
+-    GST_WARNING_OBJECT (qtdemux, "not allocating index of %d samples, would "
+-        "be larger than %uMB (broken file?)", stream->n_samples,
++    GST_WARNING_OBJECT (qtdemux,
++        "not allocating index of %u + %u samples, would "
++        "be larger than %uMB (broken file?)", stream->n_samples, samples_count,
+         QTDEMUX_MAX_SAMPLE_INDEX_SIZE >> 20);
+     return FALSE;
+   }
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch
new file mode 100644
index 0000000000..bc924391fe
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch
@@ -0,0 +1,35 @@
+From 53464dd2cf1a03f838899f7355133766ff211fce Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 18:41:39 +0300
+Subject: [PATCH 04/13] qtdemux: Don't iterate over all trun entries if none of
+ the flags are set
+
+Nothing would be printed anyway.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/53464dd2cf1a03f838899f7355133766ff211fce]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux_dump.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/isomp4/qtdemux_dump.c b/gst/isomp4/qtdemux_dump.c
+index 22da35e9e7..297b580ef0 100644
+--- a/gst/isomp4/qtdemux_dump.c
++++ b/gst/isomp4/qtdemux_dump.c
+@@ -836,6 +836,11 @@ qtdemux_dump_trun (GstQTDemux * qtdemux, GstByteReader * data, int depth)
+     GST_LOG ("%*s    first-sample-flags: %u", depth, "", first_sample_flags);
+   }
+ 
++  /* Nothing to print below */
++  if ((flags & (TR_SAMPLE_DURATION | TR_SAMPLE_SIZE | TR_SAMPLE_FLAGS |
++              TR_COMPOSITION_TIME_OFFSETS)) == 0)
++    return TRUE;
++
+   for (i = 0; i < samples_count; i++) {
+     if (flags & TR_SAMPLE_DURATION) {
+       if (!gst_byte_reader_get_uint32_be (data, &sample_duration))
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch
new file mode 100644
index 0000000000..25796bd983
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch
@@ -0,0 +1,63 @@
+From 1fac18a8fa269343dd43c9a4bca8d89f307fb7a0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 15:50:54 +0300
+Subject: [PATCH 05/13] qtdemux: Check sizes of stsc/stco/stts before trying to
+ merge entries
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-246
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3854
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47598
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1fac18a8fa269343dd43c9a4bca8d89f307fb7a0]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 4bb24b1b80..d1aa9ee5a0 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -9476,6 +9476,21 @@ qtdemux_merge_sample_table (GstQTDemux * qtdemux, QtDemuxStream * stream)
+     return;
+   }
+ 
++  if (gst_byte_reader_get_remaining (&stream->stts) < 8) {
++    GST_DEBUG_OBJECT (qtdemux, "Too small stts");
++    return;
++  }
++
++  if (stream->stco.size < 8) {
++    GST_DEBUG_OBJECT (qtdemux, "Too small stco");
++    return;
++  }
++
++  if (stream->n_samples_per_chunk == 0) {
++    GST_DEBUG_OBJECT (qtdemux, "No samples per chunk");
++    return;
++  }
++
+   /* Parse the stts to get the sample duration and number of samples */
+   gst_byte_reader_skip_unchecked (&stream->stts, 4);
+   stts_duration = gst_byte_reader_get_uint32_be_unchecked (&stream->stts);
+@@ -9487,6 +9502,13 @@ qtdemux_merge_sample_table (GstQTDemux * qtdemux, QtDemuxStream * stream)
+   GST_DEBUG_OBJECT (qtdemux, "sample_duration %d, num_chunks %u", stts_duration,
+       num_chunks);
+ 
++  if (gst_byte_reader_get_remaining (&stream->stsc) <
++      stream->n_samples_per_chunk * 3 * 4 +
++      (stream->n_samples_per_chunk - 1) * 4) {
++    GST_DEBUG_OBJECT (qtdemux, "Too small stsc");
++    return;
++  }
++
+   /* Now parse stsc, convert chunks into single samples and generate a
+    * new stsc, stts and stsz from this information */
+   gst_byte_writer_init (&stsc);
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch
new file mode 100644
index 0000000000..f2ee62fd01
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch
@@ -0,0 +1,44 @@
+From 6cca274bf25a5679330debdd61a59840e50c68ab Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 09:20:28 +0300
+Subject: [PATCH 06/13] qtdemux: Make sure only an even number of bytes is
+ processed when handling CEA608 data
+
+An odd number of bytes would lead to out of bound reads and writes, and doesn't
+make any sense as CEA608 comes in byte pairs.
+
+Strip off any leftover bytes and assume everything before that is valid.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-195
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3841
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47539
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6cca274bf25a5679330debdd61a59840e50c68ab]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index d1aa9ee5a0..ce1a1b8d59 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -5784,6 +5784,11 @@ convert_to_s334_1a (const guint8 * ccpair, guint8 ccpair_size, guint field,
+   guint8 *storage;
+   gsize i;
+ 
++  /* Strip off any leftover odd bytes and assume everything before is valid */
++  if (ccpair_size % 2 != 0) {
++    ccpair_size -= 1;
++  }
++
+   /* We are converting from pairs to triplets */
+   *res = ccpair_size / 2 * 3;
+   storage = g_malloc (*res);
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch
new file mode 100644
index 0000000000..9b885669a0
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch
@@ -0,0 +1,120 @@
+From 64fa1ec0de71db28387a45819681ba760a71e6bc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 14:17:02 +0300
+Subject: [PATCH 07/13] qtdemux: Make sure enough data is available before
+ reading wave header node
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-236
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3843
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47543
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/64fa1ec0de71db28387a45819681ba760a71e6bc]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 84 ++++++++++++++++++++++++--------------------
+ 1 file changed, 45 insertions(+), 39 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index ce1a1b8d59..ed83227d70 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -13139,47 +13139,53 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+         } else {
+           guint32 datalen = QT_UINT32 (stsd_entry_data + offset + 16);
+           const guint8 *data = stsd_entry_data + offset + 16;
+-          GNode *wavenode;
+-          GNode *waveheadernode;
+-
+-          wavenode = g_node_new ((guint8 *) data);
+-          if (qtdemux_parse_node (qtdemux, wavenode, data, datalen)) {
+-            const guint8 *waveheader;
+-            guint32 headerlen;
+-
+-            waveheadernode = qtdemux_tree_get_child_by_type (wavenode, fourcc);
+-            if (waveheadernode) {
+-              waveheader = (const guint8 *) waveheadernode->data;
+-              headerlen = QT_UINT32 (waveheader);
+-
+-              if (headerlen > 8) {
+-                gst_riff_strf_auds *header = NULL;
+-                GstBuffer *headerbuf;
+-                GstBuffer *extra;
+-
+-                waveheader += 8;
+-                headerlen -= 8;
+-
+-                headerbuf = gst_buffer_new_and_alloc (headerlen);
+-                gst_buffer_fill (headerbuf, 0, waveheader, headerlen);
+-
+-                if (gst_riff_parse_strf_auds (GST_ELEMENT_CAST (qtdemux),
+-                        headerbuf, &header, &extra)) {
+-                  gst_caps_unref (entry->caps);
+-                  /* FIXME: Need to do something with the channel reorder map */
+-                  entry->caps =
+-                      gst_riff_create_audio_caps (header->format, NULL, header,
+-                      extra, NULL, NULL, NULL);
+-
+-                  if (extra)
+-                    gst_buffer_unref (extra);
+-                  g_free (header);
++
++          if (len < datalen || len - datalen < offset + 16) {
++            GST_WARNING_OBJECT (qtdemux, "Not enough data for waveheadernode");
++          } else {
++            GNode *wavenode;
++            GNode *waveheadernode;
++
++            wavenode = g_node_new ((guint8 *) data);
++            if (qtdemux_parse_node (qtdemux, wavenode, data, datalen)) {
++              const guint8 *waveheader;
++              guint32 headerlen;
++
++              waveheadernode =
++                  qtdemux_tree_get_child_by_type (wavenode, fourcc);
++              if (waveheadernode) {
++                waveheader = (const guint8 *) waveheadernode->data;
++                headerlen = QT_UINT32 (waveheader);
++
++                if (headerlen > 8) {
++                  gst_riff_strf_auds *header = NULL;
++                  GstBuffer *headerbuf;
++                  GstBuffer *extra;
++
++                  waveheader += 8;
++                  headerlen -= 8;
++
++                  headerbuf = gst_buffer_new_and_alloc (headerlen);
++                  gst_buffer_fill (headerbuf, 0, waveheader, headerlen);
++
++                  if (gst_riff_parse_strf_auds (GST_ELEMENT_CAST (qtdemux),
++                          headerbuf, &header, &extra)) {
++                    gst_caps_unref (entry->caps);
++                    /* FIXME: Need to do something with the channel reorder map */
++                    entry->caps =
++                        gst_riff_create_audio_caps (header->format, NULL,
++                        header, extra, NULL, NULL, NULL);
++
++                    if (extra)
++                      gst_buffer_unref (extra);
++                    g_free (header);
++                  }
+                 }
+-              }
+-            } else
+-              GST_DEBUG ("Didn't find waveheadernode for this codec");
++              } else
++                GST_DEBUG ("Didn't find waveheadernode for this codec");
++            }
++            g_node_destroy (wavenode);
+           }
+-          g_node_destroy (wavenode);
+         }
+       } else if (esds) {
+         gst_qtdemux_handle_esds (qtdemux, stream, entry, esds,
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch
new file mode 100644
index 0000000000..75ca64f432
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch
@@ -0,0 +1,450 @@
+From 2fbd654d4702e396b61b3963caddcefd024be4bc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 00:12:57 +0300
+Subject: [PATCH 08/13] qtdemux: Fix length checks and offsets in stsd entry
+ parsing
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-242
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3845
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47545
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2fbd654d4702e396b61b3963caddcefd024be4bc]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 218 ++++++++++++++++---------------------------
+ 1 file changed, 79 insertions(+), 139 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index ed83227d70..94ce75b2d4 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -11679,43 +11679,35 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+           case FOURCC_avc1:
+           case FOURCC_avc3:
+           {
+-            guint len = QT_UINT32 (stsd_entry_data);
++            guint32 len = QT_UINT32 (stsd_entry_data);
+             len = len <= 0x56 ? 0 : len - 0x56;
+             const guint8 *avc_data = stsd_entry_data + 0x56;
+ 
+             /* find avcC */
+-            while (len >= 0x8) {
+-              guint size;
++            while (len >= 8) {
++              guint32 size = QT_UINT32 (avc_data);
+ 
+-              if (QT_UINT32 (avc_data) <= 0x8)
+-                size = 0;
+-              else if (QT_UINT32 (avc_data) <= len)
+-                size = QT_UINT32 (avc_data) - 0x8;
+-              else
+-                size = len - 0x8;
++              if (size < 8 || size > len)
++                break;
+ 
+-              /* No real data, so skip */
+-              if (size < 1) {
+-                len -= 8;
+-                avc_data += 8;
+-                continue;
+-              }
+-
+-              switch (QT_FOURCC (avc_data + 0x4)) {
++              switch (QT_FOURCC (avc_data + 4)) {
+                 case FOURCC_avcC:
+                 {
+                   /* parse, if found */
+                   GstBuffer *buf;
+ 
++                  if (size < 8 + 1)
++                    break;
++
+                   GST_DEBUG_OBJECT (qtdemux, "found avcC codec_data in stsd");
+ 
+                   /* First 4 bytes are the length of the atom, the next 4 bytes
+                    * are the fourcc, the next 1 byte is the version, and the
+                    * subsequent bytes are profile_tier_level structure like data. */
+                   gst_codec_utils_h264_caps_set_level_and_profile (entry->caps,
+-                      avc_data + 8 + 1, size - 1);
+-                  buf = gst_buffer_new_and_alloc (size);
+-                  gst_buffer_fill (buf, 0, avc_data + 0x8, size);
++                      avc_data + 8 + 1, size - 8 - 1);
++                  buf = gst_buffer_new_and_alloc (size - 8);
++                  gst_buffer_fill (buf, 0, avc_data + 8, size - 8);
+                   gst_caps_set_simple (entry->caps,
+                       "codec_data", GST_TYPE_BUFFER, buf, NULL);
+                   gst_buffer_unref (buf);
+@@ -11726,6 +11718,9 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+                 {
+                   GstBuffer *buf;
+ 
++                  if (size < 8 + 40 + 1)
++                    break;
++
+                   GST_DEBUG_OBJECT (qtdemux, "found strf codec_data in stsd");
+ 
+                   /* First 4 bytes are the length of the atom, the next 4 bytes
+@@ -11733,17 +11728,14 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+                    * next 1 byte is the version, and the
+                    * subsequent bytes are sequence parameter set like data. */
+ 
+-                  size -= 40;   /* we'll be skipping BITMAPINFOHEADER */
+-                  if (size > 1) {
+-                    gst_codec_utils_h264_caps_set_level_and_profile
+-                        (entry->caps, avc_data + 8 + 40 + 1, size - 1);
++                  gst_codec_utils_h264_caps_set_level_and_profile
++                      (entry->caps, avc_data + 8 + 40 + 1, size - 8 - 40 - 1);
+ 
+-                    buf = gst_buffer_new_and_alloc (size);
+-                    gst_buffer_fill (buf, 0, avc_data + 8 + 40, size);
+-                    gst_caps_set_simple (entry->caps,
+-                        "codec_data", GST_TYPE_BUFFER, buf, NULL);
+-                    gst_buffer_unref (buf);
+-                  }
++                  buf = gst_buffer_new_and_alloc (size - 8 - 40);
++                  gst_buffer_fill (buf, 0, avc_data + 8 + 40, size - 8 - 40);
++                  gst_caps_set_simple (entry->caps,
++                      "codec_data", GST_TYPE_BUFFER, buf, NULL);
++                  gst_buffer_unref (buf);
+                   break;
+                 }
+                 case FOURCC_btrt:
+@@ -11751,11 +11743,11 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+                   guint avg_bitrate, max_bitrate;
+ 
+                   /* bufferSizeDB, maxBitrate and avgBitrate - 4 bytes each */
+-                  if (size < 12)
++                  if (size < 8 + 12)
+                     break;
+ 
+-                  max_bitrate = QT_UINT32 (avc_data + 0xc);
+-                  avg_bitrate = QT_UINT32 (avc_data + 0x10);
++                  max_bitrate = QT_UINT32 (avc_data + 8 + 4);
++                  avg_bitrate = QT_UINT32 (avc_data + 8 + 8);
+ 
+                   if (!max_bitrate && !avg_bitrate)
+                     break;
+@@ -11787,8 +11779,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+                   break;
+               }
+ 
+-              len -= size + 8;
+-              avc_data += size + 8;
++              len -= size;
++              avc_data += size;
+             }
+ 
+             break;
+@@ -11799,44 +11791,36 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+           case FOURCC_dvh1:
+           case FOURCC_dvhe:
+           {
+-            guint len = QT_UINT32 (stsd_entry_data);
++            guint32 len = QT_UINT32 (stsd_entry_data);
+             len = len <= 0x56 ? 0 : len - 0x56;
+             const guint8 *hevc_data = stsd_entry_data + 0x56;
+ 
+             /* find hevc */
+-            while (len >= 0x8) {
+-              guint size;
++            while (len >= 8) {
++              guint32 size = QT_UINT32 (hevc_data);
+ 
+-              if (QT_UINT32 (hevc_data) <= 0x8)
+-                size = 0;
+-              else if (QT_UINT32 (hevc_data) <= len)
+-                size = QT_UINT32 (hevc_data) - 0x8;
+-              else
+-                size = len - 0x8;
++              if (size < 8 || size > len)
++                break;
+ 
+-              /* No real data, so skip */
+-              if (size < 1) {
+-                len -= 8;
+-                hevc_data += 8;
+-                continue;
+-              }
+-
+-              switch (QT_FOURCC (hevc_data + 0x4)) {
++              switch (QT_FOURCC (hevc_data + 4)) {
+                 case FOURCC_hvcC:
+                 {
+                   /* parse, if found */
+                   GstBuffer *buf;
+ 
++                  if (size < 8 + 1)
++                    break;
++
+                   GST_DEBUG_OBJECT (qtdemux, "found hvcC codec_data in stsd");
+ 
+                   /* First 4 bytes are the length of the atom, the next 4 bytes
+                    * are the fourcc, the next 1 byte is the version, and the
+                    * subsequent bytes are sequence parameter set like data. */
+                   gst_codec_utils_h265_caps_set_level_tier_and_profile
+-                      (entry->caps, hevc_data + 8 + 1, size - 1);
++                      (entry->caps, hevc_data + 8 + 1, size - 8 - 1);
+ 
+-                  buf = gst_buffer_new_and_alloc (size);
+-                  gst_buffer_fill (buf, 0, hevc_data + 0x8, size);
++                  buf = gst_buffer_new_and_alloc (size - 8);
++                  gst_buffer_fill (buf, 0, hevc_data + 8, size - 8);
+                   gst_caps_set_simple (entry->caps,
+                       "codec_data", GST_TYPE_BUFFER, buf, NULL);
+                   gst_buffer_unref (buf);
+@@ -11845,8 +11829,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+                 default:
+                   break;
+               }
+-              len -= size + 8;
+-              hevc_data += size + 8;
++              len -= size;
++              hevc_data += size;
+             }
+             break;
+           }
+@@ -12226,36 +12210,25 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+           }
+           case FOURCC_vc_1:
+           {
+-            guint len = QT_UINT32 (stsd_entry_data);
++            guint32 len = QT_UINT32 (stsd_entry_data);
+             len = len <= 0x56 ? 0 : len - 0x56;
+             const guint8 *vc1_data = stsd_entry_data + 0x56;
+ 
+             /* find dvc1 */
+             while (len >= 8) {
+-              guint size;
++              guint32 size = QT_UINT32 (vc1_data);
+ 
+-              if (QT_UINT32 (vc1_data) <= 8)
+-                size = 0;
+-              else if (QT_UINT32 (vc1_data) <= len)
+-                size = QT_UINT32 (vc1_data) - 8;
+-              else
+-                size = len - 8;
++              if (size < 8 || size > len)
++                break;
+ 
+-              /* No real data, so skip */
+-              if (size < 1) {
+-                len -= 8;
+-                vc1_data += 8;
+-                continue;
+-              }
+-
+-              switch (QT_FOURCC (vc1_data + 0x4)) {
++              switch (QT_FOURCC (vc1_data + 4)) {
+                 case GST_MAKE_FOURCC ('d', 'v', 'c', '1'):
+                 {
+                   GstBuffer *buf;
+ 
+                   GST_DEBUG_OBJECT (qtdemux, "found dvc1 codec_data in stsd");
+-                  buf = gst_buffer_new_and_alloc (size);
+-                  gst_buffer_fill (buf, 0, vc1_data + 8, size);
++                  buf = gst_buffer_new_and_alloc (size - 8);
++                  gst_buffer_fill (buf, 0, vc1_data + 8, size - 8);
+                   gst_caps_set_simple (entry->caps,
+                       "codec_data", GST_TYPE_BUFFER, buf, NULL);
+                   gst_buffer_unref (buf);
+@@ -12264,36 +12237,25 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+                 default:
+                   break;
+               }
+-              len -= size + 8;
+-              vc1_data += size + 8;
++              len -= size;
++              vc1_data += size;
+             }
+             break;
+           }
+           case FOURCC_av01:
+           {
+-            guint len = QT_UINT32 (stsd_entry_data);
++            guint32 len = QT_UINT32 (stsd_entry_data);
+             len = len <= 0x56 ? 0 : len - 0x56;
+             const guint8 *av1_data = stsd_entry_data + 0x56;
+ 
+             /* find av1C */
+-            while (len >= 0x8) {
+-              guint size;
++            while (len >= 8) {
++              guint32 size = QT_UINT32 (av1_data);
+ 
+-              if (QT_UINT32 (av1_data) <= 0x8)
+-                size = 0;
+-              else if (QT_UINT32 (av1_data) <= len)
+-                size = QT_UINT32 (av1_data) - 0x8;
+-              else
+-                size = len - 0x8;
++              if (size < 8 || size > len)
++                break;
+ 
+-              /* No real data, so skip */
+-              if (size < 1) {
+-                len -= 8;
+-                av1_data += 8;
+-                continue;
+-              }
+-
+-              switch (QT_FOURCC (av1_data + 0x4)) {
++              switch (QT_FOURCC (av1_data + 4)) {
+                 case FOURCC_av1C:
+                 {
+                   /* parse, if found */
+@@ -12303,7 +12265,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+                       "found av1C codec_data in stsd of size %d", size);
+ 
+                   /* not enough data, just ignore and hope for the best */
+-                  if (size < 4)
++                  if (size < 8 + 4)
+                     break;
+ 
+                   /* Content is:
+@@ -12352,9 +12314,9 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+                             (gint) (pres_delay_field & 0x0F) + 1, NULL);
+                       }
+ 
+-                      buf = gst_buffer_new_and_alloc (size);
++                      buf = gst_buffer_new_and_alloc (size - 8);
+                       GST_BUFFER_FLAG_SET (buf, GST_BUFFER_FLAG_HEADER);
+-                      gst_buffer_fill (buf, 0, av1_data + 8, size);
++                      gst_buffer_fill (buf, 0, av1_data + 8, size - 8);
+                       gst_caps_set_simple (entry->caps,
+                           "codec_data", GST_TYPE_BUFFER, buf, NULL);
+                       gst_buffer_unref (buf);
+@@ -12372,8 +12334,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+                   break;
+               }
+ 
+-              len -= size + 8;
+-              av1_data += size + 8;
++              len -= size;
++              av1_data += size;
+             }
+ 
+             break;
+@@ -12384,29 +12346,18 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+              * vp08, vp09, and vp10 fourcc. */
+           case FOURCC_vp09:
+           {
+-            guint len = QT_UINT32 (stsd_entry_data);
++            guint32 len = QT_UINT32 (stsd_entry_data);
+             len = len <= 0x56 ? 0 : len - 0x56;
+             const guint8 *vpcc_data = stsd_entry_data + 0x56;
+ 
+             /* find vpcC */
+-            while (len >= 0x8) {
+-              guint size;
++            while (len >= 8) {
++              guint32 size = QT_UINT32 (vpcc_data);
+ 
+-              if (QT_UINT32 (vpcc_data) <= 0x8)
+-                size = 0;
+-              else if (QT_UINT32 (vpcc_data) <= len)
+-                size = QT_UINT32 (vpcc_data) - 0x8;
+-              else
+-                size = len - 0x8;
++              if (size < 8 || size > len)
++                break;
+ 
+-              /* No real data, so skip */
+-              if (size < 1) {
+-                len -= 8;
+-                vpcc_data += 8;
+-                continue;
+-              }
+-
+-              switch (QT_FOURCC (vpcc_data + 0x4)) {
++              switch (QT_FOURCC (vpcc_data + 4)) {
+                 case FOURCC_vpcC:
+                 {
+                   const gchar *profile_str = NULL;
+@@ -12422,7 +12373,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ 
+                   /* the meaning of "size" is length of the atom body, excluding
+                    * atom length and fourcc fields */
+-                  if (size < 12)
++                  if (size < 8 + 12)
+                     break;
+ 
+                   /* Content is:
+@@ -12528,8 +12479,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+                   break;
+               }
+ 
+-              len -= size + 8;
+-              vpcc_data += size + 8;
++              len -= size;
++              vpcc_data += size;
+             }
+ 
+             break;
+@@ -12870,7 +12821,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+         }
+         case FOURCC_wma_:
+         {
+-          guint len = QT_UINT32 (stsd_entry_data);
++          guint32 len = QT_UINT32 (stsd_entry_data);
+           len = len <= offset ? 0 : len - offset;
+           const guint8 *wfex_data = stsd_entry_data + offset;
+           const gchar *codec_name = NULL;
+@@ -12895,21 +12846,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ 
+           /* find wfex */
+           while (len >= 8) {
+-            guint size;
++            guint32 size = QT_UINT32 (wfex_data);
+ 
+-            if (QT_UINT32 (wfex_data) <= 0x8)
+-              size = 0;
+-            else if (QT_UINT32 (wfex_data) <= len)
+-              size = QT_UINT32 (wfex_data) - 8;
+-            else
+-              size = len - 8;
+-
+-            /* No real data, so skip */
+-            if (size < 1) {
+-              len -= 8;
+-              wfex_data += 8;
+-              continue;
+-            }
++            if (size < 8 || size > len)
++              break;
+ 
+             switch (QT_FOURCC (wfex_data + 4)) {
+               case GST_MAKE_FOURCC ('w', 'f', 'e', 'x'):
+@@ -12954,12 +12894,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+                     "width", G_TYPE_INT, wfex.wBitsPerSample,
+                     "depth", G_TYPE_INT, wfex.wBitsPerSample, NULL);
+ 
+-                if (size > wfex.cbSize) {
++                if (size > 8 + wfex.cbSize) {
+                   GstBuffer *buf;
+ 
+-                  buf = gst_buffer_new_and_alloc (size - wfex.cbSize);
++                  buf = gst_buffer_new_and_alloc (size - 8 - wfex.cbSize);
+                   gst_buffer_fill (buf, 0, wfex_data + 8 + wfex.cbSize,
+-                      size - wfex.cbSize);
++                      size - 8 - wfex.cbSize);
+                   gst_caps_set_simple (entry->caps,
+                       "codec_data", GST_TYPE_BUFFER, buf, NULL);
+                   gst_buffer_unref (buf);
+@@ -12976,8 +12916,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+               default:
+                 break;
+             }
+-            len -= size + 8;
+-            wfex_data += size + 8;
++            len -= size;
++            wfex_data += size;
+           }
+           break;
+         }
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch
new file mode 100644
index 0000000000..53867a8970
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch
@@ -0,0 +1,56 @@
+From da3b4e903ae990193988a873368bdd1865350521 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 09:47:50 +0300
+Subject: [PATCH 09/13] qtdemux: Fix error handling when parsing cenc sample
+ groups fails
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-238, GHSL-2024-239, GHSL-2024-240
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3846
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47544
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/da3b4e903ae990193988a873368bdd1865350521]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 94ce75b2d4..e7a79be45b 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -11400,12 +11400,15 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+       if (stream->subtype != FOURCC_soun) {
+         GST_ERROR_OBJECT (qtdemux,
+             "Unexpeced stsd type 'aavd' outside 'soun' track");
++        goto corrupt_file;
+       } else {
+         /* encrypted audio with sound sample description v0 */
+         GNode *enc = qtdemux_tree_get_child_by_type (stsd, fourcc);
+         stream->protected = TRUE;
+-        if (!qtdemux_parse_protection_aavd (qtdemux, stream, enc, &fourcc))
++        if (!qtdemux_parse_protection_aavd (qtdemux, stream, enc, &fourcc)) {
+           GST_ERROR_OBJECT (qtdemux, "Failed to parse protection scheme info");
++          goto corrupt_file;
++        }
+       }
+     }
+ 
+@@ -11414,8 +11417,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+        * with the same type */
+       GNode *enc = qtdemux_tree_get_child_by_type (stsd, fourcc);
+       stream->protected = TRUE;
+-      if (!qtdemux_parse_protection_scheme_info (qtdemux, stream, enc, &fourcc))
++      if (!qtdemux_parse_protection_scheme_info (qtdemux, stream, enc, &fourcc)) {
+         GST_ERROR_OBJECT (qtdemux, "Failed to parse protection scheme info");
++        goto corrupt_file;
++      }
+     }
+ 
+     if (stream->subtype == FOURCC_vide) {
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch
new file mode 100644
index 0000000000..52416b412f
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch
@@ -0,0 +1,49 @@
+From 20503e5dd90e21ef170488b2a8b8529ae8a4cab9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 10:38:50 +0300
+Subject: [PATCH 10/13] qtdemux: Make sure there are enough offsets to read
+ when parsing samples
+
+While this specific case is also caught when initializing co_chunk, the error
+is ignored in various places and calling into the function would lead to out of
+bounds reads if the error message doesn't cause the pipeline to be shut down
+fast enough.
+
+To avoid this, no matter what, make sure enough offsets are available when
+parsing them. While this is potentially slower, the same is already done in the
+non-chunks_are_samples case.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-245
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47597
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/20503e5dd90e21ef170488b2a8b8529ae8a4cab9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index e7a79be45b..5277952c5e 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -10066,9 +10066,9 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream, guint32 n)
+           goto done;
+         }
+ 
+-        cur->offset =
+-            qt_atom_parser_get_offset_unchecked (&stream->co_chunk,
+-            stream->co_size);
++        if (!qt_atom_parser_get_offset (&stream->co_chunk,
++                stream->co_size, &cur->offset))
++          goto corrupt_file;
+ 
+         GST_LOG_OBJECT (qtdemux, "Created entry %d with offset "
+             "%" G_GUINT64_FORMAT, j, cur->offset);
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch
new file mode 100644
index 0000000000..c57a3d6dac
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch
@@ -0,0 +1,97 @@
+From ed254790331a3fba2f68255a8f072552d622aac1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 10:39:30 +0300
+Subject: [PATCH 11/13] qtdemux: Actually handle errors returns from various
+ functions instead of ignoring them
+
+Ignoring them might cause the element to continue as if all is fine despite the
+internal state being inconsistent. This can lead to all kinds of follow-up
+issues, including memory safety issues.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-245
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47597
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ed254790331a3fba2f68255a8f072552d622aac1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 29 +++++++++++++++++++++++------
+ 1 file changed, 23 insertions(+), 6 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 5277952c5e..1de70f184f 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -4853,10 +4853,15 @@ gst_qtdemux_loop_state_header (GstQTDemux * qtdemux)
+ beach:
+   if (ret == GST_FLOW_EOS && (qtdemux->got_moov || qtdemux->media_caps)) {
+     /* digested all data, show what we have */
+-    qtdemux_prepare_streams (qtdemux);
++    ret = qtdemux_prepare_streams (qtdemux);
++    if (ret != GST_FLOW_OK)
++      return ret;
++
+     QTDEMUX_EXPOSE_LOCK (qtdemux);
+     ret = qtdemux_expose_streams (qtdemux);
+     QTDEMUX_EXPOSE_UNLOCK (qtdemux);
++    if (ret != GST_FLOW_OK)
++      return ret;
+ 
+     qtdemux->state = QTDEMUX_STATE_MOVIE;
+     GST_DEBUG_OBJECT (qtdemux, "switching state to STATE_MOVIE (%d)",
+@@ -7548,13 +7553,21 @@ gst_qtdemux_process_adapter (GstQTDemux * demux, gboolean force)
+             gst_qtdemux_stream_concat (demux,
+                 demux->old_streams, demux->active_streams);
+ 
+-            qtdemux_parse_moov (demux, data, demux->neededbytes);
++            if (!qtdemux_parse_moov (demux, data, demux->neededbytes)) {
++              ret = GST_FLOW_ERROR;
++              break;
++            }
+             qtdemux_node_dump (demux, demux->moov_node);
+             qtdemux_parse_tree (demux);
+-            qtdemux_prepare_streams (demux);
++            ret = qtdemux_prepare_streams (demux);
++            if (ret != GST_FLOW_OK)
++              break;
++
+             QTDEMUX_EXPOSE_LOCK (demux);
+-            qtdemux_expose_streams (demux);
++            ret = qtdemux_expose_streams (demux);
+             QTDEMUX_EXPOSE_UNLOCK (demux);
++            if (ret != GST_FLOW_OK)
++              break;
+ 
+             demux->got_moov = TRUE;
+ 
+@@ -7645,8 +7658,10 @@ gst_qtdemux_process_adapter (GstQTDemux * demux, gboolean force)
+             /* in MSS we need to expose the pads after the first moof as we won't get a moov */
+             if (demux->variant == VARIANT_MSS_FRAGMENTED && !demux->exposed) {
+               QTDEMUX_EXPOSE_LOCK (demux);
+-              qtdemux_expose_streams (demux);
++              ret = qtdemux_expose_streams (demux);
+               QTDEMUX_EXPOSE_UNLOCK (demux);
++              if (ret != GST_FLOW_OK)
++                goto done;
+             }
+ 
+             gst_qtdemux_check_send_pending_segment (demux);
+@@ -13760,8 +13775,10 @@ qtdemux_prepare_streams (GstQTDemux * qtdemux)
+ 
+     /* parse the initial sample for use in setting the frame rate cap */
+     while (sample_num == 0 && sample_num < stream->n_samples) {
+-      if (!qtdemux_parse_samples (qtdemux, stream, sample_num))
++      if (!qtdemux_parse_samples (qtdemux, stream, sample_num)) {
++        ret = GST_FLOW_ERROR;
+         break;
++      }
+       ++sample_num;
+     }
+   }
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch
new file mode 100644
index 0000000000..61f5ce3787
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch
@@ -0,0 +1,36 @@
+From 3153fda823cb91b1031dae69738c6c5d526fb6e1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 19:16:19 +0300
+Subject: [PATCH 12/13] qtdemux: Check for invalid atom length when extracting
+ Closed Caption data
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-243
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3849
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47546
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3153fda823cb91b1031dae69738c6c5d526fb6e1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 1de70f184f..8850d09321 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -5827,7 +5827,7 @@ extract_cc_from_data (QtDemuxStream * stream, const guint8 * data, gsize size,
+     goto invalid_cdat;
+   atom_length = QT_UINT32 (data);
+   fourcc = QT_FOURCC (data + 4);
+-  if (G_UNLIKELY (atom_length > size || atom_length == 8))
++  if (G_UNLIKELY (atom_length > size || atom_length <= 8))
+     goto invalid_cdat;
+ 
+   GST_DEBUG_OBJECT (stream->pad, "here");
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch
new file mode 100644
index 0000000000..b46f295c46
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch
@@ -0,0 +1,37 @@
+From 3ce1b812a9531611288af286b5dc6631a11e3f4a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 00:31:36 +0300
+Subject: [PATCH 13/13] qtdemux: Add size check for parsing SMI / SEQH atom
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-244
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3853
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47596
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3ce1b812a9531611288af286b5dc6631a11e3f4a]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 8850d09321..dc70287a8a 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -10629,8 +10629,9 @@ qtdemux_parse_svq3_stsd_data (GstQTDemux * qtdemux,
+                 GST_WARNING_OBJECT (qtdemux, "Unexpected second SEQH SMI atom "
+                     " found, ignoring");
+               } else {
++                /* Note: The size does *not* include the fourcc and the size field itself */
+                 seqh_size = QT_UINT32 (data + 4);
+-                if (seqh_size > 0) {
++                if (seqh_size > 0 && seqh_size <= size - 8) {
+                   _seqh = gst_buffer_new_and_alloc (seqh_size);
+                   gst_buffer_fill (_seqh, 0, data + 8, seqh_size);
+                 }
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch
new file mode 100644
index 0000000000..502b26f9d5
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch
@@ -0,0 +1,53 @@
+From 1d1c9d63be51d85f9b80f0c227d4b3469fee2534 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 2 Oct 2024 14:44:21 +0300
+Subject: [PATCH] gdkpixbufdec: Check if initializing the video info actually
+ succeeded
+
+Otherwise a 0-byte buffer would be allocated, which gives NULL memory when
+mapped.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-118
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3876
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041>
+
+CVE: CVE-2024-47613
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d1c9d63be51d85f9b80f0c227d4b3469fee2534]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/gdk_pixbuf/gstgdkpixbufdec.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/ext/gdk_pixbuf/gstgdkpixbufdec.c b/ext/gdk_pixbuf/gstgdkpixbufdec.c
+index 5482998c0d..de5f054964 100644
+--- a/ext/gdk_pixbuf/gstgdkpixbufdec.c
++++ b/ext/gdk_pixbuf/gstgdkpixbufdec.c
+@@ -322,7 +322,8 @@ gst_gdk_pixbuf_dec_flush (GstGdkPixbufDec * filter)
+ 
+ 
+     gst_video_info_init (&info);
+-    gst_video_info_set_format (&info, fmt, width, height);
++    if (!gst_video_info_set_format (&info, fmt, width, height))
++      goto format_not_supported;
+     info.fps_n = filter->in_fps_n;
+     info.fps_d = filter->in_fps_d;
+     caps = gst_video_info_to_caps (&info);
+@@ -384,6 +385,12 @@ channels_not_supported:
+         ("%d channels not supported", n_channels));
+     return GST_FLOW_ERROR;
+   }
++format_not_supported:
++  {
++    GST_ELEMENT_ERROR (filter, STREAM, DECODE, (NULL),
++        ("%d channels with %dx%d not supported", n_channels, width, height));
++    return GST_FLOW_ERROR;
++  }
+ no_buffer:
+   {
+     GST_DEBUG ("Failed to create outbuffer - %s", gst_flow_get_name (ret));
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch
new file mode 100644
index 0000000000..354a2e5194
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch
@@ -0,0 +1,60 @@
+From 008f0d52408f57f0704d5639b72db2f330b8f003 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 16:32:48 +0300
+Subject: [PATCH 1/7] matroskademux: Only unmap GstMapInfo in WavPack header
+ extraction error paths if previously mapped
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-197
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3863
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47597
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/008f0d52408f57f0704d5639b72db2f330b8f003]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/matroska/matroska-demux.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 9b3cf83adb..35e60b7147 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -3885,7 +3885,6 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+   GstMatroskaTrackAudioContext *audiocontext =
+       (GstMatroskaTrackAudioContext *) stream;
+   GstBuffer *newbuf = NULL;
+-  GstMapInfo map, outmap;
+   guint8 *buf_data, *data;
+   Wavpack4Header wvh;
+ 
+@@ -3902,11 +3901,11 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ 
+   if (audiocontext->channels <= 2) {
+     guint32 block_samples, tmp;
++    GstMapInfo outmap;
+     gsize size = gst_buffer_get_size (*buf);
+ 
+     if (size < 4) {
+       GST_ERROR_OBJECT (element, "Too small wavpack buffer");
+-      gst_buffer_unmap (*buf, &map);
+       return GST_FLOW_ERROR;
+     }
+ 
+@@ -3944,6 +3943,7 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+     *buf = newbuf;
+     audiocontext->wvpk_block_index += block_samples;
+   } else {
++    GstMapInfo map, outmap;
+     guint8 *outdata = NULL;
+     gsize buf_size, size;
+     guint32 block_samples, flags, crc;
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch
new file mode 100644
index 0000000000..39346ca829
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch
@@ -0,0 +1,35 @@
+From b7e1b13af70b7c042f29674f5482b502af82d829 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 16:33:39 +0300
+Subject: [PATCH 2/7] matroskademux: Fix off-by-one when parsing multi-channel
+ WavPack
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47597
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b7e1b13af70b7c042f29674f5482b502af82d829]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/matroska/matroska-demux.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 35e60b7147..583fbbe6e6 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -3970,7 +3970,7 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+     data += 4;
+     size -= 4;
+ 
+-    while (size > 12) {
++    while (size >= 12) {
+       flags = GST_READ_UINT32_LE (data);
+       data += 4;
+       size -= 4;
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch
new file mode 100644
index 0000000000..af1e9bf6d7
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch
@@ -0,0 +1,43 @@
+From 455393ef0f2bb0a49c5bf32ef208af914c44e806 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 18:25:53 +0300
+Subject: [PATCH 3/7] matroskademux: Check for big enough WavPack codec private
+ data before accessing it
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-250
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3866
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47597
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/455393ef0f2bb0a49c5bf32ef208af914c44e806]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/matroska/matroska-demux.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 583fbbe6e6..91e66fefc3 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -3888,6 +3888,11 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+   guint8 *buf_data, *data;
+   Wavpack4Header wvh;
+ 
++  if (!stream->codec_priv || stream->codec_priv_size < 2) {
++    GST_ERROR_OBJECT (element, "No or too small wavpack codec private data");
++    return GST_FLOW_ERROR;
++  }
++
+   wvh.ck_id[0] = 'w';
+   wvh.ck_id[1] = 'v';
+   wvh.ck_id[2] = 'p';
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch
new file mode 100644
index 0000000000..aaae3d7abe
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch
@@ -0,0 +1,51 @@
+From be0ac3f40949cb951d5f0761f4a3bd597a94947f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 19:04:51 +0300
+Subject: [PATCH 4/7] matroskademux: Don't take data out of an empty adapter
+ when processing WavPack frames
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-249
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47597
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/be0ac3f40949cb951d5f0761f4a3bd597a94947f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ .../gst-plugins-good/gst/matroska/matroska-demux.c    | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 91e66fefc3..98ed51e86a 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -4036,11 +4036,16 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+     }
+     gst_buffer_unmap (*buf, &map);
+ 
+-    newbuf = gst_adapter_take_buffer (adapter, gst_adapter_available (adapter));
++    size = gst_adapter_available (adapter);
++    if (size > 0) {
++      newbuf = gst_adapter_take_buffer (adapter, size);
++      gst_buffer_copy_into (newbuf, *buf,
++          GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1);
++    } else {
++      newbuf = NULL;
++    }
+     g_object_unref (adapter);
+ 
+-    gst_buffer_copy_into (newbuf, *buf,
+-        GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1);
+     gst_buffer_unref (*buf);
+     *buf = newbuf;
+ 
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch
new file mode 100644
index 0000000000..7216d7c9d3
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch
@@ -0,0 +1,52 @@
+From effbbfd771487cc06c79d5a7e447a849884cc6cf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 19:06:03 +0300
+Subject: [PATCH 5/7] matroskademux: Skip over laces directly when
+ postprocessing the frame fails
+
+Otherwise NULL buffers might be handled afterwards.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-249
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47540
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/effbbfd771487cc06c79d5a7e447a849884cc6cf]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ .../gst-plugins-good/gst/matroska/matroska-demux.c   | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 98ed51e86a..e0a4405dce 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -4982,6 +4982,18 @@ gst_matroska_demux_parse_blockgroup_or_simpleblock (GstMatroskaDemux * demux,
+       if (stream->postprocess_frame) {
+         GST_LOG_OBJECT (demux, "running post process");
+         ret = stream->postprocess_frame (GST_ELEMENT (demux), stream, &sub);
++        if (ret != GST_FLOW_OK) {
++          gst_clear_buffer (&sub);
++          goto next_lace;
++        }
++
++        if (sub == NULL) {
++          GST_WARNING_OBJECT (demux,
++              "Postprocessing buffer with timestamp %" GST_TIME_FORMAT
++              " for stream %d failed", GST_TIME_ARGS (buffer_timestamp),
++              stream_num);
++          goto next_lace;
++        }
+       }
+ 
+       /* At this point, we have a sub-buffer pointing at data within a larger
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch
new file mode 100644
index 0000000000..cb5ba69af0
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch
@@ -0,0 +1,43 @@
+From ed7b46bac3fa14f95422cc4bb4655d041df51454 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 19:19:42 +0300
+Subject: [PATCH 6/7] matroskademux: Skip over zero-sized Xiph stream headers
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-251
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3867
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47540
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ed7b46bac3fa14f95422cc4bb4655d041df51454]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/matroska/matroska-ids.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/gst/matroska/matroska-ids.c b/gst/matroska/matroska-ids.c
+index f11b7c2ce3..ba645f7306 100644
+--- a/gst/matroska/matroska-ids.c
++++ b/gst/matroska/matroska-ids.c
+@@ -189,8 +189,10 @@ gst_matroska_parse_xiph_stream_headers (gpointer codec_data,
+     if (offset + length[i] > codec_data_size)
+       goto error;
+ 
+-    hdr = gst_buffer_new_memdup (p + offset, length[i]);
+-    gst_buffer_list_add (list, hdr);
++    if (length[i] > 0) {
++      hdr = gst_buffer_new_memdup (p + offset, length[i]);
++      gst_buffer_list_add (list, hdr);
++    }
+ 
+     offset += length[i];
+   }
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch
new file mode 100644
index 0000000000..371eb9da9b
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch
@@ -0,0 +1,44 @@
+From 98e4356be7afa869373f96b4e8ca792c5f9707ee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 9 Oct 2024 11:52:52 -0400
+Subject: [PATCH 7/7] matroskademux: Put a copy of the codec data into the
+ A_MS/ACM caps
+
+The original codec data buffer is owned by matroskademux and does not
+necessarily live as long as the caps.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-280
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3894
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47540
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/98e4356be7afa869373f96b4e8ca792c5f9707ee]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/matroska/matroska-demux.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index e0a4405dce..80da306731 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -7165,8 +7165,7 @@ gst_matroska_demux_audio_caps (GstMatroskaTrackAudioContext *
+ 
+       /* 18 is the waveformatex size */
+       if (size > 18) {
+-        codec_data = gst_buffer_new_wrapped_full (GST_MEMORY_FLAG_READONLY,
+-            data + 18, size - 18, 0, size - 18, NULL, NULL);
++        codec_data = gst_buffer_new_memdup (data + 18, size - 18);
+       }
+ 
+       if (riff_audio_fmt)
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch
new file mode 100644
index 0000000000..037afdc4ee
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch
@@ -0,0 +1,99 @@
+From 3cdf206f4fc5a9860bfe1437ed3d01e7d23c6c3e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 16:22:19 +0300
+Subject: [PATCH] jpegdec: Directly error out on negotiation failures
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-247
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3862
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040>
+
+CVE: CVE-2024-47599
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3cdf206f4fc5a9860bfe1437ed3d01e7d23c6c3e]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ .../gst-plugins-good/ext/jpeg/gstjpegdec.c    | 22 ++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/ext/jpeg/gstjpegdec.c b/ext/jpeg/gstjpegdec.c
+index 51bc2d14bf..7523419835 100644
+--- a/ext/jpeg/gstjpegdec.c
++++ b/ext/jpeg/gstjpegdec.c
+@@ -1068,13 +1068,14 @@ gst_jpeg_turbo_parse_ext_fmt_convert (GstJpegDec * dec, gint * clrspc)
+ }
+ #endif
+ 
+-static void
++static gboolean
+ gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc,
+     gboolean interlaced)
+ {
+   GstVideoCodecState *outstate;
+   GstVideoInfo *info;
+   GstVideoFormat format;
++  gboolean res;
+ 
+ #ifdef JCS_EXTENSIONS
+   if (dec->format_convert) {
+@@ -1104,7 +1105,7 @@ gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc,
+         height == GST_VIDEO_INFO_HEIGHT (info) &&
+         format == GST_VIDEO_INFO_FORMAT (info)) {
+       gst_video_codec_state_unref (outstate);
+-      return;
++      return TRUE;
+     }
+     gst_video_codec_state_unref (outstate);
+   }
+@@ -1118,6 +1119,8 @@ gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc,
+   outstate =
+       gst_video_decoder_set_output_state (GST_VIDEO_DECODER (dec), format,
+       width, height, dec->input_state);
++  if (!outstate)
++    return FALSE;
+ 
+   switch (clrspc) {
+     case JCS_RGB:
+@@ -1142,10 +1145,12 @@ gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc,
+ 
+   gst_video_codec_state_unref (outstate);
+ 
+-  gst_video_decoder_negotiate (GST_VIDEO_DECODER (dec));
++  res = gst_video_decoder_negotiate (GST_VIDEO_DECODER (dec));
+ 
+   GST_DEBUG_OBJECT (dec, "max_v_samp_factor=%d", dec->cinfo.max_v_samp_factor);
+   GST_DEBUG_OBJECT (dec, "max_h_samp_factor=%d", dec->cinfo.max_h_samp_factor);
++
++  return res;
+ }
+ 
+ static GstFlowReturn
+@@ -1425,8 +1430,9 @@ gst_jpeg_dec_handle_frame (GstVideoDecoder * bdec, GstVideoCodecFrame * frame)
+     num_fields = 1;
+   }
+ 
+-  gst_jpeg_dec_negotiate (dec, width, output_height,
+-      dec->cinfo.jpeg_color_space, num_fields == 2);
++  if (!gst_jpeg_dec_negotiate (dec, width, output_height,
++          dec->cinfo.jpeg_color_space, num_fields == 2))
++    goto negotiation_failed;
+ 
+   state = gst_video_decoder_get_output_state (bdec);
+   ret = gst_video_decoder_allocate_output_frame (bdec, frame);
+@@ -1558,6 +1564,12 @@ map_failed:
+     ret = GST_FLOW_ERROR;
+     goto exit;
+   }
++negotiation_failed:
++  {
++    GST_ELEMENT_ERROR (dec, CORE, NEGOTIATION, (NULL), ("failed to negotiate"));
++    ret = GST_FLOW_NOT_NEGOTIATED;
++    goto exit;
++  }
+ decode_error:
+   {
+     gchar err_msg[JMSG_LENGTH_MAX];
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch
new file mode 100644
index 0000000000..37f133a493
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch
@@ -0,0 +1,44 @@
+From f8e398c46fc074f266edb3f20479c0ca31b52448 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 22:16:06 +0300
+Subject: [PATCH] qtdemux: Avoid integer overflow when parsing Theora extension
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-166
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032>
+
+CVE: CVE-2024-47606
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f8e398c46fc074f266edb3f20479c0ca31b52448]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 5e3cb1b9e6..c2d8b5e0f1 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -8279,7 +8279,7 @@ qtdemux_parse_theora_extension (GstQTDemux * qtdemux, QtDemuxStream * stream,
+   end -= 8;
+ 
+   while (buf < end) {
+-    gint size;
++    guint32 size;
+     guint32 type;
+ 
+     size = QT_UINT32 (buf);
+@@ -8287,7 +8287,7 @@ qtdemux_parse_theora_extension (GstQTDemux * qtdemux, QtDemuxStream * stream,
+ 
+     GST_LOG_OBJECT (qtdemux, "%p %p", buf, end);
+ 
+-    if (buf + size > end || size <= 0)
++    if (end - buf < size || size < 8)
+       break;
+ 
+     buf += 8;
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch
new file mode 100644
index 0000000000..33af003535
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch
@@ -0,0 +1,46 @@
+From 0870e87c7c02e28e22a09a7de0c5b1e5bed68c14 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 14:04:03 +0300
+Subject: [PATCH] avisubtitle: Fix size checks and avoid overflows when
+ checking sizes
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-262
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3890
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043>
+
+CVE: CVE-2024-47774
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0870e87c7c02e28e22a09a7de0c5b1e5bed68c14]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/avi/gstavisubtitle.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/gst/avi/gstavisubtitle.c b/gst/avi/gstavisubtitle.c
+index efc5f04051..c816934da6 100644
+--- a/gst/avi/gstavisubtitle.c
++++ b/gst/avi/gstavisubtitle.c
+@@ -196,7 +196,7 @@ gst_avi_subtitle_parse_gab2_chunk (GstAviSubtitle * sub, GstBuffer * buf)
+   /* read 'name' of subtitle */
+   name_length = GST_READ_UINT32_LE (map.data + 5 + 2);
+   GST_LOG_OBJECT (sub, "length of name: %u", name_length);
+-  if (map.size <= 17 + name_length)
++  if (G_MAXUINT32 - 17 < name_length || map.size < 17 + name_length)
+     goto wrong_name_length;
+ 
+   name_utf8 =
+@@ -216,7 +216,8 @@ gst_avi_subtitle_parse_gab2_chunk (GstAviSubtitle * sub, GstBuffer * buf)
+   file_length = GST_READ_UINT32_LE (map.data + 13 + name_length);
+   GST_LOG_OBJECT (sub, "length srt/ssa file: %u", file_length);
+ 
+-  if (map.size < (17 + name_length + file_length))
++  if (G_MAXUINT32 - 17 - name_length < file_length
++      || map.size < 17 + name_length + file_length)
+     goto wrong_total_length;
+ 
+   /* store this, so we can send it again after a seek; note that we shouldn't
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch
new file mode 100644
index 0000000000..4b53830e12
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch
@@ -0,0 +1,174 @@
+From 13b48016b3ef1e822c393c2871b0a561ce19ecb3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:00:57 +0300
+Subject: [PATCH 1/7] wavparse: Check for short reads when parsing headers in
+ pull mode
+
+And also return the actual flow return to the caller instead of always returning
+GST_FLOW_ERROR.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-258, GHSL-2024-260
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/13b48016b3ef1e822c393c2871b0a561ce19ecb3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 63 ++++++++++++++++++++++++++++----------
+ 1 file changed, 46 insertions(+), 17 deletions(-)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index d074f273c5..97d5591fae 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -1096,6 +1096,24 @@ parse_ds64 (GstWavParse * wav, GstBuffer * buf)
+   return TRUE;
+ }
+ 
++static GstFlowReturn
++gst_wavparse_pull_range_exact (GstWavParse * wav, guint64 offset, guint size,
++    GstBuffer ** buffer)
++{
++  GstFlowReturn res;
++
++  res = gst_pad_pull_range (wav->sinkpad, offset, size, buffer);
++  if (res != GST_FLOW_OK)
++    return res;
++
++  if (gst_buffer_get_size (*buffer) < size) {
++    gst_clear_buffer (buffer);
++    return GST_FLOW_EOS;
++  }
++
++  return res;
++}
++
+ static GstFlowReturn
+ gst_wavparse_stream_headers (GstWavParse * wav)
+ {
+@@ -1291,9 +1309,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ 
+       buf = NULL;
+       if ((res =
+-              gst_pad_pull_range (wav->sinkpad, wav->offset, 8,
++              gst_wavparse_pull_range_exact (wav, wav->offset, 8,
+                   &buf)) != GST_FLOW_OK)
+-        goto header_read_error;
++        goto header_pull_error;
+       gst_buffer_map (buf, &map, GST_MAP_READ);
+       tag = GST_READ_UINT32_LE (map.data);
+       size = GST_READ_UINT32_LE (map.data + 4);
+@@ -1396,9 +1414,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+             gst_buffer_unref (buf);
+             buf = NULL;
+             if ((res =
+-                    gst_pad_pull_range (wav->sinkpad, wav->offset + 8,
++                    gst_wavparse_pull_range_exact (wav, wav->offset + 8,
+                         data_size, &buf)) != GST_FLOW_OK)
+-              goto header_read_error;
++              goto header_pull_error;
+             gst_buffer_extract (buf, 0, &wav->fact, 4);
+             wav->fact = GUINT32_FROM_LE (wav->fact);
+             gst_buffer_unref (buf);
+@@ -1443,9 +1461,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+           gst_buffer_unref (buf);
+           buf = NULL;
+           if ((res =
+-                  gst_pad_pull_range (wav->sinkpad, wav->offset + 8,
+-                      size, &buf)) != GST_FLOW_OK)
+-            goto header_read_error;
++                  gst_wavparse_pull_range_exact (wav, wav->offset + 8, size,
++                      &buf)) != GST_FLOW_OK)
++            goto header_pull_error;
+           gst_buffer_map (buf, &map, GST_MAP_READ);
+           acid = (const gst_riff_acid *) map.data;
+           tempo = acid->tempo;
+@@ -1483,9 +1501,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+           gst_buffer_unref (buf);
+           buf = NULL;
+           if ((res =
+-                  gst_pad_pull_range (wav->sinkpad, wav->offset, 12,
++                  gst_wavparse_pull_range_exact (wav, wav->offset, 12,
+                       &buf)) != GST_FLOW_OK)
+-            goto header_read_error;
++            goto header_pull_error;
+           gst_buffer_extract (buf, 8, &ltag, 4);
+           ltag = GUINT32_FROM_LE (ltag);
+         }
+@@ -1512,9 +1530,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+               buf = NULL;
+               if (data_size > 0) {
+                 if ((res =
+-                        gst_pad_pull_range (wav->sinkpad, wav->offset,
++                        gst_wavparse_pull_range_exact (wav, wav->offset,
+                             data_size, &buf)) != GST_FLOW_OK)
+-                  goto header_read_error;
++                  goto header_pull_error;
+               }
+             }
+             if (data_size > 0) {
+@@ -1552,9 +1570,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+               buf = NULL;
+               wav->offset += 12;
+               if ((res =
+-                      gst_pad_pull_range (wav->sinkpad, wav->offset,
++                      gst_wavparse_pull_range_exact (wav, wav->offset,
+                           data_size, &buf)) != GST_FLOW_OK)
+-                goto header_read_error;
++                goto header_pull_error;
+               gst_buffer_map (buf, &map, GST_MAP_READ);
+               gst_wavparse_adtl_chunk (wav, (const guint8 *) map.data,
+                   data_size);
+@@ -1598,9 +1616,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+           gst_buffer_unref (buf);
+           buf = NULL;
+           if ((res =
+-                  gst_pad_pull_range (wav->sinkpad, wav->offset,
++                  gst_wavparse_pull_range_exact (wav, wav->offset,
+                       data_size, &buf)) != GST_FLOW_OK)
+-            goto header_read_error;
++            goto header_pull_error;
+           gst_buffer_map (buf, &map, GST_MAP_READ);
+           if (!gst_wavparse_cue_chunk (wav, (const guint8 *) map.data,
+                   data_size)) {
+@@ -1642,9 +1660,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+           gst_buffer_unref (buf);
+           buf = NULL;
+           if ((res =
+-                  gst_pad_pull_range (wav->sinkpad, wav->offset,
++                  gst_wavparse_pull_range_exact (wav, wav->offset,
+                       data_size, &buf)) != GST_FLOW_OK)
+-            goto header_read_error;
++            goto header_pull_error;
+           gst_buffer_map (buf, &map, GST_MAP_READ);
+           if (!gst_wavparse_smpl_chunk (wav, (const guint8 *) map.data,
+                   data_size)) {
+@@ -1796,6 +1814,17 @@ header_read_error:
+         ("Couldn't read in header %d (%s)", res, gst_flow_get_name (res)));
+     goto fail;
+   }
++header_pull_error:
++  {
++    if (res == GST_FLOW_EOS) {
++      GST_WARNING_OBJECT (wav, "Couldn't pull header %d (%s)", res,
++          gst_flow_get_name (res));
++    } else {
++      GST_ELEMENT_ERROR (wav, STREAM, DEMUX, (NULL),
++          ("Couldn't pull header %d (%s)", res, gst_flow_get_name (res)));
++    }
++    goto exit;
++  }
+ }
+ 
+ /*
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch
new file mode 100644
index 0000000000..111c86e894
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch
@@ -0,0 +1,41 @@
+From 4c198f4891cfabde868944d55ff98925e7beb757 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:09:43 +0300
+Subject: [PATCH 2/7] wavparse: Make sure enough data for the tag list tag is
+ available before parsing
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-258
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4c198f4891cfabde868944d55ff98925e7beb757]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 97d5591fae..21cb48c07e 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -1488,6 +1488,10 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+       case GST_RIFF_TAG_LIST:{
+         guint32 ltag;
+ 
++        /* Need at least the ltag */
++        if (size < 4)
++          goto exit;
++
+         if (wav->streaming) {
+           const guint8 *data = NULL;
+ 
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch
new file mode 100644
index 0000000000..39d0cccc9a
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch
@@ -0,0 +1,65 @@
+From 296e17b4ea81e5c228bb853f6037b654fdca7d47 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:15:27 +0300
+Subject: [PATCH 3/7] wavparse: Fix parsing of acid chunk
+
+Simply casting the bytes to a struct can lead to crashes because of unaligned
+reads, and is also missing the endianness swapping that is necessary on big
+endian architectures.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/296e17b4ea81e5c228bb853f6037b654fdca7d47]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 21cb48c07e..6a0c44638e 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -1433,8 +1433,7 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+         break;
+       }
+       case GST_RIFF_TAG_acid:{
+-        const gst_riff_acid *acid = NULL;
+-        const guint data_size = sizeof (gst_riff_acid);
++        const guint data_size = 24;
+         gfloat tempo;
+ 
+         GST_INFO_OBJECT (wav, "Have acid chunk");
+@@ -1448,13 +1447,13 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+           break;
+         }
+         if (wav->streaming) {
++          const guint8 *data;
+           if (!gst_wavparse_peek_chunk (wav, &tag, &size)) {
+             goto exit;
+           }
+           gst_adapter_flush (wav->adapter, 8);
+-          acid = (const gst_riff_acid *) gst_adapter_map (wav->adapter,
+-              data_size);
+-          tempo = acid->tempo;
++          data = gst_adapter_map (wav->adapter, data_size);
++          tempo = GST_READ_FLOAT_LE (data + 20);
+           gst_adapter_unmap (wav->adapter);
+         } else {
+           GstMapInfo map;
+@@ -1465,8 +1464,7 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+                       &buf)) != GST_FLOW_OK)
+             goto header_pull_error;
+           gst_buffer_map (buf, &map, GST_MAP_READ);
+-          acid = (const gst_riff_acid *) map.data;
+-          tempo = acid->tempo;
++          tempo = GST_READ_FLOAT_LE (map.data + 20);
+           gst_buffer_unmap (buf, &map);
+         }
+         /* send data as tags */
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch
new file mode 100644
index 0000000000..7dbda5abdd
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch
@@ -0,0 +1,37 @@
+From c72025cabdfcb2fe30d24eda7bb9d1d01a1b6555 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:21:44 +0300
+Subject: [PATCH 4/7] wavparse: Check that at least 4 bytes are available
+ before parsing cue chunks
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c72025cabdfcb2fe30d24eda7bb9d1d01a1b6555]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 6a0c44638e..5655ee3825 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -789,6 +789,11 @@ gst_wavparse_cue_chunk (GstWavParse * wav, const guint8 * data, guint32 size)
+     return TRUE;
+   }
+ 
++  if (size < 4) {
++    GST_WARNING_OBJECT (wav, "broken file %d", size);
++    return FALSE;
++  }
++
+   ncues = GST_READ_UINT32_LE (data);
+ 
+   if (size < 4 + ncues * 24) {
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch
new file mode 100644
index 0000000000..bb5b6ff034
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch
@@ -0,0 +1,40 @@
+From 93d79c22a82604adc5512557c1238f72f41188c4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:22:02 +0300
+Subject: [PATCH 5/7] wavparse: Check that at least 32 bytes are available
+ before parsing smpl chunks
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-259
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3887
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/93d79c22a82604adc5512557c1238f72f41188c4]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 5655ee3825..8a04805ed4 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -893,6 +893,9 @@ gst_wavparse_smpl_chunk (GstWavParse * wav, const guint8 * data, guint32 size)
+ {
+   guint32 note_number;
+ 
++  if (size < 32)
++    return FALSE;
++
+   /*
+      manufacturer_id = GST_READ_UINT32_LE (data);
+      product_id = GST_READ_UINT32_LE (data + 4);
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch
new file mode 100644
index 0000000000..d12ab9b4e1
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch
@@ -0,0 +1,47 @@
+From 526d0eef0d850c8f2fa1bf0aef15a836797f1a67 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:27:27 +0300
+Subject: [PATCH 6/7] wavparse: Fix clipping of size to the file size
+
+The size does not include the 8 bytes tag and length, so an additional 8 bytes
+must be removed here. 8 bytes are always available at this point because
+otherwise the parsing of the tag and length right above would've failed.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-260
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/526d0eef0d850c8f2fa1bf0aef15a836797f1a67]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 8a04805ed4..998cbb276d 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -1337,10 +1337,11 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+     }
+ 
+     /* Clip to upstream size if known */
+-    if (upstream_size > 0 && size + wav->offset > upstream_size) {
++    if (upstream_size > 0 && size + 8 + wav->offset > upstream_size) {
+       GST_WARNING_OBJECT (wav, "Clipping chunk size to file size");
+       g_assert (upstream_size >= wav->offset);
+-      size = upstream_size - wav->offset;
++      g_assert (upstream_size - wav->offset >= 8);
++      size = upstream_size - wav->offset - 8;
+     }
+ 
+     /* wav is a st00pid format, we don't know for sure where data starts.
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch
new file mode 100644
index 0000000000..b27132b16d
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch
@@ -0,0 +1,41 @@
+From 4f381d15014471b026020d0990a5f5a9f420a22b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:51:00 +0300
+Subject: [PATCH 7/7] wavparse: Check size before reading ds64 chunk
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-261
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3889
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4f381d15014471b026020d0990a5f5a9f420a22b]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 998cbb276d..958868de6d 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -1087,6 +1087,11 @@ parse_ds64 (GstWavParse * wav, GstBuffer * buf)
+   guint32 sampleCountLow, sampleCountHigh;
+ 
+   gst_buffer_map (buf, &map, GST_MAP_READ);
++  if (map.size < 6 * 4) {
++    GST_WARNING_OBJECT (wav, "Too small ds64 chunk (%" G_GSIZE_FORMAT ")",
++        map.size);
++    return FALSE;
++  }
+   dataSizeLow = GST_READ_UINT32_LE (map.data + 2 * 4);
+   dataSizeHigh = GST_READ_UINT32_LE (map.data + 3 * 4);
+   sampleCountLow = GST_READ_UINT32_LE (map.data + 4 * 4);
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
index 8099d70791..608c3030ba 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
@@ -6,7 +6,39 @@ BUGTRACKER = "https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-${PV}.tar.xz \
            file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
-           file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch"
+           file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch \
+           file://0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch \
+           file://0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch \
+           file://0003-qtdemux-Fix-debug-output-during-trun-parsing.patch \
+           file://0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch \
+           file://0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch \
+           file://0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch \
+           file://0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch \
+           file://0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch \
+           file://0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch \
+           file://0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch \
+           file://0011-qtdemux-Actually-handle-errors-returns-from-various-.patch \
+           file://0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch \
+           file://0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch \
+           file://0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch \
+           file://0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch \
+           file://0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch \
+           file://0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch \
+           file://0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch \
+           file://0019-matroskademux-Skip-over-laces-directly-when-postproc.patch \
+           file://0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch \
+           file://0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch \
+           file://0022-jpegdec-Directly-error-out-on-negotiation-failures.patch \
+           file://0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch \
+           file://0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch \
+           file://0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch \
+           file://0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch \
+           file://0027-wavparse-Fix-parsing-of-acid-chunk.patch \
+           file://0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch \
+           file://0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch \
+           file://0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch \
+           file://0031-wavparse-Check-size-before-reading-ds64-chunk.patch \
+          "
 
 SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"
 
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch
new file mode 100644
index 0000000000..eea58d3538
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch
@@ -0,0 +1,44 @@
+From aa3e97d67c05d4648ea58c7ff7675e24a81ca72b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 24 Oct 2024 20:12:55 +0300
+Subject: [PATCH] rtsp-server: Remove pointless assertions that can happen if
+ client provides invalid rates
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3731
+Fixes CVE-2024-44331
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7739>
+
+CVE: CVE-2024-44331
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa3e97d67c05d4648ea58c7ff7675e24a81ca72b]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ gst/rtsp-server/rtsp-media.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/gst/rtsp-server/rtsp-media.c b/gst/rtsp-server/rtsp-media.c
+index 8c62b0d..cbdc9f9 100644
+--- a/gst/rtsp-server/rtsp-media.c
++++ b/gst/rtsp-server/rtsp-media.c
+@@ -2755,15 +2755,13 @@ gst_rtsp_media_get_rates (GstRTSPMedia * media, gdouble * rate,
+           first_stream = FALSE;
+         } else {
+           if (save_rate != *rate || save_applied_rate != *applied_rate) {
+-            /* diffrent rate or applied_rate, weird */
+-            g_assert (FALSE);
++            /* different rate or applied_rate, weird */
+             result = FALSE;
+             break;
+           }
+         }
+       } else {
+-        /* complete stream withot rate and applied_rate, weird */
+-        g_assert (FALSE);
++        /* complete stream without rate and applied_rate, weird */
+         result = FALSE;
+         break;
+       }
+--
+2.40.0
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
index c89c22f334..3cd21e7181 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
@@ -8,7 +8,9 @@ DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base"
 
 PNREAL = "gst-rtsp-server"
 
-SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
+SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz \
+           file://CVE-2024-44331.patch \
+          "
 
 SRC_URI[sha256sum] = "bf6c7871e7cf3528e4ec87ddc2f2949691cd269f98e536482ae744c1405cf451"
 
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch
new file mode 100644
index 0000000000..5d8575711a
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch
@@ -0,0 +1,56 @@
+From f1cdc6f24340f6cce4cc7020628002f5c70dd6c7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 22:07:22 +0300
+Subject: [PATCH] allocator: Avoid integer overflow when allocating sysmem
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-166
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032>
+
+CVE: CVE-2024-47606
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f1cdc6f24340f6cce4cc7020628002f5c70dd6c7]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/gstallocator.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/gst/gstallocator.c b/gst/gstallocator.c
+index 996f5dc946..198cfe9523 100644
+--- a/gst/gstallocator.c
++++ b/gst/gstallocator.c
+@@ -430,8 +430,20 @@ _sysmem_new_block (GstMemoryFlags flags,
+   /* ensure configured alignment */
+   align |= gst_memory_alignment;
+   /* allocate more to compensate for alignment */
++  if (align > G_MAXSIZE || maxsize > G_MAXSIZE - align) {
++    GST_CAT_WARNING (GST_CAT_MEMORY,
++        "Allocating %" G_GSIZE_FORMAT " bytes with alignment %" G_GSIZE_FORMAT
++        "x overflows", maxsize, align);
++    return NULL;
++  }
+   maxsize += align;
+   /* alloc header and data in one block */
++  if (maxsize > G_MAXSIZE - sizeof (GstMemorySystem)) {
++    GST_CAT_WARNING (GST_CAT_MEMORY,
++        "Allocating %" G_GSIZE_FORMAT " bytes with alignment %" G_GSIZE_FORMAT
++        "x overflows", maxsize, align);
++    return NULL;
++  }
+   slice_size = sizeof (GstMemorySystem) + maxsize;
+ 
+   mem = g_slice_alloc (slice_size);
+@@ -481,6 +493,8 @@ _sysmem_copy (GstMemorySystem * mem, gssize offset, gsize size)
+     size = mem->mem.size > offset ? mem->mem.size - offset : 0;
+ 
+   copy = _sysmem_new_block (0, size, mem->mem.align, 0, size);
++  if (!copy)
++    return NULL;
+   GST_CAT_DEBUG (GST_CAT_PERFORMANCE,
+       "memcpy %" G_GSIZE_FORMAT " memory %p -> %p", size, mem, copy);
+   memcpy (copy->data, mem->data + mem->mem.offset + offset, size);
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
index f4acb0977b..3f28459e2d 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
@@ -21,6 +21,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x
            file://0002-tests-add-support-for-install-the-tests.patch \
            file://0003-tests-use-a-dictionaries-for-environment.patch \
            file://0004-tests-add-helper-script-to-run-the-installed_tests.patch \
+           file://0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch \
            "
 SRC_URI[sha256sum] = "ac352f3d02caa67f3b169daa9aa78b04dea0fc08a727de73cb28d89bd54c6f61"
 
@@ -71,4 +72,19 @@ RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-iso8859-5"
 
 CVE_PRODUCT = "gstreamer"
 
+CVE_STATUS[CVE-2024-0444] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-bad in 1.22 branch since 1.22.9"
+
+CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_BASE"
+CVE_STATUS_PLUGINS_BASE = "CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835"
+CVE_STATUS_PLUGINS_BASE[status] = "cpe-incorrect: this is patched ic gstreamer1.0-plugins-base"
+
+CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_GOOD"
+CVE_STATUS_PLUGINS_GOOD = " \
+    CVE-2024-47537 CVE-2024-47539 CVE-2024-47540 CVE-2024-47543 CVE-2024-47544 CVE-2024-47545 \
+    CVE-2024-47546 CVE-2024-47596 CVE-2024-47597 CVE-2024-47598 CVE-2024-47599 CVE-2024-47601 \
+    CVE-2024-47602 CVE-2024-47603 CVE-2024-47613 CVE-2024-47774 CVE-2024-47775 CVE-2024-47776 \
+    CVE-2024-47777 CVE-2024-47778 CVE-2024-47834 \
+"
+CVE_STATUS_PLUGINS_GOOD[status] = "cpe-incorrect: this is patched ic gstreamer1.0-plugins-good"
+
 PTEST_BUILD_HOST_FILES = ""
diff --git a/meta/recipes-multimedia/liba52/liba52_0.7.4.bb b/meta/recipes-multimedia/liba52/liba52_0.7.4.bb
index 7a3b4a43c8..0aee0f022f 100644
--- a/meta/recipes-multimedia/liba52/liba52_0.7.4.bb
+++ b/meta/recipes-multimedia/liba52/liba52_0.7.4.bb
@@ -10,7 +10,7 @@ SECTION = "libs"
 
 inherit autotools
 
-SRC_URI = "http://liba52.sourceforge.net/files/a52dec-${PV}.tar.gz \
+SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/a52dec-${PV}.tar.gz \
            file://buildcleanup.patch"
 
 SRC_URI[md5sum] = "caa9f5bc44232dc8aeea773fea56be80"
diff --git a/meta/recipes-multimedia/libpng/files/run-ptest b/meta/recipes-multimedia/libpng/files/run-ptest
new file mode 100644
index 0000000000..85051a59f5
--- /dev/null
+++ b/meta/recipes-multimedia/libpng/files/run-ptest
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -eux
+
+cd src
+
+make check-TESTS
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.42.bb b/meta/recipes-multimedia/libpng/libpng_1.6.42.bb
index 673133bb4a..4c21e8d597 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.42.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.42.bb
@@ -10,7 +10,10 @@ DEPENDS = "zlib"
 
 LIBV = "16"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz \
+           file://run-ptest \
+"
+
 SRC_URI[sha256sum] = "c919dbc11f4c03b05aba3f8884d8eb7adfe3572ad228af972bb60057bdb48450"
 
 MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/"
@@ -19,7 +22,7 @@ UPSTREAM_CHECK_URI = "http://libpng.org/pub/png/libpng.html"
 
 BINCONFIG = "${bindir}/libpng-config ${bindir}/libpng16-config"
 
-inherit autotools binconfig-disabled pkgconfig
+inherit autotools binconfig-disabled pkgconfig ptest
 
 # Work around missing symbols
 ARMNEON = "${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}"
@@ -30,4 +33,39 @@ PACKAGES =+ "${PN}-tools"
 
 FILES:${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp"
 
+RDEPENDS:${PN}-ptest += "make bash gawk"
+
+do_install_ptest() {
+    # Install test scripts to ptest path
+    install -d ${D}${PTEST_PATH}/src/tests
+    install -m 755 ${S}/tests/* ${D}${PTEST_PATH}/src/tests
+    install -m 755 ${S}/test-driver ${D}${PTEST_PATH}/src
+    install -d ${D}${PTEST_PATH}/src/tests/scripts
+    install -m 755 ${S}/scripts/*.awk ${D}${PTEST_PATH}/src/tests/scripts
+    install -m 644 ${S}/scripts/pnglib* ${S}/scripts/*.c ${S}/scripts/*.def ${S}/scripts/macro.lst ${D}${PTEST_PATH}/src/tests/scripts
+    install -m 644 ${S}/scripts/pnglibconf.h.prebuilt ${D}${PTEST_PATH}/src/tests/scripts/pnglibconf.h
+    install -d ${D}${PTEST_PATH}/src/contrib/tools
+    install -m 755 ${S}/contrib/tools/*.sh ${D}${PTEST_PATH}/src/contrib/tools
+    install -m 644 ${S}/contrib/tools/*.c ${S}/contrib/tools/*.h ${D}${PTEST_PATH}/src/contrib/tools
+
+    # Install .libs directory binaries to ptest path
+    install -m 755 ${B}/.libs/pngtest ${B}/.libs/pngstest ${B}/.libs/pngimage ${B}/.libs/pngunknown ${B}/.libs/pngvalid ${D}${PTEST_PATH}/src
+
+    # Copy png files to ptest path
+    cd ${S} && find contrib -name '*.png' | cpio -pd ${D}${PTEST_PATH}/src
+
+    # Install Makefile and png files
+    install -m 644 ${S}/pngtest.png ${D}${PTEST_PATH}/src
+    install -m 644 ${S}/*.png ${S}/*.h ${S}/*.c ${S}/*.dfa ${B}/pnglibconf.out ${S}/Makefile.am ${S}/Makefile.in ${D}${PTEST_PATH}/src/tests
+
+    sed -e 's/^abs_srcdir = ..*/abs_srcdir = \.\./'          \
+        -e 's/^top_srcdir = ..*/top_srcdir = \.\./'          \
+        -e 's/^srcdir = ..*/srcdir = \./'                    \
+        -e 's/^Makefile: ..*/Makefile: /'                    \
+        -e 's/check-TESTS: $(check_PROGRAMS)/check-TESTS:/g' \
+        ${B}/Makefile > ${D}${PTEST_PATH}/src/Makefile
+
+    sed -e 's|#!/bin/awk|#!/usr/bin/awk|g' -i ${D}${PTEST_PATH}/src/tests/scripts/*.awk
+}
+
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
new file mode 100644
index 0000000000..d96f2915c4
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
@@ -0,0 +1,412 @@
+From 4755f5bd7854611d92ad0f1295587b439f9950ba Mon Sep 17 00:00:00 2001
+From: Arthur Taylor <art@ified.ca>
+Date: Fri, 15 Nov 2024 19:46:53 -0800
+Subject: [PATCH] src/ogg: better error checking for vorbis. Fixes #1035
+
+Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba]
+CVE: CVE-2024-50612
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/ogg.c        |  12 ++--
+ src/ogg_opus.c   |  17 +++--
+ src/ogg_vorbis.c | 170 ++++++++++++++++++++++++++---------------------
+ 3 files changed, 114 insertions(+), 85 deletions(-)
+
+diff --git a/src/ogg.c b/src/ogg.c
+index 8cd4379..534c8f7 100644
+--- a/src/ogg.c
++++ b/src/ogg.c
+@@ -211,12 +211,16 @@ ogg_read_first_page (SF_PRIVATE *psf, OGG_PRIVATE *odata)
+ 
+ int
+ ogg_write_page (SF_PRIVATE *psf, ogg_page *page)
+-{      int bytes ;
++{      int n ;
+ 
+-       bytes = psf_fwrite (page->header, 1, page->header_len, psf) ;
+-       bytes += psf_fwrite (page->body, 1, page->body_len, psf) ;
++       n = psf_fwrite (page->header, 1, page->header_len, psf) ;
++       if (n == page->header_len)
++               n += psf_fwrite (page->body, 1, page->body_len, psf) ;
+ 
+-       return bytes == page->header_len + page->body_len ;
++       if (n != page->body_len + page->header_len)
++               return -1 ;
++
++       return n ;
+ } /* ogg_write_page */
+ 
+ sf_count_t
+diff --git a/src/ogg_opus.c b/src/ogg_opus.c
+index 596bb69..8e3800a 100644
+--- a/src/ogg_opus.c
++++ b/src/ogg_opus.c
+@@ -827,15 +827,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ 
+        /* The first page MUST only contain the header, so flush it out now */
+        ogg_stream_packetin (&odata->ostream, &op) ;
+-       for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
+-       {       if (! (nn = ogg_write_page (psf, &odata->opage)))
++       while (ogg_stream_flush (&odata->ostream, &odata->opage))
++       {       nn = ogg_write_page (psf, &odata->opage) ;
++               if (nn < 0)
+                {       psf_log_printf (psf, "Opus : Failed to write header!\n") ;
+                        if (psf->error)
+                                return psf->error ;
+                        return SFE_INTERNAL ;
+                        } ;
+                psf->dataoffset += nn ;
+-               }
++               } ;
+ 
+        /*
+        ** Metadata Tags (manditory)
+@@ -850,15 +851,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+        vorbiscomment_write_tags (psf, &op, &opustags_ident, opus_get_version_string (), - (OGG_OPUS_COMMENT_PAD)) ;
+        op.packetno = 2 ;
+        ogg_stream_packetin (&odata->ostream, &op) ;
+-       for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
+-       {       if (! (nn = ogg_write_page (psf, &odata->opage)))
++       while (ogg_stream_flush (&odata->ostream, &odata->opage))
++       {       nn = ogg_write_page (psf, &odata->opage) ;
++               if (nn < 0)
+                {       psf_log_printf (psf, "Opus : Failed to write comments!\n") ;
+                        if (psf->error)
+                                return psf->error ;
+                        return SFE_INTERNAL ;
+                        } ;
+                psf->dataoffset += nn ;
+-               }
++               } ;
+ 
+        return 0 ;
+ } /* ogg_opus_write_header */
+@@ -1132,7 +1134,8 @@ ogg_opus_write_out (SF_PRIVATE *psf, OGG_PRIVATE *odata, OPUS_PRIVATE *oopus)
+                if (nbytes > 0)
+                {       oopus->u.encode.last_segments -= ogg_page_segments (&odata->opage) ;
+                        oopus->pg_pos = oopus->pkt_pos ;
+-                       ogg_write_page (psf, &odata->opage) ;
++                       if (ogg_write_page (psf, &odata->opage) < 0)
++                               return -1 ;
+                        }
+                else
+                        break ;
+diff --git a/src/ogg_vorbis.c b/src/ogg_vorbis.c
+index f9428ed..2cdbed3 100644
+--- a/src/ogg_vorbis.c
++++ b/src/ogg_vorbis.c
+@@ -82,28 +82,6 @@
+ /* How many seconds in the future to not bother bisection searching for. */
+ #define VORBIS_SEEK_THRESHOLD 2
+ 
+-typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
+-
+-static int     vorbis_read_header (SF_PRIVATE *psf) ;
+-static int     vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
+-static int     vorbis_close (SF_PRIVATE *psf) ;
+-static int     vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
+-static int     vorbis_byterate (SF_PRIVATE *psf) ;
+-static int     vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ;
+-static int     vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ;
+-static int     vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ;
+-static sf_count_t      vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
+-static sf_count_t      vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
+-static sf_count_t      vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
+-static sf_count_t      vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
+-static sf_count_t      vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
+-static sf_count_t      vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
+-static sf_count_t      vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
+-static sf_count_t      vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
+-static sf_count_t      vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
+-static sf_count_t      vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
+-static int     vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
+-
+ typedef struct
+ {      int id ;
+        const char *name ;
+@@ -145,6 +123,45 @@ typedef struct
+        sf_count_t last_page ;
+ } VORBIS_PRIVATE ;
+ 
++typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
++
++static int     vorbis_read_header (SF_PRIVATE *psf) ;
++static int     vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
++static int     vorbis_close (SF_PRIVATE *psf) ;
++static int     vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
++static int     vorbis_byterate (SF_PRIVATE *psf) ;
++static int     vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ;
++static int     vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ;
++static int     vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ;
++static sf_count_t      vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
++static sf_count_t      vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
++static sf_count_t      vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
++static sf_count_t      vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
++static sf_count_t      vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
++static sf_count_t      vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
++static sf_count_t      vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
++static sf_count_t      vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
++static sf_count_t      vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
++static sf_count_t      vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
++static int     vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) ;
++static int     vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
++static void    vorbis_log_error (SF_PRIVATE *psf, int error) ;
++
++
++static void
++vorbis_log_error(SF_PRIVATE *psf, int error) {
++       switch (error)
++       {       case 0: return;
++               case OV_EIMPL:          psf->error = SFE_UNIMPLEMENTED ; break ;
++               case OV_ENOTVORBIS:     psf->error = SFE_MALFORMED_FILE ; break ;
++               case OV_EBADHEADER:     psf->error = SFE_MALFORMED_FILE ; break ;
++               case OV_EVERSION:       psf->error = SFE_UNSUPPORTED_ENCODING ; break ;
++               case OV_EFAULT:
++               case OV_EINVAL:
++               default: psf->error = SFE_INTERNAL ;
++               } ;
++} ;
++
+ static int
+ vorbis_read_header (SF_PRIVATE *psf)
+ {      OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+@@ -380,7 +397,6 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+        {       ogg_packet header ;
+                ogg_packet header_comm ;
+                ogg_packet header_code ;
+-               int result ;
+ 
+                vorbis_analysis_headerout (&vdata->vdsp, &vdata->vcomment, &header, &header_comm, &header_code) ;
+                ogg_stream_packetin (&odata->ostream, &header) ; /* automatically placed in its own page */
+@@ -390,9 +406,9 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+                /* This ensures the actual
+                 * audio data will start on a new page, as per spec
+                 */
+-               while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0)
+-               {       ogg_write_page (psf, &odata->opage) ;
+-                       } ;
++               while (ogg_stream_flush (&odata->ostream, &odata->opage))
++                       if (ogg_write_page (psf, &odata->opage) < 0)
++                               return -1 ;
+        }
+ 
+        return 0 ;
+@@ -402,6 +418,7 @@ static int
+ vorbis_close (SF_PRIVATE *psf)
+ {      OGG_PRIVATE* odata = psf->container_data ;
+        VORBIS_PRIVATE *vdata = psf->codec_data ;
++       int ret = 0 ;
+ 
+        if (odata == NULL || vdata == NULL)
+                return 0 ;
+@@ -412,34 +429,14 @@ vorbis_close (SF_PRIVATE *psf)
+        if (psf->file.mode == SFM_WRITE)
+        {
+                if (psf->write_current <= 0)
+-                       vorbis_write_header (psf, 0) ;
+-
+-               vorbis_analysis_wrote (&vdata->vdsp, 0) ;
+-               while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
+-               {
++                       ret = vorbis_write_header (psf, 0) ;
+ 
+-               /* analysis, assume we want to use bitrate management */
+-                       vorbis_analysis (&vdata->vblock, NULL) ;
+-                       vorbis_bitrate_addblock (&vdata->vblock) ;
+-
+-                       while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
+-                       {       /* weld the packet into the bitstream */
+-                               ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
+-
+-                               /* write out pages (if any) */
+-                               while (!odata->eos)
+-                               {       int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
+-                                       if (result == 0) break ;
+-                                       ogg_write_page (psf, &odata->opage) ;
+-
+-               /* this could be set above, but for illustrative purposes, I do
+-                  it here (to show that vorbis does know where the stream ends) */
+-
+-                                       if (ogg_page_eos (&odata->opage)) odata->eos = 1 ;
+-                               }
+-                       }
+-               }
+-       }
++               if (ret == 0)
++               {       /* A write of zero samples tells Vorbis the stream is done and to
++                          flush. */
++                       ret = vorbis_write_samples (psf, odata, vdata, 0) ;
++                       } ;
++               } ;
+ 
+        /* ogg_page and ogg_packet structs always point to storage in
+           libvorbis.  They are never freed or manipulated directly */
+@@ -449,7 +446,7 @@ vorbis_close (SF_PRIVATE *psf)
+        vorbis_comment_clear (&vdata->vcomment) ;
+        vorbis_info_clear (&vdata->vinfo) ;
+ 
+-       return 0 ;
++       return ret ;
+ } /* vorbis_close */
+ 
+ int
+@@ -688,33 +685,40 @@ vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t lens)
+ /*==============================================================================
+ */
+ 
+-static void
++static int
+ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames)
+-{
+-       vorbis_analysis_wrote (&vdata->vdsp, in_frames) ;
++{      int ret ;
++
++       if ((ret = vorbis_analysis_wrote (&vdata->vdsp, in_frames)) != 0)
++               return ret ;
+ 
+        /*
+        **      Vorbis does some data preanalysis, then divvies up blocks for
+        **      more involved (potentially parallel) processing. Get a single
+        **      block for encoding now.
+        */
+-       while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
++       while ((ret = vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock)) == 1)
+        {
+                /* analysis, assume we want to use bitrate management */
+-               vorbis_analysis (&vdata->vblock, NULL) ;
+-               vorbis_bitrate_addblock (&vdata->vblock) ;
++               if ((ret = vorbis_analysis (&vdata->vblock, NULL)) != 0)
++                       return ret ;
++               if ((ret = vorbis_bitrate_addblock (&vdata->vblock)) != 0)
++                       return ret ;
+ 
+-               while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
++               while ((ret = vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) == 1)
+                {
+                        /* weld the packet into the bitstream */
+-                       ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
++                       if ((ret = ogg_stream_packetin (&odata->ostream, &odata->opacket)) != 0)
++                               return ret ;
+ 
+                        /* write out pages (if any) */
+                        while (!odata->eos)
+-                       {       int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
+-                               if (result == 0)
++                       {       ret = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
++                               if (ret == 0)
+                                        break ;
+-                               ogg_write_page (psf, &odata->opage) ;
++
++                               if (ogg_write_page (psf, &odata->opage) < 0)
++                                       return -1 ;
+ 
+                                /*      This could be set above, but for illustrative purposes, I do
+                                **      it here (to show that vorbis does know where the stream ends) */
+@@ -722,16 +726,22 @@ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata
+                                        odata->eos = 1 ;
+                                } ;
+                        } ;
++               if (ret != 0)
++                       return ret ;
+                } ;
++       if (ret != 0)
++               return ret ;
+ 
+        vdata->gp += in_frames ;
++
++       return 0 ;
+ } /* vorbis_write_data */
+ 
+ 
+ static sf_count_t
+ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
+ {
+-       int i, m, j = 0 ;
++       int i, m, j = 0, ret ;
+        OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+        VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+        int in_frames = lens / psf->sf.channels ;
+@@ -740,14 +750,17 @@ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
+                for (m = 0 ; m < psf->sf.channels ; m++)
+                        buffer [m][i] = (float) (ptr [j++]) / 32767.0f ;
+ 
+-       vorbis_write_samples (psf, odata, vdata, in_frames) ;
++       if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
++       {       vorbis_log_error (psf, ret) ;
++               return 0 ;
++               } ;
+ 
+        return lens ;
+ } /* vorbis_write_s */
+ 
+ static sf_count_t
+ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
+-{      int i, m, j = 0 ;
++{      int i, m, j = 0, ret ;
+        OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+        VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+        int in_frames = lens / psf->sf.channels ;
+@@ -756,14 +769,17 @@ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
+                for (m = 0 ; m < psf->sf.channels ; m++)
+                        buffer [m][i] = (float) (ptr [j++]) / 2147483647.0f ;
+ 
+-       vorbis_write_samples (psf, odata, vdata, in_frames) ;
++       if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
++       {       vorbis_log_error (psf, ret) ;
++               return 0 ;
++               } ;
+ 
+        return lens ;
+ } /* vorbis_write_i */
+ 
+ static sf_count_t
+ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
+-{      int i, m, j = 0 ;
++{      int i, m, j = 0, ret ;
+        OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+        VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+        int in_frames = lens / psf->sf.channels ;
+@@ -772,14 +788,17 @@ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
+                for (m = 0 ; m < psf->sf.channels ; m++)
+                        buffer [m][i] = ptr [j++] ;
+ 
+-       vorbis_write_samples (psf, odata, vdata, in_frames) ;
++       if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
++       {       vorbis_log_error (psf, ret) ;
++               return 0 ;
++               } ;
+ 
+        return lens ;
+ } /* vorbis_write_f */
+ 
+ static sf_count_t
+ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
+-{      int i, m, j = 0 ;
++{      int i, m, j = 0, ret ;
+        OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+        VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+        int in_frames = lens / psf->sf.channels ;
+@@ -788,7 +807,10 @@ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
+                for (m = 0 ; m < psf->sf.channels ; m++)
+                        buffer [m][i] = (float) ptr [j++] ;
+ 
+-       vorbis_write_samples (psf, odata, vdata, in_frames) ;
++       if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
++       {       vorbis_log_error (psf, ret) ;
++               return 0 ;
++               } ;
+ 
+        return lens ;
+ } /* vorbis_write_d */
+@@ -884,7 +906,7 @@ vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp)
+                return 0 ;
+ 
+        /*      Search for a position a half large-block before our target. As Vorbis is
+-       **      lapped, every sample position come from two blocks, the "left" half of
++       **      lapped, every sample position comes from two blocks, the "left" half of
+        **      one block and the "right" half of the previous block.  The granule
+        **      position of an Ogg page of a Vorbis stream is the sample offset of the
+        **      last finished sample in the stream that can be decoded from a page.  A
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
index a9ee7c3575..2a1b96d5e7 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
@@ -10,6 +10,7 @@ LICENSE = "LGPL-2.1-only"
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/libsndfile-${PV}.tar.xz \
            file://noopus.patch \
            file://cve-2022-33065.patch \
+           file://CVE-2024-50612.patch \
           "
 GITHUB_BASE_URI = "https://github.com/libsndfile/libsndfile/releases/"
 
diff --git a/meta/recipes-multimedia/mpg123/mpg123_1.32.6.bb b/meta/recipes-multimedia/mpg123/mpg123_1.32.10.bb
index f7786e8588..82f7b7d332 100644
--- a/meta/recipes-multimedia/mpg123/mpg123_1.32.6.bb
+++ b/meta/recipes-multimedia/mpg123/mpg123_1.32.10.bb
@@ -10,7 +10,7 @@ LICENSE = "LGPL-2.1-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=e7b9c15fcfb986abb4cc5e8400a24169"
 
 SRC_URI = "https://www.mpg123.de/download/${BP}.tar.bz2"
-SRC_URI[sha256sum] = "ccdd1d0abc31d73d8b435fc658c79049d0a905b30669b6a42a03ad169dc609e6"
+SRC_URI[sha256sum] = "87b2c17fe0c979d3ef38eeceff6362b35b28ac8589fbf1854b5be75c9ab6557c"
 
 UPSTREAM_CHECK_REGEX = "mpg123-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-multimedia/pulseaudio/pulseaudio.inc b/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
index ae16056d24..1ab3831519 100644
--- a/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
+++ b/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
@@ -121,7 +121,7 @@ PACKAGECONFIG[jack] = "-Djack=enabled,-Djack=disabled,jack"
 # able to use pulseaudio autospawn for root as well.
 PACKAGECONFIG[autospawn-for-root] = ",,,"
 PACKAGECONFIG[lirc] = "-Dlirc=enabled,-Dlirc=disabled,lirc"
-PACKAGECONFIG[webrtc] = "-Dwebrtc-aec=enabled,-Dwebrtc-aec=disabled,webrtc-audio-processing"
+PACKAGECONFIG[webrtc] = "-Dwebrtc-aec=enabled,-Dwebrtc-aec=disabled,webrtc-audio-processing-1"
 PACKAGECONFIG[ipv6] = "-Dipv6=true,-Dipv6=false,"
 PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,"
 
diff --git a/meta/recipes-sato/puzzles/puzzles_git.bb b/meta/recipes-sato/puzzles/puzzles_git.bb
index e9403ee130..48886b3039 100644
--- a/meta/recipes-sato/puzzles/puzzles_git.bb
+++ b/meta/recipes-sato/puzzles/puzzles_git.bb
@@ -47,3 +47,6 @@ STOP
     done
 }
 
+CVE_STATUS[CVE-2024-13769] = "cpe-incorrect: issue in ThemeREX's Wordpress theme Puzzles"
+CVE_STATUS[CVE-2024-13770] = "cpe-incorrect: issue in ThemeREX's Wordpress theme Puzzles"
+CVE_STATUS[CVE-2025-0837] = "cpe-incorrect: issue in ThemeREX's Wordpress theme Puzzles"
diff --git a/meta/recipes-sato/rxvt-unicode/rxvt-unicode.inc b/meta/recipes-sato/rxvt-unicode/rxvt-unicode.inc
index 016614b19c..aa6d908538 100644
--- a/meta/recipes-sato/rxvt-unicode/rxvt-unicode.inc
+++ b/meta/recipes-sato/rxvt-unicode/rxvt-unicode.inc
@@ -28,7 +28,8 @@ EXTRA_OECONF = "--enable-xim \
                 --with-codesets=eu --enable-pointer-blank \
                 --enable-text-blink --enable-rxvt-scroll \
                 --enable-combining --disable-perl \
-                --with-x=${STAGING_DIR_HOST}${prefix}"
+                --with-x=${STAGING_DIR_HOST}${prefix} \
+                ac_cv_path_TIC=:"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[startup] = "--enable-startup-notification,--disable-startup-notification,startup-notification,"
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch b/meta/recipes-sato/webkit/webkitgtk/0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch
index a819e22127..a19008a41f 100644
--- a/meta/recipes-sato/webkit/webkitgtk/0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch
@@ -1,4 +1,4 @@
-From 575b848a3b3c14280679db80d0d518922c83d62a Mon Sep 17 00:00:00 2001
+From 99a21305ae683a216e9299e5dbdd763190a8cfe3 Mon Sep 17 00:00:00 2001
 From: Kai Kang <kai.kang@windriver.com>
 Date: Fri, 11 Aug 2023 14:20:48 +0800
 Subject: [PATCH] Add a variable to control macro
@@ -57,10 +57,10 @@ index 5d5fb38c..a554f700 100644
  #else
  #define __PAS_ALWAYS_INLINE_BUT_NOT_INLINE
 diff --git a/Source/cmake/WebKitCompilerFlags.cmake b/Source/cmake/WebKitCompilerFlags.cmake
-index 9b2fecf9..7cdc2b6a 100644
+index 0732785e..4879ec40 100644
 --- a/Source/cmake/WebKitCompilerFlags.cmake
 +++ b/Source/cmake/WebKitCompilerFlags.cmake
-@@ -453,3 +453,10 @@ endif ()
+@@ -452,3 +452,10 @@ endif ()
  
  # FIXME: Enable pre-compiled headers for all ports <https://webkit.org/b/139438>
  set(CMAKE_DISABLE_PRECOMPILE_HEADERS ON)
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch b/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
index 8e29ce17ed..dda20a7b25 100644
--- a/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
@@ -1,4 +1,4 @@
-From 6348f91c29e2350ad3fec5264aa57dd4994d4583 Mon Sep 17 00:00:00 2001
+From d1f6a1b6a1298f6ef2f1677e9996aa60a002134a Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Tue, 27 Oct 2015 16:02:19 +0200
 Subject: [PATCH] FindGObjectIntrospection.cmake: prefix variables obtained
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch
deleted file mode 100644
index 6ffe0a9454..0000000000
--- a/meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From dbd1a59b239b3902e717fdeb063883dbb0b06ee9 Mon Sep 17 00:00:00 2001
-From: Adrian Perez de Castro <aperez@igalia.com>
-Date: Sun, 26 May 2024 14:24:35 -0700
-Subject: [PATCH 1/2] Remove ARM-specific declarations in FELighting.h unneeded
- after 272873@main
-
-Unreviewed build fix.
-
-* Source/WebCore/platform/graphics/filters/FELighting.h: Remove unneeded
-  declarations for the getPowerCoefficients() and platformApplyNeon()
-  functions, which are now defined elsewhere; and were causing a build
-  failure due to usage of the protected LightingData type.
-
-Canonical link: https://commits.webkit.org/279334@main
-
-Backport this patch for fixing following compile error:
-webkitgtk-2.44.1/Source/WebCore/platform/graphics/filters/FELighting.h:73:41: error: 'LightingData' does not name a type 
-   73 |     inline void platformApplyNeon(const LightingData&, const LightSource::PaintingData&);
-
-Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/36d1b5d7c0ef9a733ee8055b1f35b1d24435d538]
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- Source/WebCore/platform/graphics/filters/FELighting.h | 5 -----
- 1 file changed, 5 deletions(-)
-
-diff --git a/Source/WebCore/platform/graphics/filters/FELighting.h b/Source/WebCore/platform/graphics/filters/FELighting.h
-index 4efab920..dcd80b6f 100644
---- a/Source/WebCore/platform/graphics/filters/FELighting.h
-+++ b/Source/WebCore/platform/graphics/filters/FELighting.h
-@@ -68,11 +68,6 @@ protected:
- 
-     std::unique_ptr<FilterEffectApplier> createSoftwareApplier() const override;
- 
--#if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE)
--    static int getPowerCoefficients(float exponent);
--    inline void platformApplyNeon(const LightingData&, const LightSource::PaintingData&);
--#endif
--
-     Color m_lightingColor;
-     float m_surfaceScale;
-     float m_diffuseConstant;
--- 
-2.25.1
-
diff --git a/meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch b/meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch
deleted file mode 100644
index a0c7b6bd57..0000000000
--- a/meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 88fa4b49a10ecfb74c36c678c1e2b76136357153 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Fri, 12 Jul 2024 10:16:05 +0800
-Subject: [PATCH 2/2] More dynamicDowncast<> adoption in platform code
-
-Backport part of commit [90d13e7 More dynamicDowncast<> adoption in
-platform code] to fix following compile error for ARM_NEON:
-webkitgtk-2.44.1/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp:545:37: error: 'LS_POINT' was not declared in this scope; did you mean 'WebCore::LightType::LS_POINT'?
-  545 |     if (data.lightSource->type() == LS_POINT) {
-      |                                     ^~~~~~~~
-      |                                     WebCore::LightType::LS_POINT
-
-Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/90d13e77ab2192b7efa8e763eeb8b08dbbb6d5c3]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- .../filters/FELightingNeonParallelApplier.cpp | 22 +++++++++----------
- 1 file changed, 10 insertions(+), 12 deletions(-)
-
-diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp
-index 04d855fa..dccc003d 100644
---- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp
-+++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp
-@@ -542,19 +542,17 @@ void FELightingNeonParallelApplier::applyPlatformParallel(const LightingData& da
-     floatArguments.colorBlue = color.blue;
-     floatArguments.padding4 = 0;
- 
--    if (data.lightSource->type() == LS_POINT) {
-+    if (auto* pointLightSource = dynamicDowncast<PointLightSource>(*data.lightSource)) {
-         neonData.flags |= FLAG_POINT_LIGHT;
--        auto& pointLightSource = downcast<PointLightSource>(*data.lightSource);
--        floatArguments.lightX = pointLightSource.position().x();
--        floatArguments.lightY = pointLightSource.position().y();
--        floatArguments.lightZ = pointLightSource.position().z();
-+        floatArguments.lightX = pointLightSource->position().x();
-+        floatArguments.lightY = pointLightSource->position().y();
-+        floatArguments.lightZ = pointLightSource->position().z();
-         floatArguments.padding2 = 0;
--    } else if (data.lightSource->type() == LS_SPOT) {
-+    } else if (auto* spotLightSource = dynamicDowncast<SpotLightSource>(*data.lightSource)) {
-         neonData.flags |= FLAG_SPOT_LIGHT;
--        auto& spotLightSource = downcast<SpotLightSource>(*data.lightSource);
--        floatArguments.lightX = spotLightSource.position().x();
--        floatArguments.lightY = spotLightSource.position().y();
--        floatArguments.lightZ = spotLightSource.position().z();
-+        floatArguments.lightX = spotLightSource->position().x();
-+        floatArguments.lightY = spotLightSource->position().y();
-+        floatArguments.lightZ = spotLightSource->position().z();
-         floatArguments.padding2 = 0;
- 
-         floatArguments.directionX = paintingData.directionVector.x();
-@@ -565,8 +563,8 @@ void FELightingNeonParallelApplier::applyPlatformParallel(const LightingData& da
-         floatArguments.coneCutOffLimit = paintingData.coneCutOffLimit;
-         floatArguments.coneFullLight = paintingData.coneFullLight;
-         floatArguments.coneCutOffRange = paintingData.coneCutOffLimit - paintingData.coneFullLight;
--        neonData.coneExponent = getPowerCoefficients(spotLightSource.specularExponent());
--        if (spotLightSource.specularExponent() == 1)
-+        neonData.coneExponent = getPowerCoefficients(spotLightSource->specularExponent());
-+        if (spotLightSource->specularExponent() == 1)
-             neonData.flags |= FLAG_CONE_EXPONENT_IS_1;
-     } else {
-         ASSERT(data.lightSource->type() == LS_DISTANT);
--- 
-2.25.1
-
diff --git a/meta/recipes-sato/webkit/webkitgtk/30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch b/meta/recipes-sato/webkit/webkitgtk/30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch
index 76bcb3df99..0d8976c502 100644
--- a/meta/recipes-sato/webkit/webkitgtk/30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch
@@ -1,4 +1,4 @@
-From 1523e00a2a76e285262c8aa3721b5d99f3f2d612 Mon Sep 17 00:00:00 2001
+From 2ee948191de1c561b72ebf462605376cfb3ce7af Mon Sep 17 00:00:00 2001
 From: Thomas Devoogdt <thomas.devoogdt@barco.com>
 Date: Mon, 16 Jan 2023 17:03:30 +0100
 Subject: [PATCH] REGRESSION(257865@main): B3Validate.cpp: fix
diff --git a/meta/recipes-sato/webkit/webkitgtk/no-musttail-arm.patch b/meta/recipes-sato/webkit/webkitgtk/no-musttail-arm.patch
index 8ce37a01cc..793be48df2 100644
--- a/meta/recipes-sato/webkit/webkitgtk/no-musttail-arm.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/no-musttail-arm.patch
@@ -1,4 +1,4 @@
-From a9c874f7418cefbe78f7cd26505ae495cb59bbcf Mon Sep 17 00:00:00 2001
+From 31dca9601888f2a539dfb22693ffd62c22ee8912 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 12 Jan 2024 09:21:39 -0800
 Subject: [PATCH] clang/arm: Do not use MUST_TAIL_CALL
@@ -16,10 +16,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Source/WTF/wtf/Compiler.h b/Source/WTF/wtf/Compiler.h
-index 0ea5cb76..c5480dbc 100644
+index 449ca502..daac29d7 100644
 --- a/Source/WTF/wtf/Compiler.h
 +++ b/Source/WTF/wtf/Compiler.h
-@@ -284,7 +284,7 @@
+@@ -321,7 +321,7 @@
  /* MUST_TAIL_CALL */
  
  #if !defined(MUST_TAIL_CALL) && defined(__cplusplus) && defined(__has_cpp_attribute)
diff --git a/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch b/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
index 93a431a0b1..d614a1ee4f 100644
--- a/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
@@ -1,4 +1,4 @@
-From d096b945113ddecaf33062296e20b6d5a007cab3 Mon Sep 17 00:00:00 2001
+From cb5458b5d15aafa3543a47a33975609026d45d32 Mon Sep 17 00:00:00 2001
 From: Richard Purdie <richard.purdie@linuxfoundation.org>
 Date: Mon, 3 Jan 2022 14:18:34 +0000
 Subject: [PATCH] webkitgtk: Add reproducibility fix
diff --git a/meta/recipes-sato/webkit/webkitgtk/t6-not-declared.patch b/meta/recipes-sato/webkit/webkitgtk/t6-not-declared.patch
index d4720e4f28..064925dace 100644
--- a/meta/recipes-sato/webkit/webkitgtk/t6-not-declared.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/t6-not-declared.patch
@@ -1,10 +1,9 @@
-From 3d5373575695b293b8559155431d0079a6153aff Mon Sep 17 00:00:00 2001
+From 36c092723ec6d4908039341c9d157db8ab1c0a59 Mon Sep 17 00:00:00 2001
 From: Michael Catanzaro <mcatanzaro@redhat.com>
 Date: Mon, 5 Feb 2024 11:00:49 -0600
-Subject: [PATCH] =?UTF-8?q?[GTK]=20[2.42.5]=20LowLevelInterpreter.cpp:339:?=
- =?UTF-8?q?21:=20error:=20=E2=80=98t6=E2=80=99=20was=20not=20declared=20in?=
- =?UTF-8?q?=20this=20scope=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid?=
- =?UTF-8?q?=3D268739?=
+Subject: [PATCH] =?UTF-8?q?LowLevelInterpreter.cpp:339:21:=20error:=20?=
+ =?UTF-8?q?=E2=80=98t6=E2=80=99=20was=20not=20declared=20in=20this=20scope?=
+ =?UTF-8?q?=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid=3D268739?=
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -22,7 +21,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  1 file changed, 2 deletions(-)
 
 diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
-index 5064ead6cd2e7..9a2e2653b1219 100644
+index 75cecbbd..b1020ea4 100644
 --- a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
 +++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
 @@ -336,8 +336,6 @@ JSValue CLoop::execute(OpcodeID entryOpcodeID, void* executableAddress, VM* vm,
@@ -34,4 +33,3 @@ index 5064ead6cd2e7..9a2e2653b1219 100644
  
      struct StackPointerScope {
          StackPointerScope(CLoopStack& stack)
-
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.44.1.bb b/meta/recipes-sato/webkit/webkitgtk_2.44.3.bb
index c4a3c464c1..a8f825e164 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.44.1.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.44.3.bb
@@ -16,10 +16,8 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
            file://no-musttail-arm.patch \
            file://t6-not-declared.patch \
            file://30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch \
-           file://0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch \
-           file://0002-More-dynamicDowncast-adoption-in-platform-code.patch \
            "
-SRC_URI[sha256sum] = "425b1459b0f04d0600c78d1abb5e7edfa3c060a420f8b231e9a6a2d5d29c5561"
+SRC_URI[sha256sum] = "dc82d042ecaca981a4852357c06e5235743319cf10a94cd36ad41b97883a0b54"
 
 inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen
 
diff --git a/meta/recipes-support/boost/boost-1.84.0.inc b/meta/recipes-support/boost/boost-1.84.0.inc
index 5bbea2ba5b..be1ad20f47 100644
--- a/meta/recipes-support/boost/boost-1.84.0.inc
+++ b/meta/recipes-support/boost/boost-1.84.0.inc
@@ -11,7 +11,7 @@ BOOST_VER = "${@"_".join(d.getVar("PV").split("."))}"
 BOOST_MAJ = "${@"_".join(d.getVar("PV").split(".")[0:2])}"
 BOOST_P = "boost_${BOOST_VER}"
 
-SRC_URI = "https://boostorg.jfrog.io/artifactory/main/release/${PV}/source/${BOOST_P}.tar.bz2"
+SRC_URI = "https://archives.boost.io/release/${PV}/source/${BOOST_P}.tar.bz2"
 SRC_URI[sha256sum] = "cc4b893acf645c9d4b698e9a0f08ca8846aa5d6c68275c14c3e7949c24109454"
 
 UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/"
diff --git a/meta/recipes-support/curl/curl/CVE-2024-11053-0001.patch b/meta/recipes-support/curl/curl/CVE-2024-11053-0001.patch
new file mode 100644
index 0000000000..52ba390cde
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2024-11053-0001.patch
@@ -0,0 +1,353 @@
+From 9bee39bfed2c413b4cc4eb306a57ac92a1854907 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sat, 12 Oct 2024 23:54:39 +0200
+Subject: [PATCH] url: use same credentials on redirect
+
+Previously it could lose the username and only use the password.
+
+Added test 998 and 999 to verify.
+
+Reported-by: Tobias Bora
+Fixes #15262
+Closes #15282
+
+Changes:
+- Test files are added in Makefile.inc.
+
+CVE: CVE-2024-11053
+Upstream-Status: Backport [https://github.com/curl/curl/commit/9bee39bfed2c413b4cc4eb306a57ac92a1854907]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/transfer.c          |  3 ++
+ lib/url.c               | 19 +++++----
+ lib/urldata.h           |  9 +++-
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test998      | 92 +++++++++++++++++++++++++++++++++++++++++
+ tests/data/test999      | 81 ++++++++++++++++++++++++++++++++++++
+ 6 files changed, 195 insertions(+), 11 deletions(-)
+ create mode 100644 tests/data/test998
+ create mode 100644 tests/data/test999
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index e31d1d6..ccd042b 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -700,6 +700,9 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
+       return CURLE_OUT_OF_MEMORY;
+   }
+
++  if(data->set.str[STRING_USERNAME] ||
++     data->set.str[STRING_PASSWORD])
++    data->state.creds_from = CREDS_OPTION;
+   if(!result)
+     result = Curl_setstropt(&data->state.aptr.user,
+                             data->set.str[STRING_USERNAME]);
+diff --git a/lib/url.c b/lib/url.c
+index 224b9f3..05431b9 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -1899,10 +1899,10 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
+     return result;
+
+   /*
+-   * User name and password set with their own options override the
+-   * credentials possibly set in the URL.
++   * username and password set with their own options override the credentials
++   * possibly set in the URL, but netrc does not.
+    */
+-  if(!data->set.str[STRING_PASSWORD]) {
++  if(!data->state.aptr.passwd || (data->state.creds_from != CREDS_OPTION)) {
+     uc = curl_url_get(uh, CURLUPART_PASSWORD, &data->state.up.password, 0);
+     if(!uc) {
+       char *decoded;
+@@ -1915,12 +1915,13 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
+       result = Curl_setstropt(&data->state.aptr.passwd, decoded);
+       if(result)
+         return result;
++      data->state.creds_from = CREDS_URL;
+     }
+     else if(uc != CURLUE_NO_PASSWORD)
+       return Curl_uc_to_curlcode(uc);
+   }
+
+-  if(!data->set.str[STRING_USERNAME]) {
++  if(!data->state.aptr.user || (data->state.creds_from != CREDS_OPTION)) {
+     /* we don't use the URL API's URL decoder option here since it rejects
+        control codes and we want to allow them for some schemes in the user
+        and password fields */
+@@ -1934,13 +1935,10 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
+         return result;
+       conn->user = decoded;
+       result = Curl_setstropt(&data->state.aptr.user, decoded);
++      data->state.creds_from = CREDS_URL;
+     }
+     else if(uc != CURLUE_NO_USER)
+       return Curl_uc_to_curlcode(uc);
+-    else if(data->state.aptr.passwd) {
+-      /* no user was set but a password, set a blank user */
+-      result = Curl_setstropt(&data->state.aptr.user, "");
+-    }
+     if(result)
+       return result;
+   }
+@@ -2730,7 +2728,8 @@ static CURLcode override_login(struct Curl_easy *data,
+     int ret;
+     bool url_provided = FALSE;
+
+-    if(data->state.aptr.user) {
++    if(data->state.aptr.user &&
++       (data->state.creds_from != CREDS_NETRC)) {
+       /* there was a user name in the URL. Use the URL decoded version */
+       userp = &data->state.aptr.user;
+       url_provided = TRUE;
+@@ -2778,6 +2777,7 @@ static CURLcode override_login(struct Curl_easy *data,
+       result = Curl_setstropt(&data->state.aptr.user, *userp);
+       if(result)
+         return result;
++      data->state.creds_from = CREDS_NETRC;
+     }
+   }
+   if(data->state.aptr.user) {
+@@ -2795,6 +2795,7 @@ static CURLcode override_login(struct Curl_easy *data,
+     CURLcode result = Curl_setstropt(&data->state.aptr.passwd, *passwdp);
+     if(result)
+       return result;
++    data->state.creds_from = CREDS_NETRC;
+   }
+   if(data->state.aptr.passwd) {
+     uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD,
+diff --git a/lib/urldata.h b/lib/urldata.h
+index ce28f25..b68d023 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1207,6 +1207,11 @@ struct urlpieces {
+   char *query;
+ };
+
++#define CREDS_NONE   0
++#define CREDS_URL    1 /* from URL */
++#define CREDS_OPTION 2 /* set with a CURLOPT_ */
++#define CREDS_NETRC  3 /* found in netrc */
++
+ struct UrlState {
+   /* Points to the connection cache */
+   struct conncache *conn_cache;
+@@ -1344,7 +1349,6 @@ struct UrlState {
+     char *proxyuser;
+     char *proxypasswd;
+   } aptr;
+-
+   unsigned char httpwant; /* when non-zero, a specific HTTP version requested
+                              to be used in the library's request(s) */
+   unsigned char httpversion; /* the lowest HTTP version*10 reported by any
+@@ -1354,6 +1358,9 @@ struct UrlState {
+   unsigned char select_bits; /* != 0 -> bitmask of socket events for this
+                                  transfer overriding anything the socket may
+                                  report */
++  unsigned int creds_from:2; /* where is the server credentials originating
++                                from, see the CREDS_* defines above */
++
+ #ifdef CURLDEBUG
+   BIT(conncache_lock);
+ #endif
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index d89e565..03cb6a0 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -126,7 +126,7 @@ test952 test953 test954 test955 test956 test957 test958 test959 test960 \
+ test961 test962 test963 test964 test965 test966 test967 test968 test969 \
+ test970 test971 test972 test973 test974 test975 test976 test977 test978 \
+ test979 test980 test981 test982 test983 test984 test985 test986 test987 \
+-test988 test989 test990 test991 test992 \
++test988 test989 test990 test991 test992 test998 test999 \
+ \
+ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
+ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
+diff --git a/tests/data/test998 b/tests/data/test998
+new file mode 100644
+index 0000000..596b18e
+--- /dev/null
++++ b/tests/data/test998
+@@ -0,0 +1,92 @@
++<testcase>
++ <info>
++ <keywords>
++ HTTP
++ --location-trusted
++ </keywords>
++ </info>
++
++ #
++ # Server-side
++ <reply>
++ <data>
++ HTTP/1.1 301 redirect
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Content-Length: 0
++ Connection: close
++ Content-Type: text/html
++ Location: http://somewhere.else.example/a/path/%TESTNUMBER0002
++
++ </data>
++ <data2>
++ HTTP/1.1 200 OK
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Content-Length: 6
++ Content-Type: text/html
++ Funny-head: yesyes
++
++ -foo-
++ </data2>
++
++ <datacheck>
++ HTTP/1.1 301 redirect
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Content-Length: 0
++ Connection: close
++ Content-Type: text/html
++ Location: http://somewhere.else.example/a/path/%TESTNUMBER0002
++
++ HTTP/1.1 200 OK
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Content-Length: 6
++ Content-Type: text/html
++ Funny-head: yesyes
++
++ -foo-
++ </datacheck>
++
++ </reply>
++
++ #
++ # Client-side
++ <client>
++ <features>
++ proxy
++ </features>
++ <server>
++ http
++ </server>
++ <name>
++ HTTP with auth in URL redirected to another host
++ </name>
++ <command>
++ -x %HOSTIP:%HTTPPORT http://alberto:einstein@somwhere.example/%TESTNUMBER --location-trusted
++ </command>
++ </client>
++
++ #
++ # Verify data after the test has been "shot"
++ <verify>
++ <strip>
++ QUIT
++ </strip>
++ <protocol>
++ GET http://somwhere.example/998 HTTP/1.1
++ Host: somwhere.example
++ Authorization: Basic YWxiZXJ0bzplaW5zdGVpbg==
++ User-Agent: curl/%VERSION
++ Accept: */*
++ Proxy-Connection: Keep-Alive
++
++ GET http://somewhere.else.example/a/path/9980002 HTTP/1.1
++ Host: somewhere.else.example
++ Authorization: Basic YWxiZXJ0bzplaW5zdGVpbg==
++ User-Agent: curl/%VERSION
++ Accept: */*
++ Proxy-Connection: Keep-Alive
++
++ </protocol>
++ </verify>
++ </testcase>
+diff --git a/tests/data/test999 b/tests/data/test999
+new file mode 100644
+index 0000000..184821d
+--- /dev/null
++++ b/tests/data/test999
+@@ -0,0 +1,81 @@
++<testcase>
++ <info>
++ <keywords>
++ HTTP
++ --location-trusted
++ </keywords>
++ </info>
++
++ #
++ # Server-side
++ <reply>
++ <data nocheck="yes">
++ HTTP/1.1 200 OK
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Content-Length: 6
++ Content-Type: text/html
++ Funny-head: yesyes
++
++ -foo-
++ </data>
++
++ <datacheck>
++ HTTP/1.1 301 redirect
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Content-Length: 0
++ Connection: close
++ Content-Type: text/html
++ Location: http://somewhere.else.example/a/path/%TESTNUMBER0002
++
++ HTTP/1.1 200 OK
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Content-Length: 6
++ Content-Type: text/html
++ Funny-head: yesyes
++
++ -foo-
++ </datacheck>
++
++ </reply>
++
++ #
++ # Client-side
++ <client>
++ <features>
++ proxy
++ </features>
++ <server>
++ http
++ </server>
++ <name>
++ HTTP with auth in first URL but not second
++ </name>
++ <command>
++ -x %HOSTIP:%HTTPPORT http://alberto:einstein@somwhere.example/%TESTNUMBER http://somewhere.else.example/%TESTNUMBER
++ </command>
++ </client>
++
++ #
++ # Verify data after the test has been "shot"
++ <verify>
++ <strip>
++ QUIT
++ </strip>
++ <protocol>
++ GET http://somwhere.example/%TESTNUMBER HTTP/1.1
++ Host: somwhere.example
++ Authorization: Basic YWxiZXJ0bzplaW5zdGVpbg==
++ User-Agent: curl/%VERSION
++ Accept: */*
++ Proxy-Connection: Keep-Alive
++
++ GET http://somewhere.else.example/%TESTNUMBER HTTP/1.1
++ Host: somewhere.else.example
++ User-Agent: curl/%VERSION
++ Accept: */*
++ Proxy-Connection: Keep-Alive
++
++ </protocol>
++ </verify>
++ </testcase>
+--
+2.40.0
diff --git a/meta/recipes-support/curl/curl/CVE-2024-11053-0002.patch b/meta/recipes-support/curl/curl/CVE-2024-11053-0002.patch
new file mode 100644
index 0000000000..7f45f79cf2
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2024-11053-0002.patch
@@ -0,0 +1,728 @@
+From e9b9bbac22c26cf67316fa8e6c6b9e831af31949 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 15 Nov 2024 11:06:36 +0100
+Subject: [PATCH] netrc: address several netrc parser flaws
+
+- make sure that a match that returns a username also returns a
+  password, that should be blank if no password is found
+
+- fix handling of multiple logins for same host where the password/login
+  order might be reversed.
+
+- reject credentials provided in the .netrc if they contain ASCII control
+  codes - if the used protocol does not support such (like HTTP and WS do)
+
+Reported-by: Harry Sintonen
+
+Add test 478, 479 and 480 to verify. Updated unit 1304.
+
+Closes #15586
+
+Changes:
+- Refresh patch context.
+- Adjust `%LOGDIR/` to 'log/' due to its absence in code.
+- Backported only required enum found_state defination from:
+  https://github.com/curl/curl/commit/3b43a05e000aa8f65bda513f733a73fefe35d5ca
+- Replaces the previous usage of the state_login, state_password, and
+  state_our_login variables with the found_state enum, which includes the
+  values NONE, LOGIN, and PASSWORD. As a result, all conditionals and memory
+  management logic associated with these variables were updated.
+
+CVE: CVE-2024-11053
+Upstream-Status: Backport [https://github.com/curl/curl/commit/e9b9bbac22c26cf67316fa8e6c6b9e831af3194]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/netrc.c             | 122 ++++++++++++++++++++++------------------
+ lib/url.c               |  59 ++++++++++++-------
+ tests/data/Makefile.inc |   2 +-
+ tests/data/test478      |  73 ++++++++++++++++++++++++
+ tests/data/test479      | 107 +++++++++++++++++++++++++++++++++++
+ tests/data/test480      |  38 +++++++++++++
+ tests/unit/unit1304.c   |  75 +++++++-----------------
+ 7 files changed, 347 insertions(+), 129 deletions(-)
+ create mode 100644 tests/data/test478
+ create mode 100644 tests/data/test479
+ create mode 100644 tests/data/test480
+
+diff --git a/lib/netrc.c b/lib/netrc.c
+index cd2a284..64efdc0 100644
+--- a/lib/netrc.c
++++ b/lib/netrc.c
+@@ -49,6 +49,15 @@ enum host_lookup_state {
+   MACDEF
+ };
+
++enum found_state {
++  NONE,
++  LOGIN,
++  PASSWORD
++};
++
++#define FOUND_LOGIN    1
++#define FOUND_PASSWORD 2
++
+ #define NETRC_FILE_MISSING 1
+ #define NETRC_FAILED -1
+ #define NETRC_SUCCESS 0
+@@ -59,23 +68,20 @@ enum host_lookup_state {
+  * Returns zero on success.
+  */
+ static int parsenetrc(const char *host,
+-                      char **loginp,
++                      char **loginp, /* might point to a username */
+                       char **passwordp,
+                       char *netrcfile)
+ {
+   FILE *file;
+   int retcode = NETRC_FILE_MISSING;
+   char *login = *loginp;
+-  char *password = *passwordp;
+-  bool specific_login = (login && *login != 0);
+-  bool login_alloc = FALSE;
+-  bool password_alloc = FALSE;
++  char *password = NULL;
++  bool specific_login = login; /* points to something */
+   enum host_lookup_state state = NOTHING;
+-
+-  char state_login = 0;      /* Found a login keyword */
+-  char state_password = 0;   /* Found a password keyword */
+-  int state_our_login = TRUE;  /* With specific_login, found *our* login
+-                                  name (or login-less line) */
++  enum found_state keyword = NONE;
++  unsigned char found = 0; /* login + password found bits, as they can come in
++                              any order */
++  bool our_login = FALSE;  /* found our login name */
+
+   DEBUGASSERT(netrcfile);
+
+@@ -97,7 +103,7 @@ static int parsenetrc(const char *host,
+           continue;
+       }
+       tok = netrcbuffer;
+-      while(tok) {
++      while(tok && !done) {
+         while(ISBLANK(*tok))
+           tok++;
+         /* tok is first non-space letter */
+@@ -156,11 +162,6 @@ static int parsenetrc(const char *host,
+           }
+         }
+
+-        if((login && *login) && (password && *password)) {
+-          done = TRUE;
+-          break;
+-        }
+-
+         switch(state) {
+         case NOTHING:
+           if(strcasecompare("macdef", tok)) {
+@@ -175,6 +176,12 @@ static int parsenetrc(const char *host,
+                after this we need to search for 'login' and
+                'password'. */
+             state = HOSTFOUND;
++            keyword = NONE;
++            found = 0;
++            our_login = FALSE;
++            Curl_safefree(password);
++            if(!specific_login)
++              Curl_safefree(login);
+           }
+           else if(strcasecompare("default", tok)) {
+             state = HOSTVALID;
+@@ -198,48 +205,55 @@ static int parsenetrc(const char *host,
+           break;
+         case HOSTVALID:
+           /* we are now parsing sub-keywords concerning "our" host */
+-          if(state_login) {
++          if(keyword == LOGIN) {
+             if(specific_login) {
+-              state_our_login = !Curl_timestrcmp(login, tok);
++              our_login = !Curl_timestrcmp(login, tok);
+             }
+-            else if(!login || Curl_timestrcmp(login, tok)) {
+-              if(login_alloc) {
+-                free(login);
+-                login_alloc = FALSE;
+-              }
++            else {
++              our_login = TRUE;
++              free(login);
+               login = strdup(tok);
+               if(!login) {
+                 retcode = NETRC_FAILED; /* allocation failed */
+                 goto out;
+               }
+-              login_alloc = TRUE;
+             }
+-            state_login = 0;
++          found |= FOUND_LOGIN;
++          keyword = NONE;
+           }
+-          else if(state_password) {
+-            if((state_our_login || !specific_login)
+-               && (!password || Curl_timestrcmp(password, tok))) {
+-              if(password_alloc) {
+-                free(password);
+-                password_alloc = FALSE;
+-              }
+-              password = strdup(tok);
+-              if(!password) {
+-                retcode = NETRC_FAILED; /* allocation failed */
+-                goto out;
+-              }
+-              password_alloc = TRUE;
++          else if(keyword == PASSWORD) {
++            free(password);
++            password = strdup(tok);
++            if(!password) {
++              retcode = NETRC_FAILED; /* allocation failed */
++              goto out;
+             }
+-            state_password = 0;
++          found |= FOUND_PASSWORD;
++          keyword = NONE;
+           }
+           else if(strcasecompare("login", tok))
+-            state_login = 1;
++            keyword = LOGIN;
+           else if(strcasecompare("password", tok))
+-            state_password = 1;
++            keyword = PASSWORD;
+           else if(strcasecompare("machine", tok)) {
+-            /* ok, there's machine here go => */
++            /* a new machine here */
+             state = HOSTFOUND;
+-            state_our_login = FALSE;
++            keyword = NONE;
++            found = 0;
++            Curl_safefree(password);
++            if(!specific_login)
++              Curl_safefree(login);
++          }
++          else if(strcasecompare("default", tok)) {
++            state = HOSTVALID;
++            retcode = NETRC_SUCCESS; /* we did find our host */
++            Curl_safefree(password);
++            if(!specific_login)
++              Curl_safefree(login);
++          }
++          if((found == (FOUND_PASSWORD|FOUND_LOGIN)) && our_login) {
++            done = TRUE;
++            break;
+           }
+           break;
+         } /* switch (state) */
+@@ -249,24 +263,22 @@ static int parsenetrc(const char *host,
+
+ out:
+     Curl_dyn_free(&buf);
++    if(!retcode && !password && our_login) {
++      /* success without a password, set a blank one */
++      password = strdup("");
++      if(!password)
++        retcode = 1; /* out of memory */
++    }
+     if(!retcode) {
+       /* success */
+-      if(login_alloc) {
+-        if(*loginp)
+-          free(*loginp);
++      if(!specific_login)
+         *loginp = login;
+-      }
+-      if(password_alloc) {
+-        if(*passwordp)
+-          free(*passwordp);
+-        *passwordp = password;
+-      }
++      *passwordp = password;
+     }
+     else {
+-      if(login_alloc)
++      if(!specific_login)
+         free(login);
+-      if(password_alloc)
+-        free(password);
++      free(password);
+     }
+     fclose(file);
+   }
+diff --git a/lib/url.c b/lib/url.c
+index 05431b9..1439c9e 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -2699,6 +2699,17 @@ static CURLcode parse_remote_port(struct Curl_easy *data,
+   return CURLE_OK;
+ }
+
++static bool str_has_ctrl(const char *input)
++{
++  const unsigned char *str = (const unsigned char *)input;
++  while(*str) {
++    if(*str < 0x20)
++      return TRUE;
++    str++;
++  }
++  return FALSE;
++}
++
+ /*
+  * Override the login details from the URL with that in the CURLOPT_USERPWD
+  * option or a .netrc file, if applicable.
+@@ -2730,29 +2741,39 @@ static CURLcode override_login(struct Curl_easy *data,
+
+     if(data->state.aptr.user &&
+        (data->state.creds_from != CREDS_NETRC)) {
+-      /* there was a user name in the URL. Use the URL decoded version */
++      /* there was a username with a length in the URL. Use the URL decoded
++         version */
+       userp = &data->state.aptr.user;
+       url_provided = TRUE;
+     }
+
+-    ret = Curl_parsenetrc(conn->host.name,
+-                          userp, passwdp,
+-                          data->set.str[STRING_NETRC_FILE]);
+-    if(ret > 0) {
+-      infof(data, "Couldn't find host %s in the %s file; using defaults",
+-            conn->host.name,
+-            (data->set.str[STRING_NETRC_FILE] ?
+-             data->set.str[STRING_NETRC_FILE] : ".netrc"));
+-    }
+-    else if(ret < 0) {
+-      failf(data, ".netrc parser error");
+-      return CURLE_READ_ERROR;
+-    }
+-    else {
+-      /* set bits.netrc TRUE to remember that we got the name from a .netrc
+-         file, so that it is safe to use even if we followed a Location: to a
+-         different host or similar. */
+-      conn->bits.netrc = TRUE;
++    if(!*passwdp) {
++      ret = Curl_parsenetrc(conn->host.name, userp, passwdp,
++                            data->set.str[STRING_NETRC_FILE]);
++      if(ret > 0) {
++        infof(data, "Couldn't find host %s in the %s file; using defaults",
++              conn->host.name,
++              (data->set.str[STRING_NETRC_FILE] ?
++               data->set.str[STRING_NETRC_FILE] : ".netrc"));
++      }
++      else if(ret < 0) {
++        failf(data, ".netrc parser error");
++        return CURLE_READ_ERROR;
++      }
++      else {
++        if(!(conn->handler->flags&PROTOPT_USERPWDCTRL)) {
++          /* if the protocol can't handle control codes in credentials, make
++             sure there are none */
++          if(str_has_ctrl(*userp) || str_has_ctrl(*passwdp)) {
++            failf(data, "control code detected in .netrc credentials");
++            return CURLE_READ_ERROR;
++          }
++        }
++        /* set bits.netrc TRUE to remember that we got the name from a .netrc
++           file, so that it is safe to use even if we followed a Location: to a
++           different host or similar. */
++        conn->bits.netrc = TRUE;
++      }
+     }
+     if(url_provided) {
+       Curl_safefree(conn->user);
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 03cb6a0..e3508cb 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -73,7 +73,7 @@ test426 test427 test428 test429 test430 test431 test432 test433 test434 \
+ test435 test436 test437 test438 test439 test440 test441 test442 test443 \
+ test444 test445 test446 test447 test448 test449 test450 test451 test452 \
+ test453 test454 test455 test456 test457 test458 test459 test460 test461 \
+-test462 test463 test467 test468 \
++test462 test463 test467 test468 test478 test479 test480 \
+ \
+ test490 test491 test492 test493 test494 test495 test496 test497 test498 \
+ test499 test500 test501 test502 test503 test504 test505 test506 test507 \
+diff --git a/tests/data/test478 b/tests/data/test478
+new file mode 100644
+index 0000000..4acc72e
+--- /dev/null
++++ b/tests/data/test478
+@@ -0,0 +1,73 @@
++<testcase>
++ <info>
++ <keywords>
++ netrc
++ HTTP
++ </keywords>
++ </info>
++ #
++ # Server-side
++ <reply>
++ <data crlf="yes">
++ HTTP/1.1 200 OK
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ ETag: "21025-dc7-39462498"
++ Accept-Ranges: bytes
++ Content-Length: 6
++ Connection: close
++ Content-Type: text/html
++ Funny-head: yesyes
++
++ -foo-
++ </data>
++ </reply>
++
++ #
++ # Client-side
++ <client>
++ <server>
++ http
++ </server>
++ <features>
++ proxy
++ </features>
++ <name>
++ .netrc with multiple accounts for same host
++ </name>
++ <command>
++ --netrc --netrc-file log/netrc%TESTNUMBER -x http://%HOSTIP:%HTTPPORT/ http://debbie@github.com/
++ </command>
++ <file name="log/netrc%TESTNUMBER" >
++
++ machine github.com
++ password weird
++ password firstone
++ login daniel
++
++ machine github.com
++
++ machine github.com
++ login debbie
++
++ machine github.com
++ password weird
++ password "second\r"
++ login debbie
++
++ </file>
++ </client>
++
++ <verify>
++ <protocol>
++ GET http://github.com/ HTTP/1.1
++ Host: github.com
++ Authorization: Basic %b64[debbie:second%0D]b64%
++ User-Agent: curl/%VERSION
++ Accept: */*
++ Proxy-Connection: Keep-Alive
++
++ </protocol>
++ </verify>
++ </testcase>
+diff --git a/tests/data/test479 b/tests/data/test479
+new file mode 100644
+index 0000000..62a2057
+--- /dev/null
++++ b/tests/data/test479
+@@ -0,0 +1,107 @@
++<testcase>
++ <info>
++ <keywords>
++ netrc
++ HTTP
++ </keywords>
++ </info>
++ #
++ # Server-side
++ <reply>
++ <data crlf="yes">
++ HTTP/1.1 301 Follow this you fool
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ ETag: "21025-dc7-39462498"
++ Accept-Ranges: bytes
++ Content-Length: 6
++ Connection: close
++ Location: http://b.com/%TESTNUMBER0002
++
++ -foo-
++ </data>
++
++ <data2 crlf="yes">
++ HTTP/1.1 200 OK
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ ETag: "21025-dc7-39462498"
++ Accept-Ranges: bytes
++ Content-Length: 7
++ Connection: close
++
++ target
++ </data2>
++
++ <datacheck crlf="yes">
++ HTTP/1.1 301 Follow this you fool
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ ETag: "21025-dc7-39462498"
++ Accept-Ranges: bytes
++ Content-Length: 6
++ Connection: close
++ Location: http://b.com/%TESTNUMBER0002
++
++ HTTP/1.1 200 OK
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ ETag: "21025-dc7-39462498"
++ Accept-Ranges: bytes
++ Content-Length: 7
++ Connection: close
++
++ target
++ </datacheck>
++ </reply>
++
++ #
++ # Client-side
++ <client>
++ <server>
++ http
++ </server>
++ <features>
++ proxy
++ </features>
++ <name>
++ .netrc with redirect and default without password
++ </name>
++ <command>
++ --netrc --netrc-file log/netrc%TESTNUMBER -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/
++ </command>
++ <file name="log/netrc%TESTNUMBER" >
++
++ machine a.com
++   login alice
++   password alicespassword
++
++ default
++   login bob
++
++ </file>
++ </client>
++
++ <verify>
++ <protocol>
++ GET http://a.com/ HTTP/1.1
++ Host: a.com
++ Authorization: Basic %b64[alice:alicespassword]b64%
++ User-Agent: curl/%VERSION
++ Accept: */*
++ Proxy-Connection: Keep-Alive
++
++ GET http://b.com/%TESTNUMBER0002 HTTP/1.1
++ Host: b.com
++ Authorization: Basic %b64[bob:]b64%
++ User-Agent: curl/%VERSION
++ Accept: */*
++ Proxy-Connection: Keep-Alive
++
++ </protocol>
++ </verify>
++ </testcase>
+diff --git a/tests/data/test480 b/tests/data/test480
+new file mode 100644
+index 0000000..47db7ab
+--- /dev/null
++++ b/tests/data/test480
+@@ -0,0 +1,38 @@
++<testcase>
++ <info>
++ <keywords>
++ netrc
++ pop3
++ </keywords>
++ </info>
++ #
++ # Server-side
++ <reply>
++
++ </reply>
++
++ #
++ # Client-side
++ <client>
++ <server>
++ pop3
++ </server>
++ <name>
++ Reject .netrc with credentials using CRLF for POP3
++ </name>
++ <command>
++ --netrc --netrc-file log/netrc%TESTNUMBER pop3://%HOSTIP:%POP3PORT/%TESTNUMBER
++ </command>
++ <file name="log/netrc%TESTNUMBER" >
++ machine %HOSTIP
++   login alice
++   password "password\r\ncommand"
++ </file>
++ </client>
++
++ <verify>
++ <errorcode>
++ 26
++ </errorcode>
++ </verify>
++ </testcase>
+diff --git a/tests/unit/unit1304.c b/tests/unit/unit1304.c
+index 0288562..b2b4366 100644
+--- a/tests/unit/unit1304.c
++++ b/tests/unit/unit1304.c
+@@ -32,13 +32,8 @@ static char *password;
+
+ static CURLcode unit_setup(void)
+ {
+-  password = strdup("");
+-  login = strdup("");
+-  if(!password || !login) {
+-    Curl_safefree(password);
+-    Curl_safefree(login);
+-    return CURLE_OUT_OF_MEMORY;
+-  }
++  password = NULL;
++  login = NULL;
+   return CURLE_OK;
+ }
+
+@@ -56,76 +51,48 @@ UNITTEST_START
+    */
+   result = Curl_parsenetrc("test.example.com", &login, &password, arg);
+   fail_unless(result == 1, "Host not found should return 1");
+-  abort_unless(password != NULL, "returned NULL!");
+-  fail_unless(password[0] == 0, "password should not have been changed");
+-  abort_unless(login != NULL, "returned NULL!");
+-  fail_unless(login[0] == 0, "login should not have been changed");
++  abort_unless(password == NULL, "password did not return NULL!");
++  abort_unless(login == NULL, "user did not return NULL!");
+
+   /*
+    * Test a non existent login in our netrc file.
+    */
+-  free(login);
+-  login = strdup("me");
+-  abort_unless(login != NULL, "returned NULL!");
++  login = (char *)"me";
+   result = Curl_parsenetrc("example.com", &login, &password, arg);
+   fail_unless(result == 0, "Host should have been found");
+-  abort_unless(password != NULL, "returned NULL!");
+-  fail_unless(password[0] == 0, "password should not have been changed");
+-  abort_unless(login != NULL, "returned NULL!");
+-  fail_unless(strncmp(login, "me", 2) == 0,
+-              "login should not have been changed");
++  abort_unless(password == NULL, "password is not NULL!");
+
+   /*
+    * Test a non existent login and host in our netrc file.
+    */
+-  free(login);
+-  login = strdup("me");
+-  abort_unless(login != NULL, "returned NULL!");
++  login = (char *)"me";
+   result = Curl_parsenetrc("test.example.com", &login, &password, arg);
+   fail_unless(result == 1, "Host not found should return 1");
+-  abort_unless(password != NULL, "returned NULL!");
+-  fail_unless(password[0] == 0, "password should not have been changed");
+-  abort_unless(login != NULL, "returned NULL!");
+-  fail_unless(strncmp(login, "me", 2) == 0,
+-              "login should not have been changed");
++  abort_unless(password == NULL, "password is not NULL!");
+
+   /*
+    * Test a non existent login (substring of an existing one) in our
+    * netrc file.
+    */
+-  free(login);
+-  login = strdup("admi");
+-  abort_unless(login != NULL, "returned NULL!");
++  login = (char *)"admi";
+   result = Curl_parsenetrc("example.com", &login, &password, arg);
+   fail_unless(result == 0, "Host should have been found");
+-  abort_unless(password != NULL, "returned NULL!");
+-  fail_unless(password[0] == 0, "password should not have been changed");
+-  abort_unless(login != NULL, "returned NULL!");
+-  fail_unless(strncmp(login, "admi", 4) == 0,
+-              "login should not have been changed");
++  abort_unless(password == NULL, "password is not NULL!");
+
+   /*
+    * Test a non existent login (superstring of an existing one)
+    * in our netrc file.
+    */
+-  free(login);
+-  login = strdup("adminn");
+-  abort_unless(login != NULL, "returned NULL!");
++  login = (char *)"adminn";
+   result = Curl_parsenetrc("example.com", &login, &password, arg);
+   fail_unless(result == 0, "Host should have been found");
+-  abort_unless(password != NULL, "returned NULL!");
+-  fail_unless(password[0] == 0, "password should not have been changed");
+-  abort_unless(login != NULL, "returned NULL!");
+-  fail_unless(strncmp(login, "adminn", 6) == 0,
+-              "login should not have been changed");
++  abort_unless(password == NULL, "password is not NULL!");
+
+   /*
+    * Test for the first existing host in our netrc file
+    * with login[0] = 0.
+    */
+-  free(login);
+-  login = strdup("");
+-  abort_unless(login != NULL, "returned NULL!");
++  login = NULL;
+   result = Curl_parsenetrc("example.com", &login, &password, arg);
+   fail_unless(result == 0, "Host should have been found");
+   abort_unless(password != NULL, "returned NULL!");
+@@ -139,8 +106,9 @@ UNITTEST_START
+    * with login[0] != 0.
+    */
+   free(password);
+-  password = strdup("");
+-  abort_unless(password != NULL, "returned NULL!");
++  free(login);
++  password = NULL;
++  login = NULL;
+   result = Curl_parsenetrc("example.com", &login, &password, arg);
+   fail_unless(result == 0, "Host should have been found");
+   abort_unless(password != NULL, "returned NULL!");
+@@ -154,11 +122,9 @@ UNITTEST_START
+    * with login[0] = 0.
+    */
+   free(password);
+-  password = strdup("");
+-  abort_unless(password != NULL, "returned NULL!");
++  password = NULL;
+   free(login);
+-  login = strdup("");
+-  abort_unless(login != NULL, "returned NULL!");
++  login = NULL;
+   result = Curl_parsenetrc("curl.example.com", &login, &password, arg);
+   fail_unless(result == 0, "Host should have been found");
+   abort_unless(password != NULL, "returned NULL!");
+@@ -172,8 +138,9 @@ UNITTEST_START
+    * with login[0] != 0.
+    */
+   free(password);
+-  password = strdup("");
+-  abort_unless(password != NULL, "returned NULL!");
++  free(login);
++  password = NULL;
++  login = NULL;
+   result = Curl_parsenetrc("curl.example.com", &login, &password, arg);
+   fail_unless(result == 0, "Host should have been found");
+   abort_unless(password != NULL, "returned NULL!");
+--
+2.40.0
diff --git a/meta/recipes-support/curl/curl/CVE-2024-11053-0003.patch b/meta/recipes-support/curl/curl/CVE-2024-11053-0003.patch
new file mode 100644
index 0000000000..32fb1812d6
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2024-11053-0003.patch
@@ -0,0 +1,130 @@
+From 9fce2c55d4b0273ac99b59bd8cb982a6d96b88cf Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 17 Dec 2024 23:56:42 +0100
+Subject: [PATCH] netrc: fix password-only entries
+
+When a specific hostname matched, and only a password is set before
+another machine is specified in the netrc file, the parser would not be
+happy and stop there and return the password-only state. It instead
+continued and did not return a match.
+
+Add test 2005 to verify this case
+
+Regression from e9b9bba, shipped in 8.11.1.
+
+Reported-by: Ben Zanin
+Fixes #15767
+Closes #15768
+
+CVE: CVE-2024-11053
+Upstream-Status: Backport [https://github.com/curl/curl/commit/9fce2c55d4b0273ac99b59bd8cb982a6d96b88cf]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/netrc.c             |  7 +++++-
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test2005     | 55 +++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 62 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test2005
+
+diff --git a/lib/netrc.c b/lib/netrc.c
+index 64efdc0..695e89a 100644
+--- a/lib/netrc.c
++++ b/lib/netrc.c
+@@ -228,7 +228,8 @@ static int parsenetrc(const char *host,
+               retcode = NETRC_FAILED; /* allocation failed */
+               goto out;
+             }
+-          found |= FOUND_PASSWORD;
++          if(!specific_login || our_login)
++             found |= FOUND_PASSWORD;
+           keyword = NONE;
+           }
+           else if(strcasecompare("login", tok))
+@@ -237,6 +238,10 @@ static int parsenetrc(const char *host,
+             keyword = PASSWORD;
+           else if(strcasecompare("machine", tok)) {
+             /* a new machine here */
++            if(found & FOUND_PASSWORD) {
++             done = TRUE;
++             break;
++            }
+             state = HOSTFOUND;
+             keyword = NONE;
+             found = 0;
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index e3508cb..dc2af79 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -230,7 +230,7 @@ test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \
+ test1955 test1956 test1957 test1958 test1959 test1960 test1964 \
+ test1970 test1971 test1972 test1973 test1974 test1975 \
+ \
+-test2000 test2001 test2002 test2003 test2004 \
++test2000 test2001 test2002 test2003 test2004 test2005 \
+ \
+                                                                test2023 \
+ test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
+diff --git a/tests/data/test2005 b/tests/data/test2005
+new file mode 100644
+index 0000000..66afe84
+--- /dev/null
++++ b/tests/data/test2005
+@@ -0,0 +1,55 @@
++<testcase>
++ <info>
++ <keywords>
++ HTTP
++ netrc
++ </keywords>
++ </info>
++ #
++ # Server-side
++ <reply>
++ <data>
++ HTTP/1.1 200 OK
++ Date: Fri, 05 Aug 2022 10:09:00 GMT
++ Server: test-server/fake
++ Content-Type: text/plain
++ Content-Length: 6
++ Connection: close
++
++ -foo-
++ </data>
++ </reply>
++
++ #
++ # Client-side
++ <client>
++ <server>
++ http
++ </server>
++ <name>
++ netrc match with password only in file, no username. machine follows
++ </name>
++ <command>
++ --netrc-optional --netrc-file log/netrc%TESTNUMBER http://%HOSTIP:%HTTPPORT/
++ </command>
++ <file name="log/netrc%TESTNUMBER" >
++ machine %HOSTIP
++ password 5up3r53cr37
++
++ machine example.com
++ </file>
++ </client>
++
++ #
++ # Verify data after the test has been "shot"
++ <verify>
++ <protocol>
++ GET / HTTP/1.1
++ Host: %HOSTIP:%HTTPPORT
++ Authorization: Basic %b64[:5up3r53cr37]b64%
++ User-Agent: curl/%VERSION
++ Accept: */*
++
++ </protocol>
++ </verify>
++ </testcase>
+--
+2.40.0
diff --git a/meta/recipes-support/curl/curl/CVE-2024-9681.patch b/meta/recipes-support/curl/curl/CVE-2024-9681.patch
new file mode 100644
index 0000000000..d9131228fc
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2024-9681.patch
@@ -0,0 +1,85 @@
+From a94973805df96269bf3f3bf0a20ccb9887313316 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 9 Oct 2024 10:04:35 +0200
+Subject: [PATCH] hsts: improve subdomain handling
+
+- on load, only replace existing HSTS entries if there is a full host
+  match
+
+- on matching, prefer a full host match and secondary the longest tail
+  subdomain match
+
+Closes #15210
+
+CVE: CVE-2024-9681
+Upstream-Status: Backport [https://github.com/curl/curl/commit/a94973805df96269bf3f3bf0a20ccb9887313316]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/hsts.c          | 14 ++++++++++----
+ tests/data/test1660 |  2 +-
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/lib/hsts.c b/lib/hsts.c
+index d5e883f51ef0f7..12052ce53c1c5a 100644
+--- a/lib/hsts.c
++++ b/lib/hsts.c
+@@ -254,12 +254,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
+ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
+                            bool subdomain)
+ {
++  struct stsentry *bestsub = NULL;
+   if(h) {
+     char buffer[MAX_HSTS_HOSTLEN + 1];
+     time_t now = time(NULL);
+     size_t hlen = strlen(hostname);
+     struct Curl_llist_element *e;
+     struct Curl_llist_element *n;
++    size_t blen = 0;
+ 
+     if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
+       return NULL;
+@@ -284,15 +286,19 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
+         if(ntail < hlen) {
+           size_t offs = hlen - ntail;
+           if((hostname[offs-1] == '.') &&
+-             strncasecompare(&hostname[offs], sts->host, ntail))
+-            return sts;
++             strncasecompare(&hostname[offs], sts->host, ntail) &&
++             (ntail > blen)) {
++            /* save the tail match with the longest tail */
++            bestsub = sts;
++            blen = ntail;
++          }
+         }
+       }
+       if(strcasecompare(hostname, sts->host))
+         return sts;
+     }
+   }
+-  return NULL; /* no match */
++  return bestsub;
+ }
+ 
+ /*
+@@ -444,7 +450,7 @@ static CURLcode hsts_add(struct hsts *h, char *line)
+     e = Curl_hsts(h, p, subdomain);
+     if(!e)
+       result = hsts_create(h, p, subdomain, expires);
+-    else {
++    else if(strcasecompare(p, e->host)) {
+       /* the same host name, use the largest expire time */
+       if(expires > e->expires)
+         e->expires = expires;
+diff --git a/tests/data/test1660 b/tests/data/test1660
+index f86126d19cf269..4b6f9615c9d517 100644
+--- a/tests/data/test1660
++++ b/tests/data/test1660
+@@ -52,7 +52,7 @@ this.example [this.example]: 1548400797
+ Input 12: error 43
+ Input 13: error 43
+ Input 14: error 43
+-3.example.com [example.com]: 1569905261 includeSubDomains
++3.example.com [3.example.com]: 1569905261 includeSubDomains
+ 3.example.com [example.com]: 1569905261 includeSubDomains
+ foo.example.com [example.com]: 1569905261 includeSubDomains
+ 'foo.xample.com' is not HSTS
diff --git a/meta/recipes-support/curl/curl/CVE-2025-0167.patch b/meta/recipes-support/curl/curl/CVE-2025-0167.patch
new file mode 100644
index 0000000000..6dad98ef7a
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-0167.patch
@@ -0,0 +1,178 @@
+From 0e120c5b925e8ca75d5319e319e5ce4b8080d8eb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 3 Jan 2025 16:22:27 +0100
+Subject: [PATCH] netrc: 'default' with no credentials is not a match
+
+Test 486 verifies.
+
+Reported-by: Yihang Zhou
+
+Closes #15908
+
+Changes:
+- Test files are added in Makefile.inc.
+- Adjust `%LOGDIR/` to 'log/' due to its absence in code.
+
+CVE: CVE-2025-0167
+Upstream-Status: Backport [https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ lib/netrc.c             |  15 ++++--
+ tests/data/Makefile.inc |   2 +-
+ tests/data/test486      | 105 ++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 116 insertions(+), 6 deletions(-)
+ create mode 100644 tests/data/test486
+
+diff --git a/lib/netrc.c b/lib/netrc.c
+index 64efdc0..5533ecc 100644
+--- a/lib/netrc.c
++++ b/lib/netrc.c
+@@ -263,11 +263,16 @@ static int parsenetrc(const char *host,
+
+ out:
+     Curl_dyn_free(&buf);
+-    if(!retcode && !password && our_login) {
+-      /* success without a password, set a blank one */
+-      password = strdup("");
+-      if(!password)
+-        retcode = 1; /* out of memory */
++    if(!retcode) {
++     if(!password && our_login) {
++       /* success without a password, set a blank one */
++       password = strdup("");
++       if(!password)
++         retcode = 1; /* out of memory */
++     }
++     else if(!login && !password)
++       /* a default with no credentials */
++       retcode = NETRC_FILE_MISSING;
+     }
+     if(!retcode) {
+       /* success */
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index e3508cb..7a8074f 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -73,7 +73,7 @@ test426 test427 test428 test429 test430 test431 test432 test433 test434 \
+ test435 test436 test437 test438 test439 test440 test441 test442 test443 \
+ test444 test445 test446 test447 test448 test449 test450 test451 test452 \
+ test453 test454 test455 test456 test457 test458 test459 test460 test461 \
+-test462 test463 test467 test468 test478 test479 test480 \
++test462 test463 test467 test468 test478 test479 test480 test486 \
+ \
+ test490 test491 test492 test493 test494 test495 test496 test497 test498 \
+ test499 test500 test501 test502 test503 test504 test505 test506 test507 \
+diff --git a/tests/data/test486 b/tests/data/test486
+new file mode 100644
+index 0000000..093899e
+--- /dev/null
++++ b/tests/data/test486
+@@ -0,0 +1,105 @@
++<testcase>
++ <info>
++ <keywords>
++ netrc
++ HTTP
++ </keywords>
++ </info>
++ #
++ # Server-side
++ <reply>
++ <data crlf="yes">
++ HTTP/1.1 301 Follow this you fool
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ ETag: "21025-dc7-39462498"
++ Accept-Ranges: bytes
++ Content-Length: 6
++ Connection: close
++ Location: http://b.com/%TESTNUMBER0002
++
++ -foo-
++ </data>
++
++ <data2 crlf="yes">
++ HTTP/1.1 200 OK
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ ETag: "21025-dc7-39462498"
++ Accept-Ranges: bytes
++ Content-Length: 7
++ Connection: close
++
++ target
++ </data2>
++
++ <datacheck crlf="yes">
++ HTTP/1.1 301 Follow this you fool
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ ETag: "21025-dc7-39462498"
++ Accept-Ranges: bytes
++ Content-Length: 6
++ Connection: close
++ Location: http://b.com/%TESTNUMBER0002
++
++ HTTP/1.1 200 OK
++ Date: Tue, 09 Nov 2010 14:49:00 GMT
++ Server: test-server/fake
++ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ ETag: "21025-dc7-39462498"
++ Accept-Ranges: bytes
++ Content-Length: 7
++ Connection: close
++
++ target
++ </datacheck>
++ </reply>
++
++ #
++ # Client-side
++ <client>
++ <server>
++ http
++ </server>
++ <features>
++ proxy
++ </features>
++ <name>
++ .netrc with redirect and "default" with no password or login
++ </name>
++ <command>
++ --netrc --netrc-file log/netrc%TESTNUMBER -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/
++ </command>
++ <file name="log/netrc%TESTNUMBER" >
++
++ machine a.com
++   login alice
++   password alicespassword
++
++ default
++
++ </file>
++ </client>
++
++ <verify>
++ <protocol>
++ GET http://a.com/ HTTP/1.1
++ Host: a.com
++ Authorization: Basic %b64[alice:alicespassword]b64%
++ User-Agent: curl/%VERSION
++ Accept: */*
++ Proxy-Connection: Keep-Alive
++
++ GET http://b.com/%TESTNUMBER0002 HTTP/1.1
++ Host: b.com
++ User-Agent: curl/%VERSION
++ Accept: */*
++ Proxy-Connection: Keep-Alive
++
++ </protocol>
++ </verify>
++ </testcase>
+--
+2.40.0
diff --git a/meta/recipes-support/curl/curl/environment.d-curl.sh b/meta/recipes-support/curl/curl/environment.d-curl.sh
new file mode 100644
index 0000000000..7c2971b3da
--- /dev/null
+++ b/meta/recipes-support/curl/curl/environment.d-curl.sh
@@ -0,0 +1,19 @@
+# Respect host env CURL_CA_BUNDLE/CURL_CA_PATH first, then auto-detected host cert, then cert in buildtools
+# CAFILE/CAPATH is auto-deteced when source buildtools
+if [ -z "$CURL_CA_PATH" ]; then
+        if [ -n "$CAFILE" ];then
+                export CURL_CA_BUNDLE="$CAFILE"
+        elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+                export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
+        fi
+fi
+
+if [ -z "$CURL_CA_PATH" ]; then
+        if [ -n "$CAPATH" ];then
+                export CURL_CA_PATH="$CAPATH"
+        elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+                export CURL_CA_PATH="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs"
+        fi
+fi
+
+export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} CURL_CA_BUNDLE CURL_CA_PATH"
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index d094604ea1..2f5bf8c8fd 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -19,13 +19,25 @@ SRC_URI = " \
     file://CVE-2024-7264-1.patch \
     file://CVE-2024-7264-2.patch \
     file://CVE-2024-8096.patch \
+    file://CVE-2024-9681.patch \
+    file://CVE-2024-11053-0001.patch \
+    file://CVE-2024-11053-0002.patch \
+    file://CVE-2024-11053-0003.patch \
+    file://CVE-2025-0167.patch \
 "
+
+SRC_URI:append:class-nativesdk = " \
+           file://environment.d-curl.sh \
+"
+
 SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd"
 
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
 CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
 
+CVE_STATUS[CVE-2025-0725] = "not-applicable-config: gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older"
+
 inherit autotools pkgconfig binconfig multilib_header ptest
 
 # Entropy source for random PACKAGECONFIG option
@@ -101,6 +113,8 @@ do_install:append:class-target() {
 
 do_install:append:class-nativesdk() {
         fix_absolute_paths
+        mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+        install -m 644 ${WORKDIR}/environment.d-curl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/curl.sh
 }
 
 do_compile_ptest() {
@@ -149,6 +163,8 @@ RRECOMMENDS:lib${BPN} += "ca-certificates"
 
 FILES:${PN} += "${datadir}/zsh"
 
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/curl.sh"
+
 inherit multilib_script
 MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config"
 
diff --git a/meta/recipes-support/enchant/enchant2_2.6.7.bb b/meta/recipes-support/enchant/enchant2_2.6.7.bb
index b31bdc422b..26ff4e8502 100644
--- a/meta/recipes-support/enchant/enchant2_2.6.7.bb
+++ b/meta/recipes-support/enchant/enchant2_2.6.7.bb
@@ -14,7 +14,7 @@ inherit autotools pkgconfig github-releases
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/enchant-${PV}.tar.gz"
 SRC_URI[sha256sum] = "a1c2e5b59acca000bbfb24810af4a1165733d407f2154786588e076c8cd57bfc"
 
-GITHUB_BASE_URI = "https://github.com/AbiWord/enchant/releases"
+GITHUB_BASE_URI = "https://github.com/rrthomas/enchant/releases"
 
 S = "${WORKDIR}/enchant-${PV}"
 
diff --git a/meta/recipes-support/gnupg/gnupg_2.4.4.bb b/meta/recipes-support/gnupg/gnupg_2.4.5.bb
index fff7d8c6da..97b5d8856c 100644
--- a/meta/recipes-support/gnupg/gnupg_2.4.4.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.4.5.bb
@@ -23,7 +23,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-
                                 file://relocate.patch"
 SRC_URI:append:class-nativesdk = " file://relocate.patch"
 
-SRC_URI[sha256sum] = "67ebe016ca90fa7688ce67a387ebd82c6261e95897db7b23df24ff335be85bc6"
+SRC_URI[sha256sum] = "f68f7d75d06cb1635c336d34d844af97436c3f64ea14bcb7c869782f96f44277"
 
 EXTRA_OECONF = "--disable-ldap \
                 --disable-ccid-driver \
@@ -88,3 +88,4 @@ BBCLASSEXTEND = "native nativesdk"
 
 lcl_maybe_fortify:mipsarch = ""
 
+CVE_STATUS[CVE-2022-3219] = "upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993"
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2024-12243.patch b/meta/recipes-support/gnutls/gnutls/CVE-2024-12243.patch
new file mode 100644
index 0000000000..a7af87718f
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2024-12243.patch
@@ -0,0 +1,1149 @@
+From 4760bc63531e3f5039e70ede91a20e1194410892 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 18 Nov 2024 17:23:46 +0900
+Subject: [PATCH] x509: optimize name constraints processing
+
+This switches the representation name constraints from linked lists to
+array lists to optimize the lookup performance from O(n) to O(1), also
+enforces a limit of name constraint checks against subject alternative
+names.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+
+CVE: CVE-2024-12243
+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/4760bc63531e3f5039e70ede91a20e1194410892]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/datum.c                 |   7 +-
+ lib/x509/name_constraints.c | 595 +++++++++++++++++++++---------------
+ lib/x509/x509_ext.c         |  80 +++--
+ lib/x509/x509_ext_int.h     |   5 +
+ lib/x509/x509_int.h         |  21 +-
+ 5 files changed, 399 insertions(+), 309 deletions(-)
+
+diff --git a/lib/datum.c b/lib/datum.c
+index 66e016965..5577c2b4a 100644
+--- a/lib/datum.c
++++ b/lib/datum.c
+@@ -29,6 +29,7 @@
+ #include "num.h"
+ #include "datum.h"
+ #include "errors.h"
++#include "intprops.h"
+ 
+ /* On error, @dat is not changed. */
+ int _gnutls_set_datum(gnutls_datum_t *dat, const void *data, size_t data_size)
+@@ -60,7 +61,11 @@ int _gnutls_set_strdatum(gnutls_datum_t *dat, const void *data,
+        if (data == NULL)
+                return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+ 
+-       unsigned char *m = gnutls_malloc(data_size + 1);
++       size_t capacity;
++       if (!INT_ADD_OK(data_size, 1, &capacity))
++               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++
++       unsigned char *m = gnutls_malloc(capacity);
+        if (!m)
+                return GNUTLS_E_MEMORY_ERROR;
+ 
+diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
+index 8327a9d94..3c6e30630 100644
+--- a/lib/x509/name_constraints.c
++++ b/lib/x509/name_constraints.c
+@@ -33,51 +33,98 @@
+ #include <gnutls/x509-ext.h>
+ #include "x509_b64.h"
+ #include "x509_int.h"
++#include "x509_ext_int.h"
+ #include <libtasn1.h>
+ 
+ #include "ip.h"
+ #include "ip-in-cidr.h"
++#include "intprops.h"
++
++#define MAX_NC_CHECKS (1 << 20)
++
++struct name_constraints_node_st {
++       unsigned type;
++       gnutls_datum_t name;
++};
++
++struct name_constraints_node_list_st {
++       struct name_constraints_node_st **data;
++       size_t size;
++       size_t capacity;
++};
++
++struct gnutls_name_constraints_st {
++       struct name_constraints_node_list_st nodes; /* owns elements */
++       struct name_constraints_node_list_st permitted; /* borrows elements */
++       struct name_constraints_node_list_st excluded; /* borrows elements */
++};
++
++static struct name_constraints_node_st *
++name_constraints_node_new(gnutls_x509_name_constraints_t nc, unsigned type,
++                         unsigned char *data, unsigned int size);
++
++static int
++name_constraints_node_list_add(struct name_constraints_node_list_st *list,
++                              struct name_constraints_node_st *node)
++{
++       if (!list->capacity || list->size == list->capacity) {
++               size_t new_capacity = list->capacity;
++               struct name_constraints_node_st **new_data;
++
++               if (!INT_MULTIPLY_OK(new_capacity, 2, &new_capacity) ||
++                   !INT_ADD_OK(new_capacity, 1, &new_capacity))
++                       return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++               new_data = _gnutls_reallocarray(
++                       list->data, new_capacity,
++                       sizeof(struct name_constraints_node_st *));
++               if (!new_data)
++                       return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++               list->capacity = new_capacity;
++               list->data = new_data;
++       }
++       list->data[list->size++] = node;
++       return 0;
++}
+ 
+ // for documentation see the implementation
+-static int
+-name_constraints_intersect_nodes(name_constraints_node_st *nc1,
+-                                name_constraints_node_st *nc2,
+-                                name_constraints_node_st **intersection);
++static int name_constraints_intersect_nodes(
++       gnutls_x509_name_constraints_t nc,
++       const struct name_constraints_node_st *node1,
++       const struct name_constraints_node_st *node2,
++       struct name_constraints_node_st **intersection);
+ 
+ /*-
+- * is_nc_empty:
++ * _gnutls_x509_name_constraints_is_empty:
+  * @nc: name constraints structure
+- * @type: type (gnutls_x509_subject_alt_name_t)
++ * @type: type (gnutls_x509_subject_alt_name_t or 0)
+  *
+  * Test whether given name constraints structure has any constraints (permitted
+  * or excluded) of a given type. @nc must be allocated (not NULL) before the call.
++ * If @type is 0, type checking will be skipped.
+  *
+- * Returns: 0 if @nc contains constraints of type @type, 1 otherwise
++ * Returns: false if @nc contains constraints of type @type, true otherwise
+  -*/
+-static unsigned is_nc_empty(struct gnutls_name_constraints_st *nc,
+-                           unsigned type)
++bool _gnutls_x509_name_constraints_is_empty(gnutls_x509_name_constraints_t nc,
++                                           unsigned type)
+ {
+-       name_constraints_node_st *t;
++       if (nc->permitted.size == 0 && nc->excluded.size == 0)
++               return true;
+ 
+-       if (nc->permitted == NULL && nc->excluded == NULL)
+-               return 1;
++       if (type == 0)
++               return false;
+ 
+-       t = nc->permitted;
+-       while (t != NULL) {
+-               if (t->type == type)
+-                       return 0;
+-               t = t->next;
++       for (size_t i = 0; i < nc->permitted.size; i++) {
++               if (nc->permitted.data[i]->type == type)
++                       return false;
+        }
+ 
+-       t = nc->excluded;
+-       while (t != NULL) {
+-               if (t->type == type)
+-                       return 0;
+-               t = t->next;
++       for (size_t i = 0; i < nc->excluded.size; i++) {
++               if (nc->excluded.data[i]->type == type)
++                       return false;
+        }
+ 
+        /* no constraint for that type exists */
+-       return 1;
++       return true;
+ }
+ 
+ /*-
+@@ -115,21 +162,16 @@ static int validate_name_constraints_node(gnutls_x509_subject_alt_name_t type,
+        return GNUTLS_E_SUCCESS;
+ }
+ 
+-int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr,
+-                                    name_constraints_node_st **_nc)
++static int extract_name_constraints(gnutls_x509_name_constraints_t nc,
++                                   asn1_node c2, const char *vstr,
++                                   struct name_constraints_node_list_st *nodes)
+ {
+        int ret;
+        char tmpstr[128];
+        unsigned indx;
+        gnutls_datum_t tmp = { NULL, 0 };
+        unsigned int type;
+-       struct name_constraints_node_st *nc, *prev;
+-
+-       prev = *_nc;
+-       if (prev != NULL) {
+-               while (prev->next != NULL)
+-                       prev = prev->next;
+-       }
++       struct name_constraints_node_st *node;
+ 
+        for (indx = 1;; indx++) {
+                snprintf(tmpstr, sizeof(tmpstr), "%s.?%u.base", vstr, indx);
+@@ -172,25 +214,19 @@ int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr,
+                        goto cleanup;
+                }
+ 
+-               nc = gnutls_malloc(sizeof(struct name_constraints_node_st));
+-               if (nc == NULL) {
++               node = name_constraints_node_new(nc, type, tmp.data, tmp.size);
++               _gnutls_free_datum(&tmp);
++               if (node == NULL) {
+                        gnutls_assert();
+                        ret = GNUTLS_E_MEMORY_ERROR;
+                        goto cleanup;
+                }
+ 
+-               memcpy(&nc->name, &tmp, sizeof(gnutls_datum_t));
+-               nc->type = type;
+-               nc->next = NULL;
+-
+-               if (prev == NULL) {
+-                       *_nc = prev = nc;
+-               } else {
+-                       prev->next = nc;
+-                       prev = nc;
++               ret = name_constraints_node_list_add(nodes, node);
++               if (ret < 0) {
++                       gnutls_assert();
++                       goto cleanup;
+                }
+-
+-               tmp.data = NULL;
+        }
+ 
+        assert(ret < 0);
+@@ -205,84 +241,104 @@ cleanup:
+        return ret;
+ }
+ 
++int _gnutls_x509_name_constraints_extract(asn1_node c2,
++                                         const char *permitted_name,
++                                         const char *excluded_name,
++                                         gnutls_x509_name_constraints_t nc)
++{
++       int ret;
++
++       ret = extract_name_constraints(nc, c2, permitted_name, &nc->permitted);
++       if (ret < 0)
++               return gnutls_assert_val(ret);
++       ret = extract_name_constraints(nc, c2, excluded_name, &nc->excluded);
++       if (ret < 0)
++               return gnutls_assert_val(ret);
++
++       return ret;
++}
++
+ /*-
+- * _gnutls_name_constraints_node_free:
++ * name_constraints_node_free:
+  * @node: name constraints node
+  *
+- * Deallocate a list of name constraints nodes starting at the given node.
++ * Deallocate a name constraints node.
+  -*/
+-void _gnutls_name_constraints_node_free(name_constraints_node_st *node)
++static void name_constraints_node_free(struct name_constraints_node_st *node)
+ {
+-       name_constraints_node_st *next, *t;
+-
+-       t = node;
+-       while (t != NULL) {
+-               next = t->next;
+-               gnutls_free(t->name.data);
+-               gnutls_free(t);
+-               t = next;
++       if (node) {
++               gnutls_free(node->name.data);
++               gnutls_free(node);
+        }
+ }
+ 
+ /*-
+  * name_constraints_node_new:
+  * @type: name constraints type to set (gnutls_x509_subject_alt_name_t)
++ * @nc: a %gnutls_x509_name_constraints_t
+  * @data: name.data to set or NULL
+  * @size: name.size to set
+  *
+  * Allocate a new name constraints node and set its type, name size and name data.
+- * If @data is set to NULL, name data will be an array of \x00 (the length of @size).
+- * The .next pointer is set to NULL.
+  *
+  * Returns: Pointer to newly allocated node or NULL in case of memory error.
+  -*/
+-static name_constraints_node_st *
+-name_constraints_node_new(unsigned type, unsigned char *data, unsigned int size)
++static struct name_constraints_node_st *
++name_constraints_node_new(gnutls_x509_name_constraints_t nc, unsigned type,
++                         unsigned char *data, unsigned int size)
+ {
+-       name_constraints_node_st *tmp =
+-               gnutls_malloc(sizeof(struct name_constraints_node_st));
++       struct name_constraints_node_st *tmp;
++       int ret;
++
++       tmp = gnutls_calloc(1, sizeof(struct name_constraints_node_st));
+        if (tmp == NULL)
+                return NULL;
+        tmp->type = type;
+-       tmp->next = NULL;
+-       tmp->name.size = size;
+-       tmp->name.data = NULL;
+-       if (tmp->name.size > 0) {
+-               tmp->name.data = gnutls_malloc(tmp->name.size);
+-               if (tmp->name.data == NULL) {
++
++       if (data) {
++               ret = _gnutls_set_strdatum(&tmp->name, data, size);
++               if (ret < 0) {
++                       gnutls_assert();
+                        gnutls_free(tmp);
+                        return NULL;
+                }
+-               if (data != NULL) {
+-                       memcpy(tmp->name.data, data, size);
+-               } else {
+-                       memset(tmp->name.data, 0, size);
+-               }
+        }
++
++       ret = name_constraints_node_list_add(&nc->nodes, tmp);
++       if (ret < 0) {
++               gnutls_assert();
++               name_constraints_node_free(tmp);
++               return NULL;
++       }
++
+        return tmp;
+ }
+ 
+ /*-
+- * @brief _gnutls_name_constraints_intersect:
+- * @_nc: first name constraints list (permitted)
+- * @_nc2: name constraints list to merge with (permitted)
+- * @_nc_excluded: Corresponding excluded name constraints list
++ * @brief name_constraints_node_list_intersect:
++ * @nc: %gnutls_x509_name_constraints_t
++ * @permitted: first name constraints list (permitted)
++ * @permitted2: name constraints list to merge with (permitted)
++ * @excluded: Corresponding excluded name constraints list
+  *
+- * This function finds the intersection of @_nc and @_nc2. The result is placed in @_nc,
+- * the original @_nc is deallocated. @_nc2 is not changed. If necessary, a universal
++ * This function finds the intersection of @permitted and @permitted2. The result is placed in @permitted,
++ * the original @permitted is modified. @permitted2 is not changed. If necessary, a universal
+  * excluded name constraint node of the right type is added to the list provided
+- * in @_nc_excluded.
++ * in @excluded.
+  *
+  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
+  -*/
+-static int
+-_gnutls_name_constraints_intersect(name_constraints_node_st **_nc,
+-                                  name_constraints_node_st *_nc2,
+-                                  name_constraints_node_st **_nc_excluded)
++static int name_constraints_node_list_intersect(
++       gnutls_x509_name_constraints_t nc,
++       struct name_constraints_node_list_st *permitted,
++       const struct name_constraints_node_list_st *permitted2,
++       struct name_constraints_node_list_st *excluded)
+ {
+-       name_constraints_node_st *nc, *nc2, *t, *tmp, *dest = NULL,
+-                                                     *prev = NULL;
++       struct name_constraints_node_st *tmp;
+        int ret, type, used;
++       struct name_constraints_node_list_st removed = { .data = NULL,
++                                                        .size = 0,
++                                                        .capacity = 0 };
+ 
+        /* temporary array to see, if we need to add universal excluded constraints
+         * (see phase 3 for details)
+@@ -291,61 +347,73 @@ _gnutls_name_constraints_intersect(name_constraints_node_st **_nc,
+        memset(types_with_empty_intersection, 0,
+               sizeof(types_with_empty_intersection));
+ 
+-       if (*_nc == NULL || _nc2 == NULL)
++       if (permitted->size == 0 || permitted2->size == 0)
+                return 0;
+ 
+        /* Phase 1
+-        * For each name in _NC, if a _NC2 does not contain a name
+-        * with the same type, preserve the original name.
+-        * Do this also for node of unknown type (not DNS, email, IP */
+-       t = nc = *_nc;
+-       while (t != NULL) {
+-               name_constraints_node_st *next = t->next;
+-               nc2 = _nc2;
+-               while (nc2 != NULL) {
+-                       if (t->type == nc2->type) {
++        * For each name in PERMITTED, if a PERMITTED2 does not contain a name
++        * with the same type, move the original name to REMOVED.
++        * Do this also for node of unknown type (not DNS, email, IP) */
++       for (size_t i = 0; i < permitted->size;) {
++               struct name_constraints_node_st *t = permitted->data[i];
++               const struct name_constraints_node_st *found = NULL;
++
++               for (size_t j = 0; j < permitted2->size; j++) {
++                       const struct name_constraints_node_st *t2 =
++                               permitted2->data[j];
++                       if (t->type == t2->type) {
+                                // check bounds (we will use 't->type' as index)
+-                               if (t->type > GNUTLS_SAN_MAX || t->type == 0)
+-                                       return gnutls_assert_val(
+-                                               GNUTLS_E_INTERNAL_ERROR);
++                               if (t->type > GNUTLS_SAN_MAX || t->type == 0) {
++                                       gnutls_assert();
++                                       ret = GNUTLS_E_INTERNAL_ERROR;
++                                       goto cleanup;
++                               }
+                                // note the possibility of empty intersection for this type
+                                // if we add something to the intersection in phase 2,
+                                // we will reset this flag back to 0 then
+                                types_with_empty_intersection[t->type - 1] = 1;
++                               found = t2;
+                                break;
+                        }
+-                       nc2 = nc2->next;
+                }
+-               if (nc2 == NULL || (t->type != GNUTLS_SAN_DNSNAME &&
+-                                   t->type != GNUTLS_SAN_RFC822NAME &&
+-                                   t->type != GNUTLS_SAN_IPADDRESS)) {
+-                       /* move node from NC to DEST */
+-                       if (prev != NULL)
+-                               prev->next = next;
+-                       else
+-                               prev = nc = next;
+-                       t->next = dest;
+-                       dest = t;
+-               } else {
+-                       prev = t;
++
++               if (found != NULL && (t->type == GNUTLS_SAN_DNSNAME ||
++                                     t->type == GNUTLS_SAN_RFC822NAME ||
++                                     t->type == GNUTLS_SAN_IPADDRESS)) {
++                       /* move node from PERMITTED to REMOVED */
++                       ret = name_constraints_node_list_add(&removed, t);
++                       if (ret < 0) {
++                               gnutls_assert();
++                               goto cleanup;
++                       }
++                       /* remove node by swapping */
++                       if (i < permitted->size - 1)
++                               permitted->data[i] =
++                                       permitted->data[permitted->size - 1];
++                       permitted->size--;
++                       continue;
+                }
+-               t = next;
++               i++;
+        }
+ 
+        /* Phase 2
+-        * iterate through all combinations from nc2 and nc1
++        * iterate through all combinations from PERMITTED2 and PERMITTED
+         * and create intersections of nodes with same type */
+-       nc2 = _nc2;
+-       while (nc2 != NULL) {
+-               // current nc2 node has not yet been used for any intersection
+-               // (and is not in DEST either)
++       for (size_t i = 0; i < permitted2->size; i++) {
++               const struct name_constraints_node_st *t2 = permitted2->data[i];
++
++               // current PERMITTED2 node has not yet been used for any intersection
++               // (and is not in REMOVED either)
+                used = 0;
+-               t = nc;
+-               while (t != NULL) {
++               for (size_t j = 0; j < removed.size; j++) {
++                       const struct name_constraints_node_st *t =
++                               removed.data[j];
+                        // save intersection of name constraints into tmp
+-                       ret = name_constraints_intersect_nodes(t, nc2, &tmp);
+-                       if (ret < 0)
+-                               return gnutls_assert_val(ret);
++                       ret = name_constraints_intersect_nodes(nc, t, t2, &tmp);
++                       if (ret < 0) {
++                               gnutls_assert();
++                               goto cleanup;
++                       }
+                        used = 1;
+                        // if intersection is not empty
+                        if (tmp !=
+@@ -360,32 +428,34 @@ _gnutls_name_constraints_intersect(name_constraints_node_st **_nc,
+                                // we will not add universal excluded constraint for this type
+                                types_with_empty_intersection[tmp->type - 1] =
+                                        0;
+-                               // add intersection node to DEST
+-                               tmp->next = dest;
+-                               dest = tmp;
++                               // add intersection node to PERMITTED
++                               ret = name_constraints_node_list_add(permitted,
++                                                                    tmp);
++                               if (ret < 0) {
++                                       gnutls_assert();
++                                       goto cleanup;
++                               }
+                        }
+-                       t = t->next;
+                }
+-               // if the node from nc2 was not used for intersection, copy it to DEST
++               // if the node from PERMITTED2 was not used for intersection, copy it to DEST
+                // Beware: also copies nodes other than DNS, email, IP,
+                //       since their counterpart may have been moved in phase 1.
+                if (!used) {
+                        tmp = name_constraints_node_new(
+-                               nc2->type, nc2->name.data, nc2->name.size);
++                               nc, t2->type, t2->name.data, t2->name.size);
+                        if (tmp == NULL) {
+-                               _gnutls_name_constraints_node_free(dest);
+-                               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++                               gnutls_assert();
++                               ret = GNUTLS_E_MEMORY_ERROR;
++                               goto cleanup;
++                       }
++                       ret = name_constraints_node_list_add(permitted, tmp);
++                       if (ret < 0) {
++                               gnutls_assert();
++                               goto cleanup;
+                        }
+-                       tmp->next = dest;
+-                       dest = tmp;
+                }
+-               nc2 = nc2->next;
+        }
+ 
+-       /* replace the original with the new */
+-       _gnutls_name_constraints_node_free(nc);
+-       *_nc = dest;
+-
+        /* Phase 3
+         * For each type: If we have empty permitted name constraints now
+         * and we didn't have at the beginning, we have to add a new
+@@ -400,63 +470,77 @@ _gnutls_name_constraints_intersect(name_constraints_node_st **_nc,
+                switch (type) {
+                case GNUTLS_SAN_IPADDRESS:
+                        // add universal restricted range for IPv4
+-                       tmp = name_constraints_node_new(GNUTLS_SAN_IPADDRESS,
+-                                                       NULL, 8);
++                       tmp = name_constraints_node_new(
++                               nc, GNUTLS_SAN_IPADDRESS, NULL, 8);
+                        if (tmp == NULL) {
+-                               _gnutls_name_constraints_node_free(dest);
+-                               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++                               gnutls_assert();
++                               ret = GNUTLS_E_MEMORY_ERROR;
++                               goto cleanup;
++                       }
++                       ret = name_constraints_node_list_add(excluded, tmp);
++                       if (ret < 0) {
++                               gnutls_assert();
++                               goto cleanup;
+                        }
+-                       tmp->next = *_nc_excluded;
+-                       *_nc_excluded = tmp;
+                        // add universal restricted range for IPv6
+-                       tmp = name_constraints_node_new(GNUTLS_SAN_IPADDRESS,
+-                                                       NULL, 32);
++                       tmp = name_constraints_node_new(
++                               nc, GNUTLS_SAN_IPADDRESS, NULL, 32);
+                        if (tmp == NULL) {
+-                               _gnutls_name_constraints_node_free(dest);
+-                               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++                               gnutls_assert();
++                               ret = GNUTLS_E_MEMORY_ERROR;
++                               goto cleanup;
++                       }
++                       ret = name_constraints_node_list_add(excluded, tmp);
++                       if (ret < 0) {
++                               gnutls_assert();
++                               goto cleanup;
+                        }
+-                       tmp->next = *_nc_excluded;
+-                       *_nc_excluded = tmp;
+                        break;
+                case GNUTLS_SAN_DNSNAME:
+                case GNUTLS_SAN_RFC822NAME:
+-                       tmp = name_constraints_node_new(type, NULL, 0);
++                       tmp = name_constraints_node_new(nc, type, NULL, 0);
+                        if (tmp == NULL) {
+-                               _gnutls_name_constraints_node_free(dest);
+-                               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++                               gnutls_assert();
++                               ret = GNUTLS_E_MEMORY_ERROR;
++                               goto cleanup;
++                       }
++                       ret = name_constraints_node_list_add(excluded, tmp);
++                       if (ret < 0) {
++                               gnutls_assert();
++                               goto cleanup;
+                        }
+-                       tmp->next = *_nc_excluded;
+-                       *_nc_excluded = tmp;
+                        break;
+                default: // do nothing, at least one node was already moved in phase 1
+                        break;
+                }
+        }
+-       return GNUTLS_E_SUCCESS;
++       ret = GNUTLS_E_SUCCESS;
++
++cleanup:
++       gnutls_free(removed.data);
++       return ret;
+ }
+ 
+-static int _gnutls_name_constraints_append(name_constraints_node_st **_nc,
+-                                          name_constraints_node_st *_nc2)
++static int name_constraints_node_list_concat(
++       gnutls_x509_name_constraints_t nc,
++       struct name_constraints_node_list_st *nodes,
++       const struct name_constraints_node_list_st *nodes2)
+ {
+-       name_constraints_node_st *nc, *nc2;
+-       struct name_constraints_node_st *tmp;
+-
+-       if (_nc2 == NULL)
+-               return 0;
+-
+-       nc2 = _nc2;
+-       while (nc2) {
+-               nc = *_nc;
+-
+-               tmp = name_constraints_node_new(nc2->type, nc2->name.data,
+-                                               nc2->name.size);
+-               if (tmp == NULL)
++       for (size_t i = 0; i < nodes2->size; i++) {
++               const struct name_constraints_node_st *node = nodes2->data[i];
++               struct name_constraints_node_st *tmp;
++               int ret;
++
++               tmp = name_constraints_node_new(nc, node->type, node->name.data,
++                                               node->name.size);
++               if (tmp == NULL) {
+                        return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+-
+-               tmp->next = nc;
+-               *_nc = tmp;
+-
+-               nc2 = nc2->next;
++               }
++               ret = name_constraints_node_list_add(nodes, tmp);
++               if (ret < 0) {
++                       name_constraints_node_free(tmp);
++                       return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++               }
+        }
+ 
+        return 0;
+@@ -524,6 +608,25 @@ cleanup:
+        return ret;
+ }
+ 
++void _gnutls_x509_name_constraints_clear(gnutls_x509_name_constraints_t nc)
++{
++       for (size_t i = 0; i < nc->nodes.size; i++) {
++               struct name_constraints_node_st *node = nc->nodes.data[i];
++               name_constraints_node_free(node);
++       }
++       gnutls_free(nc->nodes.data);
++       nc->nodes.capacity = 0;
++       nc->nodes.size = 0;
++
++       gnutls_free(nc->permitted.data);
++       nc->permitted.capacity = 0;
++       nc->permitted.size = 0;
++
++       gnutls_free(nc->excluded.data);
++       nc->excluded.capacity = 0;
++       nc->excluded.size = 0;
++}
++
+ /**
+  * gnutls_x509_name_constraints_deinit:
+  * @nc: The nameconstraints
+@@ -534,9 +637,7 @@ cleanup:
+  **/
+ void gnutls_x509_name_constraints_deinit(gnutls_x509_name_constraints_t nc)
+ {
+-       _gnutls_name_constraints_node_free(nc->permitted);
+-       _gnutls_name_constraints_node_free(nc->excluded);
+-
++       _gnutls_x509_name_constraints_clear(nc);
+        gnutls_free(nc);
+ }
+ 
+@@ -552,12 +653,15 @@ void gnutls_x509_name_constraints_deinit(gnutls_x509_name_constraints_t nc)
+  **/
+ int gnutls_x509_name_constraints_init(gnutls_x509_name_constraints_t *nc)
+ {
+-       *nc = gnutls_calloc(1, sizeof(struct gnutls_name_constraints_st));
+-       if (*nc == NULL) {
++       struct gnutls_name_constraints_st *tmp;
++
++       tmp = gnutls_calloc(1, sizeof(struct gnutls_name_constraints_st));
++       if (tmp == NULL) {
+                gnutls_assert();
+                return GNUTLS_E_MEMORY_ERROR;
+        }
+ 
++       *nc = tmp;
+        return 0;
+ }
+ 
+@@ -565,36 +669,25 @@ static int name_constraints_add(gnutls_x509_name_constraints_t nc,
+                                gnutls_x509_subject_alt_name_t type,
+                                const gnutls_datum_t *name, unsigned permitted)
+ {
+-       struct name_constraints_node_st *tmp, *prev = NULL;
++       struct name_constraints_node_st *tmp;
++       struct name_constraints_node_list_st *nodes;
+        int ret;
+ 
+        ret = validate_name_constraints_node(type, name);
+        if (ret < 0)
+                return gnutls_assert_val(ret);
+ 
+-       if (permitted != 0)
+-               prev = tmp = nc->permitted;
+-       else
+-               prev = tmp = nc->excluded;
++       nodes = permitted ? &nc->permitted : &nc->excluded;
+ 
+-       while (tmp != NULL) {
+-               tmp = tmp->next;
+-               if (tmp != NULL)
+-                       prev = tmp;
+-       }
+-
+-       tmp = name_constraints_node_new(type, name->data, name->size);
++       tmp = name_constraints_node_new(nc, type, name->data, name->size);
+        if (tmp == NULL)
+                return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+-       tmp->next = NULL;
+ 
+-       if (prev == NULL) {
+-               if (permitted != 0)
+-                       nc->permitted = tmp;
+-               else
+-                       nc->excluded = tmp;
+-       } else
+-               prev->next = tmp;
++       ret = name_constraints_node_list_add(nodes, tmp);
++       if (ret < 0) {
++               name_constraints_node_free(tmp);
++               return gnutls_assert_val(ret);
++       }
+ 
+        return 0;
+ }
+@@ -620,14 +713,15 @@ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc,
+ {
+        int ret;
+ 
+-       ret = _gnutls_name_constraints_intersect(&nc->permitted, nc2->permitted,
+-                                                &nc->excluded);
++       ret = name_constraints_node_list_intersect(
++               nc, &nc->permitted, &nc2->permitted, &nc->excluded);
+        if (ret < 0) {
+                gnutls_assert();
+                return ret;
+        }
+ 
+-       ret = _gnutls_name_constraints_append(&nc->excluded, nc2->excluded);
++       ret = name_constraints_node_list_concat(nc, &nc->excluded,
++                                               &nc2->excluded);
+        if (ret < 0) {
+                gnutls_assert();
+                return ret;
+@@ -804,50 +898,51 @@ static unsigned email_matches(const gnutls_datum_t *name,
+  *
+  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
+  -*/
+-static int
+-name_constraints_intersect_nodes(name_constraints_node_st *nc1,
+-                                name_constraints_node_st *nc2,
+-                                name_constraints_node_st **_intersection)
++static int name_constraints_intersect_nodes(
++       gnutls_x509_name_constraints_t nc,
++       const struct name_constraints_node_st *node1,
++       const struct name_constraints_node_st *node2,
++       struct name_constraints_node_st **_intersection)
+ {
+        // presume empty intersection
+-       name_constraints_node_st *intersection = NULL;
+-       name_constraints_node_st *to_copy = NULL;
++       struct name_constraints_node_st *intersection = NULL;
++       const struct name_constraints_node_st *to_copy = NULL;
+        unsigned iplength = 0;
+        unsigned byte;
+ 
+        *_intersection = NULL;
+ 
+-       if (nc1->type != nc2->type) {
++       if (node1->type != node2->type) {
+                return GNUTLS_E_SUCCESS;
+        }
+-       switch (nc1->type) {
++       switch (node1->type) {
+        case GNUTLS_SAN_DNSNAME:
+-               if (!dnsname_matches(&nc2->name, &nc1->name))
++               if (!dnsname_matches(&node2->name, &node1->name))
+                        return GNUTLS_E_SUCCESS;
+-               to_copy = nc2;
++               to_copy = node2;
+                break;
+        case GNUTLS_SAN_RFC822NAME:
+-               if (!email_matches(&nc2->name, &nc1->name))
++               if (!email_matches(&node2->name, &node1->name))
+                        return GNUTLS_E_SUCCESS;
+-               to_copy = nc2;
++               to_copy = node2;
+                break;
+        case GNUTLS_SAN_IPADDRESS:
+-               if (nc1->name.size != nc2->name.size)
++               if (node1->name.size != node2->name.size)
+                        return GNUTLS_E_SUCCESS;
+-               iplength = nc1->name.size / 2;
++               iplength = node1->name.size / 2;
+                for (byte = 0; byte < iplength; byte++) {
+-                       if (((nc1->name.data[byte] ^
+-                             nc2->name.data[byte]) // XOR of addresses
+-                            &
+-                            nc1->name.data[byte + iplength] // AND mask from nc1
+-                            &
+-                            nc2->name.data[byte + iplength]) // AND mask from nc2
++                       if (((node1->name.data[byte] ^
++                             node2->name.data[byte]) // XOR of addresses
++                            & node1->name.data[byte +
++                                               iplength] // AND mask from nc1
++                            & node2->name.data[byte +
++                                               iplength]) // AND mask from nc2
+                            != 0) {
+                                // CIDRS do not intersect
+                                return GNUTLS_E_SUCCESS;
+                        }
+                }
+-               to_copy = nc2;
++               to_copy = node2;
+                break;
+        default:
+                // for other types, we don't know how to do the intersection, assume empty
+@@ -856,8 +951,9 @@ name_constraints_intersect_nodes(name_constraints_node_st *nc1,
+ 
+        // copy existing node if applicable
+        if (to_copy != NULL) {
+-               *_intersection = name_constraints_node_new(
+-                       to_copy->type, to_copy->name.data, to_copy->name.size);
++               *_intersection = name_constraints_node_new(nc, to_copy->type,
++                                                          to_copy->name.data,
++                                                          to_copy->name.size);
+                if (*_intersection == NULL)
+                        return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+                intersection = *_intersection;
+@@ -869,12 +965,12 @@ name_constraints_intersect_nodes(name_constraints_node_st *nc1,
+                        _gnutls_mask_ip(intersection->name.data,
+                                        intersection->name.data + iplength,
+                                        iplength);
+-                       _gnutls_mask_ip(nc1->name.data,
+-                                       nc1->name.data + iplength, iplength);
++                       _gnutls_mask_ip(node1->name.data,
++                                       node1->name.data + iplength, iplength);
+                        // update intersection, if necessary (we already know one is subset of other)
+                        for (byte = 0; byte < 2 * iplength; byte++) {
+                                intersection->name.data[byte] |=
+-                                       nc1->name.data[byte];
++                                       node1->name.data[byte];
+                        }
+                }
+        }
+@@ -1177,10 +1273,17 @@ gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t nc,
+        unsigned idx, t, san_type;
+        gnutls_datum_t n;
+        unsigned found_one;
++       size_t checks;
+ 
+-       if (is_nc_empty(nc, type) != 0)
++       if (_gnutls_x509_name_constraints_is_empty(nc, type) != 0)
+                return 1; /* shortcut; no constraints to check */
+ 
++       if (!INT_ADD_OK(nc->permitted.size, nc->excluded.size, &checks) ||
++           !INT_MULTIPLY_OK(checks, cert->san->size, &checks) ||
++           checks > MAX_NC_CHECKS) {
++               return gnutls_assert_val(0);
++       }
++
+        if (type == GNUTLS_SAN_RFC822NAME) {
+                found_one = 0;
+                for (idx = 0;; idx++) {
+@@ -1378,20 +1481,13 @@ int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc
+                                               unsigned idx, unsigned *type,
+                                               gnutls_datum_t *name)
+ {
+-       unsigned int i;
+-       struct name_constraints_node_st *tmp = nc->permitted;
++       const struct name_constraints_node_st *tmp;
+ 
+-       for (i = 0; i < idx; i++) {
+-               if (tmp == NULL)
+-                       return gnutls_assert_val(
+-                               GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+-
+-               tmp = tmp->next;
+-       }
+-
+-       if (tmp == NULL)
++       if (idx >= nc->permitted.size)
+                return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ 
++       tmp = nc->permitted.data[idx];
++
+        *type = tmp->type;
+        *name = tmp->name;
+ 
+@@ -1421,20 +1517,13 @@ int gnutls_x509_name_constraints_get_excluded(gnutls_x509_name_constraints_t nc,
+                                              unsigned idx, unsigned *type,
+                                              gnutls_datum_t *name)
+ {
+-       unsigned int i;
+-       struct name_constraints_node_st *tmp = nc->excluded;
++       const struct name_constraints_node_st *tmp;
+ 
+-       for (i = 0; i < idx; i++) {
+-               if (tmp == NULL)
+-                       return gnutls_assert_val(
+-                               GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+-
+-               tmp = tmp->next;
+-       }
+-
+-       if (tmp == NULL)
++       if (idx >= nc->excluded.size)
+                return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ 
++       tmp = nc->excluded.data[idx];
++
+        *type = tmp->type;
+        *name = tmp->name;
+ 
+diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
+index ad3af1430..064ca8357 100644
+--- a/lib/x509/x509_ext.c
++++ b/lib/x509/x509_ext.c
+@@ -34,10 +34,6 @@
+ #include "intprops.h"
+ 
+ #define MAX_ENTRIES 64
+-struct gnutls_subject_alt_names_st {
+-       struct name_st *names;
+-       unsigned int size;
+-};
+ 
+ /**
+  * gnutls_subject_alt_names_init:
+@@ -389,22 +385,15 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t *ext,
+        }
+ 
+        if (flags & GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND &&
+-           (nc->permitted != NULL || nc->excluded != NULL)) {
++           !_gnutls_x509_name_constraints_is_empty(nc, 0)) {
+                ret = gnutls_x509_name_constraints_init(&nc2);
+                if (ret < 0) {
+                        gnutls_assert();
+                        goto cleanup;
+                }
+ 
+-               ret = _gnutls_extract_name_constraints(c2, "permittedSubtrees",
+-                                                      &nc2->permitted);
+-               if (ret < 0) {
+-                       gnutls_assert();
+-                       goto cleanup;
+-               }
+-
+-               ret = _gnutls_extract_name_constraints(c2, "excludedSubtrees",
+-                                                      &nc2->excluded);
++               ret = _gnutls_x509_name_constraints_extract(
++                       c2, "permittedSubtrees", "excludedSubtrees", nc2);
+                if (ret < 0) {
+                        gnutls_assert();
+                        goto cleanup;
+@@ -416,18 +405,10 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t *ext,
+                        goto cleanup;
+                }
+        } else {
+-               _gnutls_name_constraints_node_free(nc->permitted);
+-               _gnutls_name_constraints_node_free(nc->excluded);
++               _gnutls_x509_name_constraints_clear(nc);
+ 
+-               ret = _gnutls_extract_name_constraints(c2, "permittedSubtrees",
+-                                                      &nc->permitted);
+-               if (ret < 0) {
+-                       gnutls_assert();
+-                       goto cleanup;
+-               }
+-
+-               ret = _gnutls_extract_name_constraints(c2, "excludedSubtrees",
+-                                                      &nc->excluded);
++               ret = _gnutls_x509_name_constraints_extract(
++                       c2, "permittedSubtrees", "excludedSubtrees", nc);
+                if (ret < 0) {
+                        gnutls_assert();
+                        goto cleanup;
+@@ -463,9 +444,10 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc,
+        int ret, result;
+        uint8_t null = 0;
+        asn1_node c2 = NULL;
+-       struct name_constraints_node_st *tmp;
++       unsigned rtype;
++       gnutls_datum_t rname;
+ 
+-       if (nc->permitted == NULL && nc->excluded == NULL)
++       if (_gnutls_x509_name_constraints_is_empty(nc, 0))
+                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ 
+        result = asn1_create_element(_gnutls_get_pkix(),
+@@ -475,11 +457,20 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc,
+                return _gnutls_asn2err(result);
+        }
+ 
+-       if (nc->permitted == NULL) {
++       ret = gnutls_x509_name_constraints_get_permitted(nc, 0, &rtype, &rname);
++       if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+                (void)asn1_write_value(c2, "permittedSubtrees", NULL, 0);
+        } else {
+-               tmp = nc->permitted;
+-               do {
++               for (unsigned i = 0;; i++) {
++                       ret = gnutls_x509_name_constraints_get_permitted(
++                               nc, i, &rtype, &rname);
++                       if (ret < 0) {
++                               if (ret ==
++                                   GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
++                                       break;
++                               gnutls_assert();
++                               goto cleanup;
++                       }
+                        result = asn1_write_value(c2, "permittedSubtrees",
+                                                  "NEW", 1);
+                        if (result != ASN1_SUCCESS) {
+@@ -506,21 +497,29 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc,
+                        }
+ 
+                        ret = _gnutls_write_general_name(
+-                               c2, "permittedSubtrees.?LAST.base", tmp->type,
+-                               tmp->name.data, tmp->name.size);
++                               c2, "permittedSubtrees.?LAST.base", rtype,
++                               rname.data, rname.size);
+                        if (ret < 0) {
+                                gnutls_assert();
+                                goto cleanup;
+                        }
+-                       tmp = tmp->next;
+-               } while (tmp != NULL);
++               }
+        }
+ 
+-       if (nc->excluded == NULL) {
++       ret = gnutls_x509_name_constraints_get_excluded(nc, 0, &rtype, &rname);
++       if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+                (void)asn1_write_value(c2, "excludedSubtrees", NULL, 0);
+        } else {
+-               tmp = nc->excluded;
+-               do {
++               for (unsigned i = 0;; i++) {
++                       ret = gnutls_x509_name_constraints_get_excluded(
++                               nc, i, &rtype, &rname);
++                       if (ret < 0) {
++                               if (ret ==
++                                   GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
++                                       break;
++                               gnutls_assert();
++                               goto cleanup;
++                       }
+                        result = asn1_write_value(c2, "excludedSubtrees", "NEW",
+                                                  1);
+                        if (result != ASN1_SUCCESS) {
+@@ -546,14 +545,13 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc,
+                        }
+ 
+                        ret = _gnutls_write_general_name(
+-                               c2, "excludedSubtrees.?LAST.base", tmp->type,
+-                               tmp->name.data, tmp->name.size);
++                               c2, "excludedSubtrees.?LAST.base", rtype,
++                               rname.data, rname.size);
+                        if (ret < 0) {
+                                gnutls_assert();
+                                goto cleanup;
+                        }
+-                       tmp = tmp->next;
+-               } while (tmp != NULL);
++               }
+        }
+ 
+        ret = _gnutls_x509_der_encode(c2, "", ext, 0);
+diff --git a/lib/x509/x509_ext_int.h b/lib/x509/x509_ext_int.h
+index 558d61956..b37d74997 100644
+--- a/lib/x509/x509_ext_int.h
++++ b/lib/x509/x509_ext_int.h
+@@ -29,6 +29,11 @@ struct name_st {
+        gnutls_datum_t othername_oid;
+ };
+ 
++struct gnutls_subject_alt_names_st {
++       struct name_st *names;
++       unsigned int size;
++};
++
+ int _gnutls_alt_name_process(gnutls_datum_t *out, unsigned type,
+                             const gnutls_datum_t *san, unsigned raw);
+ 
+diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
+index 4ec55bd75..211743ced 100644
+--- a/lib/x509/x509_int.h
++++ b/lib/x509/x509_int.h
+@@ -485,20 +485,13 @@ int _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
+                                      int crl_list_length,
+                                      gnutls_verify_output_function func);
+ 
+-typedef struct gnutls_name_constraints_st {
+-       struct name_constraints_node_st *permitted;
+-       struct name_constraints_node_st *excluded;
+-} gnutls_name_constraints_st;
+-
+-typedef struct name_constraints_node_st {
+-       unsigned type;
+-       gnutls_datum_t name;
+-       struct name_constraints_node_st *next;
+-} name_constraints_node_st;
+-
+-int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr,
+-                                    name_constraints_node_st **_nc);
+-void _gnutls_name_constraints_node_free(name_constraints_node_st *node);
++bool _gnutls_x509_name_constraints_is_empty(gnutls_x509_name_constraints_t nc,
++                                           unsigned type);
++int _gnutls_x509_name_constraints_extract(asn1_node c2,
++                                         const char *permitted_name,
++                                         const char *excluded_name,
++                                         gnutls_x509_name_constraints_t nc);
++void _gnutls_x509_name_constraints_clear(gnutls_x509_name_constraints_t nc);
+ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc,
+                                        gnutls_x509_name_constraints_t nc2);
+ 
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
index 20139b4dd4..e77960724b 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.4.bb
@@ -23,6 +23,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
            file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
            file://run-ptest \
            file://Add-ptest-support.patch \
+           file://CVE-2024-12243.patch \
            "
 
 SRC_URI[sha256sum] = "2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b"
diff --git a/meta/recipes-support/gnutls/libtasn1_4.19.0.bb b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb
index 5fb8b54c06..8127ba5b1d 100644
--- a/meta/recipes-support/gnutls/libtasn1_4.19.0.bb
+++ b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb
@@ -6,9 +6,8 @@ HOMEPAGE = "http://www.gnu.org/software/libtasn1/"
 LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later"
 LICENSE:${PN}-bin = "GPL-3.0-or-later"
 LICENSE:${PN} = "LGPL-2.1-or-later"
-LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \
-                    file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c \
-                    file://COPYING;md5=75ac100ec923f959898182307970c360"
+LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
+                    file://COPYING.LESSERv2;md5=4bf661c1e3793e55c8d1051bc5e0ae21"
 
 SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
            file://dont-depend-on-help2man.patch \
@@ -16,7 +15,7 @@ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
 
 DEPENDS = "bison-native"
 
-SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a"
+SRC_URI[sha256sum] = "92e0e3bd4c02d4aeee76036b2ddd83f0c732ba4cda5cb71d583272b23587a76c"
 
 inherit autotools texinfo lib_package gtk-doc
 
diff --git a/meta/recipes-support/icu/icu/fix-install-manx.patch b/meta/recipes-support/icu/icu/fix-install-manx.patch
index 16cabc8264..7b1ca81451 100644
--- a/meta/recipes-support/icu/icu/fix-install-manx.patch
+++ b/meta/recipes-support/icu/icu/fix-install-manx.patch
@@ -11,9 +11,7 @@ and one process tries to chown a file that the other process has just deleted.
 Also install-manx should be a phony target, and for clarity use $^ instead of $?
 in the install command.
 
-Upstream ticket: https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-21172
-
-Upstream-Status: Submitted [https://github.com/unicode-org/icu/pull/2966]
+Upstream-Status: Backport [0f022dca90cfe6bbf6a74f605dcaf1b489d58a9b]
 Signed-off-by: Ross Burton <ross.burton@intel.com>
 ---
  Makefile.in | 8 ++++----
diff --git a/meta/recipes-support/icu/icu_74-2.bb b/meta/recipes-support/icu/icu_74-2.bb
index 8352bf2a5b..3a4e197308 100644
--- a/meta/recipes-support/icu/icu_74-2.bb
+++ b/meta/recipes-support/icu/icu_74-2.bb
@@ -26,11 +26,11 @@ EXTRA_OECONF:class-native = "--disable-icu-config"
 EXTRA_OECONF:class-nativesdk = "--with-cross-build=${STAGING_ICU_DIR_NATIVE} --disable-icu-config"
 
 EXTRA_OECONF:append:class-target = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'be', ' --with-data-packaging=archive', '', d)}"
-TARGET_CXXFLAGS:append = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'be', ' -DICU_DATA_DIR=\\""${datadir}/${BPN}/${PV}\\""', '', d)}"
+TARGET_CXXFLAGS:append = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'be', ' -DICU_DATA_DIR=\\""${datadir}/${BPN}/${@icu_install_folder(d)}\\""', '', d)}"
 
 ASNEEDED = ""
 
-do_compile:prepend:class-target () {
+remove_build_host_references_from_libicutu () {
         # Make sure certain build host references do not end up being compiled
         # in the image. This only affects libicutu and icu-dbg
         sed  \
@@ -39,6 +39,14 @@ do_compile:prepend:class-target () {
             -i ${B}/tools/toolutil/Makefile
 }
 
+do_compile:prepend:class-target () {
+        remove_build_host_references_from_libicutu
+}
+
+do_compile:prepend:class-nativesdk () {
+        remove_build_host_references_from_libicutu
+}
+
 PREPROCESS_RELOCATE_DIRS = "${datadir}/${BPN}/${PV}"
 do_install:append:class-native() {
         mkdir -p ${D}/${STAGING_ICU_DIR_NATIVE}/config
@@ -49,6 +57,15 @@ do_install:append:class-native() {
         cp -r ${B}/tools ${D}/${STAGING_ICU_DIR_NATIVE}
 }
 
+remove_build_host_references() {
+        sed -i  \
+            -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+            -e 's|${DEBUG_PREFIX_MAP}||g' \
+            -e 's:${HOSTTOOLS_DIR}/::g' \
+            ${D}/${libdir}/${BPN}/${@icu_install_folder(d)}/Makefile.inc \
+            ${D}/${libdir}/${BPN}/${@icu_install_folder(d)}/pkgdata.inc
+}
+
 do_install:append:class-target() {
     # The native pkgdata can not generate the correct data file.
     # Use icupkg to re-generate it.
@@ -56,14 +73,12 @@ do_install:append:class-target() {
         rm -f ${D}/${datadir}/${BPN}/${@icu_install_folder(d)}/icudt${ICU_MAJOR_VER}b.dat
         icupkg -tb ${S}/data/in/icudt${ICU_MAJOR_VER}l.dat ${D}/${datadir}/${BPN}/${@icu_install_folder(d)}/icudt${ICU_MAJOR_VER}b.dat
     fi
-        
-        # Remove build host references...
-        sed -i  \
-            -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
-            -e 's|${DEBUG_PREFIX_MAP}||g' \
-            -e 's:${HOSTTOOLS_DIR}/::g' \
-            ${D}/${libdir}/${BPN}/${@icu_install_folder(d)}/Makefile.inc \
-            ${D}/${libdir}/${BPN}/${@icu_install_folder(d)}/pkgdata.inc
+
+        remove_build_host_references
+}
+
+do_install:append:class-nativesdk() {
+        remove_build_host_references
 }
 
 PACKAGES =+ "libicudata libicuuc libicui18n libicutu libicuio"
diff --git a/meta/recipes-support/libatomic-ops/libatomic-ops_7.8.2.bb b/meta/recipes-support/libatomic-ops/libatomic-ops_7.8.2.bb
index 824400e743..6269133408 100644
--- a/meta/recipes-support/libatomic-ops/libatomic-ops_7.8.2.bb
+++ b/meta/recipes-support/libatomic-ops/libatomic-ops_7.8.2.bb
@@ -1,6 +1,6 @@
 SUMMARY = "A library for atomic integer operations"
 DESCRIPTION = "Package provides semi-portable access to hardware-provided atomic memory update operations on a number of architectures."
-HOMEPAGE = "https://github.com/ivmai/libatomic_ops/"
+HOMEPAGE = "https://github.com/bdwgc/libatomic_ops/"
 SECTION = "optional"
 PROVIDES += "libatomics-ops"
 LICENSE = "GPL-2.0-only & MIT"
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     "
 
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libatomic_ops-${PV}.tar.gz"
-GITHUB_BASE_URI = "https://github.com/ivmai/libatomic_ops/releases"
+GITHUB_BASE_URI = "https://github.com/bdwgc/libatomic_ops/releases"
 
 SRC_URI[sha256sum] = "d305207fe207f2b3fb5cb4c019da12b44ce3fcbc593dfd5080d867b1a2419b51"
 
diff --git a/meta/recipes-support/libcap/files/CVE-2025-1390.patch b/meta/recipes-support/libcap/files/CVE-2025-1390.patch
new file mode 100644
index 0000000000..a0f7dda503
--- /dev/null
+++ b/meta/recipes-support/libcap/files/CVE-2025-1390.patch
@@ -0,0 +1,36 @@
+From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001
+From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Date: Mon, 17 Feb 2025 10:31:55 +0800
+Subject: pam_cap: Fix potential configuration parsing error
+
+The current configuration parsing does not actually skip user names
+that do not start with @, but instead treats the name as a group
+name for further parsing, which can result in matching unexpected
+capability sets and may trigger potential security issues.  Only
+names starting with @ should be parsed as group names.
+
+Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878]
+CVE: CVE-2025-1390
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ pam_cap/pam_cap.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
+index b9419cb..18647a1 100644
+--- a/pam_cap/pam_cap.c
++++ b/pam_cap/pam_cap.c
+@@ -166,6 +166,7 @@ static char *read_capabilities_for_user(const char *user, const char *source)
+ 
+            if (line[0] != '@') {
+                D(("user [%s] is not [%s] - skipping", user, line));
++               continue;
+            }
+ 
+            int i;
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libcap/libcap_2.69.bb b/meta/recipes-support/libcap/libcap_2.69.bb
index 92fa766d37..03975b44a0 100644
--- a/meta/recipes-support/libcap/libcap_2.69.bb
+++ b/meta/recipes-support/libcap/libcap_2.69.bb
@@ -15,6 +15,7 @@ DEPENDS = "hostperl-runtime-native gperf-native"
 SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \
            file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \
            file://0002-tests-do-not-run-target-executables.patch \
+           file://CVE-2025-1390.patch \
            "
 SRC_URI:append:class-nativesdk = " \
            file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \
diff --git a/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch b/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch
new file mode 100644
index 0000000000..dee4969f35
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch
@@ -0,0 +1,64 @@
+From b99952adc6ee611641709610d2e4dc90ba9acf37 Mon Sep 17 00:00:00 2001
+From: "simit.ghane" <simit.ghane@lge.com>
+Date: Tue, 7 May 2024 14:09:03 +0530
+Subject: [PATCH] Fix building error with '-O2' in sysroot path
+
+* cipher/Makefile.am (o_flag_munging): Tweak the sed script.
+* random/Makefile.am (o_flag_munging): Ditto.
+--
+
+Characters like '-O2' or '-Ofast' will be replaced by '-O1' and '-O0'
+respectively when compiling cipher and random in the filesystem
+paths as well if they happen to contain '-O2' or '-Ofast
+
+If we are cross compiling libgcrypt and sysroot contains such
+characters, we would
+get compile errors because the sysroot path has been modified.
+
+Fix this by adding blank spaces and tabs before the original matching
+pattern in the sed command.
+
+Signed-off-by: simit.ghane <simit.ghane@lge.com>
+
+ChangeLog entries added by wk
+
+Note that there is also the configure option --disable-O-flag-munging;
+see the README.
+
+Upstream-Status: Backport [https://dev.gnupg.org/rCb99952adc6ee611641709610d2e4dc90ba9acf37 https://dev.gnupg.org/rC5afadba008918d651afefb842ae123cc18454c74]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ cipher/Makefile.am | 2 +-
+ random/Makefile.am | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cipher/Makefile.am b/cipher/Makefile.am
+index 2c39586e..a914ed2b 100644
+--- a/cipher/Makefile.am
++++ b/cipher/Makefile.am
+@@ -168,7 +168,7 @@ gost-s-box$(EXEEXT_FOR_BUILD): gost-s-box.c
+ 
+ 
+ if ENABLE_O_FLAG_MUNGING
+-o_flag_munging = sed -e 's/-O\([2-9sgz][2-9sgz]*\)/-O1/' -e 's/-Ofast/-O1/g'
++o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O1 /g' -e 's/[[:blank:]]-Ofast/ -O1 /g'
+ else
+ o_flag_munging = cat
+ endif
+diff --git a/random/Makefile.am b/random/Makefile.am
+index 0c935a05..340df38a 100644
+--- a/random/Makefile.am
++++ b/random/Makefile.am
+@@ -56,7 +56,7 @@ jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h
+ 
+ # The rndjent module needs to be compiled without optimization.  */
+ if ENABLE_O_FLAG_MUNGING
+-o_flag_munging = sed -e 's/-O\([1-9sgz][1-9sgz]*\)/-O0/g' -e 's/-Ofast/-O0/g'
++o_flag_munging = sed -e 's/[[:blank:]]-O\([1-9sgz][1-9sgz]*\)/ -O0 /g' -e 's/[[:blank:]]-Ofast/ -O0 /g'
+ else
+ o_flag_munging = cat
+ endif
+-- 
+2.44.1
+
diff --git a/meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch b/meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
deleted file mode 100644
index cf9ebfb3e6..0000000000
--- a/meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0f66e796a8522e1043dda03b88d5f6feae839d16 Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Wed, 16 Aug 2017 10:44:41 +0800
-Subject: [PATCH] libgcrypt: fix building error with '-O2' in sysroot path
-
-Upstream-Status: Pending
-
-Characters like '-O2' or '-Ofast' will be replaced by '-O1' when
-compiling cipher.
-If we are cross compiling libgcrypt and sysroot contains such
-characters, we would
-get compile errors because the sysroot path has been modified.
-
-Fix this by adding blank spaces before and after the original matching
-pattern in the
-sed command.
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-
-Rebase to 1.8.0
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-
----
- cipher/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/cipher/Makefile.am b/cipher/Makefile.am
-index c3d642b..88c883a 100644
---- a/cipher/Makefile.am
-+++ b/cipher/Makefile.am
-@@ -153,7 +153,7 @@ gost-s-box: gost-s-box.c
- 
- 
- if ENABLE_O_FLAG_MUNGING
--o_flag_munging = sed -e 's/-O\([2-9sgz][2-9sgz]*\)/-O1/' -e 's/-Ofast/-O1/g'
-+o_flag_munging = sed -e 's/ -O\([2-9sgz][2-9sgz]*\) / -O1 /' -e 's/ -Ofast / -O1 /g'
- else
- o_flag_munging = cat
- endif
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb
index 5a76201ab5..3d49d586bb 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb
@@ -21,11 +21,11 @@ DEPENDS = "libgpg-error"
 UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
 SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
            file://0001-libgcrypt-fix-m4-file-for-oe-core.patch \
-           file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
            file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
            file://no-native-gpg-error.patch \
            file://no-bench-slope.patch \
            file://run-ptest \
+           file://0001-Fix-building-error-with-O2-in-sysroot-path.patch \
            "
 SRC_URI[sha256sum] = "8b0870897ac5ac67ded568dcfadf45969cfa8a6beb0fd60af2a9eadc2a3272aa"
 
diff --git a/meta/recipes-support/libpcre/libpcre2_10.43.bb b/meta/recipes-support/libpcre/libpcre2_10.43.bb
index fd0bd79212..f744df88fa 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.43.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.43.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=321a5eb46acae6b6c1ff2c7a866d836a"
 
 SRC_URI = "${GITHUB_BASE_URI}/download/pcre2-${PV}/pcre2-${PV}.tar.bz2"
 
-GITHUB_BASE_URI = "https://github.com/PhilipHazel/pcre2/releases"
+GITHUB_BASE_URI = "https://github.com/PCRE2Project/pcre2/releases"
 UPSTREAM_CHECK_REGEX = "releases/tag/pcre2-(?P<pver>\d+(\.\d+)+)$"
 
 SRC_URI[sha256sum] = "e2a53984ff0b07dfdb5ae4486bbb9b21cca8e7df2434096cc9bf1b728c350bcb"
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
new file mode 100644
index 0000000000..bd62a748eb
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
@@ -0,0 +1,149 @@
+From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 8 Jul 2024 12:33:15 -0500
+Subject: [PATCH] headers: Strictly don't allow NUL bytes
+
+In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b]
+CVE: CVE-2024-52530
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      | 15 +++------
+ tests/header-parsing-test.c | 62 +++++++++++++++++--------------------
+ 2 files changed, 32 insertions(+), 45 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a0cf351ac..f30ee467a 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+         * ignorable trailing whitespace.
+         */
+ 
++       /* No '\0's are allowed */
++       if (memchr (str, '\0', len))
++               return FALSE;
++
+        /* Skip over the Request-Line / Status-Line */
+        headers_start = memchr (str, '\n', len);
+        if (!headers_start)
+                return FALSE;
+-       /* No '\0's in the Request-Line / Status-Line */
+-       if (memchr (str, '\0', headers_start - str))
+-               return FALSE;
+ 
+        /* We work on a copy of the headers, which we can write '\0's
+         * into, so that we don't have to individually g_strndup and
+@@ -69,14 +70,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+        headers_copy[copy_len] = '\0';
+        value_end = headers_copy;
+ 
+-       /* There shouldn't be any '\0's in the headers already, but
+-        * this is the web we're talking about.
+-        */
+-       while ((p = memchr (headers_copy, '\0', copy_len))) {
+-               memmove (p, p + 1, copy_len - (p - headers_copy));
+-               copy_len--;
+-       }
+-
+        while (*(value_end + 1)) {
+                name = value_end + 1;
+                name_end = strchr (name, ':');
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index edf8eebb3..715c2c6f2 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -358,24 +358,6 @@ static struct RequestTest {
+          }
+        },
+ 
+-       { "NUL in header name", "760832",
+-         "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+-         SOUP_STATUS_OK,
+-         "GET", "/", SOUP_HTTP_1_1,
+-         { { "Host", "example.com" },
+-           { NULL }
+-         }
+-       },
+-
+-       { "NUL in header value", "760832",
+-         "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
+-         SOUP_STATUS_OK,
+-         "GET", "/", SOUP_HTTP_1_1,
+-         { { "Host", "examplecom" },
+-           { NULL }
+-         }
+-       },
+-
+        /************************/
+        /*** INVALID REQUESTS ***/
+        /************************/
+@@ -448,6 +430,21 @@ static struct RequestTest {
+          SOUP_STATUS_EXPECTATION_FAILED,
+          NULL, NULL, -1,
+          { { NULL } }
++       },
++
++       // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++       { "NUL in header name", NULL,
++         "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
++         SOUP_STATUS_BAD_REQUEST,
++         NULL, NULL, -1,
++         { { NULL } }
++       },
++
++       { "NUL in header value", NULL,
++         "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++         SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++         { { NULL } }
+        }
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+@@ -620,22 +617,6 @@ static struct ResponseTest {
+            { NULL } }
+        },
+ 
+-       { "NUL in header name", "760832",
+-         "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+-         SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-         { { "Foo", "bar" },
+-           { NULL }
+-         }
+-       },
+-
+-       { "NUL in header value", "760832",
+-         "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+-         SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-         { { "Foo", "bar" },
+-           { NULL }
+-         }
+-       },
+-
+        /********************************/
+        /*** VALID CONTINUE RESPONSES ***/
+        /********************************/
+@@ -768,6 +749,19 @@ static struct ResponseTest {
+          { { NULL }
+          }
+        },
++
++       // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++       { "NUL in header name", NULL,
++         "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
++         -1, 0, NULL,
++         { { NULL } }
++       },
++
++       { "NUL in header value", "760832",
++         "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++         -1, 0, NULL,
++         { { NULL } }
++       },
+ };
+ static const int num_resptests = G_N_ELEMENTS (resptests);
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-1.patch
new file mode 100644
index 0000000000..d56ad0ff5e
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-1.patch
@@ -0,0 +1,131 @@
+From a35222dd0bfab2ac97c10e86b95f762456628283 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 27 Aug 2024 13:53:26 -0500
+Subject: [PATCH 1/2] headers: Be more robust against invalid input when
+ parsing params
+
+If you pass invalid input to a function such as soup_header_parse_param_list_strict()
+it can cause an overflow if it decodes the input to UTF-8.
+
+This should never happen with valid UTF-8 input which libsoup's client API
+ensures, however it's server API does not currently.
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches/CVE-2024-52531-1.patch?h=ubuntu/jammy-security
+Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/a35222dd0bfab2ac97c10e86b95f762456628283]
+CVE: CVE-2024-52531
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c | 46 ++++++++++++++++++++++--------------------
+ 1 file changed, 24 insertions(+), 22 deletions(-)
+
+Index: libsoup2.4-2.74.2/libsoup/soup-headers.c
+===================================================================
+--- libsoup2.4-2.74.2.orig/libsoup/soup-headers.c
++++ libsoup2.4-2.74.2/libsoup/soup-headers.c
+@@ -643,8 +643,9 @@ soup_header_contains (const char *header
+ }
+ 
+ static void
+-decode_quoted_string (char *quoted_string)
++decode_quoted_string_inplace (GString *quoted_gstring)
+ {
++       char *quoted_string = quoted_gstring->str;
+        char *src, *dst;
+ 
+        src = quoted_string + 1;
+@@ -658,10 +659,11 @@ decode_quoted_string (char *quoted_strin
+ }
+ 
+ static gboolean
+-decode_rfc5987 (char *encoded_string)
++decode_rfc5987_inplace (GString *encoded_gstring)
+ {
+        char *q, *decoded;
+        gboolean iso_8859_1 = FALSE;
++       const char *encoded_string = encoded_gstring->str;
+ 
+        q = strchr (encoded_string, '\'');
+        if (!q)
+@@ -690,14 +692,7 @@ decode_rfc5987 (char *encoded_string)
+                decoded = utf8;
+        }
+ 
+-       /* If encoded_string was UTF-8, then each 3-character %-escape
+-        * will be converted to a single byte, and so decoded is
+-        * shorter than encoded_string. If encoded_string was
+-        * iso-8859-1, then each 3-character %-escape will be
+-        * converted into at most 2 bytes in UTF-8, and so it's still
+-        * shorter.
+-        */
+-       strcpy (encoded_string, decoded);
++       g_string_assign (encoded_gstring, decoded);
+        g_free (decoded);
+        return TRUE;
+ }
+@@ -707,15 +702,17 @@ parse_param_list (const char *header, ch
+ {
+        GHashTable *params;
+        GSList *list, *iter;
+-       char *item, *eq, *name_end, *value;
+-       gboolean override, duplicated;
+ 
+        params = g_hash_table_new_full (soup_str_case_hash, 
+                                        soup_str_case_equal,
+-                                       g_free, NULL);
++                                       g_free, g_free);
+ 
+        list = parse_list (header, delim);
+        for (iter = list; iter; iter = iter->next) {
++               char *item, *eq, *name_end;
++               gboolean override, duplicated;
++               GString *parsed_value = NULL;
++
+                item = iter->data;
+                override = FALSE;
+ 
+@@ -730,19 +727,19 @@ parse_param_list (const char *header, ch
+ 
+                        *name_end = '\0';
+ 
+-                       value = (char *)skip_lws (eq + 1);
++                       parsed_value = g_string_new ((char *)skip_lws (eq + 1));
+ 
+                        if (name_end[-1] == '*' && name_end > item + 1) {
+                                name_end[-1] = '\0';
+-                               if (!decode_rfc5987 (value)) {
++                               if (!decode_rfc5987_inplace (parsed_value)) {
++                                       g_string_free (parsed_value, TRUE);
+                                        g_free (item);
+                                        continue;
+                                }
+                                override = TRUE;
+-                       } else if (*value == '"')
+-                               decode_quoted_string (value);
+-               } else
+-                       value = NULL;
++                       } else if (parsed_value->str[0] == '"')
++                               decode_quoted_string_inplace (parsed_value);
++               }
+ 
+                duplicated = g_hash_table_lookup_extended (params, item, NULL, NULL);
+ 
+@@ -750,11 +747,16 @@ parse_param_list (const char *header, ch
+                        soup_header_free_param_list (params);
+                        params = NULL;
+                        g_slist_foreach (iter, (GFunc)g_free, NULL);
++                       if (parsed_value)
++                               g_string_free (parsed_value, TRUE);
+                        break;
+-               } else if (override || !duplicated)
+-                       g_hash_table_replace (params, item, value);
+-               else
++               } else if (override || !duplicated) {
++                       g_hash_table_replace (params, item, parsed_value ? g_string_free (parsed_value, FALSE) : NULL);
++               } else {
++                       if (parsed_value)
++                               g_string_free (parsed_value, TRUE);
+                        g_free (item);
++               }
+        }
+ 
+        g_slist_free (list);
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch
new file mode 100644
index 0000000000..19b1872866
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch
@@ -0,0 +1,36 @@
+From 825fda3425546847b42ad5270544e9388ff349fe Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 27 Aug 2024 13:52:08 -0500
+Subject: [PATCH 2/2] tests: Add test for passing invalid UTF-8 to
+ soup_header_parse_semi_param_list()
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches/CVE-2024-52531-2.patch?h=ubuntu/jammy-security
+Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/825fda3425546847b42ad5270544e9388ff349fe]
+CVE: CVE-2024-52531
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tests/header-parsing-test.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+Index: libsoup2.4-2.74.2/tests/header-parsing-test.c
+===================================================================
+--- libsoup2.4-2.74.2.orig/tests/header-parsing-test.c
++++ libsoup2.4-2.74.2/tests/header-parsing-test.c
+@@ -825,6 +825,17 @@ static struct ParamListTest {
+            { "filename", "t\xC3\xA9st.txt" },
+          },
+        },
++
++        /* This tests invalid UTF-8 data which *should* never be passed here but it was designed to be robust against it. */
++        { TRUE,
++              "invalid*=\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; filename*=iso-8859-1''\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; foo",
++              {
++                    { "filename", "i''\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
++                    { "invalid", "\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
++                    { "foo", NULL },
++
++                },
++        }
+ };
+ static const int num_paramlisttests = G_N_ELEMENTS (paramlisttests);
+ 
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch
new file mode 100644
index 0000000000..68eb942762
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch
@@ -0,0 +1,36 @@
+From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 11 Sep 2024 11:52:11 +0200
+Subject: [PATCH] websocket: process the frame as soon as we read data
+
+Otherwise we can enter in a read loop because we were not
+validating the data until the all the data was read.
+
+Fixes #391
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-websocket-connection.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
+index a4095e1..9d5f4f8 100644
+--- a/libsoup/soup-websocket-connection.c
++++ b/libsoup/soup-websocket-connection.c
+@@ -1140,9 +1140,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self)
+                }
+ 
+                pv->incoming->len = len + count;
+-       } while (count > 0);
+ 
+-       process_incoming (self);
++               process_incoming (self);
++       } while (count > 0 && !pv->close_sent && !pv->io_closing);
+ 
+        if (end) {
+                if (!pv->close_sent || !pv->close_received) {
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch
new file mode 100644
index 0000000000..e4e2d03d58
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch
@@ -0,0 +1,42 @@
+From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 2 Oct 2024 11:17:19 +0200
+Subject: [PATCH] websocket-test: disconnect error copy after the test ends
+
+Otherwise the server will have already sent a few more wrong
+bytes and the client will continue getting errors to copy
+but the error is already != NULL and it will assert
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tests/websocket-test.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tests/websocket-test.c b/tests/websocket-test.c
+index 06c443bb5..6a48c1f9b 100644
+--- a/tests/websocket-test.c
++++ b/tests/websocket-test.c
+@@ -1539,8 +1539,9 @@ test_receive_invalid_encode_length_64 (Test *test,
+        GError *error = NULL;
+        InvalidEncodeLengthTest context = { test, NULL };
+        guint i;
++       guint error_id;
+ 
+-       g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
++       error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+        g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
+ 
+        /* We use 127(\x7f) as payload length with 65535 extended length */
+@@ -1553,6 +1554,7 @@ test_receive_invalid_encode_length_64 (Test *test,
+        WAIT_UNTIL (error != NULL || received != NULL);
+        g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
+        g_clear_error (&error);
++        g_signal_handler_disconnect (test->client, error_id);
+        g_assert_null (received);
+ 
+         g_thread_join (thread);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch
new file mode 100644
index 0000000000..edcca86e8c
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch
@@ -0,0 +1,46 @@
+From 4c9e75c6676a37b6485620c332e568e1a3f530ff Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Wed, 13 Nov 2024 14:14:23 +0000
+Subject: [PATCH] websocket-test: Disconnect error signal in another place
+
+This is the same change as commit 29b96fab "websocket-test: disconnect
+error copy after the test ends", and is done for the same reason, but
+replicating it into a different function.
+
+Fixes: 6adc0e3e "websocket: process the frame as soon as we read data"
+Resolves: https://gitlab.gnome.org/GNOME/libsoup/-/issues/399
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tests/websocket-test.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tests/websocket-test.c b/tests/websocket-test.c
+index 6a48c1f9..723f2857 100644
+--- a/tests/websocket-test.c
++++ b/tests/websocket-test.c
+@@ -1508,8 +1508,9 @@ test_receive_invalid_encode_length_16 (Test *test,
+        GError *error = NULL;
+        InvalidEncodeLengthTest context = { test, NULL };
+        guint i;
++       guint error_id;
+ 
+-       g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
++       error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+        g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
+ 
+        /* We use 126(~) as payload length with 125 extended length */
+@@ -1522,6 +1523,7 @@ test_receive_invalid_encode_length_16 (Test *test,
+        WAIT_UNTIL (error != NULL || received != NULL);
+        g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
+        g_clear_error (&error);
++        g_signal_handler_disconnect (test->client, error_id);
+        g_assert_null (received);
+ 
+        g_thread_join (thread);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
new file mode 100644
index 0000000000..106f907168
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
@@ -0,0 +1,56 @@
+From 2eacbd762332795e00692ddab2515c6da23198d3 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 12 May 2025 14:06:41 +0800
+Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
+
+CVE: CVE-2025-2784
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435/diffs?commit_id=242a10fbb12dbdc12d254bd8fc8669a0ac055304;
+ https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/442/diffs?commit_id=c415ad0b6771992e66c70edf373566c6e247089d]
+
+Test code is not added since it uses some functions not defined in
+version 2.74. These tests are not used now, so just ignore them.
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-content-sniffer.c |  9 +++----
+ 1 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 5f2896e..9554636 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -612,8 +612,10 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ }
+ 
+ static gboolean
+-skip_insignificant_space (const char *resource, int *pos, int resource_length)
++skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
+ {
++       if (*pos >= resource_length)
++               return TRUE;
+        while ((resource[*pos] == '\x09') ||
+               (resource[*pos] == '\x20') ||
+               (resource[*pos] == '\x0A') ||
+@@ -632,7 +634,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ {
+        const char *resource = (const char *)buffer->data;
+        int resource_length = MIN (512, buffer->length);
+-       int pos = 0;
++       gsize pos = 0;
+ 
+        if (resource_length < 3)
+                goto text_html;
+@@ -642,9 +644,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+                pos = 3;
+ 
+  look_for_tag:
+-       if (pos > resource_length)
+-               goto text_html;
+-
+        if (skip_insignificant_space (resource, &pos, resource_length))
+                goto text_html;
+
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch
new file mode 100644
index 0000000000..c032846ef0
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch
@@ -0,0 +1,29 @@
+From 5709dfffb6fdc5b66ce001bf82a755ad8ad1d992 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 28 Oct 2024 12:29:48 -0500
+Subject: [PATCH] Fix using int instead of size_t for strcspn return
+
+CVE: CVE-2025-32050
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-headers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 9707ca0..67905b2 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -902,7 +902,7 @@ append_param_quoted (GString    *string,
+                     const char *name,
+                     const char *value)
+ {
+-       int len;
++       gsize len;
+ 
+        g_string_append (string, name);
+        g_string_append (string, "=\"");
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch
new file mode 100644
index 0000000000..34bc8113a4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch
@@ -0,0 +1,32 @@
+From f4a67a9a3033586edaee715d40d5992e02d32893 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sat, 16 Nov 2024 12:07:30 -0600
+Subject: [PATCH] Fix heap buffer overflow in soup_content_sniffer_sniff
+
+Co-Author: Ar Jun <pkillarjun@protonmail.com>
+
+CVE: CVE-2025-32052
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652#500da7cfde649872c49169be34b03a1c42a53ddb]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-content-sniffer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 9554636..eac9e7b 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -504,7 +504,7 @@ sniff_unknown (SoupContentSniffer *sniffer, SoupBuffer *buffer,
+                        guint index_pattern = 0;
+                        gboolean skip_row = FALSE;
+ 
+-                       while ((index_stream < resource_length) &&
++                       while ((index_stream < resource_length - 1) &&
+                               (index_pattern <= type_row->pattern_length)) {
+                                /* Skip insignificant white space ("WS" in the spec) */
+                                if (type_row->pattern[index_pattern] == ' ') {
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
new file mode 100644
index 0000000000..0d829d6200
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
@@ -0,0 +1,39 @@
+From d9bcffd6cd5e8ec32889a594f7348d67a5101b3a Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 12 May 2025 13:58:42 +0800
+Subject: [PATCH] Fix heap buffer overflow in
+ soup-content-sniffer.c:sniff_feed_or_html()
+
+CVE: CVE-2025-32053
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-content-sniffer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 967ec61..5f2896e 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -620,7 +620,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length)
+               (resource[*pos] == '\x0D')) {
+                *pos = *pos + 1;
+ 
+-               if (*pos > resource_length)
++               if (*pos >= resource_length)
+                        return TRUE;
+        }
+ 
+@@ -682,7 +682,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+                do {
+                        pos++;
+ 
+-                       if (pos > resource_length)
++                       if ((pos + 1) > resource_length)
+                                goto text_html;
+                } while (resource[pos] != '>');
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch
new file mode 100644
index 0000000000..916a41a71f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch
@@ -0,0 +1,61 @@
+From 1f509f31b6f8420a3661c3f990424ab7b9164931 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 11 Feb 2025 14:36:26 -0600
+Subject: [PATCH] headers: Handle parsing edge case
+
+This version number is specifically crafted to pass sanity checks allowing it to go one byte out of bounds.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931]
+CVE: CVE-2025-32906 #Dependency Patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      |  2 +-
+ tests/header-parsing-test.c | 12 ++++++++++++
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 85385cea..9d6d00a3 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -225,7 +225,7 @@ soup_headers_parse_request (const char          *str,
+            !g_ascii_isdigit (version[5]))
+                return SOUP_STATUS_BAD_REQUEST;
+        major_version = strtoul (version + 5, &p, 10);
+-       if (*p != '.' || !g_ascii_isdigit (p[1]))
++       if (p + 1 >= str + len || *p != '.' || !g_ascii_isdigit (p[1]))
+                return SOUP_STATUS_BAD_REQUEST;
+        minor_version = strtoul (p + 1, &p, 10);
+        version_end = p;
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 07ea2866..10ddb684 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -6,6 +6,10 @@ typedef struct {
+        const char *name, *value;
+ } Header;
+ 
++static char unterminated_http_version[] = {
++        'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.'
++};
++
+ static struct RequestTest {
+        const char *description;
+        const char *bugref;
+@@ -383,6 +387,14 @@ static struct RequestTest {
+          { { NULL } }
+        },
+ 
++        /* This couldn't be a C string as going one byte over would have been safe. */
++       { "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404",
++         unterminated_http_version, sizeof (unterminated_http_version),
++         SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++         { { NULL } }
++       },
++
+        { "Non-HTTP request", NULL,
+          "GET / SOUP/1.1\r\nHost: example.com\r\n", -1,
+          SOUP_STATUS_BAD_REQUEST,
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch
new file mode 100644
index 0000000000..5baad15648
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch
@@ -0,0 +1,83 @@
+From af5b9a4a3945c52b940d5ac181ef51bb12011f1f Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 12 Feb 2025 11:30:02 -0600
+Subject: [PATCH] headers: Handle parsing only newlines
+
+Closes #404
+Closes #407
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f]
+CVE: CVE-2025-32906
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      |  4 ++--
+ tests/header-parsing-test.c | 13 ++++++++++++-
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 9d6d00a3..52ef2ece 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -186,7 +186,7 @@ soup_headers_parse_request (const char          *str,
+        /* RFC 2616 4.1 "servers SHOULD ignore any empty line(s)
+         * received where a Request-Line is expected."
+         */
+-       while ((*str == '\r' || *str == '\n') && len > 0) {
++       while (len > 0 && (*str == '\r' || *str == '\n')) {
+                str++;
+                len--;
+        }
+@@ -371,7 +371,7 @@ soup_headers_parse_response (const char          *str,
+         * after a response, which we then see prepended to the next
+         * response on that connection.
+         */
+-       while ((*str == '\r' || *str == '\n') && len > 0) {
++       while (len > 0 && (*str == '\r' || *str == '\n')) {
+                str++;
+                len--;
+        }
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 10ddb684..4faafbd6 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -6,10 +6,15 @@ typedef struct {
+        const char *name, *value;
+ } Header;
+ 
++/* These are not C strings to ensure going one byte over is not safe. */
+ static char unterminated_http_version[] = {
+         'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.'
+ };
+ 
++static char only_newlines[] = {
++        '\n', '\n', '\n', '\n'
++};
++
+ static struct RequestTest {
+        const char *description;
+        const char *bugref;
+@@ -387,7 +392,6 @@ static struct RequestTest {
+          { { NULL } }
+        },
+ 
+-        /* This couldn't be a C string as going one byte over would have been safe. */
+        { "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404",
+          unterminated_http_version, sizeof (unterminated_http_version),
+          SOUP_STATUS_BAD_REQUEST,
+@@ -457,6 +461,13 @@ static struct RequestTest {
+          SOUP_STATUS_BAD_REQUEST,
+            NULL, NULL, -1,
+          { { NULL } }
++       },
++
++       { "Only newlines", NULL,
++         only_newlines, sizeof (only_newlines),
++         SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++         { { NULL } }
+        }
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch
new file mode 100644
index 0000000000..41dd3ff3f4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch
@@ -0,0 +1,39 @@
+From 8158b4084dcba2a233dfcb7359c53ab2840148f7 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 12:17:39 +0200
+Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges
+
+It had been skipping every second range, which generated an array
+of a lot of insane ranges, causing large memory usage by the server.
+
+Closes #428
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+
+CVE: CVE-2025-32907
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/diffs?commit_id=9bb92f7a685e31e10e9e8221d0342280432ce836]
+
+Test part not applied since test codes use some functions not in this
+version
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-message-headers.c |   1 +
+ 1 files changed, 1 insertions(+)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 78b2455..00b9763 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1024,6 +1024,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
+                        if (cur->start <= prev->end) {
+                                prev->end = MAX (prev->end, cur->end);
+                                g_array_remove_index (array, i);
++                               i--;
+                        }
+                }
+        }
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch
new file mode 100644
index 0000000000..046f20203f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch
@@ -0,0 +1,36 @@
+From ba4c3a6f988beff59e45801ab36067293d24ce92 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 8 Jan 2025 16:30:17 -0600
+Subject: [PATCH] content-sniffer: Handle sniffing resource shorter than 4
+ bytes
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92]
+CVE: CVE-2025-32909
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-content-sniffer.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 967ec61..a1f23c2 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -227,9 +227,14 @@ sniff_mp4 (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ {
+        const char *resource = (const char *)buffer->data;
+        guint resource_length = MIN (512, buffer->length);
+-       guint32 box_size = *((guint32*)resource);
++       guint32 box_size;
+        guint i;
+ 
++         if (resource_length < sizeof (guint32))
++                 return FALSE;
++
++         box_size = *((guint32*)resource);
++
+ #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+        box_size = ((box_size >> 24) |
+                    ((box_size << 8) & 0x00FF0000) |
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch
new file mode 100644
index 0000000000..847c76c2b7
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch
@@ -0,0 +1,36 @@
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sun, 8 Dec 2024 20:00:35 -0600
+Subject: auth-digest: Handle missing realm in authenticate header
+
+(cherry picked from commit e40df6d48a1cbab56f5d15016cc861a503423cfe)
+
+Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/blob/debian/bullseye/debian/patches/CVE-2025-32910-1.patch?ref_type=heads
+Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe]
+CVE: CVE-2025-32910
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+
+Remove test code for fixing do_compile failure of libsoup-2.4, test codes include
+new type added in 3.x version
+../libsoup-2.74.3/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'?
+ 1554 |                                       SoupServerMessage *msg,
+      |                                       ^~~~~~~~~~~~~~~~~
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c |  3 +++
+ 1 files changed, 3 insertions(+)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index e8ba990..263a15a 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -142,6 +142,9 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+        guint qop_options;
+        gboolean ok = TRUE;
+ 
++        if (!soup_auth_get_realm (auth))
++                return FALSE;
++
+        g_free (priv->domain);
+        g_free (priv->nonce);
+        g_free (priv->opaque);
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch
new file mode 100644
index 0000000000..a2168177a4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch
@@ -0,0 +1,106 @@
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Thu, 26 Dec 2024 18:18:35 -0600
+Subject: auth-digest: Handle missing nonce
+
+(cherry picked from commit 405a8a34597a44bd58c4759e7d5e23f02c3b556a)
+
+Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/blob/debian/bullseye/debian/patches/CVE-2025-32910-2.patch?ref_type=heads
+Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a]
+CVE: CVE-2025-32910
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+
+Remove test code for fixing do_compile failure of libsoup-2.4, test codes include
+new type added in 3.x version
+../libsoup-2.74.3/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'?
+ 1554 |                                       SoupServerMessage *msg,
+      |                                       ^~~~~~~~~~~~~~~~~
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c | 45 +++++++++++++++++++++++++++++++++++----------
+ 1 files changed, 35 insertions(+), 10 deletions(-)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index 263a15a..393adb6 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -132,6 +132,19 @@ soup_auth_digest_get_qop (SoupAuthDigestQop qop)
+        return g_string_free (out, FALSE);
+ }
+ 
++static gboolean
++validate_params (SoupAuthDigest *auth_digest)
++{
++        SoupAuthDigestPrivate *priv = soup_auth_digest_get_instance_private (auth_digest);
++
++        if (priv->qop || priv->algorithm == SOUP_AUTH_DIGEST_ALGORITHM_MD5_SESS) {
++                if (!priv->nonce)
++                        return FALSE;
++        }
++
++        return TRUE;
++}
++
+ static gboolean
+ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+                         GHashTable *auth_params)
+@@ -169,16 +182,21 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+        if (priv->algorithm == -1)
+                ok = FALSE;
+ 
+-       stale = g_hash_table_lookup (auth_params, "stale");
+-       if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
+-               recompute_hex_a1 (priv);
+-       else {
+-               g_free (priv->user);
+-               priv->user = NULL;
+-               g_free (priv->cnonce);
+-               priv->cnonce = NULL;
+-               memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+-               memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
++        if (!validate_params (auth_digest))
++                ok = FALSE;
++
++        if (ok) {
++                stale = g_hash_table_lookup (auth_params, "stale");
++                if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
++                        recompute_hex_a1 (priv);
++                else {
++                        g_free (priv->user);
++                        priv->user = NULL;
++                        g_free (priv->cnonce);
++                        priv->cnonce = NULL;
++                        memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
++                        memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
++                }
+         }
+ 
+        return ok;
+@@ -269,6 +287,8 @@ soup_auth_digest_compute_hex_a1 (const char              *hex_urp,
+ 
+                /* In MD5-sess, A1 is hex_urp:nonce:cnonce */
+ 
++                g_assert (nonce && cnonce);
++
+                checksum = g_checksum_new (G_CHECKSUM_MD5);
+                g_checksum_update (checksum, (guchar *)hex_urp, strlen (hex_urp));
+                g_checksum_update (checksum, (guchar *)":", 1);
+@@ -359,6 +379,8 @@ soup_auth_digest_compute_response (const char        *method,
+        if (qop) {
+                char tmp[9];
+ 
++                g_assert (cnonce);
++
+                g_snprintf (tmp, 9, "%.8x", nc);
+                g_checksum_update (checksum, (guchar *)tmp, strlen (tmp));
+                g_checksum_update (checksum, (guchar *)":", 1);
+@@ -422,6 +444,9 @@ soup_auth_digest_get_authorization (SoupAuth *auth, SoupMessage *msg)
+        g_return_val_if_fail (uri != NULL, NULL);
+        url = soup_uri_to_string (uri, TRUE);
+ 
++        g_assert (priv->nonce);
++        g_assert (!priv->qop || priv->cnonce);
++
+        soup_auth_digest_compute_response (msg->method, url, priv->hex_a1,
+                                           priv->qop, priv->nonce,
+                                           priv->cnonce, priv->nc,
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-3.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-3.patch
new file mode 100644
index 0000000000..ab0f650804
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-3.patch
@@ -0,0 +1,26 @@
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 27 Dec 2024 13:52:52 -0600
+Subject: auth-digest: Fix leak
+
+(cherry picked from commit ea16eeacb052e423eb5c3b0b705e5eab34b13832)
+
+Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/blob/debian/bullseye/debian/patches/CVE-2025-32910-3.patch?ref_type=heads
+Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832]
+CVE: CVE-2025-32910
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-auth-digest.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index 393adb6..a1db188 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -66,6 +66,7 @@ soup_auth_digest_finalize (GObject *object)
+        g_free (priv->nonce);
+        g_free (priv->domain);
+        g_free (priv->cnonce);
++        g_free (priv->opaque);
+ 
+        memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+        memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32911_CVE-2025-32913-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32911_CVE-2025-32913-1.patch
new file mode 100644
index 0000000000..4652635294
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32911_CVE-2025-32913-1.patch
@@ -0,0 +1,72 @@
+From 7b4ef0e004ece3a308ccfaa714c284f4c96ade34 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 27 Dec 2024 17:53:50 -0600
+Subject: [PATCH] soup_message_headers_get_content_disposition: Fix NULL deref
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/7b4ef0e004ece3a308ccfaa714c284f4c96ade34]
+CVE: CVE-2025-32911 CVE-2025-32913 #Dependency Patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-message-headers.c | 13 +++++++++----
+ tests/header-parsing-test.c    | 14 ++++++++++++++
+ 2 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 56cc1e9d..04f4c302 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1660,10 +1660,15 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders  *hdrs,
+         */
+        if (params && g_hash_table_lookup_extended (*params, "filename",
+                                                    &orig_key, &orig_value)) {
+-               char *filename = strrchr (orig_value, '/');
+-
+-               if (filename)
+-                       g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                if (orig_value) {
++                        char *filename = strrchr (orig_value, '/');
++
++                        if (filename)
++                                g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                } else {
++                        /* filename with no value isn't valid. */
++                        g_hash_table_remove (*params, "filename");
++                }
+        }
+        return TRUE;
+ }
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 5e423d2b..d0b360c8 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -1039,6 +1039,7 @@ do_param_list_tests (void)
+ #define RFC5987_TEST_HEADER_FALLBACK "attachment; filename*=Unknown''t%FF%FF%FFst.txt; filename=\"test.txt\""
+ #define RFC5987_TEST_HEADER_NO_TYPE  "filename=\"test.txt\""
+ #define RFC5987_TEST_HEADER_NO_TYPE_2  "filename=\"test.txt\"; foo=bar"
++#define RFC5987_TEST_HEADER_EMPTY_FILENAME ";filename"
+ 
+ static void
+ do_content_disposition_tests (void)
+@@ -1139,6 +1140,19 @@ do_content_disposition_tests (void)
+         g_assert_cmpstr (parameter2, ==, "bar");
+        g_hash_table_destroy (params);
+ 
++        /* Empty filename */
++        soup_message_headers_clear (hdrs);
++        soup_message_headers_append (hdrs, "Content-Disposition",
++                                    RFC5987_TEST_HEADER_EMPTY_FILENAME);
++       if (!soup_message_headers_get_content_disposition (hdrs,
++                                                          &disposition,
++                                                          &params)) {
++               soup_test_assert (FALSE, "empty filename decoding FAILED");
++               return;
++       }
++        g_assert_false (g_hash_table_contains (params, "filename"));
++       g_hash_table_destroy (params);
++
+        soup_message_headers_free (hdrs);
+ 
+        /* Ensure that soup-multipart always quotes filename */
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32911_CVE-2025-32913-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32911_CVE-2025-32913-2.patch
new file mode 100644
index 0000000000..5d9f33c736
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32911_CVE-2025-32913-2.patch
@@ -0,0 +1,44 @@
+From f4a761fb66512fff59798765e8ac5b9e57dceef0 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 27 Dec 2024 18:00:39 -0600
+Subject: [PATCH] soup_message_headers_get_content_disposition: strdup
+ truncated filenames
+
+This table frees the strings it contains.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0]
+CVE: CVE-2025-32911 CVE-2025-32913
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-message-headers.c | 2 +-
+ tests/header-parsing-test.c    | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 04f4c302..ee7a3cb1 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1664,7 +1664,7 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders  *hdrs,
+                         char *filename = strrchr (orig_value, '/');
+ 
+                         if (filename)
+-                                g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                                g_hash_table_insert (*params, g_strdup (orig_key), g_strdup (filename + 1));
+                 } else {
+                         /* filename with no value isn't valid. */
+                         g_hash_table_remove (*params, "filename");
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index d0b360c8..07ea2866 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -1150,6 +1150,7 @@ do_content_disposition_tests (void)
+                soup_test_assert (FALSE, "empty filename decoding FAILED");
+                return;
+        }
++        g_free (disposition);
+         g_assert_false (g_hash_table_contains (params, "filename"));
+        g_hash_table_destroy (params);
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch
new file mode 100644
index 0000000000..906a889c13
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch
@@ -0,0 +1,33 @@
+From cd077513f267e43ce4b659eb18a1734d8a369992 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 5 Feb 2025 14:03:05 -0600
+Subject: [PATCH 1/2] auth-digest: Handle missing nonce
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992]
+CVE: CVE-2025-32912
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+
+The test codes is based on CVE-2025-32910, test code in CVE-2025-32910
+is removed for fixing do_compile failure. So also remove this test code
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index a1db188..f0edb81 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -156,7 +156,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+        guint qop_options;
+        gboolean ok = TRUE;
+ 
+-        if (!soup_auth_get_realm (auth))
++        if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce"))
+                 return FALSE;
+ 
+        g_free (priv->domain);
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-2.patch
new file mode 100644
index 0000000000..4898068115
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-2.patch
@@ -0,0 +1,30 @@
+From 910ebdcd3dd82386717a201c13c834f3a63eed7f Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sat, 8 Feb 2025 12:30:13 -0600
+Subject: [PATCH 2/2] digest-auth: Handle NULL nonce
+
+`contains` only handles a missing nonce, `lookup` handles both missing and empty.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f]
+CVE: CVE-2025-32912
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-auth-digest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index f0edb81..c49ffd9 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -156,7 +156,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+        guint qop_options;
+        gboolean ok = TRUE;
+ 
+-        if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce"))
++        if (!soup_auth_get_realm (auth) || !g_hash_table_lookup (auth_params, "nonce"))
+                 return FALSE;
+ 
+        g_free (priv->domain);
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32914.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32914.patch
new file mode 100644
index 0000000000..e6d4607b5e
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32914.patch
@@ -0,0 +1,137 @@
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 09:03:00 +0200
+Subject: multipart: Fix read out of buffer bounds under
+ soup_multipart_new_from_message()
+
+This is CVE-2025-32914, special crafted input can cause read out of buffer bounds
+of the body argument.
+
+Closes #436
+
+(cherry picked from commit 5bfcf8157597f2d327050114fb37ff600004dbcf)
+
+Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/blob/debian/bullseye/debian/patches/CVE-2025-32914.patch?ref_type=heads
+Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf]
+CVE: CVE-2025-32914
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-multipart.c |  2 +-
+ tests/multipart-test.c   | 85 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 86 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index a7e550f..dd93973 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -181,7 +181,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
+                        return NULL;
+                }
+ 
+-               split = strstr (start, "\r\n\r\n");
++               split = g_strstr_len (start, body_end - start, "\r\n\r\n");
+                if (!split || split > end) {
+                        soup_multipart_free (multipart);
+                        soup_buffer_free (flattened);
+diff --git a/tests/multipart-test.c b/tests/multipart-test.c
+index 64a5ebf..834b181 100644
+--- a/tests/multipart-test.c
++++ b/tests/multipart-test.c
+@@ -479,6 +479,89 @@ test_multipart (gconstpointer data)
+        g_main_loop_unref (loop);
+ }
+ 
++static void
++test_multipart_bounds_good (void)
++{
++       #define TEXT "line1\r\nline2"
++       SoupMultipart *multipart;
++       SoupMessageHeaders *headers, *set_headers = NULL;
++       //GBytes *bytes, *set_bytes = NULL;
++       GBytes *bytes;
++       const char *raw_data = "--123\r\nContent-Type: text/plain;\r\n\r\n" TEXT "\r\n--123--\r\n";
++       gboolean success;
++       SoupMessageBody *body = soup_message_body_new ();
++       SoupBuffer *set_buffer = NULL;
++       gconstpointer data;
++       gsize size;
++
++       headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++       soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++       bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++       data = g_bytes_get_data(bytes, NULL);
++       size = g_bytes_get_size(bytes);
++
++       soup_message_body_append(body, SOUP_MEMORY_STATIC, data, size);
++
++       //multipart = soup_multipart_new_from_message (headers, bytes);
++       multipart = soup_multipart_new_from_message (headers, body);
++
++       soup_message_body_free (body);
++
++       g_assert_nonnull (multipart);
++       g_assert_cmpint (soup_multipart_get_length (multipart), ==, 1);
++       success = soup_multipart_get_part (multipart, 0, &set_headers, &set_buffer);
++       g_assert_true (success);
++       g_assert_nonnull (set_headers);
++       //g_assert_nonnull (set_bytes);
++       g_assert_nonnull (set_buffer);
++       //g_assert_cmpint (strlen (TEXT), ==, g_bytes_get_size (set_bytes));
++       g_assert_cmpint (strlen (TEXT), ==, set_buffer->length);
++       g_assert_cmpstr ("text/plain", ==, soup_message_headers_get_content_type (set_headers, NULL));
++       //g_assert_cmpmem (TEXT, strlen (TEXT), g_bytes_get_data (set_bytes, NULL), g_bytes_get_size (set_bytes));
++       g_assert_cmpmem(TEXT, strlen(TEXT), set_buffer->data, set_buffer->length);
++
++       soup_message_headers_free (headers);
++       g_bytes_unref (bytes);
++
++       soup_multipart_free (multipart);
++
++       #undef TEXT
++}
++
++static void
++test_multipart_bounds_bad (void)
++{
++       SoupMultipart *multipart;
++       SoupMessageHeaders *headers;
++       GBytes *bytes;
++       const char *raw_data = "--123\r\nContent-Type: text/plain;\r\nline1\r\nline2\r\n--123--\r\n";
++       SoupMessageBody *body = soup_message_body_new ();
++       gconstpointer data;
++       gsize size;
++
++       headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++       soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++       bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++       data = g_bytes_get_data(bytes, NULL);
++       size = g_bytes_get_size(bytes);
++
++       soup_message_body_append(body, SOUP_MEMORY_STATIC, data, size);
++
++       /* it did read out of raw_data/bytes bounds */
++       //multipart = soup_multipart_new_from_message (headers, bytes);
++       multipart = soup_multipart_new_from_message (headers, body);
++       g_assert_null (multipart);
++
++       soup_message_body_free (body);
++
++       soup_message_headers_free (headers);
++       g_bytes_unref (bytes);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -508,6 +591,8 @@ main (int argc, char **argv)
+        g_test_add_data_func ("/multipart/sync", GINT_TO_POINTER (SYNC_MULTIPART), test_multipart);
+        g_test_add_data_func ("/multipart/async", GINT_TO_POINTER (ASYNC_MULTIPART), test_multipart);
+        g_test_add_data_func ("/multipart/async-small-reads", GINT_TO_POINTER (ASYNC_MULTIPART_SMALL_READS), test_multipart);
++       g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
++       g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
+ 
+        ret = g_test_run ();
+ 
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
new file mode 100644
index 0000000000..874f62e7ad
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
@@ -0,0 +1,38 @@
+From 52a0f9234d384b9dab368835b22e5a5a01542168 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 16 May 2025 14:16:10 +0800
+Subject: [PATCH] auth-digest: fix crash in
+ soup_auth_digest_get_protection_space()
+
+We need to validate the Domain parameter in the WWW-Authenticate header.
+
+Unfortunately this crash only occurs when listening on default ports 80
+and 443, so there's no good way to test for this. The test would require
+running as root.
+
+Fixes #440
+
+CVE: CVE-2025-4476
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c?merge_request_iid=457]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index f1621ec..a2dc560 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -229,7 +229,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, SoupURI *source_uri)
+                        uri = soup_uri_new (d);
+                        if (uri && uri->scheme == source_uri->scheme &&
+                            uri->port == source_uri->port &&
+-                           !strcmp (uri->host, source_uri->host))
++                           !g_strcmp0 (uri->host, source_uri->host))
+                                dir = g_strdup (uri->path);
+                        else
+                                dir = NULL;
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46420.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46420.patch
new file mode 100644
index 0000000000..37ab16dc05
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46420.patch
@@ -0,0 +1,60 @@
+From c9083869ec2a3037e6df4bd86b45c419ba295f8e Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Thu, 26 Dec 2024 18:31:42 -0600
+Subject: [PATCH] soup_header_parse_quality_list: Fix leak
+
+When iterating over the parsed list we now steal the allocated strings that we want and then free_full the list which may contain remaining strings.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e]
+CVE: CVE-2025-46420
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ libsoup/soup-headers.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a5f7a7f6..85385cea 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -530,7 +530,7 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+        GSList *unsorted;
+        QualityItem *array;
+        GSList *sorted, *iter;
+-       char *item, *semi;
++       char *semi;
+        const char *param, *equal, *value;
+        double qval;
+        int n;
+@@ -543,9 +543,8 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+        unsorted = soup_header_parse_list (header);
+        array = g_new0 (QualityItem, g_slist_length (unsorted));
+        for (iter = unsorted, n = 0; iter; iter = iter->next) {
+-               item = iter->data;
+                qval = 1.0;
+-               for (semi = strchr (item, ';'); semi; semi = strchr (semi + 1, ';')) {
++               for (semi = strchr (iter->data, ';'); semi; semi = strchr (semi + 1, ';')) {
+                        param = skip_lws (semi + 1);
+                        if (*param != 'q')
+                                continue;
+@@ -577,15 +576,15 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+                if (qval == 0.0) {
+                        if (unacceptable) {
+                                *unacceptable = g_slist_prepend (*unacceptable,
+-                                                                item);
++                                                                g_steal_pointer (&iter->data));
+                        }
+                } else {
+-                       array[n].item = item;
++                       array[n].item = g_steal_pointer (&iter->data);
+                        array[n].qval = qval;
+                        n++;
+                }
+        }
+-       g_slist_free (unsorted);
++       g_slist_free_full (unsorted, g_free);
+ 
+        qsort (array, n, sizeof (QualityItem), sort_by_qval);
+        sorted = NULL;
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch
new file mode 100644
index 0000000000..26067c4bb8
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch
@@ -0,0 +1,47 @@
+From 5eb225f02bb35de56cfeedd87bde716bf1cb750b Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 5 Feb 2025 16:18:10 -0600
+Subject: [PATCH] session: Strip authentication credentails on
+ cross-origin redirect
+
+This should match the behavior of Firefox and Safari but not of Chromium.
+
+CVE: CVE-2025-46421
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/436/diffs?commit_id=3e5c26415811f19e7737238bb23305ffaf96f66b]
+
+Test code not added since it included some headers not in version 2.74.3
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-session.c |  8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
+index 83421ef..8d6ac61 100644
+--- a/libsoup/soup-session.c
++++ b/libsoup/soup-session.c
+@@ -1189,12 +1189,18 @@ soup_session_redirect_message (SoupSession *session, SoupMessage *msg)
+                                                   SOUP_ENCODING_NONE);
+        }
+ 
++       /* Strip all credentials on cross-origin redirect. */
++       if (!soup_uri_host_equal (soup_message_get_uri (msg), new_uri)) {
++               soup_message_headers_remove (msg->request_headers, "Authorization");
++               soup_message_set_auth (msg, NULL);
++       }
++
+        soup_message_set_uri (msg, new_uri);
+        soup_uri_free (new_uri);
+ 
+        soup_session_requeue_message (session, msg);
+        return TRUE;
+-}
++}
+ 
+ static void
+ redirect_handler (SoupMessage *msg, gpointer user_data)
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch
new file mode 100644
index 0000000000..b15b8c763d
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch
@@ -0,0 +1,38 @@
+From dfdc9b3cc73e6fe88cc12792ba00e14642572339 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Thu, 15 May 2025 17:49:11 +0200
+Subject: [PATCH] soup-multipart: Verify boundary limits for multipart body
+
+It could happen that the boundary started at a place which resulted into
+a negative number, which in an unsigned integer is a very large value.
+Check the body size is not a negative value before setting it.
+
+Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463>
+
+CVE: CVE-2025-4948
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463/diffs?commit_id=f2f28afe0b3b2b3009ab67d6874457ec6bac70c0]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-multipart.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index dd93973..ce2fc10 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -214,7 +214,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
+                 */
+                part_body = soup_buffer_new_subbuffer (flattened,
+                                                       split - flattened->data,
+-                                                      end - 2 - split);
++                                                      end - 2 >= split ? end - 2 - split : 0);
+                g_ptr_array_add (multipart->bodies, part_body);
+ 
+                start = end;
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch
new file mode 100644
index 0000000000..d45b2a2cb0
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch
@@ -0,0 +1,76 @@
+From 07b94e27afafebf31ef3cd868866a1e383750086 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Mon, 19 May 2025 17:48:27 +0200
+Subject: [PATCH] soup-multipart: Verify array bounds before accessing its
+ members
+
+The boundary could be at a place which, calculated, pointed
+before the beginning of the array. Check the bounds, to avoid
+read out of the array bounds.
+
+Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/447
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/07b94e27afafebf31ef3cd868866a1e383750086]
+CVE: CVE-2025-4969
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libsoup/soup-multipart.c |  2 +-
+ tests/multipart-test.c   | 22 ++++++++++++++++++++++
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index dd93973..b3611db 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -108,7 +108,7 @@ find_boundary (const char *start, const char *end,
+                        continue;
+ 
+                /* Check that it's at start of line */
+-               if (!(b == start || (b[-1] == '\n' && b[-2] == '\r')))
++               if (!(b == start || (b - start >= 2 && b[-1] == '\n' && b[-2] == '\r')))
+                        continue;
+ 
+                /* Check for "--" or "\r\n" after boundary */
+diff --git a/tests/multipart-test.c b/tests/multipart-test.c
+index 834b181..980eb68 100644
+--- a/tests/multipart-test.c
++++ b/tests/multipart-test.c
+@@ -562,6 +562,27 @@ test_multipart_bounds_bad (void)
+        g_bytes_unref (bytes);
+ }
+ 
++static void
++test_multipart_bounds_bad_2 (void)
++{
++       SoupMultipart *multipart;
++       SoupMessageHeaders *headers;
++       GBytes *bytes;
++       const char *raw_data = "\n--123\r\nline\r\n--123--\r";
++
++       headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++       soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++       bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++       multipart = soup_multipart_new_from_message (headers, bytes);
++       g_assert_nonnull (multipart);
++
++       soup_multipart_free (multipart);
++       soup_message_headers_free (headers);
++       g_bytes_unref (bytes);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -593,6 +614,7 @@ main (int argc, char **argv)
+        g_test_add_data_func ("/multipart/async-small-reads", GINT_TO_POINTER (ASYNC_MULTIPART_SMALL_READS), test_multipart);
+        g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
+        g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
++       g_test_add_func ("/multipart/bounds-bad-2", test_multipart_bounds_bad_2);
+ 
+        ret = g_test_run ();
+ 
+-- 
+2.49.0
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index ee20530b64..0da309ebd8 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -12,7 +12,35 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl"
 SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 
 SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
-           file://0001-Fix-build-with-libxml2-2.12.0-and-clang-17.patch"
+           file://0001-Fix-build-with-libxml2-2.12.0-and-clang-17.patch \
+           file://CVE-2024-52530.patch \
+           file://CVE-2024-52531-1.patch \
+           file://CVE-2024-52531-2.patch \
+           file://CVE-2024-52532-1.patch \
+           file://CVE-2024-52532-2.patch \
+           file://CVE-2024-52532-3.patch \
+           file://CVE-2025-32906-1.patch \
+           file://CVE-2025-32906-2.patch \
+           file://CVE-2025-32909.patch \
+           file://CVE-2025-46420.patch \
+           file://CVE-2025-32910-1.patch \
+           file://CVE-2025-32910-2.patch \
+           file://CVE-2025-32910-3.patch \
+           file://CVE-2025-32911_CVE-2025-32913-1.patch \
+           file://CVE-2025-32911_CVE-2025-32913-2.patch \
+           file://CVE-2025-32912-1.patch \
+           file://CVE-2025-32912-2.patch \
+           file://CVE-2025-32914.patch \
+           file://CVE-2025-4969.patch \
+           file://CVE-2025-32907.patch \
+           file://CVE-2025-32053.patch \
+           file://CVE-2025-32052.patch \
+           file://CVE-2025-32050.patch \
+           file://CVE-2025-46421.patch \
+           file://CVE-2025-4948.patch \
+           file://CVE-2025-4476.patch \
+           file://CVE-2025-2784.patch \
+"
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 
 CVE_PRODUCT = "libsoup"
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch
new file mode 100644
index 0000000000..fb6d5c3c6f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch
@@ -0,0 +1,150 @@
+From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 8 Jul 2024 12:33:15 -0500
+Subject: [PATCH] headers: Strictly don't allow NUL bytes
+
+In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
+
+CVE: CVE-2024-52530
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-headers.c      | 15 +++------
+ tests/header-parsing-test.c | 62 +++++++++++++++++--------------------
+ 2 files changed, 32 insertions(+), 45 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a0cf351ac..f30ee467a 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+         * ignorable trailing whitespace.
+         */
+ 
++       /* No '\0's are allowed */
++       if (memchr (str, '\0', len))
++               return FALSE;
++
+        /* Skip over the Request-Line / Status-Line */
+        headers_start = memchr (str, '\n', len);
+        if (!headers_start)
+                return FALSE;
+-       /* No '\0's in the Request-Line / Status-Line */
+-       if (memchr (str, '\0', headers_start - str))
+-               return FALSE;
+ 
+        /* We work on a copy of the headers, which we can write '\0's
+         * into, so that we don't have to individually g_strndup and
+@@ -69,14 +70,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+        headers_copy[copy_len] = '\0';
+        value_end = headers_copy;
+ 
+-       /* There shouldn't be any '\0's in the headers already, but
+-        * this is the web we're talking about.
+-        */
+-       while ((p = memchr (headers_copy, '\0', copy_len))) {
+-               memmove (p, p + 1, copy_len - (p - headers_copy));
+-               copy_len--;
+-       }
+-
+        while (*(value_end + 1)) {
+                name = value_end + 1;
+                name_end = strchr (name, ':');
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index edf8eebb3..715c2c6f2 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -358,24 +358,6 @@ static struct RequestTest {
+          }
+        },
+ 
+-       { "NUL in header name", "760832",
+-         "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+-         SOUP_STATUS_OK,
+-         "GET", "/", SOUP_HTTP_1_1,
+-         { { "Host", "example.com" },
+-           { NULL }
+-         }
+-       },
+-
+-       { "NUL in header value", "760832",
+-         "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
+-         SOUP_STATUS_OK,
+-         "GET", "/", SOUP_HTTP_1_1,
+-         { { "Host", "examplecom" },
+-           { NULL }
+-         }
+-       },
+-
+        /************************/
+        /*** INVALID REQUESTS ***/
+        /************************/
+@@ -448,6 +430,21 @@ static struct RequestTest {
+          SOUP_STATUS_EXPECTATION_FAILED,
+          NULL, NULL, -1,
+          { { NULL } }
++       },
++
++       // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++       { "NUL in header name", NULL,
++         "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
++         SOUP_STATUS_BAD_REQUEST,
++         NULL, NULL, -1,
++         { { NULL } }
++       },
++
++       { "NUL in header value", NULL,
++         "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++         SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++         { { NULL } }
+        }
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+@@ -620,22 +617,6 @@ static struct ResponseTest {
+            { NULL } }
+        },
+ 
+-       { "NUL in header name", "760832",
+-         "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+-         SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-         { { "Foo", "bar" },
+-           { NULL }
+-         }
+-       },
+-
+-       { "NUL in header value", "760832",
+-         "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+-         SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-         { { "Foo", "bar" },
+-           { NULL }
+-         }
+-       },
+-
+        /********************************/
+        /*** VALID CONTINUE RESPONSES ***/
+        /********************************/
+@@ -768,6 +749,19 @@ static struct ResponseTest {
+          { { NULL }
+          }
+        },
++
++       // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++       { "NUL in header name", NULL,
++         "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
++         -1, 0, NULL,
++         { { NULL } }
++       },
++
++       { "NUL in header value", "760832",
++         "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++         -1, 0, NULL,
++         { { NULL } }
++       },
+ };
+ static const int num_resptests = G_N_ELEMENTS (resptests);
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch
new file mode 100644
index 0000000000..c8e855c128
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch
@@ -0,0 +1,116 @@
+From 4ec9e3d286b6d3e982cb0fc3564dee0bf8d87ede Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 27 Aug 2024 12:18:58 -0500
+Subject: [PATCH] fuzzing: Cover soup_header_parse_param_list
+
+CVE: CVE-2024-52531
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/diffs?commit_id=4ec9e3d286b6d3e982cb0fc3564dee0bf8d87ede]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ fuzzing/fuzz.h                   |  9 +++++++--
+ fuzzing/fuzz_header_parsing.c    | 19 +++++++++++++++++++
+ fuzzing/fuzz_header_parsing.dict |  8 ++++++++
+ fuzzing/meson.build              |  2 ++
+ 4 files changed, 36 insertions(+), 2 deletions(-)
+ create mode 100644 fuzzing/fuzz_header_parsing.c
+ create mode 100644 fuzzing/fuzz_header_parsing.dict
+
+diff --git a/fuzzing/fuzz.h b/fuzzing/fuzz.h
+index 0d380285..f3bd28ee 100644
+--- a/fuzzing/fuzz.h
++++ b/fuzzing/fuzz.h
+@@ -1,13 +1,14 @@
+ #include "libsoup/soup.h"
+ 
+ int LLVMFuzzerTestOneInput (const unsigned char *data, size_t size);
++static int set_logger = 0;
+ 
+ #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ static GLogWriterOutput
+ empty_logging_func (GLogLevelFlags log_level, const GLogField *fields,
+                     gsize n_fields, gpointer user_data)
+ {
+-  return G_LOG_WRITER_HANDLED;
++        return G_LOG_WRITER_HANDLED;
+ }
+ #endif
+ 
+@@ -16,6 +17,10 @@ static void
+ fuzz_set_logging_func (void)
+ {
+ #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+-  g_log_set_writer_func (empty_logging_func, NULL, NULL);
++        if (!set_logger)
++        {
++                set_logger = 1;
++                g_log_set_writer_func (empty_logging_func, NULL, NULL);
++        }
+ #endif
+ }
+diff --git a/fuzzing/fuzz_header_parsing.c b/fuzzing/fuzz_header_parsing.c
+new file mode 100644
+index 00000000..a8e5c1f9
+--- /dev/null
++++ b/fuzzing/fuzz_header_parsing.c
+@@ -0,0 +1,19 @@
++#include "fuzz.h"
++
++int
++LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
++{
++        GHashTable *elements;
++
++        // We only accept NUL terminated strings
++        if (!size || data[size - 1] != '\0')
++                return 0;
++
++        fuzz_set_logging_func ();
++
++        elements = soup_header_parse_param_list((char*)data);
++
++        g_hash_table_unref(elements);
++
++        return 0;
++}
+\ No newline at end of file
+diff --git a/fuzzing/fuzz_header_parsing.dict b/fuzzing/fuzz_header_parsing.dict
+new file mode 100644
+index 00000000..1562ca3a
+--- /dev/null
++++ b/fuzzing/fuzz_header_parsing.dict
+@@ -0,0 +1,8 @@
++"*=UTF-8''"
++"*=iso-8859-1''"
++"'"
++"''"
++"="
++"*="
++"""
++";"
+\ No newline at end of file
+diff --git a/fuzzing/meson.build b/fuzzing/meson.build
+index b14cbb50..5dd0f417 100644
+--- a/fuzzing/meson.build
++++ b/fuzzing/meson.build
+@@ -5,6 +5,7 @@ fuzz_targets = [
+   'fuzz_cookie_parse',
+   'fuzz_content_sniffer',
+   'fuzz_date_time',
++  'fuzz_header_parsing',
+ ]
+ 
+ fuzzing_args = '-fsanitize=fuzzer,address,undefined'
+@@ -34,6 +35,7 @@ if have_fuzzing and (fuzzing_feature.enabled() or fuzzing_feature.auto())
+         '-runs=200000',
+         '-artifact_prefix=meson-logs/' + target + '-',
+         '-print_final_stats=1',
++        '-max_len=4096',
+       ] + extra_args,
+       env: [
+         'ASAN_OPTIONS=fast_unwind_on_malloc=0',
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch
new file mode 100644
index 0000000000..7e0d81ba4c
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch
@@ -0,0 +1,40 @@
+From 825fda3425546847b42ad5270544e9388ff349fe Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 27 Aug 2024 13:52:08 -0500
+Subject: [PATCH] tests: Add test for passing invalid UTF-8 to
+ soup_header_parse_semi_param_list()
+
+CVE: CVE-2024-52531
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/diffs?commit_id=825fda3425546847b42ad5270544e9388ff349fe]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ tests/header-parsing-test.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 715c2c6f..5e423d2b 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -825,6 +825,17 @@ static struct ParamListTest {
+            { "filename", "t\xC3\xA9st.txt" },
+          },
+        },
++
++        /* This tests invalid UTF-8 data which *should* never be passed here but it was designed to be robust against it. */
++        { TRUE,
++              "invalid*=\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; filename*=iso-8859-1''\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; foo",
++              {
++                    { "filename", "i''\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
++                    { "invalid", "\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
++                    { "foo", NULL },
++
++                },
++        }
+ };
+ static const int num_paramlisttests = G_N_ELEMENTS (paramlisttests);
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch
new file mode 100644
index 0000000000..a47c8747c5
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch
@@ -0,0 +1,136 @@
+From a35222dd0bfab2ac97c10e86b95f762456628283 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 27 Aug 2024 13:53:26 -0500
+Subject: [PATCH] headers: Be more robust against invalid input when parsing
+ params
+
+If you pass invalid input to a function such as soup_header_parse_param_list_strict()
+it can cause an overflow if it decodes the input to UTF-8.
+
+This should never happen with valid UTF-8 input which libsoup's client API
+ensures, however it's server API does not currently.
+
+CVE: CVE-2024-52531
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/diffs?commit_id=a35222dd0bfab2ac97c10e86b95f762456628283]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ libsoup/soup-headers.c | 46 ++++++++++++++++++++++--------------------
+ 1 file changed, 24 insertions(+), 22 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index f30ee467..613e1905 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -646,8 +646,9 @@ soup_header_contains (const char *header, const char *token)
+ }
+ 
+ static void
+-decode_quoted_string (char *quoted_string)
++decode_quoted_string_inplace (GString *quoted_gstring)
+ {
++       char *quoted_string = quoted_gstring->str;
+        char *src, *dst;
+ 
+        src = quoted_string + 1;
+@@ -661,10 +662,11 @@ decode_quoted_string (char *quoted_string)
+ }
+ 
+ static gboolean
+-decode_rfc5987 (char *encoded_string)
++decode_rfc5987_inplace (GString *encoded_gstring)
+ {
+        char *q, *decoded;
+        gboolean iso_8859_1 = FALSE;
++       const char *encoded_string = encoded_gstring->str;
+ 
+        q = strchr (encoded_string, '\'');
+        if (!q)
+@@ -696,14 +698,7 @@ decode_rfc5987 (char *encoded_string)
+                decoded = utf8;
+        }
+ 
+-       /* If encoded_string was UTF-8, then each 3-character %-escape
+-        * will be converted to a single byte, and so decoded is
+-        * shorter than encoded_string. If encoded_string was
+-        * iso-8859-1, then each 3-character %-escape will be
+-        * converted into at most 2 bytes in UTF-8, and so it's still
+-        * shorter.
+-        */
+-       strcpy (encoded_string, decoded);
++       g_string_assign (encoded_gstring, decoded);
+        g_free (decoded);
+        return TRUE;
+ }
+@@ -713,15 +708,17 @@ parse_param_list (const char *header, char delim, gboolean strict)
+ {
+        GHashTable *params;
+        GSList *list, *iter;
+-       char *item, *eq, *name_end, *value;
+-       gboolean override, duplicated;
+ 
+        params = g_hash_table_new_full (soup_str_case_hash, 
+                                        soup_str_case_equal,
+-                                       g_free, NULL);
++                                       g_free, g_free);
+ 
+        list = parse_list (header, delim);
+        for (iter = list; iter; iter = iter->next) {
++               char *item, *eq, *name_end;
++               gboolean override, duplicated;
++               GString *parsed_value = NULL;
++
+                item = iter->data;
+                override = FALSE;
+ 
+@@ -736,19 +733,19 @@ parse_param_list (const char *header, char delim, gboolean strict)
+ 
+                        *name_end = '\0';
+ 
+-                       value = (char *)skip_lws (eq + 1);
++                       parsed_value = g_string_new ((char *)skip_lws (eq + 1));
+ 
+                        if (name_end[-1] == '*' && name_end > item + 1) {
+                                name_end[-1] = '\0';
+-                               if (!decode_rfc5987 (value)) {
++                               if (!decode_rfc5987_inplace (parsed_value)) {
++                                       g_string_free (parsed_value, TRUE);
+                                        g_free (item);
+                                        continue;
+                                }
+                                override = TRUE;
+-                       } else if (*value == '"')
+-                               decode_quoted_string (value);
+-               } else
+-                       value = NULL;
++                       } else if (parsed_value->str[0] == '"')
++                               decode_quoted_string_inplace (parsed_value);
++               }
+ 
+                duplicated = g_hash_table_lookup_extended (params, item, NULL, NULL);
+ 
+@@ -756,11 +753,16 @@ parse_param_list (const char *header, char delim, gboolean strict)
+                        soup_header_free_param_list (params);
+                        params = NULL;
+                        g_slist_foreach (iter, (GFunc)g_free, NULL);
++                       if (parsed_value)
++                               g_string_free (parsed_value, TRUE);
+                        break;
+-               } else if (override || !duplicated)
+-                       g_hash_table_replace (params, item, value);
+-               else
++               } else if (override || !duplicated) {
++                       g_hash_table_replace (params, item, parsed_value ? g_string_free (parsed_value, FALSE) : NULL);
++               } else {
++                       if (parsed_value)
++                               g_string_free (parsed_value, TRUE);
+                        g_free (item);
++               }
+        }
+ 
+        g_slist_free (list);
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52532-0001.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52532-0001.patch
new file mode 100644
index 0000000000..272abb3abf
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52532-0001.patch
@@ -0,0 +1,42 @@
+From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 2 Oct 2024 11:17:19 +0200
+Subject: [PATCH] websocket-test: disconnect error copy after the test ends
+
+Otherwise the server will have already sent a few more wrong
+bytes and the client will continue getting errors to copy
+but the error is already != NULL and it will assert.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c]
+CVE: CVE-2024-52532
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tests/websocket-test.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tests/websocket-test.c b/tests/websocket-test.c
+index b954b01..9b37780 100644
+--- a/tests/websocket-test.c
++++ b/tests/websocket-test.c
+@@ -1489,8 +1489,9 @@ test_receive_invalid_encode_length_64 (Test *test,
+        GError *error = NULL;
+        InvalidEncodeLengthTest context = { test, NULL };
+        guint i;
++       guint error_id;
+ 
+-       g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
++       error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+        g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
+ 
+        /* We use 127(\x7f) as payload length with 65535 extended length */
+@@ -1503,6 +1504,7 @@ test_receive_invalid_encode_length_64 (Test *test,
+        WAIT_UNTIL (error != NULL || received != NULL);
+        g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
+        g_clear_error (&error);
++        g_signal_handler_disconnect (test->client, error_id);
+        g_assert_null (received);
+ 
+         g_thread_join (thread);
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52532-0002.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52532-0002.patch
new file mode 100644
index 0000000000..a1690a9980
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52532-0002.patch
@@ -0,0 +1,36 @@
+From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 11 Sep 2024 11:52:11 +0200
+Subject: [PATCH] websocket: process the frame as soon as we read data
+
+Otherwise we can enter in a read loop because we were not
+validating the data until the all the data was read.
+
+Fixes #391
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be]
+CVE: CVE-2024-52532
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libsoup/websocket/soup-websocket-connection.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/websocket/soup-websocket-connection.c b/libsoup/websocket/soup-websocket-connection.c
+index 2f7d920..df8f67d 100644
+--- a/libsoup/websocket/soup-websocket-connection.c
++++ b/libsoup/websocket/soup-websocket-connection.c
+@@ -1165,9 +1165,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self)
+                }
+ 
+                priv->incoming->len = len + count;
+-       } while (count > 0);
+ 
+-       process_incoming (self);
++               process_incoming (self);
++       } while (count > 0 && !priv->close_sent && !priv->io_closing);
+ 
+        if (end) {
+                if (!priv->close_sent || !priv->close_received) {
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-2784.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-2784.patch
new file mode 100644
index 0000000000..b2e1c12d48
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-2784.patch
@@ -0,0 +1,137 @@
+From dd10ae267e33bcc35646610d7cc1841da77d05e7 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 5 Feb 2025 14:39:42 -0600
+Subject: [PATCH] Fix CVE-2025-2784
+
+CVE: CVE-2025-2784
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435/diffs?commit_id=242a10fbb12dbdc12d254bd8fc8669a0ac055304
+https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/442/diffs?commit_id=c415ad0b6771992e66c70edf373566c6e247089d]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ .../content-sniffer/soup-content-sniffer.c    | 10 ++--
+ tests/meson.build                             |  4 +-
+ tests/sniffing-test.c                         | 48 +++++++++++++++++++
+ 3 files changed, 56 insertions(+), 6 deletions(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index aeee2e2..a5e18d5 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -638,8 +638,11 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, GBytes *buffer)
+ }
+ 
+ static gboolean
+-skip_insignificant_space (const char *resource, int *pos, int resource_length)
++skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
+ {
++        if (*pos >= resource_length)
++               return TRUE;
++
+        while ((resource[*pos] == '\x09') ||
+               (resource[*pos] == '\x20') ||
+               (resource[*pos] == '\x0A') ||
+@@ -659,7 +662,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+        gsize resource_length;
+        const char *resource = g_bytes_get_data (buffer, &resource_length);
+        resource_length = MIN (512, resource_length);
+-       int pos = 0;
++       gsize pos = 0;
+ 
+        if (resource_length < 3)
+                goto text_html;
+@@ -669,9 +672,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+                pos = 3;
+ 
+  look_for_tag:
+-       if (pos > resource_length)
+-               goto text_html;
+-
+        if (skip_insignificant_space (resource, &pos, resource_length))
+                goto text_html;
+ 
+diff --git a/tests/meson.build b/tests/meson.build
+index 7ef7ac5..95b13b8 100644
+--- a/tests/meson.build
++++ b/tests/meson.build
+@@ -95,7 +95,9 @@ tests = [
+   {'name': 'server-auth'},
+   {'name': 'server-mem-limit'},
+   {'name': 'server'},
+-  {'name': 'sniffing'},
++  {'name': 'sniffing',
++    'depends': [test_resources],
++  },
+   {'name': 'ssl',
+    'dependencies': [gnutls_dep],
+    'depends': mock_pkcs11_module,
+diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c
+index 6116719..7857732 100644
+--- a/tests/sniffing-test.c
++++ b/tests/sniffing-test.c
+@@ -342,6 +342,52 @@ test_disabled (gconstpointer data)
+        g_uri_unref (uri);
+ }
+ 
++static const gsize MARKUP_LENGTH = strlen ("<!--") + strlen ("-->");
++
++static void
++do_skip_whitespace_test (void)
++{
++        SoupContentSniffer *sniffer = soup_content_sniffer_new ();
++        SoupMessage *msg = soup_message_new (SOUP_METHOD_GET, "http://example.org");
++        const char *test_cases[] = {
++                "",
++                "<rdf:RDF",
++                "<rdf:RDFxmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\"",
++                "<rdf:RDFxmlns=\"http://purl.org/rss/1.0/\"",
++        };
++
++        soup_message_headers_set_content_type (soup_message_get_response_headers (msg), "text/html", NULL);
++
++        for (guint i = 0; i < G_N_ELEMENTS (test_cases); i++) {
++                const char *trailing_data = test_cases[i];
++                gsize leading_zeros = 512 - MARKUP_LENGTH - strlen (trailing_data);
++                gsize testsize = MARKUP_LENGTH + leading_zeros + strlen (trailing_data);
++                guint8 *data = g_malloc0 (testsize);
++                guint8 *p = data;
++                char *content_type;
++                GBytes *buffer;
++
++                // Format of <!--[0x00 * $leading_zeros]-->$trailing_data
++                memcpy (p, "<!--", strlen ("<!--"));
++                p += strlen ("<!--");
++                p += leading_zeros;
++                memcpy (p, "-->", strlen ("-->"));
++                p += strlen ("-->");
++                if (strlen (trailing_data))
++                        memcpy (p, trailing_data, strlen (trailing_data));
++                // Purposefully not NUL terminated.                
++
++                buffer = g_bytes_new_take (g_steal_pointer (&data), testsize);
++                content_type = soup_content_sniffer_sniff (sniffer, msg, buffer, NULL);
++
++                g_free (content_type);
++                g_bytes_unref (buffer);
++        }
++
++        g_object_unref (msg);
++        g_object_unref (sniffer);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -517,6 +563,8 @@ main (int argc, char **argv)
+                              "/text_or_binary/home.gif",
+                              test_disabled);
+ 
++       g_test_add_func ("/sniffing/whitespace", do_skip_whitespace_test);
++
+        ret = g_test_run ();
+ 
+        g_uri_unref (base_uri);
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32050.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32050.patch
new file mode 100644
index 0000000000..e5a4d747a1
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32050.patch
@@ -0,0 +1,29 @@
+From 30c86c9a284cf6f366ac87df0bca3e18a5de8671 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 28 Oct 2024 12:29:48 -0500
+Subject: [PATCH] Fix using int instead of size_t for strcspn return
+
+CVE: CVE-2025-32050
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-headers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 5fb32c2..52ef2ec 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -906,7 +906,7 @@ append_param_quoted (GString    *string,
+                     const char *name,
+                     const char *value)
+ {
+-       int len;
++       gsize len;
+ 
+        g_string_append (string, name);
+        g_string_append (string, "=\"");
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32051-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32051-1.patch
new file mode 100644
index 0000000000..efeda48b11
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32051-1.patch
@@ -0,0 +1,29 @@
+From dc5db30989f385303c79ec3188c52e33f6f5886e Mon Sep 17 00:00:00 2001
+From: Ar Jun <pkillarjun@protonmail.com>
+Date: Sat, 16 Nov 2024 11:50:09 -0600
+Subject: [PATCH 1/2] Fix possible NULL deref in soup_uri_decode_data_uri
+
+CVE: CVE-2025-32051
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/0713ba4a719da938dc8facc89fca99cd0aa3069f]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-uri-utils.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libsoup/soup-uri-utils.c b/libsoup/soup-uri-utils.c
+index be2b79b..0251279 100644
+--- a/libsoup/soup-uri-utils.c
++++ b/libsoup/soup-uri-utils.c
+@@ -303,6 +303,8 @@ soup_uri_decode_data_uri (const char *uri,
+ 
+         uri_string = g_uri_to_string (soup_uri);
+         g_uri_unref (soup_uri);
++        if (!uri_string)
++                return NULL;
+ 
+         start = uri_string + 5;
+         comma = strchr (start, ',');
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32051-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32051-2.patch
new file mode 100644
index 0000000000..24c184bb86
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32051-2.patch
@@ -0,0 +1,57 @@
+From 7d1557a60145927806c88d321e8322a9d9f49bb2 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 22 Nov 2024 13:39:51 -0600
+Subject: [PATCH 2/2] soup_uri_decode_data_uri(): Handle URIs with a path
+ starting with //
+
+CVE: CVE-2025-32051
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/79cfd65c9bd8024cd45dd725c284766329873709]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-uri-utils.c | 8 ++++++++
+ tests/uri-parsing-test.c | 2 ++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/libsoup/soup-uri-utils.c b/libsoup/soup-uri-utils.c
+index 0251279..1ff11cd 100644
+--- a/libsoup/soup-uri-utils.c
++++ b/libsoup/soup-uri-utils.c
+@@ -286,6 +286,7 @@ soup_uri_decode_data_uri (const char *uri,
+         gboolean base64 = FALSE;
+         char *uri_string;
+         GBytes *bytes;
++        const char *path;
+ 
+         g_return_val_if_fail (uri != NULL, NULL);
+ 
+@@ -301,6 +302,13 @@ soup_uri_decode_data_uri (const char *uri,
+         if (content_type)
+                 *content_type = NULL;
+ 
++        /* g_uri_to_string() is picky about paths that start with `//` and will assert. */
++        path = g_uri_get_path (soup_uri);
++        if (path[0] == '/' && path[1] == '/') {
++                g_uri_unref (soup_uri);
++                return NULL;
++        }
++
+         uri_string = g_uri_to_string (soup_uri);
+         g_uri_unref (soup_uri);
+         if (!uri_string)
+diff --git a/tests/uri-parsing-test.c b/tests/uri-parsing-test.c
+index 1f16273..418391e 100644
+--- a/tests/uri-parsing-test.c
++++ b/tests/uri-parsing-test.c
+@@ -141,6 +141,8 @@ static struct {
+         { "data:text/plain;base64,aGVsbG8=", "hello", "text/plain" },
+         { "data:text/plain;base64,invalid=", "", "text/plain" },
+         { "data:,", "", CONTENT_TYPE_DEFAULT },
++        { "data:.///", NULL, NULL },
++        { "data:/.//", NULL, NULL },
+ };
+ 
+ static void
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32052.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32052.patch
new file mode 100644
index 0000000000..78b712070b
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32052.patch
@@ -0,0 +1,31 @@
+From 779bcb279b1dc4eb8bcb22c5e727b1174630c3fc Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sat, 16 Nov 2024 12:07:30 -0600
+Subject: [PATCH] Fix heap buffer overflow in soup_content_sniffer_sniff
+
+Co-Author: Ar Jun <pkillarjun@protonmail.com>
+
+CVE: CVE-2025-32052
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index 23d5aaa..aeee2e2 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -529,7 +529,7 @@ sniff_unknown (SoupContentSniffer *sniffer, GBytes *buffer,
+                        guint index_pattern = 0;
+                        gboolean skip_row = FALSE;
+ 
+-                       while ((index_stream < resource_length) &&
++                       while ((index_stream < resource_length - 1) &&
+                               (index_pattern <= type_row->pattern_length)) {
+                                /* Skip insignificant white space ("WS" in the spec) */
+                                if (type_row->pattern[index_pattern] == ' ') {
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch
new file mode 100644
index 0000000000..93fa69e06c
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch
@@ -0,0 +1,40 @@
+From 819dbc0fcf174b8182cdb279f7be15ea1cde649f Mon Sep 17 00:00:00 2001
+From: Ar Jun <pkillarjun@protonmail.com>
+Date: Mon, 18 Nov 2024 14:59:51 -0600
+Subject: [PATCH] Fix heap buffer overflow in
+ soup-content-sniffer.c:sniff_feed_or_html()
+
+CVE: CVE-2025-32053
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index 2351c3f..23d5aaa 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -646,7 +646,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length)
+               (resource[*pos] == '\x0D')) {
+                *pos = *pos + 1;
+ 
+-               if (*pos > resource_length)
++               if (*pos >= resource_length)
+                        return TRUE;
+        }
+ 
+@@ -709,7 +709,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+                do {
+                        pos++;
+ 
+-                       if (pos > resource_length)
++                       if ((pos + 1) > resource_length)
+                                goto text_html;
+                } while (resource[pos] != '>');
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32906-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32906-1.patch
new file mode 100644
index 0000000000..916a41a71f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32906-1.patch
@@ -0,0 +1,61 @@
+From 1f509f31b6f8420a3661c3f990424ab7b9164931 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 11 Feb 2025 14:36:26 -0600
+Subject: [PATCH] headers: Handle parsing edge case
+
+This version number is specifically crafted to pass sanity checks allowing it to go one byte out of bounds.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931]
+CVE: CVE-2025-32906 #Dependency Patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      |  2 +-
+ tests/header-parsing-test.c | 12 ++++++++++++
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 85385cea..9d6d00a3 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -225,7 +225,7 @@ soup_headers_parse_request (const char          *str,
+            !g_ascii_isdigit (version[5]))
+                return SOUP_STATUS_BAD_REQUEST;
+        major_version = strtoul (version + 5, &p, 10);
+-       if (*p != '.' || !g_ascii_isdigit (p[1]))
++       if (p + 1 >= str + len || *p != '.' || !g_ascii_isdigit (p[1]))
+                return SOUP_STATUS_BAD_REQUEST;
+        minor_version = strtoul (p + 1, &p, 10);
+        version_end = p;
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 07ea2866..10ddb684 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -6,6 +6,10 @@ typedef struct {
+        const char *name, *value;
+ } Header;
+ 
++static char unterminated_http_version[] = {
++        'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.'
++};
++
+ static struct RequestTest {
+        const char *description;
+        const char *bugref;
+@@ -383,6 +387,14 @@ static struct RequestTest {
+          { { NULL } }
+        },
+ 
++        /* This couldn't be a C string as going one byte over would have been safe. */
++       { "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404",
++         unterminated_http_version, sizeof (unterminated_http_version),
++         SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++         { { NULL } }
++       },
++
+        { "Non-HTTP request", NULL,
+          "GET / SOUP/1.1\r\nHost: example.com\r\n", -1,
+          SOUP_STATUS_BAD_REQUEST,
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32906-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32906-2.patch
new file mode 100644
index 0000000000..5baad15648
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32906-2.patch
@@ -0,0 +1,83 @@
+From af5b9a4a3945c52b940d5ac181ef51bb12011f1f Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 12 Feb 2025 11:30:02 -0600
+Subject: [PATCH] headers: Handle parsing only newlines
+
+Closes #404
+Closes #407
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f]
+CVE: CVE-2025-32906
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      |  4 ++--
+ tests/header-parsing-test.c | 13 ++++++++++++-
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 9d6d00a3..52ef2ece 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -186,7 +186,7 @@ soup_headers_parse_request (const char          *str,
+        /* RFC 2616 4.1 "servers SHOULD ignore any empty line(s)
+         * received where a Request-Line is expected."
+         */
+-       while ((*str == '\r' || *str == '\n') && len > 0) {
++       while (len > 0 && (*str == '\r' || *str == '\n')) {
+                str++;
+                len--;
+        }
+@@ -371,7 +371,7 @@ soup_headers_parse_response (const char          *str,
+         * after a response, which we then see prepended to the next
+         * response on that connection.
+         */
+-       while ((*str == '\r' || *str == '\n') && len > 0) {
++       while (len > 0 && (*str == '\r' || *str == '\n')) {
+                str++;
+                len--;
+        }
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 10ddb684..4faafbd6 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -6,10 +6,15 @@ typedef struct {
+        const char *name, *value;
+ } Header;
+ 
++/* These are not C strings to ensure going one byte over is not safe. */
+ static char unterminated_http_version[] = {
+         'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.'
+ };
+ 
++static char only_newlines[] = {
++        '\n', '\n', '\n', '\n'
++};
++
+ static struct RequestTest {
+        const char *description;
+        const char *bugref;
+@@ -387,7 +392,6 @@ static struct RequestTest {
+          { { NULL } }
+        },
+ 
+-        /* This couldn't be a C string as going one byte over would have been safe. */
+        { "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404",
+          unterminated_http_version, sizeof (unterminated_http_version),
+          SOUP_STATUS_BAD_REQUEST,
+@@ -457,6 +461,13 @@ static struct RequestTest {
+          SOUP_STATUS_BAD_REQUEST,
+            NULL, NULL, -1,
+          { { NULL } }
++       },
++
++       { "Only newlines", NULL,
++         only_newlines, sizeof (only_newlines),
++         SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++         { { NULL } }
+        }
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
new file mode 100644
index 0000000000..026a38c39a
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
@@ -0,0 +1,200 @@
+From 4741bc288ece52f5dbaebc568e72ce14da3e2757 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 12:17:39 +0200
+Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges
+
+It had been skipping every second range, which generated an array
+of a lot of insane ranges, causing large memory usage by the server.
+
+Closes #428
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+
+CVE: CVE-2025-32907
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-message-headers.c |   1 +
+ tests/meson.build              |   1 +
+ tests/server-mem-limit-test.c  | 144 +++++++++++++++++++++++++++++++++
+ 3 files changed, 146 insertions(+)
+ create mode 100644 tests/server-mem-limit-test.c
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 95e2c31..d69d6e8 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1210,6 +1210,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
+                        if (cur->start <= prev->end) {
+                                prev->end = MAX (prev->end, cur->end);
+                                g_array_remove_index (array, i);
++                               i--;
+                        }
+                }
+        }
+diff --git a/tests/meson.build b/tests/meson.build
+index 9bf88be..7ef7ac5 100644
+--- a/tests/meson.build
++++ b/tests/meson.build
+@@ -93,6 +93,7 @@ tests = [
+   {'name': 'samesite'},
+   {'name': 'session'},
+   {'name': 'server-auth'},
++  {'name': 'server-mem-limit'},
+   {'name': 'server'},
+   {'name': 'sniffing'},
+   {'name': 'ssl',
+diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
+new file mode 100644
+index 0000000..98f1c40
+--- /dev/null
++++ b/tests/server-mem-limit-test.c
+@@ -0,0 +1,144 @@
++/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
++/*
++ * Copyright (C) 2025 Red Hat <www.redhat.com>
++ */
++
++#include "test-utils.h"
++
++#include <sys/resource.h>
++
++/*
++ This test limits memory usage to trigger too large buffer allocation crash.
++ As restoring the limits back to what it was does not always work, it's split
++ out of the server-test.c test with copied minimal server code.
++ */
++
++typedef struct {
++       SoupServer *server;
++       GUri *base_uri, *ssl_base_uri;
++       GSList *handlers;
++} ServerData;
++
++static void
++server_setup_nohandler (ServerData *sd, gconstpointer test_data)
++{
++       sd->server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
++       sd->base_uri = soup_test_server_get_uri (sd->server, "http", NULL);
++       if (tls_available)
++               sd->ssl_base_uri = soup_test_server_get_uri (sd->server, "https", NULL);
++}
++
++static void
++server_add_handler (ServerData         *sd,
++                   const char         *path,
++                   SoupServerCallback  callback,
++                   gpointer            user_data,
++                   GDestroyNotify      destroy)
++{
++       soup_server_add_handler (sd->server, path, callback, user_data, destroy);
++       sd->handlers = g_slist_prepend (sd->handlers, g_strdup (path));
++}
++
++static void
++server_setup (ServerData *sd, gconstpointer test_data)
++{
++       server_setup_nohandler (sd, test_data);
++}
++
++static void
++server_teardown (ServerData *sd, gconstpointer test_data)
++{
++       GSList *iter;
++
++       for (iter = sd->handlers; iter; iter = iter->next)
++               soup_server_remove_handler (sd->server, iter->data);
++       g_slist_free_full (sd->handlers, g_free);
++
++       g_clear_pointer (&sd->server, soup_test_server_quit_unref);
++       g_clear_pointer (&sd->base_uri, g_uri_unref);
++       g_clear_pointer (&sd->ssl_base_uri, g_uri_unref);
++}
++
++static void
++server_file_callback (SoupServer        *server,
++                     SoupServerMessage *msg,
++                     const char        *path,
++                     GHashTable        *query,
++                     gpointer           data)
++{
++       void *mem;
++
++       g_assert_cmpstr (path, ==, "/file");
++       g_assert_cmpstr (soup_server_message_get_method (msg), ==, SOUP_METHOD_GET);
++
++       mem = g_malloc0 (sizeof (char) * 1024 * 1024);
++       /* fedora-scan CI claims a warning about possibly leaked `mem` variable, thus use
++          the copy and free it explicitly, to workaround the false positive; the g_steal_pointer()
++          did not help for the malloc-ed memory */
++       soup_server_message_set_response (msg, "application/octet-stream", SOUP_MEMORY_COPY, mem, sizeof (char) * 1024 *1024);
++       soup_server_message_set_status (msg, SOUP_STATUS_OK, NULL);
++       g_free (mem);
++}
++
++static void
++do_ranges_overlaps_test (ServerData *sd, gconstpointer test_data)
++{
++       SoupSession *session;
++       SoupMessage *msg;
++       GString *range;
++       GUri *uri;
++       const char *chunk = ",0,0,0,0,0,0,0,0,0,0,0";
++
++       g_test_bug ("428");
++
++       #ifdef G_OS_WIN32
++       g_test_skip ("Cannot run under windows");
++       return;
++       #endif
++
++       range = g_string_sized_new (99 * 1024);
++       g_string_append (range, "bytes=1024");
++       while (range->len < 99 * 1024)
++               g_string_append (range, chunk);
++
++       session = soup_test_session_new (NULL);
++       server_add_handler (sd, "/file", server_file_callback, NULL, NULL);
++
++       uri = g_uri_parse_relative (sd->base_uri, "/file", SOUP_HTTP_URI_FLAGS, NULL);
++
++       msg = soup_message_new_from_uri ("GET", uri);
++       soup_message_headers_append (soup_message_get_request_headers (msg), "Range", range->str);
++
++       soup_test_session_send_message (session, msg);
++
++       soup_test_assert_message_status (msg, SOUP_STATUS_PARTIAL_CONTENT);
++
++       g_object_unref (msg);
++
++       g_string_free (range, TRUE);
++       g_uri_unref (uri);
++
++       soup_test_session_abort_unref (session);
++}
++
++int
++main (int argc, char **argv)
++{
++       int ret;
++
++       test_init (argc, argv, NULL);
++
++       #ifndef G_OS_WIN32
++       struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
++       /* limit memory usage, to trigger too large memory allocation abort */
++       g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
++       #endif
++
++       g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
++                   server_setup, do_ranges_overlaps_test, server_teardown);
++
++       ret = g_test_run ();
++
++       test_cleanup ();
++       return ret;
++}
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
new file mode 100644
index 0000000000..c1b6a1feba
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
@@ -0,0 +1,68 @@
+From 85716d2769b3e1acda024d2c7cbfb68139c5d90b Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 13 May 2025 14:20:46 +0200
+Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not
+ built witha sanitizer
+
+A build with -Db_sanitize=address crashes with failed mmap(), which is done
+inside libasan. The test requires 20.0TB of virtual memory when running with
+the sanitizer, which is beyond unsigned integer limits and may not trigger
+the bug anyway.
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+
+CVE: CVE-2025-32907
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ meson.build                   |  4 ++++
+ tests/server-mem-limit-test.c | 13 +++++++++----
+ 2 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 73a9fa0..a9531a4 100644
+--- a/meson.build
++++ b/meson.build
+@@ -374,6 +374,10 @@ configinc = include_directories('.')
+ 
+ prefix = get_option('prefix')
+ 
++if get_option('b_sanitize') != 'none'
++  cdata.set_quoted('B_SANITIZE_OPTION', get_option('b_sanitize'))
++endif
++
+ cdata.set_quoted('PACKAGE_VERSION', soup_version)
+ cdata.set_quoted('LOCALEDIR', join_paths(prefix, get_option('localedir')))
+ cdata.set_quoted('GETTEXT_PACKAGE', libsoup_api_name)
+diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
+index 98f1c40..65dc875 100644
+--- a/tests/server-mem-limit-test.c
++++ b/tests/server-mem-limit-test.c
+@@ -126,14 +126,19 @@ main (int argc, char **argv)
+ {
+        int ret;
+ 
+-       test_init (argc, argv, NULL);
+-
+-       #ifndef G_OS_WIN32
+-       struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
++       /* a build with an address sanitizer may crash on mmap() with the limit,
++          thus skip the limit set in such case, even it may not necessarily
++          trigger the bug if it regresses */
++       #if !defined(G_OS_WIN32) && !defined(B_SANITIZE_OPTION)
++       struct rlimit new_rlimit = { 1024UL * 1024UL * 1024UL * 2UL, 1024UL * 1024UL * 1024UL * 2UL };
+        /* limit memory usage, to trigger too large memory allocation abort */
+        g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
++       #else
++       g_message ("server-mem-limit-test: Running without memory limit");
+        #endif
+ 
++       test_init (argc, argv, NULL);
++
+        g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
+                    server_setup, do_ranges_overlaps_test, server_teardown);
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch
new file mode 100644
index 0000000000..8ad0e16d45
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch
@@ -0,0 +1,89 @@
+From 56b8eb061a02c4e99644d6f1e62e601d0d814beb Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 09:59:05 +0200
+Subject: [PATCH 1/2] soup-server-http2: Check validity of the constructed
+ connection URI
+
+The HTTP/2 pseudo-headers can contain invalid values, which the GUri rejects
+and returns NULL, but the soup-server did not check the validity and could
+abort the server itself later in the code.
+
+Closes #429
+
+CVE: CVE-2025-32908
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/451/diffs?commit_id=a792b23ab87cacbf4dd9462bf7b675fa678efbae]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ .../http2/soup-server-message-io-http2.c      |  4 +++
+ tests/http2-test.c                            | 28 +++++++++++++++++++
+ 2 files changed, 32 insertions(+)
+
+diff --git a/libsoup/server/http2/soup-server-message-io-http2.c b/libsoup/server/http2/soup-server-message-io-http2.c
+index 943ecfd..f1fe2d5 100644
+--- a/libsoup/server/http2/soup-server-message-io-http2.c
++++ b/libsoup/server/http2/soup-server-message-io-http2.c
+@@ -771,9 +771,13 @@ on_frame_recv_callback (nghttp2_session     *session,
+                 char *uri_string;
+                 GUri *uri;
+ 
++               if (msg_io->scheme == NULL || msg_io->authority == NULL || msg_io->path == NULL)
++                       return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+                 uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path);
+                 uri = g_uri_parse (uri_string, SOUP_HTTP_URI_FLAGS, NULL);
+                 g_free (uri_string);
++               if (uri == NULL)
++                       return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+                 soup_server_message_set_uri (msg_io->msg, uri);
+                 g_uri_unref (uri);
+ 
+diff --git a/tests/http2-test.c b/tests/http2-test.c
+index ef097f4..df86d9b 100644
+--- a/tests/http2-test.c
++++ b/tests/http2-test.c
+@@ -1241,6 +1241,30 @@ do_connection_closed_test (Test *test, gconstpointer data)
+         g_uri_unref (uri);
+ }
+ 
++static void
++do_broken_pseudo_header_test (Test *test, gconstpointer data)
++{
++       char *path;
++       SoupMessage *msg;
++       GUri *uri;
++       GBytes *body = NULL;
++       GError *error = NULL;
++
++       uri = g_uri_parse_relative (base_uri, "/ag", SOUP_HTTP_URI_FLAGS, NULL);
++
++       /* an ugly cheat to construct a broken URI, which can be sent from other libs */
++       path = (char *) g_uri_get_path (uri);
++       path[1] = '%';
++
++       msg = soup_message_new_from_uri (SOUP_METHOD_GET, uri);
++       body = soup_test_session_async_send (test->session, msg, NULL, &error);
++       g_assert_error (error, G_IO_ERROR, G_IO_ERROR_PARTIAL_INPUT);
++       g_assert_null (body);
++       g_clear_error (&error);
++       g_object_unref (msg);
++       g_uri_unref (uri);
++}
++
+ static gboolean
+ unpause_message (SoupServerMessage *msg)
+ {
+@@ -1549,6 +1573,10 @@ main (int argc, char **argv)
+                     setup_session,
+                     do_connection_closed_test,
+                     teardown_session);
++        g_test_add ("/http2/broken-pseudo-header", Test, NULL,
++                    setup_session,
++                    do_broken_pseudo_header_test,
++                    teardown_session);
+ 
+        ret = g_test_run ();
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch
new file mode 100644
index 0000000000..b53c7efb7b
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch
@@ -0,0 +1,53 @@
+From aad0dcf22ee9fdfefa6b72055268240cceccfe4c Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Mon, 28 Apr 2025 10:55:42 +0200
+Subject: [PATCH 2/2] soup-server-http2: Correct check of the validity of the
+ constructed connection URI
+
+RFC 5740: the CONNECT has unset the "scheme" and "path", thus allow them unset.
+
+The commit a792b23ab87cacbf4dd9462bf7b675fa678efbae also missed to decrement
+the `io->in_callback` in the early returns.
+
+Related to #429
+
+CVE: CVE-2025-32908
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/453/diffs?commit_id=527428a033df573ef4558ce1106e080fd9ec5c71]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ .../server/http2/soup-server-message-io-http2.c   | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/libsoup/server/http2/soup-server-message-io-http2.c b/libsoup/server/http2/soup-server-message-io-http2.c
+index f1fe2d5..913afb4 100644
+--- a/libsoup/server/http2/soup-server-message-io-http2.c
++++ b/libsoup/server/http2/soup-server-message-io-http2.c
+@@ -771,13 +771,18 @@ on_frame_recv_callback (nghttp2_session     *session,
+                 char *uri_string;
+                 GUri *uri;
+ 
+-               if (msg_io->scheme == NULL || msg_io->authority == NULL || msg_io->path == NULL)
+-                       return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+-                uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path);
++                if (msg_io->authority == NULL) {
++                        io->in_callback--;
++                        return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
++                }
++                /* RFC 5740: the CONNECT has unset the "scheme" and "path", but the GUri requires the scheme, thus let it be "(null)" */
++                uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path == NULL ? "" : msg_io->path);
+                 uri = g_uri_parse (uri_string, SOUP_HTTP_URI_FLAGS, NULL);
+                 g_free (uri_string);
+-               if (uri == NULL)
+-                       return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
++                if (uri == NULL) {
++                        io->in_callback--;
++                        return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
++                }
+                 soup_server_message_set_uri (msg_io->msg, uri);
+                 g_uri_unref (uri);
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32909.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32909.patch
new file mode 100644
index 0000000000..8982da58f1
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32909.patch
@@ -0,0 +1,36 @@
+From ba4c3a6f988beff59e45801ab36067293d24ce92 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 8 Jan 2025 16:30:17 -0600
+Subject: [PATCH] content-sniffer: Handle sniffing resource shorter than 4
+ bytes
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92]
+CVE: CVE-2025-32909
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index 5a181ff1..aeee2e25 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -243,9 +243,14 @@ sniff_mp4 (SoupContentSniffer *sniffer, GBytes *buffer)
+        gsize resource_length;
+        const char *resource = g_bytes_get_data (buffer, &resource_length);
+        resource_length = MIN (512, resource_length);
+-       guint32 box_size = *((guint32*)resource);
++       guint32 box_size;
+        guint i;
+ 
++        if (resource_length < sizeof (guint32))
++                return FALSE;
++
++       box_size = *((guint32*)resource);
++
+ #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+        box_size = ((box_size >> 24) |
+                    ((box_size << 8) & 0x00FF0000) |
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-1.patch
new file mode 100644
index 0000000000..27011f587f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-1.patch
@@ -0,0 +1,98 @@
+From e40df6d48a1cbab56f5d15016cc861a503423cfe Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sun, 8 Dec 2024 20:00:35 -0600
+Subject: [PATCH] auth-digest: Handle missing realm in authenticate header
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe]
+CVE: CVE-2025-32910
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/auth/soup-auth-digest.c |  3 ++
+ tests/auth-test.c               | 50 +++++++++++++++++++++++++++++++++
+ 2 files changed, 53 insertions(+)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 2e81849af..4f12e87a5 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -148,6 +148,9 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+        guint qop_options;
+        gboolean ok = TRUE;
+ 
++        if (!soup_auth_get_realm (auth))
++                return FALSE;
++
+        g_free (priv->domain);
+        g_free (priv->nonce);
+        g_free (priv->opaque);
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index 158fdac10..3066e904a 100644
+--- a/tests/auth-test.c
++++ b/tests/auth-test.c
+@@ -1866,6 +1866,55 @@ do_multiple_digest_algorithms (void)
+        soup_test_server_quit_unref (server);
+ }
+ 
++static void
++on_request_read_for_missing_realm (SoupServer        *server,
++                                   SoupServerMessage *msg,
++                                   gpointer           user_data)
++{
++        SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
++        soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
++}
++
++static void
++do_missing_realm_test (void)
++{
++        SoupSession *session;
++        SoupMessage *msg;
++        SoupServer *server;
++        SoupAuthDomain *digest_auth_domain;
++        gint status;
++        GUri *uri;
++
++        server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
++       soup_server_add_handler (server, NULL,
++                                server_callback, NULL, NULL);
++       uri = soup_test_server_get_uri (server, "http", NULL);
++
++       digest_auth_domain = soup_auth_domain_digest_new (
++               "realm", "auth-test",
++               "auth-callback", server_digest_auth_callback,
++               NULL);
++        soup_auth_domain_add_path (digest_auth_domain, "/");
++       soup_server_add_auth_domain (server, digest_auth_domain);
++        g_object_unref (digest_auth_domain);
++
++        g_signal_connect (server, "request-read",
++                          G_CALLBACK (on_request_read_for_missing_realm),
++                          NULL);
++
++        session = soup_test_session_new (NULL);
++        msg = soup_message_new_from_uri ("GET", uri);
++        g_signal_connect (msg, "authenticate",
++                          G_CALLBACK (on_digest_authenticate),
++                          NULL);
++
++        status = soup_test_session_send_message (session, msg);
++
++        g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED);
++       g_uri_unref (uri);
++       soup_test_server_quit_unref (server);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -1899,6 +1948,7 @@ main (int argc, char **argv)
+        g_test_add_func ("/auth/auth-uri", do_auth_uri_test);
+         g_test_add_func ("/auth/cancel-request-on-authenticate", do_cancel_request_on_authenticate);
+         g_test_add_func ("/auth/multiple-algorithms", do_multiple_digest_algorithms);
++        g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
+ 
+        ret = g_test_run ();
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-2.patch
new file mode 100644
index 0000000000..b62e09cbdb
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-2.patch
@@ -0,0 +1,149 @@
+From 405a8a34597a44bd58c4759e7d5e23f02c3b556a Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Thu, 26 Dec 2024 18:18:35 -0600
+Subject: [PATCH] auth-digest: Handle missing nonce
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a]
+CVE: CVE-2025-32910
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/auth/soup-auth-digest.c | 45 +++++++++++++++++++++++++--------
+ tests/auth-test.c               | 19 ++++++++------
+ 2 files changed, 46 insertions(+), 18 deletions(-)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 4f12e87a..350bfde6 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -138,6 +138,19 @@ soup_auth_digest_get_qop (SoupAuthDigestQop qop)
+        return g_string_free (out, FALSE);
+ }
+ 
++static gboolean
++validate_params (SoupAuthDigest *auth_digest)
++{
++        SoupAuthDigestPrivate *priv = soup_auth_digest_get_instance_private (auth_digest);
++
++        if (priv->qop || priv->algorithm == SOUP_AUTH_DIGEST_ALGORITHM_MD5_SESS) {
++                if (!priv->nonce)
++                        return FALSE;
++        }
++
++        return TRUE;
++}
++
+ static gboolean
+ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+                         GHashTable *auth_params)
+@@ -175,16 +188,21 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+        if (priv->algorithm == -1)
+                ok = FALSE;
+ 
+-       stale = g_hash_table_lookup (auth_params, "stale");
+-       if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
+-               recompute_hex_a1 (priv);
+-       else {
+-               g_free (priv->user);
+-               priv->user = NULL;
+-               g_free (priv->cnonce);
+-               priv->cnonce = NULL;
+-               memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+-               memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
++        if (!validate_params (auth_digest))
++                ok = FALSE;
++
++        if (ok) {
++                stale = g_hash_table_lookup (auth_params, "stale");
++                if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
++                        recompute_hex_a1 (priv);
++                else {
++                        g_free (priv->user);
++                        priv->user = NULL;
++                        g_free (priv->cnonce);
++                        priv->cnonce = NULL;
++                        memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
++                        memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
++                }
+         }
+ 
+        return ok;
+@@ -276,6 +294,8 @@ soup_auth_digest_compute_hex_a1 (const char              *hex_urp,
+ 
+                /* In MD5-sess, A1 is hex_urp:nonce:cnonce */
+ 
++                g_assert (nonce && cnonce);
++
+                checksum = g_checksum_new (G_CHECKSUM_MD5);
+                g_checksum_update (checksum, (guchar *)hex_urp, strlen (hex_urp));
+                g_checksum_update (checksum, (guchar *)":", 1);
+@@ -366,6 +386,8 @@ soup_auth_digest_compute_response (const char        *method,
+        if (qop) {
+                char tmp[9];
+ 
++                g_assert (cnonce);
++
+                g_snprintf (tmp, 9, "%.8x", nc);
+                g_checksum_update (checksum, (guchar *)tmp, strlen (tmp));
+                g_checksum_update (checksum, (guchar *)":", 1);
+@@ -429,6 +451,9 @@ soup_auth_digest_get_authorization (SoupAuth *auth, SoupMessage *msg)
+        g_return_val_if_fail (uri != NULL, NULL);
+        url = soup_uri_get_path_and_query (uri);
+ 
++        g_assert (priv->nonce);
++        g_assert (!priv->qop || priv->cnonce);
++
+        soup_auth_digest_compute_response (soup_message_get_method (msg), url, priv->hex_a1,
+                                           priv->qop, priv->nonce,
+                                           priv->cnonce, priv->nc,
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index 3066e904..c651c7cd 100644
+--- a/tests/auth-test.c
++++ b/tests/auth-test.c
+@@ -1867,16 +1867,17 @@ do_multiple_digest_algorithms (void)
+ }
+ 
+ static void
+-on_request_read_for_missing_realm (SoupServer        *server,
+-                                   SoupServerMessage *msg,
+-                                   gpointer           user_data)
++on_request_read_for_missing_params (SoupServer        *server,
++                                      SoupServerMessage *msg,
++                                      gpointer           user_data)
+ {
++        const char *auth_header = user_data;
+         SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
+-        soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
++        soup_message_headers_replace (response_headers, "WWW-Authenticate", auth_header);
+ }
+ 
+ static void
+-do_missing_realm_test (void)
++do_missing_params_test (gconstpointer auth_header)
+ {
+         SoupSession *session;
+         SoupMessage *msg;
+@@ -1899,8 +1900,8 @@ do_missing_realm_test (void)
+         g_object_unref (digest_auth_domain);
+ 
+         g_signal_connect (server, "request-read",
+-                          G_CALLBACK (on_request_read_for_missing_realm),
+-                          NULL);
++                          G_CALLBACK (on_request_read_for_missing_params),
++                          (gpointer)auth_header);
+ 
+         session = soup_test_session_new (NULL);
+         msg = soup_message_new_from_uri ("GET", uri);
+@@ -1948,7 +1949,9 @@ main (int argc, char **argv)
+        g_test_add_func ("/auth/auth-uri", do_auth_uri_test);
+         g_test_add_func ("/auth/cancel-request-on-authenticate", do_cancel_request_on_authenticate);
+         g_test_add_func ("/auth/multiple-algorithms", do_multiple_digest_algorithms);
+-        g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
++        g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
++        g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
++        g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
+ 
+        ret = g_test_run ();
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-3.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-3.patch
new file mode 100644
index 0000000000..32e0c86e62
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-3.patch
@@ -0,0 +1,27 @@
+From ea16eeacb052e423eb5c3b0b705e5eab34b13832 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 27 Dec 2024 13:52:52 -0600
+Subject: [PATCH] auth-digest: Fix leak
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832]
+CVE: CVE-2025-32910
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/auth/soup-auth-digest.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 350bfde6..9eb7fa0e 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -72,6 +72,7 @@ soup_auth_digest_finalize (GObject *object)
+        g_free (priv->nonce);
+        g_free (priv->domain);
+        g_free (priv->cnonce);
++        g_free (priv->opaque);
+ 
+        memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+        memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32911_CVE-2025-32913-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32911_CVE-2025-32913-1.patch
new file mode 100644
index 0000000000..4e1d8212f5
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32911_CVE-2025-32913-1.patch
@@ -0,0 +1,72 @@
+From 7b4ef0e004ece3a308ccfaa714c284f4c96ade34 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 27 Dec 2024 17:53:50 -0600
+Subject: [PATCH] soup_message_headers_get_content_disposition: Fix NULL deref
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/7b4ef0e004ece3a308ccfaa714c284f4c96ade34]
+CVE: CVE-2025-32911 CVE-2025-32913 #Dependency Patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-message-headers.c | 13 +++++++++----
+ tests/header-parsing-test.c    | 14 ++++++++++++++
+ 2 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 56cc1e9d..04f4c302 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1660,10 +1660,15 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders  *hdrs,
+         */
+        if (params && g_hash_table_lookup_extended (*params, "filename",
+                                                    &orig_key, &orig_value)) {
+-               char *filename = strrchr (orig_value, '/');
+-
+-               if (filename)
+-                       g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                if (orig_value) {
++                        char *filename = strrchr (orig_value, '/');
++
++                        if (filename)
++                                g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                } else {
++                        /* filename with no value isn't valid. */
++                        g_hash_table_remove (*params, "filename");
++                }
+        }
+        return TRUE;
+ }
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 5e423d2b..d0b360c8 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -1039,6 +1039,7 @@ do_param_list_tests (void)
+ #define RFC5987_TEST_HEADER_FALLBACK "attachment; filename*=Unknown''t%FF%FF%FFst.txt; filename=\"test.txt\""
+ #define RFC5987_TEST_HEADER_NO_TYPE  "filename=\"test.txt\""
+ #define RFC5987_TEST_HEADER_NO_TYPE_2  "filename=\"test.txt\"; foo=bar"
++#define RFC5987_TEST_HEADER_EMPTY_FILENAME ";filename"
+ 
+ static void
+ do_content_disposition_tests (void)
+@@ -1139,6 +1140,19 @@ do_content_disposition_tests (void)
+         g_assert_cmpstr (parameter2, ==, "bar");
+        g_hash_table_destroy (params);
+ 
++        /* Empty filename */
++        soup_message_headers_clear (hdrs);
++        soup_message_headers_append (hdrs, "Content-Disposition",
++                                    RFC5987_TEST_HEADER_EMPTY_FILENAME);
++       if (!soup_message_headers_get_content_disposition (hdrs,
++                                                          &disposition,
++                                                          &params)) {
++               soup_test_assert (FALSE, "empty filename decoding FAILED");
++               return;
++       }
++        g_assert_false (g_hash_table_contains (params, "filename"));
++       g_hash_table_destroy (params);
++
+        soup_message_headers_unref (hdrs);
+ 
+        /* Ensure that soup-multipart always quotes filename */
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32911_CVE-2025-32913-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32911_CVE-2025-32913-2.patch
new file mode 100644
index 0000000000..5d9f33c736
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32911_CVE-2025-32913-2.patch
@@ -0,0 +1,44 @@
+From f4a761fb66512fff59798765e8ac5b9e57dceef0 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 27 Dec 2024 18:00:39 -0600
+Subject: [PATCH] soup_message_headers_get_content_disposition: strdup
+ truncated filenames
+
+This table frees the strings it contains.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0]
+CVE: CVE-2025-32911 CVE-2025-32913
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-message-headers.c | 2 +-
+ tests/header-parsing-test.c    | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 04f4c302..ee7a3cb1 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1664,7 +1664,7 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders  *hdrs,
+                         char *filename = strrchr (orig_value, '/');
+ 
+                         if (filename)
+-                                g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                                g_hash_table_insert (*params, g_strdup (orig_key), g_strdup (filename + 1));
+                 } else {
+                         /* filename with no value isn't valid. */
+                         g_hash_table_remove (*params, "filename");
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index d0b360c8..07ea2866 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -1150,6 +1150,7 @@ do_content_disposition_tests (void)
+                soup_test_assert (FALSE, "empty filename decoding FAILED");
+                return;
+        }
++        g_free (disposition);
+         g_assert_false (g_hash_table_contains (params, "filename"));
+        g_hash_table_destroy (params);
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32912-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32912-1.patch
new file mode 100644
index 0000000000..c35c599502
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32912-1.patch
@@ -0,0 +1,41 @@
+From cd077513f267e43ce4b659eb18a1734d8a369992 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 5 Feb 2025 14:03:05 -0600
+Subject: [PATCH] auth-digest: Handle missing nonce
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992]
+CVE: CVE-2025-32912
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/auth/soup-auth-digest.c | 2 +-
+ tests/auth-test.c               | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 9eb7fa0e..d69a4013 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -162,7 +162,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+        guint qop_options;
+        gboolean ok = TRUE;
+ 
+-        if (!soup_auth_get_realm (auth))
++        if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce"))
+                 return FALSE;
+ 
+        g_free (priv->domain);
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index c651c7cd..484097f1 100644
+--- a/tests/auth-test.c
++++ b/tests/auth-test.c
+@@ -1952,6 +1952,7 @@ main (int argc, char **argv)
+         g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
+         g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
+         g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
++        g_test_add_data_func ("/auth/missing-params/nonce-and-qop", "Digest realm=\"auth-test\"", do_missing_params_test);
+ 
+        ret = g_test_run ();
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32912-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32912-2.patch
new file mode 100644
index 0000000000..ad6f3a8028
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32912-2.patch
@@ -0,0 +1,30 @@
+From 910ebdcd3dd82386717a201c13c834f3a63eed7f Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sat, 8 Feb 2025 12:30:13 -0600
+Subject: [PATCH] digest-auth: Handle NULL nonce
+
+`contains` only handles a missing nonce, `lookup` handles both missing and empty.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f]
+CVE: CVE-2025-32912
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/auth/soup-auth-digest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index d69a4013..dc4dbfc5 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -162,7 +162,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+        guint qop_options;
+        gboolean ok = TRUE;
+ 
+-        if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce"))
++        if (!soup_auth_get_realm (auth) || !g_hash_table_lookup (auth_params, "nonce"))
+                 return FALSE;
+ 
+        g_free (priv->domain);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32914.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32914.patch
new file mode 100644
index 0000000000..0ada9f3134
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32914.patch
@@ -0,0 +1,111 @@
+From 5bfcf8157597f2d327050114fb37ff600004dbcf Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 09:03:00 +0200
+Subject: [PATCH] multipart: Fix read out of buffer bounds under
+ soup_multipart_new_from_message()
+
+This is CVE-2025-32914, special crafted input can cause read out of buffer bounds
+of the body argument.
+
+Closes #436
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf]
+CVE: CVE-2025-32914
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-multipart.c |  2 +-
+ tests/multipart-test.c   | 58 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 59 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index 2421c91f8..102ce3722 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -173,7 +173,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
+                        return NULL;
+                }
+ 
+-               split = strstr (start, "\r\n\r\n");
++               split = g_strstr_len (start, body_end - start, "\r\n\r\n");
+                if (!split || split > end) {
+                        soup_multipart_free (multipart);
+                        return NULL;
+diff --git a/tests/multipart-test.c b/tests/multipart-test.c
+index 2c0e7e969..f5b986889 100644
+--- a/tests/multipart-test.c
++++ b/tests/multipart-test.c
+@@ -471,6 +471,62 @@ test_multipart (gconstpointer data)
+        loop = NULL;
+ }
+ 
++static void
++test_multipart_bounds_good (void)
++{
++       #define TEXT "line1\r\nline2"
++       SoupMultipart *multipart;
++       SoupMessageHeaders *headers, *set_headers = NULL;
++       GBytes *bytes, *set_bytes = NULL;
++       const char *raw_data = "--123\r\nContent-Type: text/plain;\r\n\r\n" TEXT "\r\n--123--\r\n";
++       gboolean success;
++
++       headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++       soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++       bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++       multipart = soup_multipart_new_from_message (headers, bytes);
++
++       g_assert_nonnull (multipart);
++       g_assert_cmpint (soup_multipart_get_length (multipart), ==, 1);
++       success = soup_multipart_get_part (multipart, 0, &set_headers, &set_bytes);
++       g_assert_true (success);
++       g_assert_nonnull (set_headers);
++       g_assert_nonnull (set_bytes);
++       g_assert_cmpint (strlen (TEXT), ==, g_bytes_get_size (set_bytes));
++       g_assert_cmpstr ("text/plain", ==, soup_message_headers_get_content_type (set_headers, NULL));
++       g_assert_cmpmem (TEXT, strlen (TEXT), g_bytes_get_data (set_bytes, NULL), g_bytes_get_size (set_bytes));
++
++       soup_message_headers_unref (headers);
++       g_bytes_unref (bytes);
++
++       soup_multipart_free (multipart);
++
++       #undef TEXT
++}
++
++static void
++test_multipart_bounds_bad (void)
++{
++       SoupMultipart *multipart;
++       SoupMessageHeaders *headers;
++       GBytes *bytes;
++       const char *raw_data = "--123\r\nContent-Type: text/plain;\r\nline1\r\nline2\r\n--123--\r\n";
++
++       headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++       soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++       bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++       /* it did read out of raw_data/bytes bounds */
++       multipart = soup_multipart_new_from_message (headers, bytes);
++       g_assert_null (multipart);
++
++       soup_message_headers_unref (headers);
++       g_bytes_unref (bytes);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -498,6 +554,8 @@ main (int argc, char **argv)
+        g_test_add_data_func ("/multipart/sync", GINT_TO_POINTER (SYNC_MULTIPART), test_multipart);
+        g_test_add_data_func ("/multipart/async", GINT_TO_POINTER (ASYNC_MULTIPART), test_multipart);
+        g_test_add_data_func ("/multipart/async-small-reads", GINT_TO_POINTER (ASYNC_MULTIPART_SMALL_READS), test_multipart);
++       g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
++       g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
+ 
+        ret = g_test_run ();
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4476.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4476.patch
new file mode 100644
index 0000000000..cd5619d620
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4476.patch
@@ -0,0 +1,38 @@
+From e64c221f9c7d09b48b610c5626b3b8c400f0907c Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Thu, 8 May 2025 09:27:01 -0500
+Subject: [PATCH] auth-digest: fix crash in
+ soup_auth_digest_get_protection_space()
+
+We need to validate the Domain parameter in the WWW-Authenticate header.
+
+Unfortunately this crash only occurs when listening on default ports 80
+and 443, so there's no good way to test for this. The test would require
+running as root.
+
+Fixes #440
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c]
+CVE: CVE-2025-4476
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+
+ libsoup/auth/soup-auth-digest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index d8bb2910..292f2045 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -220,7 +220,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, GUri *source_uri)
+                        if (uri &&
+                             g_strcmp0 (g_uri_get_scheme (uri), g_uri_get_scheme (source_uri)) == 0 &&
+                            g_uri_get_port (uri) == g_uri_get_port (source_uri) &&
+-                           !strcmp (g_uri_get_host (uri), g_uri_get_host (source_uri)))
++                           !g_strcmp0 (g_uri_get_host (uri), g_uri_get_host (source_uri)))
+                                dir = g_strdup (g_uri_get_path (uri));
+                        else
+                                dir = NULL;
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-46420.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-46420.patch
new file mode 100644
index 0000000000..37ab16dc05
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-46420.patch
@@ -0,0 +1,60 @@
+From c9083869ec2a3037e6df4bd86b45c419ba295f8e Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Thu, 26 Dec 2024 18:31:42 -0600
+Subject: [PATCH] soup_header_parse_quality_list: Fix leak
+
+When iterating over the parsed list we now steal the allocated strings that we want and then free_full the list which may contain remaining strings.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e]
+CVE: CVE-2025-46420
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ libsoup/soup-headers.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a5f7a7f6..85385cea 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -530,7 +530,7 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+        GSList *unsorted;
+        QualityItem *array;
+        GSList *sorted, *iter;
+-       char *item, *semi;
++       char *semi;
+        const char *param, *equal, *value;
+        double qval;
+        int n;
+@@ -543,9 +543,8 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+        unsorted = soup_header_parse_list (header);
+        array = g_new0 (QualityItem, g_slist_length (unsorted));
+        for (iter = unsorted, n = 0; iter; iter = iter->next) {
+-               item = iter->data;
+                qval = 1.0;
+-               for (semi = strchr (item, ';'); semi; semi = strchr (semi + 1, ';')) {
++               for (semi = strchr (iter->data, ';'); semi; semi = strchr (semi + 1, ';')) {
+                        param = skip_lws (semi + 1);
+                        if (*param != 'q')
+                                continue;
+@@ -577,15 +576,15 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+                if (qval == 0.0) {
+                        if (unacceptable) {
+                                *unacceptable = g_slist_prepend (*unacceptable,
+-                                                                item);
++                                                                g_steal_pointer (&iter->data));
+                        }
+                } else {
+-                       array[n].item = item;
++                       array[n].item = g_steal_pointer (&iter->data);
+                        array[n].qval = qval;
+                        n++;
+                }
+        }
+-       g_slist_free (unsorted);
++       g_slist_free_full (unsorted, g_free);
+ 
+        qsort (array, n, sizeof (QualityItem), sort_by_qval);
+        sorted = NULL;
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-46421.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-46421.patch
new file mode 100644
index 0000000000..72683d8fce
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-46421.patch
@@ -0,0 +1,139 @@
+From 85c5227eef7370832044eb918e8a99c0bcbab86f Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 5 Feb 2025 16:18:10 -0600
+Subject: [PATCH] session: Strip authentication credentails on cross-origin
+ redirect
+
+This should match the behavior of Firefox and Safari but not of Chromium.
+
+CVE: CVE-2025-46421
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/436/diffs?commit_id=3e5c26415811f19e7737238bb23305ffaf96f66b]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-session.c |  6 ++++
+ tests/auth-test.c      | 77 ++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 83 insertions(+)
+
+diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
+index 631bec0..9f00b05 100644
+--- a/libsoup/soup-session.c
++++ b/libsoup/soup-session.c
+@@ -1230,6 +1230,12 @@ soup_session_redirect_message (SoupSession *session,
+                                                   SOUP_ENCODING_NONE);
+        }
+ 
++        /* Strip all credentials on cross-origin redirect. */
++        if (!soup_uri_host_equal (soup_message_get_uri (msg), new_uri)) {
++                soup_message_headers_remove_common (soup_message_get_request_headers (msg), SOUP_HEADER_AUTHORIZATION);
++                soup_message_set_auth (msg, NULL);
++        }
++
+         soup_message_set_request_host_from_uri (msg, new_uri);
+        soup_message_set_uri (msg, new_uri);
+        g_uri_unref (new_uri);
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index 484097f..7c3b551 100644
+--- a/tests/auth-test.c
++++ b/tests/auth-test.c
+@@ -1,6 +1,7 @@
+ /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+ 
+ #include "test-utils.h"
++#include "soup-uri-utils-private.h"
+ 
+ static const char *base_uri;
+ static GMainLoop *loop;
+@@ -1916,6 +1917,81 @@ do_missing_params_test (gconstpointer auth_header)
+        soup_test_server_quit_unref (server);
+ }
+ 
++static void
++redirect_server_callback (SoupServer        *server,
++                          SoupServerMessage *msg,
++                          const char        *path,
++                          GHashTable        *query,
++                          gpointer           user_data)
++{
++    static gboolean redirected = FALSE;
++
++    if (!redirected) {
++        char *redirect_uri = g_uri_to_string (user_data);
++        soup_server_message_set_redirect (msg, SOUP_STATUS_MOVED_PERMANENTLY, redirect_uri);
++        g_free (redirect_uri);
++        redirected = TRUE;
++        return;
++    }
++
++    g_assert_not_reached ();
++}
++
++static gboolean
++auth_for_redirect_callback (SoupMessage *msg, SoupAuth *auth, gboolean retrying, gpointer user_data)
++{
++    GUri *known_server_uri = user_data;
++
++    if (!soup_uri_host_equal (known_server_uri, soup_message_get_uri (msg)))
++        return FALSE;
++
++    soup_auth_authenticate (auth, "user", "good-basic");
++
++    return TRUE;
++}
++
++static void
++do_strip_on_crossorigin_redirect (void)
++{
++    SoupSession *session;
++    SoupMessage *msg;
++    SoupServer *server1, *server2;
++    SoupAuthDomain *auth_domain;
++    GUri *uri;
++    gint status;
++
++    server1 = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
++    server2 = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
++
++    /* Both servers have the same credentials. */
++    auth_domain = soup_auth_domain_basic_new ("realm", "auth-test", "auth-callback", server_basic_auth_callback, NULL);
++    soup_auth_domain_add_path (auth_domain, "/");
++    soup_server_add_auth_domain (server1, auth_domain);
++    soup_server_add_auth_domain (server2, auth_domain);
++    g_object_unref (auth_domain);
++
++    /* Server 1 asks for auth, then redirects to Server 2. */
++    soup_server_add_handler (server1, NULL,
++                    redirect_server_callback,
++                   soup_test_server_get_uri (server2, "http", NULL), (GDestroyNotify)g_uri_unref);
++    /* Server 2 requires auth. */
++    soup_server_add_handler (server2, NULL, server_callback, NULL, NULL);
++
++    session = soup_test_session_new (NULL);
++    uri = soup_test_server_get_uri (server1, "http", NULL);
++    msg = soup_message_new_from_uri ("GET", uri);
++    /* The client only sends credentials for the host it knows. */
++    g_signal_connect (msg, "authenticate", G_CALLBACK (auth_for_redirect_callback), uri);
++
++    status = soup_test_session_send_message (session, msg);
++
++    g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED);
++
++    g_uri_unref (uri);
++    soup_test_server_quit_unref (server1);
++    soup_test_server_quit_unref (server2);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -1949,6 +2025,7 @@ main (int argc, char **argv)
+        g_test_add_func ("/auth/auth-uri", do_auth_uri_test);
+         g_test_add_func ("/auth/cancel-request-on-authenticate", do_cancel_request_on_authenticate);
+         g_test_add_func ("/auth/multiple-algorithms", do_multiple_digest_algorithms);
++        g_test_add_func ("/auth/strip-on-crossorigin-redirect", do_strip_on_crossorigin_redirect);
+         g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
+         g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
+         g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4948.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4948.patch
new file mode 100644
index 0000000000..07c85f5381
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4948.patch
@@ -0,0 +1,97 @@
+From a23ce8f8e60e79990e26376c8b0d40841aed4b81 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Thu, 15 May 2025 17:49:11 +0200
+Subject: [PATCH] soup-multipart: Verify boundary limits for multipart body
+
+It could happen that the boundary started at a place which resulted into
+a negative number, which in an unsigned integer is a very large value.
+Check the body size is not a negative value before setting it.
+
+Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463>
+
+CVE: CVE-2025-4948
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463/diffs?commit_id=f2f28afe0b3b2b3009ab67d6874457ec6bac70c0]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-multipart.c |  2 +-
+ tests/multipart-test.c   | 40 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 41 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index e1c442e..27257e4 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -204,7 +204,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
+                 */
+                part_body = g_bytes_new_from_bytes (body, // FIXME
+                                                    split - body_data,
+-                                                   end - 2 - split);
++                                                   end - 2 >= split ? end - 2 - split : 0);
+                g_ptr_array_add (multipart->bodies, part_body);
+ 
+                start = end;
+diff --git a/tests/multipart-test.c b/tests/multipart-test.c
+index 84852e2..2ae888c 100644
+--- a/tests/multipart-test.c
++++ b/tests/multipart-test.c
+@@ -548,6 +548,45 @@ test_multipart_bounds_bad_2 (void)
+        g_bytes_unref (bytes);
+ }
+ 
++static void
++test_multipart_too_large (void)
++{
++       const char *raw_body =
++               "-------------------\r\n"
++               "-\n"
++               "Cont\"\r\n"
++               "Content-Tynt----e:n\x8erQK\r\n"
++               "Content-Disposition:   name=  form-; name=\"file\"; filename=\"ype:i/  -d; ----\xae\r\n"
++               "Content-Typimag\x01/png--\\\n"
++               "\r\n"
++               "---:\n\r\n"
++               "\r\n"
++               "-------------------------------------\r\n"
++               "---------\r\n"
++               "----------------------";
++       GBytes *body;
++       GHashTable *params;
++       SoupMessageHeaders *headers;
++       SoupMultipart *multipart;
++
++       params = g_hash_table_new (g_str_hash, g_str_equal);
++       g_hash_table_insert (params, (gpointer) "boundary", (gpointer) "-----------------");
++       headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++       soup_message_headers_set_content_type (headers, "multipart/form-data", params);
++       g_hash_table_unref (params);
++
++       body = g_bytes_new_static (raw_body, strlen (raw_body));
++       multipart = soup_multipart_new_from_message (headers, body);
++       soup_message_headers_unref (headers);
++       g_bytes_unref (body);
++
++       g_assert_nonnull (multipart);
++       g_assert_cmpint (soup_multipart_get_length (multipart), ==, 1);
++       g_assert_true (soup_multipart_get_part (multipart, 0, &headers, &body));
++       g_assert_cmpint (g_bytes_get_size (body), ==, 0);
++       soup_multipart_free (multipart);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -578,6 +617,7 @@ main (int argc, char **argv)
+        g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
+        g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
+        g_test_add_func ("/multipart/bounds-bad-2", test_multipart_bounds_bad_2);
++       g_test_add_func ("/multipart/too-large", test_multipart_too_large);
+ 
+        ret = g_test_run ();
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4969.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4969.patch
new file mode 100644
index 0000000000..70c5fd5593
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4969.patch
@@ -0,0 +1,76 @@
+From 07b94e27afafebf31ef3cd868866a1e383750086 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Mon, 19 May 2025 17:48:27 +0200
+Subject: [PATCH] soup-multipart: Verify array bounds before accessing its
+ members
+
+The boundary could be at a place which, calculated, pointed
+before the beginning of the array. Check the bounds, to avoid
+read out of the array bounds.
+
+Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/447
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/07b94e27afafebf31ef3cd868866a1e383750086]
+CVE: CVE-2025-4969
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libsoup/soup-multipart.c |  2 +-
+ tests/multipart-test.c   | 22 ++++++++++++++++++++++
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index 102ce37..e1c442e 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -104,7 +104,7 @@ find_boundary (const char *start, const char *end,
+                        continue;
+ 
+                /* Check that it's at start of line */
+-               if (!(b == start || (b[-1] == '\n' && b[-2] == '\r')))
++               if (!(b == start || (b - start >= 2 && b[-1] == '\n' && b[-2] == '\r')))
+                        continue;
+ 
+                /* Check for "--" or "\r\n" after boundary */
+diff --git a/tests/multipart-test.c b/tests/multipart-test.c
+index ab5f41c..84852e2 100644
+--- a/tests/multipart-test.c
++++ b/tests/multipart-test.c
+@@ -527,6 +527,27 @@ test_multipart_bounds_bad (void)
+        g_bytes_unref (bytes);
+ }
+ 
++static void
++test_multipart_bounds_bad_2 (void)
++{
++       SoupMultipart *multipart;
++       SoupMessageHeaders *headers;
++       GBytes *bytes;
++       const char *raw_data = "\n--123\r\nline\r\n--123--\r";
++
++       headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++       soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++       bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++       multipart = soup_multipart_new_from_message (headers, bytes);
++       g_assert_nonnull (multipart);
++
++       soup_multipart_free (multipart);
++       soup_message_headers_unref (headers);
++       g_bytes_unref (bytes);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -556,6 +577,7 @@ main (int argc, char **argv)
+        g_test_add_data_func ("/multipart/async-small-reads", GINT_TO_POINTER (ASYNC_MULTIPART_SMALL_READS), test_multipart);
+        g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
+        g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
++       g_test_add_func ("/multipart/bounds-bad-2", test_multipart_bounds_bad_2);
+ 
+        ret = g_test_run ();
+ 
+-- 
+2.49.0
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
index 6f7cac4cf8..37319f007f 100644
--- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
@@ -11,7 +11,40 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
 
 SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 
-SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz"
+SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
+           file://CVE-2024-52532-0001.patch \
+           file://CVE-2024-52532-0002.patch \
+           file://CVE-2024-52530.patch \
+           file://CVE-2024-52531-1.patch \
+           file://CVE-2024-52531-2.patch \
+           file://CVE-2024-52531-3.patch \
+           file://CVE-2025-32910-1.patch \
+           file://CVE-2025-32910-2.patch \
+           file://CVE-2025-32910-3.patch \
+           file://CVE-2025-32909.patch \
+           file://CVE-2025-32911_CVE-2025-32913-1.patch \
+           file://CVE-2025-32911_CVE-2025-32913-2.patch \
+           file://CVE-2025-32912-1.patch \
+           file://CVE-2025-32912-2.patch \
+           file://CVE-2025-32906-1.patch \
+           file://CVE-2025-32906-2.patch \
+           file://CVE-2025-46420.patch \
+           file://CVE-2025-32914.patch \
+           file://CVE-2025-4476.patch \
+           file://CVE-2025-4969.patch \
+           file://CVE-2025-32908-1.patch \
+           file://CVE-2025-32908-2.patch \
+           file://CVE-2025-32907-1.patch \
+           file://CVE-2025-32907-2.patch \
+           file://CVE-2025-32053.patch \
+           file://CVE-2025-32052.patch \
+           file://CVE-2025-32051-1.patch \
+           file://CVE-2025-32051-2.patch \
+           file://CVE-2025-32050.patch \
+           file://CVE-2025-46421.patch \
+           file://CVE-2025-4948.patch \
+           file://CVE-2025-2784.patch \
+"
 SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"
 
 PROVIDES = "libsoup-3.0"
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.39.bb b/meta/recipes-support/libxslt/libxslt_1.1.43.bb
index 2cc0c84bec..d251fa8122 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.39.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.43.bb
@@ -15,7 +15,7 @@ DEPENDS = "libxml2"
 
 SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "2a20ad621148339b0759c4d4e96719362dee64c9a096dbba625ba053846349f0"
+SRC_URI[sha256sum] = "5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a"
 
 UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar"
 
@@ -37,7 +37,7 @@ do_configure:prepend () {
         touch ${S}/doc/xsltproc.1
 }
 
-EXTRA_OECONF = "--without-python --without-debug --without-mem-debug --without-crypto"
+EXTRA_OECONF = "--without-python --without-debug --without-crypto"
 # older versions of this recipe had ${PN}-utils
 RPROVIDES:${PN}-bin += "${PN}-utils"
 RCONFLICTS:${PN}-bin += "${PN}-utils"
diff --git a/meta/recipes-support/ptest-runner/ptest-runner_2.4.4.bb b/meta/recipes-support/ptest-runner/ptest-runner_2.4.5.bb
index 2263e07280..d28ae7ca91 100644
--- a/meta/recipes-support/ptest-runner/ptest-runner_2.4.4.bb
+++ b/meta/recipes-support/ptest-runner/ptest-runner_2.4.5.bb
@@ -7,7 +7,7 @@ HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/ptest-runner2/about/"
 LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe"
 
-SRCREV = "95f528cff0bc52903b98c292d4a322fcffa74471"
+SRCREV = "aea9f42f87f2a78a973ae22cade8e45259f754e1"
 PV .= "+git"
 
 SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master;protocol=https \
diff --git a/meta/recipes-support/shared-mime-info/shared-mime-info_2.4.bb b/meta/recipes-support/shared-mime-info/shared-mime-info_2.4.bb
index ef5df44ad6..b8a377e2b2 100644
--- a/meta/recipes-support/shared-mime-info/shared-mime-info_2.4.bb
+++ b/meta/recipes-support/shared-mime-info/shared-mime-info_2.4.bb
@@ -6,7 +6,7 @@ SECTION = "base"
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
-DEPENDS = "libxml2 itstool-native glib-2.0 shared-mime-info-native xmlto-native"
+DEPENDS = "libxml2 glib-2.0 shared-mime-info-native xmlto-native"
 
 SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https;branch=master \
            file://0001-Fix-build-with-libxml2-2.12.0-and-clang-17.patch \
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2025-29088.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2025-29088.patch
new file mode 100644
index 0000000000..7a5769ed07
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2025-29088.patch
@@ -0,0 +1,179 @@
+From 57d1e61dda969659f59a0b7841c7d0287d724bc6 Mon Sep 17 00:00:00 2001
+From: drh <>
+Date: Mon, 17 Feb 2025 14:16:49 +0000
+Subject: [PATCH] Harden the SQLITE_DBCONFIG_LOOKASIDE interface against
+ misuse, such as described in [forum:/forumpost/48f365daec|forum post
+ 48f365daec].  Enhancements to the SQLITE_DBCONFIG_LOOKASIDE documentation. 
+ Test cases in TH3.
+
+FossilOrigin-Name: 1ec4c308c76c69fba031184254fc3340f07607cfbf8342b13713ab445563d377
+
+CVE: CVE-2025-29088
+Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ sqlite3.c | 42 +++++++++++++++++++++++---------------
+ sqlite3.h | 60 +++++++++++++++++++++++++++++++++++++------------------
+ 2 files changed, 67 insertions(+), 35 deletions(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 24d0d954d9..2574a43f3e 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -179112,17 +179112,22 @@ SQLITE_API int sqlite3_config(int op, ...){
+ ** If lookaside is already active, return SQLITE_BUSY.
+ **
+ ** The sz parameter is the number of bytes in each lookaside slot.
+-** The cnt parameter is the number of slots.  If pStart is NULL the
+-** space for the lookaside memory is obtained from sqlite3_malloc().
+-** If pStart is not NULL then it is sz*cnt bytes of memory to use for
+-** the lookaside memory.
++** The cnt parameter is the number of slots.  If pBuf is NULL the
++** space for the lookaside memory is obtained from sqlite3_malloc()
++** or similar.  If pBuf is not NULL then it is sz*cnt bytes of memory
++** to use for the lookaside memory.
+ */
+-static int setupLookaside(sqlite3 *db, void *pBuf, int sz, int cnt){
++static int setupLookaside(
++  sqlite3 *db,    /* Database connection being configured */
++  void *pBuf,     /* Memory to use for lookaside.  May be NULL */
++  int sz,         /* Desired size of each lookaside memory slot */
++  int cnt         /* Number of slots to allocate */
++){
+ #ifndef SQLITE_OMIT_LOOKASIDE
+-  void *pStart;
+-  sqlite3_int64 szAlloc = sz*(sqlite3_int64)cnt;
+-  int nBig;   /* Number of full-size slots */
+-  int nSm;    /* Number smaller LOOKASIDE_SMALL-byte slots */
++  void *pStart;          /* Start of the lookaside buffer */
++  sqlite3_int64 szAlloc; /* Total space set aside for lookaside memory */
++  int nBig;              /* Number of full-size slots */
++  int nSm;               /* Number smaller LOOKASIDE_SMALL-byte slots */
+ 
+   if( sqlite3LookasideUsed(db,0)>0 ){
+     return SQLITE_BUSY;
+@@ -179135,17 +179140,22 @@ static int setupLookaside(sqlite3 *db, void *pBuf, int sz, int cnt){
+     sqlite3_free(db->lookaside.pStart);
+   }
+   /* The size of a lookaside slot after ROUNDDOWN8 needs to be larger
+-  ** than a pointer to be useful.
++  ** than a pointer and small enough to fit in a u16.
+   */
+-  sz = ROUNDDOWN8(sz);  /* IMP: R-33038-09382 */
++  sz = ROUNDDOWN8(sz);
+   if( sz<=(int)sizeof(LookasideSlot*) ) sz = 0;
+-  if( cnt<0 ) cnt = 0;
+-  if( sz==0 || cnt==0 ){
++  if( sz>65528 ) sz = 65528;
++  /* Count must be at least 1 to be useful, but not so large as to use
++  ** more than 0x7fff0000 total bytes for lookaside. */
++  if( cnt<1 ) cnt = 0;
++  if( sz>0 && cnt>(0x7fff0000/sz) ) cnt = 0x7fff0000/sz;
++  szAlloc = (i64)sz*(i64)cnt;
++  if( szAlloc==0 ){
+     sz = 0;
+     pStart = 0;
+   }else if( pBuf==0 ){
+     sqlite3BeginBenignMalloc();
+-    pStart = sqlite3Malloc( szAlloc );  /* IMP: R-61949-35727 */
++    pStart = sqlite3Malloc( szAlloc );
+     sqlite3EndBenignMalloc();
+     if( pStart ) szAlloc = sqlite3MallocSize(pStart);
+   }else{
+@@ -179154,10 +179164,10 @@ static int setupLookaside(sqlite3 *db, void *pBuf, int sz, int cnt){
+ #ifndef SQLITE_OMIT_TWOSIZE_LOOKASIDE
+   if( sz>=LOOKASIDE_SMALL*3 ){
+     nBig = szAlloc/(3*LOOKASIDE_SMALL+sz);
+-    nSm = (szAlloc - sz*nBig)/LOOKASIDE_SMALL;
++    nSm = (szAlloc - (i64)sz*(i64)nBig)/LOOKASIDE_SMALL;
+   }else if( sz>=LOOKASIDE_SMALL*2 ){
+     nBig = szAlloc/(LOOKASIDE_SMALL+sz);
+-    nSm = (szAlloc - sz*nBig)/LOOKASIDE_SMALL;
++    nSm = (szAlloc - (i64)sz*(i64)nBig)/LOOKASIDE_SMALL;
+   }else
+ #endif /* SQLITE_OMIT_TWOSIZE_LOOKASIDE */
+   if( sz>0 ){
+diff --git a/sqlite3.h b/sqlite3.h
+index 2618b37a7b..056511f577 100644
+--- a/sqlite3.h
++++ b/sqlite3.h
+@@ -1974,13 +1974,16 @@ struct sqlite3_mem_methods {
+ **
+ ** [[SQLITE_CONFIG_LOOKASIDE]] <dt>SQLITE_CONFIG_LOOKASIDE</dt>
+ ** <dd> ^(The SQLITE_CONFIG_LOOKASIDE option takes two arguments that determine
+-** the default size of lookaside memory on each [database connection].
++** the default size of [lookaside memory] on each [database connection].
+ ** The first argument is the
+-** size of each lookaside buffer slot and the second is the number of
+-** slots allocated to each database connection.)^  ^(SQLITE_CONFIG_LOOKASIDE
+-** sets the <i>default</i> lookaside size. The [SQLITE_DBCONFIG_LOOKASIDE]
+-** option to [sqlite3_db_config()] can be used to change the lookaside
+-** configuration on individual connections.)^ </dd>
++** size of each lookaside buffer slot ("sz") and the second is the number of
++** slots allocated to each database connection ("cnt").)^
++** ^(SQLITE_CONFIG_LOOKASIDE sets the <i>default</i> lookaside size.
++** The [SQLITE_DBCONFIG_LOOKASIDE] option to [sqlite3_db_config()] can
++** be used to change the lookaside configuration on individual connections.)^
++** The [-DSQLITE_DEFAULT_LOOKASIDE] option can be used to change the
++** default lookaside configuration at compile-time.
++** </dd>
+ **
+ ** [[SQLITE_CONFIG_PCACHE2]] <dt>SQLITE_CONFIG_PCACHE2</dt>
+ ** <dd> ^(The SQLITE_CONFIG_PCACHE2 option takes a single argument which is
+@@ -2210,24 +2213,43 @@ struct sqlite3_mem_methods {
+ ** <dt>SQLITE_DBCONFIG_LOOKASIDE</dt>
+ ** <dd> ^This option takes three additional arguments that determine the
+ ** [lookaside memory allocator] configuration for the [database connection].
+-** ^The first argument (the third parameter to [sqlite3_db_config()] is a
++** <ol>
++** <li><p>The first argument ("buf") is a
+ ** pointer to a memory buffer to use for lookaside memory.
+-** ^The first argument after the SQLITE_DBCONFIG_LOOKASIDE verb
+-** may be NULL in which case SQLite will allocate the
+-** lookaside buffer itself using [sqlite3_malloc()]. ^The second argument is the
+-** size of each lookaside buffer slot.  ^The third argument is the number of
+-** slots.  The size of the buffer in the first argument must be greater than
+-** or equal to the product of the second and third arguments.  The buffer
+-** must be aligned to an 8-byte boundary.  ^If the second argument to
+-** SQLITE_DBCONFIG_LOOKASIDE is not a multiple of 8, it is internally
+-** rounded down to the next smaller multiple of 8.  ^(The lookaside memory
++** The first argument may be NULL in which case SQLite will allocate the
++** lookaside buffer itself using [sqlite3_malloc()].
++** <li><P>The second argument ("sz") is the
++** size of each lookaside buffer slot.  Lookaside is disabled if "sz"
++** is less than 8.  The "sz" argument should be a multiple of 8 less than
++** 65536.  If "sz" does not meet this constraint, it is reduced in size until
++** it does.
++** <li><p>The third argument ("cnt") is the number of slots. Lookaside is disabled
++** if "cnt"is less than 1.  The "cnt" value will be reduced, if necessary, so
++** that the product of "sz" and "cnt" does not exceed 2,147,418,112.  The "cnt"
++** parameter is usually chosen so that the product of "sz" and "cnt" is less
++** than 1,000,000.
++** </ol>
++** <p>If the "buf" argument is not NULL, then it must
++** point to a memory buffer with a size that is greater than
++** or equal to the product of "sz" and "cnt".
++** The buffer must be aligned to an 8-byte boundary.
++** The lookaside memory
+ ** configuration for a database connection can only be changed when that
+ ** connection is not currently using lookaside memory, or in other words
+-** when the "current value" returned by
+-** [sqlite3_db_status](D,[SQLITE_DBSTATUS_LOOKASIDE_USED],...) is zero.
++** when the value returned by [SQLITE_DBSTATUS_LOOKASIDE_USED] is zero.
+ ** Any attempt to change the lookaside memory configuration when lookaside
+ ** memory is in use leaves the configuration unchanged and returns
+-** [SQLITE_BUSY].)^</dd>
++** [SQLITE_BUSY].
++** If the "buf" argument is NULL and an attempt
++** to allocate memory based on "sz" and "cnt" fails, then
++** lookaside is silently disabled.
++** <p>
++** The [SQLITE_CONFIG_LOOKASIDE] configuration option can be used to set the
++** default lookaside configuration at initialization.  The
++** [-DSQLITE_DEFAULT_LOOKASIDE] option can be used to set the default lookaside
++** configuration at compile-time.  Typical values for lookaside are 1200 for
++** "sz" and 40 to 100 for "cnt".
++** </dd>
+ **
+ ** [[SQLITE_DBCONFIG_ENABLE_FKEY]]
+ ** <dt>SQLITE_DBCONFIG_ENABLE_FKEY</dt>
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2025-3277.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2025-3277.patch
new file mode 100644
index 0000000000..b8225b5069
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2025-3277.patch
@@ -0,0 +1,29 @@
+From d7f45414935e4ef6e3361f02a22876f1ee7a04aa Mon Sep 17 00:00:00 2001
+From: drh <>
+Date: Sun, 16 Feb 2025 10:57:25 +0000
+Subject: [PATCH] Add a typecast to avoid 32-bit integer overflow in the
+ concat_ws() function with an enormous separator values and many arguments.
+
+FossilOrigin-Name: 498e3f1cf57f164fbd8380e92bf91b9f26d6aa05d092fcd135d754abf1e5b1b5
+
+CVE: CVE-2025-3277
+CVE: CVE-2025-29087
+Upstream-Status: Backport [https://sqlite.org/src/info/498e3f1cf57f164f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ sqlite3.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 08c593e55c..24d0d954d9 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -129594,7 +129594,7 @@ static void concatFuncCore(
+   for(i=0; i<argc; i++){
+     n += sqlite3_value_bytes(argv[i]);
+   }
+-  n += (argc-1)*nSep;
++  n += (argc-1)*(i64)nSep;
+   z = sqlite3_malloc64(n+1);
+   if( z==0 ){
+     sqlite3_result_error_nomem(context);
diff --git a/meta/recipes-support/sqlite/sqlite3_3.45.1.bb b/meta/recipes-support/sqlite/sqlite3_3.45.1.bb
deleted file mode 100644
index 50612feb25..0000000000
--- a/meta/recipes-support/sqlite/sqlite3_3.45.1.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require sqlite3.inc
-
-LICENSE = "PD"
-LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
-
-SRC_URI = "http://www.sqlite.org/2024/sqlite-autoconf-${SQLITE_PV}.tar.gz"
-SRC_URI[sha256sum] = "cd9c27841b7a5932c9897651e20b86c701dd740556989b01ca596fcfa3d49a0a"
-
diff --git a/meta/recipes-support/sqlite/sqlite3_3.45.3.bb b/meta/recipes-support/sqlite/sqlite3_3.45.3.bb
new file mode 100644
index 0000000000..d39cb3805b
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3_3.45.3.bb
@@ -0,0 +1,11 @@
+require sqlite3.inc
+
+LICENSE = "PD"
+LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
+
+SRC_URI = "http://www.sqlite.org/2024/sqlite-autoconf-${SQLITE_PV}.tar.gz \
+           file://CVE-2025-3277.patch \
+           file://CVE-2025-29088.patch \
+          "
+SRC_URI[sha256sum] = "b2809ca53124c19c60f42bf627736eae011afdcc205bb48270a5ee9a38191531"
+
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 11daa900d2..c7f3987134 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -18,8 +18,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://no-path-adjust.patch \
            "
 
-PV .= ".0698"
-SRCREV = "d56c451e1c05310562c5282352d7bb287c16323c"
+PV .= ".1198"
+SRCREV = "f209dcd3defb95bae21b2740910e6aa7bb940531"
 
 # Do not consider .z in x.y.z, as that is updated with every commit
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"
diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index 92a4c9dfb1..b699b34270 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
 
 DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
 DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-5.0.3'
-DEFAULT_INSTALLER_VERSION = '5.0.3'
+DEFAULT_RELEASE = 'yocto-5.0.10'
+DEFAULT_INSTALLER_VERSION = '5.0.10'
 DEFAULT_BUILDDATE = '202110XX'
 
 # Python version sanity check
diff --git a/scripts/lib/devtool/ide_sdk.py b/scripts/lib/devtool/ide_sdk.py
index 65873b088d..0b50165a12 100755
--- a/scripts/lib/devtool/ide_sdk.py
+++ b/scripts/lib/devtool/ide_sdk.py
@@ -288,6 +288,7 @@ class RecipeModified:
         self.bblayers = None
         self.bpn = None
         self.d = None
+        self.debug_build = None
         self.fakerootcmd = None
         self.fakerootenv = None
         self.libdir = None
@@ -348,6 +349,7 @@ class RecipeModified:
         self.bpn = recipe_d.getVar('BPN')
         self.cxx = recipe_d.getVar('CXX')
         self.d = recipe_d.getVar('D')
+        self.debug_build = recipe_d.getVar('DEBUG_BUILD')
         self.fakerootcmd = recipe_d.getVar('FAKEROOTCMD')
         self.fakerootenv = recipe_d.getVar('FAKEROOTENV')
         self.libdir = recipe_d.getVar('libdir')
@@ -389,17 +391,6 @@ class RecipeModified:
         self.recipe_id = self.bpn + "-" + self.package_arch
         self.recipe_id_pretty = self.bpn + ": " + self.package_arch
 
-    def append_to_bbappend(self, append_text):
-        with open(self.bbappend, 'a') as bbap:
-            bbap.write(append_text)
-
-    def remove_from_bbappend(self, append_text):
-        with open(self.bbappend, 'r') as bbap:
-            text = bbap.read()
-        new_text = text.replace(append_text, '')
-        with open(self.bbappend, 'w') as bbap:
-            bbap.write(new_text)
-
     @staticmethod
     def is_valid_shell_variable(var):
         """Skip strange shell variables like systemd
@@ -412,34 +403,6 @@ class RecipeModified:
             return True
         return False
 
-    def debug_build_config(self, args):
-        """Explicitely set for example CMAKE_BUILD_TYPE to Debug if not defined otherwise"""
-        if self.build_tool is BuildTool.CMAKE:
-            append_text = os.linesep + \
-                'OECMAKE_ARGS:append = " -DCMAKE_BUILD_TYPE:STRING=Debug"' + os.linesep
-            if args.debug_build_config and not 'CMAKE_BUILD_TYPE' in self.cmake_cache_vars:
-                self.cmake_cache_vars['CMAKE_BUILD_TYPE'] = {
-                    "type": "STRING",
-                    "value": "Debug",
-                }
-                self.append_to_bbappend(append_text)
-            elif 'CMAKE_BUILD_TYPE' in self.cmake_cache_vars:
-                del self.cmake_cache_vars['CMAKE_BUILD_TYPE']
-                self.remove_from_bbappend(append_text)
-        elif self.build_tool is BuildTool.MESON:
-            append_text = os.linesep + 'MESON_BUILDTYPE = "debug"' + os.linesep
-            if args.debug_build_config and self.meson_buildtype != "debug":
-                self.mesonopts.replace(
-                    '--buildtype ' + self.meson_buildtype, '--buildtype debug')
-                self.append_to_bbappend(append_text)
-            elif self.meson_buildtype == "debug":
-                self.mesonopts.replace(
-                    '--buildtype debug', '--buildtype plain')
-                self.remove_from_bbappend(append_text)
-        elif args.debug_build_config:
-            logger.warn(
-                "--debug-build-config is not implemented for this build tool yet.")
-
     def solib_search_path(self, image):
         """Search for debug symbols in the rootfs and rootfs-dbg
 
@@ -493,7 +456,7 @@ class RecipeModified:
 
         vars = (key for key in d.keys() if not key.startswith(
             "__") and not d.getVarFlag(key, "func", False))
-        for var in vars:
+        for var in sorted(vars):
             func = d.getVarFlag(var, "func", False)
             if d.getVarFlag(var, 'python', False) and func:
                 continue
@@ -545,7 +508,7 @@ class RecipeModified:
         cache_vars = {}
         oecmake_args = d.getVar('OECMAKE_ARGS').split()
         extra_oecmake = d.getVar('EXTRA_OECMAKE').split()
-        for param in oecmake_args + extra_oecmake:
+        for param in sorted(oecmake_args + extra_oecmake):
             d_pref = "-D"
             if param.startswith(d_pref):
                 param = param[len(d_pref):]
@@ -988,6 +951,13 @@ def ide_setup(args, config, basepath, workspace):
                 recipe_modified.gen_meson_wrapper()
             ide.setup_modified_recipe(
                 args, recipe_image, recipe_modified)
+
+            if recipe_modified.debug_build != '1':
+                logger.warn(
+                    'Recipe %s is compiled with release build configuration. '
+                    'You might want to add DEBUG_BUILD = "1" to %s. '
+                    'Note that devtool modify --debug-build can do this automatically.',
+                    recipe_modified.name, recipe_modified.bbappend)
     else:
         raise DevtoolError("Must not end up here.")
 
@@ -995,6 +965,15 @@ def ide_setup(args, config, basepath, workspace):
 def register_commands(subparsers, context):
     """Register devtool subcommands from this plugin"""
 
+    # The ide-sdk command bootstraps the SDK from the bitbake environment before the IDE
+    # configuration is generated. In the case of the eSDK, the bootstrapping is performed
+    # during the installation of the eSDK installer. Running the ide-sdk plugin from an
+    # eSDK installer-based setup would require skipping the bootstrapping and probably
+    # taking some other differences into account when generating the IDE configurations.
+    # This would be possible. But it is not implemented.
+    if context.fixed_setup:
+        return
+
     global ide_plugins
 
     # Search for IDE plugins in all sub-folders named ide_plugins where devtool seraches for plugins.
@@ -1065,6 +1044,4 @@ def register_commands(subparsers, context):
         '-p', '--no-preserve', help='Do not preserve existing files', action='store_true')
     parser_ide_sdk.add_argument(
         '--no-check-space', help='Do not check for available space before deploying', action='store_true')
-    parser_ide_sdk.add_argument(
-        '--debug-build-config', help='Use debug build flags, for example set CMAKE_BUILD_TYPE=Debug', action='store_true')
     parser_ide_sdk.set_defaults(func=ide_setup)
diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index 05161942b7..908869cc4f 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -1031,6 +1031,8 @@ def modify(args, config, basepath, workspace):
                     if branch == args.branch:
                         continue
                     f.write('# patches_%s: %s\n' % (branch, ','.join(branch_patches[branch])))
+            if args.debug_build:
+                f.write('\nDEBUG_BUILD = "1"\n')
 
         update_unlockedsigs(basepath, workspace, args.fixed_setup, [pn])
 
@@ -2396,6 +2398,7 @@ def register_commands(subparsers, context):
     parser_modify.add_argument('--branch', '-b', default="devtool", help='Name for development branch to checkout (when not using -n/--no-extract) (default "%(default)s")')
     parser_modify.add_argument('--no-overrides', '-O', action="store_true", help='Do not create branches for other override configurations')
     parser_modify.add_argument('--keep-temp', help='Keep temporary directory (for debugging)', action="store_true")
+    parser_modify.add_argument('--debug-build', action="store_true", help='Add DEBUG_BUILD = "1" to the modified recipe')
     parser_modify.set_defaults(func=modify, fixed_setup=context.fixed_setup)
 
     parser_extract = subparsers.add_parser('extract', help='Extract the source for an existing recipe',
diff --git a/scripts/lib/resulttool/manualexecution.py b/scripts/lib/resulttool/manualexecution.py
index ecb27c5933..ae0861ac6b 100755
--- a/scripts/lib/resulttool/manualexecution.py
+++ b/scripts/lib/resulttool/manualexecution.py
@@ -22,7 +22,7 @@ def load_json_file(f):
 def write_json_file(f, json_data):
     os.makedirs(os.path.dirname(f), exist_ok=True)
     with open(f, 'w') as filedata:
-        filedata.write(json.dumps(json_data, sort_keys=True, indent=4))
+        filedata.write(json.dumps(json_data, sort_keys=True, indent=1))
 
 class ManualTestRunner(object):
 
diff --git a/scripts/lib/resulttool/report.py b/scripts/lib/resulttool/report.py
index a349510ab8..1c100b00ab 100644
--- a/scripts/lib/resulttool/report.py
+++ b/scripts/lib/resulttool/report.py
@@ -256,7 +256,7 @@ class ResultsTextReport(object):
                 if selected_test_case_only:
                     print_selected_testcase_result(raw_results, selected_test_case_only)
                 else:
-                    print(json.dumps(raw_results, sort_keys=True, indent=4))
+                    print(json.dumps(raw_results, sort_keys=True, indent=1))
             else:
                 print('Could not find raw test result for %s' % raw_test)
             return 0
diff --git a/scripts/lib/resulttool/resultutils.py b/scripts/lib/resulttool/resultutils.py
index c5521d81bd..b8fc79a6ac 100644
--- a/scripts/lib/resulttool/resultutils.py
+++ b/scripts/lib/resulttool/resultutils.py
@@ -14,8 +14,11 @@ import scriptpath
 import copy
 import urllib.request
 import posixpath
+import logging
 scriptpath.add_oe_lib_path()
 
+logger = logging.getLogger('resulttool')
+
 flatten_map = {
     "oeselftest": [],
     "runtime": [],
@@ -31,13 +34,19 @@ regression_map = {
     "manual": ['TEST_TYPE', 'TEST_MODULE', 'IMAGE_BASENAME', 'MACHINE']
 }
 store_map = {
-    "oeselftest": ['TEST_TYPE'],
+    "oeselftest": ['TEST_TYPE', 'TESTSERIES', 'MACHINE'],
     "runtime": ['TEST_TYPE', 'DISTRO', 'MACHINE', 'IMAGE_BASENAME'],
     "sdk": ['TEST_TYPE', 'MACHINE', 'SDKMACHINE', 'IMAGE_BASENAME'],
     "sdkext": ['TEST_TYPE', 'MACHINE', 'SDKMACHINE', 'IMAGE_BASENAME'],
     "manual": ['TEST_TYPE', 'TEST_MODULE', 'MACHINE', 'IMAGE_BASENAME']
 }
 
+rawlog_sections = {
+    "ptestresult.rawlogs": "ptest",
+    "ltpresult.rawlogs": "ltp",
+    "ltpposixresult.rawlogs": "ltpposix"
+}
+
 def is_url(p):
     """
     Helper for determining if the given path is a URL
@@ -108,21 +117,57 @@ def filter_resultsdata(results, resultid):
                  newresults[r][i] = results[r][i]
     return newresults
 
-def strip_ptestresults(results):
+def strip_logs(results):
     newresults = copy.deepcopy(results)
-    #for a in newresults2:
-    #  newresults = newresults2[a]
     for res in newresults:
         if 'result' not in newresults[res]:
             continue
-        if 'ptestresult.rawlogs' in newresults[res]['result']:
-            del newresults[res]['result']['ptestresult.rawlogs']
+        for logtype in rawlog_sections:
+            if logtype in newresults[res]['result']:
+                del newresults[res]['result'][logtype]
         if 'ptestresult.sections' in newresults[res]['result']:
             for i in newresults[res]['result']['ptestresult.sections']:
                 if 'log' in newresults[res]['result']['ptestresult.sections'][i]:
                     del newresults[res]['result']['ptestresult.sections'][i]['log']
     return newresults
 
+# For timing numbers, crazy amounts of precision don't make sense and just confuse
+# the logs. For numbers over 1, trim to 3 decimal places, for numbers less than 1,
+# trim to 4 significant digits
+def trim_durations(results):
+    for res in results:
+        if 'result' not in results[res]:
+            continue
+        for entry in results[res]['result']:
+            if 'duration' in results[res]['result'][entry]:
+                duration = results[res]['result'][entry]['duration']
+                if duration > 1:
+                    results[res]['result'][entry]['duration'] = float("%.3f" % duration)
+                elif duration < 1:
+                    results[res]['result'][entry]['duration'] = float("%.4g" % duration)
+    return results
+
+def handle_cleanups(results):
+    # Remove pointless path duplication from old format reproducibility results
+    for res2 in results:
+        try:
+            section = results[res2]['result']['reproducible']['files']
+            for pkgtype in section:
+                for filelist in section[pkgtype].copy():
+                    if section[pkgtype][filelist] and type(section[pkgtype][filelist][0]) == dict:
+                        newlist = []
+                        for entry in section[pkgtype][filelist]:
+                            newlist.append(entry["reference"].split("/./")[1])
+                        section[pkgtype][filelist] = newlist
+
+        except KeyError:
+            pass
+    # Remove pointless duplicate rawlogs data
+    try:
+        del results[res2]['result']['reproducible.rawlogs']
+    except KeyError:
+        pass
+
 def decode_log(logdata):
     if isinstance(logdata, str):
         return logdata
@@ -155,9 +200,6 @@ def generic_get_rawlogs(sectname, results):
         return None
     return decode_log(results[sectname]['log'])
 
-def ptestresult_get_rawlogs(results):
-    return generic_get_rawlogs('ptestresult.rawlogs', results)
-
 def save_resultsdata(results, destdir, fn="testresults.json", ptestjson=False, ptestlogs=False):
     for res in results:
         if res:
@@ -167,16 +209,20 @@ def save_resultsdata(results, destdir, fn="testresults.json", ptestjson=False, p
         os.makedirs(os.path.dirname(dst), exist_ok=True)
         resultsout = results[res]
         if not ptestjson:
-            resultsout = strip_ptestresults(results[res])
+            resultsout = strip_logs(results[res])
+        trim_durations(resultsout)
+        handle_cleanups(resultsout)
         with open(dst, 'w') as f:
-            f.write(json.dumps(resultsout, sort_keys=True, indent=4))
+            f.write(json.dumps(resultsout, sort_keys=True, indent=1))
         for res2 in results[res]:
             if ptestlogs and 'result' in results[res][res2]:
                 seriesresults = results[res][res2]['result']
-                rawlogs = ptestresult_get_rawlogs(seriesresults)
-                if rawlogs is not None:
-                    with open(dst.replace(fn, "ptest-raw.log"), "w+") as f:
-                        f.write(rawlogs)
+                for logtype in rawlog_sections:
+                    logdata = generic_get_rawlogs(logtype, seriesresults)
+                    if logdata is not None:
+                        logger.info("Extracting " + rawlog_sections[logtype] + "-raw.log")
+                        with open(dst.replace(fn, rawlog_sections[logtype] + "-raw.log"), "w+") as f:
+                            f.write(logdata)
                 if 'ptestresult.sections' in seriesresults:
                     for i in seriesresults['ptestresult.sections']:
                         sectionlog = ptestresult_get_log(seriesresults, i)
diff --git a/scripts/lib/resulttool/store.py b/scripts/lib/resulttool/store.py
index e0951f0a8f..578910d234 100644
--- a/scripts/lib/resulttool/store.py
+++ b/scripts/lib/resulttool/store.py
@@ -65,18 +65,34 @@ def store(args, logger):
 
         for r in revisions:
             results = revisions[r]
+            if args.revision and r[0] != args.revision:
+                logger.info('skipping %s as non-matching' % r[0])
+                continue
             keywords = {'commit': r[0], 'branch': r[1], "commit_count": r[2]}
-            subprocess.check_call(["find", tempdir, "!", "-path", "./.git/*", "-delete"])
+            subprocess.check_call(["find", tempdir, "-name", "testresults.json", "!", "-path", "./.git/*", "-delete"])
             resultutils.save_resultsdata(results, tempdir, ptestlogs=True)
 
             logger.info('Storing test result into git repository %s' % args.git_dir)
 
-            gitarchive.gitarchive(tempdir, args.git_dir, False, False,
+            excludes = []
+            if args.logfile_archive:
+                excludes = ['*.log', "*.log.zst"]
+
+            tagname = gitarchive.gitarchive(tempdir, args.git_dir, False, False,
                                   "Results of {branch}:{commit}", "branch: {branch}\ncommit: {commit}", "{branch}",
                                   False, "{branch}/{commit_count}-g{commit}/{tag_number}",
                                   'Test run #{tag_number} of {branch}:{commit}', '',
-                                  [], [], False, keywords, logger)
+                                  excludes, [], False, keywords, logger)
 
+            if args.logfile_archive:
+                logdir = args.logfile_archive + "/" + tagname
+                shutil.copytree(tempdir, logdir)
+                for root, dirs,  files in os.walk(logdir):
+                    for name in files:
+                        if not name.endswith(".log"):
+                            continue
+                        f = os.path.join(root, name)
+                        subprocess.run(["zstd", f, "--rm"], check=True, capture_output=True)
     finally:
         subprocess.check_call(["rm", "-rf",  tempdir])
 
@@ -102,3 +118,7 @@ def register_commands(subparsers):
                               help='add executed-by configuration to each result file')
     parser_build.add_argument('-t', '--extra-test-env', default='',
                               help='add extra test environment data to each result file configuration')
+    parser_build.add_argument('-r', '--revision', default='',
+                              help='only store data for the specified revision')
+    parser_build.add_argument('-l', '--logfile-archive', default='',
+                              help='directory to separately archive log files along with a copy of the results')
diff --git a/scripts/lib/wic/plugins/source/bootimg-efi.py b/scripts/lib/wic/plugins/source/bootimg-efi.py
index 7cc5131541..37d07093f5 100644
--- a/scripts/lib/wic/plugins/source/bootimg-efi.py
+++ b/scripts/lib/wic/plugins/source/bootimg-efi.py
@@ -245,7 +245,7 @@ class BootimgEFIPlugin(SourcePlugin):
 
             # list of tuples (src_name, dst_name)
             deploy_files = []
-            for src_entry in re.findall(r'[\w;\-\./\*]+', boot_files):
+            for src_entry in re.findall(r'[\w;\-\.\+/\*]+', boot_files):
                 if ';' in src_entry:
                     dst_entry = tuple(src_entry.split(';'))
                     if not dst_entry[0] or not dst_entry[1]:
diff --git a/scripts/runqemu b/scripts/runqemu
index fe395d1bc6..2ab36fd03d 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -1487,7 +1487,7 @@ to your build configuration.
         # If no serial or serialtcp options were specified, only ttyS0 is created
         # and sysvinit shows an error trying to enable ttyS1:
         #     INIT: Id "S1" respawning too fast: disabled for 5 minutes
-        serial_num = len(re.findall("-serial", self.qemu_opt))
+        serial_num = len(re.findall("(^| )-serial ", self.qemu_opt))
 
         # Assume if the user passed serial options, they know what they want
         # and pad to two devices
@@ -1507,7 +1507,7 @@ to your build configuration.
 
                 self.qemu_opt += " %s" % self.get("QB_SERIAL_OPT")
 
-        serial_num = len(re.findall("-serial", self.qemu_opt))
+        serial_num = len(re.findall("(^| )-serial ", self.qemu_opt))
         if serial_num < 2:
             self.qemu_opt += " -serial null"