[PATCH 0/9] Updates for the 5.0 release

[PATCH 0/9] Updates for the 5.0 release

[Paul Eggleton]

Updates for the 5.0 release on top of master-next, including release
notes and migration guide, as well as adjustments for the rest of the
documentation. I think we are still missing a few changes but
unfortunately I've run out of time. Thanks to all who added content
ahead of me though!


The following changes since commit 4b839c460867d685584134dbd322cd9b20f2ae6d:

  release-notes-5.0: various additions and improvements (2024-04-12 15:08:40 +0200)

are available in the Git repository at:

  https://git.yoctoproject.org/poky-contrib paule/5.0-release
  https://git.yoctoproject.org/poky-contrib/log/?h=paule/5.0-release

Paul Eggleton (9):
  ref-manual: Add virtual-slash QA check
  ref-manual: add new python classes
  classes: cve_check: add note about remote patches
  variables: add TARGET_DBGSRC_DIR
  dev-manual: update reference to sstate-cache-management script
  dev-manual: update custom distribution section
  release-notes: Add CVEs, recipe upgrades and contributors for 5.0
  migration: Extend migration guide for 5.0
  release-notes: additional features and one known issue for 5.0

 .../dev-manual/custom-distribution.rst        |  34 +-
 documentation/dev-manual/disk-space.rst       |   2 +-
 .../migration-guides/migration-5.0.rst        |  62 +-
 .../migration-guides/release-notes-5.0.rst    | 635 +++++++++++++++++-
 documentation/ref-manual/classes.rst          |  31 +
 documentation/ref-manual/qa-checks.rst        |   8 +
 documentation/ref-manual/variables.rst        |   4 +
 7 files changed, 757 insertions(+), 19 deletions(-)

-- 
2.25.1

[PATCH 1/9] ref-manual: Add virtual-slash QA check

[Paul Eggleton]

Add the new virtual-slash QA check to the insane class section and the
QA checks section.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/ref-manual/classes.rst   | 6 ++++++
 documentation/ref-manual/qa-checks.rst | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index 1d01456ece..296347edb7 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -1582,6 +1582,12 @@ The tests you can list with the :term:`WARN_QA` and
       This is only relevant when you are using runtime package management
       on your target system.
 
+-  ``virtual-slash:`` Checks to see if ``virtual/`` is being used in
+   :term:`RDEPENDS` or :term:`RPROVIDES`, which is not good practice -
+   ``virtual/`` is a convention intended for use in the build context
+   (i.e. :term:`PROVIDES` and :term:`DEPENDS`) rather than the runtime
+   context.
+
 -  ``xorg-driver-abi:`` Checks that all packages containing Xorg
    drivers have ABI dependencies. The ``xserver-xorg`` recipe provides
    driver ABI names. All drivers should depend on the ABI versions that
diff --git a/documentation/ref-manual/qa-checks.rst b/documentation/ref-manual/qa-checks.rst
index 58526a0e57..53b1836e74 100644
--- a/documentation/ref-manual/qa-checks.rst
+++ b/documentation/ref-manual/qa-checks.rst
@@ -799,6 +799,14 @@ Errors and Warnings
     section in the Yocto Project Development Tasks Manual. See also the
     ":ref:`ref-classes-ptest`" section.
 
+.. _qa-check-virtual-slash:
+
+- ``<variable> is set to <value> but the substring 'virtual/' holds no meaning in this context. It only works for build time dependencies, not runtime ones. It is suggested to use 'VIRTUAL-RUNTIME_' variables instead.``
+
+    ``virtual/`` is a convention intended for use in the build context
+    (i.e. :term:`PROVIDES` and :term:`DEPENDS`) rather than the runtime
+    context (i.e. :term:`RPROVIDES` and :term:`RDEPENDS`). Use
+    :term:`VIRTUAL-RUNTIME` variables instead for the latter.
 
 
 Configuring and Disabling QA Checks
-- 
2.25.1

[PATCH 2/9] ref-manual: add new python classes

[Paul Eggleton]

Add brief documentation of python_maturin and python_mesonpy classes
that were added in 5.0.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/ref-manual/classes.rst | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index 296347edb7..1f816e0457 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -2380,6 +2380,24 @@ Python modules built with ``flit_core.buildapi`` are pure Python (no
 
 Internally this uses the :ref:`ref-classes-python_pep517` class.
 
+.. _ref-classes-python_maturin:
+
+``python_maturin``
+==================
+
+The :ref:`ref-classes-python_maturin` class provides support for python-maturin, a replacement
+for setuptools_rust and another "backend" for building python wheels.
+
+.. _ref-classes-python_mesonpy:
+
+``python_mesonpy``
+==================
+
+The :ref:`ref-classes-python_mesonpy` class enables building Python modules which use the
+meson-python build system.
+
+Internally this uses the :ref:`ref-classes-python_pep517` class.
+
 .. _ref-classes-python_pep517:
 
 ``python_pep517``
-- 
2.25.1

[PATCH 3/9] classes: cve_check: add note about remote patches

[Paul Eggleton]

Document the change in behaviour in 5.0.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/ref-manual/classes.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index 1f816e0457..916abf3abc 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -564,6 +564,13 @@ The ``Patched`` state of a CVE issue is detected from patch files with the forma
 ``CVE-ID.patch``, e.g. ``CVE-2019-20633.patch``, in the :term:`SRC_URI` and using
 CVE metadata of format ``CVE: CVE-ID`` in the commit message of the patch file.
 
+.. note::
+
+   Commit message metadata (``CVE: CVE-ID`` in a patch header) will not be scanned
+   in any patches that are remote, i.e. that are anything other than local files
+   referenced via ``file://`` in SRC_URI. However, a ``CVE-ID`` in a remote patch
+   file name itself will be registered.
+
 If the recipe adds ``CVE-ID`` as flag of the :term:`CVE_STATUS` variable with status
 mapped to ``Ignored``, then the CVE state is reported as ``Ignored``::
 
-- 
2.25.1

[PATCH 4/9] variables: add TARGET_DBGSRC_DIR

[Paul Eggleton]

New variable in 5.0.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/ref-manual/variables.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 0dc881ed51..897bd44990 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -8813,6 +8813,10 @@ system and gives an overview of their function and contents.
       value so that executables built using the SDK also have the flags
       applied.
 
+   :term:`TARGET_DBGSRC_DIR`
+      Specifies the target path to debug source files. The default is
+      ``/usr/src/debug/${PN}/${PV}``.
+
    :term:`TARGET_FPU`
       Specifies the method for handling FPU code. For FPU-less targets,
       which include most ARM CPUs, the variable must be set to "soft". If
-- 
2.25.1

[PATCH 5/9] dev-manual: update reference to sstate-cache-management script

[Paul Eggleton]

* Script is now .py
* In the example, we would most likely be within the build directory
  already, so the path would be just "sstate-cache" not
  "build/sstate-cache"

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/dev-manual/disk-space.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/dev-manual/disk-space.rst b/documentation/dev-manual/disk-space.rst
index 6d1638a302..efca82601d 100644
--- a/documentation/dev-manual/disk-space.rst
+++ b/documentation/dev-manual/disk-space.rst
@@ -49,7 +49,7 @@ requires a full build environment to be available and doesn't work well
 covering multiple releases. It won't work either on limited environments
 such as BSD based NAS::
 
-   sstate-cache-management.sh --remove-duplicated --cache-dir=build/sstate-cache
+   sstate-cache-management.py --remove-duplicated --cache-dir=sstate-cache
 
 This command will ask you to confirm the deletions it identifies.
 Run ``sstate-cache-management.sh`` for more details about this script.
-- 
2.25.1

[PATCH 6/9] dev-manual: update custom distribution section

[Paul Eggleton]

In keeping with the addition of the motd message pointing out that
the poky DISTRO is a reference distribution, adjust the opening of the
Creating Your Own Distribution section to match. Additionally, add a
section on the end pointing out what users need to consider if they just
take a copy of the poky distribution and modify it.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 .../dev-manual/custom-distribution.rst        | 34 ++++++++++++++++---
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/documentation/dev-manual/custom-distribution.rst b/documentation/dev-manual/custom-distribution.rst
index 47faed0d04..93a1961d17 100644
--- a/documentation/dev-manual/custom-distribution.rst
+++ b/documentation/dev-manual/custom-distribution.rst
@@ -4,10 +4,16 @@ Creating Your Own Distribution
 ******************************
 
 When you build an image using the Yocto Project and do not alter any
-distribution :term:`Metadata`, you are
-creating a Poky distribution. If you wish to gain more control over
-package alternative selections, compile-time options, and other
-low-level configurations, you can create your own distribution.
+distribution :term:`Metadata`, you are using the ``poky`` distribution.
+``poky`` is explicitly a *reference* distribution for testing and
+development purposes. It enables most hardware and software features
+so that they can be tested, but this also means that from a security
+point of view the attack surface is very large. Additionally, at some
+point it is likely that you will want to gain more control over package
+alternative selections, compile-time options, and other low-level
+configurations. For both of these reasons, if you are using the Yocto
+Project for production use then you are strongly encouraged to create
+your own distribution.
 
 To create your own distribution, the basic steps consist of creating
 your own distribution layer, creating your own distribution
@@ -107,3 +113,23 @@ layer. The following steps provide some more detail:
    For information on append files, see the
    ":ref:`dev-manual/layers:appending other layers metadata with your layer`"
    section.
+
+Copying and modifying the ``poky`` distribution
+===============================================
+
+Instead of creating a custom distribution from scratch as per above, you may
+wish to start your custom distribution configuration by copying the ``poky``
+distribution provided within the ``meta-poky`` layer and then modifying it.
+This is fine, however if you do this you should keep the following in mind:
+
+-  Every reference to ``poky`` needs to be updated in your copy so that it
+   will still apply. This includes override usage within files (e.g. ``:poky``)
+   and in directory names. This is a good opportunity to evaluate each one of
+   these customizations to see if they are needed for your use case.
+
+-  Unless you also intend to use them, the ``poky-tiny``, ``poky-altcfg`` and
+   ``poky-bleeding`` variants and any references to them can be removed.
+
+-  More generally, the ``poky`` distribution configuration enables a lot more
+   than you likely need for your production use case. You should evaluate *every*
+   configuration choice made in your copy to determine if it is needed.
-- 
2.25.1

[PATCH 7/9] release-notes: Add CVEs, recipe upgrades and contributors for 5.0

[Paul Eggleton]

* Add CVEs from commits
* Add recipe upgrades using layer index branch comparison
* Add contributors from commits

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 .../migration-guides/release-notes-5.0.rst    | 564 +++++++++++++++++-
 1 file changed, 563 insertions(+), 1 deletion(-)

diff --git a/documentation/migration-guides/release-notes-5.0.rst b/documentation/migration-guides/release-notes-5.0.rst
index 7767a4229d..21de79a638 100644
--- a/documentation/migration-guides/release-notes-5.0.rst
+++ b/documentation/migration-guides/release-notes-5.0.rst
@@ -264,16 +264,578 @@ The following corrections have been made to the :term:`LICENSE` values set by re
 Security Fixes in 5.0
 ~~~~~~~~~~~~~~~~~~~~~
 
+-  avahi: :cve:`2023-1981`, :cve:`2023-38469-2`, :cve:`2023-38470-2`, :cve:`2023-38471-2`, :cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`, :cve:`2023-38472`, :cve:`2023-38473`
+-  bind: :cve:`2023-4408`, :cve:`2023-5517`, :cve:`2023-5679`, :cve:`2023-50387`
+-  bluez5: :cve:`2023-45866`
+-  coreutils: :cve:`2024-0684`
+-  cups: :cve:`2023-4504`
+-  curl: :cve:`2023-46218`
+-  expat: :cve:`2024-28757`
+-  gcc: :cve:`2023-4039`
+-  glibc: :cve:`2023-5156`, :cve:`2023-0687`
+-  gnutls: :cve:`2024-0553`, :cve:`2024-0567`, :cve:`2024-28834`, :cve:`2024-28835`
+-  go: :cve:`2023-45288`
+-  grub: :cve:`2023-4692`, :cve:`2023-4693`
+-  grub2: :cve:`2023-4001` (ignored), :cve:`2024-1048` (ignored)
+-  libgit2: :cve:`2024-24575`, :cve:`2024-24577`
+-  libsndfile1: :cve:`2022-33065`
+-  libssh2: :cve:`2023-48795`
+-  libuv: :cve:`2024-24806`
+-  libxml2: :cve:`2023-45322` (ignored)
+-  linux-yocto/6.6: :cve:`2020-16119`
+-  openssh: :cve:`2023-48795`, :cve:`2023-51384`, :cve:`2023-51385`
+-  openssl: :cve:`2023-5363`, :cve:`2023-5678`, :cve:`2023-6129`, :cve:`2023-6237`, :cve:`2024-0727`
+-  perl: :cve:`2023-47100`
+-  pixman: :cve:`2023-37769` (ignored)
+-  python3-cryptography{-vectors}: :cve:`2023-49083`, :cve:`2024-26130`
+-  python3-urllib3: :cve:`2023-45803`
+-  shadow: :cve:`2023-4641`
+-  sudo: :cve:`2023-42456`
+-  tiff: :cve:`2023-6228`, :cve:`2023-6277`, :cve:`2023-52355`, :cve:`2023-52356`
+-  vim: :cve:`2023-46246`, :cve:`2023-48231`, :cve:`2023-48232`, :cve:`2023-48233`, :cve:`2023-48234`, :cve:`2023-48235`, :cve:`2023-48236`, :cve:`2023-48237`, :cve:`2024-22667`
+-  wpa-supplicant: :cve:`2023-52160`
+-  xserver-xorg: :cve:`2023-5574`, :cve:`2023-6816`, :cve:`2024-0229`, :cve:`2024-0408`, :cve:`2024-0409`, :cve:`2024-21885`, :cve:`2024-21886`
+-  xwayland: :cve:`2023-5367`, :cve:`2024-0408`, :cve:`2024-0409`, :cve:`2023-6816`, :cve:`2024-0229`, :cve:`2024-21885`, :cve:`2024-21886`
+-  zlib: :cve:`2023-45853` (ignored), :cve:`2023-6992` (ignored)
+
+
 Recipe Upgrades in 5.0
 ~~~~~~~~~~~~~~~~~~~~~~
 
--  go: update 1.20.10 -> 1.22.1
+-  acl 2.3.1 -> 2.3.2
+-  acpica 20230628 -> 20240322
+-  alsa-lib 1.2.10 -> 1.2.11
+-  alsa-tools 1.2.5 -> 1.2.11
+-  alsa-ucm-conf 1.2.10 -> 1.2.11
+-  alsa-utils 1.2.10 -> 1.2.11
+-  appstream 0.16.3 -> 1.0.2
+-  autoconf 2.72c -> 2.72e
+-  bash 5.2.15 -> 5.2.21
+-  bash-completion 2.11 -> 2.12.0
+-  binutils 2.41 -> 2.42
+-  bluez5 5.69 -> 5.72
+-  boost 1.83.0 -> 1.84.0
+-  boost-build-native 1.83.0 -> 1.84.0
+-  btrfs-tools 6.5.1 -> 6.7.1
+-  cairo 1.16.0 -> 1.18.0
+-  cargo 1.70.0 -> 1.75.0
+-  cargo-c-native 0.9.18 -> 0.9.30+cargo-0.77.0
+-  ccache 4.8.3 -> 4.9.1
+-  cmake 3.27.7 -> 3.28.3
+-  cmake-native 3.27.7 -> 3.28.3
+-  createrepo-c 1.0.0 -> 1.0.4
+-  cronie 1.6.1 -> 1.7.1
+-  cross-localedef-native 2.38+git -> 2.39+git
+-  cups 2.4.6 -> 2.4.7
+-  curl 8.4.0 -> 8.7.1
+-  dbus-wait 0.1+git (6cc6077a36fe…) -> 0.1+git (64bc7c8fae61…)
+-  debianutils 5.13 -> 5.16
+-  desktop-file-utils 0.26 -> 0.27
+-  dhcpcd 10.0.2 -> 10.0.6
+-  diffoscope 249 -> 259
+-  diffstat 1.65 -> 1.66
+-  dnf 4.17.0 -> 4.19.0
+-  dos2unix 7.5.1 -> 7.5.2
+-  ed 1.19 -> 1.20.1
+-  efivar 38+39+git -> 39+39+git
+-  elfutils 0.189 -> 0.191
+-  ell 0.60 -> 0.63
+-  enchant2 2.6.2 -> 2.6.7
+-  epiphany 44.6 -> 46.0
+-  erofs-utils 1.6 -> 1.7.1
+-  ethtool 6.5 -> 6.7
+-  eudev 3.2.12 -> 3.2.14
+-  expat 2.5.0 -> 2.6.2
+-  ffmpeg 6.0 -> 6.1.1
+-  fontconfig 2.14.2 -> 2.15.0
+-  gawk 5.2.2 -> 5.3.0
+-  gcr 4.1.0 -> 4.2.0
+-  gdb 13.2 -> 14.2
+-  gettext 0.22 -> 0.22.5
+-  gettext-minimal-native 0.22 -> 0.22.5
+-  gi-docgen 2023.1 -> 2023.3
+-  git 2.42.0 -> 2.44.0
+-  glib-2.0 2.78.3 -> 2.78.4
+-  glib-networking 2.76.1 -> 2.78.1
+-  glibc 2.38+git -> 2.39+git
+-  glibc-locale 2.38 -> 2.39+git
+-  glibc-mtrace 2.38 -> 2.39+git
+-  glibc-scripts 2.38 -> 2.39+git
+-  glibc-testsuite 2.38+git -> 2.39+git
+-  glibc-y2038-tests 2.38+git -> 2.39+git
+-  glslang 1.3.261.1 -> 1.3.275.0
+-  gnu-config 20230216+git -> 20240101+git
+-  gnupg 2.4.3 -> 2.4.4
+-  gnutls 3.8.3 -> 3.8.4
+-  go 1.20.12 -> 1.22.2
+-  go-binary-native 1.20.12 -> 1.22.2
+-  go-native 1.20.12 -> 1.22.2
+-  go-runtime 1.20.12 -> 1.22.2
+-  gpgme 1.22.0 -> 1.23.2
+-  grub 2.06 -> 2.12
+-  grub-efi 2.06 -> 2.12
+-  gsettings-desktop-schemas 44.0 -> 46.0
+-  gst-devtools 1.22.9 -> 1.22.11
+-  gstreamer1.0 1.22.9 -> 1.22.11
+-  gstreamer1.0-libav 1.22.9 -> 1.22.11
+-  gstreamer1.0-omx 1.22.9 -> 1.22.11
+-  gstreamer1.0-plugins-bad 1.22.9 -> 1.22.11
+-  gstreamer1.0-plugins-base 1.22.9 -> 1.22.11
+-  gstreamer1.0-plugins-good 1.22.9 -> 1.22.11
+-  gstreamer1.0-plugins-ugly 1.22.9 -> 1.22.11
+-  gstreamer1.0-python 1.22.9 -> 1.22.11
+-  gstreamer1.0-rtsp-server 1.22.9 -> 1.22.11
+-  gstreamer1.0-vaapi 1.22.9 -> 1.22.11
+-  gtk+3 3.24.38 -> 3.24.41
+-  gtk4 4.12.3 -> 4.14.1
+-  harfbuzz 8.2.2 -> 8.3.0
+-  hwlatdetect 2.5 -> 2.6
+-  icu 73-2 -> 74-1
+-  inetutils 2.4 -> 2.5
+-  init-system-helpers 1.65.2 -> 1.66
+-  iproute2 6.5.0 -> 6.7.0
+-  iptables 1.8.9 -> 1.8.10
+-  iputils 20221126 -> 20240117
+-  iso-codes 4.15.0 -> 4.16.0
+-  iw 5.19 -> 6.7
+-  json-glib 1.6.6 -> 1.8.0
+-  kbd 2.6.3 -> 2.6.4
+-  kexec-tools 2.0.27 -> 2.0.28
+-  kmod 30 -> 31
+-  kmscube git -> 0.0.1+git
+-  libadwaita 1.4.2 -> 1.5.0
+-  libbsd 0.11.7 -> 0.12.1
+-  libcap-ng 0.8.3 -> 0.8.4
+-  libcap-ng-python 0.8.3 -> 0.8.4
+-  libcomps 0.1.19 -> 0.1.20
+-  libdnf 0.71.0 -> 0.73.0
+-  libdrm 2.4.116 -> 2.4.120
+-  libffi 3.4.4 -> 3.4.6
+-  libgit2 1.7.1 -> 1.7.2
+-  libgloss 4.3.0+git -> 4.4.0+git
+-  libgpg-error 1.47 -> 1.48
+-  libhandy 1.8.2 -> 1.8.3
+-  libical 3.0.16 -> 3.0.17
+-  libidn2 2.3.4 -> 2.3.7
+-  libinput 1.24.0 -> 1.25.0
+-  libksba 1.6.4 -> 1.6.6
+-  libmicrohttpd 0.9.77 -> 1.0.1
+-  libnl 3.8.0 -> 3.9.0
+-  libnotify 0.8.2 -> 0.8.3
+-  libpciaccess 0.17 -> 0.18
+-  libpcre2 10.42 -> 10.43
+-  libpng 1.6.40 -> 1.6.42
+-  libproxy 0.5.3 -> 0.5.4
+-  libpsl 0.21.2 -> 0.21.5
+-  librepo 1.16.0 -> 1.17.0
+-  librsvg 2.56.3 -> 2.57.1
+-  libsdl2 2.28.4 -> 2.30.0
+-  libseccomp 2.5.4 -> 2.5.5
+-  libsecret 0.21.1 -> 0.21.4
+-  libsolv 0.7.26 -> 0.7.28
+-  libsoup 3.4.2 -> 3.4.4
+-  libstd-rs 1.70.0 -> 1.75.0
+-  libtest-warnings-perl 0.031 -> 0.033
+-  libtirpc 1.3.3 -> 1.3.4
+-  libubootenv 0.3.4 -> 0.3.5
+-  libunistring 1.1 -> 1.2
+-  liburi-perl 5.21 -> 5.27
+-  libusb1 1.0.26 -> 1.0.27
+-  libuv 1.46.0 -> 1.48.0
+-  libva 2.19.0 -> 2.20.0
+-  libva-initial 2.19.0 -> 2.20.0
+-  libwpe 1.14.1 -> 1.14.2
+-  libxext 1.3.5 -> 1.3.6
+-  libxkbcommon 1.5.0 -> 1.6.0
+-  libxkbfile 1.1.2 -> 1.1.3
+-  libxml-parser-perl 2.46 -> 2.47
+-  libxml2 2.11.7 -> 2.12.5
+-  libxmlb 0.3.14 -> 0.3.15
+-  libxrandr 1.5.3 -> 1.5.4
+-  libxvmc 1.0.13 -> 1.0.14
+-  lighttpd 1.4.71 -> 1.4.74
+-  linux-firmware 20240220 -> 20240312
+-  linux-libc-headers 6.5 -> 6.6
+-  linux-yocto 6.1.78+git, 6.5.13+git -> 6.6.23+git
+-  linux-yocto-dev 6.6+git -> 6.9+git
+-  linux-yocto-rt 6.1.78+git, 6.5.13+git -> 6.6.23+git
+-  linux-yocto-tiny 6.1.78+git, 6.5.13+git -> 6.6.23+git
+-  llvm 17.0.3 -> 18.1.2
+-  lsof 4.98.0 -> 4.99.3
+-  ltp 20230516 -> 20240129
+-  lttng-modules 2.13.10 -> 2.13.12
+-  lttng-ust 2.13.6 -> 2.13.7
+-  lzip 1.23 -> 1.24
+-  makedepend 1.0.8 -> 1.0.9
+-  man-db 2.11.2 -> 2.12.0
+-  man-pages 6.05.01 -> 6.06
+-  mc 4.8.30 -> 4.8.31
+-  mesa 23.2.1 -> 24.0.2
+-  mesa-gl 23.2.1 -> 24.0.2
+-  meson 1.2.2 -> 1.3.1
+-  minicom 2.8 -> 2.9
+-  mmc-utils 0.1+git (613495ecaca9…) -> 0.1+git (b5ca140312d2…)
+-  mpg123 1.31.3 -> 1.32.5
+-  newlib 4.3.0+git -> 4.4.0+git
+-  nghttp2 1.57.0 -> 1.61.0
+-  numactl 2.0.16 -> 2.0.18
+-  ofono 2.1 -> 2.4
+-  opensbi 1.2 -> 1.4
+-  openssh 9.5p1 -> 9.6p1
+-  openssl 3.1.5 -> 3.2.1
+-  opkg 0.6.2 -> 0.6.3
+-  opkg-utils 0.6.2 -> 0.6.3
+-  orc 0.4.34 -> 0.4.38
+-  ovmf edk2-stable202308 -> edk2-stable202402
+-  p11-kit 0.25.0 -> 0.25.3
+-  pango 1.51.0 -> 1.52.0
+-  pciutils 3.10.0 -> 3.11.1
+-  piglit 1.0+gitr (71c21b1157c4…) -> 1.0+gitr (22eaf6a91cfd…)
+-  pkgconf 2.0.3 -> 2.1.1
+-  psplash 0.1+git (44afb7506d43…) -> 0.1+git (ecc191375669…)
+-  ptest-runner 2.4.2+git -> 2.4.3+git
+-  pulseaudio 16.1 -> 17.0
+-  puzzles 0.0+git (2d9e414ee316…) -> 0.0+git (80aac3104096…)
+-  python3 3.11.5 -> 3.12.2
+-  python3-alabaster 0.7.13 -> 0.7.16
+-  python3-attrs 23.1.0 -> 23.2.0
+-  python3-babel 2.12.1 -> 2.14.0
+-  python3-bcrypt 4.0.1 -> 4.1.2
+-  python3-beartype 0.15.0 -> 0.17.2
+-  python3-build 1.0.3 -> 1.1.1
+-  python3-certifi 2023.7.22 -> 2024.2.2
+-  python3-cffi 1.15.1 -> 1.16.0
+-  python3-cryptography 41.0.4 -> 42.0.5
+-  python3-cryptography-vectors 41.0.4 -> 42.0.5
+-  python3-cython 0.29.36 -> 3.0.8
+-  python3-dbusmock 0.29.1 -> 0.31.1
+-  python3-dtschema 2023.7 -> 2024.2
+-  python3-git 3.1.36 -> 3.1.42
+-  python3-gitdb 4.0.10 -> 4.0.11
+-  python3-hatch-fancy-pypi-readme 23.1.0 -> 24.1.0
+-  python3-hatch-vcs 0.3.0 -> 0.4.0
+-  python3-hatchling 1.18.0 -> 1.21.1
+-  python3-hypothesis 6.86.2 -> 6.98.15
+-  python3-idna 3.4 -> 3.6
+-  python3-importlib-metadata 6.8.0 -> 7.0.1
+-  python3-iso8601 2.0.0 -> 2.1.0
+-  python3-jsonschema 4.17.3 -> 4.21.1
+-  python3-license-expression 30.1.1 -> 30.2.0
+-  python3-lxml 4.9.3 -> 5.0.0
+-  python3-mako 1.2.4 -> 1.3.2
+-  python3-markdown 3.4.4 -> 3.5.2
+-  python3-markupsafe 2.1.3 -> 2.1.5
+-  python3-more-itertools 10.1.0 -> 10.2.0
+-  python3-numpy 1.26.0 -> 1.26.4
+-  python3-packaging 23.1 -> 23.2
+-  python3-pathspec 0.11.2 -> 0.12.1
+-  python3-pbr 5.11.1 -> 6.0.0
+-  python3-pip 23.2.1 -> 24.0
+-  python3-pluggy 1.3.0 -> 1.4.0
+-  python3-poetry-core 1.7.0 -> 1.9.0
+-  python3-psutil 5.9.5 -> 5.9.8
+-  python3-pyasn1 0.5.0 -> 0.5.1
+-  python3-pycairo 1.24.0 -> 1.26.0
+-  python3-pycryptodome 3.19.0 -> 3.20.0
+-  python3-pycryptodomex 3.19.0 -> 3.20.0
+-  python3-pygments 2.16.1 -> 2.17.2
+-  python3-pyopenssl 23.2.0 -> 24.0.0
+-  python3-pyrsistent 0.19.3 -> 0.20.0
+-  python3-pytest 7.4.2 -> 8.0.2
+-  python3-pytest-runner 6.0.0 -> 6.0.1
+-  python3-pytz 2023.3 -> 2024.1
+-  python3-ruamel-yaml 0.17.32 -> 0.18.6
+-  python3-scons 4.5.2 -> 4.6.0
+-  python3-setuptools 68.2.2 -> 69.1.1
+-  python3-setuptools-rust 1.7.0 -> 1.9.0
+-  python3-setuptools-scm 7.1.0 -> 8.0.4
+-  python3-spdx-tools 0.8.1 -> 0.8.2
+-  python3-sphinx-rtd-theme 1.3.0 -> 2.0.0
+-  python3-sphinxcontrib-applehelp 1.0.4 -> 1.0.8
+-  python3-sphinxcontrib-devhelp 1.0.2 -> 1.0.6
+-  python3-sphinxcontrib-htmlhelp 2.0.1 -> 2.0.5
+-  python3-sphinxcontrib-qthelp 1.0.3 -> 1.0.7
+-  python3-sphinxcontrib-serializinghtml 1.1.5 -> 1.1.10
+-  python3-subunit 1.4.2 -> 1.4.4
+-  python3-testtools 2.6.0 -> 2.7.1
+-  python3-trove-classifiers 2023.9.19 -> 2024.2.23
+-  python3-typing-extensions 4.8.0 -> 4.10.0
+-  python3-unittest-automake-output 0.1 -> 0.2
+-  python3-urllib3 2.0.7 -> 2.2.1
+-  python3-wcwidth 0.2.6 -> 0.2.13
+-  python3-wheel 0.41.2 -> 0.42.0
+-  qemu 8.1.4 -> 8.2.1
+-  qemu-native 8.1.4 -> 8.2.1
+-  qemu-system-native 8.1.4 -> 8.2.1
+-  repo 2.36.1 -> 2.42
+-  resolvconf 1.91 -> 1.92
+-  rpm 4.18.1 -> 4.19.1
+-  rt-tests 2.5 -> 2.6
+-  rust 1.70.0 -> 1.75.0
+-  rust-cross-canadian 1.70.0 -> 1.75.0
+-  rust-llvm 1.70.0 -> 1.75.0
+-  shaderc 2023.6 -> 2023.8
+-  shadow 4.13 -> 4.14.2
+-  shared-mime-info 2.2 -> 2.4
+-  socat 1.7.4.4 -> 1.8.0.0
+-  spirv-headers 1.3.261.1 -> 1.3.275.0
+-  spirv-tools 1.3.261.1 -> 1.3.275.0
+-  sqlite3 3.43.2 -> 3.45.1
+-  strace 6.5 -> 6.7
+-  stress-ng 0.16.05 -> 0.17.05
+-  subversion 1.14.2 -> 1.14.3
+-  swig 4.1.1 -> 4.2.1
+-  sysstat 12.7.4 -> 12.7.5
+-  systemd 254.4 -> 255.4
+-  systemd-boot 254.4 -> 255.4
+-  systemd-bootchart 234 -> 235
+-  systemtap 4.9 -> 5.0
+-  systemtap-native 4.9 -> 5.0
+-  taglib 1.13.1 -> 2.0
+-  ttyrun 2.29.0 -> 2.31.0
+-  u-boot 2023.10 -> 2024.01
+-  u-boot-tools 2023.10 -> 2024.01
+-  update-rc.d 0.8 (8636cf478d42…) -> 0.8 (b8f950105010…)
+-  usbutils 015 -> 017
+-  util-linux 2.39.2 -> 2.39.3
+-  util-linux-libuuid 2.39.2 -> 2.39.3
+-  vala 0.56.13 -> 0.56.15
+-  valgrind 3.21.0 -> 3.22.0
+-  vim 9.0.2190 -> 9.1.0114
+-  vim-tiny 9.0.2190 -> 9.1.0114
+-  virglrenderer 0.10.4 -> 1.0.1
+-  vte 0.72.2 -> 0.74.2
+-  vulkan-headers 1.3.261.1 -> 1.3.275.0
+-  vulkan-loader 1.3.261.1 -> 1.3.275.0
+-  vulkan-tools 1.3.261.1 -> 1.3.275.0
+-  vulkan-validation-layers 1.3.261.1 -> 1.3.275.0
+-  wayland-protocols 1.32 -> 1.33
+-  webkitgtk 2.40.5 -> 2.44.0
+-  weston 12.0.2 -> 13.0.0
+-  xkbcomp 1.4.6 -> 1.4.7
+-  xkeyboard-config 2.39 -> 2.41
+-  xprop 1.2.6 -> 1.2.7
+-  xwayland 23.2.4 -> 23.2.5
+-  xz 5.4.4 -> 5.4.6
+-  zlib 1.3 -> 1.3.1
+
 
 Contributors to 5.0
 ~~~~~~~~~~~~~~~~~~~
 
 Thanks to the following people who contributed to this release:
 
+-  Adam Johnston
+-  Adithya Balakumar
+-  Adrian Freihofer
+-  Alassane Yattara
+-  Alejandro Hernandez Samaniego
+-  Aleksey Smirnov
+-  Alexander Kanavin
+-  Alexander Lussier-Cullen
+-  Alexander Sverdlin
+-  Alexandre Belloni
+-  Alexandre Truong
+-  Alex Bennée
+-  Alexis Lothoré
+-  Alex Kiernan
+-  Alex Stewart
+-  André Draszik
+-  Anibal Limon
+-  Anuj Mittal
+-  Archana Polampalli
+-  Arne Schwerdt
+-  Bartosz Golaszewski
+-  Baruch Siach
+-  baruch@tkos.co.il
+-  Bastian Krause
+-  BELHADJ SALEM Talel
+-  BELOUARGA Mohamed
+-  Bruce Ashfield
+-  Changhyeok Bae
+-  Changqing Li
+-  Charlie Johnston
+-  Chen Qi
+-  Chi Xu
+-  Chris Laplante
+-  Christian Taedcke
+-  Christoph Vogtländer
+-  Claus Stovgaard
+-  Clay Chang
+-  Clément Péron
+-  Colin McAllister
+-  Corentin Guillevic
+-  Daniel Ammann
+-  david d zuhn
+-  David Reyna
+-  Deepthi Hemraj
+-  Denys Dmytriyenko
+-  Derek Erdmann
+-  Desone Burns
+-  Dhairya Nagodra
+-  Dmitry Baryshkov
+-  Eero Aaltonen
+-  Eilís 'pidge' Ní Fhlannagáin
+-  Emil Kronborg
+-  Enguerrand de Ribaucourt
+-  Enrico Jörns
+-  Enrico Scholz
+-  Etienne Cordonnier
+-  Fabien Mahot
+-  Fabio Estevam
+-  Fahad Arslan
+-  Felix Moessbauer
+-  Florian Wickert
+-  Geoff Parker
+-  Glenn Strauss
+-  Harish Sadineni
+-  Hongxu Jia
+-  Ilya A. Kriveshko
+-  Jamin Lin
+-  Jan Vermaete
+-  Jason Andryuk
+-  Javier Tia
+-  Jeremy A. Puhlman
+-  Jérémy Rosen
+-  Jermain Horsman
+-  Jiang Kai
+-  Joakim Tjernlund
+-  Joao Marcos Costa
+-  Joe Slater
+-  Johan Bezem
+-  Johannes Schneider
+-  Jonathan GUILLOT
+-  Jon Mason
+-  Jörg Sommer
+-  Jose Quaresma
+-  Joshua Watt
+-  Julien Stephan
+-  Justin Bronder
+-  Kai Kang
+-  Kareem Zarka
+-  Kevin Hao
+-  Khem Raj
+-  Konrad Weihmann
+-  Lee Chee Yang
+-  Lei Maohui
+-  lixiaoyong
+-  Logan Gunthorpe
+-  Luca Ceresoli
+-  luca fancellu
+-  Lucas Stach
+-  Ludovic Jozeau
+-  Lukas Funke
+-  Maanya Goenka
+-  Malte Schmidt
+-  Marcel Ziswiler
+-  Marco Felsch
+-  Marcus Folkesson
+-  Marek Vasut
+-  Mark Asselstine
+-  Mark Hatle
+-  Markus Fuchs
+-  Markus Volk
+-  Marlon Rodriguez Garcia
+-  Marta Rybczynska
+-  Martin Hundebøll
+-  Martin Jansa
+-  Massimiliano Minella
+-  Maxin B. John
+-  Max Krummenacher
+-  Meenali Gupta
+-  Michael Halstead
+-  Michael Opdenacker
+-  Michal Sieron
+-  Mikko Rapeli
+-  Ming Liu
+-  Mingli Yu
+-  Munehisa Kamata
+-  Nick Owens
+-  Niko Mauno
+-  Ola x Nilsson
+-  Oleh Matiusha
+-  Patrick Williams
+-  Paul Barker
+-  Paul Eggleton
+-  Paul Gortmaker
+-  Pavel Zhukov
+-  Peter A. Bigot
+-  Peter Kjellerstedt
+-  Peter Marko
+-  Petr Vorel
+-  Philip Balister
+-  Philip Lorenz
+-  Philippe Rivest
+-  Piotr Łobacz
+-  Priyal Doshi
+-  Quentin Schulz
+-  Ragesh Nair
+-  Randolph Sapp
+-  Randy MacLeod
+-  Rasmus Villemoes
+-  Renat Khalikov
+-  Richard Haar
+-  Richard Purdie
+-  Robert Berger
+-  Robert Joslyn
+-  Robert P. J. Day
+-  Robert Yang
+-  Rodrigo M. Duarte
+-  Ross Burton
+-  Rouven Czerwinski
+-  Ryan Eatmon
+-  Sam Van Den Berge
+-  Saul Wold
+-  Sava Jakovljev
+-  Sean Nyekjaer
+-  Sergei Zhmylev
+-  Shinji Matsunaga
+-  Shubham Kulkarni
+-  Simone Weiß
+-  Siong W.LIM
+-  Soumya Sambu
+-  Sourav Kumar Pramanik
+-  Stefan Herbrechtsmeier
+-  Stéphane Veyret
+-  Steve Sakoman
+-  Sundeep KOKKONDA
+-  Thomas Perrot
+-  Thomas Wolber
+-  Timon Bergelt
+-  Tim Orling
+-  Timotheus Giuliani
+-  Tobias Hagelborn
+-  Tom Hochstein
+-  Tom Rini
+-  Toni Lammi
+-  Trevor Gamblin
+-  Trevor Woerner
+-  Ulrich Ölmann
+-  Valek Andrej
+-  venkata pyla
+-  Victor Kamensky
+-  Vijay Anusuri
+-  Vikas Katariya
+-  Vincent Davis Jr
+-  Viswanath Kraleti
+-  Vyacheslav Yurkov
+-  Wang Mingyu
+-  William A. Kennington III
+-  William Hauser
+-  William Lyu
+-  Xiangyu Chen
+-  Xiaotian Wu
+-  Yang Xu
+-  Yannick Rodriguez
+-  Yash Shinde
+-  Yi Zhao
+-  Yoann Congal
+-  Yogesh Tyagi
+-  Yogita Urade
+-  Zahir Hussain
+-  Zang Ruochen
+-  Zoltan Boszormenyi
+
 Repositories / Downloads for Yocto-5.0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-- 
2.25.1

[PATCH 8/9] migration: Extend migration guide for 5.0

[Paul Eggleton]

Add a few missing entries based upon combing through the release
commits, as well as minor tweaks to existing items.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 .../migration-guides/migration-5.0.rst        | 62 ++++++++++++++++---
 1 file changed, 54 insertions(+), 8 deletions(-)

diff --git a/documentation/migration-guides/migration-5.0.rst b/documentation/migration-guides/migration-5.0.rst
index 888a1c60d4..951d86547b 100644
--- a/documentation/migration-guides/migration-5.0.rst
+++ b/documentation/migration-guides/migration-5.0.rst
@@ -80,7 +80,8 @@ Recipe changes
 Deprecated variables
 ~~~~~~~~~~~~~~~~~~~~
 
-No variables have been deprecated in this release.
+-  ``CVE_CHECK_IGNORE`` should be replaced with :term:`CVE_STATUS`
+
 
 .. _migration-5.0-removed-variables:
 
@@ -89,13 +90,14 @@ Removed variables
 
 The following variables have been removed:
 
--  ``DEPLOY_DIR_TAR``.
--  ``PYTHON_PN``: Python 2 has been removed, leaving Python 3 as the sole
-   major version. Therefore, an abstraction to differentiate both versions is
+-  ``DEPLOY_DIR_TAR``: no longer needed since the package_tar class was removed in 4.2.
+-  ``PYTHON_PN``: Python 2 has previously been removed, leaving Python 3 as the sole
+   major version. Therefore, this abstraction to differentiate both versions is
    no longer needed.
--  ``oldincludedir``.
+-  ``oldincludedir``
 -  ``USE_L10N``: previously deprecated, and now removed.
--  ``CVE_SOCKET_TIMEOUT``.
+-  ``CVE_SOCKET_TIMEOUT``
+-  ``SERIAL_CONSOLES_CHECK`` - use :term:`SERIAL_CONSOLES` instead as all consoles specified in the latter are checked for their existence before a ``getty`` is started.
 
 .. _migration-5.0-removed-recipes:
 
@@ -105,9 +107,10 @@ Removed recipes
 The following recipes have been removed in this release:
 
 -  ``libcroco``: deprecated and archived by the Gnome Project.
+-  ``liberror-perl``: unmaintained and no longer needed - moved to meta-perl.
 -  ``linux-yocto``: version 6.1 (version 6.6 provided instead).
--  ``zvariant``: fails to build with newer Rust.
 -  ``systemtap-uprobes``: obsolete.
+-  ``zvariant``: fails to build with newer Rust.
 
 .. _migration-5.0-removed-classes:
 
@@ -125,10 +128,53 @@ In ``tune-core2``, the cpu models ``n270`` and ``core2duo`` are no longer
 passed to QEMU, since its documentation recommends not using them with ``-cpu``
 option. Therefore, from now on, ``Nehalem`` model is used instead.
 
+
+ipk packaging changes
+~~~~~~~~~~~~~~~~~~~~~
+
+ipk packaging (using ``opkg``) now uses ``zstd`` compression instead of ``xz``
+for better compression and performance. This does mean that .ipk packages
+built using the 5.0 release requires opkg built with zstd enabled - naturally
+this is the case in 5.0, but at least by default these packages will not be
+usable on older systems where opkg does not have zstd enabled at build time.
+
+Additionally, the internal dependency solver in opkg is now deprecated - it
+is still available in this release but will trigger a warning if selected.
+The default has been the external ``libsolv`` solver for some time, but if you
+have explicitly removed that from :term:`PACKAGECONFIG` for ``opkg`` to
+select the internal solver, you should plan to switch to ``libsolv`` in the
+near future (by including ``libsolv`` your custom :term:`PACKAGECONFIG` value
+for ``opkg``, or reverting to the default value).
+
+
+motd message when using ``DISTRO = "poky"``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The default ``poky`` :term:`DISTRO` is explicitly a *reference* distribution
+for testing and development purposes.  It enables most hardware and software
+features so that they can be tested, but this also means that
+from a security point of view the attack surface is very large.
+
+We encourage anyone using the Yocto Project for production use to create
+their own distribution and not use Poky. To encourage this behaviour
+further, in 5.0 a warning has been added to ``/etc/motd`` when Poky is used
+so that the developer will see it when they log in. If you are creating your
+own distribution this message will not show up.
+
+For information on how to create your own distribution, see
+":ref:`dev-manual/custom-distribution:creating your own distribution`".
+
 .. _migration-5.0-misc-changes:
 
 Miscellaneous changes
 ~~~~~~~~~~~~~~~~~~~~~
 
--  ``bitbake-whatchanged`` script was removed.
+-  ``bitbake-whatchanged`` script was removed as it was broken and unmaintained.
+-  ``scripts/sstate-cache-management.sh`` has been replaced by ``scripts/sstate-cache-management.py``, a more performant Python-based version.
+-  The ``bmap-tools`` recipe has been renamed to ``bmaptool``.
+-  ``gpgme`` has had Python binding support disabled since upstream does not yet support Python 3.12. (This will be fixed in future once it is fixed upstream.)
+-  A warning will now be shown if the ``virtual/`` prefix is used in runtime contexts (:term:`RDEPENDS` / :term:`RPROVIDES`) - see :ref:`virtual-slash <qa-check-virtual-slash>` for details.
+-  ``recipetool`` now prefixes the names of recipes created for Python modules with "python3-".
+-  The :ref:`ref-classes-cve-check` class no longer produces a warning for remote patches - it only logs a note and does not try to fetch the patch in order to scan it for issues or CVE numbers. However, CVE number references in remote patch file names will now be picked up.
+-  The values of :term:`PE` and :term:`PR` have been dropped from -f{file,macro,debug}-prefix-map, in order to avoid unnecessary churn in debug symbol paths when the version is bumped. This is unlikely to cause issues, but if you are paying attention to the debug source path (e.g. in recipes that need to manipulate these files during packaging) then you will notice the difference. A new :term:`TARGET_DBGSRC_DIR` variable is provided to make this easier.
 -  ``ccache`` no longer supports FORTRAN.
-- 
2.25.1

[PATCH 9/9] release-notes: additional features and one known issue for 5.0

[Paul Eggleton]

Add additional features and tweak some existing entries.

Also add one known issue for gpgme.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 .../migration-guides/release-notes-5.0.rst    | 71 +++++++++++++++++--
 1 file changed, 66 insertions(+), 5 deletions(-)

diff --git a/documentation/migration-guides/release-notes-5.0.rst b/documentation/migration-guides/release-notes-5.0.rst
index 21de79a638..121c2afaff 100644
--- a/documentation/migration-guides/release-notes-5.0.rst
+++ b/documentation/migration-guides/release-notes-5.0.rst
@@ -23,6 +23,8 @@ New Features / Enhancements in 5.0
    -  :term:`EFI_UKI_PATH`, :term:`EFI_UKI_DIR`: define the location of UKI
       image in the EFI System partition.
 
+   -  :term:`TARGET_DBGSRC_DIR`: specifies the target path to debug source files
+
 -  Architecture-specific enhancements:
 
    -  ``genericarm64``: a new :term:`MACHINE` to represent a 64-bit General Arm
@@ -33,6 +35,8 @@ New Features / Enhancements in 5.0
    -  ``arch-armv9``: remove CRC and SVE tunes, since FEAT_CRC32 is now mandatory
       and SVE/SVE2 are enabled by default in GCC's ``-march=armv9-a``.
 
+   -  ``arm/armv*``: add all of the additional Arm tunes in GCC 13.2.0
+
 -  Kernel-related enhancements:
 
    -  The default kernel is the current LTS (6.6).
@@ -145,6 +149,10 @@ New Features / Enhancements in 5.0
    -  ``nativesdk``: prevent :term:`MACHINE_FEATURES` and :term:`DISTRO_FEATURES`
       from being backfilled.
 
+   -  Support for ``riscv64`` as an SDK host architecture
+
+   -  Extend recipes to ``nativesdk``: ``acpica``, ``libpcap``, ``python3-setuptools-rust``
+
 -  Testing:
 
    -  Add an optional ``unimplemented-ptest`` QA warning to detect upstream
@@ -155,15 +163,29 @@ New Features / Enhancements in 5.0
 
    -  ``oeqa``, ``oe-selftest``: add test cases for Maturin (SDK and runtime).
 
--  Utility script changes:
+   -  Enable ptests for ``python3-attrs``, ``python3-pyyaml``, ``xz``
 
-   -  New ``recipetool/create_go.py`` script added to support Go recipe creation
+-  Utility script changes:
 
    -  ``oe-init-build-env`` can generate a initial configuration (``.vscode``)
       for VSCode and its "Yocto Project BitBake" extension.
 
+   -  The ``sstate-cache-management`` script has been rewritten in python for better performance and maintainability
+
+   -  ``bitbake-layers``: added an option to update the reference of repositories in layer setup
+
 -  BitBake improvements:
 
+   -  New ``inherit_defer`` statement which works as ``inherit`` does, except that
+      it is only evaluated at the end of parsing - recommended where a conditional
+      expression is used, e.g.
+
+         inherit_defer ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3targetconfig', '', d)}
+
+      This allows conditional expressions to be evaluated 'late' meaning changes
+      to the variable after the line is parsed will take effect - with inherit this
+      is not the case.
+
    -  Add support for :term:`BB_LOADFACTOR_MAX`, so Bitbake can stop running
       extra tasks if the system load is too high, especially in distributions
       where ``/proc/pressure`` is disabled.
@@ -185,7 +207,7 @@ New Features / Enhancements in 5.0
    -  ``git-make-shallow`` script: add support for Git's ``safe.bareRepository=explicit``
       configuration setting.
 
--  Devtool improvements:
+-  devtool improvements:
 
    -  Introduce a new ``ide-sdk`` plugin to generate a configuration to use
       the eSDK through an IDE.
@@ -194,10 +216,35 @@ New Features / Enhancements in 5.0
 
    -  Add support for Git submodules.
 
+   -  ide: vscode: make files from recipe sysroots and debug rootfs read-only to avoid confusion
+
+   -  modify: add support for multiple sources in :term:`SRC_URI`
+
+   -  Support plugins within plugins
+
+-  recipetool improvements:
+
+   - appendsrcfile(s): added a mode to update the recipe itself
+
+   - appendsrcfile(s): added dry-run mode
+
+   - create: Added handler to create go recipes
+
+   - create: Improved identification of licenses
+
+   - create: Added support for modern Python PEP-517 build systems including hatchling, maturin, mesonpy
+
+   - create: Added pypi support
+
+   - create: Prefix created Python recipes with python3-
+
 -  Packaging changes:
 
    -  ``package_rpm``: the RPM package compressor's mode can now be overriden.
 
+   -  ipk packaging (using ``opkg``) now uses ``zstd`` compression instead of
+      ``xz`` for better compression and performance.
+
 -  Security improvements:
 
    -  Improve incremental CVE database download from NVD. Rejected CVEs are
@@ -226,6 +273,11 @@ New Features / Enhancements in 5.0
    -  Systemd's following :term:`PACKAGECONFIG` options were added:
       ``cryptsetup-plugins``, ``no-ntp-fallback``, and ``p11kit``.
 
+   -  New PACKAGECONFIG options added to ``libarchive``, ``libinput``,
+      ``libunwind``, ``mesa``, ``mesa-gl``, ``openssh``, ``perf``,
+      ``python3-pyyaml``, ``qemu``, ``rpm``, ``shadow``, ``strace``,
+      ``syslinux``, ``systemd``, ``vte``, ``webkitgtk``, ``xserver-xorg``.
+
    -  ``systemd-boot`` can, from now on, be compiled as ``native``, thus
       providing ``ukify`` tool to build UKI images.
 
@@ -238,12 +290,21 @@ New Features / Enhancements in 5.0
 
    -  Disable strace support of bluetooth by default.
 
-   -  ``openssh`` now has a Systemd service: ``sshd.service``.
+   -  ``openssh`` now has a systemd service: ``sshd.service``.
+
+   -  The :ref:`ref-classes-python_mesonpy` class was added (moved in from meta-python)
+      to support Python package builds using the meson-python PEP-517 build backend.
+
+   -  Support for unpacking .7z archives in :term:`SRC_URI` using ``p7zip``
+
+   -  Add minimal vscode configuration to avoid vscode's indexer from choking on build directories
+
 
 Known Issues in 5.0
 ~~~~~~~~~~~~~~~~~~~
 
--  N/A
+-  ``gpgme`` has had Python binding support disabled since upstream does not yet support Python 3.12.
+
 
 Recipe License changes in 5.0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- 
2.25.1

Re: [docs] [PATCH 9/9] release-notes: additional features and one known issue for 5.0

[Quentin Schulz]

Hi Paul,

On 4/14/24 22:43, Paul Eggleton via lists.yoctoproject.org wrote:
> Add additional features and tweak some existing entries.
> 
> Also add one known issue for gpgme.
> 
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>   .../migration-guides/release-notes-5.0.rst    | 71 +++++++++++++++++--
>   1 file changed, 66 insertions(+), 5 deletions(-)
> 
> diff --git a/documentation/migration-guides/release-notes-5.0.rst b/documentation/migration-guides/release-notes-5.0.rst
> index 21de79a638..121c2afaff 100644
> --- a/documentation/migration-guides/release-notes-5.0.rst
> +++ b/documentation/migration-guides/release-notes-5.0.rst
> @@ -23,6 +23,8 @@ New Features / Enhancements in 5.0
>      -  :term:`EFI_UKI_PATH`, :term:`EFI_UKI_DIR`: define the location of UKI
>         image in the EFI System partition.
>   
> +   -  :term:`TARGET_DBGSRC_DIR`: specifies the target path to debug source files
> +
>   -  Architecture-specific enhancements:
>   
>      -  ``genericarm64``: a new :term:`MACHINE` to represent a 64-bit General Arm
> @@ -33,6 +35,8 @@ New Features / Enhancements in 5.0
>      -  ``arch-armv9``: remove CRC and SVE tunes, since FEAT_CRC32 is now mandatory
>         and SVE/SVE2 are enabled by default in GCC's ``-march=armv9-a``.
>   
> +   -  ``arm/armv*``: add all of the additional Arm tunes in GCC 13.2.0
> +
>   -  Kernel-related enhancements:
>   
>      -  The default kernel is the current LTS (6.6).
> @@ -145,6 +149,10 @@ New Features / Enhancements in 5.0
>      -  ``nativesdk``: prevent :term:`MACHINE_FEATURES` and :term:`DISTRO_FEATURES`
>         from being backfilled.
>   
> +   -  Support for ``riscv64`` as an SDK host architecture
> +
> +   -  Extend recipes to ``nativesdk``: ``acpica``, ``libpcap``, ``python3-setuptools-rust``
> +
>   -  Testing:
>   
>      -  Add an optional ``unimplemented-ptest`` QA warning to detect upstream
> @@ -155,15 +163,29 @@ New Features / Enhancements in 5.0
>   
>      -  ``oeqa``, ``oe-selftest``: add test cases for Maturin (SDK and runtime).
>   
> --  Utility script changes:
> +   -  Enable ptests for ``python3-attrs``, ``python3-pyyaml``, ``xz``
>   
> -   -  New ``recipetool/create_go.py`` script added to support Go recipe creation
> +-  Utility script changes:
>   
>      -  ``oe-init-build-env`` can generate a initial configuration (``.vscode``)
>         for VSCode and its "Yocto Project BitBake" extension.
>   
> +   -  The ``sstate-cache-management`` script has been rewritten in python for better performance and maintainability
> +
> +   -  ``bitbake-layers``: added an option to update the reference of repositories in layer setup
> +
>   -  BitBake improvements:
>   
> +   -  New ``inherit_defer`` statement which works as ``inherit`` does, except that

I think there's a way to link to the bitbake doc for inherit directive.

Maybe something like:

"""
:ref:`inherit 
<bitbake:bitbake-user-manual/bitbake-user-manual-metadata:\`\`inherit\`\` 
directive>`
"""

would work? Just a suggestion though.

> +      it is only evaluated at the end of parsing - recommended where a conditional
> +      expression is used, e.g.
> +

I think we're missing a double colon here to make this a code snippet?

"""
expression is used, e.g.::
"""

?

Thanks!
Quentin

Re: [PATCH 2/9] ref-manual: add new python classes

[Michael Opdenacker]

Hi Paul

Many thanks for these additions to the release notes.

On 4/14/24 at 22:43, Paul Eggleton wrote:
> Add brief documentation of python_maturin and python_mesonpy classes
> that were added in 5.0.
>
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>   documentation/ref-manual/classes.rst | 18 ++++++++++++++++++
>   1 file changed, 18 insertions(+)
>
> diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
> index 296347edb7..1f816e0457 100644
> --- a/documentation/ref-manual/classes.rst
> +++ b/documentation/ref-manual/classes.rst
> @@ -2380,6 +2380,24 @@ Python modules built with ``flit_core.buildapi`` are pure Python (no
>   
>   Internally this uses the :ref:`ref-classes-python_pep517` class.
>   
> +.. _ref-classes-python_maturin:
> +
> +``python_maturin``
> +==================
> +
> +The :ref:`ref-classes-python_maturin` class provides support for python-maturin, a replacement
> +for setuptools_rust and another "backend" for building python wheels.


s/python wheels/Python Wheels/
Fixed

> +
> +.. _ref-classes-python_mesonpy:
> +
> +``python_mesonpy``
> +==================
> +
> +The :ref:`ref-classes-python_mesonpy` class enables building Python modules which use the
> +meson-python build system.
> +
> +Internally this uses the :ref:`ref-classes-python_pep517` class.


Everything all right here, though all these project names caused me to 
submit a way of highlighting the project names, to distinguish them from 
command names and common words. See 
https://lore.kernel.org/yocto-docs/20240415124735.1060654-1-michael.opdenacker@bootlin.com/T/#u

So, when this is accepted, I'll probably replace "Python Wheels" by 
"`Python Wheels`". :-)

Thanks
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [PATCH 6/9] dev-manual: update custom distribution section

[Michael Opdenacker]

Hi Paul,

On 4/14/24 at 22:43, Paul Eggleton wrote:
> In keeping with the addition of the motd message pointing out that
> the poky DISTRO is a reference distribution, adjust the opening of the
> Creating Your Own Distribution section to match. Additionally, add a
> section on the end pointing out what users need to consider if they just
> take a copy of the poky distribution and modify it.
>
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>   .../dev-manual/custom-distribution.rst        | 34 ++++++++++++++++---
>   1 file changed, 30 insertions(+), 4 deletions(-)
>
> diff --git a/documentation/dev-manual/custom-distribution.rst b/documentation/dev-manual/custom-distribution.rst
> index 47faed0d04..93a1961d17 100644
> --- a/documentation/dev-manual/custom-distribution.rst
> +++ b/documentation/dev-manual/custom-distribution.rst
> @@ -4,10 +4,16 @@ Creating Your Own Distribution
>   ******************************
>   
>   When you build an image using the Yocto Project and do not alter any
> -distribution :term:`Metadata`, you are
> -creating a Poky distribution. If you wish to gain more control over
> -package alternative selections, compile-time options, and other
> -low-level configurations, you can create your own distribution.
> +distribution :term:`Metadata`, you are using the ``poky`` distribution.
> +``poky`` is explicitly a *reference* distribution for testing and
> +development purposes. It enables most hardware and software features
> +so that they can be tested, but this also means that from a security
> +point of view the attack surface is very large. Additionally, at some
> +point it is likely that you will want to gain more control over package
> +alternative selections, compile-time options, and other low-level
> +configurations. For both of these reasons, if you are using the Yocto
> +Project for production use then you are strongly encouraged to create
> +your own distribution.
>   
>   To create your own distribution, the basic steps consist of creating
>   your own distribution layer, creating your own distribution
> @@ -107,3 +113,23 @@ layer. The following steps provide some more detail:
>      For information on append files, see the
>      ":ref:`dev-manual/layers:appending other layers metadata with your layer`"
>      section.
> +
> +Copying and modifying the ``poky`` distribution
> +===============================================
> +
> +Instead of creating a custom distribution from scratch as per above, you may
> +wish to start your custom distribution configuration by copying the ``poky``
> +distribution provided within the ``meta-poky`` layer and then modifying it.
> +This is fine, however if you do this you should keep the following in mind:
> +
> +-  Every reference to ``poky`` needs to be updated in your copy so that it
> +   will still apply. This includes override usage within files (e.g. ``:poky``)
> +   and in directory names. This is a good opportunity to evaluate each one of
> +   these customizations to see if they are needed for your use case.
> +
> +-  Unless you also intend to use them, the ``poky-tiny``, ``poky-altcfg`` and
> +   ``poky-bleeding`` variants and any references to them can be removed.
> +
> +-  More generally, the ``poky`` distribution configuration enables a lot more
> +   than you likely need for your production use case. You should evaluate *every*
> +   configuration choice made in your copy to determine if it is needed.


Looks good to me, though I replaced "``poky``" by "Poky" (when referring 
to the distro name, not the string) to be consistent with the rest of 
the documentation.
Thanks!
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [PATCH 7/9] release-notes: Add CVEs, recipe upgrades and contributors for 5.0

[Michael Opdenacker]

Hi Paul

Thanks for this update!

On 4/14/24 at 22:43, Paul Eggleton wrote:
> * Add CVEs from commits
> * Add recipe upgrades using layer index branch comparison
> * Add contributors from commits
>
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>   .../migration-guides/release-notes-5.0.rst    | 564 +++++++++++++++++-
>   1 file changed, 563 insertions(+), 1 deletion(-)
>
> diff --git a/documentation/migration-guides/release-notes-5.0.rst b/documentation/migration-guides/release-notes-5.0.rst
> index 7767a4229d..21de79a638 100644
> --- a/documentation/migration-guides/release-notes-5.0.rst
> +++ b/documentation/migration-guides/release-notes-5.0.rst
> @@ -264,16 +264,578 @@ The following corrections have been made to the :term:`LICENSE` values set by re
>   Security Fixes in 5.0
>   ~~~~~~~~~~~~~~~~~~~~~
>   
> +-  avahi: :cve:`2023-1981`, :cve:`2023-38469-2`, :cve:`2023-38470-2`, :cve:`2023-38471-2`,

Oops, these last 3 don't work. For example, 
https://nvd.nist.gov/vuln/detail/CVE-2023-38469-2 is invalid.

So, I replaced those with

:cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`

I hope that's correct, as they still point to Avahi CVEs.


> :cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`, :cve:`2023-38472`, :cve:`2023-38473`
> +-  bind: :cve:`2023-4408`, :cve:`2023-5517`, :cve:`2023-5679`, :cve:`2023-50387`
> +-  bluez5: :cve:`2023-45866`
> +-  coreutils: :cve:`2024-0684`
> +-  cups: :cve:`2023-4504`
> +-  curl: :cve:`2023-46218`
> +-  expat: :cve:`2024-28757`
> +-  gcc: :cve:`2023-4039`
> +-  glibc: :cve:`2023-5156`, :cve:`2023-0687`
> +-  gnutls: :cve:`2024-0553`, :cve:`2024-0567`, :cve:`2024-28834`, :cve:`2024-28835`
> +-  go: :cve:`2023-45288`
> +-  grub: :cve:`2023-4692`, :cve:`2023-4693`
> +-  grub2: :cve:`2023-4001` (ignored), :cve:`2024-1048` (ignored)
> +-  libgit2: :cve:`2024-24575`, :cve:`2024-24577`
> +-  libsndfile1: :cve:`2022-33065`
> +-  libssh2: :cve:`2023-48795`
> +-  libuv: :cve:`2024-24806`
> +-  libxml2: :cve:`2023-45322` (ignored)
> +-  linux-yocto/6.6: :cve:`2020-16119`
> +-  openssh: :cve:`2023-48795`, :cve:`2023-51384`, :cve:`2023-51385`
> +-  openssl: :cve:`2023-5363`, :cve:`2023-5678`, :cve:`2023-6129`, :cve:`2023-6237`, :cve:`2024-0727`


I had to replace :cve:`2023-6237 by :cve_mitre:`2023-6237` as this was a 
"reserved" CVE.

>   
>   Contributors to 5.0
>   ~~~~~~~~~~~~~~~~~~~
>   
>   Thanks to the following people who contributed to this release:
>   
> +-  Adam Johnston
> +-  Adithya Balakumar
> +-  Adrian Freihofer
> +-  Alassane Yattara
> +-  Alejandro Hernandez Samaniego
> +-  Aleksey Smirnov
> +-  Alexander Kanavin
> +-  Alexander Lussier-Cullen
> +-  Alexander Sverdlin
> +-  Alexandre Belloni
> +-  Alexandre Truong
> +-  Alex Bennée
> +-  Alexis Lothoré
> +-  Alex Kiernan
> +-  Alex Stewart
> +-  André Draszik
> +-  Anibal Limon
> +-  Anuj Mittal
> +-  Archana Polampalli
> +-  Arne Schwerdt
> +-  Bartosz Golaszewski
> +-  Baruch Siach
> +-  baruch@tkos.co.il

Removed that last line as this is the same person :)
Thanks
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [PATCH 8/9] migration: Extend migration guide for 5.0

[Michael Opdenacker]

On 4/14/24 at 22:43, Paul Eggleton wrote:
> +ipk packaging changes
> +~~~~~~~~~~~~~~~~~~~~~
> +
> +ipk packaging (using ``opkg``) now uses ``zstd`` compression instead of ``xz``
> +for better compression and performance. This does mean that .ipk packages
> +built using the 5.0 release requires opkg built with zstd enabled - naturally
> +this is the case in 5.0, but at least by default these packages will not be
> +usable on older systems where opkg does not have zstd enabled at build time.
> +
> +Additionally, the internal dependency solver in opkg is now deprecated - it
> +is still available in this release but will trigger a warning if selected.
> +The default has been the external ``libsolv`` solver for some time, but if you
> +have explicitly removed that from :term:`PACKAGECONFIG` for ``opkg`` to
> +select the internal solver, you should plan to switch to ``libsolv`` in the
> +near future (by including ``libsolv`` your custom :term:`PACKAGECONFIG` value
> +for ``opkg``, or reverting to the default value).
> +

Here I replaced a few instances of "``opkg``" and "opkg" by "Opkg", 
which is the project name.
> +
>   .. _migration-5.0-misc-changes:
>   
>   Miscellaneous changes
>   ~~~~~~~~~~~~~~~~~~~~~
>   
> --  ``bitbake-whatchanged`` script was removed.
> +-  ``bitbake-whatchanged`` script was removed as it was broken and unmaintained.
> +-  ``scripts/sstate-cache-management.sh`` has been replaced by ``scripts/sstate-cache-management.py``, a more performant Python-based version.
> +-  The ``bmap-tools`` recipe has been renamed to ``bmaptool``.
> +-  ``gpgme`` has had Python binding support disabled since upstream does not yet support Python 3.12. (This will be fixed in future once it is fixed upstream.)
> +-  A warning will now be shown if the ``virtual/`` prefix is used in runtime contexts (:term:`RDEPENDS` / :term:`RPROVIDES`) - see :ref:`virtual-slash <qa-check-virtual-slash>` for details.
> +-  ``recipetool`` now prefixes the names of recipes created for Python modules with "python3-".
> +-  The :ref:`ref-classes-cve-check` class no longer produces a warning for remote patches - it only logs a note and does not try to fetch the patch in order to scan it for issues or CVE numbers. However, CVE number references in remote patch file names will now be picked up.
> +-  The values of :term:`PE` and :term:`PR` have been dropped from -f{file,macro,debug}-prefix-map, in order to avoid unnecessary churn in debug symbol paths when the version is bumped. This is unlikely to cause issues, but if you are paying attention to the debug source path (e.g. in recipes that need to manipulate these files during packaging) then you will notice the difference. A new :term:`TARGET_DBGSRC_DIR` variable is provided to make this easier.
>   -  ``ccache`` no longer supports FORTRAN.

I made a few formatting changes to this part, but that's no big deal :)
Thanks
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [docs] [PATCH 9/9] release-notes: additional features and one known issue for 5.0

[Michael Opdenacker]

Paul, Quentin,

Thanks for the patch and review!

On 4/15/24 at 10:06, Quentin Schulz wrote:
>
> I think there's a way to link to the bitbake doc for inherit directive.
>
> Maybe something like:
>
> """
> :ref:`inherit 
> <bitbake:bitbake-user-manual/bitbake-user-manual-metadata:\`\`inherit\`\` 
> directive>`
> """
>
> would work? Just a suggestion though.


It works! I made the change.

>
>> +      it is only evaluated at the end of parsing - recommended where 
>> a conditional
>> +      expression is used, e.g.
>> +
>
> I think we're missing a double colon here to make this a code snippet?
>
> """
> expression is used, e.g.::
> """


Indeed. Fixed.
Thanks
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [PATCH 9/9] release-notes: additional features and one known issue for 5.0

[Michael Opdenacker]

On 4/14/24 at 22:43, Paul Eggleton wrote:
>   
> +   -  ide: vscode: make files from recipe sysroots and debug rootfs read-only to avoid confusion

I replaced this by:

    -  ``ide``: ``vscode``: generate files from recipe sysroots and 
debug the
       root filesystem in read-only mode to avoid confusion.

I hope that's OK!

> +
> +   -  modify: add support for multiple sources in :term:`SRC_URI`
> +
> +   -  Support plugins within plugins
> +
> +-  recipetool improvements:
> +
> +   - appendsrcfile(s): added a mode to update the recipe itself
> +
> +   - appendsrcfile(s): added dry-run mode
> +
> +   - create: Added handler to create go recipes
> +
> +   - create: Improved identification of licenses
> +
> +   - create: Added support for modern Python PEP-517 build systems including hatchling, maturin, mesonpy
> +
> +   - create: Added pypi support
> +
> +   - create: Prefix created Python recipes with python3-


I made several formatting improvements to the above section and used the 
present tense. That's a bit long to describe :)
Thanks
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [PATCH 0/9] Updates for the 5.0 release

[Michael Opdenacker]

Hi Paul

Many thanks for all these updates!

On 4/14/24 at 22:43, Paul Eggleton wrote:
> Updates for the 5.0 release on top of master-next, including release
> notes and migration guide, as well as adjustments for the rest of the
> documentation. I think we are still missing a few changes but
> unfortunately I've run out of time. Thanks to all who added content
> ahead of me though!


If you're thinking about extra changes, just describe them briefly and 
we'll see what we can do :)

>
>
> The following changes since commit 4b839c460867d685584134dbd322cd9b20f2ae6d:
>
>    release-notes-5.0: various additions and improvements (2024-04-12 15:08:40 +0200)
>
> are available in the Git repository at:
>
>    https://git.yoctoproject.org/poky-contrib paule/5.0-release
>    https://git.yoctoproject.org/poky-contrib/log/?h=paule/5.0-release
>
> Paul Eggleton (9):
>    ref-manual: Add virtual-slash QA check
>    ref-manual: add new python classes
>    classes: cve_check: add note about remote patches
>    variables: add TARGET_DBGSRC_DIR
>    dev-manual: update reference to sstate-cache-management script
>    dev-manual: update custom distribution section
>    release-notes: Add CVEs, recipe upgrades and contributors for 5.0
>    migration: Extend migration guide for 5.0
>    release-notes: additional features and one known issue for 5.0
>
>   .../dev-manual/custom-distribution.rst        |  34 +-
>   documentation/dev-manual/disk-space.rst       |   2 +-
>   .../migration-guides/migration-5.0.rst        |  62 +-
>   .../migration-guides/release-notes-5.0.rst    | 635 +++++++++++++++++-
>   documentation/ref-manual/classes.rst          |  31 +
>   documentation/ref-manual/qa-checks.rst        |   8 +
>   documentation/ref-manual/variables.rst        |   4 +
>   7 files changed, 757 insertions(+), 19 deletions(-)

For all changes, after sometimes minor tweaks
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
And merged into master-next.
Thanks again,
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [docs] [PATCH 7/9] release-notes: Add CVEs, recipe upgrades and contributors for 5.0

[Paul Eggleton]

Hi Michael

On 15.04.2024 07:24, Michael Opdenacker via lists.yoctoproject.org 
wrote:
>> diff --git a/documentation/migration-guides/release-notes-5.0.rst 
>> b/documentation/migration-guides/release-notes-5.0.rst
>> index 7767a4229d..21de79a638 100644
>> --- a/documentation/migration-guides/release-notes-5.0.rst
>> +++ b/documentation/migration-guides/release-notes-5.0.rst
>> @@ -264,16 +264,578 @@ The following corrections have been made to the 
>> :term:`LICENSE` values set by re
>>   Security Fixes in 5.0
>>   ~~~~~~~~~~~~~~~~~~~~~
>>   +-  avahi: :cve:`2023-1981`, :cve:`2023-38469-2`, 
>> :cve:`2023-38470-2`, :cve:`2023-38471-2`,
> 
> Oops, these last 3 don't work. For example, 
> https://nvd.nist.gov/vuln/detail/CVE-2023-38469-2 is invalid.
> 
> So, I replaced those with
> 
> :cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`
> 
> I hope that's correct, as they still point to Avahi CVEs.

Oops, yes. Thanks.

>> :cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`, 
>> :cve:`2023-38472`, :cve:`2023-38473`
>> +-  bind: :cve:`2023-4408`, :cve:`2023-5517`, :cve:`2023-5679`, 
>> :cve:`2023-50387`
>> +-  bluez5: :cve:`2023-45866`
>> +-  coreutils: :cve:`2024-0684`
>> +-  cups: :cve:`2023-4504`
>> +-  curl: :cve:`2023-46218`
>> +-  expat: :cve:`2024-28757`
>> +-  gcc: :cve:`2023-4039`
>> +-  glibc: :cve:`2023-5156`, :cve:`2023-0687`
>> +-  gnutls: :cve:`2024-0553`, :cve:`2024-0567`, :cve:`2024-28834`, 
>> :cve:`2024-28835`
>> +-  go: :cve:`2023-45288`
>> +-  grub: :cve:`2023-4692`, :cve:`2023-4693`
>> +-  grub2: :cve:`2023-4001` (ignored), :cve:`2024-1048` (ignored)
>> +-  libgit2: :cve:`2024-24575`, :cve:`2024-24577`
>> +-  libsndfile1: :cve:`2022-33065`
>> +-  libssh2: :cve:`2023-48795`
>> +-  libuv: :cve:`2024-24806`
>> +-  libxml2: :cve:`2023-45322` (ignored)
>> +-  linux-yocto/6.6: :cve:`2020-16119`
>> +-  openssh: :cve:`2023-48795`, :cve:`2023-51384`, :cve:`2023-51385`
>> +-  openssl: :cve:`2023-5363`, :cve:`2023-5678`, :cve:`2023-6129`, 
>> :cve:`2023-6237`, :cve:`2024-0727`
> 
> 
> I had to replace :cve:`2023-6237 by :cve_mitre:`2023-6237` as this was 
> a "reserved" CVE.

Thanks for checking these. I wonder if we can do this in an automated 
way (or do you have something that you use already?)

>>     Contributors to 5.0
>>   ~~~~~~~~~~~~~~~~~~~
>>     Thanks to the following people who contributed to this release:
>> ...
>> +-  Arne Schwerdt
>> +-  Bartosz Golaszewski
>> +-  Baruch Siach
>> +-  baruch@tkos.co.il
> 
> Removed that last line as this is the same person :)

Well spotted! I'm usually pretty good at finding those but somehow even 
after looking backwards and forwards I over the list I missed it.

Cheers
Paul

Re: [docs] [PATCH 9/9] release-notes: additional features and one known issue for 5.0

[Paul Eggleton]

On 15.04.2024 08:22, Michael Opdenacker wrote:
> On 4/15/24 at 10:06, Quentin Schulz wrote:
>> I think there's a way to link to the bitbake doc for inherit 
>> directive.
>> 
>> Maybe something like:
>> 
>> """
>> :ref:`inherit 
>> <bitbake:bitbake-user-manual/bitbake-user-manual-metadata:\`\`inherit\`\` 
>> directive>`
>> """
>> 
>> would work? Just a suggestion though.
> 
> 
> It works! I made the change.
> 
>> 
>>> +      it is only evaluated at the end of parsing - recommended where 
>>> a conditional
>>> +      expression is used, e.g.
>>> +
>> 
>> I think we're missing a double colon here to make this a code snippet?
>> 
>> """
>> expression is used, e.g.::
>> """

Thanks to you both, I added this late and didn't even think about 
linking to the BitBake manual - perfect!

Cheers
Paul

Re: [docs] [PATCH 7/9] release-notes: Add CVEs, recipe upgrades and contributors for 5.0

[Michael Opdenacker]

Hi Paul,

On 4/18/24 at 16:47, Paul Eggleton wrote:
>
>>
>> I had to replace :cve:`2023-6237 by :cve_mitre:`2023-6237` as this 
>> was a "reserved" CVE.
>
> Thanks for checking these. I wonder if we can do this in an automated 
> way (or do you have something that you use already?)


Maybe, but so far I'm using a manual way. That's slooow... :-/

>
>>>     Contributors to 5.0
>>>   ~~~~~~~~~~~~~~~~~~~
>>>     Thanks to the following people who contributed to this release:
>>> ...
>>> +-  Arne Schwerdt
>>> +-  Bartosz Golaszewski
>>> +-  Baruch Siach
>>> +-  baruch@tkos.co.il
>>
>> Removed that last line as this is the same person :)
>
>
>>
>> Cheers
>> Paul 
> Well spotted! I'm usually pretty good at finding those but somehow 
> even after looking backwards and forwards I over the list I missed it.


Same for me, I'm only good at finding other people's mistakes, but not 
mine :)
Cheers
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com