[PATCH 0/9] Release documentation for 4.0

[PATCH 0/9] Release documentation for 4.0

[Paul Eggleton]

Release notes, migration guide and related changes for the
4.0 release.

(Note that the "Repositories / Downloads" section of the release notes
still needs to be filled in.)


The following changes since commit 4755961bbb5f674a7532b91cca20ea44a1e22ae7:

  docs: sphinx-static: switchers.js.in: do not mark branches as outdated (2022-04-20 17:24:31 +0100)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib paule/4.0-release
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=paule/4.0-release

Paul Eggleton (9):
  migration-3.4: add missing entry on EXTRA_USERS_PARAMS
  ref-manual: add a note about hard-coded passwords
  ref-manual: mention wildcarding support in INCOMPATIBLE_LICENSE
  ref-manual: add mention of vendor filtering to CVE_PRODUCT
  ref-manual: add KERNEL_DEBUG_TIMESTAMPS
  ref-manual: add XZ_THREADS and ZSTD_THREADS
  ref-manual: add empty-dirs QA check and QA_EMPTY_DIRS*
  migration-guides: complete migration guide for 4.0
  migration-guides: add release notes for 4.0

 documentation/migration-guides/migration-3.4.rst   |   7 +
 documentation/migration-guides/migration-4.0.rst   | 345 +++++---
 .../migration-guides/release-notes-4.0.rst         | 864 +++++++++++++++++++++
 documentation/ref-manual/classes.rst               |  12 +
 documentation/ref-manual/qa-checks.rst             |  10 +-
 documentation/ref-manual/variables.rst             |  48 +-
 6 files changed, 1161 insertions(+), 125 deletions(-)
 create mode 100644 documentation/migration-guides/release-notes-4.0.rst

-- 
1.8.3.1

[PATCH 1/9] migration-3.4: add missing entry on EXTRA_USERS_PARAMS

[Paul Eggleton]

From: Paul Eggleton <paul.eggleton@microsoft.com>

We missed noting this in 3.4 but I noticed the documentation was
recently updated, so note the removal.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/migration-guides/migration-3.4.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/documentation/migration-guides/migration-3.4.rst b/documentation/migration-guides/migration-3.4.rst
index 139b2bf..dead6bc 100644
--- a/documentation/migration-guides/migration-3.4.rst
+++ b/documentation/migration-guides/migration-3.4.rst
@@ -265,6 +265,13 @@ Miscellaneous
   built-in override support in the fetcher or overrides in general
   instead.
 
+- The ``-P`` (``--clear-password``) option can no longer be used with
+  ``useradd`` and ``usermod`` entries in :term:`EXTRA_USERS_PARAMS`.
+  It was being implemented using a custom patch to the ``shadow`` recipe
+  which clashed with a ``-P`` option that was added upstream in
+  ``shadow`` version 4.9, and in any case is fundamentally insecure.
+
+
 .. include:: release-notes-3.4.rst
 .. include:: release-notes-3.4.1.rst
 .. include:: release-notes-3.4.2.rst
-- 
1.8.3.1

[PATCH 2/9] ref-manual: add a note about hard-coded passwords

[Paul Eggleton]

From: Paul Eggleton <paul.eggleton@microsoft.com>

It seems prudent to point out that hard-coding passwords in the manner
detailed in the example is not a good idea in production. This type of
mistake has unfortunately been made by many device vendors (outside of
the Yocto Project context) leading to security vulnerabilities.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/ref-manual/classes.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index 6ba792d..13cc2bb 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -576,6 +576,13 @@ Finally, here is an example that sets the root password::
        usermod -p '${PASSWD}' root; \
        "
 
+.. note::
+
+   From a security perspective, hardcoding a default password is not
+   generally a good idea. It is recommended that you do not do this if you are
+   building a production image.
+
+
 .. _ref-classes-features_check:
 
 ``features_check.bbclass``
-- 
1.8.3.1

[PATCH 3/9] ref-manual: mention wildcarding support in INCOMPATIBLE_LICENSE

[Paul Eggleton]

From: Paul Eggleton <paul.eggleton@microsoft.com>

Add this since the INCOMPATIBLE_LICENSE wildcard support has changed in
the 4.0 release.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/ref-manual/variables.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index f9fd551..4df8165 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -3485,6 +3485,14 @@ system and gives an overview of their function and contents.
       incompatible licenses are not built. Packages that are individually
       licensed with the specified incompatible licenses will be deleted.
 
+      There is some support for wildcards in this variable's value,
+      however it is restricted to specific licenses. Currently only the
+      these wildcards are allowed and expand as follows:
+
+      - ``AGPL-3.0*"``: ``AGPL-3.0-only``, ``AGPL-3.0-or-later``
+      - ``GPL-3.0*``: ``GPL-3.0-only``, ``GPL-3.0-or-later``
+      - ``LGPL-3.0*``: ``LGPL-3.0-only``, ``LGPL-3.0-or-later``
+
       .. note::
 
          This functionality is only regularly tested using the following
-- 
1.8.3.1

[PATCH 4/9] ref-manual: add mention of vendor filtering to CVE_PRODUCT

[Paul Eggleton]

From: Paul Eggleton <paul.eggleton@microsoft.com>

Mention the vendor filtering functionality - prompted by OE-Core
revision 45d1a0bea0c628f84a00d641a4d323491988106f.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/ref-manual/variables.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 4df8165..0b8c44f 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -1485,6 +1485,13 @@ system and gives an overview of their function and contents.
 
          CVE_PRODUCT = "oracle_berkeley_db berkeley_db"
 
+      Sometimes the product name is not specific enough, for example
+      "tar" has been matching CVEs for the GNU ``tar`` package and also
+      the ``node-tar`` node.js extension. To avoid this problem, use the
+      vendor name as a prefix. The syntax for this is::
+
+         CVE_PRODUCT = "vendor:package"
+
    :term:`CVSDIR`
       The directory in which files checked out under the CVS system are
       stored.
-- 
1.8.3.1

[PATCH 5/9] ref-manual: add KERNEL_DEBUG_TIMESTAMPS

[Paul Eggleton]

From: Paul Eggleton <paul.eggleton@microsoft.com>

New variable in kirkstone.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/ref-manual/variables.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 0b8c44f..b9448b8 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -3953,6 +3953,11 @@ system and gives an overview of their function and contents.
       custom kernel image types with the :ref:`kernel <ref-classes-kernel>` class using this
       variable.
 
+   :term:`KERNEL_DEBUG_TIMESTAMPS`
+      If set to "1", enables timestamping functionality during building
+      the kernel. The default is "0" to disable this for reproducibility
+      reasons.
+
    :term:`KERNEL_DEVICETREE`
       Specifies the name of the generated Linux kernel device tree (i.e.
       the ``.dtb``) file.
-- 
1.8.3.1

[PATCH 6/9] ref-manual: add XZ_THREADS and ZSTD_THREADS

[Paul Eggleton]

From: Paul Eggleton <paul.eggleton@microsoft.com>

ZSTD_THREADS is new for kirkstone, XZ_THREADS was introduced in dunfell.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/ref-manual/variables.rst | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index b9448b8..4803578 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -8737,4 +8737,15 @@ system and gives an overview of their function and contents.
 
       The default value of :term:`XSERVER`, if not specified in the machine
       configuration, is "xserver-xorg xf86-video-fbdev xf86-input-evdev".
-   
+
+   :term:`XZ_THREADS`
+      Specifies the number of parallel threads that should be used when
+      using xz compression. By default this scales with core count, but
+      is never set less than 2 to ensure that multi-threaded mode is
+      always used (so that the output file contents are deterministic).
+
+   :term:`ZSTD_THREADS`
+      Specifies the number of parallel threads that should be used when
+      using ZStandard compression. By default this scales with core count,
+      but is never set less than 2 to ensure that multi-threaded mode is
+      always used (so that the output file contents are deterministic).
-- 
1.8.3.1

[PATCH 7/9] ref-manual: add empty-dirs QA check and QA_EMPTY_DIRS*

[Paul Eggleton]

From: Paul Eggleton <paul.eggleton@microsoft.com>

This check is new in kirkstone.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/ref-manual/classes.rst   |  5 +++++
 documentation/ref-manual/qa-checks.rst | 10 +++++++++-
 documentation/ref-manual/variables.rst | 15 +++++++++++++++
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index 13cc2bb..a084ace 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -1039,6 +1039,11 @@ Here are the tests you can list with the :term:`WARN_QA` and
    cases, such as dynamically loaded modules, these symlinks
    are needed instead in the main package.
 
+-  ``empty-dirs:`` Checks that packages are not installing files to
+   directories that are normally expected to be empty (such as ``/tmp``)
+   The list of directories that are checked is specified by the
+   :term:`QA_EMPTY_DIRS` variable.
+
 -  ``file-rdeps:`` Checks that file-level dependencies identified by
    the OpenEmbedded build system at packaging time are satisfied. For
    example, a shell script might start with the line ``#!/bin/bash``.
diff --git a/documentation/ref-manual/qa-checks.rst b/documentation/ref-manual/qa-checks.rst
index 3364311..e881697 100644
--- a/documentation/ref-manual/qa-checks.rst
+++ b/documentation/ref-manual/qa-checks.rst
@@ -154,7 +154,15 @@ Errors and Warnings
    ``FILES:${PN}-dbg``. See :term:`FILES` for additional
    information on :term:`FILES`.
 
-    
+.. _qa-check-empty-dirs:
+
+-  ``<packagename> installs files in <path>, but it is expected to be empty [empty-dirs]``
+
+   The specified package is installing files into a directory that is
+   normally expected to be empty (such as ``/tmp``). These files may
+   be more appropriately installed to a different location, or
+   perhaps alternatively not installed at all.
+
 .. _qa-check-arch:
 
 -  ``Architecture did not match (<file_arch>, expected <machine_arch>) in <file> [arch]``
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 4803578..47c8a8f 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -6084,6 +6084,21 @@ system and gives an overview of their function and contents.
       In the previous example,
       the version of the dependency is :term:`PYTHON_PN`.
 
+   :term:`QA_EMPTY_DIRS`
+      Specifies a list of directories that are expected to be empty when
+      packaging; if ``empty-dirs`` appears in :term:`ERROR_QA` or
+      :term:`WARN_QA` these will be checked and an error or warning
+      (respectively) will be produced.
+
+      The default :term:`QA_EMPTY_DIRS` value is set in
+      :ref:`classes/insane.bbclass <ref-classes-insane>`.
+
+   :term:`QA_EMPTY_DIRS_RECOMMENDATION`
+      Specifies a recommendation for a directory why it must be empty,
+      which will be included in the error message if a specific directory
+      is found to contain files. Must be overridden with the directory
+      path to match on.
+
    :term:`RANLIB`
       The minimal command and arguments to run ``ranlib``.
 
-- 
1.8.3.1

[PATCH 8/9] migration-guides: complete migration guide for 4.0

[Paul Eggleton]

From: Paul Eggleton <paul.eggleton@microsoft.com>

* Make some corrections to preliminary set of entries
* Move out entries that were more appropriate for the release notes
  (i.e. that are more additions rather than changes that require the
  user to make changes)
* Add new entries based on commits in the kirkstone branch

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/migration-guides/migration-4.0.rst | 346 +++++++++++++++--------
 1 file changed, 221 insertions(+), 125 deletions(-)

diff --git a/documentation/migration-guides/migration-4.0.rst b/documentation/migration-guides/migration-4.0.rst
index 202999e..6725e25 100644
--- a/documentation/migration-guides/migration-4.0.rst
+++ b/documentation/migration-guides/migration-4.0.rst
@@ -1,61 +1,74 @@
 Release 4.0 (kirkstone)
 =======================
 
+Migration notes for 4.0 (kirkstone)
+-----------------------------------
+
 This section provides migration information for moving to the Yocto
 Project 4.0 Release (codename "kirkstone") from the prior release.
 
-Recipe changes
---------------
-
-- To use more `inclusive language <https://inclusivenaming.org/>`__
-  in the code and documentation, some variables have been renamed or even
-  deleted. BitBake will stop with an error when renamed or removed variables
-  still exist in your recipes or configuration.
-
-  Please note that the change applies also to environmental variables, so
-  make sure you use a fresh environment for your build.
-
-  The following variables have changed their names:
-
-  - ``BB_ENV_WHITELIST`` became :term:`BB_ENV_PASSTHROUGH`
-  - ``BB_ENV_EXTRAWHITE`` became :term:`BB_ENV_PASSTHROUGH_ADDITIONS`
-  - ``BB_HASHBASE_WHITELIST`` became :term:`BB_BASEHASH_IGNORE_VARS`
-  - ``BB_HASHCONFIG_WHITELIST`` became :term:`BB_HASHCONFIG_IGNORE_VARS`
-  - ``BB_HASHTASK_WHITELIST`` became ``BB_TASKHASH_IGNORE_TASKS``
-  - ``BB_SETSCENE_ENFORCE_WHITELIST`` became ``BB_SETSCENE_ENFORCE_IGNORE_TASKS``
-  - ``CVE_CHECK_PN_WHITELIST`` became :term:`CVE_CHECK_SKIP_RECIPE`
-  - ``CVE_CHECK_WHITELIST`` became :term:`CVE_CHECK_IGNORE`
-  - ``ICECC_USER_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE`
-  - ``ICECC_SYSTEM_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE`
-  - ``ICECC_USER_PACKAGE_WL`` became :term:`ICECC_RECIPE_ENABLE`
-  - ``ICECC_USER_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE`
-  - ``ICECC_SYSTEM_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE`
-  - ``LICENSE_FLAGS_WHITELIST`` became :term:`LICENSE_FLAGS_ACCEPTED`
-  - ``MULTI_PROVIDER_WHITELIST`` became :term:`BB_MULTI_PROVIDER_ALLOWED`
-  - ``PNBLACKLIST`` became :term:`SKIP_RECIPE`
-  - ``SDK_LOCAL_CONF_BLACKLIST`` became :term:`ESDK_LOCALCONF_REMOVE`
-  - ``SDK_LOCAL_CONF_WHITELIST`` became :term:`ESDK_LOCALCONF_ALLOW`
-  - ``SDK_INHERIT_BLACKLIST`` became :term:`ESDK_CLASS_INHERIT_DISABLE`
-  - ``SSTATE_DUPWHITELIST`` became ``SSTATE_ALLOW_OVERLAP_FILES``
-  - ``SYSROOT_DIRS_BLACKLIST`` became :term:`SYSROOT_DIRS_IGNORE`
-  - ``UNKNOWN_CONFIGURE_WHITELIST`` became :term:`UNKNOWN_CONFIGURE_OPT_IGNORE`
-
-  In addition, ``BB_STAMP_WHITELIST``, ``BB_STAMP_POLICY``, ``INHERIT_BLACKLIST``
-  and ``TUNEABI_WHITELIST`` have been removed.
-
-  Many internal variable names have been also renamed accordingly.
-
-  In addition, in the ``cve-check`` output, the CVE issue status ``Whitelisted``
-  has been renamed to ``Ignored``.
-
-  A :oe_git:`convert-variable-renames.py
-  </openembedded-core/tree/scripts/contrib/convert-variable-renames.py>`
-  script is provided to convert your recipes and configuration,
-  and also warns you about the use of problematic words. The script performs
-  changes and you need to review them before committing. An example warning
-  looks like::
-
-     poky/scripts/lib/devtool/upgrade.py needs further work at line 275 since it contains abort
+.. _migration-4.0-inclusive-language:
+
+Inclusive language improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To use more `inclusive language <https://inclusivenaming.org/>`__
+in the code and documentation, some variables have been renamed, and
+some have been deleted where they are no longer needed. In many cases the
+new names are also easier to understand. BitBake will stop with an error when
+renamed or removed variables still exist in your recipes or configuration.
+
+Please note that the change applies also to environmental variables, so
+make sure you use a fresh environment for your build.
+
+The following variables have changed their names:
+
+- ``BB_ENV_WHITELIST`` became :term:`BB_ENV_PASSTHROUGH`
+- ``BB_ENV_EXTRAWHITE`` became :term:`BB_ENV_PASSTHROUGH_ADDITIONS`
+- ``BB_HASHBASE_WHITELIST`` became :term:`BB_BASEHASH_IGNORE_VARS`
+- ``BB_HASHCONFIG_WHITELIST`` became :term:`BB_HASHCONFIG_IGNORE_VARS`
+- ``BB_HASHTASK_WHITELIST`` became ``BB_TASKHASH_IGNORE_TASKS``
+- ``BB_SETSCENE_ENFORCE_WHITELIST`` became ``BB_SETSCENE_ENFORCE_IGNORE_TASKS``
+- ``CVE_CHECK_PN_WHITELIST`` became :term:`CVE_CHECK_SKIP_RECIPE`
+- ``CVE_CHECK_WHITELIST`` became :term:`CVE_CHECK_IGNORE`
+- ``ICECC_USER_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE`
+- ``ICECC_SYSTEM_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE`
+- ``ICECC_USER_PACKAGE_WL`` became :term:`ICECC_RECIPE_ENABLE`
+- ``ICECC_USER_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE`
+- ``ICECC_SYSTEM_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE`
+- ``LICENSE_FLAGS_WHITELIST`` became :term:`LICENSE_FLAGS_ACCEPTED`
+- ``MULTI_PROVIDER_WHITELIST`` became :term:`BB_MULTI_PROVIDER_ALLOWED`
+- ``PNBLACKLIST`` became :term:`SKIP_RECIPE`
+- ``SDK_LOCAL_CONF_BLACKLIST`` became :term:`ESDK_LOCALCONF_REMOVE`
+- ``SDK_LOCAL_CONF_WHITELIST`` became :term:`ESDK_LOCALCONF_ALLOW`
+- ``SDK_INHERIT_BLACKLIST`` became :term:`ESDK_CLASS_INHERIT_DISABLE`
+- ``SSTATE_DUPWHITELIST`` became ``SSTATE_ALLOW_OVERLAP_FILES``
+- ``SYSROOT_DIRS_BLACKLIST`` became :term:`SYSROOT_DIRS_IGNORE`
+- ``UNKNOWN_CONFIGURE_WHITELIST`` became :term:`UNKNOWN_CONFIGURE_OPT_IGNORE`
+- ``WHITELIST_<license>`` became ``INCOMPATIBLE_LICENSE_EXCEPTIONS``
+
+In addition, ``BB_STAMP_WHITELIST``, ``BB_STAMP_POLICY``, ``INHERIT_BLACKLIST``,
+``TUNEABI``, ``TUNEABI_WHITELIST``, and ``TUNEABI_OVERRIDE`` have been removed.
+
+Many internal variable names have been also renamed accordingly.
+
+In addition, in the ``cve-check`` output, the CVE issue status ``Whitelisted``
+has been renamed to ``Ignored``.
+
+The :term:`BB_DISKMON_DIRS` variable value now uses the term ``HALT``
+instead of ``ABORT``.
+
+A :oe_git:`convert-variable-renames.py
+</openembedded-core/tree/scripts/contrib/convert-variable-renames.py>`
+script is provided to convert your recipes and configuration,
+and also warns you about the use of problematic words. The script performs
+changes and you need to review them before committing. An example warning
+looks like::
+
+    poky/scripts/lib/devtool/upgrade.py needs further work at line 275 since it contains abort
+    
+Fetching changes
+~~~~~~~~~~~~~~~~
 
 - Because of the uncertainty in future default branch names in git repositories,
   it is now required to add a branch name to all URLs described
@@ -70,7 +83,8 @@ Recipe changes
 - Because of `GitHub dropping support for the git:
   protocol <https://github.blog/2021-09-01-improving-git-protocol-security-github/>`__,
   recipes now need to use ``;protocol=https`` at the end of GitHub
-  URLs. The same script as above can be used to convert the recipes.
+  URLs. The same ``convert-srcuri`` script mentioned above can be used to convert
+  your recipes.
 
 - Network access from tasks is now disabled by default on kernels which support
   this feature (on most recent distros such as CentOS 8 and Debian 11 onwards).
@@ -84,87 +98,169 @@ Recipe changes
   usually undermines fetcher source mirroring, image and licence manifests, software
   auditing and supply chain security.
 
-- The :term:`TOPDIR` variable and the current working directory are no longer modified
-  when parsing recipes. Any code depending on that behaviour will no longer work.
-
-- The ``append``, ``prepend`` and ``remove`` operators can now only be combined with
-  ``=`` and ``:=`` operators. To the exception of the ``append`` plus ``+=`` and
-  ``prepend`` plus ``=+`` combinations, all combinations could be factored up to the
-  ``append``, ``prepend`` or ``remove`` in the combination. This brought a lot of
-  confusion on how the override style syntax operators work and should be used.
-  Therefore, those combinations can simply be replaced by a single ``append``,
-  ``prepend`` or ``remove`` operator without any additional change.
-  For the ``append`` plus ``+=`` (and ``prepend`` plus ``=+``) combinations,
-  the content should be prefixed (respectively suffixed) by a space to maintain
-  the same behavior.  You can learn more about override style syntax operators
-  (``append``, ``prepend`` and ``remove``) in the BitBake documentation:
-  :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata:appending and prepending (override style syntax)`
-  and :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata:removal (override style syntax)`.
+License changes
+~~~~~~~~~~~~~~~
 
-- :ref:`allarch <ref-classes-allarch>` packagegroups can no longer depend on packages
-  which use :term:`PKG` renaming such as :ref:`ref-classes-debian`.
+- The ambiguous "BSD" license has been removed from the ``common-licenses`` directory.
+  Each recipe that fetches or builds BSD-licensed code should specify the proper
+  version of the BSD license in its :term:`LICENSE` value.
 
-- :term:`LICENSE` definitions now have to use `SPDX identifiers <https://spdx.org/licenses/>`__.
-  A :oe_git:`convert-spdx-licenses.py </openembedded-core/tree/scripts/contrib/convert-spdx-licenses.py>`
+- :term:`LICENSE` variable values should now use `SPDX identifiers <https://spdx.org/licenses/>`__.
+  If they do not, by default a warning will be shown. A
+  :oe_git:`convert-spdx-licenses.py </openembedded-core/tree/scripts/contrib/convert-spdx-licenses.py>`
   script can be used to update your recipes.
-
-- :term:`SRC_URI`: a new :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-fetching:crate fetcher (\`\`crate://\`\`)`
-  is available for Rust packages.
-
-Class changes
--------------
-
-- The ``distutils*.bbclasses`` have been moved to ``meta-python``. The classes and
-  `DISTUTILS*` variables have been removed from the documentation.
-
-- ``blacklist.bbclass`` is removed and the functionality moved to the
-  :ref:`base <ref-classes-base>` class with a more descriptive
-  ``varflag`` named :term:`SKIP_RECIPE` which will use the `SkipRecipe()`
-  function. The usage will remain the same::
-
-     SKIP_RECIPE[my-recipe] = "Reason for skipping recipe"
-
-- The Python package build process based on `wheels <https://pythonwheels.com/>`__.
+  
+- :term:`INCOMPATIBLE_LICENSE` should now use `SPDX identifiers <https://spdx.org/licenses/>`__.
+  Additionally, wildcarding is now limited to specifically supported values -
+  see the :term:`INCOMPATIBLE_LICENSE` documentation for further information.
+
+- The ``AVAILABLE_LICENSES`` variable has been removed. This variable was a performance
+  liability and is highly dependent on which layers are added to the configuration,
+  which can cause signature issues for users. In addition the ``available_licenses()``
+  function has been removed from the :ref:`license <ref-classes-license>` class as
+  it is no longer needed.
+  
+Removed recipes
+~~~~~~~~~~~~~~~
+
+The following recipes have been removed in this release:
+
+- ``dbus-test``: merged into main dbus recipe
+- ``libid3tag``: moved to meta-oe - no longer needed by anything in OE-Core
+- ``libportal``: moved to meta-gnome - no longer needed by anything in OE-Core
+- ``linux-yocto``: removed version 5.14 recipes (5.15 and 5.10 still provided)
+- ``python3-nose``: has not changed since 2016 upstream, and no longer needed by anything in OE-Core
+- ``rustfmt``: not especially useful as a standalone recipe
+
+Python changes
+~~~~~~~~~~~~~~
+     
+- ``distutils`` has been deprecated upstream in Python 3.10 and thus the ``distutils*``
+  classes have been moved to ``meta-python``. Recipes that inherit the ``distutils*``
+  classes should be updated to inherit ``setuptools*`` equivalents instead.
+  
+- The Python package build process is now based on `wheels <https://pythonwheels.com/>`__.
   Here are the new Python packaging classes that should be used:
-  :ref:`python-flit_core <ref-classes-python_flit_core>`,
-  :ref:`setuptools_python-build_meta <ref-classes-python_setuptools_build_meta>`
-  and :ref:`python_poetry_core <ref-classes-python_poetry_core>`.
-
-- ``image-prelink.bbclass`` class is removed.
-
-- New :ref:`overlayfs <ref-classes-overlayfs>` and
-  :ref:`overlayfs-etc <ref-classes-overlayfs-etc>` classes are available
-  to make it easier to overlay read-only filesystems (for example)
-  with `OverlayFS <https://en.wikipedia.org/wiki/OverlayFS>`__.
-
-Configuration changes
----------------------
-
-- The Yocto Project now allows to reuse Shared State from its autobuilder.
-  If the network connection between our server and your machine is faster
-  than you would build recipes, you can try to speed up your builds
-  by using such Share State and Hash Equivalence by setting::
-
-     BB_SIGNATURE_HANDLER = "OEEquivHash"
-     BB_HASHSERVE = "auto"
-     BB_HASHSERVE_UPSTREAM = "typhoon.yocto.io:8687"
-     SSTATE_MIRRORS ?= "file://.* https://sstate.yoctoproject.org/&YOCTO_DOC_VERSION;/PATH;downloadfilename=PATH"
+  :ref:`python_flit_core <ref-classes-python_flit_core>`,
+  :ref:`python_setuptools_build_meta <ref-classes-python_setuptools_build_meta>`
+  and :ref:`python_poetry_core <ref-classes-python_poetry_core>`.  
+
+- The :ref:`setuptools3 <ref-classes-setuptools3>` class ``do_install()`` task now
+  installs the ``wheel`` binary archive. In current versions of ``setuptools`` the
+  legacy ``setup.py install`` method is deprecated. If the ``setup.py`` cannot be used
+  with wheels, for example it creates files outside of the Python module or standard
+  entry points, then :ref:`setuptools3_legacy <ref-classes-setuptools3_legacy>` should
+  be used instead.
+
+Prelink removed
+~~~~~~~~~~~~~~~
+
+Prelink has been dropped by ``glibc`` upstream in 2.36. It already caused issues with
+binary corruption, has a number of open bugs and is of questionable benefit
+without disabling load address randomization and PIE executables.
+    
+We disabled prelinking by default in the honister (3.4) release, but left it able
+to be enabled if desired. However, without glibc support it cannot be maintained
+any further, so all of the prelinking functionality has been removed in this release.
+If you were enabling the ``image-prelink`` class in :term:`INHERIT`, :term:`IMAGE_CLASSES`,
+:term:`USER_CLASSES` etc in your configuration, then you will need to remove the
+reference(s).
+
+Reproducible as standard
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Reproducibility is now considered as standard functionality, thus the 
+``reproducible`` class has been removed and its previous contents merged into the
+:ref:`base <ref-classes-base>` class. If you have references in your configuration to
+``reproducible`` in :term:`INHERIT`, :term:`USER_CLASSES` etc. then they should be
+removed.
+
+Additionally, the ``BUILD_REPRODUCIBLE_BINARIES`` variable is no longer used.
+Specifically for the kernel, if you wish to enable build timestamping functionality
+that is normally disabled for reproducibility reasons, you can do so by setting
+a new :term:`KERNEL_DEBUG_TIMESTAMPS` variable to "1".
 
 Supported host distribution changes
------------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-- New support for `AlmaLinux <https://en.wikipedia.org/wiki/AlmaLinux>`__
+- Support for `AlmaLinux <https://en.wikipedia.org/wiki/AlmaLinux>`__
   hosts replacing `CentOS <https://en.wikipedia.org/wiki/CentOS>`__.
   The following distribution versions were dropped: CentOS 8, Ubuntu 16.04 and Fedora 30, 31 and 32.
 
-Changes for release notes
--------------------------
-
-- Share State cache: now using `ZStandard (zstd) <https://en.wikipedia.org/wiki/Zstd>`__
-  instead of Gzip compression, for better performance.
-
-- BitBake has an improved ``setscene`` task display.
+- ``gcc`` version 7.5 is now required at minimum on the build host. For older
+  host distributions where this is not available, you can use the
+  ``buildtools-extended-tarball`` (easily installable using
+  ``scripts/install-buildtools``).
+
+_append/_prepend in combination with other operators
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The ``append``, ``prepend`` and ``remove`` operators can now only be combined with
+``=`` and ``:=`` operators. To the exception of the ``append`` plus ``+=`` and
+``prepend`` plus ``=+`` combinations, all combinations could be factored up to the
+``append``, ``prepend`` or ``remove`` in the combination. This brought a lot of
+confusion on how the override style syntax operators work and should be used.
+Therefore, those combinations should be replaced by a single ``append``,
+``prepend`` or ``remove`` operator without any additional change.
+For the ``append`` plus ``+=`` (and ``prepend`` plus ``=+``) combinations,
+the content should be prefixed (respectively suffixed) by a space to maintain
+the same behavior.  You can learn more about override style syntax operators
+(``append``, ``prepend`` and ``remove``) in the BitBake documentation:
+:ref:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata:appending and prepending (override style syntax)`
+and :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata:removal (override style syntax)`.
+
+Miscellaneous changes
+~~~~~~~~~~~~~~~~~~~~~
+  
+- ``blacklist.bbclass`` is removed and the functionality moved to the
+  :ref:`base <ref-classes-base>` class with a more descriptive
+  ``varflag`` variable named :term:`SKIP_RECIPE` which will use the `bb.parse.SkipRecipe()`
+  function. The usage remains the same, for example::
 
-- This release fixes the reproducibility issues with ``rust-llvm`` and ``golang``.
-  Recipes in OpenEmbedded-Core are now fully reproducible.
+     SKIP_RECIPE[my-recipe] = "Reason for skipping recipe"
 
+- :ref:`allarch <ref-classes-allarch>` packagegroups can no longer depend on packages
+  which use :term:`PKG` renaming such as :ref:`ref-classes-debian`. Such packagegroups
+  recipes should be changed to avoid inheriting :ref:`allarch <ref-classes-allarch>`.
+
+- The ``lnr`` script has been removed. ``lnr`` implemented the same behaviour as `ln --relative --symbolic`,
+  since at the time of creation `--relative` was only available in coreutils 8.16
+  onwards which was too new for the older supported distros. Current supported host
+  distros have a new enough version of coreutils, so it is no longer needed. If you have
+  any calls to ``lnr`` in your recipes or classes, they should be replaced with
+  `ln --relative --symbolic` or `ln -rs` if you prefer the short version.
+
+- The ``package_qa_handle_error()`` function formerly in the :ref:`insane <ref-classes-insane>`
+  class has been moved and renamed - if you have any references in your own custom
+  classes they should be changed to ``oe.qa.handle_error()``.
+
+- When building ``perl``, Berkeley db support is no longer enabled by default, since
+  Berkeley db is largely obsolete. If you wish to reenable it, you can append ``bdb``
+  to :term:`PACKAGECONFIG` in a ``perl`` bbappend or ``PACKAGECONFIG:pn-perl`` at
+  the configuration level.
+
+- For the ``xserver-xorg`` recipe, the ``xshmfence``, ``xmlto`` and ``systemd`` options
+  previously supported in :term:`PACKAGECONFIG` have been removed, as they are no
+  longer supported since the move from building it with autotools to meson in this release.
+
+- For the ``libsdl2`` recipe, various X11 features are now disabled by default (primarily
+  for reproducibility purposes in the native case) with options in :term:`EXTRA_OECMAKE`
+  within the recipe. These can be changed within a bbappend if desired. See the
+  ``libsdl2`` recipe for more details.
+
+- The ``cortexa72-crc`` and ``cortexa72-crc-crypto`` tunes have been removed since
+  the crc extension is now enabled by default for cortexa72. Replace any references to
+  these with ``cortexa72`` and ``cortexa72-crypto`` respectively.
+  
+- The Python development shell (previously known as ``devpyshell``) feature has been
+  renamed to ``pydevshell``. To start it you should now run::
+
+     bitbake <target> -c pydevshell
+
+- The ``packagegroups-core-full-cmdline-libs`` packagegroup is no longer produced, as
+  libraries should normally be brought in via dependencies. If you have any references
+  to this then remove them.
+  
+- The :term:`TOPDIR` variable and the current working directory are no longer modified
+  when parsing recipes. Any code depending on the previous behaviour will no longer
+  work - change any such code to explicitly use appropriate path variables instead.
-- 
1.8.3.1

[PATCH 9/9] migration-guides: add release notes for 4.0

[Paul Eggleton]

From: Paul Eggleton <paul.eggleton@microsoft.com>

Generated from commits in the kirkstone branch, as well as a few entries
from the migration guide.

(Note that the "Repositories / Downloads" section still needs to be
filled in.)

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/migration-guides/migration-4.0.rst   |   3 +
 .../migration-guides/release-notes-4.0.rst         | 864 +++++++++++++++++++++
 2 files changed, 867 insertions(+)
 create mode 100644 documentation/migration-guides/release-notes-4.0.rst

diff --git a/documentation/migration-guides/migration-4.0.rst b/documentation/migration-guides/migration-4.0.rst
index 6725e25..00dddcb 100644
--- a/documentation/migration-guides/migration-4.0.rst
+++ b/documentation/migration-guides/migration-4.0.rst
@@ -264,3 +264,6 @@ Miscellaneous changes
 - The :term:`TOPDIR` variable and the current working directory are no longer modified
   when parsing recipes. Any code depending on the previous behaviour will no longer
   work - change any such code to explicitly use appropriate path variables instead.
+
+
+.. include:: release-notes-4.0.rst
diff --git a/documentation/migration-guides/release-notes-4.0.rst b/documentation/migration-guides/release-notes-4.0.rst
new file mode 100644
index 0000000..6f12c73
--- /dev/null
+++ b/documentation/migration-guides/release-notes-4.0.rst
@@ -0,0 +1,864 @@
+Release notes for 4.0 (kirkstone)
+---------------------------------
+
+New Features / Enhancements in 4.0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Linux kernel 5.15, glibc 2.35 and ~300 other recipe upgrades
+
+- Reproducibility: this release fixes the reproducibility issues with ``rust-llvm`` and
+  ``golang``. Recipes in OpenEmbedded-Core are now fully reproducible. Functionality
+  previously in the optional "reproducible" class has been merged into the base class.
+
+- Network access is now disabled by default for tasks other than where it is expected to ensure build integrity (where host kernel supports it)
+
+- The Yocto Project now allows you to reuse the Shared State cache from
+  its autobuilder. If the network connection between our server and your
+  machine is faster than you would build recipes from source, you can
+  try to speed up your builds by using such Shared State and Hash
+  Equivalence by setting::
+
+     BB_SIGNATURE_HANDLER = "OEEquivHash"
+     BB_HASHSERVE = "auto"
+     BB_HASHSERVE_UPSTREAM = "typhoon.yocto.io:8687"
+     SSTATE_MIRRORS ?= "file://.* https://sstate.yoctoproject.org/&YOCTO_DOC_VERSION;/PATH;downloadfilename=PATH"
+
+- The Python package build process is now based on `wheels <https://pythonwheels.com/>`__
+  in line with the upstream direction.
+
+- New :ref:`overlayfs <ref-classes-overlayfs>` and
+  :ref:`overlayfs-etc <ref-classes-overlayfs-etc>` classes and
+  ``overlayroot`` support in the initramfs framework to make it easier to
+  overlay read-only filesystems (for example) with
+  `OverlayFS <https://en.wikipedia.org/wiki/OverlayFS>`__.
+
+- Inclusive language adjustments to some variable names - see the
+  :ref:`4.0 migration guide <migration-4.0-inclusive-language>` for details.
+  
+- New recipes:
+
+   - ``buildtools-docs-tarball``
+   - ``libptytty``
+   - ``libxcvt``
+   - ``lua``
+   - ``nghttp2``
+   - ``python3-alabaster``
+   - ``python3-asn1crypto``
+   - ``python3-babel``
+   - ``python3-bcrypt``
+   - ``python3-certifi``
+   - ``python3-cffi``
+   - ``python3-chardet``
+   - ``python3-cryptography``
+   - ``python3-cryptography-vectors``
+   - ``python3-dtschema``
+   - ``python3-flit-core``
+   - ``python3-idna``
+   - ``python3-imagesize``
+   - ``python3-installer``
+   - ``python3-iso8601``
+   - ``python3-jsonpointer``
+   - ``python3-jsonschema``
+   - ``python3-ndg-httpsclient``
+   - ``python3-ply``
+   - ``python3-poetry-core``
+   - ``python3-pretend``
+   - ``python3-psutil``
+   - ``python3-pyasn1``
+   - ``python3-pycparser``
+   - ``python3-pyopenssl``
+   - ``python3-pyrsistent``
+   - ``python3-pysocks``
+   - ``python3-pytest-runner``
+   - ``python3-pytest-subtests``
+   - ``python3-pytz``
+   - ``python3-requests``
+   - ``python3-rfc3339-validator``
+   - ``python3-rfc3986-validator``
+   - ``python3-rfc3987``
+   - ``python3-ruamel-yaml``
+   - ``python3-semantic-version``
+   - ``python3-setuptools-rust-native``
+   - ``python3-snowballstemmer``
+   - ``python3-sphinx``
+   - ``python3-sphinxcontrib-applehelp``
+   - ``python3-sphinxcontrib-devhelp``
+   - ``python3-sphinxcontrib-htmlhelp``
+   - ``python3-sphinxcontrib-jsmath``
+   - ``python3-sphinxcontrib-qthelp``
+   - ``python3-sphinxcontrib-serializinghtml``
+   - ``python3-sphinx-rtd-theme``
+   - ``python3-strict-rfc3339``
+   - ``python3-tomli``
+   - ``python3-typing-extensions``
+   - ``python3-urllib3``
+   - ``python3-vcversioner``
+   - ``python3-webcolors``
+   - ``python3-wheel``
+   - ``repo``
+   - ``seatd``
+
+- Extended recipes to ``native``: ``wayland``, ``wayland-protocols``
+
+- Shared state (sstate) improvements:
+
+   - Switched to `ZStandard (zstd) <https://en.wikipedia.org/wiki/Zstd>`__ instead
+     of Gzip, for better performance.
+   - Allow validation of sstate signatures against a list of keys
+   - Improved error messages and exception handling
+
+- BitBake enhancements:
+
+   - Fetcher enhancements:
+   
+      - New :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-fetching:crate fetcher (\`\`crate://\`\`)` for Rust packages
+      - Added striplevel support to unpack
+      - git: Add a warning asking users to set a branch in git urls
+      - git: Allow git fetcher to support subdir param
+      - git: canonicalize ids in generated tarballs
+      - git: stop generated tarballs from leaking info
+      - npm: Put all downloaded files in the npm2 directory
+      - npmsw: Add support for duplicate dependencies without url
+      - npmsw: Add support for github prefix in npm shrinkwrap version
+      - ssh: now supports checkstatus, allows : in URLs (both required for use with sstate) and no longer requires username
+      - wget: add redirectauth parameter
+      - wget: add 30s timeout for checkstatus calls
+   
+   - Show warnings for append/prepend/remove operators combined with +=/.=
+   - Add bb.warnonce() and bb.erroronce() log methods
+   - Improved setscene task display
+   - Show elapsed time also for tasks with progress bars
+   - Improved cleanup on forced shutdown (either because of errors or Ctrl+C)
+   - contrib: Add Dockerfile for building PR service container
+   - Change file format of siginfo files to use zstd compressed json
+   - Display active tasks when printing keep-alive message to help debugging
+
+-  Architecture-specific enhancements:
+
+   - ARM:
+  
+      - tune-cortexa72: Enable the crc extension by default for cortexa72
+      - qemuarm64: Add tiny ktype to qemuarm64 bsp
+      - armv9a/tune: Add the support for the Neoverse N2 core
+      - arch-armv8-5a.inc: Add tune include for armv8.5a
+      - grub-efi: Add xen_boot support when 'xen' is in DISTRO_FEATURES for aarch64
+      - tune-cortexa73: Introduce cortexa73-crypto tune
+      - libacpi: Build libacpi also for 'aarch64' machines
+      - core-image-tiny-initramfs: Mark recipe as 32 bit ARM compatible
+
+   - PowerPC:
+
+      - weston-init: Use pixman rendering for qemuppc64
+      - rust: add support for big endian 64-bit PowerPC
+      - rust: Add snapshot checksums for powerpc64le
+
+   - RiscV:
+
+      - libunwind: Enable for rv64
+      - systemtap: Enable for riscv64
+      - linux-yocto-dev: add qemuriscv32
+      - packagegroup-core-tools-profile: Enable systemtap for riscv64
+      - qemuriscv: Use virtio-tablet-pci for mouse
+  
+   - x86:
+
+      - kernel-yocto: conditionally enable stack protection checking on x86-64
+
+-  Kernel-related enhancements:
+
+   - Allow initramfs to be built from a separate multiconfig
+   - Make kernel-base recommend kernel-image, not depend (allowing images containing kernel modules without kernel image)
+   - linux-yocto: split vtpm for more granular inclusion
+   - linux-yocto: cfg/debug: add configs for kcsan
+   - linux-yocto: cfg: add kcov feature fragment
+   - linux-yocto: export pkgconfig variables to devshell
+   - linux-yocto-dev: use versioned branch as default
+   - New ``KERNEL_DEBUG_TIMESTAMPS`` variable (to replace removed ``BUILD_REPRODUCIBLE_BINARIES`` for the kernel)
+   - Introduce python3-dtschema-wrapper in preparation for mandatory schema checking on dtb files in 5.16
+   - Allow disabling kernel artifact symlink creation
+   - Allow changing default .bin kernel artifact extension
+
+- FIT image related enhancements:
+
+   - New ``FIT_SUPPORTED_INITRAMFS_FSTYPES`` variable to allow extending initramfs image types to look for
+   - New ``FIT_CONF_PREFIX`` variable to allow overriding FIT configuration prefix
+   - Use 'bbnote' for better logging
+
+- New :term:`PACKAGECONFIG` options in ``curl``, ``dtc``, ``epiphany``, ``git``, ``git``, ``gstreamer1.0-plugins-bad``, (kernel), ``kmod``, ``mesa``, ``piglit``, ``qemu``, ``rpm``, ``systemd``, ``webkitgtk``, ``weston-init``
+- ptest enhancements in ``findutils``, ``lttng-tools``, ``openssl``, ``gawk``, ``strace``, ``lttng-tools``, ``valgrind``, ``perl``, ``libxml-parser-perl``, ``openssh``, ``python3-cryptography``, ``popt``
+
+- Sysroot dependencies have been further optimised
+- Significant effort to upstream / rationalise patches across a variety of recipes
+- Allow the creation of block devices on top of UBI volumes
+- archiver: new ARCHIVER_MODE[compression] to set tarball compression, and switch default to xz
+- yocto-check-layer: add ability to perform tests from a global bbclass
+- yocto-check-layer: improved README checks
+- cve-check: add json output format
+- cve-check: add coverage statistics on recipes with/without CVEs
+- Added mirrors for kernel sources and uninative binaries on kernel.org 
+- glibc and binutils recipes now use shallow mirror tarballs for faster fetching
+- When patching fails, show more information on the fatal error
+
+-  wic Image Creator enhancements:
+
+  - Support rootdev identified by partition label
+  - rawcopy: Add support for packed images
+  - partition: Support valueless keys in sourceparams
+
+- QA check enhancements:
+
+   - Allow treating license issues as errors
+   - Added a check that Upstream-Status patch tag is present and correctly formed
+   - Added a check for directories that are expected to be empty
+   - Ensure addition of patch-fuzz retriggers do_qa_patch
+   - Added a sanity check for allarch packagegroups
+
+- create-spdx class improvements:
+
+   - Get SPDX-License-Identifier from source files
+   - Generate manifest also for SDKs
+   - New SPDX_ORG variable to allow changing the Organization field value
+   - Added packageSupplier field
+   - Added create_annotation function
+
+- devtool add / recipetool create enhancements:
+
+   - Extend curl detection when creating recipes
+   - Handle GitLab URLs like we do GitHub
+   - Recognize more standard license text variants
+   - Separate licenses with & operator
+   - Detect more known licenses in Python code
+   - Move license md5sums data into CSV files
+   - npm: Use README as license fallback
+   
+- SDK-related enhancements:
+
+   - Extended recipes to ``nativesdk``: ``cargo``, ``librsvg``, ``libstd-rs``, ``libva``, ``python3-docutil``, ``python3-packaging``
+   - Enabled nativesdk recipes to find a correct version of the rust cross compiler
+   - Support creating per-toolchain cmake file in SDK
+
+- Rust enhancements:
+   
+   - New python_setuptools3_rust class to enable building python extensions in Rust
+   - classes/meson: Add optional rust definitions
+
+- QEMU / runqemu enhancements:
+
+   - qemu: Add knob for enabling PMDK pmem support
+   - qemu: add tpm string section to qemu acpi table
+   - qemu: Build on musl targets
+   - runqemu: support rootfs mounted ro
+   - runqemu: add :term:`DEPLOY_DIR_IMAGE` replacement in QB_OPT_APPEND
+   - runqemu: Allow auto-detection of the correct graphics options
+
+- Capped ``cpu_count()`` (used to set parallelisation defaults) to 64 since any higher usually hurts parallelisation
+- Adjust some GL-using recipes so that they only require virtual/egl
+- package_rpm: use zstd instead of xz
+- npm: new ``EXTRA_OENPM`` variable (to set node-gyp variables for example)
+- npm: new ``NPM_NODEDIR`` variable
+- perl: Enable threading
+- u-boot: Convert ${UBOOT_ENV}.cmd into ${UBOOT_ENV}.scr
+- u-boot: Split do_configure logic into separate file
+- go.bbclass: Allow adding parameters to go ldflags
+- go: log build id computations
+- scons: support out-of-tree builds
+- scripts: Add a conversion script to use SPDX license names
+- scripts: Add convert-variable-renames script for inclusive language variable renaming
+- binutils-cross-canadian: enable gold for mingw
+- grub-efi: Add option to include all available modules
+- bitbake.conf: allow wayland distro feature through for native/SDK builds
+- weston-init: Pass --continue-without-input when launching weston
+- weston: wrapper for weston modules argument
+- weston: Add a knob to control simple clients
+- uninative: Add version to uninative tarball name
+- volatile-binds: SELinux and overlayfs extensions in mount-copybind
+- gtk-icon-cache: Allow using gtk4
+- kmod: Add an exclude directive to depmod
+- os-release: add os-release-initrd package for use in systemd-based initramfs images
+- gstreamer1.0-plugins-base: add support for graphene
+- gpg-sign: Add parameters to gpg signature function
+- package_manager: sign DEB package feeds
+- zstd: add libzstd package
+- libical: build gobject and vala introspection
+- dhcpcd: add option to set DBDIR location
+- rpcbind: install rpcbind.conf
+- mdadm: install mdcheck
+- boost: add json lib
+- libxkbcommon: allow building of API documentation
+- libxkbcommon: split libraries and xkbcli into separate packages
+- systemd: move systemd shared library into its own package
+- systemd: Minimize udev package size if DISTRO_FEATURES doen't contain sysvinit
+
+Known Issues in 4.0
+~~~~~~~~~~~~~~~~~~~
+
+- ``make`` version 4.2.1 is known to be buggy on non-Ubuntu systems. If this ``make``
+  version is detected on host distributions other than Ubuntu at build start time,
+  then a warning will be displayed.
+
+Recipe License changes in 4.0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The following corrections have been made to the LICENSE values set by recipes:
+
+* cmake: add BSD-1-Clause & MIT & BSD-2-Clause to LICENSE due to additional vendored libraries in native/target context
+* gettext: extend LICENSE conditional upon PACKAGECONFIG (due to vendored libraries)
+* gstreamer1.0: update licenses of all modules to LGPL-2.1-or-later (with some exceptions that are GPL-2.0-or-later)
+* gstreamer1.0-plugins-bad/ugly: use the GPL-2.0-or-later only when it is in use
+* kern-tools-native: add missing MIT license due to Kconfiglib
+* libcap: add pam_cap license to LIC_FILES_CHKSUM if pam is enabled
+* libidn2: add Unicode-DFS-2016 license
+* libsdl2: add BSD-2-Clause to LICENSE due to default yuv2rgb and hidapi inclusion
+* libx11-compose-data: update LICENSE to "MIT & MIT-style & BSD-1-Clause & HPND & HPND-sell-variant" to better reflect reality
+* libx11: update LICENSE to "MIT & MIT-style & BSD-1-Clause & HPND & HPND-sell-variant" to better reflect reality
+* libxshmfence: correct LICENSE - MIT -> HPND
+* newlib: add BSD-3-Clause to LICENSE
+* python3-idna: correct LICENSE - Unicode -> Unicode-TOU
+* python3-pip: add "Apache-2.0 & MPL-2.0 & LGPL-2.1-only & BSD-3-Clause & PSF-2.0 & BSD-2-Clause" to LICENSE due to vendored libraries
+
+Other license-related notes:
+
+- The ambiguous "BSD" license has been removed from the ``common-licenses`` directory.
+  Each recipe that fetches or builds BSD-licensed code should specify the proper
+  version of the BSD license in its :term:`LICENSE` value.
+
+- :term:`LICENSE` definitions now have to use `SPDX identifiers <https://spdx.org/licenses/>`__.
+  A :oe_git:`convert-spdx-licenses.py </openembedded-core/tree/scripts/contrib/convert-spdx-licenses.py>`
+  script can be used to update your recipes.
+
+
+
+Security Fixes in 4.0
+~~~~~~~~~~~~~~~~~~~~~
+
+- binutils: :cve:`2021-42574`, :cve:`2021-45078`
+- curl: :cve:`2021-22945`, :cve:`2021-22946`, :cve:`2021-22947`
+- epiphany: :cve:`2021-45085`, :cve:`2021-45086`, :cve:`2021-45087`, :cve:`2021-45088`
+- expat: :cve:`2021-45960`, :cve:`2021-46143`, :cve:`2022-22822`, :cve:`2022-22823`, :cve:`2022-22824`, :cve:`2022-22825`, :cve:`2022-22826`, :cve:`2022-22827`, :cve:`2022-23852`, :cve:`2022-23990`, :cve:`2022-25235`, :cve:`2022-25236`, :cve:`2022-25313`, :cve:`2022-25314`, :cve:`2022-25315`
+- ffmpeg: :cve:`2021-38114`
+- gcc: :cve:`2021-35465`, :cve:`2021-42574`, :cve:`2021-46195`, :cve:`2022-24765`
+- glibc: :cve:`2021-3998`, :cve:`2021-3999`, :cve:`2021-43396`, :cve:`2022-23218`, :cve:`2022-23219`
+- gmp: :cve:`2021-43618`
+- go: :cve:`2021-41771` and :cve:`2021-41772`
+- grub2: :cve:`2021-3981`
+- gzip: :cve:`2022-1271`
+- libarchive : :cve:`2021-31566`, :cve:`2021-36976`
+- libxml2: :cve:`2022-23308`
+- libxslt: :cve:`2021-30560`
+- lighttpd: :cve:`2022-22707`
+- linux-yocto/5.10: amdgpu: :cve:`2021-42327`
+- lua: :cve:`2021-43396`
+- openssl: :cve:`2021-4044`, :cve:`2022-0778`
+- qemu: :cve:`2022-1050`, :cve:`2022-26353`, :cve:`2022-26354`
+- rpm: :cve:`2021-3521`
+- seatd: :cve:`2022-25643`
+- speex: :cve:`2020-23903`
+- squashfs-tools: :cve:`2021-41072`
+- systemd: :cve:`2021-4034`
+- tiff: :cve:`2022-0561`, :cve:`2022-0562`, :cve:`2022-0865`, :cve:`2022-0891`, :cve:`2022-0907`, :cve:`2022-0908`, :cve:`2022-0909`, :cve:`2022-0924`, :cve:`2022-1056`, :cve:`2022-22844`
+- unzip: :cve:`2021-4217`
+- vim: :cve:`2021-3796`, :cve:`2021-3872`, :cve:`2021-3875`, :cve:`2021-3927`, :cve:`2021-3928`, :cve:`2021-3968`, :cve:`2021-3973`, :cve:`2021-4187`, :cve:`2022-0128`, :cve:`2022-0156`, :cve:`2022-0158`, :cve:`2022-0261`, :cve:`2022-0318`, :cve:`2022-0319`, :cve:`2022-0554`, :cve:`2022-0696`, :cve:`2022-0714`, :cve:`2022-0729`, :cve:`2022-0943`
+- virglrenderer: :cve:`2022-0135`, :cve:`2022-0175`
+- webkitgtk: :cve:`2022-22589`, :cve:`2022-22590`, :cve:`2022-22592`
+- xz: :cve:`2022-1271`
+- zlib: :cve:`2018-25032`
+
+
+
+Recipe Upgrades in 4.0
+~~~~~~~~~~~~~~~~~~~~~~
+
+- acpica: upgrade 20210730 -> 20211217
+- acpid: upgrade 2.0.32 -> 2.0.33
+- adwaita-icon-theme: update 3.34/38 -> 41.0
+- alsa-ucm-conf: upgrade 1.2.6.2 -> 1.2.6.3
+- alsa: upgrade 1.2.5 -> 1.2.6
+- apt: upgrade 2.2.4 -> 2.4.3
+- asciidoc: upgrade 9.1.0 -> 10.0.0
+- atk: upgrade 2.36.0 -> 2.38.0
+- at-spi2-core: upgrade 2.40.3 -> 2.42.0
+- at: update 3.2.2 -> 3.2.5
+- autoconf-archive: upgrade 2021.02.19 -> 2022.02.11
+- automake: update 1.16.3 -> 1.16.5
+- bash: upgrade 5.1.8 -> 5.1.16
+- bind: upgrade 9.16.20 -> 9.18.1
+- binutils: Bump to latest 2.38 release branch
+- bison: upgrade 3.7.6 -> 3.8.2
+- bluez5: upgrade 5.61 -> 5.64
+- boost: update 1.77.0 -> 1.78.0
+- btrfs-tools: upgrade 5.13.1 -> 5.16.2
+- buildtools-installer: Update to use 3.4
+- busybox: 1.34.0 -> 1.35.0
+- ca-certificates: update 20210119 -> 20211016
+- cantarell-fonts: update 0.301 -> 0.303.1
+- ccache: upgrade 4.4 -> 4.6
+- cmake: update 3.21.1 -> 3.22.3
+- connman: update 1.40 -> 1.41
+- coreutils: update 8.32 -> 9.0
+- cracklib: update 2.9.5 -> 2.9.7
+- createrepo-c: upgrade 0.17.4 -> 0.19.0
+- cronie: upgrade 1.5.7 -> 1.6.0
+- cups: update 2.3.3op2 -> 2.4.1
+- curl: update 7.78.0 -> 7.82.0
+- dbus: upgrade 1.12.20 -> 1.14.0
+- debianutils: update 4.11.2 -> 5.7
+- dhcpcd: upgrade 9.4.0 -> 9.4.1
+- diffoscope: upgrade 181 -> 208
+- dnf: upgrade 4.8.0 -> 4.11.1
+- dpkg: update 1.20.9 ->  1.21.4
+- e2fsprogs: upgrade 1.46.4 -> 1.46.5
+- ed: upgrade 1.17 -> 1.18
+- efivar: update 37 -> 38
+- elfutils: update 0.185 -> 0.186
+- ell: upgrade 0.43 -> 0.49
+- enchant2: upgrade 2.3.1 -> 2.3.2
+- epiphany: update 40.3 -> 42.0
+- erofs-utils: update 1.3 -> 1.4
+- ethtool: update to 5.16
+- expat: upgrade 2.4.1 -> 2.4.7
+- ffmpeg: update 4.4 -> 5.0
+- file: upgrade 5.40 -> 5.41
+- findutils: upgrade 4.8.0 -> 4.9.0
+- flac: upgrade 1.3.3 -> 1.3.4
+- freetype: upgrade 2.11.0 -> 2.11.1
+- fribidi: upgrade 1.0.10 -> 1.0.11
+- gawk: update 5.1.0 -> 5.1.1
+- gcompat: Update to latest
+- gdbm: upgrade 1.19 -> 1.23
+- gdb: Upgrade to 11.2
+- ghostscript: update 9.54.0 -> 9.55.0
+- gi-docgen: upgrade 2021.7 -> 2022.1
+- git: update 2.33.0 -> 2.35.2
+- glib-2.0: update 2.68.4 -> 2.72.0
+- glibc: Upgrade to 2.35
+- glib-networking: update 2.68.2 -> 2.72.0
+- glslang: update 11.5.0 -> 11.8.0
+- gnu-config: update to latest revision
+- gnupg: update 2.3.1 -> 2.3.4
+- gnutls: update 3.7.2 -> 3.7.4
+- gobject-introspection: upgrade 1.68.0 -> 1.72.0
+- go-helloworld: update to latest revision
+- go: update 1.16.7 -> 1.17.8
+- gpgme: upgrade 1.16.0 -> 1.17.1
+- gsettings-desktop-schemas: upgrade 40.0 -> 42.0
+- gst-devtools: 1.18.4 -> 1.20.1
+- gst-examples: 1.18.4 -> 1.18.6
+- gstreamer1.0: 1.18.4 -> 1.20.1
+- gstreamer1.0-libav: 1.18.4 -> 1.20.1
+- gstreamer1.0-omx: 1.18.4 -> 1.20.1
+- gstreamer1.0-plugins-bad: 1.18.4  1.20.1
+- gstreamer1.0-plugins-base: 1.18.4 -> 1.20.1
+- gstreamer1.0-plugins-good: 1.18.4 -> 1.20.1
+- gstreamer1.0-plugins-ugly: 1.18.4 -> 1.20.1
+- gstreamer1.0-python: 1.18.4 -> 1.20.1
+- gstreamer1.0-rtsp-server: 1.18.4 -> 1.20.1
+- gstreamer1.0-vaapi: 1.18.4 -> 1.20.1
+- gtk+3: upgrade 3.24.30 -> 3.24.33
+- gzip: upgrade 1.10 -> 1.12
+- harfbuzz: upgrade 2.9.0 -> 4.0.1
+- hdparm: upgrade 9.62 -> 9.63
+- help2man: upgrade 1.48.4 -> 1.49.1
+- icu: update 69.1 -> 70.1
+- ifupdown: upgrade 0.8.36 -> 0.8.37
+- inetutils: update 2.1 -> 2.2
+- init-system-helpers: upgrade 1.60 -> 1.62
+- iproute2: update to 5.17.0
+- iputils: update 20210722 to 20211215
+- iso-codes: upgrade 4.6.0 -> 4.9.0
+- itstool: update 2.0.6 -> 2.0.7
+- iw: upgrade 5.9 -> 5.16
+- json-glib: upgrade 1.6.4 -> 1.6.6
+- kea: update 1.8.2 -> 2.0.2
+- kexec-tools: update 2.0.22 -> 2.0.23
+- less: upgrade 590 -> 600
+- libarchive: upgrade 3.5.1 -> 3.6.1
+- libatomic-ops: upgrade 7.6.10 -> 7.6.12
+- libbsd: upgrade 0.11.3 -> 0.11.5
+- libcap: update 2.51 -> 2.63
+- libcgroup: upgrade 2.0 -> 2.0.1
+- libcomps: upgrade 0.1.17 -> 0.1.18
+- libconvert-asn1-perl: upgrade 0.31 -> 0.33
+- libdazzle: upgrade 3.40.0 -> 3.44.0
+- libdnf: update 0.63.1 -> 0.66.0
+- libdrm: upgrade 2.4.107 -> 2.4.110
+- libedit: upgrade 20210714-3.1 -> 20210910-3.1
+- liberation-fonts: update 2.1.4 -> 2.1.5
+- libevdev: upgrade 1.11.0 -> 1.12.1
+- libexif: update 0.6.22 -> 0.6.24
+- libgit2: update 1.1.1 -> 1.4.2
+- libgpg-error: update 1.42 -> 1.44
+- libhandy: update 1.2.3 -> 1.5.0
+- libical: upgrade 3.0.10 -> 3.0.14
+- libinput: update to 1.19.3
+- libjitterentropy: update 3.1.0 -> 3.4.0
+- libjpeg-turbo: upgrade 2.1.1 -> 2.1.3
+- libmd: upgrade 1.0.3 -> 1.0.4
+- libmicrohttpd: upgrade 0.9.73 -> 0.9.75
+- libmodulemd: upgrade 2.13.0 -> 2.14.0
+- libpam: update 1.5.1 -> 1.5.2
+- libpcre2: upgrade 10.37 -> 10.39
+- libpipeline: upgrade 1.5.3 -> 1.5.5
+- librepo: upgrade 1.14.1 -> 1.14.2
+- librsvg: update 2.40.21 -> 2.52.7
+- libsamplerate0: update 0.1.9 -> 0.2.2
+- libsdl2: update 2.0.16 -> 2.0.20
+- libseccomp: update to 2.5.3
+- libsecret: upgrade 0.20.4 -> 0.20.5
+- libsndfile1: bump to version 1.0.31
+- libsolv: upgrade 0.7.19 -> 0.7.22
+- libsoup-2.4: upgrade 2.72.0 -> 2.74.2
+- libsoup: add a recipe for 3.0.5
+- libssh2: update 1.9.0 -> 1.10.0
+- libtasn1: upgrade 4.17.0 -> 4.18.0
+- libtool: Upgrade 2.4.6 -> 2.4.7
+- libucontext: Upgrade to 1.2 release
+- libunistring: update 0.9.10 -> 1.0
+- libunwind: upgrade 1.5.0 -> 1.6.2
+- liburcu: upgrade 0.13.0 -> 0.13.1
+- libusb1: upgrade 1.0.24 -> 1.0.25
+- libuv: update 1.42.0 -> 1.44.1
+- libva: update 2.12.0 -> 2.14.0
+- libva-utils: upgrade 2.13.0 -> 2.14.0
+- libwebp: 1.2.1 -> 1.2.2
+- libwpe: upgrade 1.10.1 -> 1.12.0
+- libx11: update to 1.7.3.1
+- libxcrypt: upgrade 4.4.26 -> 4.4.27
+- libxcrypt-compat: upgrade 4.4.26 -> 4.4.27
+- libxi: update to 1.8
+- libxkbcommon: update to 1.4.0
+- libxml2: update to 2.9.13
+- libxslt: update to v1.1.35
+- lighttpd: update 1.4.59 -> 1.4.64
+- linux-firmware: upgrade 20210818 -> 20220310
+- linux-libc-headers: update to v5.16
+- linux-yocto/5.10: update to v5.10.109
+- linux-yocto/5.15: introduce recipes (v5.15.32)
+- linux-yocto-dev: update to v5.18+
+- linux-yocto-rt/5.10: update to -rt61
+- linux-yocto-rt/5.15: update to -rt34
+- llvm: update 12.0.1 -> 13.0.1
+- logrotate: update 3.18.1 -> 3.19.0
+- lsof: update 4.91 -> 4.94.0
+- ltp: update 20210927 -> 20220121
+- ltp: Update to 20210927
+- lttng-modules: update devupstream to latest 2.13
+- lttng-modules: update to 2.13.3
+- lttng-tools: upgrade 2.13.0 -> 2.13.4
+- lttng-ust: upgrade 2.13.0 -> 2.13.2
+- lua: update 5.3.6 -> 5.4.4
+- lzip: upgrade 1.22 -> 1.23
+- man-db: upgrade 2.9.4 -> 2.10.2
+- man-pages: update to 5.13
+- mdadm: update 4.1 -> 4.2
+- mesa: upgrade 21.2.1 -> 22.0.0
+- meson: update 0.58.1 -> 0.61.3
+- minicom: Upgrade 2.7.1 -> 2.8
+- mmc-utils: upgrade to latest revision
+- mobile-broadband-provider-info: upgrade 20210805 -> 20220315
+- mpg123: upgrade 1.28.2 -> 1.29.3
+- msmtp: upgrade 1.8.15 -> 1.8.20
+- mtd-utils: upgrade 2.1.3 -> 2.1.4
+- mtools: upgrade 4.0.35 -> 4.0.38
+- musl: Update to latest master
+- ncurses: update 6.2 -> 6.3
+- newlib: Upgrade 4.1.0 -> 4.2.0
+- nfs-utils: upgrade 2.5.4 -> 2.6.1
+- nghttp2: upgrade 1.45.1 -> 1.47.0
+- ofono: upgrade 1.32 -> 1.34
+- opensbi: Upgrade to 1.0
+- openssh: upgrade 8.7p1 -> 8.9
+- openssl: update 1.1.1l -> 3.0.2
+- opkg: upgrade 0.4.5 -> 0.5.0
+- opkg-utils: upgrade 0.4.5 -> 0.5.0
+- ovmf: update 202105 -> 202202
+- p11-kit: update 0.24.0 -> 0.24.1
+- pango: upgrade 1.48.9 -> 1.50.4
+- patchelf: upgrade 0.13 -> 0.14.5
+- perl-cross: update 1.3.6 -> 1.3.7
+- perl: update 5.34.0 -> 5.34.1
+- piglit: upgrade to latest revision
+- pigz: upgrade 2.6 -> 2.7
+- pinentry: update 1.1.1 -> 1.2.0
+- pkgconfig: Update to latest
+- psplash: upgrade to latest revision
+- puzzles: upgrade to latest revision
+- python3-asn1crypto: upgrade 1.4.0 -> 1.5.1
+- python3-attrs: upgrade 21.2.0 -> 21.4.0
+- python3-cryptography: Upgrade to 36.0.2
+- python3-cryptography-vectors: upgrade to 36.0.2
+- python3-cython: upgrade 0.29.24 -> 0.29.28
+- python3-dbusmock: update to 0.27.3
+- python3-docutils: upgrade 0.17.1 0.18.1
+- python3-dtschema: upgrade 2021.10 -> 2022.1
+- python3-gitdb: upgrade 4.0.7 -> 4.0.9
+- python3-git: update to 3.1.27
+- python3-hypothesis: upgrade 6.15.0 -> 6.39.5
+- python3-imagesize: upgrade 1.2.0 -> 1.3.0
+- python3-importlib-metadata: upgrade 4.6.4 -> 4.11.3
+- python3-jinja2: upgrade 3.0.1 -> 3.1.1
+- python3-jsonschema: upgrade 3.2.0 -> 4.4.0
+- python3-libarchive-c: upgrade 3.1 -> 4.0
+- python3-magic: upgrade 0.4.24 -> 0.4.25
+- python3-mako: upgrade 1.1.5 -> 1.1.6
+- python3-markdown: upgrade 3.3.4 -> 3.3.6
+- python3-markupsafe: upgrade 2.0.1 -> 2.1.1
+- python3-more-itertools: upgrade 8.8.0 -> 8.12.0
+- python3-numpy: upgrade 1.21.2 -> 1.22.3
+- python3-packaging: upgrade 21.0 -> 21.3
+- python3-pathlib2: upgrade 2.3.6 -> 2.3.7
+- python3-pbr: upgrade 5.6.0 -> 5.8.1
+- python3-pip: update 21.2.4 -> 22.0.3
+- python3-pycairo: upgrade 1.20.1 -> 1.21.0
+- python3-pycryptodome: upgrade 3.10.1 -> 3.14.1
+- python3-pyelftools: upgrade 0.27 -> 0.28
+- python3-pygments: upgrade 2.10.0 -> 2.11.2
+- python3-pygobject: upgrade 3.40.1 -> 3.42.0
+- python3-pyparsing: update to 3.0.7
+- python3-pyrsistent: upgrade 0.18.0 -> 0.18.1
+- python3-pytest-runner: upgrade 5.3.1 -> 6.0.0
+- python3-pytest-subtests: upgrade 0.6.0 -> 0.7.0
+- python3-pytest: upgrade 6.2.4 -> 7.1.1
+- python3-pytz: upgrade 2021.3 -> 2022.1
+- python3-py: upgrade 1.10.0 -> 1.11.0
+- python3-pyyaml: upgrade 5.4.1 -> 6.0
+- python3-ruamel-yaml: upgrade 0.17.16 -> 0.17.21
+- python3-scons: upgrade 4.2.0 -> 4.3.0
+- python3-setuptools-scm: upgrade 6.0.1 -> 6.4.2
+- python3-setuptools: update to 59.5.0
+- python3-smmap: update to 5.0.0
+- python3-tomli: upgrade 1.2.1 -> 2.0.1
+- python3: update to 3.10.3
+- python3-urllib3: upgrade 1.26.8 -> 1.26.9
+- python3-zipp: upgrade 3.5.0 -> 3.7.0
+- qemu: update 6.0.0 -> 6.2.0
+- quilt: upgrade 0.66 -> 0.67
+- re2c: upgrade 2.2 -> 3.0
+- readline: upgrade 8.1 -> 8.1.2
+- repo: upgrade 2.17.3 -> 2.22
+- resolvconf: update 1.87 -> 1.91
+- rng-tools: upgrade 6.14 -> 6.15
+- rpcsvc-proto: upgrade 1.4.2 -> 1.4.3
+- rpm: update 4.16.1.3 -> 4.17.0
+- rt-tests: update 2.1 -> 2.3
+- ruby: update 3.0.2 -> 3.1.1
+- rust: update 1.54.0 -> 1.59.0
+- rxvt-unicode: upgrade 9.26 -> 9.30
+- screen: upgrade 4.8.0 -> 4.9.0
+- shaderc: update 2021.1 -> 2022.1
+- shadow: upgrade 4.9 -> 4.11.1
+- socat: upgrade 1.7.4.1 -> 1.7.4.3
+- spirv-headers: bump to b42ba6 revision
+- spirv-tools: update 2021.2 -> 2022.1
+- sqlite3: upgrade 3.36.0 -> 3.38.2
+- strace: update 5.14 -> 5.16
+- stress-ng: upgrade 0.13.00 -> 0.13.12
+- sudo: update 1.9.7p2 -> 1.9.10
+- sysklogd: upgrade 2.2.3 -> 2.3.0
+- sysstat: upgrade 12.4.3 -> 12.4.5
+- systemd: update 249.3 -> 250.4
+- systemtap: upgrade 4.5 -> 4.6
+- sysvinit: upgrade 2.99 -> 3.01
+- tzdata: update to 2022a
+- u-boot: upgrade 2021.07 -> 2022.01
+- uninative: Upgrade to 3.6 with gcc 12 support
+- util-linux: update 2.37.2 -> 2.37.4
+- vala: upgrade 0.52.5 -> 0.56.0
+- valgrind: update 3.17.0 -> 3.18.1
+- vim: upgrade to 8.2 patch 4681
+- vte: upgrade 0.64.2 -> 0.66.2
+- vulkan-headers: upgrade 1.2.182 -> 1.2.191
+- vulkan-loader: upgrade 1.2.182 -> 1.2.198.1
+- vulkan-samples: update to latest revision
+- vulkan-tools: upgrade 1.2.182 -> 1.2.191
+- vulkan: update 1.2.191.0 -> 1.3.204.1
+- waffle: update 1.6.1 -> 1.7.0
+- wayland-protocols: upgrade 1.21 -> 1.25
+- wayland: upgrade 1.19.0 -> 1.20.0
+- webkitgtk: upgrade 2.34.0 -> 2.36.0
+- weston: upgrade 9.0.0 -> 10.0.0
+- wget: update 1.21.1 -> 1.21.3
+- wireless-regdb: upgrade 2021.07.14 -> 2022.02.18
+- wpa-supplicant: update 2.9 -> 2.10
+- wpebackend-fdo: upgrade 1.10.0 -> 1.12.0
+- xauth: upgrade 1.1 -> 1.1.1
+- xf86-input-libinput: update to 1.2.1
+- xf86-video-intel: update to latest commit
+- xkeyboard-config: update to 2.35.1
+- xorgproto: update to 2021.5
+- xserver-xorg: update 1.20.13 -> 21.1.3
+- xwayland: update 21.1.2 -> 22.1.0
+- xxhash: upgrade 0.8.0 -> 0.8.1
+- zstd: update 1.5.0 -> 1.5.2
+
+
+
+Contributors to 4.0
+~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+- Abongwa Amahnui Bonalais
+- Adriaan Schmidt
+- Adrian Freihofer
+- Ahmad Fatoum
+- Ahmed Hossam
+- Ahsan Hussain
+- Alejandro Hernandez Samaniego
+- Alessio Igor Bogani
+- Alexander Kanavin
+- Alexandre Belloni
+- Alexandru Ardelean
+- Alexey Brodkin
+- Alex Stewart
+- Andreas Müller
+- Andrei Gherzan
+- Andrej Valek
+- Andres Beltran
+- Andrew Jeffery
+- Andrey Zhizhikin
+- Anton Mikanovich
+- Anuj Mittal
+- Bill Pittman
+- Bruce Ashfield
+- Caner Altinbasak
+- Carlos Rafael Giani
+- Chaitanya Vadrevu
+- Changhyeok Bae
+- Changqing Li
+- Chen Qi
+- Christian Eggers
+- Claudius Heine
+- Claus Stovgaard
+- Daiane Angolini
+- Daniel Ammann
+- Daniel Gomez
+- Daniel McGregor
+- Daniel Müller
+- Daniel Wagenknecht
+- David Joyner
+- David Reyna
+- Denys Dmytriyenko
+- Dhruva Gole
+- Diego Sueiro
+- Dmitry Baryshkov
+- Ferry Toth
+- Florian Amstutz
+- Henry Kleynhans
+- He Zhe
+- Hongxu Jia
+- Hsia-Jun(Randy) Li
+- Ian Ray
+- Jacob Kroon
+- Jagadeesh Krishnanjanappa
+- Jasper Orschulko
+- Jim Wilson
+- Joel Winarske
+- Joe Slater
+- Jon Mason
+- Jose Quaresma
+- Joshua Watt
+- Justin Bronder
+- Kai Kang
+- Kamil Dziezyk
+- Kevin Hao
+- Khairul Rohaizzat Jamaluddin
+- Khem Raj
+- Kiran Surendran
+- Konrad Weihmann
+- Kory Maincent
+- Lee Chee Yang
+- Leif Middelschulte
+- Lei Maohui
+- Li Wang
+- Liwei Song
+- Luca Boccassi
+- Lukasz Majewski
+- Luna Gräfje
+- Manuel Leonhardt
+- Marek Vasut
+- Mark Hatle
+- Markus Niebel
+- Markus Volk
+- Marta Rybczynska
+- Martin Beeger
+- Martin Jansa
+- Matthias Klein
+- Matt Madison
+- Maximilian Blenk
+- Max Krummenacher
+- Michael Halstead
+- Michael Olbrich
+- Michael Opdenacker
+- Mike Crowe
+- Ming Liu
+- Mingli Yu
+- Minjae Kim
+- Nicholas Sielicki
+- Olaf Mandel
+- Oleh Matiusha
+- Oleksandr Kravchuk
+- Oleksandr Ocheretnyi
+- Oleksandr Suvorov
+- Oleksiy Obitotskyy
+- Otavio Salvador
+- Pablo Saavedra
+- Paul Barker
+- Paul Eggleton
+- Pavel Zhukov
+- Peter Hoyes
+- Peter Kjellerstedt
+- Petr Vorel
+- Pgowda
+- Quentin Schulz
+- Ralph Siemsen
+- Randy Li
+- Randy MacLeod
+- Rasmus Villemoes
+- Ricardo Salveti
+- Richard Neill
+- Richard Purdie
+- Robert Joslyn
+- Robert P. J. Day
+- Robert Yang
+- Ross Burton
+- Rudolf J Streif
+- Sakib Sajal
+- Samuli Piippo
+- Saul Wold
+- Scott Murray
+- Sean Anderson
+- Simone Weiss
+- Simon Kuhnle
+- S. Lockwood-Childs
+- Stefan Herbrechtsmeier
+- Steve Sakoman
+- Sundeep KOKKONDA
+- Tamizharasan Kumar
+- Tean Cunningham
+- Teoh Jay Shen
+- Thomas Perrot
+- Tim Orling
+- Tobias Kaufmann
+- Tom Hochstein
+- Tony McDowell
+- Trevor Gamblin
+- Ulrich Ölmann
+- Valerii Chernous
+- Vivien Didelot
+- Vyacheslav Yurkov
+- Wang Mingyu
+- Xavier Berger
+- Yi Zhao
+- Yongxin Liu
+- Yureka
+- Zev Weiss
+- Zheng Ruoqin
+- Zoltán Böszörményi
+- Zygmunt Krynicki
+
+
+
+Repositories / Downloads for 4.0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+TBD
-- 
1.8.3.1

RE: [docs] [PATCH 2/9] ref-manual: add a note about hard-coded passwords

[Peter Kjellerstedt]

> -----Original Message-----
> From: docs@lists.yoctoproject.org <docs@lists.yoctoproject.org> On Behalf
> Of Paul Eggleton
> Sent: den 22 april 2022 03:41
> To: docs@lists.yoctoproject.org
> Subject: [docs] [PATCH 2/9] ref-manual: add a note about hard-coded
> passwords
> 
> From: Paul Eggleton <paul.eggleton@microsoft.com>
> 
> It seems prudent to point out that hard-coding passwords in the manner
> detailed in the example is not a good idea in production. This type of
> mistake has unfortunately been made by many device vendors (outside of
> the Yocto Project context) leading to security vulnerabilities.
> 
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>  documentation/ref-manual/classes.rst | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
> index 6ba792d..13cc2bb 100644
> --- a/documentation/ref-manual/classes.rst
> +++ b/documentation/ref-manual/classes.rst
> @@ -576,6 +576,13 @@ Finally, here is an example that sets the root password::
>         usermod -p '${PASSWD}' root; \
>         "
> 
> +.. note::
> +
> +   From a security perspective, hardcoding a default password is not
> +   generally a good idea. It is recommended that you do not do this if you are

I would suggest adding "or even legal in some jurisdictions" after "good idea".

> +   building a production image.
> +
> +
>  .. _ref-classes-features_check:
> 
>  ``features_check.bbclass``
> --
> 1.8.3.1

//Peter

RE: [docs] [PATCH 3/9] ref-manual: mention wildcarding support in INCOMPATIBLE_LICENSE

[Peter Kjellerstedt]

> -----Original Message-----
> From: docs@lists.yoctoproject.org <docs@lists.yoctoproject.org> On Behalf
> Of Paul Eggleton
> Sent: den 22 april 2022 03:41
> To: docs@lists.yoctoproject.org
> Subject: [docs] [PATCH 3/9] ref-manual: mention wildcarding support in
> INCOMPATIBLE_LICENSE
> 
> From: Paul Eggleton <paul.eggleton@microsoft.com>
> 
> Add this since the INCOMPATIBLE_LICENSE wildcard support has changed in
> the 4.0 release.
> 
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>  documentation/ref-manual/variables.rst | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
> index f9fd551..4df8165 100644
> --- a/documentation/ref-manual/variables.rst
> +++ b/documentation/ref-manual/variables.rst
> @@ -3485,6 +3485,14 @@ system and gives an overview of their function and contents.
>        incompatible licenses are not built. Packages that are individually
>        licensed with the specified incompatible licenses will be deleted.
> 
> +      There is some support for wildcards in this variable's value,
> +      however it is restricted to specific licenses. Currently only the

Remove "the" at the end.

> +      these wildcards are allowed and expand as follows:
> +
> +      - ``AGPL-3.0*"``: ``AGPL-3.0-only``, ``AGPL-3.0-or-later``
> +      - ``GPL-3.0*``: ``GPL-3.0-only``, ``GPL-3.0-or-later``
> +      - ``LGPL-3.0*``: ``LGPL-3.0-only``, ``LGPL-3.0-or-later``
> +
>        .. note::
> 
>           This functionality is only regularly tested using the following
> --
> 1.8.3.1

//Peter

RE: [docs] [PATCH 7/9] ref-manual: add empty-dirs QA check and QA_EMPTY_DIRS*

[Peter Kjellerstedt]

> -----Original Message-----
> From: docs@lists.yoctoproject.org <docs@lists.yoctoproject.org> On Behalf
> Of Paul Eggleton
> Sent: den 22 april 2022 03:41
> To: docs@lists.yoctoproject.org
> Subject: [docs] [PATCH 7/9] ref-manual: add empty-dirs QA check and
> QA_EMPTY_DIRS*
> 
> From: Paul Eggleton <paul.eggleton@microsoft.com>
> 
> This check is new in kirkstone.
> 
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>  documentation/ref-manual/classes.rst   |  5 +++++
>  documentation/ref-manual/qa-checks.rst | 10 +++++++++-
>  documentation/ref-manual/variables.rst | 15 +++++++++++++++
>  3 files changed, 29 insertions(+), 1 deletion(-)
> 
> diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
> index 13cc2bb..a084ace 100644
> --- a/documentation/ref-manual/classes.rst
> +++ b/documentation/ref-manual/classes.rst
> @@ -1039,6 +1039,11 @@ Here are the tests you can list with the :term:`WARN_QA` and
>     cases, such as dynamically loaded modules, these symlinks
>     are needed instead in the main package.
> 
> +-  ``empty-dirs:`` Checks that packages are not installing files to
> +   directories that are normally expected to be empty (such as ``/tmp``)
> +   The list of directories that are checked is specified by the
> +   :term:`QA_EMPTY_DIRS` variable.
> +
>  -  ``file-rdeps:`` Checks that file-level dependencies identified by
>     the OpenEmbedded build system at packaging time are satisfied. For
>     example, a shell script might start with the line ``#!/bin/bash``.
> diff --git a/documentation/ref-manual/qa-checks.rst b/documentation/ref-manual/qa-checks.rst
> index 3364311..e881697 100644
> --- a/documentation/ref-manual/qa-checks.rst
> +++ b/documentation/ref-manual/qa-checks.rst
> @@ -154,7 +154,15 @@ Errors and Warnings
>     ``FILES:${PN}-dbg``. See :term:`FILES` for additional
>     information on :term:`FILES`.
> 
> -
> +.. _qa-check-empty-dirs:
> +
> +-  ``<packagename> installs files in <path>, but it is expected to be empty [empty-dirs]``
> +
> +   The specified package is installing files into a directory that is
> +   normally expected to be empty (such as ``/tmp``). These files may
> +   be more appropriately installed to a different location, or
> +   perhaps alternatively not installed at all.
> +
>  .. _qa-check-arch:
> 
>  -  ``Architecture did not match (<file_arch>, expected <machine_arch>) in <file> [arch]``
> diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
> index 4803578..47c8a8f 100644
> --- a/documentation/ref-manual/variables.rst
> +++ b/documentation/ref-manual/variables.rst
> @@ -6084,6 +6084,21 @@ system and gives an overview of their function and contents.
>        In the previous example,
>        the version of the dependency is :term:`PYTHON_PN`.
> 
> +   :term:`QA_EMPTY_DIRS`
> +      Specifies a list of directories that are expected to be empty when
> +      packaging; if ``empty-dirs`` appears in :term:`ERROR_QA` or
> +      :term:`WARN_QA` these will be checked and an error or warning
> +      (respectively) will be produced.
> +
> +      The default :term:`QA_EMPTY_DIRS` value is set in
> +      :ref:`classes/insane.bbclass <ref-classes-insane>`.
> +
> +   :term:`QA_EMPTY_DIRS_RECOMMENDATION`
> +      Specifies a recommendation for a directory why it must be empty,
> +      which will be included in the error message if a specific directory
> +      is found to contain files. Must be overridden with the directory
> +      path to match on.

Add:

      If no recommendation is specified for a directory, then the default 
      "but it is expected to be empty" will be used.

      Example:

      QA_EMPTY_DIRS_RECOMMENDATION:/dev = "but all devices must be created at runtime"
     
(Please add formatting for the example, I don't know rst enough.)

> +
>     :term:`RANLIB`
>        The minimal command and arguments to run ``ranlib``.
> 
> --
> 1.8.3.1

//Peter

Re: [docs] [PATCH 1/9] migration-3.4: add missing entry on EXTRA_USERS_PARAMS

[Quentin Schulz]

Hi Paul,

On 4/22/22 03:40, Paul Eggleton wrote:
> We missed noting this in 3.4 but I noticed the documentation was
> recently updated, so note the removal.
> 
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>   documentation/migration-guides/migration-3.4.rst | 7 +++++++
>   1 file changed, 7 insertions(+)
> 
> diff --git a/documentation/migration-guides/migration-3.4.rst b/documentation/migration-guides/migration-3.4.rst
> index 139b2bf..dead6bc 100644
> --- a/documentation/migration-guides/migration-3.4.rst
> +++ b/documentation/migration-guides/migration-3.4.rst
> @@ -265,6 +265,13 @@ Miscellaneous
>     built-in override support in the fetcher or overrides in general
>     instead.
>   
> +- The ``-P`` (``--clear-password``) option can no longer be used with
> +  ``useradd`` and ``usermod`` entries in :term:`EXTRA_USERS_PARAMS`.
> +  It was being implemented using a custom patch to the ``shadow`` recipe
> +  which clashed with a ``-P`` option that was added upstream in
> +  ``shadow`` version 4.9, and in any case is fundamentally insecure.
> +

Nice catch!

I would say that only hashed passwords are supported now and point to 
the extrausers.bbclass doc here: 
https://docs.yoctoproject.org/ref-manual/classes.html#extrausers-bbclass 
which explains how to do it?

and maybe we should mention this in the EXTRA_USERS_PARAMS actually in 
addition to where it currently is located (extrausers.bbclass).

Cheers,
Quentin

Re: [docs] [PATCH 6/9] ref-manual: add XZ_THREADS and ZSTD_THREADS

[Quentin Schulz]

Hi Paul,

On 4/22/22 03:40, Paul Eggleton wrote:
> ZSTD_THREADS is new for kirkstone, XZ_THREADS was introduced in dunfell.
> 

Separate patch please so XZ_THREADS can be backported to all branches up 
to dunfell.

> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>   documentation/ref-manual/variables.rst | 13 ++++++++++++-
>   1 file changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
> index b9448b8..4803578 100644
> --- a/documentation/ref-manual/variables.rst
> +++ b/documentation/ref-manual/variables.rst
> @@ -8737,4 +8737,15 @@ system and gives an overview of their function and contents.
>   
>         The default value of :term:`XSERVER`, if not specified in the machine
>         configuration, is "xserver-xorg xf86-video-fbdev xf86-input-evdev".
> -
> +
> +   :term:`XZ_THREADS`
> +      Specifies the number of parallel threads that should be used when
> +      using xz compression. By default this scales with core count, but
> +      is never set less than 2 to ensure that multi-threaded mode is
> +      always used (so that the output file contents are deterministic).
> +

I don't see how having it set to 1 breaks deterministic builds, do you 
mind explaining?

Also, this feels like explanation of the implementation more than what 
the user should do with this variable.

If the variable should never be <2, then it needs to be explicitly 
stated here (and eventually the reason).

Maybe it'd make sense to explain why would anyone want to modify this 
variable (which IIRC, is for when you have a nproc/ram too high and it 
OOMs when creating packages).

> +   :term:`ZSTD_THREADS`
> +      Specifies the number of parallel threads that should be used when
> +      using ZStandard compression. By default this scales with core count,
> +      but is never set less than 2 to ensure that multi-threaded mode is
> +      always used (so that the output file contents are deterministic).
> 

Ditto.

Cheers,
Quentin

Re: [docs] [PATCH 1/9] migration-3.4: add missing entry on EXTRA_USERS_PARAMS

[Richard Purdie]

On Fri, 2022-04-22 at 12:30 +0200, Quentin Schulz wrote:
> Hi Paul,
> 
> On 4/22/22 03:40, Paul Eggleton wrote:
> > We missed noting this in 3.4 but I noticed the documentation was
> > recently updated, so note the removal.
> > 
> > Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> > ---
> >   documentation/migration-guides/migration-3.4.rst | 7 +++++++
> >   1 file changed, 7 insertions(+)
> > 
> > diff --git a/documentation/migration-guides/migration-3.4.rst b/documentation/migration-guides/migration-3.4.rst
> > index 139b2bf..dead6bc 100644
> > --- a/documentation/migration-guides/migration-3.4.rst
> > +++ b/documentation/migration-guides/migration-3.4.rst
> > @@ -265,6 +265,13 @@ Miscellaneous
> >     built-in override support in the fetcher or overrides in general
> >     instead.
> >   
> > +- The ``-P`` (``--clear-password``) option can no longer be used with
> > +  ``useradd`` and ``usermod`` entries in :term:`EXTRA_USERS_PARAMS`.
> > +  It was being implemented using a custom patch to the ``shadow`` recipe
> > +  which clashed with a ``-P`` option that was added upstream in
> > +  ``shadow`` version 4.9, and in any case is fundamentally insecure.
> > +
> 
> Nice catch!
> 
> I would say that only hashed passwords are supported now and point to 
> the extrausers.bbclass doc here: 
> https://docs.yoctoproject.org/ref-manual/classes.html#extrausers-bbclass 
> which explains how to do it?
> 
> and maybe we should mention this in the EXTRA_USERS_PARAMS actually in 
> addition to where it currently is located (extrausers.bbclass).

Can I tempt you to send a follow up patch against master-next please? :)

Cheers,

Richard

Re: [docs] [PATCH 7/9] ref-manual: add empty-dirs QA check and QA_EMPTY_DIRS*

[Quentin Schulz]

Hi Paul,

On 4/22/22 03:40, Paul Eggleton wrote:
> From: Paul Eggleton <paul.eggleton@microsoft.com>
> 
> This check is new in kirkstone.
> 
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>   documentation/ref-manual/classes.rst   |  5 +++++
>   documentation/ref-manual/qa-checks.rst | 10 +++++++++-
>   documentation/ref-manual/variables.rst | 15 +++++++++++++++
>   3 files changed, 29 insertions(+), 1 deletion(-)
> 
> diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
> index 13cc2bb..a084ace 100644
> --- a/documentation/ref-manual/classes.rst
> +++ b/documentation/ref-manual/classes.rst
> @@ -1039,6 +1039,11 @@ Here are the tests you can list with the :term:`WARN_QA` and
>      cases, such as dynamically loaded modules, these symlinks
>      are needed instead in the main package.
>   
> +-  ``empty-dirs:`` Checks that packages are not installing files to
> +   directories that are normally expected to be empty (such as ``/tmp``)
> +   The list of directories that are checked is specified by the
> +   :term:`QA_EMPTY_DIRS` variable.
> +
>   -  ``file-rdeps:`` Checks that file-level dependencies identified by
>      the OpenEmbedded build system at packaging time are satisfied. For
>      example, a shell script might start with the line ``#!/bin/bash``.
> diff --git a/documentation/ref-manual/qa-checks.rst b/documentation/ref-manual/qa-checks.rst
> index 3364311..e881697 100644
> --- a/documentation/ref-manual/qa-checks.rst
> +++ b/documentation/ref-manual/qa-checks.rst
> @@ -154,7 +154,15 @@ Errors and Warnings
>      ``FILES:${PN}-dbg``. See :term:`FILES` for additional
>      information on :term:`FILES`.
>   
> -
> +.. _qa-check-empty-dirs:
> +
> +-  ``<packagename> installs files in <path>, but it is expected to be empty [empty-dirs]``
> +
> +   The specified package is installing files into a directory that is
> +   normally expected to be empty (such as ``/tmp``). These files may
> +   be more appropriately installed to a different location, or
> +   perhaps alternatively not installed at all.
> +

Can we reference where those changes need to be made?

To ignore this warning for some dirs: QA_EMPTY_DIRS
To install in a different location: do_install + FILES: variables?

>   .. _qa-check-arch:
>   
>   -  ``Architecture did not match (<file_arch>, expected <machine_arch>) in <file> [arch]``
> diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
> index 4803578..47c8a8f 100644
> --- a/documentation/ref-manual/variables.rst
> +++ b/documentation/ref-manual/variables.rst
> @@ -6084,6 +6084,21 @@ system and gives an overview of their function and contents.
>         In the previous example,
>         the version of the dependency is :term:`PYTHON_PN`.
>   
> +   :term:`QA_EMPTY_DIRS`
> +      Specifies a list of directories that are expected to be empty when
> +      packaging; if ``empty-dirs`` appears in :term:`ERROR_QA` or
> +      :term:`WARN_QA` these will be checked and an error or warning
> +      (respectively) will be produced.
> +
> +      The default :term:`QA_EMPTY_DIRS` value is set in
> +      :ref:`classes/insane.bbclass <ref-classes-insane>`.
> +

we usually just use insane.bbclass and not the path to it in the git 
repo/layer.

> +   :term:`QA_EMPTY_DIRS_RECOMMENDATION`
> +      Specifies a recommendation for a directory why it must be empty,
> +      which will be included in the error message if a specific directory
> +      is found to contain files. Must be overridden with the directory
> +      path to match on.
> +

This is not explicit enough to me, we shall provide an example or 
rephrase the last sentence.

I can suggest:

path to match on::

   QA_EMPTY_DIRS_RECOMMENDATION:/tmp = "/tmp is expected to be a 
temporary directory and emptied upon booting"

or something like that.

Cheers,
Quentin

Re: [docs] [PATCH 8/9] migration-guides: complete migration guide for 4.0

[Quentin Schulz]

Hi Paul,

On 4/22/22 03:40, Paul Eggleton wrote:
> From: Paul Eggleton <paul.eggleton@microsoft.com>
> 
> * Make some corrections to preliminary set of entries
> * Move out entries that were more appropriate for the release notes
>    (i.e. that are more additions rather than changes that require the
>    user to make changes)
> * Add new entries based on commits in the kirkstone branch
> 
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>   documentation/migration-guides/migration-4.0.rst | 346 +++++++++++++++--------
>   1 file changed, 221 insertions(+), 125 deletions(-)
> 
> diff --git a/documentation/migration-guides/migration-4.0.rst b/documentation/migration-guides/migration-4.0.rst
> index 202999e..6725e25 100644
> --- a/documentation/migration-guides/migration-4.0.rst
> +++ b/documentation/migration-guides/migration-4.0.rst
> @@ -1,61 +1,74 @@
>   Release 4.0 (kirkstone)
>   =======================
>   
> +Migration notes for 4.0 (kirkstone)
> +-----------------------------------
> +
>   This section provides migration information for moving to the Yocto
>   Project 4.0 Release (codename "kirkstone") from the prior release.
>   
> -Recipe changes
> ---------------
> -
> -- To use more `inclusive language <https://urldefense.proofpoint.com/v2/url?u=https-3A__inclusivenaming.org_&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=Z5qU29OH0UrZfgDAR6s26i9mKL_OmsXXyma6cmsvVZY&e= >`__
> -  in the code and documentation, some variables have been renamed or even
> -  deleted. BitBake will stop with an error when renamed or removed variables
> -  still exist in your recipes or configuration.
> -
> -  Please note that the change applies also to environmental variables, so
> -  make sure you use a fresh environment for your build.
> -
> -  The following variables have changed their names:
> -
> -  - ``BB_ENV_WHITELIST`` became :term:`BB_ENV_PASSTHROUGH`
> -  - ``BB_ENV_EXTRAWHITE`` became :term:`BB_ENV_PASSTHROUGH_ADDITIONS`
> -  - ``BB_HASHBASE_WHITELIST`` became :term:`BB_BASEHASH_IGNORE_VARS`
> -  - ``BB_HASHCONFIG_WHITELIST`` became :term:`BB_HASHCONFIG_IGNORE_VARS`
> -  - ``BB_HASHTASK_WHITELIST`` became ``BB_TASKHASH_IGNORE_TASKS``
> -  - ``BB_SETSCENE_ENFORCE_WHITELIST`` became ``BB_SETSCENE_ENFORCE_IGNORE_TASKS``
> -  - ``CVE_CHECK_PN_WHITELIST`` became :term:`CVE_CHECK_SKIP_RECIPE`
> -  - ``CVE_CHECK_WHITELIST`` became :term:`CVE_CHECK_IGNORE`
> -  - ``ICECC_USER_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE`
> -  - ``ICECC_SYSTEM_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE`
> -  - ``ICECC_USER_PACKAGE_WL`` became :term:`ICECC_RECIPE_ENABLE`
> -  - ``ICECC_USER_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE`
> -  - ``ICECC_SYSTEM_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE`
> -  - ``LICENSE_FLAGS_WHITELIST`` became :term:`LICENSE_FLAGS_ACCEPTED`
> -  - ``MULTI_PROVIDER_WHITELIST`` became :term:`BB_MULTI_PROVIDER_ALLOWED`
> -  - ``PNBLACKLIST`` became :term:`SKIP_RECIPE`
> -  - ``SDK_LOCAL_CONF_BLACKLIST`` became :term:`ESDK_LOCALCONF_REMOVE`
> -  - ``SDK_LOCAL_CONF_WHITELIST`` became :term:`ESDK_LOCALCONF_ALLOW`
> -  - ``SDK_INHERIT_BLACKLIST`` became :term:`ESDK_CLASS_INHERIT_DISABLE`
> -  - ``SSTATE_DUPWHITELIST`` became ``SSTATE_ALLOW_OVERLAP_FILES``
> -  - ``SYSROOT_DIRS_BLACKLIST`` became :term:`SYSROOT_DIRS_IGNORE`
> -  - ``UNKNOWN_CONFIGURE_WHITELIST`` became :term:`UNKNOWN_CONFIGURE_OPT_IGNORE`
> -
> -  In addition, ``BB_STAMP_WHITELIST``, ``BB_STAMP_POLICY``, ``INHERIT_BLACKLIST``
> -  and ``TUNEABI_WHITELIST`` have been removed.
> -
> -  Many internal variable names have been also renamed accordingly.
> -
> -  In addition, in the ``cve-check`` output, the CVE issue status ``Whitelisted``
> -  has been renamed to ``Ignored``.
> -
> -  A :oe_git:`convert-variable-renames.py
> -  </openembedded-core/tree/scripts/contrib/convert-variable-renames.py>`
> -  script is provided to convert your recipes and configuration,
> -  and also warns you about the use of problematic words. The script performs
> -  changes and you need to review them before committing. An example warning
> -  looks like::
> -
> -     poky/scripts/lib/devtool/upgrade.py needs further work at line 275 since it contains abort
> +.. _migration-4.0-inclusive-language:
> +
> +Inclusive language improvements
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +To use more `inclusive language <https://urldefense.proofpoint.com/v2/url?u=https-3A__inclusivenaming.org_&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=Z5qU29OH0UrZfgDAR6s26i9mKL_OmsXXyma6cmsvVZY&e= >`__
> +in the code and documentation, some variables have been renamed, and
> +some have been deleted where they are no longer needed. In many cases the
> +new names are also easier to understand. BitBake will stop with an error when
> +renamed or removed variables still exist in your recipes or configuration.
> +
> +Please note that the change applies also to environmental variables, so
> +make sure you use a fresh environment for your build.
> +
> +The following variables have changed their names:
> +
> +- ``BB_ENV_WHITELIST`` became :term:`BB_ENV_PASSTHROUGH`
> +- ``BB_ENV_EXTRAWHITE`` became :term:`BB_ENV_PASSTHROUGH_ADDITIONS`
> +- ``BB_HASHBASE_WHITELIST`` became :term:`BB_BASEHASH_IGNORE_VARS`
> +- ``BB_HASHCONFIG_WHITELIST`` became :term:`BB_HASHCONFIG_IGNORE_VARS`
> +- ``BB_HASHTASK_WHITELIST`` became ``BB_TASKHASH_IGNORE_TASKS``
> +- ``BB_SETSCENE_ENFORCE_WHITELIST`` became ``BB_SETSCENE_ENFORCE_IGNORE_TASKS``
> +- ``CVE_CHECK_PN_WHITELIST`` became :term:`CVE_CHECK_SKIP_RECIPE`
> +- ``CVE_CHECK_WHITELIST`` became :term:`CVE_CHECK_IGNORE`
> +- ``ICECC_USER_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE`
> +- ``ICECC_SYSTEM_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE`
> +- ``ICECC_USER_PACKAGE_WL`` became :term:`ICECC_RECIPE_ENABLE`
> +- ``ICECC_USER_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE`
> +- ``ICECC_SYSTEM_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE`
> +- ``LICENSE_FLAGS_WHITELIST`` became :term:`LICENSE_FLAGS_ACCEPTED`
> +- ``MULTI_PROVIDER_WHITELIST`` became :term:`BB_MULTI_PROVIDER_ALLOWED`
> +- ``PNBLACKLIST`` became :term:`SKIP_RECIPE`
> +- ``SDK_LOCAL_CONF_BLACKLIST`` became :term:`ESDK_LOCALCONF_REMOVE`
> +- ``SDK_LOCAL_CONF_WHITELIST`` became :term:`ESDK_LOCALCONF_ALLOW`
> +- ``SDK_INHERIT_BLACKLIST`` became :term:`ESDK_CLASS_INHERIT_DISABLE`
> +- ``SSTATE_DUPWHITELIST`` became ``SSTATE_ALLOW_OVERLAP_FILES``
> +- ``SYSROOT_DIRS_BLACKLIST`` became :term:`SYSROOT_DIRS_IGNORE`
> +- ``UNKNOWN_CONFIGURE_WHITELIST`` became :term:`UNKNOWN_CONFIGURE_OPT_IGNORE`
> +- ``WHITELIST_<license>`` became ``INCOMPATIBLE_LICENSE_EXCEPTIONS``
> +
> +In addition, ``BB_STAMP_WHITELIST``, ``BB_STAMP_POLICY``, ``INHERIT_BLACKLIST``,
> +``TUNEABI``, ``TUNEABI_WHITELIST``, and ``TUNEABI_OVERRIDE`` have been removed.
> +
> +Many internal variable names have been also renamed accordingly.
> +
> +In addition, in the ``cve-check`` output, the CVE issue status ``Whitelisted``
> +has been renamed to ``Ignored``.
> +
> +The :term:`BB_DISKMON_DIRS` variable value now uses the term ``HALT``
> +instead of ``ABORT``.
> +
> +A :oe_git:`convert-variable-renames.py
> +</openembedded-core/tree/scripts/contrib/convert-variable-renames.py>`
> +script is provided to convert your recipes and configuration,
> +and also warns you about the use of problematic words. The script performs
> +changes and you need to review them before committing. An example warning
> +looks like::
> +
> +    poky/scripts/lib/devtool/upgrade.py needs further work at line 275 since it contains abort
> +
> +Fetching changes
> +~~~~~~~~~~~~~~~~
>   
>   - Because of the uncertainty in future default branch names in git repositories,
>     it is now required to add a branch name to all URLs described
> @@ -70,7 +83,8 @@ Recipe changes
>   - Because of `GitHub dropping support for the git:
>     protocol <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.blog_2021-2D09-2D01-2Dimproving-2Dgit-2Dprotocol-2Dsecurity-2Dgithub_&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=qIusTKRAujq_yLu7-NcnfXgxBc9anmWi8wGLcPoVjc0&e= >`__,
>     recipes now need to use ``;protocol=https`` at the end of GitHub
> -  URLs. The same script as above can be used to convert the recipes.
> +  URLs. The same ``convert-srcuri`` script mentioned above can be used to convert
> +  your recipes.
>   
>   - Network access from tasks is now disabled by default on kernels which support
>     this feature (on most recent distros such as CentOS 8 and Debian 11 onwards).
> @@ -84,87 +98,169 @@ Recipe changes
>     usually undermines fetcher source mirroring, image and licence manifests, software
>     auditing and supply chain security.
>   
> -- The :term:`TOPDIR` variable and the current working directory are no longer modified
> -  when parsing recipes. Any code depending on that behaviour will no longer work.
> -
> -- The ``append``, ``prepend`` and ``remove`` operators can now only be combined with
> -  ``=`` and ``:=`` operators. To the exception of the ``append`` plus ``+=`` and
> -  ``prepend`` plus ``=+`` combinations, all combinations could be factored up to the
> -  ``append``, ``prepend`` or ``remove`` in the combination. This brought a lot of
> -  confusion on how the override style syntax operators work and should be used.
> -  Therefore, those combinations can simply be replaced by a single ``append``,
> -  ``prepend`` or ``remove`` operator without any additional change.
> -  For the ``append`` plus ``+=`` (and ``prepend`` plus ``=+``) combinations,
> -  the content should be prefixed (respectively suffixed) by a space to maintain
> -  the same behavior.  You can learn more about override style syntax operators
> -  (``append``, ``prepend`` and ``remove``) in the BitBake documentation:
> -  :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata:appending and prepending (override style syntax)`
> -  and :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata:removal (override style syntax)`.
> +License changes
> +~~~~~~~~~~~~~~~
>   
> -- :ref:`allarch <ref-classes-allarch>` packagegroups can no longer depend on packages
> -  which use :term:`PKG` renaming such as :ref:`ref-classes-debian`.
> +- The ambiguous "BSD" license has been removed from the ``common-licenses`` directory.
> +  Each recipe that fetches or builds BSD-licensed code should specify the proper
> +  version of the BSD license in its :term:`LICENSE` value.
>   
> -- :term:`LICENSE` definitions now have to use `SPDX identifiers <https://urldefense.proofpoint.com/v2/url?u=https-3A__spdx.org_licenses_&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=u7wGKvbMLeyxL8__NUVf16Enm2tT7IYNDKgMTir9190&e= >`__.
> -  A :oe_git:`convert-spdx-licenses.py </openembedded-core/tree/scripts/contrib/convert-spdx-licenses.py>`
> +- :term:`LICENSE` variable values should now use `SPDX identifiers <https://urldefense.proofpoint.com/v2/url?u=https-3A__spdx.org_licenses_&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=u7wGKvbMLeyxL8__NUVf16Enm2tT7IYNDKgMTir9190&e= >`__.
> +  If they do not, by default a warning will be shown. A
> +  :oe_git:`convert-spdx-licenses.py </openembedded-core/tree/scripts/contrib/convert-spdx-licenses.py>`
>     script can be used to update your recipes.
> -
> -- :term:`SRC_URI`: a new :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-fetching:crate fetcher (\`\`crate://\`\`)`
> -  is available for Rust packages.
> -
> -Class changes
> --------------
> -
> -- The ``distutils*.bbclasses`` have been moved to ``meta-python``. The classes and
> -  `DISTUTILS*` variables have been removed from the documentation.
> -
> -- ``blacklist.bbclass`` is removed and the functionality moved to the
> -  :ref:`base <ref-classes-base>` class with a more descriptive
> -  ``varflag`` named :term:`SKIP_RECIPE` which will use the `SkipRecipe()`
> -  function. The usage will remain the same::
> -
> -     SKIP_RECIPE[my-recipe] = "Reason for skipping recipe"
> -
> -- The Python package build process based on `wheels <https://urldefense.proofpoint.com/v2/url?u=https-3A__pythonwheels.com_&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=DqUeSgcMrforL2eigBvT5K4wc67801m8zXn0tF48n2k&e= >`__.
> +
> +- :term:`INCOMPATIBLE_LICENSE` should now use `SPDX identifiers <https://urldefense.proofpoint.com/v2/url?u=https-3A__spdx.org_licenses_&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=u7wGKvbMLeyxL8__NUVf16Enm2tT7IYNDKgMTir9190&e= >`__.
> +  Additionally, wildcarding is now limited to specifically supported values -
> +  see the :term:`INCOMPATIBLE_LICENSE` documentation for further information.
> +
> +- The ``AVAILABLE_LICENSES`` variable has been removed. This variable was a performance
> +  liability and is highly dependent on which layers are added to the configuration,
> +  which can cause signature issues for users. In addition the ``available_licenses()``
> +  function has been removed from the :ref:`license <ref-classes-license>` class as
> +  it is no longer needed.
> +
> +Removed recipes
> +~~~~~~~~~~~~~~~
> +
> +The following recipes have been removed in this release:
> +
> +- ``dbus-test``: merged into main dbus recipe
> +- ``libid3tag``: moved to meta-oe - no longer needed by anything in OE-Core
> +- ``libportal``: moved to meta-gnome - no longer needed by anything in OE-Core
> +- ``linux-yocto``: removed version 5.14 recipes (5.15 and 5.10 still provided)
> +- ``python3-nose``: has not changed since 2016 upstream, and no longer needed by anything in OE-Core
> +- ``rustfmt``: not especially useful as a standalone recipe
> +
> +Python changes
> +~~~~~~~~~~~~~~
> +
> +- ``distutils`` has been deprecated upstream in Python 3.10 and thus the ``distutils*``
> +  classes have been moved to ``meta-python``. Recipes that inherit the ``distutils*``
> +  classes should be updated to inherit ``setuptools*`` equivalents instead.
> +
> +- The Python package build process is now based on `wheels <https://urldefense.proofpoint.com/v2/url?u=https-3A__pythonwheels.com_&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=DqUeSgcMrforL2eigBvT5K4wc67801m8zXn0tF48n2k&e= >`__.
>     Here are the new Python packaging classes that should be used:
> -  :ref:`python-flit_core <ref-classes-python_flit_core>`,
> -  :ref:`setuptools_python-build_meta <ref-classes-python_setuptools_build_meta>`
> -  and :ref:`python_poetry_core <ref-classes-python_poetry_core>`.
> -
> -- ``image-prelink.bbclass`` class is removed.
> -
> -- New :ref:`overlayfs <ref-classes-overlayfs>` and
> -  :ref:`overlayfs-etc <ref-classes-overlayfs-etc>` classes are available
> -  to make it easier to overlay read-only filesystems (for example)
> -  with `OverlayFS <https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_OverlayFS&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=zUgPJ_h8gSNDb6D_jJmzEp0xgHZmjbm0nVeKaaIByHc&e= >`__.
> -
> -Configuration changes
> ----------------------
> -
> -- The Yocto Project now allows to reuse Shared State from its autobuilder.
> -  If the network connection between our server and your machine is faster
> -  than you would build recipes, you can try to speed up your builds
> -  by using such Share State and Hash Equivalence by setting::
> -
> -     BB_SIGNATURE_HANDLER = "OEEquivHash"
> -     BB_HASHSERVE = "auto"
> -     BB_HASHSERVE_UPSTREAM = "typhoon.yocto.io:8687"
> -     SSTATE_MIRRORS ?= "file://.* https://urldefense.proofpoint.com/v2/url?u=https-3A__sstate.yoctoproject.org_-26YOCTO-5FDOC-5FVERSION-3B_PATH-3Bdownloadfilename-3DPATH&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=XB22zEBGRLceQo6C7NPJlhjcCCLaVQyi-H64nhlgdBI&e= "
> +  :ref:`python_flit_core <ref-classes-python_flit_core>`,
> +  :ref:`python_setuptools_build_meta <ref-classes-python_setuptools_build_meta>`
> +  and :ref:`python_poetry_core <ref-classes-python_poetry_core>`.
> +
> +- The :ref:`setuptools3 <ref-classes-setuptools3>` class ``do_install()`` task now
> +  installs the ``wheel`` binary archive. In current versions of ``setuptools`` the
> +  legacy ``setup.py install`` method is deprecated. If the ``setup.py`` cannot be used
> +  with wheels, for example it creates files outside of the Python module or standard
> +  entry points, then :ref:`setuptools3_legacy <ref-classes-setuptools3_legacy>` should
> +  be used instead.
> +
> +Prelink removed
> +~~~~~~~~~~~~~~~
> +
> +Prelink has been dropped by ``glibc`` upstream in 2.36. It already caused issues with
> +binary corruption, has a number of open bugs and is of questionable benefit
> +without disabling load address randomization and PIE executables.
> +
> +We disabled prelinking by default in the honister (3.4) release, but left it able
> +to be enabled if desired. However, without glibc support it cannot be maintained
> +any further, so all of the prelinking functionality has been removed in this release.
> +If you were enabling the ``image-prelink`` class in :term:`INHERIT`, :term:`IMAGE_CLASSES`,
> +:term:`USER_CLASSES` etc in your configuration, then you will need to remove the
> +reference(s).
> +
> +Reproducible as standard
> +~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +Reproducibility is now considered as standard functionality, thus the
> +``reproducible`` class has been removed and its previous contents merged into the
> +:ref:`base <ref-classes-base>` class. If you have references in your configuration to
> +``reproducible`` in :term:`INHERIT`, :term:`USER_CLASSES` etc. then they should be
> +removed.
> +
> +Additionally, the ``BUILD_REPRODUCIBLE_BINARIES`` variable is no longer used.
> +Specifically for the kernel, if you wish to enable build timestamping functionality
> +that is normally disabled for reproducibility reasons, you can do so by setting
> +a new :term:`KERNEL_DEBUG_TIMESTAMPS` variable to "1".
>   
>   Supported host distribution changes
> ------------------------------------
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   
> -- New support for `AlmaLinux <https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_AlmaLinux&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=ReF4T_58BfBXfy5YupDxz7c_eP3JtIDNVezKsq5_POw&e= >`__
> +- Support for `AlmaLinux <https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_AlmaLinux&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=ReF4T_58BfBXfy5YupDxz7c_eP3JtIDNVezKsq5_POw&e= >`__
>     hosts replacing `CentOS <https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_CentOS&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=x4oFoUHA6AOMkVCu41gRBKfld1KtSwYuX7AwxPXIkD4&e= >`__.
>     The following distribution versions were dropped: CentOS 8, Ubuntu 16.04 and Fedora 30, 31 and 32.
>   
> -Changes for release notes
> --------------------------
> -
> -- Share State cache: now using `ZStandard (zstd) <https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Zstd&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=V_Vs2jVTKsmqXE6NV545ZU65Zx8CQJeXVIaQKEnPj2w&e= >`__
> -  instead of Gzip compression, for better performance.
> -
> -- BitBake has an improved ``setscene`` task display.
> +- ``gcc`` version 7.5 is now required at minimum on the build host. For older
> +  host distributions where this is not available, you can use the
> +  ``buildtools-extended-tarball`` (easily installable using
> +  ``scripts/install-buildtools``).
> +
> +_append/_prepend in combination with other operators

s/_/:/

Cheers,
Quentin

Re: [docs] [PATCH 9/9] migration-guides: add release notes for 4.0

[Quentin Schulz]

Hi Paul,

On 4/22/22 03:40, Paul Eggleton wrote:
> From: Paul Eggleton <paul.eggleton@microsoft.com>
> 
> Generated from commits in the kirkstone branch, as well as a few entries
> from the migration guide.
> 
> (Note that the "Repositories / Downloads" section still needs to be
> filled in.)
> 
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
>   documentation/migration-guides/migration-4.0.rst   |   3 +
>   .../migration-guides/release-notes-4.0.rst         | 864 +++++++++++++++++++++
>   2 files changed, 867 insertions(+)
>   create mode 100644 documentation/migration-guides/release-notes-4.0.rst
> 
> diff --git a/documentation/migration-guides/migration-4.0.rst b/documentation/migration-guides/migration-4.0.rst
> index 6725e25..00dddcb 100644
> --- a/documentation/migration-guides/migration-4.0.rst
> +++ b/documentation/migration-guides/migration-4.0.rst
> @@ -264,3 +264,6 @@ Miscellaneous changes
>   - The :term:`TOPDIR` variable and the current working directory are no longer modified
>     when parsing recipes. Any code depending on the previous behaviour will no longer
>     work - change any such code to explicitly use appropriate path variables instead.
> +
> +
> +.. include:: release-notes-4.0.rst
> diff --git a/documentation/migration-guides/release-notes-4.0.rst b/documentation/migration-guides/release-notes-4.0.rst
> new file mode 100644
> index 0000000..6f12c73
> --- /dev/null
> +++ b/documentation/migration-guides/release-notes-4.0.rst
> @@ -0,0 +1,864 @@
> +Release notes for 4.0 (kirkstone)
> +---------------------------------
> +
> +New Features / Enhancements in 4.0
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +- Linux kernel 5.15, glibc 2.35 and ~300 other recipe upgrades
> +
> +- Reproducibility: this release fixes the reproducibility issues with ``rust-llvm`` and
> +  ``golang``. Recipes in OpenEmbedded-Core are now fully reproducible. Functionality
> +  previously in the optional "reproducible" class has been merged into the base class.
> +
> +- Network access is now disabled by default for tasks other than where it is expected to ensure build integrity (where host kernel supports it)
> +
> +- The Yocto Project now allows you to reuse the Shared State cache from
> +  its autobuilder. If the network connection between our server and your
> +  machine is faster than you would build recipes from source, you can
> +  try to speed up your builds by using such Shared State and Hash
> +  Equivalence by setting::
> +
> +     BB_SIGNATURE_HANDLER = "OEEquivHash"
> +     BB_HASHSERVE = "auto"
> +     BB_HASHSERVE_UPSTREAM = "typhoon.yocto.io:8687"
> +     SSTATE_MIRRORS ?= "file://.* https://urldefense.proofpoint.com/v2/url?u=https-3A__sstate.yoctoproject.org_-26YOCTO-5FDOC-5FVERSION-3B_PATH-3Bdownloadfilename-3DPATH&d=DwIFaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=RzeEw9mobSrpgPjdwMNsYhYF98-TvXQ80MPcnLr1Ennrx4n0NyRWtkecWci1BvRq&s=O9TXcAVhEM1qWPfWAPIiCbz4drkK8CdUy1ytB-1P5PM&e= "
> +
> +- The Python package build process is now based on `wheels <https://urldefense.proofpoint.com/v2/url?u=https-3A__pythonwheels.com_&d=DwIFaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=RzeEw9mobSrpgPjdwMNsYhYF98-TvXQ80MPcnLr1Ennrx4n0NyRWtkecWci1BvRq&s=JRh8Pgyynvpe3MSSbW813rFFKs7bAVgE_9n-abi7foc&e= >`__
> +  in line with the upstream direction.
> +
> +- New :ref:`overlayfs <ref-classes-overlayfs>` and
> +  :ref:`overlayfs-etc <ref-classes-overlayfs-etc>` classes and
> +  ``overlayroot`` support in the initramfs framework to make it easier to
> +  overlay read-only filesystems (for example) with
> +  `OverlayFS <https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_OverlayFS&d=DwIFaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=RzeEw9mobSrpgPjdwMNsYhYF98-TvXQ80MPcnLr1Ennrx4n0NyRWtkecWci1BvRq&s=Me1QS69rLhK65FbsK3SbggBttZGFsJ_WUau0_2F7yt0&e= >`__.
> +
> +- Inclusive language adjustments to some variable names - see the
> +  :ref:`4.0 migration guide <migration-4.0-inclusive-language>` for details.
> +
> +- New recipes:
> +
> +   - ``buildtools-docs-tarball``
> +   - ``libptytty``
> +   - ``libxcvt``
> +   - ``lua``
> +   - ``nghttp2``
> +   - ``python3-alabaster``
> +   - ``python3-asn1crypto``
> +   - ``python3-babel``
> +   - ``python3-bcrypt``
> +   - ``python3-certifi``
> +   - ``python3-cffi``
> +   - ``python3-chardet``
> +   - ``python3-cryptography``
> +   - ``python3-cryptography-vectors``
> +   - ``python3-dtschema``
> +   - ``python3-flit-core``
> +   - ``python3-idna``
> +   - ``python3-imagesize``
> +   - ``python3-installer``
> +   - ``python3-iso8601``
> +   - ``python3-jsonpointer``
> +   - ``python3-jsonschema``
> +   - ``python3-ndg-httpsclient``
> +   - ``python3-ply``
> +   - ``python3-poetry-core``
> +   - ``python3-pretend``
> +   - ``python3-psutil``
> +   - ``python3-pyasn1``
> +   - ``python3-pycparser``
> +   - ``python3-pyopenssl``
> +   - ``python3-pyrsistent``
> +   - ``python3-pysocks``
> +   - ``python3-pytest-runner``
> +   - ``python3-pytest-subtests``
> +   - ``python3-pytz``
> +   - ``python3-requests``
> +   - ``python3-rfc3339-validator``
> +   - ``python3-rfc3986-validator``
> +   - ``python3-rfc3987``
> +   - ``python3-ruamel-yaml``
> +   - ``python3-semantic-version``
> +   - ``python3-setuptools-rust-native``
> +   - ``python3-snowballstemmer``
> +   - ``python3-sphinx``
> +   - ``python3-sphinxcontrib-applehelp``
> +   - ``python3-sphinxcontrib-devhelp``
> +   - ``python3-sphinxcontrib-htmlhelp``
> +   - ``python3-sphinxcontrib-jsmath``
> +   - ``python3-sphinxcontrib-qthelp``
> +   - ``python3-sphinxcontrib-serializinghtml``
> +   - ``python3-sphinx-rtd-theme``
> +   - ``python3-strict-rfc3339``
> +   - ``python3-tomli``
> +   - ``python3-typing-extensions``
> +   - ``python3-urllib3``
> +   - ``python3-vcversioner``
> +   - ``python3-webcolors``
> +   - ``python3-wheel``
> +   - ``repo``
> +   - ``seatd``
> +
> +- Extended recipes to ``native``: ``wayland``, ``wayland-protocols``
> +
> +- Shared state (sstate) improvements:
> +
> +   - Switched to `ZStandard (zstd) <https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Zstd&d=DwIFaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=RzeEw9mobSrpgPjdwMNsYhYF98-TvXQ80MPcnLr1Ennrx4n0NyRWtkecWci1BvRq&s=jLOCleUfAA10FFm4umlnfzWMDhg7xKiYtqJJ592z2ko&e= >`__ instead
> +     of Gzip, for better performance.
> +   - Allow validation of sstate signatures against a list of keys
> +   - Improved error messages and exception handling
> +
> +- BitBake enhancements:
> +
> +   - Fetcher enhancements:
> +
> +      - New :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-fetching:crate fetcher (\`\`crate://\`\`)` for Rust packages
> +      - Added striplevel support to unpack
> +      - git: Add a warning asking users to set a branch in git urls
> +      - git: Allow git fetcher to support subdir param
> +      - git: canonicalize ids in generated tarballs
> +      - git: stop generated tarballs from leaking info
> +      - npm: Put all downloaded files in the npm2 directory
> +      - npmsw: Add support for duplicate dependencies without url
> +      - npmsw: Add support for github prefix in npm shrinkwrap version
> +      - ssh: now supports checkstatus, allows : in URLs (both required for use with sstate) and no longer requires username
> +      - wget: add redirectauth parameter
> +      - wget: add 30s timeout for checkstatus calls
> +
> +   - Show warnings for append/prepend/remove operators combined with +=/.=
> +   - Add bb.warnonce() and bb.erroronce() log methods
> +   - Improved setscene task display
> +   - Show elapsed time also for tasks with progress bars
> +   - Improved cleanup on forced shutdown (either because of errors or Ctrl+C)
> +   - contrib: Add Dockerfile for building PR service container
> +   - Change file format of siginfo files to use zstd compressed json
> +   - Display active tasks when printing keep-alive message to help debugging
> +
> +-  Architecture-specific enhancements:
> +
> +   - ARM:
> +
> +      - tune-cortexa72: Enable the crc extension by default for cortexa72
> +      - qemuarm64: Add tiny ktype to qemuarm64 bsp
> +      - armv9a/tune: Add the support for the Neoverse N2 core
> +      - arch-armv8-5a.inc: Add tune include for armv8.5a
> +      - grub-efi: Add xen_boot support when 'xen' is in DISTRO_FEATURES for aarch64
> +      - tune-cortexa73: Introduce cortexa73-crypto tune
> +      - libacpi: Build libacpi also for 'aarch64' machines
> +      - core-image-tiny-initramfs: Mark recipe as 32 bit ARM compatible
> +
> +   - PowerPC:
> +
> +      - weston-init: Use pixman rendering for qemuppc64
> +      - rust: add support for big endian 64-bit PowerPC
> +      - rust: Add snapshot checksums for powerpc64le
> +
> +   - RiscV:
> +

s/RiscV/RISC-V/

> +      - libunwind: Enable for rv64
> +      - systemtap: Enable for riscv64
> +      - linux-yocto-dev: add qemuriscv32
> +      - packagegroup-core-tools-profile: Enable systemtap for riscv64
> +      - qemuriscv: Use virtio-tablet-pci for mouse
> +
> +   - x86:
> +
> +      - kernel-yocto: conditionally enable stack protection checking on x86-64
> +
> +-  Kernel-related enhancements:
> +
> +   - Allow initramfs to be built from a separate multiconfig
> +   - Make kernel-base recommend kernel-image, not depend (allowing images containing kernel modules without kernel image)
> +   - linux-yocto: split vtpm for more granular inclusion
> +   - linux-yocto: cfg/debug: add configs for kcsan
> +   - linux-yocto: cfg: add kcov feature fragment
> +   - linux-yocto: export pkgconfig variables to devshell
> +   - linux-yocto-dev: use versioned branch as default
> +   - New ``KERNEL_DEBUG_TIMESTAMPS`` variable (to replace removed ``BUILD_REPRODUCIBLE_BINARIES`` for the kernel)
> +   - Introduce python3-dtschema-wrapper in preparation for mandatory schema checking on dtb files in 5.16
> +   - Allow disabling kernel artifact symlink creation
> +   - Allow changing default .bin kernel artifact extension
> +
> +- FIT image related enhancements:
> +
> +   - New ``FIT_SUPPORTED_INITRAMFS_FSTYPES`` variable to allow extending initramfs image types to look for
> +   - New ``FIT_CONF_PREFIX`` variable to allow overriding FIT configuration prefix
> +   - Use 'bbnote' for better logging
> +
> +- New :term:`PACKAGECONFIG` options in ``curl``, ``dtc``, ``epiphany``, ``git``, ``git``, ``gstreamer1.0-plugins-bad``, (kernel), ``kmod``, ``mesa``, ``piglit``, ``qemu``, ``rpm``, ``systemd``, ``webkitgtk``, ``weston-init``

s/(kernel)/linux-yocto-dev/ I think?

> +- ptest enhancements in ``findutils``, ``lttng-tools``, ``openssl``, ``gawk``, ``strace``, ``lttng-tools``, ``valgrind``, ``perl``, ``libxml-parser-perl``, ``openssh``, ``python3-cryptography``, ``popt``
> +
> +- Sysroot dependencies have been further optimised
> +- Significant effort to upstream / rationalise patches across a variety of recipes
> +- Allow the creation of block devices on top of UBI volumes
> +- archiver: new ARCHIVER_MODE[compression] to set tarball compression, and switch default to xz
> +- yocto-check-layer: add ability to perform tests from a global bbclass
> +- yocto-check-layer: improved README checks
> +- cve-check: add json output format
> +- cve-check: add coverage statistics on recipes with/without CVEs
> +- Added mirrors for kernel sources and uninative binaries on kernel.org
> +- glibc and binutils recipes now use shallow mirror tarballs for faster fetching
> +- When patching fails, show more information on the fatal error
> +
> +-  wic Image Creator enhancements:
> +
> +  - Support rootdev identified by partition label
> +  - rawcopy: Add support for packed images
> +  - partition: Support valueless keys in sourceparams
> +
> +- QA check enhancements:
> +
> +   - Allow treating license issues as errors
> +   - Added a check that Upstream-Status patch tag is present and correctly formed
> +   - Added a check for directories that are expected to be empty
> +   - Ensure addition of patch-fuzz retriggers do_qa_patch
> +   - Added a sanity check for allarch packagegroups
> +
> +- create-spdx class improvements:
> +
> +   - Get SPDX-License-Identifier from source files
> +   - Generate manifest also for SDKs
> +   - New SPDX_ORG variable to allow changing the Organization field value
> +   - Added packageSupplier field
> +   - Added create_annotation function
> +
> +- devtool add / recipetool create enhancements:
> +
> +   - Extend curl detection when creating recipes
> +   - Handle GitLab URLs like we do GitHub
> +   - Recognize more standard license text variants
> +   - Separate licenses with & operator
> +   - Detect more known licenses in Python code
> +   - Move license md5sums data into CSV files
> +   - npm: Use README as license fallback
> +
> +- SDK-related enhancements:
> +
> +   - Extended recipes to ``nativesdk``: ``cargo``, ``librsvg``, ``libstd-rs``, ``libva``, ``python3-docutil``, ``python3-packaging``
> +   - Enabled nativesdk recipes to find a correct version of the rust cross compiler
> +   - Support creating per-toolchain cmake file in SDK
> +
> +- Rust enhancements:
> +
> +   - New python_setuptools3_rust class to enable building python extensions in Rust
> +   - classes/meson: Add optional rust definitions
> +
> +- QEMU / runqemu enhancements:
> +
> +   - qemu: Add knob for enabling PMDK pmem support
> +   - qemu: add tpm string section to qemu acpi table
> +   - qemu: Build on musl targets
> +   - runqemu: support rootfs mounted ro
> +   - runqemu: add :term:`DEPLOY_DIR_IMAGE` replacement in QB_OPT_APPEND
> +   - runqemu: Allow auto-detection of the correct graphics options
> +
> +- Capped ``cpu_count()`` (used to set parallelisation defaults) to 64 since any higher usually hurts parallelisation
> +- Adjust some GL-using recipes so that they only require virtual/egl
> +- package_rpm: use zstd instead of xz
> +- npm: new ``EXTRA_OENPM`` variable (to set node-gyp variables for example)
> +- npm: new ``NPM_NODEDIR`` variable
> +- perl: Enable threading
> +- u-boot: Convert ${UBOOT_ENV}.cmd into ${UBOOT_ENV}.scr
> +- u-boot: Split do_configure logic into separate file
> +- go.bbclass: Allow adding parameters to go ldflags
> +- go: log build id computations
> +- scons: support out-of-tree builds
> +- scripts: Add a conversion script to use SPDX license names
> +- scripts: Add convert-variable-renames script for inclusive language variable renaming
> +- binutils-cross-canadian: enable gold for mingw
> +- grub-efi: Add option to include all available modules
> +- bitbake.conf: allow wayland distro feature through for native/SDK builds
> +- weston-init: Pass --continue-without-input when launching weston
> +- weston: wrapper for weston modules argument
> +- weston: Add a knob to control simple clients
> +- uninative: Add version to uninative tarball name
> +- volatile-binds: SELinux and overlayfs extensions in mount-copybind
> +- gtk-icon-cache: Allow using gtk4
> +- kmod: Add an exclude directive to depmod
> +- os-release: add os-release-initrd package for use in systemd-based initramfs images
> +- gstreamer1.0-plugins-base: add support for graphene
> +- gpg-sign: Add parameters to gpg signature function
> +- package_manager: sign DEB package feeds
> +- zstd: add libzstd package
> +- libical: build gobject and vala introspection
> +- dhcpcd: add option to set DBDIR location
> +- rpcbind: install rpcbind.conf
> +- mdadm: install mdcheck
> +- boost: add json lib
> +- libxkbcommon: allow building of API documentation
> +- libxkbcommon: split libraries and xkbcli into separate packages
> +- systemd: move systemd shared library into its own package
> +- systemd: Minimize udev package size if DISTRO_FEATURES doen't contain sysvinit
> +
> +Known Issues in 4.0
> +~~~~~~~~~~~~~~~~~~~
> +
> +- ``make`` version 4.2.1 is known to be buggy on non-Ubuntu systems. If this ``make``
> +  version is detected on host distributions other than Ubuntu at build start time,
> +  then a warning will be displayed.
> +
> +Recipe License changes in 4.0
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +The following corrections have been made to the LICENSE values set by recipes:
> +
> +* cmake: add BSD-1-Clause & MIT & BSD-2-Clause to LICENSE due to additional vendored libraries in native/target context
> +* gettext: extend LICENSE conditional upon PACKAGECONFIG (due to vendored libraries)
> +* gstreamer1.0: update licenses of all modules to LGPL-2.1-or-later (with some exceptions that are GPL-2.0-or-later)
> +* gstreamer1.0-plugins-bad/ugly: use the GPL-2.0-or-later only when it is in use
> +* kern-tools-native: add missing MIT license due to Kconfiglib
> +* libcap: add pam_cap license to LIC_FILES_CHKSUM if pam is enabled
> +* libidn2: add Unicode-DFS-2016 license
> +* libsdl2: add BSD-2-Clause to LICENSE due to default yuv2rgb and hidapi inclusion
> +* libx11-compose-data: update LICENSE to "MIT & MIT-style & BSD-1-Clause & HPND & HPND-sell-variant" to better reflect reality
> +* libx11: update LICENSE to "MIT & MIT-style & BSD-1-Clause & HPND & HPND-sell-variant" to better reflect reality
> +* libxshmfence: correct LICENSE - MIT -> HPND
> +* newlib: add BSD-3-Clause to LICENSE
> +* python3-idna: correct LICENSE - Unicode -> Unicode-TOU
> +* python3-pip: add "Apache-2.0 & MPL-2.0 & LGPL-2.1-only & BSD-3-Clause & PSF-2.0 & BSD-2-Clause" to LICENSE due to vendored libraries
> +
> +Other license-related notes:
> +
> +- The ambiguous "BSD" license has been removed from the ``common-licenses`` directory.
> +  Each recipe that fetches or builds BSD-licensed code should specify the proper
> +  version of the BSD license in its :term:`LICENSE` value.
> +
> +- :term:`LICENSE` definitions now have to use `SPDX identifiers <https://urldefense.proofpoint.com/v2/url?u=https-3A__spdx.org_licenses_&d=DwIFaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=RzeEw9mobSrpgPjdwMNsYhYF98-TvXQ80MPcnLr1Ennrx4n0NyRWtkecWci1BvRq&s=Y52dU0yGuP2JHoYBl9ZsCYXC7ioCpJkBcjRlE-i_In0&e= >`__.
> +  A :oe_git:`convert-spdx-licenses.py </openembedded-core/tree/scripts/contrib/convert-spdx-licenses.py>`
> +  script can be used to update your recipes.
> +
> +
> +
> +Security Fixes in 4.0
> +~~~~~~~~~~~~~~~~~~~~~
> +
> +- binutils: :cve:`2021-42574`, :cve:`2021-45078`
> +- curl: :cve:`2021-22945`, :cve:`2021-22946`, :cve:`2021-22947`
> +- epiphany: :cve:`2021-45085`, :cve:`2021-45086`, :cve:`2021-45087`, :cve:`2021-45088`
> +- expat: :cve:`2021-45960`, :cve:`2021-46143`, :cve:`2022-22822`, :cve:`2022-22823`, :cve:`2022-22824`, :cve:`2022-22825`, :cve:`2022-22826`, :cve:`2022-22827`, :cve:`2022-23852`, :cve:`2022-23990`, :cve:`2022-25235`, :cve:`2022-25236`, :cve:`2022-25313`, :cve:`2022-25314`, :cve:`2022-25315`
> +- ffmpeg: :cve:`2021-38114`
> +- gcc: :cve:`2021-35465`, :cve:`2021-42574`, :cve:`2021-46195`, :cve:`2022-24765`
> +- glibc: :cve:`2021-3998`, :cve:`2021-3999`, :cve:`2021-43396`, :cve:`2022-23218`, :cve:`2022-23219`
> +- gmp: :cve:`2021-43618`
> +- go: :cve:`2021-41771` and :cve:`2021-41772`
> +- grub2: :cve:`2021-3981`
> +- gzip: :cve:`2022-1271`
> +- libarchive : :cve:`2021-31566`, :cve:`2021-36976`
> +- libxml2: :cve:`2022-23308`
> +- libxslt: :cve:`2021-30560`
> +- lighttpd: :cve:`2022-22707`
> +- linux-yocto/5.10: amdgpu: :cve:`2021-42327`
> +- lua: :cve:`2021-43396`
> +- openssl: :cve:`2021-4044`, :cve:`2022-0778`
> +- qemu: :cve:`2022-1050`, :cve:`2022-26353`, :cve:`2022-26354`
> +- rpm: :cve:`2021-3521`
> +- seatd: :cve:`2022-25643`
> +- speex: :cve:`2020-23903`
> +- squashfs-tools: :cve:`2021-41072`
> +- systemd: :cve:`2021-4034`
> +- tiff: :cve:`2022-0561`, :cve:`2022-0562`, :cve:`2022-0865`, :cve:`2022-0891`, :cve:`2022-0907`, :cve:`2022-0908`, :cve:`2022-0909`, :cve:`2022-0924`, :cve:`2022-1056`, :cve:`2022-22844`
> +- unzip: :cve:`2021-4217`
> +- vim: :cve:`2021-3796`, :cve:`2021-3872`, :cve:`2021-3875`, :cve:`2021-3927`, :cve:`2021-3928`, :cve:`2021-3968`, :cve:`2021-3973`, :cve:`2021-4187`, :cve:`2022-0128`, :cve:`2022-0156`, :cve:`2022-0158`, :cve:`2022-0261`, :cve:`2022-0318`, :cve:`2022-0319`, :cve:`2022-0554`, :cve:`2022-0696`, :cve:`2022-0714`, :cve:`2022-0729`, :cve:`2022-0943`
> +- virglrenderer: :cve:`2022-0135`, :cve:`2022-0175`
> +- webkitgtk: :cve:`2022-22589`, :cve:`2022-22590`, :cve:`2022-22592`
> +- xz: :cve:`2022-1271`
> +- zlib: :cve:`2018-25032`
> +
> +
> +
> +Recipe Upgrades in 4.0
> +~~~~~~~~~~~~~~~~~~~~~~
> +
> +- acpica: upgrade 20210730 -> 20211217
> +- acpid: upgrade 2.0.32 -> 2.0.33
> +- adwaita-icon-theme: update 3.34/38 -> 41.0
> +- alsa-ucm-conf: upgrade 1.2.6.2 -> 1.2.6.3
> +- alsa: upgrade 1.2.5 -> 1.2.6
> +- apt: upgrade 2.2.4 -> 2.4.3
> +- asciidoc: upgrade 9.1.0 -> 10.0.0
> +- atk: upgrade 2.36.0 -> 2.38.0
> +- at-spi2-core: upgrade 2.40.3 -> 2.42.0
> +- at: update 3.2.2 -> 3.2.5
> +- autoconf-archive: upgrade 2021.02.19 -> 2022.02.11
> +- automake: update 1.16.3 -> 1.16.5
> +- bash: upgrade 5.1.8 -> 5.1.16
> +- bind: upgrade 9.16.20 -> 9.18.1
> +- binutils: Bump to latest 2.38 release branch
> +- bison: upgrade 3.7.6 -> 3.8.2
> +- bluez5: upgrade 5.61 -> 5.64
> +- boost: update 1.77.0 -> 1.78.0
> +- btrfs-tools: upgrade 5.13.1 -> 5.16.2
> +- buildtools-installer: Update to use 3.4
> +- busybox: 1.34.0 -> 1.35.0
> +- ca-certificates: update 20210119 -> 20211016
> +- cantarell-fonts: update 0.301 -> 0.303.1
> +- ccache: upgrade 4.4 -> 4.6
> +- cmake: update 3.21.1 -> 3.22.3
> +- connman: update 1.40 -> 1.41
> +- coreutils: update 8.32 -> 9.0
> +- cracklib: update 2.9.5 -> 2.9.7
> +- createrepo-c: upgrade 0.17.4 -> 0.19.0
> +- cronie: upgrade 1.5.7 -> 1.6.0
> +- cups: update 2.3.3op2 -> 2.4.1
> +- curl: update 7.78.0 -> 7.82.0
> +- dbus: upgrade 1.12.20 -> 1.14.0
> +- debianutils: update 4.11.2 -> 5.7
> +- dhcpcd: upgrade 9.4.0 -> 9.4.1
> +- diffoscope: upgrade 181 -> 208
> +- dnf: upgrade 4.8.0 -> 4.11.1
> +- dpkg: update 1.20.9 ->  1.21.4
> +- e2fsprogs: upgrade 1.46.4 -> 1.46.5
> +- ed: upgrade 1.17 -> 1.18
> +- efivar: update 37 -> 38
> +- elfutils: update 0.185 -> 0.186
> +- ell: upgrade 0.43 -> 0.49
> +- enchant2: upgrade 2.3.1 -> 2.3.2
> +- epiphany: update 40.3 -> 42.0
> +- erofs-utils: update 1.3 -> 1.4
> +- ethtool: update to 5.16
> +- expat: upgrade 2.4.1 -> 2.4.7
> +- ffmpeg: update 4.4 -> 5.0
> +- file: upgrade 5.40 -> 5.41
> +- findutils: upgrade 4.8.0 -> 4.9.0
> +- flac: upgrade 1.3.3 -> 1.3.4
> +- freetype: upgrade 2.11.0 -> 2.11.1
> +- fribidi: upgrade 1.0.10 -> 1.0.11
> +- gawk: update 5.1.0 -> 5.1.1
> +- gcompat: Update to latest
> +- gdbm: upgrade 1.19 -> 1.23
> +- gdb: Upgrade to 11.2
> +- ghostscript: update 9.54.0 -> 9.55.0
> +- gi-docgen: upgrade 2021.7 -> 2022.1
> +- git: update 2.33.0 -> 2.35.2
> +- glib-2.0: update 2.68.4 -> 2.72.0
> +- glibc: Upgrade to 2.35
> +- glib-networking: update 2.68.2 -> 2.72.0
> +- glslang: update 11.5.0 -> 11.8.0
> +- gnu-config: update to latest revision
> +- gnupg: update 2.3.1 -> 2.3.4
> +- gnutls: update 3.7.2 -> 3.7.4
> +- gobject-introspection: upgrade 1.68.0 -> 1.72.0
> +- go-helloworld: update to latest revision
> +- go: update 1.16.7 -> 1.17.8
> +- gpgme: upgrade 1.16.0 -> 1.17.1
> +- gsettings-desktop-schemas: upgrade 40.0 -> 42.0
> +- gst-devtools: 1.18.4 -> 1.20.1
> +- gst-examples: 1.18.4 -> 1.18.6
> +- gstreamer1.0: 1.18.4 -> 1.20.1
> +- gstreamer1.0-libav: 1.18.4 -> 1.20.1
> +- gstreamer1.0-omx: 1.18.4 -> 1.20.1
> +- gstreamer1.0-plugins-bad: 1.18.4  1.20.1
> +- gstreamer1.0-plugins-base: 1.18.4 -> 1.20.1
> +- gstreamer1.0-plugins-good: 1.18.4 -> 1.20.1
> +- gstreamer1.0-plugins-ugly: 1.18.4 -> 1.20.1
> +- gstreamer1.0-python: 1.18.4 -> 1.20.1
> +- gstreamer1.0-rtsp-server: 1.18.4 -> 1.20.1
> +- gstreamer1.0-vaapi: 1.18.4 -> 1.20.1
> +- gtk+3: upgrade 3.24.30 -> 3.24.33
> +- gzip: upgrade 1.10 -> 1.12
> +- harfbuzz: upgrade 2.9.0 -> 4.0.1
> +- hdparm: upgrade 9.62 -> 9.63
> +- help2man: upgrade 1.48.4 -> 1.49.1
> +- icu: update 69.1 -> 70.1
> +- ifupdown: upgrade 0.8.36 -> 0.8.37
> +- inetutils: update 2.1 -> 2.2
> +- init-system-helpers: upgrade 1.60 -> 1.62
> +- iproute2: update to 5.17.0
> +- iputils: update 20210722 to 20211215
> +- iso-codes: upgrade 4.6.0 -> 4.9.0
> +- itstool: update 2.0.6 -> 2.0.7
> +- iw: upgrade 5.9 -> 5.16
> +- json-glib: upgrade 1.6.4 -> 1.6.6
> +- kea: update 1.8.2 -> 2.0.2
> +- kexec-tools: update 2.0.22 -> 2.0.23
> +- less: upgrade 590 -> 600
> +- libarchive: upgrade 3.5.1 -> 3.6.1
> +- libatomic-ops: upgrade 7.6.10 -> 7.6.12
> +- libbsd: upgrade 0.11.3 -> 0.11.5
> +- libcap: update 2.51 -> 2.63
> +- libcgroup: upgrade 2.0 -> 2.0.1
> +- libcomps: upgrade 0.1.17 -> 0.1.18
> +- libconvert-asn1-perl: upgrade 0.31 -> 0.33
> +- libdazzle: upgrade 3.40.0 -> 3.44.0
> +- libdnf: update 0.63.1 -> 0.66.0
> +- libdrm: upgrade 2.4.107 -> 2.4.110
> +- libedit: upgrade 20210714-3.1 -> 20210910-3.1
> +- liberation-fonts: update 2.1.4 -> 2.1.5
> +- libevdev: upgrade 1.11.0 -> 1.12.1
> +- libexif: update 0.6.22 -> 0.6.24
> +- libgit2: update 1.1.1 -> 1.4.2
> +- libgpg-error: update 1.42 -> 1.44
> +- libhandy: update 1.2.3 -> 1.5.0
> +- libical: upgrade 3.0.10 -> 3.0.14
> +- libinput: update to 1.19.3
> +- libjitterentropy: update 3.1.0 -> 3.4.0
> +- libjpeg-turbo: upgrade 2.1.1 -> 2.1.3
> +- libmd: upgrade 1.0.3 -> 1.0.4
> +- libmicrohttpd: upgrade 0.9.73 -> 0.9.75
> +- libmodulemd: upgrade 2.13.0 -> 2.14.0
> +- libpam: update 1.5.1 -> 1.5.2
> +- libpcre2: upgrade 10.37 -> 10.39
> +- libpipeline: upgrade 1.5.3 -> 1.5.5
> +- librepo: upgrade 1.14.1 -> 1.14.2
> +- librsvg: update 2.40.21 -> 2.52.7
> +- libsamplerate0: update 0.1.9 -> 0.2.2
> +- libsdl2: update 2.0.16 -> 2.0.20
> +- libseccomp: update to 2.5.3
> +- libsecret: upgrade 0.20.4 -> 0.20.5
> +- libsndfile1: bump to version 1.0.31
> +- libsolv: upgrade 0.7.19 -> 0.7.22
> +- libsoup-2.4: upgrade 2.72.0 -> 2.74.2
> +- libsoup: add a recipe for 3.0.5
> +- libssh2: update 1.9.0 -> 1.10.0
> +- libtasn1: upgrade 4.17.0 -> 4.18.0
> +- libtool: Upgrade 2.4.6 -> 2.4.7
> +- libucontext: Upgrade to 1.2 release
> +- libunistring: update 0.9.10 -> 1.0
> +- libunwind: upgrade 1.5.0 -> 1.6.2
> +- liburcu: upgrade 0.13.0 -> 0.13.1
> +- libusb1: upgrade 1.0.24 -> 1.0.25
> +- libuv: update 1.42.0 -> 1.44.1
> +- libva: update 2.12.0 -> 2.14.0
> +- libva-utils: upgrade 2.13.0 -> 2.14.0
> +- libwebp: 1.2.1 -> 1.2.2
> +- libwpe: upgrade 1.10.1 -> 1.12.0
> +- libx11: update to 1.7.3.1
> +- libxcrypt: upgrade 4.4.26 -> 4.4.27
> +- libxcrypt-compat: upgrade 4.4.26 -> 4.4.27
> +- libxi: update to 1.8
> +- libxkbcommon: update to 1.4.0
> +- libxml2: update to 2.9.13
> +- libxslt: update to v1.1.35
> +- lighttpd: update 1.4.59 -> 1.4.64
> +- linux-firmware: upgrade 20210818 -> 20220310
> +- linux-libc-headers: update to v5.16
> +- linux-yocto/5.10: update to v5.10.109
> +- linux-yocto/5.15: introduce recipes (v5.15.32)
> +- linux-yocto-dev: update to v5.18+
> +- linux-yocto-rt/5.10: update to -rt61
> +- linux-yocto-rt/5.15: update to -rt34
> +- llvm: update 12.0.1 -> 13.0.1
> +- logrotate: update 3.18.1 -> 3.19.0
> +- lsof: update 4.91 -> 4.94.0
> +- ltp: update 20210927 -> 20220121
> +- ltp: Update to 20210927
> +- lttng-modules: update devupstream to latest 2.13
> +- lttng-modules: update to 2.13.3
> +- lttng-tools: upgrade 2.13.0 -> 2.13.4
> +- lttng-ust: upgrade 2.13.0 -> 2.13.2
> +- lua: update 5.3.6 -> 5.4.4
> +- lzip: upgrade 1.22 -> 1.23
> +- man-db: upgrade 2.9.4 -> 2.10.2
> +- man-pages: update to 5.13
> +- mdadm: update 4.1 -> 4.2
> +- mesa: upgrade 21.2.1 -> 22.0.0
> +- meson: update 0.58.1 -> 0.61.3
> +- minicom: Upgrade 2.7.1 -> 2.8
> +- mmc-utils: upgrade to latest revision
> +- mobile-broadband-provider-info: upgrade 20210805 -> 20220315
> +- mpg123: upgrade 1.28.2 -> 1.29.3
> +- msmtp: upgrade 1.8.15 -> 1.8.20
> +- mtd-utils: upgrade 2.1.3 -> 2.1.4
> +- mtools: upgrade 4.0.35 -> 4.0.38
> +- musl: Update to latest master
> +- ncurses: update 6.2 -> 6.3
> +- newlib: Upgrade 4.1.0 -> 4.2.0
> +- nfs-utils: upgrade 2.5.4 -> 2.6.1
> +- nghttp2: upgrade 1.45.1 -> 1.47.0
> +- ofono: upgrade 1.32 -> 1.34
> +- opensbi: Upgrade to 1.0
> +- openssh: upgrade 8.7p1 -> 8.9
> +- openssl: update 1.1.1l -> 3.0.2
> +- opkg: upgrade 0.4.5 -> 0.5.0
> +- opkg-utils: upgrade 0.4.5 -> 0.5.0
> +- ovmf: update 202105 -> 202202
> +- p11-kit: update 0.24.0 -> 0.24.1
> +- pango: upgrade 1.48.9 -> 1.50.4
> +- patchelf: upgrade 0.13 -> 0.14.5
> +- perl-cross: update 1.3.6 -> 1.3.7
> +- perl: update 5.34.0 -> 5.34.1
> +- piglit: upgrade to latest revision
> +- pigz: upgrade 2.6 -> 2.7
> +- pinentry: update 1.1.1 -> 1.2.0
> +- pkgconfig: Update to latest
> +- psplash: upgrade to latest revision
> +- puzzles: upgrade to latest revision
> +- python3-asn1crypto: upgrade 1.4.0 -> 1.5.1
> +- python3-attrs: upgrade 21.2.0 -> 21.4.0
> +- python3-cryptography: Upgrade to 36.0.2
> +- python3-cryptography-vectors: upgrade to 36.0.2
> +- python3-cython: upgrade 0.29.24 -> 0.29.28
> +- python3-dbusmock: update to 0.27.3
> +- python3-docutils: upgrade 0.17.1 0.18.1
> +- python3-dtschema: upgrade 2021.10 -> 2022.1
> +- python3-gitdb: upgrade 4.0.7 -> 4.0.9
> +- python3-git: update to 3.1.27
> +- python3-hypothesis: upgrade 6.15.0 -> 6.39.5
> +- python3-imagesize: upgrade 1.2.0 -> 1.3.0
> +- python3-importlib-metadata: upgrade 4.6.4 -> 4.11.3
> +- python3-jinja2: upgrade 3.0.1 -> 3.1.1
> +- python3-jsonschema: upgrade 3.2.0 -> 4.4.0
> +- python3-libarchive-c: upgrade 3.1 -> 4.0
> +- python3-magic: upgrade 0.4.24 -> 0.4.25
> +- python3-mako: upgrade 1.1.5 -> 1.1.6
> +- python3-markdown: upgrade 3.3.4 -> 3.3.6
> +- python3-markupsafe: upgrade 2.0.1 -> 2.1.1
> +- python3-more-itertools: upgrade 8.8.0 -> 8.12.0
> +- python3-numpy: upgrade 1.21.2 -> 1.22.3
> +- python3-packaging: upgrade 21.0 -> 21.3
> +- python3-pathlib2: upgrade 2.3.6 -> 2.3.7
> +- python3-pbr: upgrade 5.6.0 -> 5.8.1
> +- python3-pip: update 21.2.4 -> 22.0.3
> +- python3-pycairo: upgrade 1.20.1 -> 1.21.0
> +- python3-pycryptodome: upgrade 3.10.1 -> 3.14.1
> +- python3-pyelftools: upgrade 0.27 -> 0.28
> +- python3-pygments: upgrade 2.10.0 -> 2.11.2
> +- python3-pygobject: upgrade 3.40.1 -> 3.42.0
> +- python3-pyparsing: update to 3.0.7
> +- python3-pyrsistent: upgrade 0.18.0 -> 0.18.1
> +- python3-pytest-runner: upgrade 5.3.1 -> 6.0.0
> +- python3-pytest-subtests: upgrade 0.6.0 -> 0.7.0
> +- python3-pytest: upgrade 6.2.4 -> 7.1.1
> +- python3-pytz: upgrade 2021.3 -> 2022.1
> +- python3-py: upgrade 1.10.0 -> 1.11.0
> +- python3-pyyaml: upgrade 5.4.1 -> 6.0
> +- python3-ruamel-yaml: upgrade 0.17.16 -> 0.17.21
> +- python3-scons: upgrade 4.2.0 -> 4.3.0
> +- python3-setuptools-scm: upgrade 6.0.1 -> 6.4.2
> +- python3-setuptools: update to 59.5.0
> +- python3-smmap: update to 5.0.0
> +- python3-tomli: upgrade 1.2.1 -> 2.0.1
> +- python3: update to 3.10.3
> +- python3-urllib3: upgrade 1.26.8 -> 1.26.9
> +- python3-zipp: upgrade 3.5.0 -> 3.7.0
> +- qemu: update 6.0.0 -> 6.2.0
> +- quilt: upgrade 0.66 -> 0.67
> +- re2c: upgrade 2.2 -> 3.0
> +- readline: upgrade 8.1 -> 8.1.2
> +- repo: upgrade 2.17.3 -> 2.22
> +- resolvconf: update 1.87 -> 1.91
> +- rng-tools: upgrade 6.14 -> 6.15
> +- rpcsvc-proto: upgrade 1.4.2 -> 1.4.3
> +- rpm: update 4.16.1.3 -> 4.17.0
> +- rt-tests: update 2.1 -> 2.3
> +- ruby: update 3.0.2 -> 3.1.1
> +- rust: update 1.54.0 -> 1.59.0
> +- rxvt-unicode: upgrade 9.26 -> 9.30
> +- screen: upgrade 4.8.0 -> 4.9.0
> +- shaderc: update 2021.1 -> 2022.1
> +- shadow: upgrade 4.9 -> 4.11.1
> +- socat: upgrade 1.7.4.1 -> 1.7.4.3
> +- spirv-headers: bump to b42ba6 revision
> +- spirv-tools: update 2021.2 -> 2022.1
> +- sqlite3: upgrade 3.36.0 -> 3.38.2
> +- strace: update 5.14 -> 5.16
> +- stress-ng: upgrade 0.13.00 -> 0.13.12
> +- sudo: update 1.9.7p2 -> 1.9.10
> +- sysklogd: upgrade 2.2.3 -> 2.3.0
> +- sysstat: upgrade 12.4.3 -> 12.4.5
> +- systemd: update 249.3 -> 250.4
> +- systemtap: upgrade 4.5 -> 4.6
> +- sysvinit: upgrade 2.99 -> 3.01
> +- tzdata: update to 2022a
> +- u-boot: upgrade 2021.07 -> 2022.01
> +- uninative: Upgrade to 3.6 with gcc 12 support
> +- util-linux: update 2.37.2 -> 2.37.4
> +- vala: upgrade 0.52.5 -> 0.56.0
> +- valgrind: update 3.17.0 -> 3.18.1
> +- vim: upgrade to 8.2 patch 4681
> +- vte: upgrade 0.64.2 -> 0.66.2
> +- vulkan-headers: upgrade 1.2.182 -> 1.2.191
> +- vulkan-loader: upgrade 1.2.182 -> 1.2.198.1
> +- vulkan-samples: update to latest revision
> +- vulkan-tools: upgrade 1.2.182 -> 1.2.191
> +- vulkan: update 1.2.191.0 -> 1.3.204.1
> +- waffle: update 1.6.1 -> 1.7.0
> +- wayland-protocols: upgrade 1.21 -> 1.25
> +- wayland: upgrade 1.19.0 -> 1.20.0
> +- webkitgtk: upgrade 2.34.0 -> 2.36.0
> +- weston: upgrade 9.0.0 -> 10.0.0
> +- wget: update 1.21.1 -> 1.21.3
> +- wireless-regdb: upgrade 2021.07.14 -> 2022.02.18
> +- wpa-supplicant: update 2.9 -> 2.10
> +- wpebackend-fdo: upgrade 1.10.0 -> 1.12.0
> +- xauth: upgrade 1.1 -> 1.1.1
> +- xf86-input-libinput: update to 1.2.1
> +- xf86-video-intel: update to latest commit
> +- xkeyboard-config: update to 2.35.1
> +- xorgproto: update to 2021.5
> +- xserver-xorg: update 1.20.13 -> 21.1.3
> +- xwayland: update 21.1.2 -> 22.1.0
> +- xxhash: upgrade 0.8.0 -> 0.8.1
> +- zstd: update 1.5.0 -> 1.5.2
> +
> +
> +
> +Contributors to 4.0
> +~~~~~~~~~~~~~~~~~~~
> +
> +Thanks to the following people who contributed to this release:
> +
> +- Abongwa Amahnui Bonalais
> +- Adriaan Schmidt
> +- Adrian Freihofer
> +- Ahmad Fatoum
> +- Ahmed Hossam
> +- Ahsan Hussain
> +- Alejandro Hernandez Samaniego
> +- Alessio Igor Bogani
> +- Alexander Kanavin
> +- Alexandre Belloni
> +- Alexandru Ardelean
> +- Alexey Brodkin
> +- Alex Stewart
> +- Andreas Müller
> +- Andrei Gherzan
> +- Andrej Valek
> +- Andres Beltran
> +- Andrew Jeffery
> +- Andrey Zhizhikin
> +- Anton Mikanovich
> +- Anuj Mittal
> +- Bill Pittman
> +- Bruce Ashfield
> +- Caner Altinbasak
> +- Carlos Rafael Giani
> +- Chaitanya Vadrevu
> +- Changhyeok Bae
> +- Changqing Li
> +- Chen Qi
> +- Christian Eggers
> +- Claudius Heine
> +- Claus Stovgaard
> +- Daiane Angolini
> +- Daniel Ammann
> +- Daniel Gomez
> +- Daniel McGregor
> +- Daniel Müller
> +- Daniel Wagenknecht
> +- David Joyner
> +- David Reyna
> +- Denys Dmytriyenko
> +- Dhruva Gole
> +- Diego Sueiro
> +- Dmitry Baryshkov
> +- Ferry Toth
> +- Florian Amstutz
> +- Henry Kleynhans
> +- He Zhe
> +- Hongxu Jia
> +- Hsia-Jun(Randy) Li
> +- Ian Ray
> +- Jacob Kroon
> +- Jagadeesh Krishnanjanappa
> +- Jasper Orschulko
> +- Jim Wilson
> +- Joel Winarske
> +- Joe Slater
> +- Jon Mason
> +- Jose Quaresma
> +- Joshua Watt
> +- Justin Bronder
> +- Kai Kang
> +- Kamil Dziezyk
> +- Kevin Hao
> +- Khairul Rohaizzat Jamaluddin
> +- Khem Raj
> +- Kiran Surendran
> +- Konrad Weihmann
> +- Kory Maincent
> +- Lee Chee Yang
> +- Leif Middelschulte
> +- Lei Maohui
> +- Li Wang
> +- Liwei Song
> +- Luca Boccassi
> +- Lukasz Majewski
> +- Luna Gräfje
> +- Manuel Leonhardt
> +- Marek Vasut
> +- Mark Hatle
> +- Markus Niebel
> +- Markus Volk
> +- Marta Rybczynska
> +- Martin Beeger
> +- Martin Jansa
> +- Matthias Klein
> +- Matt Madison
> +- Maximilian Blenk
> +- Max Krummenacher
> +- Michael Halstead
> +- Michael Olbrich
> +- Michael Opdenacker
> +- Mike Crowe
> +- Ming Liu
> +- Mingli Yu
> +- Minjae Kim
> +- Nicholas Sielicki
> +- Olaf Mandel
> +- Oleh Matiusha
> +- Oleksandr Kravchuk
> +- Oleksandr Ocheretnyi
> +- Oleksandr Suvorov
> +- Oleksiy Obitotskyy
> +- Otavio Salvador
> +- Pablo Saavedra
> +- Paul Barker
> +- Paul Eggleton
> +- Pavel Zhukov
> +- Peter Hoyes
> +- Peter Kjellerstedt
> +- Petr Vorel
> +- Pgowda
> +- Quentin Schulz
> +- Ralph Siemsen
> +- Randy Li
> +- Randy MacLeod
> +- Rasmus Villemoes
> +- Ricardo Salveti
> +- Richard Neill
> +- Richard Purdie
> +- Robert Joslyn
> +- Robert P. J. Day
> +- Robert Yang
> +- Ross Burton
> +- Rudolf J Streif
> +- Sakib Sajal
> +- Samuli Piippo
> +- Saul Wold
> +- Scott Murray
> +- Sean Anderson
> +- Simone Weiss
> +- Simon Kuhnle
> +- S. Lockwood-Childs
> +- Stefan Herbrechtsmeier
> +- Steve Sakoman
> +- Sundeep KOKKONDA
> +- Tamizharasan Kumar
> +- Tean Cunningham
> +- Teoh Jay Shen
> +- Thomas Perrot
> +- Tim Orling
> +- Tobias Kaufmann
> +- Tom Hochstein
> +- Tony McDowell
> +- Trevor Gamblin
> +- Ulrich Ölmann
> +- Valerii Chernous
> +- Vivien Didelot
> +- Vyacheslav Yurkov
> +- Wang Mingyu
> +- Xavier Berger
> +- Yi Zhao
> +- Yongxin Liu
> +- Yureka
> +- Zev Weiss
> +- Zheng Ruoqin
> +- Zoltán Böszörményi
> +- Zygmunt Krynicki
> +
> +
> +
> +Repositories / Downloads for 4.0
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +TBD
> 

TBD :) not to be forgotten :)

Cheers,
Quentin

Re: [docs] [PATCH 0/9] Release documentation for 4.0

[Quentin Schulz]

Hi Paul,

I assume some of those patches can be backported to older releases too?

Cheers,
Quentin

On 4/22/22 03:40, Paul Eggleton wrote:
> Release notes, migration guide and related changes for the
> 4.0 release.
> 
> (Note that the "Repositories / Downloads" section of the release notes
> still needs to be filled in.)
> 
> 
> The following changes since commit 4755961bbb5f674a7532b91cca20ea44a1e22ae7:
> 
>    docs: sphinx-static: switchers.js.in: do not mark branches as outdated (2022-04-20 17:24:31 +0100)
> 
> are available in the git repository at:
> 
>    git://git.yoctoproject.org/poky-contrib paule/4.0-release
>    https://urldefense.proofpoint.com/v2/url?u=http-3A__git.yoctoproject.org_cgit.cgi_poky-2Dcontrib_log_-3Fh-3Dpaule_4.0-2Drelease&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=EqIoJ_y3tXq4uqljGtktLeB3Ce4KlZ7iOyvGO8zY-MH9jmvcGSTX9RH691L9XyrZ&s=jmO7ie5Ed_r5bswYDAHp8Eagp7v2v6WRkQbvsFjQh-Q&e=
> 
> Paul Eggleton (9):
>    migration-3.4: add missing entry on EXTRA_USERS_PARAMS
>    ref-manual: add a note about hard-coded passwords
>    ref-manual: mention wildcarding support in INCOMPATIBLE_LICENSE
>    ref-manual: add mention of vendor filtering to CVE_PRODUCT
>    ref-manual: add KERNEL_DEBUG_TIMESTAMPS
>    ref-manual: add XZ_THREADS and ZSTD_THREADS
>    ref-manual: add empty-dirs QA check and QA_EMPTY_DIRS*
>    migration-guides: complete migration guide for 4.0
>    migration-guides: add release notes for 4.0
> 
>   documentation/migration-guides/migration-3.4.rst   |   7 +
>   documentation/migration-guides/migration-4.0.rst   | 345 +++++---
>   .../migration-guides/release-notes-4.0.rst         | 864 +++++++++++++++++++++
>   documentation/ref-manual/classes.rst               |  12 +
>   documentation/ref-manual/qa-checks.rst             |  10 +-
>   documentation/ref-manual/variables.rst             |  48 +-
>   6 files changed, 1161 insertions(+), 125 deletions(-)
>   create mode 100644 documentation/migration-guides/release-notes-4.0.rst
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#2822): https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.yoctoproject.org_g_docs_message_2822&d=DwIFaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=EqIoJ_y3tXq4uqljGtktLeB3Ce4KlZ7iOyvGO8zY-MH9jmvcGSTX9RH691L9XyrZ&s=J55Nz0TXFpYytNngHFC3pd65fTpEjZji0l5Mg1d9Qdk&e=
> Mute This Topic: https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.yoctoproject.org_mt_90619754_6293953&d=DwIFaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=EqIoJ_y3tXq4uqljGtktLeB3Ce4KlZ7iOyvGO8zY-MH9jmvcGSTX9RH691L9XyrZ&s=_eT6jo22vBbP9p7Y1I_vH1sXa9h1SMpErlXnr1lzopg&e=
> Group Owner: docs+owner@lists.yoctoproject.org
> Unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.yoctoproject.org_g_docs_unsub&d=DwIFaQ&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=EqIoJ_y3tXq4uqljGtktLeB3Ce4KlZ7iOyvGO8zY-MH9jmvcGSTX9RH691L9XyrZ&s=RTytxGd1r9IcSjWTNsu6-Gfw7N3gNMCI6Oj_f830xFo&e=  [quentin.schulz@theobroma-systems.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [docs] [PATCH 6/9] ref-manual: add XZ_THREADS and ZSTD_THREADS

[Richard Purdie]

On Fri, 2022-04-22 at 12:40 +0200, Quentin Schulz wrote:
> Hi Paul,
> 
> On 4/22/22 03:40, Paul Eggleton wrote:
> > ZSTD_THREADS is new for kirkstone, XZ_THREADS was introduced in dunfell.
> > 
> 
> Separate patch please so XZ_THREADS can be backported to all branches up 
> to dunfell.
> 
> > Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> > ---
> >   documentation/ref-manual/variables.rst | 13 ++++++++++++-
> >   1 file changed, 12 insertions(+), 1 deletion(-)
> > 
> > diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
> > index b9448b8..4803578 100644
> > --- a/documentation/ref-manual/variables.rst
> > +++ b/documentation/ref-manual/variables.rst
> > @@ -8737,4 +8737,15 @@ system and gives an overview of their function and contents.
> >   
> >         The default value of :term:`XSERVER`, if not specified in the machine
> >         configuration, is "xserver-xorg xf86-video-fbdev xf86-input-evdev".
> > -
> > +
> > +   :term:`XZ_THREADS`
> > +      Specifies the number of parallel threads that should be used when
> > +      using xz compression. By default this scales with core count, but
> > +      is never set less than 2 to ensure that multi-threaded mode is
> > +      always used (so that the output file contents are deterministic).
> > +
> 
> I don't see how having it set to 1 breaks deterministic builds, do you 
> mind explaining?
> 
> Also, this feels like explanation of the implementation more than what 
> the user should do with this variable.

I think having a cautionary note here about reproducible builds is important.

> If the variable should never be <2, then it needs to be explicitly 
> stated here (and eventually the reason).

You can set it, you just won't have reproducible builds.

> Maybe it'd make sense to explain why would anyone want to modify this 
> variable (which IIRC, is for when you have a nproc/ram too high and it 
> OOMs when creating packages).

That would be nice, yes.

I've gone ahead and tried a new version of this patch split into two and adding
XZ_MEMLIMIT too (ZSTD doesn't have that).

Cheers,

Richard

Re: [docs] [PATCH 8/9] migration-guides: complete migration guide for 4.0

[Richard Purdie]

On Fri, 2022-04-22 at 13:10 +0200, Quentin Schulz wrote:
> On 4/22/22 03:40, Paul Eggleton wrote:
> > -Changes for release notes
> > --------------------------
> > -
> > -- Share State cache: now using `ZStandard (zstd) <https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Zstd&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=NFWUBU2SJa-7sMMP9YjjqDqnazkKmPYZmWozo_Fi3AGUKfgRkBmXN4PM3mfOkZO5&s=V_Vs2jVTKsmqXE6NV545ZU65Zx8CQJeXVIaQKEnPj2w&e= >`__
> > -  instead of Gzip compression, for better performance.
> > -
> > -- BitBake has an improved ``setscene`` task display.
> > +- ``gcc`` version 7.5 is now required at minimum on the build host. For older
> > +  host distributions where this is not available, you can use the
> > +  ``buildtools-extended-tarball`` (easily installable using
> > +  ``scripts/install-buildtools``).
> > +
> > +_append/_prepend in combination with other operators
> 
> s/_/:/

Tweaked in master-next, well spotted, thanks.

Cheers,

Richard

Re: [docs] [PATCH 6/9] ref-manual: add XZ_THREADS and ZSTD_THREADS

[Quentin Schulz]

Hi Richard,

On 4/22/22 13:46, Richard Purdie wrote:
> On Fri, 2022-04-22 at 12:40 +0200, Quentin Schulz wrote:
>> Hi Paul,
>>
>> On 4/22/22 03:40, Paul Eggleton wrote:
>>> ZSTD_THREADS is new for kirkstone, XZ_THREADS was introduced in dunfell.
>>>
>>
>> Separate patch please so XZ_THREADS can be backported to all branches up
>> to dunfell.
>>
>>> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
>>> ---
>>>    documentation/ref-manual/variables.rst | 13 ++++++++++++-
>>>    1 file changed, 12 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
>>> index b9448b8..4803578 100644
>>> --- a/documentation/ref-manual/variables.rst
>>> +++ b/documentation/ref-manual/variables.rst
>>> @@ -8737,4 +8737,15 @@ system and gives an overview of their function and contents.
>>>    
>>>          The default value of :term:`XSERVER`, if not specified in the machine
>>>          configuration, is "xserver-xorg xf86-video-fbdev xf86-input-evdev".
>>> -
>>> +
>>> +   :term:`XZ_THREADS`
>>> +      Specifies the number of parallel threads that should be used when
>>> +      using xz compression. By default this scales with core count, but
>>> +      is never set less than 2 to ensure that multi-threaded mode is
>>> +      always used (so that the output file contents are deterministic).
>>> +
>>
>> I don't see how having it set to 1 breaks deterministic builds, do you
>> mind explaining?
>>
>> Also, this feels like explanation of the implementation more than what
>> the user should do with this variable.
> 
> I think having a cautionary note here about reproducible builds is important.
> 
>> If the variable should never be <2, then it needs to be explicitly
>> stated here (and eventually the reason).
> 
> You can set it, you just won't have reproducible builds.
> 

My understanding right now is that builds with XZ_THREADS=1 are 
reproducible, and XZ_THREADS>2 are reproducible too. But if you switch 
between them, the builds aren't reproducible.

Is that correct?

Cheers,
Quentin

Re: [docs] [PATCH 6/9] ref-manual: add XZ_THREADS and ZSTD_THREADS

[Richard Purdie]

On Fri, 2022-04-22 at 14:47 +0200, Quentin Schulz wrote:
> Hi Richard,
> 
> On 4/22/22 13:46, Richard Purdie wrote:
> > On Fri, 2022-04-22 at 12:40 +0200, Quentin Schulz wrote:
> > > Hi Paul,
> > > 
> > > On 4/22/22 03:40, Paul Eggleton wrote:
> > > > ZSTD_THREADS is new for kirkstone, XZ_THREADS was introduced in dunfell.
> > > > 
> > > 
> > > Separate patch please so XZ_THREADS can be backported to all branches up
> > > to dunfell.
> > > 
> > > > Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> > > > ---
> > > >    documentation/ref-manual/variables.rst | 13 ++++++++++++-
> > > >    1 file changed, 12 insertions(+), 1 deletion(-)
> > > > 
> > > > diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
> > > > index b9448b8..4803578 100644
> > > > --- a/documentation/ref-manual/variables.rst
> > > > +++ b/documentation/ref-manual/variables.rst
> > > > @@ -8737,4 +8737,15 @@ system and gives an overview of their function and contents.
> > > >    
> > > >          The default value of :term:`XSERVER`, if not specified in the machine
> > > >          configuration, is "xserver-xorg xf86-video-fbdev xf86-input-evdev".
> > > > -
> > > > +
> > > > +   :term:`XZ_THREADS`
> > > > +      Specifies the number of parallel threads that should be used when
> > > > +      using xz compression. By default this scales with core count, but
> > > > +      is never set less than 2 to ensure that multi-threaded mode is
> > > > +      always used (so that the output file contents are deterministic).
> > > > +
> > > 
> > > I don't see how having it set to 1 breaks deterministic builds, do you
> > > mind explaining?
> > > 
> > > Also, this feels like explanation of the implementation more than what
> > > the user should do with this variable.
> > 
> > I think having a cautionary note here about reproducible builds is important.
> > 
> > > If the variable should never be <2, then it needs to be explicitly
> > > stated here (and eventually the reason).
> > 
> > You can set it, you just won't have reproducible builds.
> > 
> 
> My understanding right now is that builds with XZ_THREADS=1 are 
> reproducible, and XZ_THREADS>2 are reproducible too. But if you switch 
> between them, the builds aren't reproducible.
> 
> Is that correct?

Correct. If you have a pool of builders, they all need to do one or the other
too.

Cheers,

Richard