summaryrefslogtreecommitdiff
path: root/poky/documentation
diff options
context:
space:
mode:
authorPatrick Williams <patrick@stwcx.xyz>2023-06-15 20:50:14 +0300
committerPatrick Williams <patrick@stwcx.xyz>2023-06-15 23:22:16 +0300
commit6ad2fb6c009c7501865f18d8c14fbe1c06dd829d (patch)
treef81caa9afbcb1fd3d12d335fc95cb725672e2148 /poky/documentation
parentf4e5dde7fa70d6927253adf5cf32c31073293b32 (diff)
downloadopenbmc-6ad2fb6c009c7501865f18d8c14fbe1c06dd829d.tar.xz
subtree updates
meta-openembedded: c5668905a6..cbbaa82238: Alex Kiernan (1): lldpd: Upgrade 1.0.14 -> 1.0.15 Alexander Stein (1): dool: Add patch to fix rebuild Archana Polampalli (1): Nodejs - Upgrade to 16.18.1 Armin Kuster (2): meta-oe][PATCH] gst-editing-services: fix typo in LICENSE field. Revert "waf-samba.bbclass: point PYTHON_CONFIG to target python3-config" Arsalan H. Awan (1): meta-networking/licenses/netperf: remove unused license Changqing Li (3): redis: 7.0.5 -> 7.0.7 redis: 6.2.7 -> 6.2.8 redis: upgrade 7.0.9 -> 7.0.10 Chee Yang Lee (5): zsh: Fix CVE-2021-45444 fwupd: Fix CVE-2022-3287 redis: Upgrade to 7.0.8 redis: Upgrade to 6.2.9 tinyproxy: fix CVE-2022-40468 Chen Pei (1): botan: upgrade 2.19.2 -> 2.19.3 Chen Qi (4): xfce4-verve-plugin: fix do_configure faiure about missing libpcre networkmanager: fix dhcpcd PACKAGECONFIG networkmanager: install config files into correct place networkmanager: fix /etc/resolv.conf handling Dmitry Baryshkov (1): nss: fix cross-compilation error Geoff Parker (1): python3-pillow: add tk to RDEPENDS ptest pkg only if x11 in DISTRO_FEATURES Hermes Zhang (1): kernel_add_regdb: Change the task order Jasper Orschulko (1): python3-gcovr: Add missing runtime dependency Joe Slater (1): phoronix-test-suite: fix CVE-2022-40704 Kai Kang (2): freeradius: fix multilib systemd service start failure postfix: fix multilib conflict of sample-main.cf Khem Raj (15): gnome-text-editor: Add missing libpcre build time depenedency ettercap: Add missing dependency on libpcre imapfilter: Upgrade to 2.7.6 aufs-util: Fix build with large file support enabled systems volume-key: Inherit python3targetconfig audit: Inherit python3targetconfig waf-samba.bbclass: point PYTHON_CONFIG to target python3-config fontforge: Inherit python3targetconfig sshpass: Use SPDX identified string for GPLv2 perfetto: Do not pass TUNE_CCARGS to native/host compiler net-snmp: Fix build with clang16 ncmpc: Upgrade to 0.47 mpd: Upgrade to 0.23.12 release redis: Upgrade 6.x recipe to 6.2.11 redis: Upgrade 7.x to 7.0.9 Leon Anavi (1): python3-pythonping: Upgrade 1.1.3 -> 1.1.4 Markus Volk (3): libcamera: upgrade -> 0.0.1 blueman: add RDEPEND on python3-fcntl perfetto: pass TUNE_CCARGS to use machine tune Martin Jansa (11): monkey: use git fetcher nss: fix SRC_URI exiv2: fix SRC_URI mdns: use git fetcher zsh: fix installed-vs-shipped with multilib restinio: fix S variable in multilib builds mongodb: fix chown user for multilib builds pahole: respect libdir lvgl,lv-lib-png,lv-drivers: fix installed-vs-shipped QA issue with multilib lirc: fix do_install with multilib dleyna-{server,renderer}: fix dev-so QA issue with multilib Mathieu Dubois-Briand (2): nss: Add missing CVE product nss: Whitelist CVEs related to libnssdbm Mingli Yu (1): php: Upgrade to 8.1.16 Narpat Mali (1): net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception Omkar Patil (1): ntfs-3g-ntfsprogs: Upgrade 2022.5.17 to 2022.10.3 Peter Kjellerstedt (2): chrony: Make it possible to enable editline support again chrony: Remove the libcap and nss PACKAGECONFIGs Peter Marko (4): cpputest: remove dev package dependency ntp: whitelist CVE-2019-11331 c-ares: fix CVE-2022-4904 dnsmasq: fix CVE-2023-28450 Polampalli, Archana (1): nodejs: Upgrade 16.19.0 -> 16.19.1 Preeti Sachan (1): fluidsynth: update SRC_URI to remove non-existing 2.2.x branch Randy MacLeod (2): python3-pillow: add ptest support python3-pillow: Add distutils, unixadmin for ptest Robert Joslyn (1): fwupd: Fix plugin_gpio PACKAGECONFIG Samuli Piippo (1): protobuf: stage protoc binary to sysroot Stefan Ghinea (1): mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393 Tim Orling (1): nodejs: upgrade 16.18.1 -> 16.19.0 Tom Hochstein (1): nlohmann-json: Allow empty main package for SDK Valeria Petrov (1): apache2: upgrade 2.4.56 -> 2.4.57 Wang Mingyu (34): bats: upgrade 1.8.0 -> 1.8.2 ctags: upgrade 5.9.20221009.0 -> 5.9.20221016.0 fvwm: upgrade 2.6.9 -> 2.7.0 makedumpfile: upgrade 1.7.1 -> 1.7.2 sanlock: upgrade 3.8.4 -> 3.8.5 python3-astroid: upgrade 2.12.11 -> 2.12.12 python3-charset-normalizer: upgrade 2.1.1 -> 3.0.0 python3-google-api-python-client: upgrade 2.64.0 -> 2.65.0 python3-google-auth: upgrade 2.12.0 -> 2.13.0 python3-huey: upgrade 2.4.3 -> 2.4.4 python3-oauthlib: upgrade 3.2.1 -> 3.2.2 python3-pandas: upgrade 1.5.0 -> 1.5.1 python3-pika: upgrade 1.3.0 -> 1.3.1 python3-protobuf: upgrade 4.21.7 -> 4.21.8 python3-pywbemtools: upgrade 1.0.0 -> 1.0.1 python3-socketio: upgrade 5.7.1 -> 5.7.2 python3-sqlalchemy: upgrade 1.4.41 -> 1.4.42 tracker: upgrade 3.4.0 -> 3.4.1 wolfssl: upgrade 5.5.1 -> 5.5.2 cglm: upgrade 0.8.5 -> 0.8.7 ctags: upgrade 5.9.20221016.0 -> 5.9.20221023.0 function2: upgrade 4.2.1 -> 4.2.2 poco: upgrade 1.12.2 -> 1.12.3 audit: upgrade 3.0.8 -> 3.0.9 colord: upgrade 1.4.5 -> 1.4.6 smcroute: upgrade 2.5.5 -> 2.5.6 openwsman: upgrade 2.7.1 -> 2.7.2 python3-pillow: upgrade 9.2.0 -> 9.3.0 python3-pillow: upgrade 9.3.0 -> 9.4.0 apache2: upgrade 2.4.54 -> 2.4.55 python3-django: upgrade 4.1 -> 4.1.3 python3-django: upgrade 4.1.3 -> 4.1.6 apache2: upgrade 2.4.55 -> 2.4.56 openwsman: Change download branch from master to main. Xiangyu Chen (1): ipmitool: fix typo in .bb file's comments, using = instead of =? Yi Zhao (4): ostree: fix selinux policy rebuild error on first deployment strongswan: upgrade 5.9.8 -> 5.9.9 freeradius: Security fixes for CVE-2022-41860 CVE-2022-41861 apache2: use /run instead of /var/run for systemd volatile config Yogita Urade (1): multipath-tools: fix CVE-2022-41974 zhengruoqin (2): tcpslice: upgrade 1.5 -> 1.6 tio: upgrade 2.1 -> 2.2 meta-arm: 4ee457693e..58952aa7ba: Abdellatif El Khlifi (1): arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the user guide Adam Johnston (2): arm/trusted-services: Fix 'no such file' when building libts CI: Remove ts-smm-gateway from N1SDP Adrian Herrera (2): atp: decouple m5readfile from m5ops atp: move m5readfile to meta-gem5 Adrián Herrera Arcila (5): atp: fix failing test_readme gem5: support for EXTRAS atp: separate recipe for gem5 models atp: fix machine overrides in recipes ci: add meta-atp to check-layers Anton Antonov (1): arm-bsp/fvp-base: Enable virtio-rng support and unset preferred 5.15 kernel Daniel Díaz (1): arm-bsp/firmware-image-juno: Fix deployment of compressed Image Diego Sueiro (2): arm/classes: Introduce apply_local_src_patches bbclass arm/trusted-firmware-m: Fix local source patches application Emekcan (3): arm-bsp/trusted-services: add checks for null attributes in smm gateway arm-bsp/trusted-services: Fix GetNextVariable max_name_len in smm gateway arm/fvp: Upgrade Corstone1000 FVP Emekcan Aras (3): arm-bsp/documentation: corstone1000: update the user guide kas/corstone1000-base.yml: set refspec for Corstone1000 release arm/trusted-firmware-m: Do not use release branches Gowtham Suresh Kumar (6): arm/edk2-basetools: Add edk2 base tool native recipe arm-bsp/uefi_capsule: Add UEFI capsule generation class arm-bsp/corstone1000-image: Generate UEFI capsule for corstone1000 platform arm/edk2-basetools: Convert edk2 basetools recipes to native only arm-bsp/uefi_capsule: Use json file to pass capsule config arm-bsp/uefi_capsule: Move UEFI capsule to IMGDEPLOYDIR Jon Mason (4): CI: define DEFAULT_TAG and CPU_REQUEST arm-bsp/juno: move to compressed initramfs image arm-bsp/juno: Update kernel patches to the latest CI: dev kernel allow failure Luca Fancellu (1): arm,arm-bsp/recipes-kernel: don't use PN in arm-ffa-transport.inc Peter Hoyes (15): arm/fvp: Join cli arguments in verbose logging arm/lib: Factor out asyncio in FVPRunner arm/lib: Decouple console parsing from the FVPRunner arm/oeqa: Log the FVP output in OEFVPSSHTarget runfvp: Fix verbose output when using --console arm/fvp: Backport shlex.join from Python 3.8 arm/fvpboot: Disable timing annotation by default arm/classes: Ensure patch files are sorted in apply_local_src_patches arm/scp-firmware: Ensure CMAKE_BUILD_TYPE is capitalized arm/scp-firmware: Disable cppcheck arm/lib: Add XAUTHORITY to runfvp environment classes: Define FVP_ENV_PASSTHROUGH variable dependencies classes: Prevent passing None to the runfvp environment classes: Set ARMLMD_LICENSE_FILE in the runfvp environment CI: Add BUILD_ENABLE_REGEX option to conditionally enable builds Qi Feng (1): kas/fvp-baser-aemv8r64: Use langdale as kas default refspec Robbie Cao (1): arm/fvp-base-r-aem: upgrade to version 11.20.15 Ross Burton (9): arm/linux-arm64-ack: fix buildpaths in the perf Python module CI: revert a meta-clang change which breaks pixman (thus, xserver) CI: add variables needed for k8s runners CI: add tags to all jobs CI: no need to install telnet CI: use the .setup fragment in machine-coverage CI: fix builds with clang CI: pin to kas 3.2 as 3.2.1 fails arm-bsp/external-system: fix the gen_module race, again Rui Miguel Silva (4): arm/trusted-services: check before applying patches arm-bsp/trusted-services: psa test setup corstone1000 arm-bsp/trusted-firmware-m: adjust ps assets for corstone1000 kas/corstone500.yml: pin repos to langdale Vishnu Banavath (3): arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the release notes arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the change log arm-bsp/optee: register DRAM1 for N1SDP target poky: 6b9db5a99b..3e95f268ce: Adrian Freihofer (2): buildconf: compare abspath bblayers/setupwriters/oe-setup-layers: create dir if not exists Alejandro Hernandez Samaniego (2): baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES testimage: Fix error message to reflect new syntax Alex Kiernan (2): cargo_common.bbclass: Fix typos classes: image: Set empty weak default IMAGE_LINGUAS Alex Stewart (2): lsof: add update-alternatives logic opkg: upgrade to version 0.6.1 Alexander Kanavin (69): rust-target-config: match riscv target names with what rust expects rust: install rustfmt for riscv32 as well shadow: update 4.12.1 -> 4.12.3 lttng-modules: upgrade 2.13.4 -> 2.13.5 quilt: backport a patch to address grep 3.8 failures go: submit patch upstream go: update 1.19 -> 1.19.2 groff: submit patches upstream tcl: correct patch status lttng-tools: submit determinism.patch upstream kea: submit patch upstream ovmf: correct patches status libffi: submit patch upstream rust: submit a rewritten version of crossbeam_atomic.patch upstream ffmpeg: upgrade 5.1.1 -> 5.1.2 linux-firmware: upgrade 20220913 -> 20221012 xwayland: upgrade 22.1.3 -> 22.1.4 libffi: upgrade 3.4.2 -> 3.4.4 libical: upgrade 3.0.15 -> 3.0.16 mtd-utils: upgrade 2.1.4 -> 2.1.5 selftest: add a copy of previous mtd-utils version to meta-selftest gdk-pixbuf: upgrade 2.42.9 -> 2.42.10 pango: upgrade 1.50.10 -> 1.50.11 pango: replace a recipe fix with an upstream submitted patch gstreamer1.0: upgrade 1.20.3 -> 1.20.4 libepoxy: convert to git libepoxy: update 1.5.9 -> 1.5.10 mesa: do not rely on native llvm-config in target sysroot systemd: update 251.4 -> 251.8 vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that gnomebase.bbclass: return the whole version for tarball directory if it is a number glibc-tests: correctly pull in the actual tests when installing -ptest package libnewt: update 0.52.21 -> 0.52.23 ruby: merge .inc into .bb ruby: update 3.1.2 -> 3.1.3 tzdata: update 2022d -> 2022g cmake: update 3.24.0 -> 3.24.2 devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree libarchive: upgrade 3.6.1 -> 3.6.2 go: update 1.19.3 -> 1.19.4 devtool: process local files only for the main branch libksba: update 1.6.2 -> 1.6.3 linux-firmware: upgrade 20221109 -> 20221214 xwayland: upgrade 22.1.5 -> 22.1.7 xserver-xorg: upgrade 21.1.4 -> 21.1.6 selftest/virgl: use pkg-config from the host vulkan-samples: branch rename master -> main gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal diffutils: update 3.8 -> 3.9 lttng-tools: update 2.13.8 -> 2.13.9 apr: update 1.7.0 -> 1.7.2 apr-util: update 1.6.1 -> 1.6.3 bind: upgrade 9.18.10 -> 9.18.11 libjpeg-turbo: upgrade 2.1.4 -> 2.1.5 pkgconf: upgrade 1.9.3 -> 1.9.4 linux-firmware: upgrade 20221214 -> 20230117 sudo: upgrade 1.9.12p1 -> 1.9.12p2 libgit2: upgrade 1.5.0 -> 1.5.1 vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs dbus: upgrade 1.14.4 -> 1.14.6 linux-firmware: upgrade 20230117 -> 20230210 wireless-regdb: upgrade 2022.08.12 -> 2023.02.13 bblayers/makesetup: skip git repos that are submodules sudo: update 1.9.12p2 -> 1.9.13p2 libdnf: update 0.69.0 -> 0.70.0 pango: upgrade 1.50.12 -> 1.50.13 apt: re-enable version check devtool/upgrade: do not delete the workspace/recipes directory Alexey Smirnov (1): classes: make TOOLCHAIN more permissive for kernel Alexis Lothoré (1): oeqa/selftest/resulttooltests: fix minor typo Andrew Geissler (1): filemap.py: enforce maximum of 4kb block size Anton Antonov (1): rust: Do not use default compiler flags defined in CC crate Antonin Godard (2): busybox: always start do_compile with orig config files busybox: rm temporary files if do_compile was interrupted Armin Kuster (1): lttng-modules: Fix for 5.10.163 kernel version Arnout Vandecappelle (1): python3-pytest: depend on python3-tomli instead of python3-toml Arturo Buzarra (1): run-postinsts: Set dependency for ldconfig to avoid boot issues Benoît Mauduit (1): lib/oe/reproducible: Use git log without gpg signature Bernhard Rosenkränzer (1): cmake-native: Fix host tool contamination Bhabu Bindu (1): qemu: Fix CVE-2022-4144 Bruce Ashfield (35): linux-yocto/5.15: update to v5.15.72 linux-yocto/5.19: update to v5.19.14 kern-tools: fix relative path processing linux-yocto/5.15: update to v5.15.74 linux-yocto/5.15: update to v5.15.76 linux-yocto/5.15: update to v5.15.78 linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings linux-yocto/5.19: update to v5.19.16 linux-yocto/5.19: update to v5.19.17 linux-yocto/5.19: cfg: intel and vesa updates linux-yocto/5.19: security.cfg: remove configs which have been dropped linux-yocto/5.19: fix CONFIG_CRYPTO_CCM mismatch warnings linux-yocto/5.19: fix elfutils run-backtrace-native-core ptest failure kern-tools: integrate ZFS speedup patch linux-yocto/5.19: fix perf build with clang linux-yocto/5.15: ltp and squashfs fixes linux-yocto/5.15: fix perf build with clang linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off linux-yocto/5.15: update to v5.15.84 linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy linux-yocto/5.19: powerpc: Fix reschedule bug in KUAP-unlocked user copy linux-yocto/5.15: update to v5.15.87 linux-yocto/5.15: update to v5.15.89 linux-yocto/5.15: update to v5.15.91 lttng-modules: fix for kernel 6.2+ linux-yocto/5.15: update to v5.15.94 linux-yocto/5.15: update to v5.15.96 linux-yocto-rt/5.15: update to -rt59 linux-yocto/5.15: update to v5.15.98 linux-yocto/5.15: update to v5.15.103 lttng-modules: update to v2.13.9 kernel-devsrc: fix mismatched compiler warning linux-yocto/5.15: update to v5.15.106 linux-yocto/5.15: update to v5.15.107 linux-yocto/5.15: update to v5.15.108 Carlos Alberto Lopez Perez (3): xwayland: libxshmfence is needed when dri3 is enabled mesa-gl: gallium is required when enabling x11 mesa-demos: packageconfig weston should have a dependency on wayland-protocols Changqing Li (2): base.bbclass: Fix way to check ccache path apt: fix do_package_qa failure Charlie Johnston (1): opkg: ensure opkg uses private gpg.conf when applying keys. Chee Yang Lee (5): git: upgrade to 2.37.5 tiff: fix multiple CVEs git: ignore CVE-2023-22743 tiff: Fix CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 go: upgrade to 1.19.7 Chen Qi (9): kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild dhcpcd: fix to work with systemd resolvconf: make it work psplash: consider the situation of psplash not exist for systemd bc: extend to nativesdk rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work dhcpcd: backport two patches to fix runtime error libseccomp: fix typo in DESCRIPTION ffmpeg: fix configure failure on noexec /tmp host Chris Elledge (1): busybox: move hwclock init earlier in startup Christian Eggers (1): linux-firmware: split rtl8761 firmware Christoph Lauer (1): populate_sdk_base: add zip options Claus Stovgaard (1): gstreamer1.0-libav: fix errors with ffmpeg 5.x Diego Sueiro (1): kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR Dmitry Baryshkov (5): linux-firmware: upgrade 20221012 -> 20221109 linux-firmware: add new fw file to ${PN}-qcom-adreno-a530 linux-firmware: properly set license for all Qualcomm firmware linux-firmware: add yamato fw files to qcom-adreno-a2xx package ffmpeg: fix build failure when vulkan is enabled Ed Tanous (1): openssl: Upgrade 3.0.5 -> 3.0.7 Enguerrand de Ribaucourt (1): bitbake-layers: fix a typo Enrico Jörns (8): sstatesig: emit more helpful error message when not finding sstate manifest oeqa/selftest/cases/runqemu: update imports oeqa/targetcontrol: fix misspelled RuntimeError oeqa/targetcontrol: do not set dump_host_cmds redundantly oeqa/targetcontrol: remove unused imports oeqa/utils/commands: fix usage of undefined EPIPE oeqa/utils/commands: remove unused imports oeqa/utils/qemurunner: replace hard-coded user 'root' in debug output Etienne Cordonnier (2): mirrors.bbclass: use shallow tarball for binutils-native bitbake: siggen: Fix inefficient string concatenation Fawzi KHABER (3): ref-manual: update DEV_PKG_DEPENDENCY in variables package.bbclass: check packages name conflict in do_package oeqa/selftest/cases/package.py: adding unittest for package rename conflicts Federico Pellegrin (1): curl: fix dependencies when building with ldap/ldaps Frank de Brabander (2): bitbake: process: log odd unlink events with bitbake.sock bitbake: bin/utils: Ensure locale en_US.UTF-8 is available on the system Frederic Martinsons (1): cargo.bbclass: use offline mode for building Geoffrey GIRY (2): cve-extra-exclusions: ignore inapplicable linux-yocto CVEs cve-check: Fix false negative version issue Harald Seiler (2): opkg: Set correct info_dir and status_file in opkg.conf bootchart2: Fix usrmerge support He Zhe (1): lttng-modules: update 2.13.7 -> 2.13.8 Hitendra Prajapati (3): openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption libarchive: CVE-2022-36227 NULL pointer dereference in archive_write.c libxml2: Fix CVE-2022-40303 && CVE-2022-40304 Jagadeesh Krishnanjanappa (1): qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image Jan Kircher (1): toolchain-scripts: compatibility with unbound variable protection Jan-Simon Moeller (1): buildtools-tarball: export certificates to python and curl Jeremy Puhlman (1): qemu-native: Add PACKAGECONFIG option for jack Jermain Horsman (1): cve-check: write the cve manifest to IMGDEPLOYDIR Jose Quaresma (10): kernel-yocto: improve fatal error messages of symbol_why.py archiver: avoid using machine variable as it breaks multiconfig sstatesig: skip the rm_work task signature rm_work: exclude the SSTATETASKS from the rm_work tasks sinature sstate: Allow optimisation of do_deploy_archives task dependencies Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test" gstreamer1.0: Fix race conditions in gstbin tests oeqs/selftest: OESelftestTestContext: replace the os.environ after subprocess.check_output oeqa/selftest: OESelftestTestContext: convert relative to full path when newbuilddir is provided oeqa/selftest/reproducible: Split different packages from missing packages output Joshua Watt (6): runqemu: Do not perturb script environment runqemu: Fix gl-es argument from causing other arguments to be ignored qemu-helper-native: Re-write bridge helper as C program qemu-helper-native: Correctly pass program name as argv[0] scripts: convert-overrides: Allow command-line customizations classes/populate_sdk_base: Append cleandirs Justin Bronder (1): bitbake: asyncrpc: serv: correct closed client socket detection Kai Kang (3): mesa: only apply patch to fix ALWAYS_INLINE for native libuv: fixup SRC_URI xserver-xorg: 21.1.6 -> 21.1.7 Keiya Nobuta (1): create-spdx: Remove ";name=..." for downloadLocation Kenfe-Mickael Laventure (3): buildtools-tarball: Handle spaces within user $PATH toolchain-scripts: Handle spaces within user $PATH populate_sdk_ext: Handle spaces within user $PATH Khem Raj (11): tiff: Add packageconfig knob for webp createrepo-c: Include missing rpm/rpmstring.h libtirpc: Check if file exists before operating on it libusb1: Link with latomic only if compiler has no atomic builtins libusb1: Strip trailing whitespaces scons: Pass MAXLINELENGTH to scons invocation scons.bbclass: Make MAXLINELENGTH overridable libcomps: Fix callback function prototype for PyCOMPS_hash rpm: Fix hdr_hash function prototype systemd.bbclass: Add /usr/lib/systemd to searchpaths as well Revert "runqemu: Add workaround for APIC hang on pre 4.15 kernels on qemux86" Konrad Weihmann (1): create-spdx: default share_src for shared sources Lee Chee Yang (2): git: Upgrade to 2.37.4 migration-guides: add release-notes for 4.0.7 Leon Anavi (1): get_module_deps3.py: Check attribute '__file__' Liam Beguin (1): meson: make wrapper options sub-command specific Louis Rannou (1): oeqa/selftest/locales: Add selftest for locale generation/presence Luca Boccassi (1): systemd: add systemd-creds and systemd-cryptenroll to systemd-extra-utils Luis (1): rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively Marek Vasut (5): bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware systemd: Make importd depend on glib-2.0 again bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata bitbake: fetch2/git: Clarify the meaning of namespace cpio: Fix wrong CRC with ASCII CRC for large files Mark Asselstine (1): bitbake: bitbake: bitbake-layers: checkout layer(s) branch when clone exists Markus Volk (2): mesa: update 22.2.0 -> 22.2.2 librsvg: enable vapi build Marta Rybczynska (1): cve-update-db-native: avoid incomplete updates Martin Jansa (12): vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack externalsrc.bbclass: fix git repo detection libxml2: fix test data checksums meta: remove True option to getVar and getVarFlag calls (again) timezone: use 'tz' subdir instead of ${WORKDIR} directly tzdata: use separate B instead of WORKDIR for zic output tzcode-native: fix build with gcc-13 on host selftest: devtool: set BB_HASHSERVE_UPSTREAM when setting SSTATE_MIRROR bmap-tools: switch to main branch selftest: runqemu: better check for ROOTFS: in the log selftest: runqemu: use better error message when asserts fail runqemu: respect IMAGE_LINK_NAME Mateusz Marciniec (1): sstatesig: Improve output hash calculation Mathieu Dubois-Briand (1): dbus: Add missing CVE product name Mauro Queiros (1): image.bbclass: print all QA functions exceptions Michael Halstead (3): uninative: Upgrade to 3.8.1 to include libgcc selftest/runtime_test/virgl: Disable for all Rocky Linux uninative: Upgrade to 3.9 to include glibc 2.37 Michael Opdenacker (13): bitbake: bitbake-user-manual: details about variable flags starting with underscore create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED backport SPDX documentation and vulnerability improvements Expand create-spdx class documentation Expand cve-check class documentation manuals: add 4.0.5 and 4.0.6 release notes dev-manual: fix old override syntax ref-manual: variables.rst: fix broken hyperlink profile-manual: update WireShark hyperlinks bsp-guide: fix broken git URLs and missing word manuals: update patchwork instance URL dev-manual: common-tasks.rst: add link to FOSDEM 2023 video migration-guides: update release notes Mikko Rapeli (13): common-tasks.rst: fix oeqa runtime test path oeqa context.py: fix --target-ip comment to include ssh port number oeqa ssh.py: move output prints to new line oeqa ssh.py: add connection keep alive options to ssh client oeqa dump.py: add error counter and stop after 5 failures oeqa qemurunner: read more data at a time from serial oeqa qemurunner.py: add timeout to QMP calls oeqa qemurunner.py: try to avoid reading one character at a time oeqa ssh.py: fix hangs in run() runqemu: kill qemu if it hangs oeqa rtc.py: skip if read-only-rootfs oeqa ping.py: avoid busylooping failing ping command oeqa ping.py: fail test if target IP address has not been set Ming Liu (1): linux: inherit pkgconfig in kernel.bbclass Mingli Yu (6): grub: disable build on armv7ve/a with hardfp glslang: branch rename master -> main mdadm: Fix testcase 06wrmostly mdadm: fix tests/02lineargrow mdadm: Fix raid0 tests report-error: catch Nothing PROVIDES error Narpat Mali (4): ffmpeg: fix for CVE-2022-3964 ffmpeg: fix for CVE-2022-3965 libseccomp: fix for the ptest result format python3-setuptools: fix for CVE-2022-40897 Nathan Rossi (2): oeqa/selftest/lic_checksum: Cleanup changes to emptytest include package: Fix handling of minidebuginfo with newer binutils Niko Mauno (3): systemd: Consider PACKAGECONFIG in RRECOMMENDS Fix missing leading whitespace with ':append' ref-manual: Fix invalid feature name Ola x Nilsson (1): kbd: Don't build tests Ovidiu Panait (1): kernel.bbclass: remove empty module directories to prevent QA issues Pavel Zhukov (4): bitbake: gitsm: Fix regression in gitsm submodule path parsing oeqa/rpm.py: Increase timeout and add debug output wic: Fix usage of fstype=none in wic u-boot: Map arm64 into map for u-boot dts installation Pawel Zalewski (1): classes/fs-uuid: Fix command output decoding issue Peter Bergin (1): gptfdisk: remove warning message from target system Peter Kjellerstedt (4): externalsrc.bbclass: Remove a trailing slash from ${B} pango: Make it build with ptest disabled librsvg: Only enable the Vala bindings if GObject Introspection is enabled devshell: Do not add scripts/git-intercept to PATH Peter Marko (6): systemd: add group render to udev package meta-selftest/staticids: add render group for systemd externalsrc: fix lookup for .gitmodules oeqa/selftest/externalsrc: add test for srctree_hash_files systemd: add group sgx to udev package gcc-shared-source: do not use ${S}/.. in deploy_source_date_epoch Petr Kubizňák (1): harfbuzz: remove bindir only if it exists Piotr Łobacz (1): systemd: fix wrong nobody-group assignment Polampalli, Archana (1): libpam: fix CVE-2022-28321 Qiu, Zheng (3): tiff: fix a typo for CVE-2022-2953.patch tiff: Security fix for CVE-2022-3970 vim: upgrade 9.0.0820 -> 9.0.0947 Quentin Schulz (4): cairo: update patch for CVE-2019-6461 with upstream solution docs: kernel-dev: faq: update tip on how to not include kernel in image docs: migration-4.0: specify variable name change for kernel inclusion in image recipe cairo: fix CVE patches assigned wrong CVE number Randy MacLeod (3): valgrind: skip the boost_thread test on arm vim: upgrade 9.0.0947 -> 9.0.1211 vim: upgrade 9.0.1403 -> 9.0.1429 Ranjitsinh Rathod (1): curl: Correct LICENSE from MIT-open-group to curl Ravula Adhitya Siddartha (2): linux-yocto/5.15: update genericx86* machines to v5.15.72 linux-yocto/5.19: update genericx86* machines to v5.19.14 Richard Purdie (37): build-appliance-image: Update to langdale head revision bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse lttng-modules: upgrade 2.13.5 -> 2.13.7 bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK gcc-shared-source: Fix source date epoch handling gcc-source: Fix gengtypes race gcc-source: Drop gengtype manipulation gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change sanity: Drop data finalize call oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file() qemu: Ensure libpng dependency is deterministic yocto-check-layer: Allow OE-Core to be tested oeqa/concurrencytest: Add number of failures to summary output build-appliance-image: Update to langdale head revision bitbake: server/process: Add bitbake.sock race handling native: Drop special variable handling kernel/linux-kernel-base: Fix kernel build artefact determinism issues make-mod-scripts: Ensure kernel build output is deterministic perf: Enable debug/source packaging libc-locale: Fix on target locale generation libssh2: Clean up ptest patch/coverage build-appliance-image: Update to langdale head revision bitbake: utils: Allow to_boolean to support int values bitbake: cookerdata: Remove incorrect SystemExit usage bitbake: cookerdata: Improve early exception handling bitbake: cookerdata: Drop dubious exception handling code binutils: Fix nativesdk ld.so search oeqa/selftest/prservice: Improve debug output for failure staging: Separate out different multiconfig manifests staging/multilib: Fix manifest corruption glibc: Add missing binutils dependency selftest/recipetool: Stop test corrupting tinfoil class base-files: Drop localhost.localdomain from hosts file pybootchartui: Fix python syntax issue pybootchart: Fix extents handling to account for cpu/io/mem pressure changes xdg-utils: Add a patch for CVE-2020-27748 xdg-utils: Fix CVE number Robert Andersson (1): go-crosssdk: avoid host contamination by GOCACHE Robert Joslyn (2): curl: Backport CVE fixes curl: Fix CVE-2022-43551 and CVE-2022-43552 Robert Yang (1): bitbake: fetch/git: Fix local clone url to make it work with repo Rodolfo Quesada Zumbado (1): tar: CVE-2022-48303 Romuald JEANNE (1): image_types: fix vname var init in multiubi_mkfs() function Romuald Jeanne (1): image_types: fix multiubi var init Ross Burton (48): libx11: apply the fix for CVE-2022-3554 xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific xserver-xorg: backport fixes for CVE-2022-3550 and CVE-2022-3551 tiff: fix a number of CVEs qemu: backport the fix for CVE-2022-3165 pango: upgrade 1.50.9 -> 1.50.10 zlib: do out-of-tree builds zlib: upgrade 1.2.12 -> 1.2.13 bitbake: fetch2/git: don't set core.fsyncobjectfiles=0 pixman: backport fix for CVE-2022-44638 sudo: backport fix for CVE-2022-43995 sanity: check for GNU tar specifically expat: upgrade to 2.5.0 oeqa/runtime/dnf: rewrite test_dnf_installroot_usrmerge insane: add codeload.github.com to src-uri-bad check linux-firmware: don't put the firmware into the sysroot lib/buildstats: fix parsing of trees with reduced_proc_pressure directories combo-layer: remove unused import combo-layer: dont use bb.utils.rename combo-layer: add sync-revs command libepoxy: remove upstreamed patch cve-update-db-native: show IP on failure pango: upgrade 1.50.11 -> 1.50.12 oeqa/selftest/debuginfod: improve testcase curl: don't enable debug builds bitbake: bb/utils: include SSL certificate paths in export_proxies ppp: backport fix for CVE-2022-4603 quilt: fix intermittent failure in faildiff.test spirv-headers/spirv-tools: set correct branch name quilt: use upstreamed faildiff.test fix git: ignore CVE-2022-41953 buildtools-tarball: set pkg-config search path sdkext/cases/devtool: pass a logger to HTTPService httpserver: add error handler that write to the logger less: backport the fix for CVE-2022-46663 lib/buildstats: handle tasks that never finished cml1: remove redundant addtask shadow: ignore CVE-2016-15024 vim: add missing pkgconfig inherit vim: upgrade to 9.0.1403 vim: set modified-by to the recipe MAINTAINER meson: remove obsolete RPATH stripping patch lib/resulttool: fix typo breaking resulttool log --ptest scripts/lib/buildstats: handle top-level build_stats not being complete tzdata: upgrade to 2023c oeqa/runtime: clean up deprecated backslash expansion xserver-xorg: backport fix for CVE-2023-1393 screen: backport fix for CVE-2023-24626 Ryan Eatmon (1): go: Update reproducibility patch to fix panic errors Sakib Sajal (2): go: update 1.19.2 -> 1.19.3 git: upgrade 2.37.5 -> 2.37.6 Sandeep Gundlupet Raju (3): libdrm: Remove libdrm-kms package kernel-fitimage: Adjust order of dtb/dtbo files kernel-fitimage: Allow user to select dtb when multiple dtb exists Saul Wold (2): at: Change when files are copied busybox: Fix depmod patch Sean Anderson (3): uboot-sign: Fix using wrong KEY_REQ_ARGS kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all kernel-fitimage: Use KERNEL_OUTPUT_DIR where appropriate Sergei Zhmylev (2): wic: honor the SOURCE_DATE_EPOCH in case of updated fstab wic: make ext2/3/4 images reproducible Siddharth (1): harfbuzz: Security fix for CVE-2023-25193 Siddharth Doshi (3): openssl: Upgrade 3.0.7 -> 3.0.8 epiphany: Security fix for CVE-2023-26081 openssl: Security fix for CVE-2023-0464, CVE-2023-0465, CVE-2023-0466 Soumya (1): shadow: Fix can not print full login timeout message Steve Sakoman (8): poky.conf: bump version for 4.1.1 Revert "sudo: backport fix for CVE-2022-43995" poky.conf: bump version for 4.1.2 poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder system-requirements.rst: Add Fedora 36, AlmaLinux 8.7 & 9.1, and OpenSUSE 15.4 to list of supported distros poky.conf: bump version for 4.1.3 poky.conf: bump version for 4.1.4 build-appliance-image: Update to langdale head revision Sudip Mukherjee (1): libgit2: update license information Teoh Jay Shen (1): vim: Upgrade 9.0.0598 -> 9.0.0614 Thomas Perrot (1): xserver-xorg: move some recommended dependencies in required Thomas Roos (1): devtool: fix devtool finish when gitmodules file is empty Tim Orling (7): vim: upgrade 9.0.0614 -> 9.0.0820 python3-mako: upgrade 1.2.2 -> 1.2.3 mirrors.bbclass: update CPAN_MIRROR bitbake: toaster: fixtures/README: django 1.8 -> 3.2 bitbake: toaster: fixtures/gen_fixtures.py: update branches bitbake: toaster: Add refreshed oe-core and poky fixtures cracklib: update github branch to 'main' Tobias Hagelborn (2): sstate.bbclass: Fetch non-existing local .sig files if needed lib/oe/gpg_sign.py: Avoid race when creating .sig files in detach_sign Tom Hochstein (2): meson: Fix wrapper handling of implicit setup command oeqa/sdk: Improve Meson test Trevor Woerner (3): cups: use BUILDROOT instead of DESTDIR cups: check PACKAGECONFIG for pam feature cups: add/fix web interface packaging Ulrich Ölmann (4): recipe_sanity: fix old override syntax lsof: fix old override syntax update-alternatives: fix typos kernel-yocto: fix kernel-meta data detection Vincent Davis Jr (1): linux-firmware: package amdgpu firmware Vivek Kumbhar (1): openssl: fix CVE-2022-3996 double locking leads to denial of service Vyacheslav Yurkov (1): overlayfs: Allow not used mount points Wang Mingyu (26): bind: upgrade 9.18.7 -> 9.18.8 inetutils: upgrade 2.3 -> 2.4 socat: upgrade 1.7.4.3 -> 1.7.4.4 libxcrypt: upgrade 4.4.28 -> 4.4.30 xwayland: upgrade 22.1.4 -> 22.1.5 sysstat: upgrade 12.6.0 -> 12.6.1 mobile-broadband-provider-info: upgrade 20220725 -> 20221107 libsdl2: upgrade 2.24.1 -> 2.24.2 mesa: upgrade 22.2.2 -> 22.2.3 babeltrace: upgrade 1.5.8 -> 1.5.11 iso-codes: upgrade 4.11.0 -> 4.12.0 bind: upgrade 9.18.8 -> 9.18.9 libxcrypt-compat: upgrade 4.4.30 -> 4.4.33 mpfr: upgrade 4.1.0 -> 4.1.1 libpng: upgrade 1.6.38 -> 1.6.39 help2man: upgrade 1.49.2 -> 1.49.3 gstreamer1.0: upgrade 1.20.4 -> 1.20.5 bind: upgrade 9.18.9 -> 9.18.10 libjpeg-turbo: upgrade 2.1.5 -> 2.1.5.1 xwayland: upgrade 22.1.7 -> 22.1.8 iso-codes: upgrade 4.12.0 -> 4.13.0 libmicrohttpd: upgrade 0.9.75 -> 0.9.76 lua: Fix install conflict when enable multilib. vala: Fix install conflict when enable multilib. dhcpcd: Fix install conflict when enable multilib. xcb-proto: Fix install conflict when enable multilib. Xiangyu Chen (7): sudo: upgrade 1.9.11p3 -> 1.9.12p1 grub: backport patches to fix CVE-2022-28736 openssh: remove RRECOMMENDS to rng-tools for sshd package grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775 numactl: skip test case when target platform doesn't have 2 CPU node dhcpcd: fix dhcpcd start failure on qemuppc64 sudo: update 1.9.13p2 -> 1.9.13p3 Zoltan Boszormenyi (1): piglit: Fix build time dependency ciarancourtney (1): wic: swap partitions are not added to fstab leimaohui (1): libpng: Enable NEON for aarch64 to enensure consistency with arm32. pgowda (1): binutils: Add patch to fix CVE-2022-4285 wangmy (13): meson: upgrade 0.63.2 -> 0.63.3 mtools: upgrade 4.0.40 -> 4.0.41 ifupdown: upgrade 0.8.37 -> 0.8.39 gnutls: upgrade 3.7.7 -> 3.7.8 libcap: upgrade 2.65 -> 2.66 libical: upgrade 3.0.14 -> 3.0.15 numactl: upgrade 2.0.15 -> 2.0.16 wpebackend-fdo: upgrade 1.12.1 -> 1.14.0 libksba: upgrade 1.6.0 -> 1.6.2 libsdl2: upgrade 2.24.0 -> 2.24.1 lttng-ust: upgrade 2.13.4 -> 2.13.5 lighttpd: upgrade 1.4.66 -> 1.4.67 dbus: upgrade 1.14.0 -> 1.14.4 meta-security: 2aa48e6f4e..a4562b1912: Anton Antonov (2): Flush caches after OEQA tests Fix PACKAGECONFIG check in Parsec OEQA tests Armin Kuster (2): packagegroup-security-tpm2: restore pkgs removed earlier Revert "meta-parsec/layer.conf: Insert addpylib declaration" Peter Hoyes (1): meta-parsec/layer.conf: Insert addpylib declaration meta-raspberrypi: 722c51647c..8e3cbfa598: Andrei Gherzan (2): ci: Bump actions/checkout to v3 ci: Fix dco-check job with newer git versions Florin Sarbu (1): udev-rules-rpi: Use 99-com.rules directly from upstream Martin Jansa (1): raspberrypi4-64: drop DEFAULTTUNE assignment Sung Gon Kim (1): libcamera: rename bbappend to match any version Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: I394eff2a339089121317b9dfb1a2ff4dfcae3339
Diffstat (limited to 'poky/documentation')
-rw-r--r--poky/documentation/bsp-guide/bsp.rst6
-rw-r--r--poky/documentation/conf.py1
-rw-r--r--poky/documentation/dev-manual/common-tasks.rst310
-rw-r--r--poky/documentation/kernel-dev/faq.rst2
-rw-r--r--poky/documentation/migration-guides/migration-4.0.rst3
-rw-r--r--poky/documentation/migration-guides/release-4.0.rst6
-rw-r--r--poky/documentation/migration-guides/release-4.1.rst5
-rw-r--r--poky/documentation/migration-guides/release-notes-4.0.5.rst196
-rw-r--r--poky/documentation/migration-guides/release-notes-4.0.6.rst313
-rw-r--r--poky/documentation/migration-guides/release-notes-4.0.7.rst242
-rw-r--r--poky/documentation/migration-guides/release-notes-4.0.8.rst217
-rw-r--r--poky/documentation/migration-guides/release-notes-4.1.1.rst319
-rw-r--r--poky/documentation/migration-guides/release-notes-4.1.2.rst286
-rw-r--r--poky/documentation/migration-guides/release-notes-4.1.3.rst317
-rw-r--r--poky/documentation/overview-manual/yp-intro.rst2
-rw-r--r--poky/documentation/profile-manual/usage.rst6
-rw-r--r--poky/documentation/ref-manual/classes.rst74
-rw-r--r--poky/documentation/ref-manual/features.rst4
-rw-r--r--poky/documentation/ref-manual/system-requirements.rst8
-rw-r--r--poky/documentation/ref-manual/terms.rst28
-rw-r--r--poky/documentation/ref-manual/variables.rst102
21 files changed, 2339 insertions, 108 deletions
diff --git a/poky/documentation/bsp-guide/bsp.rst b/poky/documentation/bsp-guide/bsp.rst
index 7e17b42886..dbbcf47620 100644
--- a/poky/documentation/bsp-guide/bsp.rst
+++ b/poky/documentation/bsp-guide/bsp.rst
@@ -1180,14 +1180,14 @@ Use these steps to create a BSP layer:
:yocto_git:`Source Repositories <>`. To get examples of what you need
in your configuration file, locate a layer (e.g. "meta-ti") and
examine the
- :yocto_git:`local.conf </meta-ti/tree/conf/layer.conf>`
+ :yocto_git:`local.conf </meta-ti/tree/meta-ti-bsp/conf/layer.conf>`
file.
- *Create a Machine Configuration File:* Create a
``conf/machine/bsp_root_name.conf`` file. See
:yocto_git:`meta-yocto-bsp/conf/machine </poky/tree/meta-yocto-bsp/conf/machine>`
for sample ``bsp_root_name.conf`` files. There are other samples such as
- :yocto_git:`meta-ti </meta-ti/tree/conf/machine>`
+ :yocto_git:`meta-ti </meta-ti/tree/meta-ti-bsp/conf/machine>`
and
:yocto_git:`meta-freescale </meta-freescale/tree/conf/machine>`
from other vendors that have more specific machine and tuning
@@ -1210,7 +1210,7 @@ BSP Layer Configuration Example
-------------------------------
The layer's ``conf`` directory contains the ``layer.conf`` configuration
-file. In this example, the ``conf/layer.conf`` is the following::
+file. In this example, the ``conf/layer.conf`` file is the following::
# We have a conf and classes directory, add to BBPATH
BBPATH .= ":${LAYERDIR}"
diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py
index 07a15ce7de..bd45a73fa6 100644
--- a/poky/documentation/conf.py
+++ b/poky/documentation/conf.py
@@ -106,6 +106,7 @@ extlinks = {
'oe_wiki': ('https://www.openembedded.org/wiki%s', None),
'oe_layerindex': ('https://layers.openembedded.org%s', None),
'oe_layer': ('https://layers.openembedded.org/layerindex/branch/master/layer%s', None),
+ 'wikipedia': ('https://en.wikipedia.org/wiki/%s', None),
}
# Intersphinx config to use cross reference with BitBake user manual
diff --git a/poky/documentation/dev-manual/common-tasks.rst b/poky/documentation/dev-manual/common-tasks.rst
index 53e7686633..afea9ec72e 100644
--- a/poky/documentation/dev-manual/common-tasks.rst
+++ b/poky/documentation/dev-manual/common-tasks.rst
@@ -5092,9 +5092,9 @@ default :term:`FILES` variables in ``bitbake.conf``::
SOLIBS = ".so.*"
SOLIBSDEV = ".so"
- FILES_${PN} = "... ${libdir}/lib*${SOLIBS} ..."
+ FILES:${PN} = "... ${libdir}/lib*${SOLIBS} ..."
FILES_SOLIBSDEV ?= "... ${libdir}/lib*${SOLIBSDEV} ..."
- FILES_${PN}-dev = "... ${FILES_SOLIBSDEV} ..."
+ FILES:${PN}-dev = "... ${FILES_SOLIBSDEV} ..."
:term:`SOLIBS` defines a pattern that matches real shared object libraries.
:term:`SOLIBSDEV` matches the development form (unversioned symlink). These two
@@ -8902,21 +8902,21 @@ You can start the tests automatically or manually:
bitbake -c testimage image
-All test files reside in ``meta/lib/oeqa/runtime`` in the
+All test files reside in ``meta/lib/oeqa/runtime/cases`` in the
:term:`Source Directory`. A test name maps
directly to a Python module. Each test module may contain a number of
individual tests. Tests are usually grouped together by the area tested
-(e.g tests for systemd reside in ``meta/lib/oeqa/runtime/systemd.py``).
+(e.g tests for systemd reside in ``meta/lib/oeqa/runtime/cases/systemd.py``).
You can add tests to any layer provided you place them in the proper
area and you extend :term:`BBPATH` in
the ``local.conf`` file as normal. Be sure that tests reside in
-``layer/lib/oeqa/runtime``.
+``layer/lib/oeqa/runtime/cases``.
.. note::
Be sure that module names do not collide with module names used in
- the default set of test modules in ``meta/lib/oeqa/runtime``.
+ the default set of test modules in ``meta/lib/oeqa/runtime/cases``.
You can change the set of tests run by appending or overriding
:term:`TEST_SUITES` variable in
@@ -9009,7 +9009,7 @@ Writing New Tests
As mentioned previously, all new test files need to be in the proper
place for the build system to find them. New tests for additional
functionality outside of the core should be added to the layer that adds
-the functionality, in ``layer/lib/oeqa/runtime`` (as long as
+the functionality, in ``layer/lib/oeqa/runtime/cases`` (as long as
:term:`BBPATH` is extended in the
layer's ``layer.conf`` file as normal). Just remember the following:
@@ -10734,7 +10734,7 @@ without using the scripts once the steps in
command, see ``GIT-SEND-EMAIL(1)`` displayed using the
``man git-send-email`` command.
-The Yocto Project uses a `Patchwork instance <https://patchwork.openembedded.org/>`__
+The Yocto Project uses a `Patchwork instance <https://patchwork.yoctoproject.org/>`__
to track the status of patches submitted to the various mailing lists and to
support automated patch testing. Each submitted patch is checked for common
mistakes and deviations from the expected patch format and submitters are
@@ -11229,8 +11229,6 @@ to be covered by assuming that there are three main areas of concern:
- Compilation scripts and modifications to the source code must be
provided.
-- spdx files can be provided.
-
There are other requirements beyond the scope of these three and the
methods described in this section (e.g. the mechanism through which
source code is distributed).
@@ -11422,39 +11420,6 @@ layers (recipes, configuration files, and so forth) enables you to meet
your requirements to include the scripts to control compilation as well
as any modifications to the original source.
-Providing spdx files
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The spdx module has been integrated to a layer named meta-spdxscanner.
-meta-spdxscanner provides several kinds of scanner. If you want to enable
-this function, you have to follow the following steps:
-
-1. Add meta-spdxscanner layer into ``bblayers.conf``.
-
-2. Refer to the README in meta-spdxscanner to setup the environment (e.g,
- setup a fossology server) needed for the scanner.
-
-3. Meta-spdxscanner provides several methods within the bbclass to create spdx files.
- Please choose one that you want to use and enable the spdx task. You have to
- add some config options in ``local.conf`` file in your :term:`Build
- Directory`. Here is an example showing how to generate spdx files
- during BitBake using the fossology-python.bbclass::
-
- # Select fossology-python.bbclass.
- INHERIT += "fossology-python"
- # For fossology-python.bbclass, TOKEN is necessary, so, after setup a
- # Fossology server, you have to create a token.
- TOKEN = "eyJ0eXAiO..."
- # The fossology server is necessary for fossology-python.bbclass.
- FOSSOLOGY_SERVER = "http://xx.xx.xx.xx:8081/repo"
- # If you want to upload the source code to a special folder:
- FOLDER_NAME = "xxxx" //Optional
- # If you don't want to put spdx files in tmp/deploy/spdx, you can enable:
- SPDX_DEPLOY_DIR = "${DEPLOY_DIR}" //Optional
-
-For more usage information refer to :yocto_git:`the meta-spdxscanner repository
-</meta-spdxscanner/>`.
-
Compliance Limitations with Executables Built from Static Libraries
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -11495,12 +11460,12 @@ the license from the fetched source::
Checking for Vulnerabilities
============================
-Vulnerabilities in images
--------------------------
+Vulnerabilities in Poky and OE-Core
+-----------------------------------
The Yocto Project has an infrastructure to track and address unfixed
known security vulnerabilities, as tracked by the public
-`Common Vulnerabilities and Exposures (CVE) <https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures>`__
+:wikipedia:`Common Vulnerabilities and Exposures (CVE) <Common_Vulnerabilities_and_Exposures>`
database.
The Yocto Project maintains a `list of known vulnerabilities
@@ -11509,14 +11474,78 @@ for packages in Poky and OE-Core, tracking the evolution of the number of
unpatched CVEs and the status of patches. Such information is available for
the current development version and for each supported release.
-To know which packages are vulnerable to known security vulnerabilities
-in the specific image you are building, add the following setting to your
-configuration::
+Security is a process, not a product, and thus at any time, a number of security
+issues may be impacting Poky and OE-Core. It is up to the maintainers, users,
+contributors and anyone interested in the issues to investigate and possibly fix them by
+updating software components to newer versions or by applying patches to address them.
+It is recommended to work with Poky and OE-Core upstream maintainers and submit
+patches to fix them, see ":ref:`dev-manual/common-tasks:submitting a change to the yocto project`" for details.
+
+Vulnerability check at build time
+---------------------------------
+
+To enable a check for CVE security vulnerabilities using :ref:`cve-check <ref-classes-cve-check>` in the specific image
+or target you are building, add the following setting to your configuration::
INHERIT += "cve-check"
-This way, at build time, BitBake will warn you about known CVEs
-as in the example below::
+The CVE database contains some old incomplete entries which have been
+deemed not to impact Poky or OE-Core. These CVE entries can be excluded from the
+check using build configuration::
+
+ include conf/distro/include/cve-extra-exclusions.inc
+
+With this CVE check enabled, BitBake build will try to map each compiled software component
+recipe name and version information to the CVE database and generate recipe and
+image specific reports. These reports will contain:
+
+- metadata about the software component like names and versions
+
+- metadata about the CVE issue such as description and NVD link
+
+- for each software component, a list of CVEs which are possibly impacting this version
+
+- status of each CVE: ``Patched``, ``Unpatched`` or ``Ignored``
+
+The status ``Patched`` means that a patch file to address the security issue has been
+applied. ``Unpatched`` status means that no patches to address the issue have been
+applied and that the issue needs to be investigated. ``Ignored`` means that after
+analysis, it has been deemed to ignore the issue as it for example affects
+the software component on a different operating system platform.
+
+After a build with CVE check enabled, reports for each compiled source recipe will be
+found in ``build/tmp/deploy/cve``.
+
+For example the CVE check report for the ``flex-native`` recipe looks like::
+
+ $ cat poky/build/tmp/deploy/cve/flex-native
+ LAYER: meta
+ PACKAGE NAME: flex-native
+ PACKAGE VERSION: 2.6.4
+ CVE: CVE-2016-6354
+ CVE STATUS: Patched
+ CVE SUMMARY: Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
+ CVSS v2 BASE SCORE: 7.5
+ CVSS v3 BASE SCORE: 9.8
+ VECTOR: NETWORK
+ MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6354
+
+ LAYER: meta
+ PACKAGE NAME: flex-native
+ PACKAGE VERSION: 2.6.4
+ CVE: CVE-2019-6293
+ CVE STATUS: Ignored
+ CVE SUMMARY: An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.
+ CVSS v2 BASE SCORE: 4.3
+ CVSS v3 BASE SCORE: 5.5
+ VECTOR: NETWORK
+ MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6293
+
+For images, a summary of all recipes included in the image and their CVEs is also
+generated in textual and JSON formats. These ``.cve`` and ``.json`` reports can be found
+in the ``tmp/deploy/images`` directory for each compiled image.
+
+At build time CVE check will also throw warnings about ``Unpatched`` CVEs::
WARNING: flex-2.6.4-r0 do_cve_check: Found unpatched CVE (CVE-2019-6293), for more information check /poky/build/tmp/work/core2-64-poky-linux/flex/2.6.4-r0/temp/cve.log
WARNING: libarchive-3.5.1-r0 do_cve_check: Found unpatched CVE (CVE-2021-36976), for more information check /poky/build/tmp/work/core2-64-poky-linux/libarchive/3.5.1-r0/temp/cve.log
@@ -11525,21 +11554,46 @@ It is also possible to check the CVE status of individual packages as follows::
bitbake -c cve_check flex libarchive
-Note that OpenEmbedded-Core keeps a list of known unfixed CVE issues which can
-be ignored. You can pass this list to the check as follows::
+Fixing CVE product name and version mappings
+--------------------------------------------
+
+By default, :ref:`cve-check <ref-classes-cve-check>` uses the recipe name :term:`BPN` as CVE
+product name when querying the CVE database. If this mapping contains false positives, e.g.
+some reported CVEs are not for the software component in question, or false negatives like
+some CVEs are not found to impact the recipe when they should, then the problems can be
+in the recipe name to CVE product mapping. These mapping issues can be fixed by setting
+the :term:`CVE_PRODUCT` variable inside the recipe. This defines the name of the software component in the
+upstream `NIST CVE database <https://nvd.nist.gov/>`__.
- bitbake -c cve_check libarchive -R conf/distro/include/cve-extra-exclusions.inc
+The variable supports using vendor and product names like this::
-Enabling vulnerabily tracking in recipes
-----------------------------------------
+ CVE_PRODUCT = "flex_project:flex"
-The :term:`CVE_PRODUCT` variable defines the name used to match the recipe name
-against the name in the upstream `NIST CVE database <https://nvd.nist.gov/>`__.
+In this example the vendor name used in the CVE database is ``flex_project`` and the
+product is ``flex``. With this setting the ``flex`` recipe only maps to this specific
+product and not products from other vendors with same name ``flex``.
-Editing recipes to fix vulnerabilities
---------------------------------------
+Similarly, when the recipe version :term:`PV` is not compatible with software versions used by
+the upstream software component releases and the CVE database, these can be fixed using
+the :term:`CVE_VERSION` variable.
+
+Note that if the CVE entries in the NVD database contain bugs or have missing or incomplete
+information, it is recommended to fix the information there directly instead of working
+around the issues possibly for a long time in Poky and OE-Core side recipes. Feedback to
+NVD about CVE entries can be provided through the `NVD contact form <https://nvd.nist.gov/info/contact-form>`__.
-To fix a given known vulnerability, you need to add a patch file to your recipe. Here's
+Fixing vulnerabilities in recipes
+---------------------------------
+
+If a CVE security issue impacts a software component, it can be fixed by updating to a newer
+version of the software component or by applying a patch. For Poky and OE-Core master branches, updating
+to a newer software component release with fixes is the best option, but patches can be applied
+if releases are not yet available.
+
+For stable branches, it is preferred to apply patches for the issues. For some software
+components minor version updates can also be applied if they are backwards compatible.
+
+Here is an example of fixing CVE security issues with patch files,
an example from the :oe_layerindex:`ffmpeg recipe</layerindex/recipe/47350>`::
SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
@@ -11551,31 +11605,21 @@ an example from the :oe_layerindex:`ffmpeg recipe</layerindex/recipe/47350>`::
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
file://fix-CVE-2021-33815.patch \
-The :ref:`cve-check <ref-classes-cve-check>` class defines two ways of
-supplying a patch for a given CVE. The first
-way is to use a patch filename that matches the below pattern::
+A good practice is to include the CVE identifier in both the patch file name
+and inside the patch file commit message using the format::
- cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
+ CVE: CVE-2020-22033
-As shown in the example above, multiple CVE IDs can appear in a patch filename,
-but the :ref:`cve-check <ref-classes-cve-check>` class will only consider
-the last CVE ID in the filename as patched.
+CVE checker will then capture this information and change the CVE status to ``Patched``
+in the generated reports.
-The second way to recognize a patched CVE ID is when a line matching the
-below pattern is found in any patch file provided by the recipe::
+If analysis shows that the CVE issue does not impact the recipe due to configuration, platform,
+version or other reasons, the CVE can be marked as ``Ignored`` using the :term:`CVE_CHECK_IGNORE` variable.
+As mentioned previously, if data in the CVE database is wrong, it is recommend to fix those
+issues in the CVE database directly.
- cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
-
-This allows a single patch file to address multiple CVE IDs at the same time.
-
-Of course, another way to fix vulnerabilities is to upgrade to a version
-of the package which is not impacted, typically a more recent one.
-The NIST database knows which versions are vulnerable and which ones
-are not.
-
-Last but not least, you can choose to ignore vulnerabilities through
-the :term:`CVE_CHECK_SKIP_RECIPE` and :term:`CVE_CHECK_IGNORE`
-variables.
+Recipes can be completely skipped by CVE check by including the recipe name in
+the :term:`CVE_CHECK_SKIP_RECIPE` variable.
Implementation details
----------------------
@@ -11592,24 +11636,110 @@ file. The found CVE IDs are also considered as patched.
Then, the code looks up all the CVE IDs in the NIST database for all the
products defined in :term:`CVE_PRODUCT`. Then, for each found CVE:
- - If the package name (:term:`PN`) is part of
- :term:`CVE_CHECK_SKIP_RECIPE`, it is considered as patched.
+- If the package name (:term:`PN`) is part of
+ :term:`CVE_CHECK_SKIP_RECIPE`, it is considered as ``Patched``.
- - If the CVE ID is part of :term:`CVE_CHECK_IGNORE`, it is
- considered as patched too.
+- If the CVE ID is part of :term:`CVE_CHECK_IGNORE`, it is
+ set as ``Ignored``.
- - If the CVE ID is part of the patched CVE for the recipe, it is
- already considered as patched.
+- If the CVE ID is part of the patched CVE for the recipe, it is
+ already considered as ``Patched``.
- - Otherwise, the code checks whether the recipe version (:term:`PV`)
+- Otherwise, the code checks whether the recipe version (:term:`PV`)
is within the range of versions impacted by the CVE. If so, the CVE
- is considered as unpatched.
+ is considered as ``Unpatched``.
The CVE database is stored in :term:`DL_DIR` and can be inspected using
``sqlite3`` command as follows::
sqlite3 downloads/CVE_CHECK/nvdcve_1.1.db .dump | grep CVE-2021-37462
+When analyzing CVEs, it is recommended to:
+
+- study the latest information in `CVE database <https://nvd.nist.gov/vuln/search>`__.
+
+- check how upstream developers of the software component addressed the issue, e.g.
+ what patch was applied, which upstream release contains the fix.
+
+- check what other Linux distributions like `Debian <https://security-tracker.debian.org/tracker/>`__
+ did to analyze and address the issue.
+
+- follow security notices from other Linux distributions.
+
+- follow public `open source security mailing lists <https://oss-security.openwall.org/wiki/mailing-lists>`__ for
+ discussions and advance notifications of CVE bugs and software releases with fixes.
+
+Creating a Software Bill of Materials
+=====================================
+
+Once you are able to build an image for your project, once the licenses for
+each software component are all identified (see
+":ref:`dev-manual/common-tasks:working with licenses`") and once vulnerability
+fixes are applied (see ":ref:`dev-manual/common-tasks:checking
+for vulnerabilities`"), the OpenEmbedded build system can generate
+a description of all the components you used, their licenses, their dependencies,
+the changes that were applied and the known vulnerabilities that were fixed.
+
+This description is generated in the form of a *Software Bill of Materials*
+(:term:`SBOM`), using the :term:`SPDX` standard.
+
+When you release software, this is the most standard way to provide information
+about the Software Supply Chain of your software image and SDK. The
+:term:`SBOM` tooling is often used to ensure open source license compliance by
+providing the license texts used in the product which legal departments and end
+users can read in standardized format.
+
+:term:`SBOM` information is also critical to performing vulnerability exposure
+assessments, as all the components used in the Software Supply Chain are listed.
+
+The OpenEmbedded build system doesn't generate such information by default.
+To make this happen, you must inherit the
+:ref:`create-spdx <ref-classes-create-spdx>` class from a configuration file::
+
+ INHERIT += "create-spdx"
+
+You then get :term:`SPDX` output in JSON format as an
+``IMAGE-MACHINE.spdx.json`` file in ``tmp/deploy/images/MACHINE/`` inside the
+:term:`Build Directory`.
+
+This is a toplevel file accompanied by an ``IMAGE-MACHINE.spdx.index.json``
+containing an index of JSON :term:`SPDX` files for individual recipes, together
+with an ``IMAGE-MACHINE.spdx.tar.zst`` compressed archive containing all such
+files.
+
+The :ref:`create-spdx <ref-classes-create-spdx>` class offers options to include
+more information in the output :term:`SPDX` data, such as making the generated
+files more human readable (:term:`SPDX_PRETTY`), adding compressed archives of
+the files in the generated target packages (:term:`SPDX_ARCHIVE_PACKAGED`),
+adding a description of the source files handled by the target recipes
+(:term:`SPDX_INCLUDE_SOURCES`) and adding archives of these source files
+themselves (:term:`SPDX_ARCHIVE_SOURCES`).
+
+Though the toplevel :term:`SPDX` output is available in
+``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`, ancillary
+generated files are available in ``tmp/deploy/spdx/MACHINE`` too, such as:
+
+- The individual :term:`SPDX` JSON files in the ``IMAGE-MACHINE.spdx.tar.zst``
+ archive.
+
+- Compressed archives of the files in the generated target packages,
+ in ``packages/packagename.tar.zst`` (when :term:`SPDX_ARCHIVE_PACKAGED`
+ is set).
+
+- Compressed archives of the source files used to build the host tools
+ and the target packages in ``recipes/recipe-packagename.tar.zst``
+ (when :term:`SPDX_ARCHIVE_SOURCES` is set). Those are needed to fulfill
+ "source code access" license requirements.
+
+See the `tools page <https://spdx.dev/resources/tools/>`__ on the :term:`SPDX`
+project website for a list of tools to consume and transform the :term:`SPDX`
+data generated by the OpenEmbedded build system.
+
+See also Joshua Watt's
+`Automated SBoM generation with OpenEmbedded and the Yocto Project <https://youtu.be/Q5UQUM6zxVU>`__
+presentation at FOSDEM 2023.
+
+
Using the Error Reporting Tool
==============================
diff --git a/poky/documentation/kernel-dev/faq.rst b/poky/documentation/kernel-dev/faq.rst
index e40e3ff372..76923f6104 100644
--- a/poky/documentation/kernel-dev/faq.rst
+++ b/poky/documentation/kernel-dev/faq.rst
@@ -36,7 +36,7 @@ How do I install/not-install the kernel image on the root filesystem?
The kernel image (e.g. ``vmlinuz``) is provided by the
``kernel-image`` package. Image recipes depend on ``kernel-base``. To
specify whether or not the kernel image is installed in the generated
-root filesystem, override ``RDEPENDS:${KERNEL_PACKAGE_NAME}-base`` to include or not
+root filesystem, override ``RRECOMMENDS:${KERNEL_PACKAGE_NAME}-base`` to include or not
include "kernel-image". See the
":ref:`dev-manual/common-tasks:appending other layers metadata with your layer`"
section in the
diff --git a/poky/documentation/migration-guides/migration-4.0.rst b/poky/documentation/migration-guides/migration-4.0.rst
index 02d3c3e2bd..ab82280f5e 100644
--- a/poky/documentation/migration-guides/migration-4.0.rst
+++ b/poky/documentation/migration-guides/migration-4.0.rst
@@ -265,3 +265,6 @@ Miscellaneous changes
when parsing recipes. Any code depending on the previous behaviour will no longer
work - change any such code to explicitly use appropriate path variables instead.
+- In order to exclude the kernel image from the image rootfs,
+ :term:`RRECOMMENDS`\ ``:${KERNEL_PACKAGE_NAME}-base`` should be set instead of
+ :term:`RDEPENDS`\ ``:${KERNEL_PACKAGE_NAME}-base``.
diff --git a/poky/documentation/migration-guides/release-4.0.rst b/poky/documentation/migration-guides/release-4.0.rst
index 9f67daaffb..2294265a46 100644
--- a/poky/documentation/migration-guides/release-4.0.rst
+++ b/poky/documentation/migration-guides/release-4.0.rst
@@ -1,3 +1,5 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
Release 4.0 (kirkstone)
=======================
@@ -9,3 +11,7 @@ Release 4.0 (kirkstone)
release-notes-4.0.2
release-notes-4.0.3
release-notes-4.0.4
+ release-notes-4.0.5
+ release-notes-4.0.6
+ release-notes-4.0.7
+ release-notes-4.0.8
diff --git a/poky/documentation/migration-guides/release-4.1.rst b/poky/documentation/migration-guides/release-4.1.rst
index 8ebf4a4c95..dbca7c7e04 100644
--- a/poky/documentation/migration-guides/release-4.1.rst
+++ b/poky/documentation/migration-guides/release-4.1.rst
@@ -1,3 +1,5 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
Release 4.1 (langdale)
======================
@@ -5,3 +7,6 @@ Release 4.1 (langdale)
migration-4.1
release-notes-4.1
+ release-notes-4.1.1
+ release-notes-4.1.2
+ release-notes-4.1.3
diff --git a/poky/documentation/migration-guides/release-notes-4.0.5.rst b/poky/documentation/migration-guides/release-notes-4.0.5.rst
new file mode 100644
index 0000000000..ea0280b03c
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.0.5.rst
@@ -0,0 +1,196 @@
+Release notes for Yocto-4.0.5 (Kirkstone)
+-----------------------------------------
+
+Security Fixes in Yocto-4.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- qemu: fix :cve:`2021-3750`, :cve:`2021-3611` and :cve:`2022-2962`
+- binutils : fix :cve:`2022-38126`, :cve:`2022-38127` and :cve:`2022-38128`
+- tff: fix :cve:`2022-2867`, :cve:`2022-2868` and :cve:`2022-2869`
+- inetutils: fix :cve:`2022-39028`
+- go: fix :cve:`2022-27664`
+
+Fixes in Yocto-4.0.5
+~~~~~~~~~~~~~~~~~~~~
+
+- Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks"
+- bind: upgrade to 9.18.7
+- binutils: stable 2.38 branch updates (dc2474e7)
+- bitbake: Fix npm to use https rather than http
+- bitbake: asyncrpc/client: Fix unix domain socket chdir race issues
+- bitbake: bitbake: Add copyright headers where missing
+- bitbake: gitsm: Error out if submodule refers to parent repo
+- bitbake: runqueue: Drop deadlock breaking force fail
+- bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig
+- bitbake: runqueue: Improve deadlock warning messages
+- bitbake: siggen: Fix insufficent entropy in sigtask file names
+- bitbake: tests/fetch: Allow handling of a file:// url within a submodule
+- build-appliance-image: Update to kirkstone head revision (4a88ada)
+- busybox: add devmem 128-bit support
+- classes: files: Extend overlayfs-etc class
+- coreutils: add openssl PACKAGECONFIG
+- create-pull-request: don't switch the git remote protocol to git://
+- dev-manual: fix reference to BitBake user manual
+- expat: upgrade 2.4.8 -> 2.4.9
+- files: overlayfs-etc: refactor preinit template
+- gcc-cross-canadian: add default plugin linker
+- gcc: add arm-v9 support
+- git: upgrade 2.35.4 -> 2.35.5
+- glibc-locale: explicitly remove empty dirs in ${libdir}
+- glibc-tests: use += instead of :append
+- glibc: stable 2.35 branch updates.(8d125a1f)
+- go-native: switch from SRC_URI:append to SRC_URI +=
+- image_types_wic.bbclass: fix cross binutils dependency
+- kern-tools: allow 'y' or 'm' to avoid config audit warnings
+- kern-tools: fix queue processing in relative TOPDIR configurations
+- kernel-yocto: allow patch author date to be commit date
+- libpng: upgrade to 1.6.38
+- linux-firmware: package new Qualcomm firmware
+- linux-firmware: upgrade 20220708 -> 20220913
+- linux-libc-headers: switch from SRC_URI:append to SRC_URI +=
+- linux-yocto-dev: add qemuarm64
+- linux-yocto/5.10: update to v5.10.149
+- linux-yocto/5.15: cfg: fix ACPI warnings for -tiny
+- linux-yocto/5.15: update to v5.15.68
+- local.conf.sample: correct the location of public hashserv
+- ltp: Fix pread02 case trigger the glibc overflow detection
+- lttng-modules: Fix crash on powerpc64
+- lttng-tools: Disable on qemuriscv32
+- lttng-tools: Disable on riscv32
+- migration-guides: add 4.0.4 release notes
+- oeqa/runtime/dnf: fix typo
+- own-mirrors: add crate
+- perf: Fix for recent kernel upgrades
+- poky.conf: bump version for 4.0.5
+- poky.yaml.in: update version requirements
+- python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI +=
+- python3: upgrade 3.10.4 -> 3.10.7
+- qemu: Backport patches from upstream to support float128 on qemu-ppc64
+- rpm: Remove -Wimplicit-function-declaration warnings
+- rpm: update to 4.17.1
+- rsync: update to 3.2.5
+- stress-cpu: disable float128 math on powerpc64 to avoid SIGILL
+- tune-neoversen2: support tune-neoversen2 base on armv9a
+- tzdata: update to 2022d
+- u-boot: switch from append to += in SRC_URI
+- uninative: Upgrade to 3.7 to work with glibc 2.36
+- vim: Upgrade to 9.0.0598
+- webkitgtk: Update to 2.36.7
+
+
+Known Issues in Yocto-4.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- There are recent CVEs in key components such as openssl. They are not included in this release as it was built before the issues were known and fixes were available but these are now available on the kirkstone branch.
+
+
+Contributors to Yocto-4.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Adrian Freihofer
+- Alexander Kanavin
+- Alexandre Belloni
+- Bhabu Bindu
+- Bruce Ashfield
+- Chen Qi
+- Daniel McGregor
+- Denys Dmytriyenko
+- Dmitry Baryshkov
+- Florin Diaconescu
+- He Zhe
+- Joshua Watt
+- Khem Raj
+- Martin Jansa
+- Michael Halstead
+- Michael Opdenacker
+- Mikko Rapeli
+- Mingli Yu
+- Neil Horman
+- Pavel Zhukov
+- Richard Purdie
+- Robert Joslyn
+- Ross Burton
+- Ruiqiang Hao
+- Samuli Piippo
+- Steve Sakoman
+- Sundeep KOKKONDA
+- Teoh Jay Shen
+- Tim Orling
+- Virendra Thakur
+- Vyacheslav Yurkov
+- Xiangyu Chen
+- Yash Shinde
+- pgowda
+- Wang Mingyu
+
+
+Repositories / Downloads for Yocto-4.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.5 </poky/log/?h=yocto-4.0.5>`
+- Git Revision: :yocto_git:`2e79b199114b25d81bfaa029ccfb17676946d20d </poky/commit/?id=2e79b199114b25d81bfaa029ccfb17676946d20d>`
+- Release Artefact: poky-2e79b199114b25d81bfaa029ccfb17676946d20d
+- sha: 7bcf3f901d4c5677fc95944ab096e9e306f4c758a658dde5befd16861ad2b8ea
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/poky-2e79b199114b25d81bfaa029ccfb17676946d20d.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/poky-2e79b199114b25d81bfaa029ccfb17676946d20d.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+- Tag: :oe_git:`yocto-4.0.5 </openembedded-core/log/?h=yocto-4.0.5>`
+- Git Revision: :oe_git:`fbdf93f43ff4b876487e1f26752598ec8abcb46e </openembedded-core/commit/?id=fbdf93f43ff4b876487e1f26752598ec8abcb46e>`
+- Release Artefact: oecore-fbdf93f43ff4b876487e1f26752598ec8abcb46e
+- sha: 2d9b5a8e9355b633bb57633cc8c2d319ba13fe4721f79204e61116b3faa6cbf1
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/oecore-fbdf93f43ff4b876487e1f26752598ec8abcb46e.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/oecore-fbdf93f43ff4b876487e1f26752598ec8abcb46e.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.5 </meta-mingw/log/?h=yocto-4.0.5>`
+- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>`
+- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1
+- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+
+meta-gplv2
+
+- Repository Location: :yocto_git:`/meta-gplv2`
+- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.5 </meta-gplv2/log/?h=yocto-4.0.5>`
+- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+- Tag: :oe_git:`yocto-4.0.5 </bitbake/log/?h=yocto-4.0.5>`
+- Git Revision: :oe_git:`c90d57497b9bcd237c3ae810ee8edb5b0d2d575a </bitbake/commit/?id=c90d57497b9bcd237c3ae810ee8edb5b0d2d575a>`
+- Release Artefact: bitbake-c90d57497b9bcd237c3ae810ee8edb5b0d2d575a
+- sha: 5698d548ce179036e46a24f80b213124c8825a4f443fa1d6be7ab0f70b01a9ff
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/bitbake-c90d57497b9bcd237c3ae810ee8edb5b0d2d575a.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/bitbake-c90d57497b9bcd237c3ae810ee8edb5b0d2d575a.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.5 </yocto-docs/log/?h=yocto-4.0.5>`
+- Git Revision: :yocto_git:`8c2f9f54e29781f4ee72e81eeaa12ceaa82dc2d3 </yocto-docs/commit/?id=8c2f9f54e29781f4ee72e81eeaa12ceaa82dc2d3>`
+
diff --git a/poky/documentation/migration-guides/release-notes-4.0.6.rst b/poky/documentation/migration-guides/release-notes-4.0.6.rst
new file mode 100644
index 0000000000..76d23fcf0c
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.0.6.rst
@@ -0,0 +1,313 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.6 (Kirkstone)
+-----------------------------------------
+
+Security Fixes in Yocto-4.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- bash: Fix :cve:`2022-3715`
+- curl: Fix :cve:`2022-32221`, :cve:`2022-42915` and :cve:`2022-42916`
+- dbus: Fix :cve:`2022-42010`, :cve:`2022-42011` and :cve:`2022-42012`
+- dropbear: Fix :cve:`2021-36369`
+- ffmpeg: Fix :cve:`2022-3964`, :cve:`2022-3965`
+- go: Fix :cve:`2022-2880`
+- grub2: Fix :cve:`2022-2601`, :cve:`2022-3775` and :cve:`2022-28736`
+- libarchive: Fix :cve:`2022-36227`
+- libpam: Fix :cve:`2022-28321`
+- libsndfile1: Fix :cve:`2021-4156`
+- lighttpd: Fix :cve:`2022-41556`
+- openssl: Fix :cve:`2022-3358`
+- pixman: Fix :cve:`2022-44638`
+- python3-mako: Fix :cve:`2022-40023`
+- python3: Fix :cve:`2022-42919`
+- qemu: Fix :cve:`2022-3165`
+- sysstat: Fix :cve:`2022-39377`
+- systemd: Fix :cve:`2022-3821`
+- tiff: Fix :cve:`2022-2953`, :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570`, :cve:`2022-3598` and :cve:`2022-3970`
+- vim: Fix :cve:`2022-3352`, :cve:`2022-3705` and :cve:`2022-4141`
+- wayland: Fix :cve:`2021-3782`
+- xserver-xorg: Fix :cve:`2022-3550` and :cve:`2022-3551`
+
+
+Fixes in Yocto-4.0.6
+~~~~~~~~~~~~~~~~~~~~
+
+- archiver: avoid using machine variable as it breaks multiconfig
+- babeltrace: upgrade to 1.5.11
+- bind: upgrade to 9.18.8
+- bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK
+- bitbake: gitsm: Fix regression in gitsm submodule path parsing
+- bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse
+- bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware
+- bluez5: add dbus to RDEPENDS
+- build-appliance-image: Update to kirkstone head revision
+- buildtools-tarball: export certificates to python and curl
+- cargo_common.bbclass: Fix typos
+- classes: make TOOLCHAIN more permissive for kernel
+- cmake-native: Fix host tool contamination (Bug: 14951)
+- common-tasks.rst: fix oeqa runtime test path
+- create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
+- create-spdx: Remove ";name=..." for downloadLocation
+- create-spdx: default share_src for shared sources
+- cve-update-db-native: add timeout to urlopen() calls
+- dbus: upgrade to 1.14.4
+- dhcpcd: fix to work with systemd
+- expat: upgrade to 2.5.0
+- externalsrc.bbclass: Remove a trailing slash from ${B}
+- externalsrc.bbclass: fix git repo detection
+- externalsrc: git submodule--helper list unsupported
+- gcc-shared-source: Fix source date epoch handling
+- gcc-source: Drop gengtype manipulation
+- gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change
+- gcc-source: Fix gengtypes race
+- gdk-pixbuf: upgrade to 2.42.10
+- get_module_deps3.py: Check attribute '__file__'
+- glib-2.0: fix rare GFileInfo test case failure
+- glibc-locale: Do not INHIBIT_DEFAULT_DEPS
+- gnomebase.bbclass: return the whole version for tarball directory if it is a number
+- gnutls: Unified package names to lower-case
+- groff: submit patches upstream
+- gstreamer1.0-libav: fix errors with ffmpeg 5.x
+- gstreamer1.0: upgrade to 1.20.4
+- ifupdown: upgrade to 0.8.39
+- insane.bbclass: Allow hashlib version that only accepts on parameter
+- iso-codes: upgrade to 4.12.0
+- kea: submit patch upstream (fix-multilib-conflict.patch)
+- kern-tools: fix relative path processing
+- kern-tools: integrate ZFS speedup patch
+- kernel-yocto: improve fatal error messages of symbol_why.py
+- kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR
+- kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
+- kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all
+- libcap: upgrade to 2.66
+- libepoxy: convert to git
+- libepoxy: update to 1.5.10
+- libffi: submit patch upstream (0001-arm-sysv-reverted-clang-VFP-mitigation.patch )
+- libffi: upgrade to 3.4.4
+- libical: upgrade to 3.0.16
+- libksba: upgrade to 1.6.2
+- libuv: fixup SRC_URI
+- libxcrypt: upgrade to 4.4.30
+- lighttpd: upgrade to 1.4.67
+- linux-firmware: add new fw file to ${PN}-qcom-adreno-a530
+- linux-firmware: don't put the firmware into the sysroot
+- linux-firmware: package amdgpu firmware
+- linux-firmware: split rtl8761 firmware
+- linux-firmware: upgrade to 20221109
+- linux-yocto/5.10: update genericx86* machines to v5.10.149
+- linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings
+- linux-yocto/5.15: update genericx86* machines to v5.15.72
+- linux-yocto/5.15: update to v5.15.78
+- ltp: backport clock_gettime04 fix from upstream
+- lttng-modules: upgrade to 2.13.7
+- lttng-tools: Upgrade to 2.13.8
+- lttng-tools: submit determinism.patch upstream
+- lttng-ust: upgrade to 2.13.5
+- meson: make wrapper options sub-command specific
+- meta-selftest/staticids: add render group for systemd
+- mirrors.bbclass: update CPAN_MIRROR
+- mirrors.bbclass: use shallow tarball for binutils-native
+- mobile-broadband-provider-info: upgrade 20220725 -> 20221107
+- mtd-utils: upgrade 2.1.4 -> 2.1.5
+- numactl: upgrade to 2.0.16
+- oe/packagemanager/rpm: don't leak file objects
+- oeqa/selftest/lic_checksum: Cleanup changes to emptytest include
+- oeqa/selftest/minidebuginfo: Create selftest for minidebuginfo
+- oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file()
+- openssl: Fix SSL_CERT_FILE to match ca-certs location
+- openssl: upgrade to 3.0.7
+- openssl: export necessary env vars in SDK
+- opkg-utils: use a git clone, not a dynamic snapshot
+- opkg: Set correct info_dir and status_file in opkg.conf
+- overlayfs: Allow not used mount points
+- ovmf: correct patches status
+- package: Fix handling of minidebuginfo with newer binutils
+- perf: Depend on native setuptools3
+- poky.conf: bump version for 4.0.6
+- psplash: add psplash-default in rdepends
+- psplash: consider the situation of psplash not exist for systemd
+- python3: advance to version 3.10.8
+- qemu-helper-native: Correctly pass program name as argv[0]
+- qemu-helper-native: Re-write bridge helper as C program
+- qemu-native: Add PACKAGECONFIG option for jack
+- qemu: add io_uring PACKAGECONFIG
+- quilt: backport a patch to address grep 3.8 failures
+- resolvconf: make it work
+- rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
+- runqemu: Do not perturb script environment
+- runqemu: Fix gl-es argument from causing other arguments to be ignored
+- sanity: Drop data finalize call
+- sanity: check for GNU tar specifically
+- scripts/oe-check-sstate: cleanup
+- scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot
+- scripts: convert-overrides: Allow command-line customizations
+- socat: upgrade to 1.7.4.4
+- SPDX and CVE documentation updates
+- sstate: Allow optimisation of do_deploy_archives task dependencies
+- sstatesig: emit more helpful error message when not finding sstate manifest
+- sstatesig: skip the rm_work task signature
+- sudo: upgrade to 1.9.12p1
+- systemd: Consider PACKAGECONFIG in RRECOMMENDS
+- systemd: add group render to udev package
+- tcl: correct patch status
+- tiff: refresh with devtool
+- tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch
+- u-boot: Remove duplicate inherit of cml1
+- uboot-sign: Fix using wrong KEY_REQ_ARGS
+- vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that
+- valgrind: remove most hidden tests for arm64
+- vim: Upgrade to 9.0.0947
+- vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack
+- wic: honor the SOURCE_DATE_EPOCH in case of updated fstab
+- wic: make ext2/3/4 images reproducible
+- wic: swap partitions are not added to fstab
+- wpebackend-fdo: upgrade to 1.14.0
+- xserver-xorg: move some recommended dependencies in required
+- xwayland: upgrade to 22.1.5
+
+
+Known Issues in Yocto-4.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Alex Kiernan
+- Alexander Kanavin
+- Alexey Smirnov
+- Bartosz Golaszewski
+- Bernhard Rosenkränzer
+- Bhabu Bindu
+- Bruce Ashfield
+- Chee Yang Lee
+- Chen Qi
+- Christian Eggers
+- Claus Stovgaard
+- Diego Sueiro
+- Dmitry Baryshkov
+- Ed Tanous
+- Enrico Jörns
+- Etienne Cordonnier
+- Frank de Brabander
+- Harald Seiler
+- Hitendra Prajapati
+- Jan-Simon Moeller
+- Jeremy Puhlman
+- Joe Slater
+- John Edward Broadbent
+- Jose Quaresma
+- Joshua Watt
+- Kai Kang
+- Keiya Nobuta
+- Khem Raj
+- Konrad Weihmann
+- Leon Anavi
+- Liam Beguin
+- Marek Vasut
+- Mark Hatle
+- Martin Jansa
+- Michael Opdenacker
+- Mikko Rapeli
+- Narpat Mali
+- Nathan Rossi
+- Niko Mauno
+- Pavel Zhukov
+- Peter Kjellerstedt
+- Peter Marko
+- Polampalli, Archana
+- Qiu, Zheng
+- Ravula Adhitya Siddartha
+- Richard Purdie
+- Ross Burton
+- Sakib Sajal
+- Sean Anderson
+- Sergei Zhmylev
+- Steve Sakoman
+- Teoh Jay Shen
+- Thomas Perrot
+- Tim Orling
+- Vincent Davis Jr
+- Vivek Kumbhar
+- Vyacheslav Yurkov
+- Wang Mingyu
+- Xiangyu Chen
+- Zheng Qiu
+- Ciaran Courtney
+- Wang Mingyu
+
+
+Repositories / Downloads for Yocto-4.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.6 </poky/log/?h=yocto-4.0.6>`
+- Git Revision: :yocto_git:`c4e08719a782fd4119eaf643907b80cebf57f88f </poky/commit/?id=c4e08719a782fd4119eaf643907b80cebf57f88f>`
+- Release Artefact: poky-c4e08719a782fd4119eaf643907b80cebf57f88f
+- sha: 2eb3b323dd2ccd25f9442bfbcbde82bc081fad5afd146a8e6dde439db24a99d4
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/poky-c4e08719a782fd4119eaf643907b80cebf57f88f.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/poky-c4e08719a782fd4119eaf643907b80cebf57f88f.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+- Tag: :oe_git:`yocto-4.0.6 </openembedded-core/log/?h=yocto-4.0.6>`
+- Git Revision: :oe_git:`45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2 </openembedded-core/commit/?id=45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2>`
+- Release Artefact: oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2
+- sha: de8b443365927befe67cc443b60db57563ff0726377223f836a3f3971cf405ec
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.6 </meta-mingw/log/?h=yocto-4.0.6>`
+- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>`
+- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1
+- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+
+meta-gplv2
+
+- Repository Location: :yocto_git:`/meta-gplv2`
+- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.6 </meta-gplv2/log/?h=yocto-4.0.6>`
+- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+- Tag: :oe_git:`yocto-4.0.6 </bitbake/log/?h=yocto-4.0.6>`
+- Git Revision: :oe_git:`7e268c107bb0240d583d2c34e24a71e373382509 </bitbake/commit/?id=7e268c107bb0240d583d2c34e24a71e373382509>`
+- Release Artefact: bitbake-7e268c107bb0240d583d2c34e24a71e373382509
+- sha: c3e2899012358c95962c7a5c85cf98dc30c58eae0861c374124e96d9556bb901
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.6 </yocto-docs/log/?h=yocto-4.0.6>`
+- Git Revision: :yocto_git:`c10d65ef3bbdf4fe3abc03e3aef3d4ca8c2ad87f </yocto-docs/commit/?id=c10d65ef3bbdf4fe3abc03e3aef3d4ca8c2ad87f>`
+
+
diff --git a/poky/documentation/migration-guides/release-notes-4.0.7.rst b/poky/documentation/migration-guides/release-notes-4.0.7.rst
new file mode 100644
index 0000000000..9e8ad51a0c
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.0.7.rst
@@ -0,0 +1,242 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.7 (Kirkstone)
+-----------------------------------------
+
+Security Fixes in Yocto-4.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- binutils: Fix :cve:`2022-4285`
+- curl: Fix :cve:`2022-43551` and `CVE-2022-43552 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552>`__
+- ffmpeg: Fix :cve:`2022-3109` and :cve:`2022-3341`
+- go: Fix :cve:`2022-41715` and :cve:`2022-41717`
+- libX11: Fix :cve:`2022-3554` and :cve:`2022-3555`
+- libarchive: Fix :cve:`2022-36227`
+- libksba: Fix :cve:`2022-47629`
+- libpng: Fix :cve:`2019-6129`
+- libxml2: Fix :cve:`2022-40303` and :cve:`2022-40304`
+- openssl: Fix :cve:`2022-3996`
+- python3: Fix :cve:`2022-45061`
+- python3-git: Fix :cve:`2022-24439`
+- python3-setuptools: Fix :cve:`2022-40897`
+- python3-wheel: Fix :cve:`2022-40898`
+- qemu: Fix :cve:`2022-4144`
+- sqlite: Fix :cve:`2022-46908`
+- systemd: Fix :cve:`2022-45873`
+- vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054` and :cve:`2023-0088`
+- webkitgtk: Fix :cve:`2022-32886`, `CVE-2022-32891 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32891>`__ and :cve:`2022-32912`
+
+
+Fixes in Yocto-4.0.7
+~~~~~~~~~~~~~~~~~~~~
+
+- Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test"
+- at: Change when files are copied
+- baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES
+- base.bbclass: Fix way to check ccache path
+- bc: extend to nativesdk
+- bind: upgrade to 9.18.10
+- busybox: always start do_compile with orig config files
+- busybox: rm temporary files if do_compile was interrupted
+- cairo: fix CVE patches assigned wrong CVE number
+- cairo: update patch for :cve:`2019-6461` with upstream solution
+- classes/create-spdx: Add SPDX_PRETTY option
+- classes: image: Set empty weak default IMAGE_LINGUAS
+- combo-layer: add sync-revs command
+- combo-layer: dont use bb.utils.rename
+- combo-layer: remove unused import
+- curl: Correct LICENSE from MIT-open-group to curl
+- cve-check: write the cve manifest to IMGDEPLOYDIR
+- cve-update-db-native: avoid incomplete updates
+- cve-update-db-native: show IP on failure
+- dbus: Add missing CVE product name
+- devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree
+- devtool: process local files only for the main branch
+- dhcpcd: backport two patches to fix runtime error
+- docs: kernel-dev: faq: update tip on how to not include kernel in image
+- docs: migration-4.0: specify variable name change for kernel inclusion in image recipe
+- efibootmgr: update compilation with musl
+- externalsrc: fix lookup for .gitmodules
+- ffmpeg: refresh patches to apply cleanly
+- freetype:update mirror site.
+- gcc: Refactor linker patches and fix linker on arm with usrmerge
+- glibc: stable 2.35 branch updates.
+- go-crosssdk: avoid host contamination by GOCACHE
+- gstreamer1.0: Fix race conditions in gstbin tests
+- gstreamer1.0: upgrade to 1.20.5
+- gtk-icon-cache: Fix GTKIC_CMD if-else condition
+- harfbuzz: remove bindir only if it exists
+- kernel-fitimage: Adjust order of dtb/dtbo files
+- kernel-fitimage: Allow user to select dtb when multiple dtb exists
+- kernel.bbclass: remove empty module directories to prevent QA issues
+- lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
+- lib/oe/reproducible: Use git log without gpg signature
+- libepoxy: remove upstreamed patch
+- libnewt: update 0.52.21 -> 0.52.23
+- libseccomp: fix typo in DESCRIPTION
+- libxcrypt-compat: upgrade 4.4.30 -> 4.4.33
+- libxml2: fix test data checksums
+- linux-firmware: upgrade 20221109 -> 20221214
+- linux-yocto/5.10: update to v5.10.152
+- linux-yocto/5.10: update to v5.10.154
+- linux-yocto/5.10: update to v5.10.160
+- linux-yocto/5.15: fix perf build with clang
+- linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
+- linux-yocto/5.15: ltp and squashfs fixes
+- linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy
+- linux-yocto/5.15: update to v5.15.84
+- lsof: add update-alternatives logic
+- lttng-modules: update 2.13.7 -> 2.13.8
+- manuals: add 4.0.5 and 4.0.6 release notes
+- manuals: document SPDX_PRETTY variable
+- mpfr: upgrade 4.1.0 -> 4.1.1
+- oeqa/concurrencytest: Add number of failures to summary output
+- oeqa/rpm.py: Increase timeout and add debug output
+- oeqa/selftest/externalsrc: add test for srctree_hash_files
+- openssh: remove RRECOMMENDS to rng-tools for sshd package
+- poky.conf: bump version for 4.0.7
+- qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image
+- rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
+- rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work
+- ruby: merge .inc into .bb
+- ruby: update 3.1.2 -> 3.1.3
+- selftest/virgl: use pkg-config from the host
+- tiff: Add packageconfig knob for webp
+- toolchain-scripts: compatibility with unbound variable protection
+- tzdata: update 2022d -> 2022g
+- valgrind: skip the boost_thread test on arm
+- xserver-xorg: upgrade 21.1.4 -> 21.1.6
+- xwayland: libxshmfence is needed when dri3 is enabled
+- xwayland: upgrade 22.1.5 -> 22.1.7
+- yocto-check-layer: Allow OE-Core to be tested
+
+
+Known Issues in Yocto-4.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Alejandro Hernandez Samaniego
+- Alex Kiernan
+- Alex Stewart
+- Alexander Kanavin
+- Antonin Godard
+- Benoît Mauduit
+- Bhabu Bindu
+- Bruce Ashfield
+- Carlos Alberto Lopez Perez
+- Changqing Li
+- Chen Qi
+- Daniel Gomez
+- Florin Diaconescu
+- He Zhe
+- Hitendra Prajapati
+- Jagadeesh Krishnanjanappa
+- Jan Kircher
+- Jermain Horsman
+- Jose Quaresma
+- Joshua Watt
+- KARN JYE LAU
+- Kai Kang
+- Khem Raj
+- Luis
+- Marta Rybczynska
+- Martin Jansa
+- Mathieu Dubois-Briand
+- Michael Opdenacker
+- Narpat Mali
+- Ovidiu Panait
+- Pavel Zhukov
+- Peter Marko
+- Petr Kubizňák
+- Quentin Schulz
+- Randy MacLeod
+- Ranjitsinh Rathod
+- Richard Purdie
+- Robert Andersson
+- Ross Burton
+- Sandeep Gundlupet Raju
+- Saul Wold
+- Steve Sakoman
+- Vivek Kumbhar
+- Wang Mingyu
+- Xiangyu Chen
+- Yash Shinde
+- Yogita Urade
+
+
+Repositories / Downloads for Yocto-4.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.7 </poky/log/?h=yocto-4.0.7>`
+- Git Revision: :yocto_git:`65dafea22018052fe7b2e17e6e4d7eb754224d38 </poky/commit/?id=65dafea22018052fe7b2e17e6e4d7eb754224d38>`
+- Release Artefact: poky-65dafea22018052fe7b2e17e6e4d7eb754224d38
+- sha: 6b1b67600b84503e2d5d29bcd6038547339f4f9413b830cd2408df825eda642d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/poky-65dafea22018052fe7b2e17e6e4d7eb754224d38.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/poky-65dafea22018052fe7b2e17e6e4d7eb754224d38.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+- Tag: :oe_git:`yocto-4.0.7 </openembedded-core/log/?h=yocto-4.0.7>`
+- Git Revision: :oe_git:`a8c82902384f7430519a31732a4bb631f21693ac </openembedded-core/commit/?id=a8c82902384f7430519a31732a4bb631f21693ac>`
+- Release Artefact: oecore-a8c82902384f7430519a31732a4bb631f21693ac
+- sha: 6f2dbc4ea1e388620ef77ac3a7bbb2b5956bb8bf9349b0c16cd7610e9996f5ea
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/oecore-a8c82902384f7430519a31732a4bb631f21693ac.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/oecore-a8c82902384f7430519a31732a4bb631f21693ac.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.7 </meta-mingw/log/?h=yocto-4.0.7>`
+- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>`
+- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1
+- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+
+meta-gplv2
+
+- Repository Location: :yocto_git:`/meta-gplv2`
+- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.7 </meta-gplv2/log/?h=yocto-4.0.7>`
+- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+- Tag: :oe_git:`yocto-4.0.7 </bitbake/log/?h=yocto-4.0.7>`
+- Git Revision: :oe_git:`7e268c107bb0240d583d2c34e24a71e373382509 </bitbake/commit/?id=7e268c107bb0240d583d2c34e24a71e373382509>`
+- Release Artefact: bitbake-7e268c107bb0240d583d2c34e24a71e373382509
+- sha: c3e2899012358c95962c7a5c85cf98dc30c58eae0861c374124e96d9556bb901
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.7 </yocto-docs/log/?h=yocto-4.0.7>`
+- Git Revision: :yocto_git:`5883e897c34f25401b358a597fb6e18d80f7f90b </yocto-docs/commit/?id=5883e897c34f25401b358a597fb6e18d80f7f90b>`
+
+
diff --git a/poky/documentation/migration-guides/release-notes-4.0.8.rst b/poky/documentation/migration-guides/release-notes-4.0.8.rst
new file mode 100644
index 0000000000..223b74fbaf
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.0.8.rst
@@ -0,0 +1,217 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.8 (Kirkstone)
+-----------------------------------------
+
+Security Fixes in Yocto-4.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- apr-util: Fix :cve:`2022-25147`
+- apr: Fix :cve:`2022-24963`, :cve:`2022-28331` and :cve:`2021-35940`
+- bind: Fix :cve:`2022-3094`, :cve:`2022-3736` and :cve:`2022-3924`
+- git: Ignore :cve:`2022-41953`
+- git: Fix :cve:`2022-23521` and :cve:`2022-41903`
+- libgit2: Fix :cve:`2023-22742`
+- ppp: Fix :cve:`2022-4603`
+- python3-certifi: Fix :cve:`2022-23491`
+- sudo: Fix :cve:`2023-22809`
+- tar: Fix :cve:`2022-48303`
+
+
+Fixes in Yocto-4.0.8
+~~~~~~~~~~~~~~~~~~~~
+
+- core-image.bbclass: Fix missing leading whitespace with ':append'
+- populate_sdk_ext.bbclass: Fix missing leading whitespace with ':append'
+- ptest-packagelists.inc: Fix missing leading whitespace with ':append'
+- apr-util: upgrade to 1.6.3
+- apr: upgrade to 1.7.2
+- apt: fix do_package_qa failure
+- bind: upgrade to 9.18.11
+- bitbake: bb/utils: include SSL certificate paths in export_proxies
+- bitbake: bitbake-diffsigs: Make PEP8 compliant
+- bitbake: bitbake-diffsigs: break on first dependent task difference
+- bitbake: fetch2/git: Clarify the meaning of namespace
+- bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata
+- bitbake: fetch2/git: show SRCREV and git repo in error message about fixed SRCREV
+- bitbake: siggen: Fix inefficient string concatenation
+- bitbake: utils/ply: Update md5 to better report errors with hashlib
+- bootchart2: Fix usrmerge support
+- bsp-guide: fix broken git URLs and missing word
+- build-appliance-image: Update to kirkstone head revision
+- buildtools-tarball: set pkg-config search path
+- classes/fs-uuid: Fix command output decoding issue
+- dev-manual: common-tasks.rst: add link to FOSDEM 2023 video
+- dev-manual: fix old override syntax
+- devshell: Do not add scripts/git-intercept to PATH
+- devtool: fix devtool finish when gitmodules file is empty
+- diffutils: upgrade to 3.9
+- gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests
+- git: upgrade to 2.35.7
+- glslang: branch rename master -> main
+- httpserver: add error handler that write to the logger
+- image.bbclass: print all QA functions exceptions
+- kernel/linux-kernel-base: Fix kernel build artefact determinism issues
+- libc-locale: Fix on target locale generation
+- libgit2: upgrade to 1.4.5
+- libjpeg-turbo: upgrade to 2.1.5
+- libtirpc: Check if file exists before operating on it
+- libusb1: Link with latomic only if compiler has no atomic builtins
+- libusb1: Strip trailing whitespaces
+- linux-firmware: upgrade to 20230117
+- linux-yocto/5.15: update to v5.15.91
+- lsof: fix old override syntax
+- lttng-modules: Fix for 5.10.163 kernel version
+- lttng-tools: upgrade to 2.13.9
+- make-mod-scripts: Ensure kernel build output is deterministic
+- manuals: update patchwork instance URL
+- meta: remove True option to getVar and getVarFlag calls (again)
+- migration-guides: add release-notes for 4.0.7
+- native: Drop special variable handling
+- numactl: skip test case when target platform doesn't have 2 CPU node
+- oeqa context.py: fix --target-ip comment to include ssh port number
+- oeqa dump.py: add error counter and stop after 5 failures
+- oeqa qemurunner.py: add timeout to QMP calls
+- oeqa qemurunner.py: try to avoid reading one character at a time
+- oeqa qemurunner: read more data at a time from serial
+- oeqa ssh.py: add connection keep alive options to ssh client
+- oeqa ssh.py: move output prints to new line
+- oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal
+- oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail
+- oeqa/selftest/locales: Add selftest for locale generation/presence
+- poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder
+- poky.conf: bump version for 4.0.8
+- profile-manual: update WireShark hyperlinks
+- python3-pytest: depend on python3-tomli instead of python3-toml
+- qemu: fix compile error
+- quilt: fix intermittent failure in faildiff.test
+- quilt: use upstreamed faildiff.test fix
+- recipe_sanity: fix old override syntax
+- ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT
+- scons.bbclass: Make MAXLINELENGTH overridable
+- scons: Pass MAXLINELENGTH to scons invocation
+- sdkext/cases/devtool: pass a logger to HTTPService
+- spirv-headers: set correct branch name
+- sudo: upgrade to 1.9.12p2
+- system-requirements.rst: add Fedora 36 and AlmaLinux 8.7 to list of supported distros
+- testimage: Fix error message to reflect new syntax
+- update-alternatives: fix typos
+- vulkan-samples: branch rename master -> main
+
+
+Known Issues in Yocto-4.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Alejandro Hernandez Samaniego
+- Alexander Kanavin
+- Alexandre Belloni
+- Armin Kuster
+- Arnout Vandecappelle
+- Bruce Ashfield
+- Changqing Li
+- Chee Yang Lee
+- Etienne Cordonnier
+- Harald Seiler
+- Kai Kang
+- Khem Raj
+- Lee Chee Yang
+- Louis Rannou
+- Marek Vasut
+- Marius Kriegerowski
+- Mark Hatle
+- Martin Jansa
+- Mauro Queiros
+- Michael Opdenacker
+- Mikko Rapeli
+- Mingli Yu
+- Narpat Mali
+- Niko Mauno
+- Pawel Zalewski
+- Peter Kjellerstedt
+- Richard Purdie
+- Rodolfo Quesada Zumbado
+- Ross Burton
+- Sakib Sajal
+- Schmidt, Adriaan
+- Steve Sakoman
+- Thomas Roos
+- Ulrich Ölmann
+- Xiangyu Chen
+
+
+Repositories / Downloads for Yocto-4.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.8 </poky/log/?h=yocto-4.0.8>`
+- Git Revision: :yocto_git:`a361fb3df9c87cf12963a9d785a9f99faa839222 </poky/commit/?id=a361fb3df9c87cf12963a9d785a9f99faa839222>`
+- Release Artefact: poky-a361fb3df9c87cf12963a9d785a9f99faa839222
+- sha: af4e8d64be27d3a408357c49b7952ce04c6d8bb0b9d7b50c48848d9355de7fc2
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/poky-a361fb3df9c87cf12963a9d785a9f99faa839222.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/poky-a361fb3df9c87cf12963a9d785a9f99faa839222.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+- Tag: :oe_git:`yocto-4.0.8 </openembedded-core/log/?h=yocto-4.0.8>`
+- Git Revision: :oe_git:`b20e2134daec33fbb8ce358d984751d887752bd5 </openembedded-core/commit/?id=b20e2134daec33fbb8ce358d984751d887752bd5>`
+- Release Artefact: oecore-b20e2134daec33fbb8ce358d984751d887752bd5
+- sha: 63cce6f1caf8428eefc1471351ab024affc8a41d8d7777f525e3aa9ea454d2cd
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/oecore-b20e2134daec33fbb8ce358d984751d887752bd5.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/oecore-b20e2134daec33fbb8ce358d984751d887752bd5.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.8 </meta-mingw/log/?h=yocto-4.0.8>`
+- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>`
+- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1
+- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+
+meta-gplv2
+
+- Repository Location: :yocto_git:`/meta-gplv2`
+- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.8 </meta-gplv2/log/?h=yocto-4.0.8>`
+- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+- Tag: :oe_git:`yocto-4.0.8 </bitbake/log/?h=yocto-4.0.8>`
+- Git Revision: :oe_git:`9bbdedc0ba7ca819b898e2a29a151d6a2014ca11 </bitbake/commit/?id=9bbdedc0ba7ca819b898e2a29a151d6a2014ca11>`
+- Release Artefact: bitbake-9bbdedc0ba7ca819b898e2a29a151d6a2014ca11
+- sha: 8e724411f4df00737e81b33eb568f1f97d2a00d5364342c0a212c46abb7b005b
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/bitbake-9bbdedc0ba7ca819b898e2a29a151d6a2014ca11.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/bitbake-9bbdedc0ba7ca819b898e2a29a151d6a2014ca11.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.8 </yocto-docs/log/?h=yocto-4.0.8>`
+- Git Revision: :yocto_git:`16ecbe028f2b9cc021267817a5413054e070b563 </yocto-docs/commit/?id=16ecbe028f2b9cc021267817a5413054e070b563>`
+
diff --git a/poky/documentation/migration-guides/release-notes-4.1.1.rst b/poky/documentation/migration-guides/release-notes-4.1.1.rst
new file mode 100644
index 0000000000..4f31fbf1c7
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.1.1.rst
@@ -0,0 +1,319 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.1.1 (Langdale)
+----------------------------------------
+
+Security Fixes in Yocto-4.1.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- curl: Fix :cve:`2022-32221`, :cve:`2022-35260`, :cve:`2022-42915` and :cve:`2022-42916`
+- libx11: Fix :cve:`2022-3554`
+- lighttpd: Fix :cve:`2022-41556`
+- openssl: Fix :cve:`2022-3358`, :cve:`2022-3602` and :cve:`2022-3786`
+- pixman: Fix :cve:`2022-44638`
+- qemu: Fix :cve:`2022-3165`
+- sudo: Fix :cve:`2022-43995`
+- tiff: Fix :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570` and :cve:`2022-3598`
+- xserver-xorg: Fix :cve:`2022-3550` and :cve:`2022-3551`
+- xserver-xorg: Ignore :cve:`2022-3553`
+
+
+Fixes in Yocto-4.1.1
+~~~~~~~~~~~~~~~~~~~~
+
+- Add 4.1 migration guide & release notes
+- bitbake: asyncrpc: serv: correct closed client socket detection
+- bitbake: bitbake-user-manual: details about variable flags starting with underscore
+- bitbake: bitbake: bitbake-layers: checkout layer(s) branch when clone exists
+- bitbake: bitbake: user-manual: inform about spaces in :remove
+- bitbake: doc: bitbake-user-manual: expand description of BB_PRESSURE_MAX variables
+- bitbake: fetch2/git: don't set core.fsyncobjectfiles=0
+- bitbake: tests/fetch: Allow handling of a file:// url within a submodule
+- bitbake: tests: bb.tests.fetch.URLHandle: add 2 new tests
+- bitbake: utils/ply: Update md5 to better report errors with hashlib
+- bluez5: add dbus to :term:`RDEPENDS`
+- build-appliance-image: Update to langdale head revision
+- buildconf: compare abspath
+- buildtools-tarball: export certificates to python and curl
+- cmake-native: Fix host tool contamination
+- create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
+- create-spdx: Remove ";name=..." for downloadLocation
+- cve-update-db-native: add timeout to urlopen() calls
+- dev-manual: common-tasks.rst: add reference to "do_clean" task
+- dev-manual: common-tasks.rst: add reference to "do_listtasks" task
+- docs: add support for langdale (4.1) release
+- dropbear: add pam to :term:`PACKAGECONFIG`
+- externalsrc.bbclass: fix git repo detection
+- externalsrc.bbclass: Remove a trailing slash from ${B}
+- externalsrc: move back to classes
+- gcc: Allow -Wno-error=poison-system-directories to take effect
+- glib-2.0: fix rare GFileInfo test case failure
+- gnutls: Unified package names to lower-case
+- gnutls: upgrade 3.7.7 -> 3.7.8
+- grub: disable build on armv7ve/a with hardfp
+- gstreamer1.0-libav: fix errors with ffmpeg 5.x
+- ifupdown: upgrade 0.8.37 -> 0.8.39
+- insane.bbclass: Allow hashlib version that only accepts on parameter
+- install-buildtools: support buildtools-make-tarball and update to 4.1
+- kern-tools: fix relative path processing
+- kernel-fitimage: Use KERNEL_OUTPUT_DIR where appropriate
+- kernel-yocto: improve fatal error messages of symbol_why.py
+- kernel: Clear :term:`SYSROOT_DIRS` instead of replacing sysroot_stage_all
+- libcap: upgrade 2.65 -> 2.66
+- libical: upgrade 3.0.14 -> 3.0.15
+- libksba: upgrade 1.6.0 -> 1.6.2
+- libsdl2: upgrade 2.24.0 -> 2.24.1
+- lighttpd: upgrade 1.4.66 -> 1.4.67
+- linux-firmware: package amdgpu firmware
+- linux-firmware: split rtl8761 firmware
+- linux-yocto/5.15: update to v5.15.72
+- linux-yocto/5.19: update to v5.19.14
+- linux-yocto: add efi entry for machine features
+- lttng-modules: upgrade 2.13.4 -> 2.13.5
+- lttng-ust: upgrade 2.13.4 -> 2.13.5
+- manuals: add reference to "do_configure" task
+- manuals: add reference to the "do_compile" task
+- manuals: add reference to the "do_install" task
+- manuals: add reference to the "do_kernel_configcheck" task
+- manuals: add reference to the "do_populate_sdk" task
+- manuals: add references to "do_package_write_*" tasks
+- manuals: add references to "do_populate_sysroot" task
+- manuals: add references to the "do_build" task
+- manuals: add references to the "do_bundle_initramfs" task
+- manuals: add references to the "do_cleanall" task
+- manuals: add references to the "do_deploy" task
+- manuals: add references to the "do_devshell" task
+- manuals: add references to the "do_fetch" task
+- manuals: add references to the "do_image" task
+- manuals: add references to the "do_kernel_configme" task
+- manuals: add references to the "do_package" task
+- manuals: add references to the "do_package_qa" task
+- manuals: add references to the "do_patch" task
+- manuals: add references to the "do_rootfs" task
+- manuals: add references to the "do_unpack" task
+- manuals: fix misc typos
+- manuals: improve initramfs details
+- manuals: updates for building on Windows (WSL 2)
+- mesa: only apply patch to fix ALWAYS_INLINE for native
+- mesa: update 22.2.0 -> 22.2.2
+- meson: make wrapper options sub-command specific
+- meson: upgrade 0.63.2 -> 0.63.3
+- migration guides: 3.4: remove spurious space in example
+- migration guides: add release notes for 4.0.4
+- migration-general: add section on using buildhistory
+- migration-guides/release-notes-4.1.rst: add more known issues
+- migration-guides/release-notes-4.1.rst: update Repositories / Downloads
+- migration-guides: add known issues for 4.1
+- migration-guides: add reference to the "do_shared_workdir" task
+- migration-guides: use contributor real name
+- migration-guides: use contributor real name
+- mirrors.bbclass: use shallow tarball for binutils-native
+- mtools: upgrade 4.0.40 -> 4.0.41
+- numactl: upgrade 2.0.15 -> 2.0.16
+- oe/packagemanager/rpm: don't leak file objects
+- openssl: export necessary env vars in SDK
+- openssl: Fix SSL_CERT_FILE to match ca-certs location
+- openssl: Upgrade 3.0.5 -> 3.0.7
+- opkg-utils: use a git clone, not a dynamic snapshot
+- overlayfs: Allow not used mount points
+- overview-manual: concepts.rst: add reference to "do_packagedata" task
+- overview-manual: concepts.rst: add reference to "do_populate_sdk_ext" task
+- overview-manual: concepts.rst: fix formating and add references
+- own-mirrors: add crate
+- pango: upgrade 1.50.9 -> 1.50.10
+- perf: Depend on native setuptools3
+- poky.conf: bump version for 4.1.1
+- poky.conf: remove Ubuntu 21.10
+- populate_sdk_base: ensure ptest-pkgs pulls in ptest-runner
+- psplash: add psplash-default in rdepends
+- qemu-native: Add :term:`PACKAGECONFIG` option for jack
+- quilt: backport a patch to address grep 3.8 failures
+- ref-manual/faq.rst: update references to products built with OE / Yocto Project
+- ref-manual/variables.rst: clarify sentence
+- ref-manual: add a note to ssh-server-dropbear feature
+- ref-manual: add :term:`CVE_CHECK_SHOW_WARNINGS`
+- ref-manual: add :term:`CVE_DB_UPDATE_INTERVAL`
+- ref-manual: add :term:`DEV_PKG_DEPENDENCY`
+- ref-manual: add :term:`DISABLE_STATIC`
+- ref-manual: add :term:`FIT_PAD_ALG`
+- ref-manual: add :term:`KERNEL_DEPLOY_DEPEND`
+- ref-manual: add missing features
+- ref-manual: add :term:`MOUNT_BASE` variable
+- ref-manual: add overlayfs class variables
+- ref-manual: add :term:`OVERLAYFS_ETC_EXPOSE_LOWER`
+- ref-manual: add :term:`OVERLAYFS_QA_SKIP`
+- ref-manual: add previous overlayfs-etc variables
+- ref-manual: add pypi class
+- ref-manual: add :term:`SDK_TOOLCHAIN_LANGS`
+- ref-manual: add section for create-spdx class
+- ref-manual: add serial-autologin-root to :term:`IMAGE_FEATURES` documentation
+- ref-manual: add :term:`UBOOT_MKIMAGE_KERNEL_TYPE`
+- ref-manual: add :term:`WATCHDOG_TIMEOUT` to variable glossary
+- ref-manual: add :term:`WIRELESS_DAEMON`
+- ref-manual: classes.rst: add links to all references to a class
+- ref-manual: complementary package installation recommends
+- ref-manual: correct default for :term:`BUILDHISTORY_COMMIT`
+- ref-manual: document new github-releases class
+- ref-manual: expand documentation on image-buildinfo class
+- ref-manual: faq.rst: reorganize into subsections, contents at top
+- ref-manual: remove reference to largefile in :term:`DISTRO_FEATURES`
+- ref-manual: remove reference to testimage-auto class
+- ref-manual: system-requirements: Ubuntu 22.04 now supported
+- ref-manual: tasks.rst: add reference to the "do_image_complete" task
+- ref-manual: tasks.rst: add reference to the "do_kernel_checkout" task
+- ref-manual: tasks.rst: add reference to the "do_kernel_metadata" task
+- ref-manual: tasks.rst: add reference to the "do_validate_branches" task
+- ref-manual: tasks.rst: add references to the "do_cleansstate" task
+- ref-manual: update buildpaths QA check documentation
+- ref-manual: update pypi documentation for :term:`CVE_PRODUCT` default in 4.1
+- ref-manual: variables.rst: add reference to "do_populate_lic" task
+- release-notes-4.1.rst remove bitbake-layers subcommand argument
+- runqemu: Do not perturb script environment
+- runqemu: Fix gl-es argument from causing other arguments to be ignored
+- rust-target-config: match riscv target names with what rust expects
+- rust: install rustfmt for riscv32 as well
+- sanity: check for GNU tar specifically
+- scripts/oe-check-sstate: cleanup
+- scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot
+- sdk-manual: correct the bitbake target for a unified sysroot build
+- shadow: update 4.12.1 -> 4.12.3
+- systemd: add systemd-creds and systemd-cryptenroll to systemd-extra-utils
+- test-manual: fix typo in machine name
+- tiff: fix a typo for :cve:`2022-2953`.patch
+- u-boot: Add savedefconfig task
+- u-boot: Remove duplicate inherit of cml1
+- uboot-sign: Fix using wrong KEY_REQ_ARGS
+- Update documentation for classes split
+- vim: upgrade to 9.0.0820
+- vulkan-samples: add lfs=0 to :term:`SRC_URI` to avoid git smudge errors in do_unpack
+- wic: honor the :term:`SOURCE_DATE_EPOCH` in case of updated fstab
+- wic: swap partitions are not added to fstab
+- wpebackend-fdo: upgrade 1.12.1 -> 1.14.0
+- xserver-xorg: move some recommended dependencies in required
+- zlib: do out-of-tree builds
+- zlib: upgrade 1.2.12 -> 1.2.13
+- zlib: use .gz archive and set a PREMIRROR
+
+
+Known Issues in Yocto-4.1.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+
+Contributors to Yocto-4.1.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Adrian Freihofer
+- Alex Kiernan
+- Alexander Kanavin
+- Bartosz Golaszewski
+- Bernhard Rosenkränzer
+- Bruce Ashfield
+- Chen Qi
+- Christian Eggers
+- Claus Stovgaard
+- Ed Tanous
+- Etienne Cordonnier
+- Frank de Brabander
+- Hitendra Prajapati
+- Jan-Simon Moeller
+- Jeremy Puhlman
+- Johan Korsnes
+- Jon Mason
+- Jose Quaresma
+- Joshua Watt
+- Justin Bronder
+- Kai Kang
+- Keiya Nobuta
+- Khem Raj
+- Lee Chee Yang
+- Liam Beguin
+- Luca Boccassi
+- Mark Asselstine
+- Mark Hatle
+- Markus Volk
+- Martin Jansa
+- Michael Opdenacker
+- Ming Liu
+- Mingli Yu
+- Paul Eggleton
+- Peter Kjellerstedt
+- Qiu, Zheng
+- Quentin Schulz
+- Richard Purdie
+- Robert Joslyn
+- Ross Burton
+- Sean Anderson
+- Sergei Zhmylev
+- Steve Sakoman
+- Takayasu Ito
+- Teoh Jay Shen
+- Thomas Perrot
+- Tim Orling
+- Vincent Davis Jr
+- Vyacheslav Yurkov
+- Ciaran Courtney
+- Wang Mingyu
+
+
+Repositories / Downloads for Yocto-4.1.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`langdale </poky/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.1 </poky/log/?h=yocto-4.1.1>`
+- Git Revision: :yocto_git:`d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff </poky/commit/?id=d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff>`
+- Release Artefact: poky-d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff
+- sha: e92b694fbb74a26c7a875936dfeef4a13902f24b06127ee52f4d1c1e4b03ec24
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/poky-d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/poky-d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`langdale </openembedded-core/log/?h=langdale>`
+- Tag: :oe_git:`yocto-4.1.1 </openembedded-core/log/?h=yocto-4.1.1>`
+- Git Revision: :oe_git:`9237ffc4feee2dd6ff5bdd672072509ef9e82f6d </openembedded-core/commit/?id=9237ffc4feee2dd6ff5bdd672072509ef9e82f6d>`
+- Release Artefact: oecore-9237ffc4feee2dd6ff5bdd672072509ef9e82f6d
+- sha: d73198aef576f0fca0d746f9d805b1762c19c31786bc3f7d7326dfb2ed6fc1be
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/oecore-9237ffc4feee2dd6ff5bdd672072509ef9e82f6d.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/oecore-9237ffc4feee2dd6ff5bdd672072509ef9e82f6d.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`langdale </meta-mingw/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.1 </meta-mingw/log/?h=yocto-4.1.1>`
+- Git Revision: :yocto_git:`b0067202db8573df3d23d199f82987cebe1bee2c </meta-mingw/commit/?id=b0067202db8573df3d23d199f82987cebe1bee2c>`
+- Release Artefact: meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c
+- sha: 704f2940322b81ce774e9cbd27c3cfa843111d497dc7b1eeaa39cd694d9a2366
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.2 </bitbake/log/?h=2.2>`
+- Tag: :oe_git:`yocto-4.1.1 </bitbake/log/?h=yocto-4.1.1>`
+- Git Revision: :oe_git:`138dd7883ee2c521900b29985b6d24a23d96563c </bitbake/commit/?id=138dd7883ee2c521900b29985b6d24a23d96563c>`
+- Release Artefact: bitbake-138dd7883ee2c521900b29985b6d24a23d96563c
+- sha: 5dc5aff4b4a801253c627cdaab6b1a0ceee2c531f1a6b166d85d1265a35d4be5
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/bitbake-138dd7883ee2c521900b29985b6d24a23d96563c.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/bitbake-138dd7883ee2c521900b29985b6d24a23d96563c.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`langdale </yocto-docs/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.1 </yocto-docs/log/?h=yocto-4.1.1>`
+- Git Revision: :yocto_git:`8e0841c3418caa227c66a60327db09dfbe72054a </yocto-docs/commit/?id=8e0841c3418caa227c66a60327db09dfbe72054a>`
+
+
diff --git a/poky/documentation/migration-guides/release-notes-4.1.2.rst b/poky/documentation/migration-guides/release-notes-4.1.2.rst
new file mode 100644
index 0000000000..ee5d4ccc51
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.1.2.rst
@@ -0,0 +1,286 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.1.2 (Langdale)
+----------------------------------------
+
+Security Fixes in Yocto-4.1.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- sudo: Fix :cve:`2022-43995`
+- binutils: Fix :cve:`2022-4285`
+- cairo: update patch for :cve:`2019-6461` with upstream solution
+- expat: Fix :cve:`2022-43680`
+- ffmpeg: Fix :cve:`2022-3964` and :cve:`2022-3965`
+- grub: Fix :cve:`2022-28736`
+- libarchive: Fix :cve:`2022-36227`
+- libpam: Fix :cve:`2022-28321`
+- libpng: Fix :cve:`2019-6129`
+- ruby: Fix :cve:`2022-28738` and :cve:`2022-28739`
+- tiff: Fix :cve:`2022-3970`
+- vim: Fix :cve:`2022-4141`
+
+
+Fixes in Yocto-4.1.2
+~~~~~~~~~~~~~~~~~~~~
+
+- Expand create-spdx class documentation
+- Expand cve-check class documentation
+- archiver: avoid using machine variable as it breaks multiconfig
+- babeltrace: Upgrade to 1.5.11
+- backport SPDX documentation and vulnerability improvements
+- baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES
+- bc: extend to nativesdk
+- bind: Upgrade to 9.18.9
+- bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK
+- bitbake: gitsm: Fix regression in gitsm submodule path parsing
+- bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse
+- bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware
+- build-appliance-image: Update to langdale head revision
+- cargo_common.bbclass: Fix typos
+- classes: make TOOLCHAIN more permissive for kernel
+- cmake: Upgrade to 3.24.2
+- combo-layer: add sync-revs command
+- combo-layer: dont use bb.utils.rename
+- combo-layer: remove unused import
+- common-tasks.rst: fix oeqa runtime test path
+- create-spdx: default share_src for shared sources
+- curl: Correct LICENSE from MIT-open-group to curl
+- dbus: Add missing CVE product name
+- devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree
+- dhcpcd: fix to work with systemd
+- docs: kernel-dev: faq: update tip on how to not include kernel in image
+- docs: migration-4.0: specify variable name change for kernel inclusion in image recipe
+- expat: upgrade to 2.5.0
+- externalsrc: fix lookup for .gitmodules
+- ffmpeg: Upgrade to 5.1.2
+- gcc-shared-source: Fix source date epoch handling
+- gcc-source: Drop gengtype manipulation
+- gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change
+- gcc-source: Fix gengtypes race
+- gdk-pixbuf: Upgrade to 2.42.10
+- get_module_deps3.py: Check attribute '__file__'
+- glibc-tests: correctly pull in the actual tests when installing -ptest package
+- gnomebase.bbclass: return the whole version for tarball directory if it is a number
+- go-crosssdk: avoid host contamination by GOCACHE
+- go: Update reproducibility patch to fix panic errors
+- go: submit patch upstream
+- go: Upgrade to 1.19.3
+- gptfdisk: remove warning message from target system
+- groff: submit patches upstream
+- gstreamer1.0: Upgrade to 1.20.5
+- help2man: Upgrade to 1.49.3
+- insane: add codeload.github.com to src-uri-bad checkz
+- inetutils: Upgrade to 2.4
+- iso-codes: Upgrade to 4.12.0
+- kbd: Don't build tests
+- kea: submit patch upstream
+- kern-tools: integrate ZFS speedup patch
+- kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR
+- kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
+- kernel.bbclass: remove empty module directories to prevent QA issues
+- lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
+- libdrm: Remove libdrm-kms package
+- libepoxy: convert to git
+- libepoxy: remove upstreamed patch
+- libepoxy: Upgrade to 1.5.10
+- libffi: submit patch upstream
+- libffi: Upgrade to 3.4.4
+- libical: Upgrade to 3.0.16
+- libnewt: Upgrade to 0.52.23
+- libsdl2: Upgrade to 2.24.2
+- libpng: Upgrade to 1.6.39
+- libuv: fixup SRC_URI
+- libxcrypt-compat: Upgrade to 4.4.33
+- libxcrypt: Upgrade to 4.4.30
+- libxml2: fix test data checksums
+- linux-firmware: add new fw file to ${PN}-qcom-adreno-a530
+- linux-firmware: don't put the firmware into the sysroot
+- linux-firmware: Upgrade to 20221109
+- linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings
+- linux-yocto/5.15: update genericx86* machines to v5.15.72
+- linux-yocto/5.15: Upgrade to v5.15.78
+- linux-yocto/5.19: cfg: intel and vesa updates
+- linux-yocto/5.19: fix CONFIG_CRYPTO_CCM mismatch warnings
+- linux-yocto/5.19: fix elfutils run-backtrace-native-core ptest failure
+- linux-yocto/5.19: security.cfg: remove configs which have been dropped
+- linux-yocto/5.19: update genericx86* machines to v5.19.14
+- linux-yocto/5.19: Upgrade to v5.19.17
+- lsof: add update-alternatives logic
+- lttng-modules: Upgrade to 2.13.7
+- lttng-tools: submit determinism.patch upstream
+- manuals: add 4.0.5 and 4.0.6 release notes
+- mesa: do not rely on native llvm-config in target sysroot
+- mesa: Upgrade to 22.2.3
+- meta-selftest/staticids: add render group for systemd
+- mirrors.bbclass: update CPAN_MIRROR
+- mobile-broadband-provider-info: Upgrade to 20221107
+- mpfr: Upgrade to 4.1.1
+- mtd-utils: Upgrade to 2.1.5
+- oeqa/concurrencytest: Add number of failures to summary output
+- oeqa/runtime/dnf: rewrite test_dnf_installroot_usrmerge
+- oeqa/selftest/externalsrc: add test for srctree_hash_files
+- oeqa/selftest/lic_checksum: Cleanup changes to emptytest include
+- openssh: remove RRECOMMENDS to rng-tools for sshd package
+- opkg: Set correct info_dir and status_file in opkg.conf
+- opkg: Upgrade to 0.6.1
+- ovmf: correct patches status
+- package: Fix handling of minidebuginfo with newer binutils
+- pango: Make it build with ptest disabled
+- pango: replace a recipe fix with an upstream submitted patch
+- pango: Upgrade to 1.50.11
+- poky.conf: bump version for 4.1.2
+- psplash: consider the situation of psplash not exist for systemd
+- python3-mako: Upgrade to 1.2.3
+- qemu-helper-native: Correctly pass program name as argv[0]
+- qemu-helper-native: Re-write bridge helper as C program
+- qemu: Ensure libpng dependency is deterministic
+- qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image
+- resolvconf: make it work
+- rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work
+- rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
+- ruby: merge .inc into .bb
+- ruby: Upgrade to 3.1.3
+- rust: submit a rewritten version of crossbeam_atomic.patch upstream
+- sanity: Drop data finalize call
+- scripts: convert-overrides: Allow command-line customizations
+- selftest: add a copy of previous mtd-utils version to meta-selftest
+- socat: Upgrade to 1.7.4.4
+- sstate: Allow optimisation of do_deploy_archives task dependencies
+- sstatesig: emit more helpful error message when not finding sstate manifest
+- sstatesig: skip the rm_work task signature
+- sudo: Upgrade to 1.9.12p1
+- sysstat: Upgrade to 12.6.1
+- systemd: Consider PACKAGECONFIG in RRECOMMENDS
+- systemd: Make importd depend on glib-2.0 again
+- systemd: add group render to udev package
+- systemd: Upgrade to 251.8
+- tcl: correct patch status
+- tzdata: Upgrade to 2022g
+- vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that
+- valgrind: skip the boost_thread test on arm
+- vim: Upgrade to 9.0.0947
+- wic: make ext2/3/4 images reproducible
+- xwayland: libxshmfence is needed when dri3 is enabled
+- xwayland: Upgrade to 22.1.5
+- yocto-check-layer: Allow OE-Core to be tested
+
+
+Known Issues in Yocto-4.1.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.1.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Alejandro Hernandez Samaniego
+- Alex Kiernan
+- Alex Stewart
+- Alexander Kanavin
+- Alexey Smirnov
+- Bruce Ashfield
+- Carlos Alberto Lopez Perez
+- Chen Qi
+- Diego Sueiro
+- Dmitry Baryshkov
+- Enrico Jörns
+- Harald Seiler
+- Hitendra Prajapati
+- Jagadeesh Krishnanjanappa
+- Jose Quaresma
+- Joshua Watt
+- Kai Kang
+- Konrad Weihmann
+- Leon Anavi
+- Marek Vasut
+- Martin Jansa
+- Mathieu Dubois-Briand
+- Michael Opdenacker
+- Mikko Rapeli
+- Narpat Mali
+- Nathan Rossi
+- Niko Mauno
+- Ola x Nilsson
+- Ovidiu Panait
+- Pavel Zhukov
+- Peter Bergin
+- Peter Kjellerstedt
+- Peter Marko
+- Polampalli, Archana
+- Qiu, Zheng
+- Quentin Schulz
+- Randy MacLeod
+- Ranjitsinh Rathod
+- Ravula Adhitya Siddartha
+- Richard Purdie
+- Robert Andersson
+- Ross Burton
+- Ryan Eatmon
+- Sakib Sajal
+- Sandeep Gundlupet Raju
+- Sergei Zhmylev
+- Steve Sakoman
+- Tim Orling
+- Wang Mingyu
+- Xiangyu Chen
+- pgowda
+
+Repositories / Downloads for Yocto-4.1.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`langdale </poky/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.2 </poky/log/?h=yocto-4.1.2>`
+- Git Revision: :yocto_git:`74c92e38c701e268406bb656b45ccd68471c217e </poky/commit/?id=74c92e38c701e268406bb656b45ccd68471c217e>`
+- Release Artefact: poky-74c92e38c701e268406bb656b45ccd68471c217e
+- sha: 06a2b304d0e928b62d81087797ae86115efe925c506bcb40c7d4747e14790bb0
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/poky-74c92e38c701e268406bb656b45ccd68471c217e.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/poky-74c92e38c701e268406bb656b45ccd68471c217e.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`langdale </openembedded-core/log/?h=langdale>`
+- Tag: :oe_git:`yocto-4.1.2 </openembedded-core/log/?h=yocto-4.1.2>`
+- Git Revision: :oe_git:`670f4f103b25897524d115c1f290ecae441fe4bd </openembedded-core/commit/?id=670f4f103b25897524d115c1f290ecae441fe4bd>`
+- Release Artefact: oecore-670f4f103b25897524d115c1f290ecae441fe4bd
+- sha: 09d77700e84efc738aef5713c5e86f19fa092f876d44b870789155cc1625ef04
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/oecore-670f4f103b25897524d115c1f290ecae441fe4bd.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/oecore-670f4f103b25897524d115c1f290ecae441fe4bd.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`langdale </meta-mingw/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.2 </meta-mingw/log/?h=yocto-4.1.2>`
+- Git Revision: :yocto_git:`b0067202db8573df3d23d199f82987cebe1bee2c </meta-mingw/commit/?id=b0067202db8573df3d23d199f82987cebe1bee2c>`
+- Release Artefact: meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c
+- sha: 704f2940322b81ce774e9cbd27c3cfa843111d497dc7b1eeaa39cd694d9a2366
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.2 </bitbake/log/?h=2.2>`
+- Tag: :oe_git:`yocto-4.1.2 </bitbake/log/?h=yocto-4.1.2>`
+- Git Revision: :oe_git:`f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4 </bitbake/commit/?id=f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4>`
+- Release Artefact: bitbake-f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4
+- sha: 7faf97eca78afd3994e4e126e5f5908617408c340c6eff8cd7047e0b961e2d10
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/bitbake-f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/bitbake-f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`langdale </yocto-docs/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.2 </yocto-docs/log/?h=yocto-4.1.2>`
+- Git Revision: :yocto_git:`30f5f9ece260fd600f0c0fa32fc2f1fc61cf7d1b </yocto-docs/commit/?id=30f5f9ece260fd600f0c0fa32fc2f1fc61cf7d1b>`
+
diff --git a/poky/documentation/migration-guides/release-notes-4.1.3.rst b/poky/documentation/migration-guides/release-notes-4.1.3.rst
new file mode 100644
index 0000000000..16e0a40426
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.1.3.rst
@@ -0,0 +1,317 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.1.3 (Langdale)
+----------------------------------------
+
+Security Fixes in Yocto-4.1.3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- apr-util: Fix :cve:`2022-25147`
+- apr: Fix :cve:`2022-24963` and :cve:`2022-28331`
+- bind: Fix :cve:`2022-3094`, :cve:`2022-3736` and :cve:`2022-3924`
+- curl: Fix :cve:`2022-43551` and :cve:`2022-43552`
+- dbus: Fix :cve:`2022-42010`, :cve:`2022-42011` and :cve:`2022-42012`
+- git: Fix :cve:`2022-23521`, :cve:`2022-39253`, :cve:`2022-39260` and :cve:`2022-41903`
+- git: Ignore :cve:`2022-41953`
+- go: Fix :cve:`2022-41717` and :cve:`2022-41720`
+- grub2: Fix :cve:`2022-2601` and :cve:`2022-3775`
+- less: Fix :cve:`2022-46663`
+- libarchive: Fix :cve:`2022-36227`
+- libksba: Fix :cve:`2022-47629`
+- openssl: Fix :cve:`2022-3996`
+- pkgconf: Fix :cve:`2023-24056`
+- ppp: Fix :cve:`2022-4603`
+- sudo: Fix :cve:`2023-22809`
+- tar: Fix :cve:`2022-48303`
+- vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054`, :cve:`2023-0288`, :cve:`2023-0433` and :cve:`2023-0512`
+- xserver-xorg: Fix `CVE-2023-0494 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0494>`__
+- xwayland: Fix `CVE-2023-0494 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0494>`__
+
+
+Fixes in Yocto-4.1.3
+~~~~~~~~~~~~~~~~~~~~
+
+- apr-util: Upgrade to 1.6.3
+- apr: Upgrade to 1.7.2
+- apt: fix do_package_qa failure
+- at: Change when files are copied
+- base.bbclass: Fix way to check ccache path
+- bblayers/makesetup: skip git repos that are submodules
+- bblayers/setupwriters/oe-setup-layers: create dir if not exists
+- bind: Upgrade to 9.18.11
+- bitbake-layers: fix a typo
+- bitbake: bb/utils: include SSL certificate paths in export_proxies
+- bitbake: fetch2/git: Clarify the meaning of namespace
+- bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata
+- bitbake: process: log odd unlink events with bitbake.sock
+- bitbake: server/process: Add bitbake.sock race handling
+- bitbake: siggen: Fix inefficient string concatenation
+- bootchart2: Fix usrmerge support
+- bsp-guide: fix broken git URLs and missing word
+- build-appliance-image: Update to langdale head revision
+- buildtools-tarball: set pkg-config search path
+- busybox: Fix depmod patch
+- busybox: always start do_compile with orig config files
+- busybox: rm temporary files if do_compile was interrupted
+- cairo: fix CVE patches assigned wrong CVE number
+- classes/fs-uuid: Fix command output decoding issue
+- classes/populate_sdk_base: Append cleandirs
+- classes: image: Set empty weak default IMAGE_LINGUAS
+- cml1: remove redundant addtask
+- core-image.bbclass: Fix missing leading whitespace with ':append'
+- createrepo-c: Include missing rpm/rpmstring.h
+- curl: don't enable debug builds
+- curl: fix dependencies when building with ldap/ldaps
+- cve-check: write the cve manifest to IMGDEPLOYDIR
+- cve-update-db-native: avoid incomplete updates
+- cve-update-db-native: show IP on failure
+- dbus: Upgrade to 1.14.6
+- dev-manual: common-tasks.rst: add link to FOSDEM 2023 video
+- dev-manual: fix old override syntax
+- devshell: Do not add scripts/git-intercept to PATH
+- devtool: fix devtool finish when gitmodules file is empty
+- devtool: process local files only for the main branch
+- dhcpcd: backport two patches to fix runtime error
+- dhcpcd: fix dhcpcd start failure on qemuppc64
+- diffutils: Upgrade to 3.9
+- ffmpeg: fix configure failure on noexec /tmp host
+- gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests
+- git: Upgrade to 2.37.6
+- glslang: branch rename master -> main
+- go: Upgrade to 1.19.4
+- gstreamer1.0 : Revert "disable flaky gstbin:test_watch_for_state_change test" and Fix race conditions in gstbin tests with upstream solution
+- harfbuzz: remove bindir only if it exists
+- httpserver: add error handler that write to the logger
+- image.bbclass: print all QA functions exceptions
+- kernel-fitimage: Adjust order of dtb/dtbo files
+- kernel-fitimage: Allow user to select dtb when multiple dtb exists
+- kernel-yocto: fix kernel-meta data detection
+- kernel/linux-kernel-base: Fix kernel build artefact determinism issues
+- lib/buildstats: handle tasks that never finished
+- lib/oe/reproducible: Use git log without gpg signature
+- libarchive: Upgrade to 3.6.2
+- libc-locale: Fix on target locale generation
+- libgit2: Upgrade to 1.5.1
+- libjpeg-turbo: Upgrade to 2.1.5.1
+- libksba: Upgrade to 1.6.3
+- libpng: Enable NEON for aarch64 to enensure consistency with arm32.
+- librsvg: Only enable the Vala bindings if GObject Introspection is enabled
+- librsvg: enable vapi build
+- libseccomp: fix for the ptest result format
+- libseccomp: fix typo in DESCRIPTION
+- libssh2: Clean up ptest patch/coverage
+- libtirpc: Check if file exists before operating on it
+- libusb1: Link with latomic only if compiler has no atomic builtins
+- libusb1: Strip trailing whitespaces
+- linux-firmware: add yamato fw files to qcom-adreno-a2xx package
+- linux-firmware: properly set license for all Qualcomm firmware
+- linux-firmware: Upgrade to 20230210
+- linux-yocto/5.15: fix perf build with clang
+- linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
+- linux-yocto/5.15: ltp and squashfs fixes
+- linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy
+- linux-yocto/5.15: Upgrade to v5.15.91
+- linux-yocto/5.19: fix perf build with clang
+- linux-yocto/5.19: powerpc: Fix reschedule bug in KUAP-unlocked user copy
+- lsof: fix old override syntax
+- lttng-modules: Fix for 5.10.163 kernel version
+- lttng-modules: fix for kernel 6.2+
+- lttng-modules: Upgrade to 2.13.8
+- lttng-tools: Upgrade to 2.13.9
+- make-mod-scripts: Ensure kernel build output is deterministic
+- manuals: update patchwork instance URL
+- mesa-gl: gallium is required when enabling x11
+- meta: remove True option to getVar and getVarFlag calls (again)
+- migration-guides: add release-notes for 4.0.7
+- native: Drop special variable handling
+- numactl: skip test case when target platform doesn't have 2 CPU node
+- oeqa context.py: fix --target-ip comment to include ssh port number
+- oeqa dump.py: add error counter and stop after 5 failures
+- oeqa qemurunner.py: add timeout to QMP calls
+- oeqa qemurunner.py: try to avoid reading one character at a time
+- oeqa qemurunner: read more data at a time from serial
+- oeqa ssh.py: add connection keep alive options to ssh client
+- oeqa ssh.py: fix hangs in run()
+- oeqa ssh.py: move output prints to new line
+- oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal
+- oeqa/rpm.py: Increase timeout and add debug output
+- oeqa/selftest/debuginfod: improve testcase
+- oeqa/selftest/locales: Add selftest for locale generation/presence
+- oeqa/selftest/resulttooltests: fix minor typo
+- openssl: Upgrade to 3.0.8
+- opkg: ensure opkg uses private gpg.conf when applying keys.
+- pango: Upgrade to 1.50.12
+- perf: Enable debug/source packaging
+- pkgconf: Upgrade to 1.9.4
+- poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder
+- poky.conf: bump version for 4.1.3
+- populate_sdk_ext.bbclass: Fix missing leading whitespace with ':append'
+- profile-manual: update WireShark hyperlinks
+- ptest-packagelists.inc: Fix missing leading whitespace with ':append'
+- python3-pytest: depend on python3-tomli instead of python3-toml
+- quilt: fix intermittent failure in faildiff.test
+- quilt: use upstreamed faildiff.test fix
+- recipe_sanity: fix old override syntax
+- ref-manual: Fix invalid feature name
+- ref-manual: update DEV_PKG_DEPENDENCY in variables
+- ref-manual: variables.rst: fix broken hyperlink
+- rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
+- runqemu: kill qemu if it hangs
+- rust: Do not use default compiler flags defined in CC crate
+- scons.bbclass: Make MAXLINELENGTH overridable
+- scons: Pass MAXLINELENGTH to scons invocation
+- sdkext/cases/devtool: pass a logger to HTTPService
+- selftest/virgl: use pkg-config from the host
+- spirv-headers/spirv-tools: set correct branch name
+- sstate.bbclass: Fetch non-existing local .sig files if needed
+- sstatesig: Improve output hash calculation
+- sudo: Upgrade to 1.9.12p2
+- system-requirements.rst: Add Fedora 36, AlmaLinux 8.7 & 9.1, and OpenSUSE 15.4 to list of supported distros
+- testimage: Fix error message to reflect new syntax
+- tiff: Add packageconfig knob for webp
+- toolchain-scripts: compatibility with unbound variable protection
+- uninative: Upgrade to 3.8.1 to include libgcc
+- update-alternatives: fix typos
+- vim: Upgrade to 9.0.1293
+- vulkan-samples: branch rename master -> main
+- wic: Fix usage of fstype=none in wic
+- wireless-regdb: Upgrade to 2023.02.13
+- xserver-xorg: Upgrade to 21.1.7
+- xwayland: Upgrade to 22.1.8
+
+
+Known Issues in Yocto-4.1.3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.1.3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Adrian Freihofer
+- Alejandro Hernandez Samaniego
+- Alex Kiernan
+- Alexander Kanavin
+- Alexis Lothoré
+- Anton Antonov
+- Antonin Godard
+- Armin Kuster
+- Arnout Vandecappelle
+- Benoît Mauduit
+- Bruce Ashfield
+- Carlos Alberto Lopez Perez
+- Changqing Li
+- Charlie Johnston
+- Chee Yang Lee
+- Chen Qi
+- Dmitry Baryshkov
+- Enguerrand de Ribaucourt
+- Etienne Cordonnier
+- Fawzi KHABER
+- Federico Pellegrin
+- Frank de Brabander
+- Harald Seiler
+- He Zhe
+- Jan Kircher
+- Jermain Horsman
+- Jose Quaresma
+- Joshua Watt
+- Kai Kang
+- Khem Raj
+- Lei Maohui
+- Louis Rannou
+- Luis
+- Marek Vasut
+- Markus Volk
+- Marta Rybczynska
+- Martin Jansa
+- Mateusz Marciniec
+- Mauro Queiros
+- Michael Halstead
+- Michael Opdenacker
+- Mikko Rapeli
+- Mingli Yu
+- Narpat Mali
+- Niko Mauno
+- Pavel Zhukov
+- Pawel Zalewski
+- Peter Kjellerstedt
+- Petr Kubizňák
+- Quentin Schulz
+- Randy MacLeod
+- Richard Purdie
+- Robert Joslyn
+- Rodolfo Quesada Zumbado
+- Ross Burton
+- Sakib Sajal
+- Sandeep Gundlupet Raju
+- Saul Wold
+- Siddharth Doshi
+- Steve Sakoman
+- Thomas Roos
+- Tobias Hagelborn
+- Ulrich Ölmann
+- Vivek Kumbhar
+- Wang Mingyu
+- Xiangyu Chen
+
+
+Repositories / Downloads for Yocto-4.1.3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`langdale </poky/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.3 </poky/log/?h=yocto-4.1.3>`
+- Git Revision: :yocto_git:`91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f </poky/commit/?id=91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f>`
+- Release Artefact: poky-91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f
+- sha: 94e4615eba651fe705436b29b854458be050cc39db936295f9d5eb7e85d3eff1
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/poky-91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/poky-91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`langdale </openembedded-core/log/?h=langdale>`
+- Tag: :oe_git:`yocto-4.1.3 </openembedded-core/log/?h=yocto-4.1.3>`
+- Git Revision: :oe_git:`b995ea45773211bd7bdd60eabcc9bbffda6beb5c </openembedded-core/commit/?id=b995ea45773211bd7bdd60eabcc9bbffda6beb5c>`
+- Release Artefact: oecore-b995ea45773211bd7bdd60eabcc9bbffda6beb5c
+- sha: 952e19361f205ee91b74e5caaa835d58fa6dd0d92ddaed50d4cd3f3fa56fab63
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/oecore-b995ea45773211bd7bdd60eabcc9bbffda6beb5c.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/oecore-b995ea45773211bd7bdd60eabcc9bbffda6beb5c.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`langdale </meta-mingw/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.3 </meta-mingw/log/?h=yocto-4.1.3>`
+- Git Revision: :yocto_git:`b0067202db8573df3d23d199f82987cebe1bee2c </meta-mingw/commit/?id=b0067202db8573df3d23d199f82987cebe1bee2c>`
+- Release Artefact: meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c
+- sha: 704f2940322b81ce774e9cbd27c3cfa843111d497dc7b1eeaa39cd694d9a2366
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.2 </bitbake/log/?h=2.2>`
+- Tag: :oe_git:`yocto-4.1.3 </bitbake/log/?h=yocto-4.1.3>`
+- Git Revision: :oe_git:`592ee222a1c6da42925fb56801f226884b6724ec </bitbake/commit/?id=592ee222a1c6da42925fb56801f226884b6724ec>`
+- Release Artefact: bitbake-592ee222a1c6da42925fb56801f226884b6724ec
+- sha: 79c32f2ca66596132e32a45654ce0e9dd42b6b39186eff3540a9d6b499fe952c
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/bitbake-592ee222a1c6da42925fb56801f226884b6724ec.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/bitbake-592ee222a1c6da42925fb56801f226884b6724ec.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`langdale </yocto-docs/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.3 </yocto-docs/log/?h=yocto-4.1.3>`
+- Git Revision: :yocto_git:`3de2ad1f8ff87aeec30088779267880306a0f31a </yocto-docs/commit/?id=3de2ad1f8ff87aeec30088779267880306a0f31a>`
+
diff --git a/poky/documentation/overview-manual/yp-intro.rst b/poky/documentation/overview-manual/yp-intro.rst
index 8b476f43c4..8a571176dc 100644
--- a/poky/documentation/overview-manual/yp-intro.rst
+++ b/poky/documentation/overview-manual/yp-intro.rst
@@ -361,7 +361,7 @@ Yocto Project:
of the :oe_layerindex:`OpenEmbedded Layer Index <>`, which
is a website that indexes OpenEmbedded-Core layers.
-- *Patchwork:* `Patchwork <http://jk.ozlabs.org/projects/patchwork/>`__
+- *Patchwork:* `Patchwork <https://patchwork.yoctoproject.org/>`__
is a fork of a project originally started by
`OzLabs <https://ozlabs.org/>`__. The project is a web-based tracking
system designed to streamline the process of bringing contributions
diff --git a/poky/documentation/profile-manual/usage.rst b/poky/documentation/profile-manual/usage.rst
index 49f8af4a74..5493a2b45b 100644
--- a/poky/documentation/profile-manual/usage.rst
+++ b/poky/documentation/profile-manual/usage.rst
@@ -1738,7 +1738,7 @@ events':
The tool is pretty self-explanatory, but for more detailed information
on navigating through the data, see the `kernelshark
-website <https://rostedt.homelinux.com/kernelshark/>`__.
+website <https://kernelshark.org/Documentation.html>`__.
ftrace Documentation
--------------------
@@ -1767,8 +1767,8 @@ There is a nice series of articles on using ftrace and trace-cmd at LWN:
- `trace-cmd: A front-end for
Ftrace <https://lwn.net/Articles/410200/>`__
-There's more detailed documentation kernelshark usage here:
-`KernelShark <https://rostedt.homelinux.com/kernelshark/>`__
+See also `KernelShark's documentation <https://kernelshark.org/Documentation.html>`__
+for further usage details.
An amusing yet useful README (a tracing mini-HOWTO) can be found in
``/sys/kernel/debug/tracing/README``.
diff --git a/poky/documentation/ref-manual/classes.rst b/poky/documentation/ref-manual/classes.rst
index 1880e44486..03995e996d 100644
--- a/poky/documentation/ref-manual/classes.rst
+++ b/poky/documentation/ref-manual/classes.rst
@@ -373,8 +373,26 @@ support.
``create-spdx.bbclass``
=======================
-The :ref:`create-spdx <ref-classes-create-spdx>` class provides support for automatically creating
-SPDX SBoM documents based upon image and SDK contents.
+The :ref:`create-spdx <ref-classes-create-spdx>` class provides support for
+automatically creating :term:`SPDX` :term:`SBOM` documents based upon image
+and SDK contents.
+
+This class is meant to be inherited globally from a configuration file::
+
+ INHERIT += "create-spdx"
+
+The toplevel :term:`SPDX` output file is generated in JSON format as a
+``IMAGE-MACHINE.spdx.json`` file in ``tmp/deploy/images/MACHINE/`` inside the
+:term:`Build Directory`. There are other related files in the same directory,
+as well as in ``tmp/deploy/spdx``.
+
+The exact behaviour of this class, and the amount of output can be controlled
+by the :term:`SPDX_PRETTY`, :term:`SPDX_ARCHIVE_PACKAGED`,
+:term:`SPDX_ARCHIVE_SOURCES` and :term:`SPDX_INCLUDE_SOURCES` variables.
+
+See the description of these variables and the
+":ref:`dev-manual/common-tasks:creating a software bill of materials`"
+section in the Yocto Project Development Manual for more details.
.. _ref-classes-cross:
@@ -412,13 +430,61 @@ discussion on these cross-compilation tools.
=====================
The :ref:`cve-check <ref-classes-cve-check>` class looks for known CVEs (Common Vulnerabilities
-and Exposures) while building an image. This class is meant to be
+and Exposures) while building with BitBake. This class is meant to be
inherited globally from a configuration file::
INHERIT += "cve-check"
+To filter out obsolete CVE database entries which are known not to impact software from Poky and OE-Core,
+add following line to the build configuration file::
+
+ include cve-extra-exclusions.inc
+
You can also look for vulnerabilities in specific packages by passing
-``-c cve_check`` to BitBake. You will find details in the
+``-c cve_check`` to BitBake.
+
+After building the software with Bitbake, CVE check output reports are available in ``tmp/deploy/cve``
+and image specific summaries in ``tmp/deploy/images/*.cve`` or ``tmp/deploy/images/*.json`` files.
+
+When building, the CVE checker will emit build time warnings for any detected
+issues which are in the state ``Unpatched``, meaning that CVE issue seems to affect the software component
+and version being compiled and no patches to address the issue are applied. Other states
+for detected CVE issues are: ``Patched`` meaning that a patch to address the issue is already
+applied, and ``Ignored`` meaning that the issue can be ignored.
+
+The ``Patched`` state of a CVE issue is detected from patch files with the format
+``CVE-ID.patch``, e.g. ``CVE-2019-20633.patch``, in the :term:`SRC_URI` and using
+CVE metadata of format ``CVE: CVE-ID`` in the commit message of the patch file.
+
+If the recipe lists the ``CVE-ID`` in :term:`CVE_CHECK_IGNORE` variable, then the CVE state is reported
+as ``Ignored``. Multiple CVEs can be listed separated by spaces. Example::
+
+ CVE_CHECK_IGNORE += "CVE-2020-29509 CVE-2020-29511"
+
+If CVE check reports that a recipe contains false positives or false negatives, these may be
+fixed in recipes by adjusting the CVE product name using :term:`CVE_PRODUCT` and :term:`CVE_VERSION` variables.
+:term:`CVE_PRODUCT` defaults to the plain recipe name :term:`BPN` which can be adjusted to one or more CVE
+database vendor and product pairs using the syntax::
+
+ CVE_PRODUCT = "flex_project:flex"
+
+where ``flex_project`` is the CVE database vendor name and ``flex`` is the product name. Similarly
+if the default recipe version :term:`PV` does not match the version numbers of the software component
+in upstream releases or the CVE database, then the :term:`CVE_VERSION` variable can be used to set the
+CVE database compatible version number, for example::
+
+ CVE_VERSION = "2.39"
+
+Any bugs or missing or incomplete information in the CVE database entries should be fixed in the CVE database
+via the `NVD feedback form <https://nvd.nist.gov/info/contact-form>`__.
+
+Users should note that security is a process, not a product, and thus also CVE checking, analyzing results,
+patching and updating the software should be done as a regular process. The data and assumptions
+required for CVE checker to reliably detect issues are frequently broken in various ways.
+These can only be detected by reviewing the details of the issues and iterating over the generated reports,
+and following what happens in other Linux distributions and in the greater open source community.
+
+You will find some more details in the
":ref:`dev-manual/common-tasks:checking for vulnerabilities`"
section in the Development Tasks Manual.
diff --git a/poky/documentation/ref-manual/features.rst b/poky/documentation/ref-manual/features.rst
index a5b01e8df7..9345543ebb 100644
--- a/poky/documentation/ref-manual/features.rst
+++ b/poky/documentation/ref-manual/features.rst
@@ -296,11 +296,11 @@ Here are the image features available for all images:
forced in ``/etc/passwd`` and ``/etc/shadow`` if such files exist.
.. note::
- ``empty-root-passwd`` doesn't set an empty root password by itself.
+ ``empty-root-password`` doesn't set an empty root password by itself.
You get an initial empty root password thanks to the
:oe_git:`base-passwd </openembedded-core/tree/meta/recipes-core/base-passwd/>`
and :oe_git:`shadow </openembedded-core/tree/meta/recipes-extended/shadow/>`
- recipes, and the presence of ``empty-root-passwd`` or ``debug-tweaks``
+ recipes, and the presence of ``empty-root-password`` or ``debug-tweaks``
just disables the mechanism which forces an non-empty password for the
root user.
diff --git a/poky/documentation/ref-manual/system-requirements.rst b/poky/documentation/ref-manual/system-requirements.rst
index 2a6d444040..7756284864 100644
--- a/poky/documentation/ref-manual/system-requirements.rst
+++ b/poky/documentation/ref-manual/system-requirements.rst
@@ -47,14 +47,22 @@ distributions:
- Fedora 35
+- Fedora 36
+
- AlmaLinux 8.5
+- AlmaLinux 8.7
+
+- AlmaLinux 9.1
+
- Debian GNU/Linux 10.x (Buster)
- Debian GNU/Linux 11.x (Bullseye)
- OpenSUSE Leap 15.3
+- OpenSUSE Leap 15.4
+
.. note::
- While the Yocto Project Team attempts to ensure all Yocto Project
diff --git a/poky/documentation/ref-manual/terms.rst b/poky/documentation/ref-manual/terms.rst
index 1e3f718a8f..7e5295a646 100644
--- a/poky/documentation/ref-manual/terms.rst
+++ b/poky/documentation/ref-manual/terms.rst
@@ -323,6 +323,23 @@ universal, the list includes them just in case:
:term:`build host<Build Host>` and other components, that can
work on specific hardware.
+ :term:`SBOM`
+ This term means *Software Bill of Materials*. When you distribute
+ software, it offers a description of all the components you used,
+ their corresponding licenses, their dependencies, the changes that were
+ applied and the known vulnerabilities that were fixed.
+
+ This can be used by the recipients of the software to assess
+ their exposure to license compliance and security vulnerability issues.
+
+ See the :wikipedia:`Software Supply Chain <Software_supply_chain>`
+ article on Wikipedia for more details.
+
+ The OpenEmbedded Build System can generate such documentation for your
+ project, in :term:`SPDX` format, based on all the metadata it used to
+ build the software images. See the ":ref:`dev-manual/common-tasks:creating
+ a software bill of materials`" section of the Development Tasks manual.
+
:term:`Source Directory`
This term refers to the directory structure
created as a result of creating a local copy of the ``poky`` Git
@@ -383,6 +400,17 @@ universal, the list includes them just in case:
":ref:`overview-manual/development-environment:repositories, tags, and branches`"
section in the Yocto Project Overview and Concepts Manual.
+ :term:`SPDX`
+ This term means *Software Package Data Exchange*, and is used as a open
+ standard for providing a *Software Bill of Materials* (:term:`SBOM`).
+ This standard is developed through a `Linux Foundation project
+ <https://spdx.dev/>`__ and is used by the OpenEmbedded Build System to
+ provide an :term:`SBOM` associated to each a software image.
+
+ For details, see Wikipedia's :wikipedia:`SPDX page <Software_Package_Data_Exchange>`
+ and the ":ref:`dev-manual/common-tasks:creating a software bill of materials`"
+ section of the Development Tasks manual.
+
:term:`Sysroot`
When cross-compiling, the target file system may be differently laid
out and contain different things compared to the host system. The concept
diff --git a/poky/documentation/ref-manual/variables.rst b/poky/documentation/ref-manual/variables.rst
index 71e8c272a7..2f12677a34 100644
--- a/poky/documentation/ref-manual/variables.rst
+++ b/poky/documentation/ref-manual/variables.rst
@@ -1508,6 +1508,18 @@ system and gives an overview of their function and contents.
CVE_PRODUCT = "vendor:package"
+ :term:`CVE_VERSION`
+ In a recipe, defines the version used to match the recipe version
+ against the version in the `NIST CVE database <https://nvd.nist.gov/>`__
+ when usign :ref:`cve-check <ref-classes-cve-check>`.
+
+ The default is ${:term:`PV`} but if recipes use custom version numbers
+ which do not map to upstream software component release versions and the versions
+ used in the CVE database, then this variable can be used to set the
+ version number for :ref:`cve-check <ref-classes-cve-check>`. Example::
+
+ CVE_VERSION = "2.39"
+
:term:`CVSDIR`
The directory in which files checked out under the CVS system are
stored.
@@ -1832,9 +1844,9 @@ system and gives an overview of their function and contents.
variable.
:term:`DEV_PKG_DEPENDENCY`
- Provides an easy way for recipes to disable or adjust the runtime
- dependency (:term:`RDEPENDS`) of the ``${PN}-dev`` package on the main
- (``${PN}``) package, particularly where the main package may be empty.
+ Provides an easy way for recipes to disable or adjust the runtime recommendation
+ (:term:`RRECOMMENDS`) of the ``${PN}-dev`` package on the main
+ (``${PN}``) package.
:term:`DISABLE_STATIC`
Used in order to disable static linking by default (in order to save
@@ -7278,6 +7290,88 @@ system and gives an overview of their function and contents.
You can specify only a single URL in :term:`SOURCE_MIRROR_URL`.
+ :term:`SPDX_ARCHIVE_PACKAGED`
+ This option allows to add to :term:`SPDX` output compressed archives
+ of the files in the generated target packages.
+
+ Such archives are available in
+ ``tmp/deploy/spdx/MACHINE/packages/packagename.tar.zst``
+ under the :term:`Build Directory`.
+
+ Enable this option as follows::
+
+ SPDX_ARCHIVE_PACKAGED = "1"
+
+ According to our tests on release 4.1 "langdale", building
+ ``core-image-minimal`` for the ``qemux86-64`` machine, enabling this
+ option multiplied the size of the ``tmp/deploy/spdx`` directory by a
+ factor of 13 (+1.6 GiB for this image), compared to just using the
+ :ref:`create-spdx <ref-classes-create-spdx>` class with no option.
+
+ Note that this option doesn't increase the size of :term:`SPDX`
+ files in ``tmp/deploy/images/MACHINE``.
+
+ :term:`SPDX_ARCHIVE_SOURCES`
+ This option allows to add to :term:`SPDX` output compressed archives
+ of the sources for packages installed on the target. It currently
+ only works when :term:`SPDX_INCLUDE_SOURCES` is set.
+
+ This is one way of fulfilling "source code access" license
+ requirements.
+
+ Such source archives are available in
+ ``tmp/deploy/spdx/MACHINE/recipes/recipe-packagename.tar.zst``
+ under the :term:`Build Directory`.
+
+ Enable this option as follows::
+
+ SPDX_INCLUDE_SOURCES = "1"
+ SPDX_ARCHIVE_SOURCES = "1"
+
+ According to our tests on release 4.1 "langdale", building
+ ``core-image-minimal`` for the ``qemux86-64`` machine, enabling
+ these options multiplied the size of the ``tmp/deploy/spdx``
+ directory by a factor of 11 (+1.4 GiB for this image),
+ compared to just using the :ref:`create-spdx <ref-classes-create-spdx>`
+ class with no option.
+
+ Note that using this option only marginally increases the size
+ of the :term:`SPDX` output in ``tmp/deploy/images/MACHINE/``
+ (+ 0.07\% with the tested image), compared to just enabling
+ :term:`SPDX_INCLUDE_SOURCES`.
+
+ :term:`SPDX_INCLUDE_SOURCES`
+ This option allows to add a description of the source files used to build
+ the host tools and the target packages, to the ``spdx.json`` files in
+ ``tmp/deploy/spdx/MACHINE/recipes/`` under the :term:`Build Directory`.
+ As a consequence, the ``spdx.json`` files under the ``by-namespace`` and
+ ``packages`` subdirectories in ``tmp/deploy/spdx/MACHINE`` are also
+ modified to include references to such source file descriptions.
+
+ Enable this option as follows::
+
+ SPDX_INCLUDE_SOURCES = "1"
+
+ According to our tests on release 4.1 "langdale", building
+ ``core-image-minimal`` for the ``qemux86-64`` machine, enabling
+ this option multiplied the total size of the ``tmp/deploy/spdx``
+ directory by a factor of 3 (+291 MiB for this image),
+ and the size of the ``IMAGE-MACHINE.spdx.tar.zst`` in
+ ``tmp/deploy/images/MACHINE`` by a factor of 130 (+15 MiB for this
+ image), compared to just using the
+ :ref:`create-spdx <ref-classes-create-spdx>` class with no option.
+
+ :term:`SPDX_PRETTY`
+ This option makes the SPDX output more human-readable, using
+ identation and newlines, instead of the default output in a
+ single line::
+
+ SPDX_PRETTY = "1"
+
+ The generated SPDX files are approximately 20% bigger, but
+ this option is recommended if you want to inspect the SPDX
+ output files with a text editor.
+
:term:`SPDXLICENSEMAP`
Maps commonly used license names to their SPDX counterparts found in
``meta/files/common-licenses/``. For the default :term:`SPDXLICENSEMAP`
@@ -7451,7 +7545,7 @@ system and gives an overview of their function and contents.
``SSTATE_EXCLUDEDEPS_SYSROOT`` is evaluated as two regular
expressions of recipe and dependency to ignore. An example
- is the rule in :oe_git:`meta/conf/layer.conf </meta/conf/layer.conf>`::
+ is the rule in :oe_git:`meta/conf/layer.conf </openembedded-core/tree/meta/conf/layer.conf>`::
# Nothing needs to depend on libc-initial
# base-passwd/shadow-sysroot don't need their dependencies
generated by cgit v1.2.3 (git 2.39.0) at 2024-09-30 20:31:55 +0300