From patchwork Fri Apr 22 01:40:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Eggleton X-Patchwork-Id: 7020 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A08D8C4167E for ; Fri, 22 Apr 2022 16:51:59 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web09.3366.1650591648342238266 for ; Thu, 21 Apr 2022 18:40:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=jxSXHeVv; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: pauleg@linux.microsoft.com) Received: by linux.microsoft.com (Postfix, from userid 1054) id 96F3520E6564; Thu, 21 Apr 2022 18:40:47 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 96F3520E6564 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1650591647; bh=b4jDqjdiOLLuZTCw+VS7hQBcKJlwdLZhxnEua9QX8yM=; h=From:To:Subject:Date:In-Reply-To:References:From; b=jxSXHeVvuOOO0/EVhfydG9UhNImS/yj1qzxI5NReXCegmGfUeoMfl5pVCmp7hcY7L yt1QFvwYpL0ANLOW8srwBwTkSSj43Ly5aM/dGCOAkCaV1hojkJ6BPTQhpEm4enc/pa zAANEdTtaoGvhk+0SOtm96Tj1yubK4c5sAHtKlRg= From: Paul Eggleton To: docs@lists.yoctoproject.org Subject: [PATCH 1/9] migration-3.4: add missing entry on EXTRA_USERS_PARAMS Date: Thu, 21 Apr 2022 18:40:34 -0700 Message-Id: X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Apr 2022 16:51:59 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/2823 From: Paul Eggleton We missed noting this in 3.4 but I noticed the documentation was recently updated, so note the removal. Signed-off-by: Paul Eggleton --- documentation/migration-guides/migration-3.4.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/documentation/migration-guides/migration-3.4.rst b/documentation/migration-guides/migration-3.4.rst index 139b2bf..dead6bc 100644 --- a/documentation/migration-guides/migration-3.4.rst +++ b/documentation/migration-guides/migration-3.4.rst @@ -265,6 +265,13 @@ Miscellaneous built-in override support in the fetcher or overrides in general instead. +- The ``-P`` (``--clear-password``) option can no longer be used with + ``useradd`` and ``usermod`` entries in :term:`EXTRA_USERS_PARAMS`. + It was being implemented using a custom patch to the ``shadow`` recipe + which clashed with a ``-P`` option that was added upstream in + ``shadow`` version 4.9, and in any case is fundamentally insecure. + + .. include:: release-notes-3.4.rst .. include:: release-notes-3.4.1.rst .. include:: release-notes-3.4.2.rst From patchwork Fri Apr 22 01:40:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Eggleton X-Patchwork-Id: 7025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD47CC3527D for ; Fri, 22 Apr 2022 16:51:59 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web12.3539.1650591648439528537 for ; Thu, 21 Apr 2022 18:40:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=EXeo14wN; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: pauleg@linux.microsoft.com) Received: by linux.microsoft.com (Postfix, from userid 1054) id A2DD020E6569; Thu, 21 Apr 2022 18:40:47 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com A2DD020E6569 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1650591647; bh=mO7s6KFjVMGVOC54L3Es0CsNjABi9g5umjHR/zl8sNY=; h=From:To:Subject:Date:In-Reply-To:References:From; b=EXeo14wNkKyl9Rb/XJzhaWvVNUkmGrSuqGcc+szmDTeWyAl9pkLjdHMJ/ND1corWs BYZVq+fsRYzPbXsl3pUuo6LVP4zlh2ezIJTnRzged+h5QYeZaAEzFR5PUn0W0B4kTE RvcHHQkT9v5UdVKRl1xBjOShay5O6GoX1gMCwnhI= From: Paul Eggleton To: docs@lists.yoctoproject.org Subject: [PATCH 2/9] ref-manual: add a note about hard-coded passwords Date: Thu, 21 Apr 2022 18:40:35 -0700 Message-Id: <52c5571a8664a7547caed420ea83d77ab5d21d0f.1650591341.git.paul.eggleton@linux.microsoft.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Apr 2022 16:51:59 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/2825 From: Paul Eggleton It seems prudent to point out that hard-coding passwords in the manner detailed in the example is not a good idea in production. This type of mistake has unfortunately been made by many device vendors (outside of the Yocto Project context) leading to security vulnerabilities. Signed-off-by: Paul Eggleton --- documentation/ref-manual/classes.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 6ba792d..13cc2bb 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst @@ -576,6 +576,13 @@ Finally, here is an example that sets the root password:: usermod -p '${PASSWD}' root; \ " +.. note:: + + From a security perspective, hardcoding a default password is not + generally a good idea. It is recommended that you do not do this if you are + building a production image. + + .. _ref-classes-features_check: ``features_check.bbclass`` From patchwork Fri Apr 22 01:40:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Eggleton X-Patchwork-Id: 7022 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD8D3C46467 for ; Fri, 22 Apr 2022 16:51:59 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.3584.1650591648343036328 for ; Thu, 21 Apr 2022 18:40:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=mttJHc+6; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: pauleg@linux.microsoft.com) Received: by linux.microsoft.com (Postfix, from userid 1054) id AE78920E6570; Thu, 21 Apr 2022 18:40:47 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com AE78920E6570 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1650591647; bh=hRDNIpOlwmViDMG228Dw+VAOb6nrsy4nIIgZfDS5BU4=; h=From:To:Subject:Date:In-Reply-To:References:From; b=mttJHc+6HgePF5QoA8S2NPg+ss4xZRLMhDGPHPY0AwxNP0Q02/A6LIz//rw7FvID1 hFLzuA3zDIT/AYiMznFiYK8QkCLuKyJltbhX3HPsehrx0wCpZPQIfQvbu2eoHxJwbU 87WMpo3ZRqy7mqASYByoEycOyncxerDvy/E4V0Ow= From: Paul Eggleton To: docs@lists.yoctoproject.org Subject: [PATCH 3/9] ref-manual: mention wildcarding support in INCOMPATIBLE_LICENSE Date: Thu, 21 Apr 2022 18:40:36 -0700 Message-Id: X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Apr 2022 16:51:59 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/2824 From: Paul Eggleton Add this since the INCOMPATIBLE_LICENSE wildcard support has changed in the 4.0 release. Signed-off-by: Paul Eggleton --- documentation/ref-manual/variables.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index f9fd551..4df8165 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst @@ -3485,6 +3485,14 @@ system and gives an overview of their function and contents. incompatible licenses are not built. Packages that are individually licensed with the specified incompatible licenses will be deleted. + There is some support for wildcards in this variable's value, + however it is restricted to specific licenses. Currently only the + these wildcards are allowed and expand as follows: + + - ``AGPL-3.0*"``: ``AGPL-3.0-only``, ``AGPL-3.0-or-later`` + - ``GPL-3.0*``: ``GPL-3.0-only``, ``GPL-3.0-or-later`` + - ``LGPL-3.0*``: ``LGPL-3.0-only``, ``LGPL-3.0-or-later`` + .. note:: This functionality is only regularly tested using the following From patchwork Fri Apr 22 01:40:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Eggleton X-Patchwork-Id: 7024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2481C35275 for ; Fri, 22 Apr 2022 16:51:59 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.3583.1650591648306416636 for ; Thu, 21 Apr 2022 18:40:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=cQjMi2xl; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: pauleg@linux.microsoft.com) Received: by linux.microsoft.com (Postfix, from userid 1054) id BA35320E6577; Thu, 21 Apr 2022 18:40:47 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com BA35320E6577 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1650591647; bh=nCouutzQzGW4OMYKQ1KlOaJ34inF9pQFHG2mIMkL/LI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=cQjMi2xl3TsQfKaPBFMCUhXYo0QdI+JyA/VFZrGheYkuCZ/Ozki6BxEEsgJ7EP5VZ Px998x+sXPJjH9hk/+wA2V25WukQZdCrSkd2he0OadKrInIqMRefWCcP2PQ8WE4YYJ DPqaSD28MUlv+LQ+5z3UDA9BmWVdFx98eI6OB1Jc= From: Paul Eggleton To: docs@lists.yoctoproject.org Subject: [PATCH 4/9] ref-manual: add mention of vendor filtering to CVE_PRODUCT Date: Thu, 21 Apr 2022 18:40:37 -0700 Message-Id: X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Apr 2022 16:51:59 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/2821 From: Paul Eggleton Mention the vendor filtering functionality - prompted by OE-Core revision 45d1a0bea0c628f84a00d641a4d323491988106f. Signed-off-by: Paul Eggleton --- documentation/ref-manual/variables.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index 4df8165..0b8c44f 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst @@ -1485,6 +1485,13 @@ system and gives an overview of their function and contents. CVE_PRODUCT = "oracle_berkeley_db berkeley_db" + Sometimes the product name is not specific enough, for example + "tar" has been matching CVEs for the GNU ``tar`` package and also + the ``node-tar`` node.js extension. To avoid this problem, use the + vendor name as a prefix. The syntax for this is:: + + CVE_PRODUCT = "vendor:package" + :term:`CVSDIR` The directory in which files checked out under the CVS system are stored. From patchwork Fri Apr 22 01:40:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Eggleton X-Patchwork-Id: 7023 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC91FC3527B for ; Fri, 22 Apr 2022 16:51:59 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web08.3387.1650591648706538563 for ; Thu, 21 Apr 2022 18:40:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=Fc8r36Hw; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: pauleg@linux.microsoft.com) Received: by linux.microsoft.com (Postfix, from userid 1054) id C619C20E657C; Thu, 21 Apr 2022 18:40:47 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com C619C20E657C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1650591647; bh=CHAcLQmkdLLGhkgTffk7Oqb/1234dz4yEPYo2weNrGg=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Fc8r36Hw3Gm3Ic49Y8HLIiTfrqoi7TX/e+x+buakJrwz7OKEwr4MOGrmTXHFyi4fp bNS4FD/cC/dWWhGYr23mMArwH3ZwpEQdB661oKwuPb0oRqjhjoyOTff9WErak9BUJl FJz1hbe2PeZC/LG+m3B49gctG04cMEyxyY2eooxI= From: Paul Eggleton To: docs@lists.yoctoproject.org Subject: [PATCH 5/9] ref-manual: add KERNEL_DEBUG_TIMESTAMPS Date: Thu, 21 Apr 2022 18:40:38 -0700 Message-Id: X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Apr 2022 16:51:59 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/2826 From: Paul Eggleton New variable in kirkstone. Signed-off-by: Paul Eggleton --- documentation/ref-manual/variables.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index 0b8c44f..b9448b8 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst @@ -3953,6 +3953,11 @@ system and gives an overview of their function and contents. custom kernel image types with the :ref:`kernel ` class using this variable. + :term:`KERNEL_DEBUG_TIMESTAMPS` + If set to "1", enables timestamping functionality during building + the kernel. The default is "0" to disable this for reproducibility + reasons. + :term:`KERNEL_DEVICETREE` Specifies the name of the generated Linux kernel device tree (i.e. the ``.dtb``) file. From patchwork Fri Apr 22 01:40:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Eggleton X-Patchwork-Id: 7027 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B949CC35294 for ; Fri, 22 Apr 2022 16:51:59 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web12.3541.1650591648769500562 for ; Thu, 21 Apr 2022 18:40:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=iEvGSNeF; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: pauleg@linux.microsoft.com) Received: by linux.microsoft.com (Postfix, from userid 1054) id D1C0D20E6581; Thu, 21 Apr 2022 18:40:47 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com D1C0D20E6581 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1650591647; bh=cqValLlopt3+5pZppTOURGwZuoOjf+oZc31O1KgZ6jQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=iEvGSNeFEszbi0uPnk8jqT3mFfyD1jc/NrrqeCRsqeGKbinCos+19aYl6+6+T8IMa qeW/oT3IhO2ypYHYJJTCZxArFBg3XL0rM1Oo2r44nDhaNaiMweYkYR/vTv7vAkMYy8 hr7ZEAfF11xi9i5YvOq+ecOS7GOAr1kIZuWq4uKo= From: Paul Eggleton To: docs@lists.yoctoproject.org Subject: [PATCH 6/9] ref-manual: add XZ_THREADS and ZSTD_THREADS Date: Thu, 21 Apr 2022 18:40:39 -0700 Message-Id: X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Apr 2022 16:51:59 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/2828 From: Paul Eggleton ZSTD_THREADS is new for kirkstone, XZ_THREADS was introduced in dunfell. Signed-off-by: Paul Eggleton --- documentation/ref-manual/variables.rst | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index b9448b8..4803578 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst @@ -8737,4 +8737,15 @@ system and gives an overview of their function and contents. The default value of :term:`XSERVER`, if not specified in the machine configuration, is "xserver-xorg xf86-video-fbdev xf86-input-evdev". - + + :term:`XZ_THREADS` + Specifies the number of parallel threads that should be used when + using xz compression. By default this scales with core count, but + is never set less than 2 to ensure that multi-threaded mode is + always used (so that the output file contents are deterministic). + + :term:`ZSTD_THREADS` + Specifies the number of parallel threads that should be used when + using ZStandard compression. By default this scales with core count, + but is never set less than 2 to ensure that multi-threaded mode is + always used (so that the output file contents are deterministic). From patchwork Fri Apr 22 01:40:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paul Eggleton X-Patchwork-Id: 7026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7763C3527E for ; Fri, 22 Apr 2022 16:51:59 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web08.3388.1650591648758743263 for ; Thu, 21 Apr 2022 18:40:48 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=Kae9DUTy; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: pauleg@linux.microsoft.com) Received: by linux.microsoft.com (Postfix, from userid 1054) id DDABC20E6587; Thu, 21 Apr 2022 18:40:47 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com DDABC20E6587 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1650591647; bh=lJgGnNr8ilcAAg0uBU5Nv8rg3rzmZFp9nkQxvHnSCDI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Kae9DUTy13BlFzQPKr4mRNfBdQP1+kmwcRiaTrRgWzUrrTzATo9HjvH5LQWM05cx5 VRvCXXSRl9fI3CdVwuf5WubppiyMt0w8N6/i0XQd1pu173GvaiLkoVin8vxhPcZiZg FYMvry4322y4Al+ckJQL/5/P2FUvYjFTjM8s6ZhY= From: Paul Eggleton To: docs@lists.yoctoproject.org Subject: [PATCH 7/9] ref-manual: add empty-dirs QA check and QA_EMPTY_DIRS* Date: Thu, 21 Apr 2022 18:40:40 -0700 Message-Id: <0fb99813b129f7239e08240d22397a50c53ed883.1650591341.git.paul.eggleton@linux.microsoft.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Apr 2022 16:51:59 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/2829 From: Paul Eggleton This check is new in kirkstone. Signed-off-by: Paul Eggleton --- documentation/ref-manual/classes.rst | 5 +++++ documentation/ref-manual/qa-checks.rst | 10 +++++++++- documentation/ref-manual/variables.rst | 15 +++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 13cc2bb..a084ace 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst @@ -1039,6 +1039,11 @@ Here are the tests you can list with the :term:`WARN_QA` and cases, such as dynamically loaded modules, these symlinks are needed instead in the main package. +- ``empty-dirs:`` Checks that packages are not installing files to + directories that are normally expected to be empty (such as ``/tmp``) + The list of directories that are checked is specified by the + :term:`QA_EMPTY_DIRS` variable. + - ``file-rdeps:`` Checks that file-level dependencies identified by the OpenEmbedded build system at packaging time are satisfied. For example, a shell script might start with the line ``#!/bin/bash``. diff --git a/documentation/ref-manual/qa-checks.rst b/documentation/ref-manual/qa-checks.rst index 3364311..e881697 100644 --- a/documentation/ref-manual/qa-checks.rst +++ b/documentation/ref-manual/qa-checks.rst @@ -154,7 +154,15 @@ Errors and Warnings ``FILES:${PN}-dbg``. See :term:`FILES` for additional information on :term:`FILES`. -   +.. _qa-check-empty-dirs: + +- `` installs files in , but it is expected to be empty [empty-dirs]`` + + The specified package is installing files into a directory that is + normally expected to be empty (such as ``/tmp``). These files may + be more appropriately installed to a different location, or + perhaps alternatively not installed at all. + .. _qa-check-arch: - ``Architecture did not match (, expected ) in [arch]`` diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index 4803578..47c8a8f 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst @@ -6084,6 +6084,21 @@ system and gives an overview of their function and contents. In the previous example, the version of the dependency is :term:`PYTHON_PN`. + :term:`QA_EMPTY_DIRS` + Specifies a list of directories that are expected to be empty when + packaging; if ``empty-dirs`` appears in :term:`ERROR_QA` or + :term:`WARN_QA` these will be checked and an error or warning + (respectively) will be produced. + + The default :term:`QA_EMPTY_DIRS` value is set in + :ref:`classes/insane.bbclass `. + + :term:`QA_EMPTY_DIRS_RECOMMENDATION` + Specifies a recommendation for a directory why it must be empty, + which will be included in the error message if a specific directory + is found to contain files. Must be overridden with the directory + path to match on. + :term:`RANLIB` The minimal command and arguments to run ``ranlib``. From patchwork Fri Apr 22 01:40:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Eggleton X-Patchwork-Id: 7028 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7C0BC4707E for ; Fri, 22 Apr 2022 16:51:59 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web12.3540.1650591648702699935 for ; Thu, 21 Apr 2022 18:40:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=pqhMvvyJ; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: pauleg@linux.microsoft.com) Received: by linux.microsoft.com (Postfix, from userid 1054) id E973020E658B; Thu, 21 Apr 2022 18:40:47 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com E973020E658B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1650591647; bh=9BoXcvF4brZIgqZyZ3TxpEHwtx3BHlXCz4ACV6NRQXM=; h=From:To:Subject:Date:In-Reply-To:References:From; b=pqhMvvyJV0GWrrGKzs9JJb5kHX9E+z91PrXdxckKZ03IvG/aZoGLpCh3Y+UBeobSa G7/t23dngwh4OmovMNAskbjURWRy12Cv55LJxrIeb57AaNlB37p0rrftlNqOHfj+M7 NM8NtivTE/A+DXJlcZ13W2Ib+zisGpVppa3axPSg= From: Paul Eggleton To: docs@lists.yoctoproject.org Subject: [PATCH 8/9] migration-guides: complete migration guide for 4.0 Date: Thu, 21 Apr 2022 18:40:41 -0700 Message-Id: X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Apr 2022 16:51:59 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/2827 From: Paul Eggleton * Make some corrections to preliminary set of entries * Move out entries that were more appropriate for the release notes (i.e. that are more additions rather than changes that require the user to make changes) * Add new entries based on commits in the kirkstone branch Signed-off-by: Paul Eggleton --- documentation/migration-guides/migration-4.0.rst | 346 +++++++++++++++-------- 1 file changed, 221 insertions(+), 125 deletions(-) diff --git a/documentation/migration-guides/migration-4.0.rst b/documentation/migration-guides/migration-4.0.rst index 202999e..6725e25 100644 --- a/documentation/migration-guides/migration-4.0.rst +++ b/documentation/migration-guides/migration-4.0.rst @@ -1,61 +1,74 @@ Release 4.0 (kirkstone) ======================= +Migration notes for 4.0 (kirkstone) +----------------------------------- + This section provides migration information for moving to the Yocto Project 4.0 Release (codename "kirkstone") from the prior release. -Recipe changes --------------- - -- To use more `inclusive language `__ - in the code and documentation, some variables have been renamed or even - deleted. BitBake will stop with an error when renamed or removed variables - still exist in your recipes or configuration. - - Please note that the change applies also to environmental variables, so - make sure you use a fresh environment for your build. - - The following variables have changed their names: - - - ``BB_ENV_WHITELIST`` became :term:`BB_ENV_PASSTHROUGH` - - ``BB_ENV_EXTRAWHITE`` became :term:`BB_ENV_PASSTHROUGH_ADDITIONS` - - ``BB_HASHBASE_WHITELIST`` became :term:`BB_BASEHASH_IGNORE_VARS` - - ``BB_HASHCONFIG_WHITELIST`` became :term:`BB_HASHCONFIG_IGNORE_VARS` - - ``BB_HASHTASK_WHITELIST`` became ``BB_TASKHASH_IGNORE_TASKS`` - - ``BB_SETSCENE_ENFORCE_WHITELIST`` became ``BB_SETSCENE_ENFORCE_IGNORE_TASKS`` - - ``CVE_CHECK_PN_WHITELIST`` became :term:`CVE_CHECK_SKIP_RECIPE` - - ``CVE_CHECK_WHITELIST`` became :term:`CVE_CHECK_IGNORE` - - ``ICECC_USER_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE` - - ``ICECC_SYSTEM_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE` - - ``ICECC_USER_PACKAGE_WL`` became :term:`ICECC_RECIPE_ENABLE` - - ``ICECC_USER_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE` - - ``ICECC_SYSTEM_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE` - - ``LICENSE_FLAGS_WHITELIST`` became :term:`LICENSE_FLAGS_ACCEPTED` - - ``MULTI_PROVIDER_WHITELIST`` became :term:`BB_MULTI_PROVIDER_ALLOWED` - - ``PNBLACKLIST`` became :term:`SKIP_RECIPE` - - ``SDK_LOCAL_CONF_BLACKLIST`` became :term:`ESDK_LOCALCONF_REMOVE` - - ``SDK_LOCAL_CONF_WHITELIST`` became :term:`ESDK_LOCALCONF_ALLOW` - - ``SDK_INHERIT_BLACKLIST`` became :term:`ESDK_CLASS_INHERIT_DISABLE` - - ``SSTATE_DUPWHITELIST`` became ``SSTATE_ALLOW_OVERLAP_FILES`` - - ``SYSROOT_DIRS_BLACKLIST`` became :term:`SYSROOT_DIRS_IGNORE` - - ``UNKNOWN_CONFIGURE_WHITELIST`` became :term:`UNKNOWN_CONFIGURE_OPT_IGNORE` - - In addition, ``BB_STAMP_WHITELIST``, ``BB_STAMP_POLICY``, ``INHERIT_BLACKLIST`` - and ``TUNEABI_WHITELIST`` have been removed. - - Many internal variable names have been also renamed accordingly. - - In addition, in the ``cve-check`` output, the CVE issue status ``Whitelisted`` - has been renamed to ``Ignored``. - - A :oe_git:`convert-variable-renames.py - ` - script is provided to convert your recipes and configuration, - and also warns you about the use of problematic words. The script performs - changes and you need to review them before committing. An example warning - looks like:: - - poky/scripts/lib/devtool/upgrade.py needs further work at line 275 since it contains abort +.. _migration-4.0-inclusive-language: + +Inclusive language improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To use more `inclusive language `__ +in the code and documentation, some variables have been renamed, and +some have been deleted where they are no longer needed. In many cases the +new names are also easier to understand. BitBake will stop with an error when +renamed or removed variables still exist in your recipes or configuration. + +Please note that the change applies also to environmental variables, so +make sure you use a fresh environment for your build. + +The following variables have changed their names: + +- ``BB_ENV_WHITELIST`` became :term:`BB_ENV_PASSTHROUGH` +- ``BB_ENV_EXTRAWHITE`` became :term:`BB_ENV_PASSTHROUGH_ADDITIONS` +- ``BB_HASHBASE_WHITELIST`` became :term:`BB_BASEHASH_IGNORE_VARS` +- ``BB_HASHCONFIG_WHITELIST`` became :term:`BB_HASHCONFIG_IGNORE_VARS` +- ``BB_HASHTASK_WHITELIST`` became ``BB_TASKHASH_IGNORE_TASKS`` +- ``BB_SETSCENE_ENFORCE_WHITELIST`` became ``BB_SETSCENE_ENFORCE_IGNORE_TASKS`` +- ``CVE_CHECK_PN_WHITELIST`` became :term:`CVE_CHECK_SKIP_RECIPE` +- ``CVE_CHECK_WHITELIST`` became :term:`CVE_CHECK_IGNORE` +- ``ICECC_USER_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE` +- ``ICECC_SYSTEM_CLASS_BL`` became :term:`ICECC_CLASS_DISABLE` +- ``ICECC_USER_PACKAGE_WL`` became :term:`ICECC_RECIPE_ENABLE` +- ``ICECC_USER_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE` +- ``ICECC_SYSTEM_PACKAGE_BL`` became :term:`ICECC_RECIPE_DISABLE` +- ``LICENSE_FLAGS_WHITELIST`` became :term:`LICENSE_FLAGS_ACCEPTED` +- ``MULTI_PROVIDER_WHITELIST`` became :term:`BB_MULTI_PROVIDER_ALLOWED` +- ``PNBLACKLIST`` became :term:`SKIP_RECIPE` +- ``SDK_LOCAL_CONF_BLACKLIST`` became :term:`ESDK_LOCALCONF_REMOVE` +- ``SDK_LOCAL_CONF_WHITELIST`` became :term:`ESDK_LOCALCONF_ALLOW` +- ``SDK_INHERIT_BLACKLIST`` became :term:`ESDK_CLASS_INHERIT_DISABLE` +- ``SSTATE_DUPWHITELIST`` became ``SSTATE_ALLOW_OVERLAP_FILES`` +- ``SYSROOT_DIRS_BLACKLIST`` became :term:`SYSROOT_DIRS_IGNORE` +- ``UNKNOWN_CONFIGURE_WHITELIST`` became :term:`UNKNOWN_CONFIGURE_OPT_IGNORE` +- ``WHITELIST_`` became ``INCOMPATIBLE_LICENSE_EXCEPTIONS`` + +In addition, ``BB_STAMP_WHITELIST``, ``BB_STAMP_POLICY``, ``INHERIT_BLACKLIST``, +``TUNEABI``, ``TUNEABI_WHITELIST``, and ``TUNEABI_OVERRIDE`` have been removed. + +Many internal variable names have been also renamed accordingly. + +In addition, in the ``cve-check`` output, the CVE issue status ``Whitelisted`` +has been renamed to ``Ignored``. + +The :term:`BB_DISKMON_DIRS` variable value now uses the term ``HALT`` +instead of ``ABORT``. + +A :oe_git:`convert-variable-renames.py +` +script is provided to convert your recipes and configuration, +and also warns you about the use of problematic words. The script performs +changes and you need to review them before committing. An example warning +looks like:: + + poky/scripts/lib/devtool/upgrade.py needs further work at line 275 since it contains abort + +Fetching changes +~~~~~~~~~~~~~~~~ - Because of the uncertainty in future default branch names in git repositories, it is now required to add a branch name to all URLs described @@ -70,7 +83,8 @@ Recipe changes - Because of `GitHub dropping support for the git: protocol `__, recipes now need to use ``;protocol=https`` at the end of GitHub - URLs. The same script as above can be used to convert the recipes. + URLs. The same ``convert-srcuri`` script mentioned above can be used to convert + your recipes. - Network access from tasks is now disabled by default on kernels which support this feature (on most recent distros such as CentOS 8 and Debian 11 onwards). @@ -84,87 +98,169 @@ Recipe changes usually undermines fetcher source mirroring, image and licence manifests, software auditing and supply chain security. -- The :term:`TOPDIR` variable and the current working directory are no longer modified - when parsing recipes. Any code depending on that behaviour will no longer work. - -- The ``append``, ``prepend`` and ``remove`` operators can now only be combined with - ``=`` and ``:=`` operators. To the exception of the ``append`` plus ``+=`` and - ``prepend`` plus ``=+`` combinations, all combinations could be factored up to the - ``append``, ``prepend`` or ``remove`` in the combination. This brought a lot of - confusion on how the override style syntax operators work and should be used. - Therefore, those combinations can simply be replaced by a single ``append``, - ``prepend`` or ``remove`` operator without any additional change. - For the ``append`` plus ``+=`` (and ``prepend`` plus ``=+``) combinations, - the content should be prefixed (respectively suffixed) by a space to maintain - the same behavior. You can learn more about override style syntax operators - (``append``, ``prepend`` and ``remove``) in the BitBake documentation: - :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata:appending and prepending (override style syntax)` - and :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata:removal (override style syntax)`. +License changes +~~~~~~~~~~~~~~~ -- :ref:`allarch ` packagegroups can no longer depend on packages - which use :term:`PKG` renaming such as :ref:`ref-classes-debian`. +- The ambiguous "BSD" license has been removed from the ``common-licenses`` directory. + Each recipe that fetches or builds BSD-licensed code should specify the proper + version of the BSD license in its :term:`LICENSE` value. -- :term:`LICENSE` definitions now have to use `SPDX identifiers `__. - A :oe_git:`convert-spdx-licenses.py ` +- :term:`LICENSE` variable values should now use `SPDX identifiers `__. + If they do not, by default a warning will be shown. A + :oe_git:`convert-spdx-licenses.py ` script can be used to update your recipes. - -- :term:`SRC_URI`: a new :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-fetching:crate fetcher (\`\`crate://\`\`)` - is available for Rust packages. - -Class changes -------------- - -- The ``distutils*.bbclasses`` have been moved to ``meta-python``. The classes and - `DISTUTILS*` variables have been removed from the documentation. - -- ``blacklist.bbclass`` is removed and the functionality moved to the - :ref:`base ` class with a more descriptive - ``varflag`` named :term:`SKIP_RECIPE` which will use the `SkipRecipe()` - function. The usage will remain the same:: - - SKIP_RECIPE[my-recipe] = "Reason for skipping recipe" - -- The Python package build process based on `wheels `__. + +- :term:`INCOMPATIBLE_LICENSE` should now use `SPDX identifiers `__. + Additionally, wildcarding is now limited to specifically supported values - + see the :term:`INCOMPATIBLE_LICENSE` documentation for further information. + +- The ``AVAILABLE_LICENSES`` variable has been removed. This variable was a performance + liability and is highly dependent on which layers are added to the configuration, + which can cause signature issues for users. In addition the ``available_licenses()`` + function has been removed from the :ref:`license ` class as + it is no longer needed. + +Removed recipes +~~~~~~~~~~~~~~~ + +The following recipes have been removed in this release: + +- ``dbus-test``: merged into main dbus recipe +- ``libid3tag``: moved to meta-oe - no longer needed by anything in OE-Core +- ``libportal``: moved to meta-gnome - no longer needed by anything in OE-Core +- ``linux-yocto``: removed version 5.14 recipes (5.15 and 5.10 still provided) +- ``python3-nose``: has not changed since 2016 upstream, and no longer needed by anything in OE-Core +- ``rustfmt``: not especially useful as a standalone recipe + +Python changes +~~~~~~~~~~~~~~ + +- ``distutils`` has been deprecated upstream in Python 3.10 and thus the ``distutils*`` + classes have been moved to ``meta-python``. Recipes that inherit the ``distutils*`` + classes should be updated to inherit ``setuptools*`` equivalents instead. + +- The Python package build process is now based on `wheels `__. Here are the new Python packaging classes that should be used: - :ref:`python-flit_core `, - :ref:`setuptools_python-build_meta ` - and :ref:`python_poetry_core `. - -- ``image-prelink.bbclass`` class is removed. - -- New :ref:`overlayfs ` and - :ref:`overlayfs-etc ` classes are available - to make it easier to overlay read-only filesystems (for example) - with `OverlayFS `__. - -Configuration changes ---------------------- - -- The Yocto Project now allows to reuse Shared State from its autobuilder. - If the network connection between our server and your machine is faster - than you would build recipes, you can try to speed up your builds - by using such Share State and Hash Equivalence by setting:: - - BB_SIGNATURE_HANDLER = "OEEquivHash" - BB_HASHSERVE = "auto" - BB_HASHSERVE_UPSTREAM = "typhoon.yocto.io:8687" - SSTATE_MIRRORS ?= "file://.* https://sstate.yoctoproject.org/&YOCTO_DOC_VERSION;/PATH;downloadfilename=PATH" + :ref:`python_flit_core `, + :ref:`python_setuptools_build_meta ` + and :ref:`python_poetry_core `. + +- The :ref:`setuptools3 ` class ``do_install()`` task now + installs the ``wheel`` binary archive. In current versions of ``setuptools`` the + legacy ``setup.py install`` method is deprecated. If the ``setup.py`` cannot be used + with wheels, for example it creates files outside of the Python module or standard + entry points, then :ref:`setuptools3_legacy ` should + be used instead. + +Prelink removed +~~~~~~~~~~~~~~~ + +Prelink has been dropped by ``glibc`` upstream in 2.36. It already caused issues with +binary corruption, has a number of open bugs and is of questionable benefit +without disabling load address randomization and PIE executables. + +We disabled prelinking by default in the honister (3.4) release, but left it able +to be enabled if desired. However, without glibc support it cannot be maintained +any further, so all of the prelinking functionality has been removed in this release. +If you were enabling the ``image-prelink`` class in :term:`INHERIT`, :term:`IMAGE_CLASSES`, +:term:`USER_CLASSES` etc in your configuration, then you will need to remove the +reference(s). + +Reproducible as standard +~~~~~~~~~~~~~~~~~~~~~~~~ + +Reproducibility is now considered as standard functionality, thus the +``reproducible`` class has been removed and its previous contents merged into the +:ref:`base ` class. If you have references in your configuration to +``reproducible`` in :term:`INHERIT`, :term:`USER_CLASSES` etc. then they should be +removed. + +Additionally, the ``BUILD_REPRODUCIBLE_BINARIES`` variable is no longer used. +Specifically for the kernel, if you wish to enable build timestamping functionality +that is normally disabled for reproducibility reasons, you can do so by setting +a new :term:`KERNEL_DEBUG_TIMESTAMPS` variable to "1". Supported host distribution changes ------------------------------------ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- New support for `AlmaLinux `__ +- Support for `AlmaLinux `__ hosts replacing `CentOS `__. The following distribution versions were dropped: CentOS 8, Ubuntu 16.04 and Fedora 30, 31 and 32. -Changes for release notes -------------------------- - -- Share State cache: now using `ZStandard (zstd) `__ - instead of Gzip compression, for better performance. - -- BitBake has an improved ``setscene`` task display. +- ``gcc`` version 7.5 is now required at minimum on the build host. For older + host distributions where this is not available, you can use the + ``buildtools-extended-tarball`` (easily installable using + ``scripts/install-buildtools``). + +_append/_prepend in combination with other operators +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The ``append``, ``prepend`` and ``remove`` operators can now only be combined with +``=`` and ``:=`` operators. To the exception of the ``append`` plus ``+=`` and +``prepend`` plus ``=+`` combinations, all combinations could be factored up to the +``append``, ``prepend`` or ``remove`` in the combination. This brought a lot of +confusion on how the override style syntax operators work and should be used. +Therefore, those combinations should be replaced by a single ``append``, +``prepend`` or ``remove`` operator without any additional change. +For the ``append`` plus ``+=`` (and ``prepend`` plus ``=+``) combinations, +the content should be prefixed (respectively suffixed) by a space to maintain +the same behavior. You can learn more about override style syntax operators +(``append``, ``prepend`` and ``remove``) in the BitBake documentation: +:ref:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata:appending and prepending (override style syntax)` +and :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata:removal (override style syntax)`. + +Miscellaneous changes +~~~~~~~~~~~~~~~~~~~~~ + +- ``blacklist.bbclass`` is removed and the functionality moved to the + :ref:`base ` class with a more descriptive + ``varflag`` variable named :term:`SKIP_RECIPE` which will use the `bb.parse.SkipRecipe()` + function. The usage remains the same, for example:: -- This release fixes the reproducibility issues with ``rust-llvm`` and ``golang``. - Recipes in OpenEmbedded-Core are now fully reproducible. + SKIP_RECIPE[my-recipe] = "Reason for skipping recipe" +- :ref:`allarch ` packagegroups can no longer depend on packages + which use :term:`PKG` renaming such as :ref:`ref-classes-debian`. Such packagegroups + recipes should be changed to avoid inheriting :ref:`allarch `. + +- The ``lnr`` script has been removed. ``lnr`` implemented the same behaviour as `ln --relative --symbolic`, + since at the time of creation `--relative` was only available in coreutils 8.16 + onwards which was too new for the older supported distros. Current supported host + distros have a new enough version of coreutils, so it is no longer needed. If you have + any calls to ``lnr`` in your recipes or classes, they should be replaced with + `ln --relative --symbolic` or `ln -rs` if you prefer the short version. + +- The ``package_qa_handle_error()`` function formerly in the :ref:`insane ` + class has been moved and renamed - if you have any references in your own custom + classes they should be changed to ``oe.qa.handle_error()``. + +- When building ``perl``, Berkeley db support is no longer enabled by default, since + Berkeley db is largely obsolete. If you wish to reenable it, you can append ``bdb`` + to :term:`PACKAGECONFIG` in a ``perl`` bbappend or ``PACKAGECONFIG:pn-perl`` at + the configuration level. + +- For the ``xserver-xorg`` recipe, the ``xshmfence``, ``xmlto`` and ``systemd`` options + previously supported in :term:`PACKAGECONFIG` have been removed, as they are no + longer supported since the move from building it with autotools to meson in this release. + +- For the ``libsdl2`` recipe, various X11 features are now disabled by default (primarily + for reproducibility purposes in the native case) with options in :term:`EXTRA_OECMAKE` + within the recipe. These can be changed within a bbappend if desired. See the + ``libsdl2`` recipe for more details. + +- The ``cortexa72-crc`` and ``cortexa72-crc-crypto`` tunes have been removed since + the crc extension is now enabled by default for cortexa72. Replace any references to + these with ``cortexa72`` and ``cortexa72-crypto`` respectively. + +- The Python development shell (previously known as ``devpyshell``) feature has been + renamed to ``pydevshell``. To start it you should now run:: + + bitbake -c pydevshell + +- The ``packagegroups-core-full-cmdline-libs`` packagegroup is no longer produced, as + libraries should normally be brought in via dependencies. If you have any references + to this then remove them. + +- The :term:`TOPDIR` variable and the current working directory are no longer modified + when parsing recipes. Any code depending on the previous behaviour will no longer + work - change any such code to explicitly use appropriate path variables instead. From patchwork Fri Apr 22 01:40:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paul Eggleton X-Patchwork-Id: 7029 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C705FC35280 for ; Fri, 22 Apr 2022 16:51:59 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.3585.1650591648836612708 for ; Thu, 21 Apr 2022 18:40:48 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=lNHdC9me; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: pauleg@linux.microsoft.com) Received: by linux.microsoft.com (Postfix, from userid 1054) id 0182920E6591; Thu, 21 Apr 2022 18:40:47 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 0182920E6591 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1650591648; bh=3KziFRrSxJrrNq8PWho4xSQTyOAWwga/EFc8TNF8hrU=; h=From:To:Subject:Date:In-Reply-To:References:From; b=lNHdC9meUCUTSA/A1r9ksKh/M6lX5VbrpnDIx8rBajwMel0aAScCyvHjAWcjBuOBI 23lzPKNNAwVclsZ55Zh54jT3dz6SUcXwzlqnKlP/xqC5QQ6v/yLjrFhKZUKY8u6a9B AgijTSzC6Pibxhl7CUdkdrBcB9bGGMu3v57Kc62U= From: Paul Eggleton To: docs@lists.yoctoproject.org Subject: [PATCH 9/9] migration-guides: add release notes for 4.0 Date: Thu, 21 Apr 2022 18:40:42 -0700 Message-Id: <6120393f1f0b2daa8325dd370cb3fdb50f7148b7.1650591341.git.paul.eggleton@linux.microsoft.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Apr 2022 16:51:59 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/2830 From: Paul Eggleton Generated from commits in the kirkstone branch, as well as a few entries from the migration guide. (Note that the "Repositories / Downloads" section still needs to be filled in.) Signed-off-by: Paul Eggleton --- documentation/migration-guides/migration-4.0.rst | 3 + .../migration-guides/release-notes-4.0.rst | 864 +++++++++++++++++++++ 2 files changed, 867 insertions(+) create mode 100644 documentation/migration-guides/release-notes-4.0.rst diff --git a/documentation/migration-guides/migration-4.0.rst b/documentation/migration-guides/migration-4.0.rst index 6725e25..00dddcb 100644 --- a/documentation/migration-guides/migration-4.0.rst +++ b/documentation/migration-guides/migration-4.0.rst @@ -264,3 +264,6 @@ Miscellaneous changes - The :term:`TOPDIR` variable and the current working directory are no longer modified when parsing recipes. Any code depending on the previous behaviour will no longer work - change any such code to explicitly use appropriate path variables instead. + + +.. include:: release-notes-4.0.rst diff --git a/documentation/migration-guides/release-notes-4.0.rst b/documentation/migration-guides/release-notes-4.0.rst new file mode 100644 index 0000000..6f12c73 --- /dev/null +++ b/documentation/migration-guides/release-notes-4.0.rst @@ -0,0 +1,864 @@ +Release notes for 4.0 (kirkstone) +--------------------------------- + +New Features / Enhancements in 4.0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Linux kernel 5.15, glibc 2.35 and ~300 other recipe upgrades + +- Reproducibility: this release fixes the reproducibility issues with ``rust-llvm`` and + ``golang``. Recipes in OpenEmbedded-Core are now fully reproducible. Functionality + previously in the optional "reproducible" class has been merged into the base class. + +- Network access is now disabled by default for tasks other than where it is expected to ensure build integrity (where host kernel supports it) + +- The Yocto Project now allows you to reuse the Shared State cache from + its autobuilder. If the network connection between our server and your + machine is faster than you would build recipes from source, you can + try to speed up your builds by using such Shared State and Hash + Equivalence by setting:: + + BB_SIGNATURE_HANDLER = "OEEquivHash" + BB_HASHSERVE = "auto" + BB_HASHSERVE_UPSTREAM = "typhoon.yocto.io:8687" + SSTATE_MIRRORS ?= "file://.* https://sstate.yoctoproject.org/&YOCTO_DOC_VERSION;/PATH;downloadfilename=PATH" + +- The Python package build process is now based on `wheels `__ + in line with the upstream direction. + +- New :ref:`overlayfs ` and + :ref:`overlayfs-etc ` classes and + ``overlayroot`` support in the initramfs framework to make it easier to + overlay read-only filesystems (for example) with + `OverlayFS `__. + +- Inclusive language adjustments to some variable names - see the + :ref:`4.0 migration guide ` for details. + +- New recipes: + + - ``buildtools-docs-tarball`` + - ``libptytty`` + - ``libxcvt`` + - ``lua`` + - ``nghttp2`` + - ``python3-alabaster`` + - ``python3-asn1crypto`` + - ``python3-babel`` + - ``python3-bcrypt`` + - ``python3-certifi`` + - ``python3-cffi`` + - ``python3-chardet`` + - ``python3-cryptography`` + - ``python3-cryptography-vectors`` + - ``python3-dtschema`` + - ``python3-flit-core`` + - ``python3-idna`` + - ``python3-imagesize`` + - ``python3-installer`` + - ``python3-iso8601`` + - ``python3-jsonpointer`` + - ``python3-jsonschema`` + - ``python3-ndg-httpsclient`` + - ``python3-ply`` + - ``python3-poetry-core`` + - ``python3-pretend`` + - ``python3-psutil`` + - ``python3-pyasn1`` + - ``python3-pycparser`` + - ``python3-pyopenssl`` + - ``python3-pyrsistent`` + - ``python3-pysocks`` + - ``python3-pytest-runner`` + - ``python3-pytest-subtests`` + - ``python3-pytz`` + - ``python3-requests`` + - ``python3-rfc3339-validator`` + - ``python3-rfc3986-validator`` + - ``python3-rfc3987`` + - ``python3-ruamel-yaml`` + - ``python3-semantic-version`` + - ``python3-setuptools-rust-native`` + - ``python3-snowballstemmer`` + - ``python3-sphinx`` + - ``python3-sphinxcontrib-applehelp`` + - ``python3-sphinxcontrib-devhelp`` + - ``python3-sphinxcontrib-htmlhelp`` + - ``python3-sphinxcontrib-jsmath`` + - ``python3-sphinxcontrib-qthelp`` + - ``python3-sphinxcontrib-serializinghtml`` + - ``python3-sphinx-rtd-theme`` + - ``python3-strict-rfc3339`` + - ``python3-tomli`` + - ``python3-typing-extensions`` + - ``python3-urllib3`` + - ``python3-vcversioner`` + - ``python3-webcolors`` + - ``python3-wheel`` + - ``repo`` + - ``seatd`` + +- Extended recipes to ``native``: ``wayland``, ``wayland-protocols`` + +- Shared state (sstate) improvements: + + - Switched to `ZStandard (zstd) `__ instead + of Gzip, for better performance. + - Allow validation of sstate signatures against a list of keys + - Improved error messages and exception handling + +- BitBake enhancements: + + - Fetcher enhancements: + + - New :ref:`bitbake:bitbake-user-manual/bitbake-user-manual-fetching:crate fetcher (\`\`crate://\`\`)` for Rust packages + - Added striplevel support to unpack + - git: Add a warning asking users to set a branch in git urls + - git: Allow git fetcher to support subdir param + - git: canonicalize ids in generated tarballs + - git: stop generated tarballs from leaking info + - npm: Put all downloaded files in the npm2 directory + - npmsw: Add support for duplicate dependencies without url + - npmsw: Add support for github prefix in npm shrinkwrap version + - ssh: now supports checkstatus, allows : in URLs (both required for use with sstate) and no longer requires username + - wget: add redirectauth parameter + - wget: add 30s timeout for checkstatus calls + + - Show warnings for append/prepend/remove operators combined with +=/.= + - Add bb.warnonce() and bb.erroronce() log methods + - Improved setscene task display + - Show elapsed time also for tasks with progress bars + - Improved cleanup on forced shutdown (either because of errors or Ctrl+C) + - contrib: Add Dockerfile for building PR service container + - Change file format of siginfo files to use zstd compressed json + - Display active tasks when printing keep-alive message to help debugging + +- Architecture-specific enhancements: + + - ARM: + + - tune-cortexa72: Enable the crc extension by default for cortexa72 + - qemuarm64: Add tiny ktype to qemuarm64 bsp + - armv9a/tune: Add the support for the Neoverse N2 core + - arch-armv8-5a.inc: Add tune include for armv8.5a + - grub-efi: Add xen_boot support when 'xen' is in DISTRO_FEATURES for aarch64 + - tune-cortexa73: Introduce cortexa73-crypto tune + - libacpi: Build libacpi also for 'aarch64' machines + - core-image-tiny-initramfs: Mark recipe as 32 bit ARM compatible + + - PowerPC: + + - weston-init: Use pixman rendering for qemuppc64 + - rust: add support for big endian 64-bit PowerPC + - rust: Add snapshot checksums for powerpc64le + + - RiscV: + + - libunwind: Enable for rv64 + - systemtap: Enable for riscv64 + - linux-yocto-dev: add qemuriscv32 + - packagegroup-core-tools-profile: Enable systemtap for riscv64 + - qemuriscv: Use virtio-tablet-pci for mouse + + - x86: + + - kernel-yocto: conditionally enable stack protection checking on x86-64 + +- Kernel-related enhancements: + + - Allow initramfs to be built from a separate multiconfig + - Make kernel-base recommend kernel-image, not depend (allowing images containing kernel modules without kernel image) + - linux-yocto: split vtpm for more granular inclusion + - linux-yocto: cfg/debug: add configs for kcsan + - linux-yocto: cfg: add kcov feature fragment + - linux-yocto: export pkgconfig variables to devshell + - linux-yocto-dev: use versioned branch as default + - New ``KERNEL_DEBUG_TIMESTAMPS`` variable (to replace removed ``BUILD_REPRODUCIBLE_BINARIES`` for the kernel) + - Introduce python3-dtschema-wrapper in preparation for mandatory schema checking on dtb files in 5.16 + - Allow disabling kernel artifact symlink creation + - Allow changing default .bin kernel artifact extension + +- FIT image related enhancements: + + - New ``FIT_SUPPORTED_INITRAMFS_FSTYPES`` variable to allow extending initramfs image types to look for + - New ``FIT_CONF_PREFIX`` variable to allow overriding FIT configuration prefix + - Use 'bbnote' for better logging + +- New :term:`PACKAGECONFIG` options in ``curl``, ``dtc``, ``epiphany``, ``git``, ``git``, ``gstreamer1.0-plugins-bad``, (kernel), ``kmod``, ``mesa``, ``piglit``, ``qemu``, ``rpm``, ``systemd``, ``webkitgtk``, ``weston-init`` +- ptest enhancements in ``findutils``, ``lttng-tools``, ``openssl``, ``gawk``, ``strace``, ``lttng-tools``, ``valgrind``, ``perl``, ``libxml-parser-perl``, ``openssh``, ``python3-cryptography``, ``popt`` + +- Sysroot dependencies have been further optimised +- Significant effort to upstream / rationalise patches across a variety of recipes +- Allow the creation of block devices on top of UBI volumes +- archiver: new ARCHIVER_MODE[compression] to set tarball compression, and switch default to xz +- yocto-check-layer: add ability to perform tests from a global bbclass +- yocto-check-layer: improved README checks +- cve-check: add json output format +- cve-check: add coverage statistics on recipes with/without CVEs +- Added mirrors for kernel sources and uninative binaries on kernel.org +- glibc and binutils recipes now use shallow mirror tarballs for faster fetching +- When patching fails, show more information on the fatal error + +- wic Image Creator enhancements: + + - Support rootdev identified by partition label + - rawcopy: Add support for packed images + - partition: Support valueless keys in sourceparams + +- QA check enhancements: + + - Allow treating license issues as errors + - Added a check that Upstream-Status patch tag is present and correctly formed + - Added a check for directories that are expected to be empty + - Ensure addition of patch-fuzz retriggers do_qa_patch + - Added a sanity check for allarch packagegroups + +- create-spdx class improvements: + + - Get SPDX-License-Identifier from source files + - Generate manifest also for SDKs + - New SPDX_ORG variable to allow changing the Organization field value + - Added packageSupplier field + - Added create_annotation function + +- devtool add / recipetool create enhancements: + + - Extend curl detection when creating recipes + - Handle GitLab URLs like we do GitHub + - Recognize more standard license text variants + - Separate licenses with & operator + - Detect more known licenses in Python code + - Move license md5sums data into CSV files + - npm: Use README as license fallback + +- SDK-related enhancements: + + - Extended recipes to ``nativesdk``: ``cargo``, ``librsvg``, ``libstd-rs``, ``libva``, ``python3-docutil``, ``python3-packaging`` + - Enabled nativesdk recipes to find a correct version of the rust cross compiler + - Support creating per-toolchain cmake file in SDK + +- Rust enhancements: + + - New python_setuptools3_rust class to enable building python extensions in Rust + - classes/meson: Add optional rust definitions + +- QEMU / runqemu enhancements: + + - qemu: Add knob for enabling PMDK pmem support + - qemu: add tpm string section to qemu acpi table + - qemu: Build on musl targets + - runqemu: support rootfs mounted ro + - runqemu: add :term:`DEPLOY_DIR_IMAGE` replacement in QB_OPT_APPEND + - runqemu: Allow auto-detection of the correct graphics options + +- Capped ``cpu_count()`` (used to set parallelisation defaults) to 64 since any higher usually hurts parallelisation +- Adjust some GL-using recipes so that they only require virtual/egl +- package_rpm: use zstd instead of xz +- npm: new ``EXTRA_OENPM`` variable (to set node-gyp variables for example) +- npm: new ``NPM_NODEDIR`` variable +- perl: Enable threading +- u-boot: Convert ${UBOOT_ENV}.cmd into ${UBOOT_ENV}.scr +- u-boot: Split do_configure logic into separate file +- go.bbclass: Allow adding parameters to go ldflags +- go: log build id computations +- scons: support out-of-tree builds +- scripts: Add a conversion script to use SPDX license names +- scripts: Add convert-variable-renames script for inclusive language variable renaming +- binutils-cross-canadian: enable gold for mingw +- grub-efi: Add option to include all available modules +- bitbake.conf: allow wayland distro feature through for native/SDK builds +- weston-init: Pass --continue-without-input when launching weston +- weston: wrapper for weston modules argument +- weston: Add a knob to control simple clients +- uninative: Add version to uninative tarball name +- volatile-binds: SELinux and overlayfs extensions in mount-copybind +- gtk-icon-cache: Allow using gtk4 +- kmod: Add an exclude directive to depmod +- os-release: add os-release-initrd package for use in systemd-based initramfs images +- gstreamer1.0-plugins-base: add support for graphene +- gpg-sign: Add parameters to gpg signature function +- package_manager: sign DEB package feeds +- zstd: add libzstd package +- libical: build gobject and vala introspection +- dhcpcd: add option to set DBDIR location +- rpcbind: install rpcbind.conf +- mdadm: install mdcheck +- boost: add json lib +- libxkbcommon: allow building of API documentation +- libxkbcommon: split libraries and xkbcli into separate packages +- systemd: move systemd shared library into its own package +- systemd: Minimize udev package size if DISTRO_FEATURES doen't contain sysvinit + +Known Issues in 4.0 +~~~~~~~~~~~~~~~~~~~ + +- ``make`` version 4.2.1 is known to be buggy on non-Ubuntu systems. If this ``make`` + version is detected on host distributions other than Ubuntu at build start time, + then a warning will be displayed. + +Recipe License changes in 4.0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following corrections have been made to the LICENSE values set by recipes: + +* cmake: add BSD-1-Clause & MIT & BSD-2-Clause to LICENSE due to additional vendored libraries in native/target context +* gettext: extend LICENSE conditional upon PACKAGECONFIG (due to vendored libraries) +* gstreamer1.0: update licenses of all modules to LGPL-2.1-or-later (with some exceptions that are GPL-2.0-or-later) +* gstreamer1.0-plugins-bad/ugly: use the GPL-2.0-or-later only when it is in use +* kern-tools-native: add missing MIT license due to Kconfiglib +* libcap: add pam_cap license to LIC_FILES_CHKSUM if pam is enabled +* libidn2: add Unicode-DFS-2016 license +* libsdl2: add BSD-2-Clause to LICENSE due to default yuv2rgb and hidapi inclusion +* libx11-compose-data: update LICENSE to "MIT & MIT-style & BSD-1-Clause & HPND & HPND-sell-variant" to better reflect reality +* libx11: update LICENSE to "MIT & MIT-style & BSD-1-Clause & HPND & HPND-sell-variant" to better reflect reality +* libxshmfence: correct LICENSE - MIT -> HPND +* newlib: add BSD-3-Clause to LICENSE +* python3-idna: correct LICENSE - Unicode -> Unicode-TOU +* python3-pip: add "Apache-2.0 & MPL-2.0 & LGPL-2.1-only & BSD-3-Clause & PSF-2.0 & BSD-2-Clause" to LICENSE due to vendored libraries + +Other license-related notes: + +- The ambiguous "BSD" license has been removed from the ``common-licenses`` directory. + Each recipe that fetches or builds BSD-licensed code should specify the proper + version of the BSD license in its :term:`LICENSE` value. + +- :term:`LICENSE` definitions now have to use `SPDX identifiers `__. + A :oe_git:`convert-spdx-licenses.py ` + script can be used to update your recipes. + + + +Security Fixes in 4.0 +~~~~~~~~~~~~~~~~~~~~~ + +- binutils: :cve:`2021-42574`, :cve:`2021-45078` +- curl: :cve:`2021-22945`, :cve:`2021-22946`, :cve:`2021-22947` +- epiphany: :cve:`2021-45085`, :cve:`2021-45086`, :cve:`2021-45087`, :cve:`2021-45088` +- expat: :cve:`2021-45960`, :cve:`2021-46143`, :cve:`2022-22822`, :cve:`2022-22823`, :cve:`2022-22824`, :cve:`2022-22825`, :cve:`2022-22826`, :cve:`2022-22827`, :cve:`2022-23852`, :cve:`2022-23990`, :cve:`2022-25235`, :cve:`2022-25236`, :cve:`2022-25313`, :cve:`2022-25314`, :cve:`2022-25315` +- ffmpeg: :cve:`2021-38114` +- gcc: :cve:`2021-35465`, :cve:`2021-42574`, :cve:`2021-46195`, :cve:`2022-24765` +- glibc: :cve:`2021-3998`, :cve:`2021-3999`, :cve:`2021-43396`, :cve:`2022-23218`, :cve:`2022-23219` +- gmp: :cve:`2021-43618` +- go: :cve:`2021-41771` and :cve:`2021-41772` +- grub2: :cve:`2021-3981` +- gzip: :cve:`2022-1271` +- libarchive : :cve:`2021-31566`, :cve:`2021-36976` +- libxml2: :cve:`2022-23308` +- libxslt: :cve:`2021-30560` +- lighttpd: :cve:`2022-22707` +- linux-yocto/5.10: amdgpu: :cve:`2021-42327` +- lua: :cve:`2021-43396` +- openssl: :cve:`2021-4044`, :cve:`2022-0778` +- qemu: :cve:`2022-1050`, :cve:`2022-26353`, :cve:`2022-26354` +- rpm: :cve:`2021-3521` +- seatd: :cve:`2022-25643` +- speex: :cve:`2020-23903` +- squashfs-tools: :cve:`2021-41072` +- systemd: :cve:`2021-4034` +- tiff: :cve:`2022-0561`, :cve:`2022-0562`, :cve:`2022-0865`, :cve:`2022-0891`, :cve:`2022-0907`, :cve:`2022-0908`, :cve:`2022-0909`, :cve:`2022-0924`, :cve:`2022-1056`, :cve:`2022-22844` +- unzip: :cve:`2021-4217` +- vim: :cve:`2021-3796`, :cve:`2021-3872`, :cve:`2021-3875`, :cve:`2021-3927`, :cve:`2021-3928`, :cve:`2021-3968`, :cve:`2021-3973`, :cve:`2021-4187`, :cve:`2022-0128`, :cve:`2022-0156`, :cve:`2022-0158`, :cve:`2022-0261`, :cve:`2022-0318`, :cve:`2022-0319`, :cve:`2022-0554`, :cve:`2022-0696`, :cve:`2022-0714`, :cve:`2022-0729`, :cve:`2022-0943` +- virglrenderer: :cve:`2022-0135`, :cve:`2022-0175` +- webkitgtk: :cve:`2022-22589`, :cve:`2022-22590`, :cve:`2022-22592` +- xz: :cve:`2022-1271` +- zlib: :cve:`2018-25032` + + + +Recipe Upgrades in 4.0 +~~~~~~~~~~~~~~~~~~~~~~ + +- acpica: upgrade 20210730 -> 20211217 +- acpid: upgrade 2.0.32 -> 2.0.33 +- adwaita-icon-theme: update 3.34/38 -> 41.0 +- alsa-ucm-conf: upgrade 1.2.6.2 -> 1.2.6.3 +- alsa: upgrade 1.2.5 -> 1.2.6 +- apt: upgrade 2.2.4 -> 2.4.3 +- asciidoc: upgrade 9.1.0 -> 10.0.0 +- atk: upgrade 2.36.0 -> 2.38.0 +- at-spi2-core: upgrade 2.40.3 -> 2.42.0 +- at: update 3.2.2 -> 3.2.5 +- autoconf-archive: upgrade 2021.02.19 -> 2022.02.11 +- automake: update 1.16.3 -> 1.16.5 +- bash: upgrade 5.1.8 -> 5.1.16 +- bind: upgrade 9.16.20 -> 9.18.1 +- binutils: Bump to latest 2.38 release branch +- bison: upgrade 3.7.6 -> 3.8.2 +- bluez5: upgrade 5.61 -> 5.64 +- boost: update 1.77.0 -> 1.78.0 +- btrfs-tools: upgrade 5.13.1 -> 5.16.2 +- buildtools-installer: Update to use 3.4 +- busybox: 1.34.0 -> 1.35.0 +- ca-certificates: update 20210119 -> 20211016 +- cantarell-fonts: update 0.301 -> 0.303.1 +- ccache: upgrade 4.4 -> 4.6 +- cmake: update 3.21.1 -> 3.22.3 +- connman: update 1.40 -> 1.41 +- coreutils: update 8.32 -> 9.0 +- cracklib: update 2.9.5 -> 2.9.7 +- createrepo-c: upgrade 0.17.4 -> 0.19.0 +- cronie: upgrade 1.5.7 -> 1.6.0 +- cups: update 2.3.3op2 -> 2.4.1 +- curl: update 7.78.0 -> 7.82.0 +- dbus: upgrade 1.12.20 -> 1.14.0 +- debianutils: update 4.11.2 -> 5.7 +- dhcpcd: upgrade 9.4.0 -> 9.4.1 +- diffoscope: upgrade 181 -> 208 +- dnf: upgrade 4.8.0 -> 4.11.1 +- dpkg: update 1.20.9 -> 1.21.4 +- e2fsprogs: upgrade 1.46.4 -> 1.46.5 +- ed: upgrade 1.17 -> 1.18 +- efivar: update 37 -> 38 +- elfutils: update 0.185 -> 0.186 +- ell: upgrade 0.43 -> 0.49 +- enchant2: upgrade 2.3.1 -> 2.3.2 +- epiphany: update 40.3 -> 42.0 +- erofs-utils: update 1.3 -> 1.4 +- ethtool: update to 5.16 +- expat: upgrade 2.4.1 -> 2.4.7 +- ffmpeg: update 4.4 -> 5.0 +- file: upgrade 5.40 -> 5.41 +- findutils: upgrade 4.8.0 -> 4.9.0 +- flac: upgrade 1.3.3 -> 1.3.4 +- freetype: upgrade 2.11.0 -> 2.11.1 +- fribidi: upgrade 1.0.10 -> 1.0.11 +- gawk: update 5.1.0 -> 5.1.1 +- gcompat: Update to latest +- gdbm: upgrade 1.19 -> 1.23 +- gdb: Upgrade to 11.2 +- ghostscript: update 9.54.0 -> 9.55.0 +- gi-docgen: upgrade 2021.7 -> 2022.1 +- git: update 2.33.0 -> 2.35.2 +- glib-2.0: update 2.68.4 -> 2.72.0 +- glibc: Upgrade to 2.35 +- glib-networking: update 2.68.2 -> 2.72.0 +- glslang: update 11.5.0 -> 11.8.0 +- gnu-config: update to latest revision +- gnupg: update 2.3.1 -> 2.3.4 +- gnutls: update 3.7.2 -> 3.7.4 +- gobject-introspection: upgrade 1.68.0 -> 1.72.0 +- go-helloworld: update to latest revision +- go: update 1.16.7 -> 1.17.8 +- gpgme: upgrade 1.16.0 -> 1.17.1 +- gsettings-desktop-schemas: upgrade 40.0 -> 42.0 +- gst-devtools: 1.18.4 -> 1.20.1 +- gst-examples: 1.18.4 -> 1.18.6 +- gstreamer1.0: 1.18.4 -> 1.20.1 +- gstreamer1.0-libav: 1.18.4 -> 1.20.1 +- gstreamer1.0-omx: 1.18.4 -> 1.20.1 +- gstreamer1.0-plugins-bad: 1.18.4 1.20.1 +- gstreamer1.0-plugins-base: 1.18.4 -> 1.20.1 +- gstreamer1.0-plugins-good: 1.18.4 -> 1.20.1 +- gstreamer1.0-plugins-ugly: 1.18.4 -> 1.20.1 +- gstreamer1.0-python: 1.18.4 -> 1.20.1 +- gstreamer1.0-rtsp-server: 1.18.4 -> 1.20.1 +- gstreamer1.0-vaapi: 1.18.4 -> 1.20.1 +- gtk+3: upgrade 3.24.30 -> 3.24.33 +- gzip: upgrade 1.10 -> 1.12 +- harfbuzz: upgrade 2.9.0 -> 4.0.1 +- hdparm: upgrade 9.62 -> 9.63 +- help2man: upgrade 1.48.4 -> 1.49.1 +- icu: update 69.1 -> 70.1 +- ifupdown: upgrade 0.8.36 -> 0.8.37 +- inetutils: update 2.1 -> 2.2 +- init-system-helpers: upgrade 1.60 -> 1.62 +- iproute2: update to 5.17.0 +- iputils: update 20210722 to 20211215 +- iso-codes: upgrade 4.6.0 -> 4.9.0 +- itstool: update 2.0.6 -> 2.0.7 +- iw: upgrade 5.9 -> 5.16 +- json-glib: upgrade 1.6.4 -> 1.6.6 +- kea: update 1.8.2 -> 2.0.2 +- kexec-tools: update 2.0.22 -> 2.0.23 +- less: upgrade 590 -> 600 +- libarchive: upgrade 3.5.1 -> 3.6.1 +- libatomic-ops: upgrade 7.6.10 -> 7.6.12 +- libbsd: upgrade 0.11.3 -> 0.11.5 +- libcap: update 2.51 -> 2.63 +- libcgroup: upgrade 2.0 -> 2.0.1 +- libcomps: upgrade 0.1.17 -> 0.1.18 +- libconvert-asn1-perl: upgrade 0.31 -> 0.33 +- libdazzle: upgrade 3.40.0 -> 3.44.0 +- libdnf: update 0.63.1 -> 0.66.0 +- libdrm: upgrade 2.4.107 -> 2.4.110 +- libedit: upgrade 20210714-3.1 -> 20210910-3.1 +- liberation-fonts: update 2.1.4 -> 2.1.5 +- libevdev: upgrade 1.11.0 -> 1.12.1 +- libexif: update 0.6.22 -> 0.6.24 +- libgit2: update 1.1.1 -> 1.4.2 +- libgpg-error: update 1.42 -> 1.44 +- libhandy: update 1.2.3 -> 1.5.0 +- libical: upgrade 3.0.10 -> 3.0.14 +- libinput: update to 1.19.3 +- libjitterentropy: update 3.1.0 -> 3.4.0 +- libjpeg-turbo: upgrade 2.1.1 -> 2.1.3 +- libmd: upgrade 1.0.3 -> 1.0.4 +- libmicrohttpd: upgrade 0.9.73 -> 0.9.75 +- libmodulemd: upgrade 2.13.0 -> 2.14.0 +- libpam: update 1.5.1 -> 1.5.2 +- libpcre2: upgrade 10.37 -> 10.39 +- libpipeline: upgrade 1.5.3 -> 1.5.5 +- librepo: upgrade 1.14.1 -> 1.14.2 +- librsvg: update 2.40.21 -> 2.52.7 +- libsamplerate0: update 0.1.9 -> 0.2.2 +- libsdl2: update 2.0.16 -> 2.0.20 +- libseccomp: update to 2.5.3 +- libsecret: upgrade 0.20.4 -> 0.20.5 +- libsndfile1: bump to version 1.0.31 +- libsolv: upgrade 0.7.19 -> 0.7.22 +- libsoup-2.4: upgrade 2.72.0 -> 2.74.2 +- libsoup: add a recipe for 3.0.5 +- libssh2: update 1.9.0 -> 1.10.0 +- libtasn1: upgrade 4.17.0 -> 4.18.0 +- libtool: Upgrade 2.4.6 -> 2.4.7 +- libucontext: Upgrade to 1.2 release +- libunistring: update 0.9.10 -> 1.0 +- libunwind: upgrade 1.5.0 -> 1.6.2 +- liburcu: upgrade 0.13.0 -> 0.13.1 +- libusb1: upgrade 1.0.24 -> 1.0.25 +- libuv: update 1.42.0 -> 1.44.1 +- libva: update 2.12.0 -> 2.14.0 +- libva-utils: upgrade 2.13.0 -> 2.14.0 +- libwebp: 1.2.1 -> 1.2.2 +- libwpe: upgrade 1.10.1 -> 1.12.0 +- libx11: update to 1.7.3.1 +- libxcrypt: upgrade 4.4.26 -> 4.4.27 +- libxcrypt-compat: upgrade 4.4.26 -> 4.4.27 +- libxi: update to 1.8 +- libxkbcommon: update to 1.4.0 +- libxml2: update to 2.9.13 +- libxslt: update to v1.1.35 +- lighttpd: update 1.4.59 -> 1.4.64 +- linux-firmware: upgrade 20210818 -> 20220310 +- linux-libc-headers: update to v5.16 +- linux-yocto/5.10: update to v5.10.109 +- linux-yocto/5.15: introduce recipes (v5.15.32) +- linux-yocto-dev: update to v5.18+ +- linux-yocto-rt/5.10: update to -rt61 +- linux-yocto-rt/5.15: update to -rt34 +- llvm: update 12.0.1 -> 13.0.1 +- logrotate: update 3.18.1 -> 3.19.0 +- lsof: update 4.91 -> 4.94.0 +- ltp: update 20210927 -> 20220121 +- ltp: Update to 20210927 +- lttng-modules: update devupstream to latest 2.13 +- lttng-modules: update to 2.13.3 +- lttng-tools: upgrade 2.13.0 -> 2.13.4 +- lttng-ust: upgrade 2.13.0 -> 2.13.2 +- lua: update 5.3.6 -> 5.4.4 +- lzip: upgrade 1.22 -> 1.23 +- man-db: upgrade 2.9.4 -> 2.10.2 +- man-pages: update to 5.13 +- mdadm: update 4.1 -> 4.2 +- mesa: upgrade 21.2.1 -> 22.0.0 +- meson: update 0.58.1 -> 0.61.3 +- minicom: Upgrade 2.7.1 -> 2.8 +- mmc-utils: upgrade to latest revision +- mobile-broadband-provider-info: upgrade 20210805 -> 20220315 +- mpg123: upgrade 1.28.2 -> 1.29.3 +- msmtp: upgrade 1.8.15 -> 1.8.20 +- mtd-utils: upgrade 2.1.3 -> 2.1.4 +- mtools: upgrade 4.0.35 -> 4.0.38 +- musl: Update to latest master +- ncurses: update 6.2 -> 6.3 +- newlib: Upgrade 4.1.0 -> 4.2.0 +- nfs-utils: upgrade 2.5.4 -> 2.6.1 +- nghttp2: upgrade 1.45.1 -> 1.47.0 +- ofono: upgrade 1.32 -> 1.34 +- opensbi: Upgrade to 1.0 +- openssh: upgrade 8.7p1 -> 8.9 +- openssl: update 1.1.1l -> 3.0.2 +- opkg: upgrade 0.4.5 -> 0.5.0 +- opkg-utils: upgrade 0.4.5 -> 0.5.0 +- ovmf: update 202105 -> 202202 +- p11-kit: update 0.24.0 -> 0.24.1 +- pango: upgrade 1.48.9 -> 1.50.4 +- patchelf: upgrade 0.13 -> 0.14.5 +- perl-cross: update 1.3.6 -> 1.3.7 +- perl: update 5.34.0 -> 5.34.1 +- piglit: upgrade to latest revision +- pigz: upgrade 2.6 -> 2.7 +- pinentry: update 1.1.1 -> 1.2.0 +- pkgconfig: Update to latest +- psplash: upgrade to latest revision +- puzzles: upgrade to latest revision +- python3-asn1crypto: upgrade 1.4.0 -> 1.5.1 +- python3-attrs: upgrade 21.2.0 -> 21.4.0 +- python3-cryptography: Upgrade to 36.0.2 +- python3-cryptography-vectors: upgrade to 36.0.2 +- python3-cython: upgrade 0.29.24 -> 0.29.28 +- python3-dbusmock: update to 0.27.3 +- python3-docutils: upgrade 0.17.1 0.18.1 +- python3-dtschema: upgrade 2021.10 -> 2022.1 +- python3-gitdb: upgrade 4.0.7 -> 4.0.9 +- python3-git: update to 3.1.27 +- python3-hypothesis: upgrade 6.15.0 -> 6.39.5 +- python3-imagesize: upgrade 1.2.0 -> 1.3.0 +- python3-importlib-metadata: upgrade 4.6.4 -> 4.11.3 +- python3-jinja2: upgrade 3.0.1 -> 3.1.1 +- python3-jsonschema: upgrade 3.2.0 -> 4.4.0 +- python3-libarchive-c: upgrade 3.1 -> 4.0 +- python3-magic: upgrade 0.4.24 -> 0.4.25 +- python3-mako: upgrade 1.1.5 -> 1.1.6 +- python3-markdown: upgrade 3.3.4 -> 3.3.6 +- python3-markupsafe: upgrade 2.0.1 -> 2.1.1 +- python3-more-itertools: upgrade 8.8.0 -> 8.12.0 +- python3-numpy: upgrade 1.21.2 -> 1.22.3 +- python3-packaging: upgrade 21.0 -> 21.3 +- python3-pathlib2: upgrade 2.3.6 -> 2.3.7 +- python3-pbr: upgrade 5.6.0 -> 5.8.1 +- python3-pip: update 21.2.4 -> 22.0.3 +- python3-pycairo: upgrade 1.20.1 -> 1.21.0 +- python3-pycryptodome: upgrade 3.10.1 -> 3.14.1 +- python3-pyelftools: upgrade 0.27 -> 0.28 +- python3-pygments: upgrade 2.10.0 -> 2.11.2 +- python3-pygobject: upgrade 3.40.1 -> 3.42.0 +- python3-pyparsing: update to 3.0.7 +- python3-pyrsistent: upgrade 0.18.0 -> 0.18.1 +- python3-pytest-runner: upgrade 5.3.1 -> 6.0.0 +- python3-pytest-subtests: upgrade 0.6.0 -> 0.7.0 +- python3-pytest: upgrade 6.2.4 -> 7.1.1 +- python3-pytz: upgrade 2021.3 -> 2022.1 +- python3-py: upgrade 1.10.0 -> 1.11.0 +- python3-pyyaml: upgrade 5.4.1 -> 6.0 +- python3-ruamel-yaml: upgrade 0.17.16 -> 0.17.21 +- python3-scons: upgrade 4.2.0 -> 4.3.0 +- python3-setuptools-scm: upgrade 6.0.1 -> 6.4.2 +- python3-setuptools: update to 59.5.0 +- python3-smmap: update to 5.0.0 +- python3-tomli: upgrade 1.2.1 -> 2.0.1 +- python3: update to 3.10.3 +- python3-urllib3: upgrade 1.26.8 -> 1.26.9 +- python3-zipp: upgrade 3.5.0 -> 3.7.0 +- qemu: update 6.0.0 -> 6.2.0 +- quilt: upgrade 0.66 -> 0.67 +- re2c: upgrade 2.2 -> 3.0 +- readline: upgrade 8.1 -> 8.1.2 +- repo: upgrade 2.17.3 -> 2.22 +- resolvconf: update 1.87 -> 1.91 +- rng-tools: upgrade 6.14 -> 6.15 +- rpcsvc-proto: upgrade 1.4.2 -> 1.4.3 +- rpm: update 4.16.1.3 -> 4.17.0 +- rt-tests: update 2.1 -> 2.3 +- ruby: update 3.0.2 -> 3.1.1 +- rust: update 1.54.0 -> 1.59.0 +- rxvt-unicode: upgrade 9.26 -> 9.30 +- screen: upgrade 4.8.0 -> 4.9.0 +- shaderc: update 2021.1 -> 2022.1 +- shadow: upgrade 4.9 -> 4.11.1 +- socat: upgrade 1.7.4.1 -> 1.7.4.3 +- spirv-headers: bump to b42ba6 revision +- spirv-tools: update 2021.2 -> 2022.1 +- sqlite3: upgrade 3.36.0 -> 3.38.2 +- strace: update 5.14 -> 5.16 +- stress-ng: upgrade 0.13.00 -> 0.13.12 +- sudo: update 1.9.7p2 -> 1.9.10 +- sysklogd: upgrade 2.2.3 -> 2.3.0 +- sysstat: upgrade 12.4.3 -> 12.4.5 +- systemd: update 249.3 -> 250.4 +- systemtap: upgrade 4.5 -> 4.6 +- sysvinit: upgrade 2.99 -> 3.01 +- tzdata: update to 2022a +- u-boot: upgrade 2021.07 -> 2022.01 +- uninative: Upgrade to 3.6 with gcc 12 support +- util-linux: update 2.37.2 -> 2.37.4 +- vala: upgrade 0.52.5 -> 0.56.0 +- valgrind: update 3.17.0 -> 3.18.1 +- vim: upgrade to 8.2 patch 4681 +- vte: upgrade 0.64.2 -> 0.66.2 +- vulkan-headers: upgrade 1.2.182 -> 1.2.191 +- vulkan-loader: upgrade 1.2.182 -> 1.2.198.1 +- vulkan-samples: update to latest revision +- vulkan-tools: upgrade 1.2.182 -> 1.2.191 +- vulkan: update 1.2.191.0 -> 1.3.204.1 +- waffle: update 1.6.1 -> 1.7.0 +- wayland-protocols: upgrade 1.21 -> 1.25 +- wayland: upgrade 1.19.0 -> 1.20.0 +- webkitgtk: upgrade 2.34.0 -> 2.36.0 +- weston: upgrade 9.0.0 -> 10.0.0 +- wget: update 1.21.1 -> 1.21.3 +- wireless-regdb: upgrade 2021.07.14 -> 2022.02.18 +- wpa-supplicant: update 2.9 -> 2.10 +- wpebackend-fdo: upgrade 1.10.0 -> 1.12.0 +- xauth: upgrade 1.1 -> 1.1.1 +- xf86-input-libinput: update to 1.2.1 +- xf86-video-intel: update to latest commit +- xkeyboard-config: update to 2.35.1 +- xorgproto: update to 2021.5 +- xserver-xorg: update 1.20.13 -> 21.1.3 +- xwayland: update 21.1.2 -> 22.1.0 +- xxhash: upgrade 0.8.0 -> 0.8.1 +- zstd: update 1.5.0 -> 1.5.2 + + + +Contributors to 4.0 +~~~~~~~~~~~~~~~~~~~ + +Thanks to the following people who contributed to this release: + +- Abongwa Amahnui Bonalais +- Adriaan Schmidt +- Adrian Freihofer +- Ahmad Fatoum +- Ahmed Hossam +- Ahsan Hussain +- Alejandro Hernandez Samaniego +- Alessio Igor Bogani +- Alexander Kanavin +- Alexandre Belloni +- Alexandru Ardelean +- Alexey Brodkin +- Alex Stewart +- Andreas Müller +- Andrei Gherzan +- Andrej Valek +- Andres Beltran +- Andrew Jeffery +- Andrey Zhizhikin +- Anton Mikanovich +- Anuj Mittal +- Bill Pittman +- Bruce Ashfield +- Caner Altinbasak +- Carlos Rafael Giani +- Chaitanya Vadrevu +- Changhyeok Bae +- Changqing Li +- Chen Qi +- Christian Eggers +- Claudius Heine +- Claus Stovgaard +- Daiane Angolini +- Daniel Ammann +- Daniel Gomez +- Daniel McGregor +- Daniel Müller +- Daniel Wagenknecht +- David Joyner +- David Reyna +- Denys Dmytriyenko +- Dhruva Gole +- Diego Sueiro +- Dmitry Baryshkov +- Ferry Toth +- Florian Amstutz +- Henry Kleynhans +- He Zhe +- Hongxu Jia +- Hsia-Jun(Randy) Li +- Ian Ray +- Jacob Kroon +- Jagadeesh Krishnanjanappa +- Jasper Orschulko +- Jim Wilson +- Joel Winarske +- Joe Slater +- Jon Mason +- Jose Quaresma +- Joshua Watt +- Justin Bronder +- Kai Kang +- Kamil Dziezyk +- Kevin Hao +- Khairul Rohaizzat Jamaluddin +- Khem Raj +- Kiran Surendran +- Konrad Weihmann +- Kory Maincent +- Lee Chee Yang +- Leif Middelschulte +- Lei Maohui +- Li Wang +- Liwei Song +- Luca Boccassi +- Lukasz Majewski +- Luna Gräfje +- Manuel Leonhardt +- Marek Vasut +- Mark Hatle +- Markus Niebel +- Markus Volk +- Marta Rybczynska +- Martin Beeger +- Martin Jansa +- Matthias Klein +- Matt Madison +- Maximilian Blenk +- Max Krummenacher +- Michael Halstead +- Michael Olbrich +- Michael Opdenacker +- Mike Crowe +- Ming Liu +- Mingli Yu +- Minjae Kim +- Nicholas Sielicki +- Olaf Mandel +- Oleh Matiusha +- Oleksandr Kravchuk +- Oleksandr Ocheretnyi +- Oleksandr Suvorov +- Oleksiy Obitotskyy +- Otavio Salvador +- Pablo Saavedra +- Paul Barker +- Paul Eggleton +- Pavel Zhukov +- Peter Hoyes +- Peter Kjellerstedt +- Petr Vorel +- Pgowda +- Quentin Schulz +- Ralph Siemsen +- Randy Li +- Randy MacLeod +- Rasmus Villemoes +- Ricardo Salveti +- Richard Neill +- Richard Purdie +- Robert Joslyn +- Robert P. J. Day +- Robert Yang +- Ross Burton +- Rudolf J Streif +- Sakib Sajal +- Samuli Piippo +- Saul Wold +- Scott Murray +- Sean Anderson +- Simone Weiss +- Simon Kuhnle +- S. Lockwood-Childs +- Stefan Herbrechtsmeier +- Steve Sakoman +- Sundeep KOKKONDA +- Tamizharasan Kumar +- Tean Cunningham +- Teoh Jay Shen +- Thomas Perrot +- Tim Orling +- Tobias Kaufmann +- Tom Hochstein +- Tony McDowell +- Trevor Gamblin +- Ulrich Ölmann +- Valerii Chernous +- Vivien Didelot +- Vyacheslav Yurkov +- Wang Mingyu +- Xavier Berger +- Yi Zhao +- Yongxin Liu +- Yureka +- Zev Weiss +- Zheng Ruoqin +- Zoltán Böszörményi +- Zygmunt Krynicki + + + +Repositories / Downloads for 4.0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +TBD