From e0503274079986aee56045744691484b13d7c8de Mon Sep 17 00:00:00 2001
From: Yoann Congal <yoann.congal@smile.fr>
Date: Tue, 9 Apr 2024 16:55:44 +0200
Subject: [PATCH] release-notes-5.0: document some cve, strace and qa changes

This patch should cover those commits (from poky) :
* 789b10030c6 (cve-update-nvd2-native: remove rejected cve from database, 2024-03-15)
* 19f27037b2b (cve-update-nvd2-native: add an age threshold for incremental update, 2024-03-13)
* 6ce61b43570 (strace: disable bluetooth support by default, 2023-12-13)
* 381ef628fab (ref-manual: add documentation for the unimplemented-ptest qa warning, 2023-10-10)

(From yocto-docs rev: da44182aa084378dbf7a04bb010cbd87e508a607)

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../migration-guides/release-notes-5.0.rst      | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/documentation/migration-guides/release-notes-5.0.rst b/documentation/migration-guides/release-notes-5.0.rst
index 8df95ca21b..0a740688fa 100644
--- a/documentation/migration-guides/release-notes-5.0.rst
+++ b/documentation/migration-guides/release-notes-5.0.rst
@@ -10,6 +10,10 @@ New Features / Enhancements in 5.0
 
 -  New variables:
 
+   -  :term:`CVE_DB_INCR_UPDATE_AGE_THRES`: Configure the maximum age of the
+      internal CVE database for incremental update (instead of a full
+      redownload).
+
 -  Architecture-specific enhancements:
 
 -  Kernel-related enhancements:
@@ -44,6 +48,9 @@ New Features / Enhancements in 5.0
 
 -  Testing:
 
+   -  Add an optional ``unimplemented-ptest`` QA warning to detect upstream
+      packages with tests, that do not use ptest.
+
 -  Utility script changes:
 
    -  New ``recipetool/create_go.py`` script added to support Go recipe creation
@@ -54,6 +61,11 @@ New Features / Enhancements in 5.0
 
 -  Security improvements:
 
+   -  Improve incremental CVE database download from NVD. Rejected CVEs are
+      removed, configuration is kept up-to-date. The age threshold for
+      incremental update can be configured with :term:`CVE_DB_INCR_UPDATE_AGE_THRES`
+      variable.
+
 -  Prominent documentation updates:
 
 -  Miscellaneous changes:
@@ -64,10 +76,15 @@ New Features / Enhancements in 5.0
    -  ``systemd-boot`` can, from now on, be compiled as ``native``, thus
       providing ``ukify`` tool to build UKI images.
 
+   -  systemd: split bash completion for ``udevadm`` in a new
+      ``udev-bash-completion`` package.
+
    -  The :ref:`ref-classes-go-vendor` class was added to support offline builds
       (i.e., vendoring). It can also handle modules from the same repository,
       taking into account their versions.
 
+   -  Disable strace support of bluetooth by default.
+
 Known Issues in 5.0
 ~~~~~~~~~~~~~~~~~~~