build-appliance-image: Update to mickledore head revision

(From OE-Core rev: c57d1a561db563ed2f521bbac5fc12d4ac8e11a7)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst

@@ -1972,6 +1972,24 @@ looking at the source code of the ``bb`` module, which is in
 the commonly used functions ``bb.utils.contains()`` and
 ``bb.utils.mkdirhier()``, which come with docstrings.
 
+Extending Python Library Code
+-----------------------------
+
+If you wish to add your own Python library code (e.g. to provide
+functions/classes you can use from Python functions in the metadata)
+you can do so from any layer using the ``addpylib`` directive.
+This directive is typically added to your layer configuration (
+``conf/layer.conf``) although it will be handled in any ``.conf`` file.
+
+Usage is of the form::
+
+   addpylib <directory> <namespace>
+
+Where <directory> specifies the directory to add to the library path.
+The specified <namespace> is imported automatically, and if the imported
+module specifies an attribute named ``BBIMPORTS``, that list of
+sub-modules is iterated and imported too.
+
 Testing and Debugging BitBake Python code
 -----------------------------------------
 

bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst

@@ -99,10 +99,26 @@ overview of their function and contents.
       the path of the build. BitBake's output should not (and usually does
       not) depend on the directory in which it was built.
 
+   :term:`BB_CACHEDIR`
+      Specifies the code parser cache directory (distinct from :term:`CACHE`
+      and :term:`PERSISTENT_DIR` although they can be set to the same value
+      if desired). The default value is "${TOPDIR}/cache".
+
    :term:`BB_CHECK_SSL_CERTS`
       Specifies if SSL certificates should be checked when fetching. The default
       value is ``1`` and certificates are not checked if the value is set to ``0``.
 
+   :term:`BB_HASH_CODEPARSER_VALS`
+      Specifies values for variables to use when populating the codeparser cache.
+      This can be used selectively to set dummy values for variables to avoid
+      the codeparser cache growing on every parse. Variables that would typically
+      be included are those where the value is not significant for where the
+      codeparser cache is used (i.e. when calculating variable dependencies for
+      code fragments.) The value is space-separated without quoting values, for
+      example::
+
+         BB_HASH_CODEPARSER_VALS = "T=/ WORKDIR=/ DATE=1234 TIME=1234"
+
    :term:`BB_CONSOLELOG`
       Specifies the path to a log file into which BitBake's user interface
       writes output during the build.
@@ -343,6 +359,14 @@ overview of their function and contents.
 
       For example usage, see :term:`BB_GIT_SHALLOW`.
 
+   :term:`BB_GLOBAL_PYMODULES`
+      Specifies the list of Python modules to place in the global namespace.
+      It is intended that only the core layer should set this and it is meant
+      to be a very small list, typically just ``os`` and ``sys``.
+      :term:`BB_GLOBAL_PYMODULES` is expected to be set before the first
+      ``addpylib`` directive.
+      See also ":ref:`bitbake-user-manual/bitbake-user-manual-metadata:extending python library code`".
+
    :term:`BB_HASHCHECK_FUNCTION`
       Specifies the name of the function to call during the "setscene" part
       of the task's execution in order to validate the list of task hashes.

bitbake/lib/bb/cooker.py

@@ -1764,9 +1764,9 @@ class BBCooker:
     def shutdown(self, force=False):
         if force:
             self.state = state.forceshutdown
+            bb.event._should_exit.set()
         else:
             self.state = state.shutdown
-        bb.event._should_exit.set()
 
         if self.parser:
             self.parser.shutdown(clean=False)
@@ -2223,7 +2223,7 @@ class CookerParser(object):
 
             self.results = itertools.chain(self.results, self.parse_generator())
 
-    def shutdown(self, clean=True):
+    def shutdown(self, clean=True, eventmsg="Parsing halted due to errors"):
         if not self.toparse:
             return
         if self.haveshutdown:
@@ -2238,6 +2238,7 @@ class CookerParser(object):
 
             bb.event.fire(event, self.cfgdata)
         else:
+            bb.event.fire(bb.event.ParseError(eventmsg), self.cfgdata)
             bb.error("Parsing halted due to errors, see error messages above")
 
         # Cleanup the queue before call process.join(), otherwise there might be
@@ -2355,7 +2356,7 @@ class CookerParser(object):
         except bb.parse.ParseError as exc:
             self.error += 1
             logger.error(str(exc))
-            self.shutdown(clean=False)
+            self.shutdown(clean=False, eventmsg=str(exc))
             return False
         except bb.data_smart.ExpansionError as exc:
             self.error += 1

bitbake/lib/bb/event.py

@@ -856,3 +856,11 @@ class FindSigInfoResult(Event):
     def __init__(self, result):
         Event.__init__(self)
         self.result = result
+
+class ParseError(Event):
+    """
+    Event to indicate parse failed
+    """
+    def __init__(self, msg):
+        super().__init__()
+        self._msg = msg

bitbake/lib/bb/fetch2/npmsw.py

@@ -205,7 +205,9 @@ class NpmShrinkWrap(FetchMethod):
         # This fetcher resolves multiple URIs from a shrinkwrap file and then
         # forwards it to a proxy fetcher. The management of the donestamp file,
         # the lockfile and the checksums are forwarded to the proxy fetcher.
-        ud.proxy = Fetch([dep["url"] for dep in ud.deps if dep["url"]], data)
+        shrinkwrap_urls = [dep["url"] for dep in ud.deps if dep["url"]]
+        if shrinkwrap_urls:
+            ud.proxy = Fetch(shrinkwrap_urls, data)
         ud.needdonestamp = False
 
     @staticmethod

bitbake/lib/bb/parse/parse_py/ConfHandler.py

@@ -21,7 +21,7 @@ __config_regexp__  = re.compile( r"""
     ^
     (?P<exp>export\s+)?
     (?P<var>[a-zA-Z0-9\-_+.${}/~:]+?)
-    (\[(?P<flag>[a-zA-Z0-9\-_+.][a-zA-Z0-9\-_+.@]+)\])?
+    (\[(?P<flag>[a-zA-Z0-9\-_+.][a-zA-Z0-9\-_+.@]*)\])?
 
     \s* (
         (?P<colon>:=) |
@@ -103,7 +103,7 @@ def include_single_file(parentfn, fn, lineno, data, error_out):
 # We have an issue where a UI might want to enforce particular settings such as
 # an empty DISTRO variable. If configuration files do something like assigning
 # a weak default, it turns out to be very difficult to filter out these changes,
-# particularly when the weak default might appear half way though parsing a chain 
+# particularly when the weak default might appear half way though parsing a chain
 # of configuration files. We therefore let the UIs hook into configuration file
 # parsing. This turns out to be a hard problem to solve any other way.
 confFilters = []

bitbake/lib/bb/runqueue.py

@@ -198,15 +198,20 @@ class RunQueueScheduler(object):
                 curr_cpu_pressure = cpu_pressure_fds.readline().split()[4].split("=")[1]
                 curr_io_pressure = io_pressure_fds.readline().split()[4].split("=")[1]
                 curr_memory_pressure = memory_pressure_fds.readline().split()[4].split("=")[1]
-                exceeds_cpu_pressure =  self.rq.max_cpu_pressure and (float(curr_cpu_pressure) - float(self.prev_cpu_pressure)) > self.rq.max_cpu_pressure
-                exceeds_io_pressure =  self.rq.max_io_pressure and (float(curr_io_pressure) - float(self.prev_io_pressure)) > self.rq.max_io_pressure
-                exceeds_memory_pressure = self.rq.max_memory_pressure and (float(curr_memory_pressure) - float(self.prev_memory_pressure)) > self.rq.max_memory_pressure
                 now = time.time()
-                if now - self.prev_pressure_time > 1.0:
+                tdiff = now - self.prev_pressure_time
+                if tdiff > 1.0:
+                    exceeds_cpu_pressure =  self.rq.max_cpu_pressure and (float(curr_cpu_pressure) - float(self.prev_cpu_pressure)) / tdiff > self.rq.max_cpu_pressure
+                    exceeds_io_pressure =  self.rq.max_io_pressure and (float(curr_io_pressure) - float(self.prev_io_pressure)) / tdiff > self.rq.max_io_pressure
+                    exceeds_memory_pressure = self.rq.max_memory_pressure and (float(curr_memory_pressure) - float(self.prev_memory_pressure)) / tdiff > self.rq.max_memory_pressure
                     self.prev_cpu_pressure = curr_cpu_pressure
                     self.prev_io_pressure = curr_io_pressure
                     self.prev_memory_pressure = curr_memory_pressure
                     self.prev_pressure_time = now
+                else:
+                    exceeds_cpu_pressure =  self.rq.max_cpu_pressure and (float(curr_cpu_pressure) - float(self.prev_cpu_pressure)) > self.rq.max_cpu_pressure
+                    exceeds_io_pressure =  self.rq.max_io_pressure and (float(curr_io_pressure) - float(self.prev_io_pressure)) > self.rq.max_io_pressure
+                    exceeds_memory_pressure = self.rq.max_memory_pressure and (float(curr_memory_pressure) - float(self.prev_memory_pressure)) > self.rq.max_memory_pressure
             return (exceeds_cpu_pressure or exceeds_io_pressure or exceeds_memory_pressure)
         return False
 

bitbake/lib/bb/tests/parse.py

@@ -222,6 +222,7 @@ VAR = " \\
     at_sign_in_var_flag = """
 A[flag@.service] = "nonet"
 B[flag@.target] = "ntb"
+C[f] = "flag"
 
 unset A[flag@.service]
 """
@@ -232,6 +233,7 @@ unset A[flag@.service]
         self.assertEqual(d.getVar("B"), None)
         self.assertEqual(d.getVarFlag("A","flag@.service"), None)
         self.assertEqual(d.getVarFlag("B","flag@.target"), "ntb")
+        self.assertEqual(d.getVarFlag("C","f"), "flag")
 
     def test_parse_invalid_at_sign_in_var_flag(self):
         invalid_at_sign = self.at_sign_in_var_flag.replace("B[f", "B[@f")

documentation/dev-manual/init-manager.rst

@@ -38,26 +38,14 @@ following sections.
 Using systemd Exclusively
 =========================
 
-Set these variables in your distribution configuration file as follows::
+Set the :term:`INIT_MANAGER` variable in your distribution configuration
+file as follows::
 
-   DISTRO_FEATURES:append = " systemd"
-   VIRTUAL-RUNTIME_init_manager = "systemd"
+   INIT_MANAGER = "systemd"
 
-You can also prevent the SysVinit distribution feature from
-being automatically enabled as follows::
-
-   DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
-
-Doing so removes any
-redundant SysVinit scripts.
-
-To remove initscripts from your image altogether, set this variable
-also::
-
-   VIRTUAL-RUNTIME_initscripts = ""
-
-For information on the backfill variable, see
-:term:`DISTRO_FEATURES_BACKFILL_CONSIDERED`.
+This will enable systemd and remove sysvinit components from the image.
+See ``meta/conf/distro/include/init-manager-systemd.inc`` for exact
+details on what this does.
 
 Using systemd for the Main Image and Using SysVinit for the Rescue Image
 ========================================================================

documentation/dev-manual/packages.rst

@@ -227,18 +227,6 @@ default value is "r0", the practice of adding it to a new recipe makes
 it harder to forget to bump the variable when you make changes to the
 recipe in future.
 
-If you are sharing a common ``.inc`` file with multiple recipes, you can
-also use the :term:`INC_PR` variable to ensure that the recipes sharing the
-``.inc`` file are rebuilt when the ``.inc`` file itself is changed. The
-``.inc`` file must set :term:`INC_PR` (initially to "r0"), and all recipes
-referring to it should set :term:`PR` to "${INC_PR}.0" initially,
-incrementing the last number when the recipe is changed. If the ``.inc``
-file is changed then its :term:`INC_PR` should be incremented.
-
-When upgrading the version of a binary package, assuming the :term:`PV`
-changes, the :term:`PR` variable should be reset to "r0" (or "${INC_PR}.0"
-if you are using :term:`INC_PR`).
-
 Usually, version increases occur only to binary packages. However, if
 for some reason :term:`PV` changes but does not increase, you can increase
 the :term:`PE` variable (Package Epoch). The :term:`PE` variable defaults to

documentation/migration-guides/migration-4.2.rst

@@ -9,27 +9,109 @@ Migration notes for 4.2 (mickledore)
 This section provides migration information for moving to the Yocto
 Project 4.2 Release (codename "mickledore") from the prior release.
 
+.. _migration-4.2-supported-distributions:
+
+Supported distributions
+~~~~~~~~~~~~~~~~~~~~~~~
+
+This release supports running BitBake on new GNU/Linux distributions:
+
+-  Fedora 36 and 37
+-  AlmaLinux 8.7 and 9.1
+-  OpenSuse 15.4
+
+On the other hand, some earlier distributions are no longer supported:
+
+-  Debian 10.x
+-  Fedora 34 and 35
+-  AlmaLinux 8.5
+
+See :ref:`all supported distributions <system-requirements-supported-distros>`.
+
 .. _migration-4.2-python-3.8:
 
 Python 3.8 is now the minimum required Python version version
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-BitBake and OpenEmbedded-Core are now relying on Python 3.8,
+BitBake and OpenEmbedded-Core now require Python 3.8 or newer,
 making it a requirement to use a distribution providing at least this
-version, or to use :term:`buildtools`.
+version, or to install a :term:`buildtools` tarball.
 
-.. _migration-4.2-qa-checks:
+.. _migration-4.2-gcc-8.0:
 
-QA check changes
-~~~~~~~~~~~~~~~~
+gcc 8.0 is now the minimum required GNU C compiler version
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-.. _migration-4.2-misc-changes:
+This version, released in 2018, is a minimum requirement
+to build the ``mesa-native`` recipe and as the latter is in the
+default dependency chain when building QEMU this has now been
+made a requirement for all builds.
 
-Miscellaneous changes
-~~~~~~~~~~~~~~~~~~~~~
+In the event that your host distribution does not provide this
+or a newer version of gcc, you can install a
+:term:`buildtools-extended` tarball.
+
+.. _migration-4.2-new-nvd-api:
+
+Fetching the NVD vulnerability database through the 2.0 API
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This new version adds a new fetcher for the NVD database using the 2.0 API,
+as the 1.0 API will be retired in 2023.
+
+The implementation changes as little as possible, keeping the current
+database format (but using a different database file for the transition
+period), with a notable exception of not using the META table.
+
+Here are minor changes that you may notice:
+
+-  The database starts in 1999 instead of 2002
+-  The complete fetch is longer (30 minutes typically)
+
+.. _migration-4.2-rust-crate-checksums:
+
+Rust: mandatory checksums for crates
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This release now supports checksums for Rust crates and makes
+them mandatory for each crate in a recipe. See :yocto_git:`python3_bcrypt recipe changes
+</poky/commit/?h=mickledore&id=0dcb5ab3462fdaaf1646b05a00c7150eea711a9a>`
+for example.
+
+The ``cargo-update-recipe-crates`` utility
+:yocto_git:`has been extended </poky/commit/?h=mickledore&id=eef7fbea2c5bf59369390be4d5efa915591b7b22>`
+to include such checksums. So, in case you need to add the list of checksums
+to a recipe just inheriting the :ref:`ref-classes-cargo` class so far, you can
+follow these steps:
+
+#.  Make the recipe inherit :ref:`ref-classes-cargo-update-recipe-crates`
+#.  Remove all ``crate://`` lines from the recipe
+#.  Create an empty ``${BPN}-crates.inc`` file and make your recipe require it
+#.  Execute ``bitbake -c update_crates your_recipe``
+#.  Copy and paste the output of BitBake about the missing checksums into the
+    ``${BPN}-crates.inc`` file.
+
+
+.. _migration-4.2-addpylib:
+
+Python library code extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+BitBake in this release now supports a new ``addpylib`` directive to enable
+Python libraries within layers.
+
+This directive should be added to your layer configuration
+as in the below example from ``meta/conf/layer.conf``::
+
+   addpylib ${LAYERDIR}/lib oe
+
+Layers currently adding a lib directory to extend Python library code should now
+use this directive as :term:`BBPATH` is not going to be added automatically by
+OE-Core in future. Note that the directives are immediate operations, so it does
+make modules available for use sooner than the current BBPATH-based approach.
+
+For more information, see :ref:`bitbake-user-manual/bitbake-user-manual-metadata:extending python library code`.
 
--  The ``OEBasic`` signature handler (see :term:`BB_SIGNATURE_HANDLER`) has been
-   removed.
 
 .. _migration-4.2-removed-variables:
 
@@ -38,7 +120,11 @@ Removed variables
 
 The following variables have been removed:
 
--  ``SERIAL_CONSOLE``, deprecated since version 2.6, replaced by :term:``SERIAL_CONSOLES``.
+-  ``SERIAL_CONSOLE``, deprecated since version 2.6, replaced by :term:`SERIAL_CONSOLES`.
+-  ``PACKAGEBUILDPKGD``, a mostly internal variable in the ref:`ref-classes-package`
+   class was rarely used to customise packaging. If you were using this in your custom
+   recipes or bbappends, you will need to switch to using :term:`PACKAGE_PREPROCESS_FUNCS`
+   or :term:`PACKAGESPLITFUNCS` instead.
 
 .. _migration-4.2-removed-recipes:
 
@@ -47,3 +133,144 @@ Removed recipes
 
 The following recipes have been removed in this release:
 
+-  ``python3-picobuild``: after switching to ``python3-build``
+-  ``python3-strict-rfc3339``: unmaintained and not needed by anything in
+   :oe_git:`openembedded-core </openembedded-core>`
+   or :oe_git:`meta-openembedded </meta-openembedded>`.
+-  ``linux-yocto``: removed version 5.19 recipes (6.1 and 5.15 still provided)
+
+
+.. _migration-4.2-removed-classes:
+
+Removed classes
+~~~~~~~~~~~~~~~
+
+The following classes have been removed in this release:
+
+-  ``rust-bin``: no longer used
+-  ``package_tar``: could not be used for actual packaging, and thus not particularly useful.
+
+
+LAYERSERIES_COMPAT for custom layers and devtool workspace
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Some layer maintainers have been setting :term:`LAYERSERIES_COMPAT` in their
+layer's ``conf/layer.conf`` to the value of ``LAYERSERIES_CORENAMES`` to
+effectively bypass the compatibility check - this is no longer permitted.
+Layer maintainers should set :term:`LAYERSERIES_COMPAT` appropriately to
+help users understand the compatibility status of the layer.
+
+Additionally, the :term:`LAYERSERIES_COMPAT` value for the devtool workspace
+layer is now set at the time of creation, thus if you upgrade with the
+workspace layer enabled and you wish to retain it, you will need to manually
+update the :term:`LAYERSERIES_COMPAT` value in ``workspace/conf/layer.conf``
+(or remove the path from :term:`BBLAYERS` in ``conf/bblayers.conf`` and
+delete/move the ``workspace`` directory out of the way if you no longer
+need it).
+
+
+.. _migration-4.2-runqemu-slirp:
+
+runqemu now limits slirp host port forwarding to localhost
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+With default slirp port forwarding configuration in runqemu, qemu
+previously listened on TCP ports 2222 and 2323 on all IP addresses
+available on the build host. Most use cases with runqemu only need
+it for localhost and it is not safe to run qemu images with root
+login without password enabled and listening on all available,
+possibly Internet reachable network interfaces. Thus, in this
+release we limit qemu port forwarding to localhost (127.0.0.1).
+
+However, if you need the qemu machine to be reachable from the
+network, then it can be enabled via ``conf/local.conf`` or machine
+config variable ``QB_SLIRP_OPT``::
+
+   QB_SLIRP_OPT = "-netdev user,id=net0,hostfwd=tcp::2222-:22"
+
+
+.. _migration-4.2-patch-qa:
+
+Patch QA checks
+~~~~~~~~~~~~~~~
+
+The QA checks for patch fuzz and Upstream-Status have been reworked
+slightly in this release. The Upstream-Status checking is now configurable
+from :term:`WARN_QA` / :term:`ERROR_QA` (``patch-status-core`` for the
+core layer, and ``patch-status-noncore`` for other layers).
+
+The ``patch-fuzz`` and ``patch-status-core`` checks are now in the default
+value of :term:`ERROR_QA` so that they will cause the build to fail
+if triggered. If you prefer to avoid this you will need to adjust the value
+of :term:`ERROR_QA` in your configuration as desired.
+
+
+.. _migration-4.2-mesa:
+
+Native/nativesdk mesa usage and graphics drivers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This release includes mesa 23.0, and with that mesa release it is not longer
+possible to use drivers from the host system, as mesa upstream has added strict
+checks for matching builds between drivers and libraries that load them.
+
+This is particularly relevant when running QEMU built within the build
+system. A check has been added to runqemu so that there is a helpful error
+when there is no native/nativesdk opengl/virgl support available.
+
+To support this, a number of drivers have been enabled when building ``mesa-native``.
+The one major dependency pulled in by this change is ``llvm-native`` which will
+add a few minutes to the build on a modern machine. If this is undesirable, you
+can set the value of :term:`DISTRO_FEATURES_NATIVE` in your configuration such
+that ``opengl`` is excluded.
+
+
+.. _migration-4.2-misc-changes:
+
+Miscellaneous changes
+~~~~~~~~~~~~~~~~~~~~~
+
+-  The :term:`IMAGE_NAME` variable is now set based on :term:`IMAGE_LINK_NAME`. This
+   means that if you are setting :term:`IMAGE_LINK_NAME` to "" to disable unversioned
+   image symlink creation, you also now need to set :term:`IMAGE_NAME` to still have
+   a reasonable value e.g.::
+
+      IMAGE_LINK_NAME = ""
+      IMAGE_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_VERSION_SUFFIX}"
+
+-  In ``/etc/os-release``, the ``VERSION_CODENAME`` field is now used instead of
+   ``DISTRO_CODENAME`` (though its value is still set from the :term:`DISTRO_CODENAME`
+   variable) for better conformance to standard os-release usage. If you have runtime
+   code reading this from ``/etc/os-release`` it may need to be updated.
+
+-  The kmod recipe now enables OpenSSL support by default in order to support module
+   signing. If you do not need this and wish to reclaim some space/avoid the dependency
+   you should set :term:`PACKAGECONFIG` in a kmod bbappend (or ``PACKAGECONFIG:pn-kmod``
+   at the configuration level) to exclude ``openssl``.
+
+-  The ``OEBasic`` signature handler (see :term:`BB_SIGNATURE_HANDLER`) has been
+   removed. It is unlikely that you would have selected to use this, but if you have
+   you will need to remove this setting.
+
+-  The :ref:`ref-classes-package` class now checks if package names conflict via
+   ``PKG:${PN}`` override during ``do_package``. If you receive the associated error
+   you will need to address the :term:`PKG` usage so that the conflict is resolved.
+
+-  openssh no longer uses :term:`RRECOMMENDS` to pull in ``rng-tools``, since rngd
+   is no longer needed as of Linux kernel 5.6. If you still need ``rng-tools``
+   installed for other reasons, you should add ``rng-tools`` explicitly to your
+   image. If you additionally need rngd to be started as a service you will also
+   need to add the ``rng-tools-service`` package as that has been split out.
+
+-  The cups recipe no longer builds with the web interface enabled, saving ~1.8M of
+   space in the final image. If you wish to enable it, you should set
+   :term:`PACKAGECONFIG` in a cups bbappend (or ``PACKAGECONFIG:pn-cups`` at the
+   configuration level) to include ``webif``.
+
+-  The :ref:`ref-classes-scons` class now passes a ``MAXLINELENGTH`` argument to
+   scons in order to fix an issue with scons and command line lengths when ccache is
+   enabled. However, some recipes may be using older scons versions which don't support
+   this argument. If that is the case you can set the following in the recipe in order
+   to disable this::
+
+      SCONS_MAXLINELENGTH = ""

documentation/migration-guides/release-4.0.rst

@@ -15,3 +15,4 @@ Release 4.0 (kirkstone)
    release-notes-4.0.6
    release-notes-4.0.7
    release-notes-4.0.8
+   release-notes-4.0.9

documentation/migration-guides/release-notes-4.0.9.rst

@@ -0,0 +1,247 @@
+Release notes for Yocto-4.0.9 (Kirkstone)
+-----------------------------------------
+
+Security Fixes in Yocto-4.0.9
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  binutils: Fix :cve:`2023-22608`
+-  curl: Fix :cve:`2023-23914`, :cve:`2023-23915` and :cve:`2023-23916`
+-  epiphany: Fix :cve:`2023-26081`
+-  git: Ignore :cve:`2023-22743`
+-  glibc: Fix  :cve:`2023-0687`
+-  gnutls: Fix :cve:`2023-0361`
+-  go: Fix :cve:`2022-2879`, :cve:`2022-41720` and :cve:`2022-41723`
+-  harfbuzz: Fix :cve:`2023-25193`
+-  less: Fix :cve:`2022-46663`
+-  libmicrohttpd: Fix :cve:`2023-27371`
+-  libsdl2: Fix :cve:`2022-4743`
+-  openssl: Fix :cve:`2022-3996`, :cve:`2023-0464`, :cve:`2023-0465` and :cve:`2023-0466`
+-  pkgconf: Fix :cve:`2023-24056`
+-  python3: Fix :cve:`2023-24329`
+-  shadow: Ignore :cve:`2016-15024`
+-  systemd: Fix :cve:`2022-4415`
+-  tiff: Fix :cve:`2023-0800`, :cve:`2023-0801`, :cve:`2023-0802`, :cve:`2023-0803` and :cve:`2023-0804`
+-  vim: Fix :cve:`2023-0433`, :cve:`2023-0512`, :cve:`2023-1127`, :cve:`2023-1170`, :cve:`2023-1175`, :cve:`2023-1264` and :cve:`2023-1355`
+-  xserver-xorg: Fix :cve:`2023-0494`
+-  xwayland: Fix :cve:`2023-0494`
+
+
+Fixes in Yocto-4.0.9
+~~~~~~~~~~~~~~~~~~~~
+
+-  base-files: Drop localhost.localdomain from hosts file
+-  binutils: Fix nativesdk ld.so search
+-  bitbake: cookerdata: Drop dubious exception handling code
+-  bitbake: cookerdata: Improve early exception handling
+-  bitbake: cookerdata: Remove incorrect SystemExit usage
+-  bitbake: fetch/git: Fix local clone url to make it work with repo
+-  bitbake: utils: Allow to_boolean to support int values
+-  bmap-tools: switch to main branch
+-  buildtools-tarball: Handle spaces within user $PATH
+-  busybox: Fix depmod patch
+-  cracklib: update github branch to 'main'
+-  cups: add/fix web interface packaging
+-  cups: check PACKAGECONFIG for pam feature
+-  cups: use BUILDROOT instead of DESTDIR
+-  curl: fix dependencies when building with ldap/ldaps
+-  cve-check: Fix false negative version issue
+-  dbus: upgrade to 1.14.6
+-  devtool/upgrade: do not delete the workspace/recipes directory
+-  dhcpcd: Fix install conflict when enable multilib.
+-  dhcpcd: fix dhcpcd start failure on qemuppc64
+-  gcc-shared-source: do not use ${S}/.. in deploy_source_date_epoch
+-  glibc: Add missing binutils dependency
+-  image_types: fix multiubi var init
+-  iso-codes: upgrade to  4.13.0
+-  json-c: Add ptest for json-c
+-  kernel-yocto: fix kernel-meta data detection
+-  lib/buildstats: handle tasks that never finished
+-  lib/resulttool: fix typo breaking resulttool log --ptest
+-  libjpeg-turbo: upgrade to 2.1.5.1
+-  libmicrohttpd: upgrade to 0.9.76
+-  libseccomp: fix for the ptest result format
+-  libssh2: Clean up ptest patch/coverage
+-  linux-firmware: add yamato fw files to qcom-adreno-a2xx package
+-  linux-firmware: properly set license for all Qualcomm firmware
+-  linux-firmware: upgrade to 20230210
+-  linux-yocto-rt/5.15: update to -rt59
+-  linux-yocto/5.10: upgrade to v5.10.175
+-  linux-yocto/5.15: upgrade to v5.15.103
+-  linux: inherit pkgconfig in kernel.bbclass
+-  lttng-modules: fix for kernel 6.2+
+-  lttng-modules: upgrade to v2.13.9
+-  lua: Fix install conflict when enable multilib.
+-  mdadm: Fix raid0, 06wrmostly and 02lineargrow tests
+-  meson: Fix wrapper handling of implicit setup command
+-  migration-guides: add 4.0.8 release notes
+-  nghttp2: never build python bindings
+-  oeqa rtc.py: skip if read-only-rootfs
+-  oeqa ssh.py: fix hangs in run()
+-  oeqa/sdk: Improve Meson test
+-  oeqa/selftest/prservice: Improve debug output for failure
+-  oeqa/selftest/resulttooltests: fix minor typo
+-  openssl: upgrade to 3.0.8
+-  package.bbclase: Add check for /build in copydebugsources()
+-  patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak
+-  poky.conf: bump version for 4.0.9
+-  populate_sdk_ext: Handle spaces within user $PATH
+-  pybootchartui: Fix python syntax issue
+-  python3-git: fix indent error
+-  python3-setuptools-rust-native: Add direct dependency of native python3 modules
+-  qemu: Revert "fix :cve:`2021-3507`" as not applicable for qemu 6.2
+-  rsync: Add missing prototypes to function declarations
+-  rsync: Turn on -pedantic-errors at the end of 'configure'
+-  runqemu: kill qemu if it hangs
+-  scripts/lib/buildstats: handle top-level build_stats not being complete
+-  selftest/recipetool: Stop test corrupting tinfoil class
+-  selftest/runtime_test/virgl: Disable for all Rocky Linux
+-  selftest: devtool: set BB_HASHSERVE_UPSTREAM when setting SSTATE_MIRROR
+-  sstatesig: Improve output hash calculation
+-  staging/multilib: Fix manifest corruption
+-  staging: Separate out different multiconfig manifests
+-  sudo: update 1.9.12p2 -> 1.9.13p3
+-  systemd.bbclass: Add /usr/lib/systemd to searchpaths as well
+-  systemd: add group sgx to udev package
+-  systemd: fix wrong nobody-group assignment
+-  timezone: use 'tz' subdir instead of ${WORKDIR} directly
+-  toolchain-scripts: Handle spaces within user $PATH
+-  tzcode-native: fix build with gcc-13 on host
+-  tzdata: use separate B instead of WORKDIR for zic output
+-  uninative: upgrade to 3.9 to include libgcc and glibc 2.37
+-  vala: Fix install conflict when enable multilib.
+-  vim: add missing pkgconfig inherit
+-  vim: set modified-by to the recipe MAINTAINER
+-  vim: upgrade to 9.0.1429
+-  wic: Fix usage of fstype=none in wic
+-  wireless-regdb: upgrade to 2023.02.13
+-  xserver-xorg: upgrade to 21.1.7
+-  xwayland: upgrade to 22.1.8
+
+
+Known Issues in Yocto-4.0.9
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.9
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Alexander Kanavin
+-  Alexis Lothoré
+-  Bruce Ashfield
+-  Changqing Li
+-  Chee Yang Lee
+-  Dmitry Baryshkov
+-  Federico Pellegrin
+-  Geoffrey GIRY
+-  Hitendra Prajapati
+-  Hongxu Jia
+-  Joe Slater
+-  Kai Kang
+-  Kenfe-Mickael Laventure
+-  Khem Raj
+-  Martin Jansa
+-  Mateusz Marciniec
+-  Michael Halstead
+-  Michael Opdenacker
+-  Mikko Rapeli
+-  Ming Liu
+-  Mingli Yu
+-  Narpat Mali
+-  Pavel Zhukov
+-  Pawan Badganchi
+-  Peter Marko
+-  Piotr Łobacz
+-  Poonam Jadhav
+-  Randy MacLeod
+-  Richard Purdie
+-  Robert Yang
+-  Romuald Jeanne
+-  Ross Burton
+-  Sakib Sajal
+-  Saul Wold
+-  Shubham Kulkarni
+-  Siddharth Doshi
+-  Simone Weiss
+-  Steve Sakoman
+-  Tim Orling
+-  Tom Hochstein
+-  Trevor Woerner
+-  Ulrich Ölmann
+-  Vivek Kumbhar
+-  Wang Mingyu
+-  Xiangyu Chen
+-  Yash Shinde
+
+
+Repositories / Downloads for Yocto-4.0.9
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+-  Repository Location: :yocto_git:`/poky`
+-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.9 </poky/log/?h=yocto-4.0.9>`
+-  Git Revision: :yocto_git:`09def309f91929f47c6cce386016ccb777bd2cfc </poky/commit/?id=09def309f91929f47c6cce386016ccb777bd2cfc>`
+-  Release Artefact: poky-09def309f91929f47c6cce386016ccb777bd2cfc
+-  sha: 5c7ce209c8a6b37ec2898e5ca21858234d91999c11fa862880ba98e8bde62f63
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.9/poky-09def309f91929f47c6cce386016ccb777bd2cfc.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.9/poky-09def309f91929f47c6cce386016ccb777bd2cfc.tar.bz2
+
+openembedded-core
+
+-  Repository Location: :oe_git:`/openembedded-core`
+-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+-  Tag:  :oe_git:`yocto-4.0.9 </openembedded-core/log/?h=yocto-4.0.9>`
+-  Git Revision: :oe_git:`ff4b57ffff903a93b710284c7c7f916ddd74712f </openembedded-core/commit/?id=ff4b57ffff903a93b710284c7c7f916ddd74712f>`
+-  Release Artefact: oecore-ff4b57ffff903a93b710284c7c7f916ddd74712f
+-  sha: 726778ffc291136db1704316b196de979f68df9f96476b785e1791957fbb66b3
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.9/oecore-ff4b57ffff903a93b710284c7c7f916ddd74712f.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.9/oecore-ff4b57ffff903a93b710284c7c7f916ddd74712f.tar.bz2
+
+meta-mingw
+
+-  Repository Location: :yocto_git:`/meta-mingw`
+-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.9 </meta-mingw/log/?h=yocto-4.0.9>`
+-  Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>`
+-  Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1
+-  sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.9/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.9/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+
+meta-gplv2
+
+-  Repository Location: :yocto_git:`/meta-gplv2`
+-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+-  Tag:  :yocto_git:`yocto-4.0.9 </meta-gplv2/log/?h=yocto-4.0.9>`
+-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.9/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.9/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+-  Repository Location: :oe_git:`/bitbake`
+-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+-  Tag:  :oe_git:`yocto-4.0.9 </bitbake/log/?h=yocto-4.0.9>`
+-  Git Revision: :oe_git:`2802adb572eb73a3eb2725a74a9bbdaafc543fa7 </bitbake/commit/?id=2802adb572eb73a3eb2725a74a9bbdaafc543fa7>`
+-  Release Artefact: bitbake-2802adb572eb73a3eb2725a74a9bbdaafc543fa7
+-  sha: 5c6e713b5e26b3835c0773095c7a1bc1f8affa28316b33597220ed86f1f1b643
+-  Download Locations:
+   http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.9/bitbake-2802adb572eb73a3eb2725a74a9bbdaafc543fa7.tar.bz2
+   http://mirrors.kernel.org/yocto/yocto/yocto-4.0.9/bitbake-2802adb572eb73a3eb2725a74a9bbdaafc543fa7.tar.bz2
+
+yocto-docs
+
+-  Repository Location: :yocto_git:`/yocto-docs`
+-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+-  Tag: :yocto_git:`yocto-4.0.9 </yocto-docs/log/?h=yocto-4.0.9>`
+-  Git Revision: :yocto_git:`86d0b38a97941ad52b1af220c7b801a399d50e93 </yocto-docs/commit/?id=86d0b38a97941ad52b1af220c7b801a399d50e93>`
+

documentation/migration-guides/release-notes-4.1.rst

@@ -238,20 +238,20 @@ Security Fixes in 4.1
 - grub2: :cve:`2021-3695`, :cve:`2021-3696`, :cve:`2021-3697`, :cve:`2022-28733`, :cve:`2022-28734`, :cve:`2022-28735`
 - inetutils: :cve:`2022-39028`
 - libtirpc: :cve:`2021-46828`
-- libxml2: :cve:`2016-3709 (ignored)`
-- libxslt: :cve:`2022-29824 (not applicable)`
+- libxml2: :cve:`2016-3709` (ignored)
+- libxslt: :cve:`2022-29824` (not applicable)
 - linux-yocto/5.15: :cve:`2022-28796`
 - logrotate: :cve:`2022-1348`
 - lua: :cve:`2022-33099`
-- nasm: :cve:`2020-18974 (ignored)`
+- nasm: :cve:`2020-18974` (ignored)
 - ncurses: :cve:`2022-29458`
 - openssl: :cve:`2022-1292`, :cve:`2022-1343`, :cve:`2022-1434`, :cve:`2022-1473`, :cve:`2022-2068`, :cve:`2022-2274`, :cve:`2022-2097`
-- python3: :cve:`2015-20107 (ignored)`
-- qemu: :cve:`2021-20255 (ignored)`, :cve:`2019-12067 (ignored)`, :cve:`2021-3507`, :cve:`2022-0216`, :cve:`2022-2962`, :cve:`2022-35414`
+- python3: :cve:`2015-20107` (ignored)
+- qemu: :cve:`2021-20255` (ignored), :cve:`2019-12067` (ignored), :cve:`2021-3507`, :cve:`2022-0216`, :cve:`2022-2962`, :cve:`2022-35414`
 - rpm: :cve:`2021-35937`, :cve:`2021-35938`, :cve:`2021-35939`
 - rsync: :cve:`2022-29154`
 - subversion: :cve:`2021-28544`, :cve:`2022-24070`
-- tiff: :cve:`2022-1210 (not applicable)`, :cve:`2022-1622`, :cve:`2022-1623 (invalid)`, :cve:`2022-2056`, :cve:`2022-2057`, :cve:`2022-2058`, :cve:`2022-2953`, :cve:`2022-34526`
+- tiff: :cve:`2022-1210` (not applicable), :cve:`2022-1622`, :cve:`2022-1623` (invalid), :cve:`2022-2056`, :cve:`2022-2057`, :cve:`2022-2058`, :cve:`2022-2953`, :cve:`2022-34526`
 - unzip: :cve:`2022-0529`, :cve:`2022-0530`
 - vim: :cve:`2022-1381`, :cve:`2022-1420`, :cve:`2022-1621`, :cve:`2022-1629`, :cve:`2022-1674`, :cve:`2022-1733`, :cve:`2022-1735`, :cve:`2022-1769`, :cve:`2022-1771`, :cve:`2022-1785`, :cve:`2022-1796`, :cve:`2022-1927`, :cve:`2022-1942`, :cve:`2022-2257`, :cve:`2022-2264`, :cve:`2022-2284`, :cve:`2022-2285`, :cve:`2022-2286`, :cve:`2022-2287`, :cve:`2022-2816`, :cve:`2022-2817`, :cve:`2022-2819`, :cve:`2022-2845`, :cve:`2022-2849`, :cve:`2022-2862`, :cve:`2022-2874`, :cve:`2022-2889`, :cve:`2022-2980`, :cve:`2022-2946`, :cve:`2022-2982`, :cve:`2022-3099`, :cve:`2022-3134`, :cve:`2022-3234`, :cve:`2022-3278`
 - zlib: :cve:`2022-37434`

documentation/migration-guides/release-notes-4.2.rst

@@ -6,23 +6,895 @@ Release notes for 4.2 (mickledore)
 New Features / Enhancements in 4.2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-- Python 3.8 is the minimum Python version required on the build host.
-  For host distributions that do not provide it, this is included as part of the
-  :term:`buildtools` tarball.
+-  Linux kernel 6.1, glibc 2.37 and ~350 other recipe upgrades
 
-- This release now supports a new ``addpylib`` directive to enable
-  Python libraries within layers.
+-  Rust improvements:
 
-  This directive should be added to your layer configuration,
-  as in the below example from ``meta/conf/layer.conf``::
+   -  This release adds Cargo support on the target, and includes
+      automated QA tests for this functionality.
 
-     addpylib ${LAYERDIR}/lib oe
+   -  It also supports checksums for Rust crates and makes
+      them mandatory for each crate in a recipe.
+
+   -  New :ref:`ref-classes-cargo-update-recipe-crates` class to
+      enable updating :term:`SRC_URI` crate lists from ``Cargo.lock``
+
+   -  Enabled building Rust for baremetal targets
+
+   -  You can now also easily select to build beta or nightly
+      versions of rust with a new :term:`RUST_CHANNEL` variable
+      (use at own risk)
+
+   -  Support for local github repos in :term:`SRC_URI` as
+      replacements for cargo dependencies
+
+   -  Use built-in rust targets for -native builds to save several
+      minutes building the Rust toolchain
+
+-  Python 3.8+ and GCC 8.0+ are now the minimum required versions on the build host
+
+-  BitBake in this release now supports a new ``addpylib`` directive to enable
+   Python libraries within layers. For more information,
+   see :ref:`bitbake-user-manual/bitbake-user-manual-metadata:extending python library code`.
+
+-  BitBake has seen multiple internal changes that may improve
+   memory and disk usage as well as parsing time, in particular:
+
+   -  BitBake's Cooker server is now multithreaded.
+
+   -  Ctrl+C can now be used to interrupt some long-running operations
+      that previously ignored it.
+
+   -  BitBake's cache has been extended to include more hash
+      debugging data, but has also been optimized to :yocto_git:`compress
+      cache data <https://git.yoctoproject.org/poky/commit/?h=mickledore&id=7d010055e2af3294e17db862f42664ca689a9356>`.
+
+   -  BitBake's UI will now ping the server regularly to ensure
+      it is still alive.
 
 -  Architecture-specific enhancements:
 
+   -  This release adds initial support for the
+      :wikipedia:`LoongArch <Loongson#LoongArch>`
+      (``loongarch64``) architecture, though there is no testing for it yet.
+
+   -  New ``x86-64-v3`` tunes (AVX, AVX2, BMI1, BMI2, F16C, FMA, LZCNT, MOVBE, XSAVE)
+
+   -  go: add support to build on ppc64le
+   -  rust: rustfmt now working and installed for riscv32
+   -  libpng: enable NEON for aarch64 to enensure consistency with arm32.
+   -  baremetal-helloworld: Enable x86 and x86-64 ports
+
 -  Kernel-related enhancements:
 
+   -  Added some support for building 6.2/6.3-rc kernels
+   -  linux-yocto-dev: mark as compatible with qemuarm64 and qemuarmv5
+   -  Add kernel specific OBJCOPY to help switching toolchains cleanly for kernel build between gcc and clang
+
+-  New core recipes:
+
+   - ``debugedit``
+   - ``gtk4`` (import from meta-gnome)
+   - ``gcr``: add recipe for gcr-4
+   - ``graphene`` (import from meta-oe)
+   - ``libc-test``
+   - ``libportal`` (import from meta-gnome)
+   - ``libslirp``
+   - ``libtest-fatal-perl``
+   - ``libtest-warnings-perl`` (import from meta-perl)
+   - ``libtry-tiny-perl``
+   - ``python3-build``
+   - ``python3-pyproject-hooks``
+   - ``python3-hatch-fancy-pypi-readme``
+   - ``python3-unittest-automake``
+
 -  QEMU/runqemu enhancements:
 
+   -  Set ``QB_SMP`` with ?= to make it easier to modify
+   -  Set ``QB_CPU`` with ?= to make it easier to modify (x86 configuration only)
+   -  New ``QB_NFSROOTFS_EXTRA_OPT`` to allow extra options to be appended to the nfs rootfs options in kernel boot args, e.g. ``"wsize=4096,rsize=4096"``
+   -  New ``QB_SETUP_CMD`` and ``QB_CLEANUP_CMD`` to enable running custom shell setup and cleanup commands before and after QEMU.
+   -  ``QB_DEFAULT_KERNEL`` now defaults to pick the bundled initramfs kernel image if the Linux kernel image is generated with :term:`INITRAMFS_IMAGE_BUNDLE` set to "1"
+   -  Split out the QEMU guest agent to its own ``qemu-guest-agent`` package
+   -  runqemu: new "guestagent" option to enable communication with the guest agent
+   -  runqemu: respect :term:`IMAGE_LINK_NAME` when searching for image
+
 -  Image-related enhancements:
 
+   -  Add 7-Zip support in image conversion types (``7zip``)
+   -  New :term:`IMAGE_MACHINE_SUFFIX` variable to allow easily removing machine name suffix from image file names
+
+-  wic Image Creator enhancements:
+
+   -  bootimg-efi: add support for directly loading Linux kernel UEFI stub
+   -  bootimg-efi: implement --include-path
+   -  Allow usage of fstype=none to specify an unformatted partition
+   -  Implement repeatable disk identifiers based on SOURCE_DATE_EPOCH
+
+-  FIT image related improvements:
+
+   -  FIT image signing support has been reworked to remove interdependencies and make it more easily extensible
+   -  Skip FDT section creation for applicable symlinks to avoid the same dtb being duplicated
+   -  New :term:`FIT_CONF_DEFAULT_DTB` variable to enable selecting default dtb when multiple dtbs exist
+
+-  SDK-related improvements:
+
+   -  Extended the following recipes to nativesdk:
+
+      - ``bc``
+      - ``gi-docgen``
+      - ``gperf``
+      - ``python3-iniconfig``
+      - ``python3-atomicwrites``
+      - ``python3-markdown``
+      - ``python3-smartypants``
+      - ``python3-typogrify``
+      - ``ruby``
+      - ``unifdef``
+
+   -  New :term:`SDK_ZIP_OPTIONS` variable to enable passing additional options to the zip command when preparing the SDK zip archive
+   -  New Rust SDK target packagegroup (packagegroup-rust-sdk-target)
+
+-  Testing:
+
+   -  The ptest images have changed structure in this release. The
+      underlying ``core-image-ptest`` recipe now uses :term:`BBCLASSEXTEND` to
+      create a variant for each ptest enabled recipe in OE-Core.
+
+      For example, this means that ``core-image-ptest-bzip2``,
+      ``core-image-ptest-lttng-tools`` and many more image targets now exist
+      and can be built/tested individually.
+
+      The ``core-image-ptest-all`` and ``core-image-ptest-fast`` targets are now
+      wrappers that target groups of individual images and means that the tests
+      can be executed in parallel during our automated testing. This also means
+      the dependencies are more accurately tested.
+
+   -  It is now possible to track regression changes between releases using
+      :oe_git:`yocto_testresults_query.py </openembedded-core/tree/scripts/yocto_testresults_query.py>`,
+      which is a thin wrapper over :oe_git:`resulttool
+      </openembedded-core/tree/scripts/resulttool>`. Here is an example
+      command, which allowed to spot and fix a regression in the
+      ``quilt`` ptest::
+
+         yocto_testresults_query.py regression-report 4.2_M1 4.2_M2
+
+      See this `blog post about regression detection
+      <https://bootlin.com/blog/continuous-integration-in-yocto-improving-the-regressions-detection/>`__.
+
+   -  This release adds support for parallel ptest execution with a ptest per image.
+      This takes ptest execution time from 3.5 hours to around 45 minutes on the autobuilder.
+
+   -  Basic Rust compile/run and cargo tests
+
+   -  New ``python3-unittest-automake`` recipe which provides modules for pytest
+      and unittest to adjust their output to automake-style for easier integration
+      with the ptest system.
+
+   -  ptest support added to ``bc``, ``cpio`` and ``gnutls``, and fixes made to
+      ptests in numerous other recipes.
+
+   -  ``ptest-runner`` now adds a non-root "ptest" user for tests to run as
+
+   -  resulttool: add a --list-ptest option to the log subcommand to list ptest names
+      in a results file
+
+   -  resulttool: regression: add metadata filtering for oeselftest
+
+
+-  New :term:`PACKAGECONFIG` options in the following recipes:
+
+   - ``at-spi2-core``
+   - ``base-passwd``
+   - ``cronie``
+   - ``cups``
+   - ``cups``
+   - ``curl``
+   - ``file``
+   - ``gstreamer1.0-plugins-good``
+   - ``gtk+3``
+   - ``iproute2``
+   - ``libsdl2``
+   - ``libtiff``
+   - ``llvm``
+   - ``mesa``
+   - ``psmisc``
+   - ``qemu``
+   - ``sudo``
+   - ``systemd``
+   - ``tiff``
+   - ``util-linux``
+
+-  Extended the following recipes to native:
+
+   - ``iso-codes``
+   - ``libxkbcommon``
+   - ``p11-kit``
+   - ``python3-atomicwrites``
+   - ``python3-dbusmock``
+   - ``python3-iniconfig``
+   - ``xkeyboard-config``
+
+-  Utility script changes:
+
+   -  devtool: ignore patch-fuzz errors when extracting source in order to enable fixing fuzz issues
+   -  oe-setup-layers: Make efficiently idempotent
+   -  oe-setup-layers: print a note about submodules if present
+   -  New buildstats-summary script to show a summary of the buildstats data
+   -  report-error: catch Nothing PROVIDES error
+   -  combo-layer: add sync-revs command
+   -  scripts: convert-overrides: Allow command-line customizations
+
+-  bitbake-layers improvements:
+
+   -  layerindex-fetch: checkout layer(s) branch when clone exists
+   -  create: add -a/--add-layer option to add layer to bblayers.conf after creating layer
+   -  show-layers: improve output layout
+
+-  Other BitBake improvements:
+
+   -  Inline python snippets can now include dictionary expressions
+   -  Evaluate the value of export/unexport/network flags so that they can be reset to "0"
+   -  Make :term:`EXCLUDE_FROM_WORLD` boolean so that it can be reset to "0"
+   -  Support int values in bb.utils.to_boolean() in addition to strings
+   -  bitbake-getvar: Add a quiet command line argument
+   -  Allow the '@' character in variable flag names
+   -  Python library code will now be included when calculating task hashes
+   -  fetch2/npmsw: add more short forms for git operations
+   -  Display a warning when ``SRCREV = "${AUTOREV}"`` is set too late to be effective
+   -  Display all missing :term:`SRC_URI` checksums at once
+   -  Improve error message for a missing multiconfig
+   -  Switch to a new :term:`BB_CACHEDIR` variable for codeparser cache location
+   -  Mechanism introduced to reduce the codeparser cache unnecessarily growing in size
+
+-  Packaging changes:
+
+   -  rng-tools is no longer recommended by openssh, and the rng-tools service files have been split out to their own package
+   -  linux-firmware: split rtl8761 and amdgpu firmware
+   -  linux-firmware: add new fw file to ${PN}-qcom-adreno-a530
+   -  iproute2: separate routel and add python dependency
+   -  xinetd: move xconv.pl script to separate package
+   -  perf: Enable debug/source packaging
+
+-  Miscellaneous changes:
+
+   -  Supporting 64 bit dates on 32 bit platforms: several packages have been
+      updated to pass Y2038 tests, and a QA check for 32 bit time and file
+      offset functions has been added (default off)
+
+   -  Patch fuzz/Upstream-Status checking has been reworked:
+      -  Upstream-Status checking is now configurable from :term:`WARN_QA`/:term:`ERROR_QA` (``patch-status-core``)
+      -  Can now be enabled for non-core layers (``patch-status-noncore``)
+      -  ``patch-fuzz`` is now in :term:`ERROR_QA` by default, and actually stops the build
+
+   -  Many packages were updated to add large file support.
+
+   -  New :term:`VOLATILE_TMP_DIR` variable allows to specify whether ``/tmp``
+      should be on persistent storage or in RAM.
+
+   -  vulkan-loader: Allow headless targets to build the loader
+   -  dhcpcd: fix to work with systemd
+   -  u-boot: Add /boot to :term:`SYSROOT_DIRS` to allow boot files to be used by other recipes
+   -  linux-firmware: don't put the firmware into the sysroot
+   -  cups: add :term:`PACKAGECONFIG` to control web interface and default to off
+   -  buildtools-tarball: export certificates to python and curl
+   -  yocto-check-layer: Allow OE-Core to be tested
+   -  yocto-check-layer: check for patch file upstream status
+   -  boost: enable building Boost.URL library
+   -  native: Drop special variable handling
+   -  poky: make it easier to set :term:`INIT_MANAGER` from local.conf
+   -  create-spdx: Add support for custom Annotations
+   -  create-spdx: Report downloads as separate packages
+   -  create-spdx: Removed the top-level image SPDX file and the JSON index file from :term:`DEPLOYDIR` to avoid confusion
+   -  os-release: replace ``DISTRO_CODENAME`` with ``VERSION_CODENAME`` (still set from :term:`DISTRO_CODENAME`)
+   -  weston: Add kiosk shell
+   -  overlayfs: Allow unused mount points
+   -  sstatesig: emit more helpful error message when not finding sstate manifest
+   -  pypi.bbclass: Set :term:`SRC_URI` downloadfilename with an optional prefix
+   -  poky-bleeding: Update and rework
+   -  package.bbclass: check if package names conflict via PKG:${PN} override in do_package
+   -  cve-update-nvd2-native: new NVD CVE database fetcher using the 2.0 API
+   -  mirrors.bbclass: use shallow tarball for binutils-native/nativesdk-binutils
+   -  meta/conf: move default configuration templates into meta/conf/templates/default
+   -  binutils: Enable --enable-new-dtags as per many Linux distributions
+   -  base-files: Drop localhost.localdomain from hosts file as per many Linux distributions
+   -  packagegroup-core-boot: make init-ifupdown package a recommendation
+
+
+Known Issues in 4.2
+~~~~~~~~~~~~~~~~~~~
+
+
+Recipe License changes in 4.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The following corrections have been made to the :term:`LICENSE` values set by recipes:
+
+- curl: set :term:`LICENSE` appropriately to "curl" as it is a special derivative of the MIT/X license, not exactly that license.
+- libgit2: added Zlib, ISC, LGPL-2.1-or-later and CC0-1.0 to :term:`LICENSE` covering portions of the included code.
+- linux-firmware: set package :term:`LICENSE` appropriately for all qcom packages
+
+
+
+Security Fixes in 4.2
+~~~~~~~~~~~~~~~~~~~~~
+
+- binutils: :cve:`2022-4285`, :cve:`2023-25586`
+- curl: :cve:`2022-32221`, :cve:`2022-35260`, :cve:`2022-42915`, :cve:`2022-42916`
+- epiphany: :cve:`2023-26081`
+- expat: :cve:`2022-43680`
+- ffmpeg: :cve:`2022-3964`, :cve:`2022-3965`
+- git: :cve:`2022-39260`, :cve:`2022-41903`, :cve:`2022-23521`, :cve:`2022-41953` (ignored)
+- glibc: :cve:`2023-25139` (ignored)
+- go: :cve:`2023-2453`
+- grub2: :cve:`2022-2601`, :cve:`2022-3775`, :cve:`2022-28736`
+- inetutils: :cve:`2019-0053`
+- less: :cve:`2022-46663`
+- libarchive: :cve:`2022-36227`
+- libinput: :cve:`2022-1215`
+- libpam: :cve:`2022-28321`
+- libpng: :cve:`2019-6129`
+- libx11: :cve:`2022-3554`
+- openssh: :cve:`2023-28531`
+- openssl: :cve:`2022-3358`, :cve:`2022-3786`, :cve:`2022-3602`, :cve:`2022-3996`, :cve:`2023-0286`, :cve:`2022-4304`, :cve:`2022-4203`, :cve:`2023-0215`, :cve:`2022-4450`, :cve:`2023-0216`, :cve:`2023-0217`, :cve:`2023-0401`, :cve:`2023-0464`
+- ppp: :cve:`2022-4603`
+- python3-cryptography{-vectors}: :cve:`2022-3602`, :cve:`2022-3786`, :cve:`2023-23931`
+- python3: :cve:`2022-37460`
+- qemu: :cve:`2022-3165`
+- rust: :cve:`2022-46176`
+- rxvt-unicode: :cve:`2022-4170`
+- shadow: :cve:`2016-15024` (ignored)
+- sudo: :cve:`2022-43995`
+- systemd: :cve:`2022-4415` (ignored)
+- tar: :cve:`2022-48303`
+- tiff: :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570`, :cve:`2022-3598`, :cve:`2022-3970`, :cve:`2022-48281`
+- vim: :cve:`2022-3352`, :cve:`2022-4141`, :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054`, :cve:`2023-0288`, :cve:`2023-1127`, :cve:`2023-1170`, :cve:`2023-1175`, :cve:`2023-1127`, :cve:`2023-1170`, :cve:`2023-1175`, :cve:`2023-1264`, :cve:`2023-1355`, :cve:`2023-0433`, :cve:`2022-47024`, :cve:`2022-3705`
+- xdg-utils: :cve:`2022-4055`
+- xserver-xorg: :cve:`2022-3550`, :cve:`2022-3551`, :cve:`2023-0494`, :cve:`2022-3553` (ignored)
+
+
+Recipe Upgrades in 4.2
+~~~~~~~~~~~~~~~~~~~~~~
+
+- acpid: upgrade 2.0.33 -> 2.0.34
+- adwaita-icon-theme: update 42.0 -> 43
+- alsa-lib: upgrade 1.2.7.2 -> 1.2.8
+- alsa-ucm-conf: upgrade 1.2.7.2 -> 1.2.8
+- alsa-utils: upgrade 1.2.7 -> 1.2.8
+- apr: update 1.7.0 -> 1.7.2
+- apr-util: update 1.6.1 -> 1.6.3
+- argp-standalone: replace with a maintained fork
+- at-spi2-core: upgrade 2.44.1 -> 2.46.0
+- autoconf-archive: upgrade 2022.09.03 -> 2023.02.20
+- babeltrace: upgrade 1.5.8 -> 1.5.11
+- base-passwd: Update to 3.6.1
+- bash: update 5.1.16 -> 5.2.15
+- bind: upgrade 9.18.7 -> 9.18.12
+- binutils: Upgrade to 2.40 release
+- bluez: update 5.65 -> 5.66
+- boost-build-native: update 1.80.0 -> 1.81.0
+- boost: upgrade 1.80.0 -> 1.81.0
+- btrfs-tools: upgrade 5.19.1 -> 6.1.3
+- busybox: 1.35.0 -> 1.36.0
+- ccache: upgrade 4.6.3 -> 4.7.4
+- cmake: update 3.24.0 -> 3.25.2
+- cracklib: upgrade to v2.9.10
+- curl: upgrade 7.86.0 -> 8.0.1
+- dbus: upgrade 1.14.0 -> 1.14.6
+- diffoscope: upgrade 221 -> 236
+- diffstat: upgrade 1.64 -> 1.65
+- diffutils: update 3.8 -> 3.9
+- dos2unix: upgrade 7.4.3 -> 7.4.4
+- dpkg: update 1.21.9 -> 1.21.21
+- dropbear: upgrade 2022.82 -> 2022.83
+- dtc: upgrade 1.6.1 -> 1.7.0
+- e2fsprogs: upgrade 1.46.5 -> 1.47.0
+- ed: upgrade 1.18 -> 1.19
+- elfutils: update 0.187 -> 0.188
+- ell: upgrade 0.53 -> 0.56
+- enchant2: upgrade 2.3.3 -> 2.3.4
+- encodings: update 1.0.6 -> 1.0.7
+- epiphany: update 42.4 -> 43.1
+- ethtool: upgrade 5.19 -> 6.2
+- expat: upgrade to 2.5.0
+- ffmpeg: upgrade 5.1.1 -> 5.1.2
+- file: upgrade 5.43 -> 5.44
+- flac: update 1.4.0 -> 1.4.2
+- font-alias: update 1.0.4 -> 1.0.5
+- fontconfig: upgrade 2.14.0 -> 2.14.2
+- font-util: upgrade 1.3.3 -> 1.4.0
+- freetype: update 2.12.1 -> 2.13.0
+- gawk: update 5.1.1 -> 5.2.1
+- gcr3: update 3.40.0 -> 3.41.1
+- gcr: rename gcr -> gcr3
+- gdb: Upgrade to 13.1
+- gdk-pixbuf: upgrade 2.42.9 -> 2.42.10
+- gettext: update 0.21 -> 0.21.1
+- ghostscript: update 9.56.1 -> 10.0.0
+- gi-docgen: upgrade 2022.1 -> 2023.1
+- git: upgrade 2.37.3 -> 2.39.2
+- glib-2.0: update 2.72.3 -> 2.74.6
+- glibc: upgrade to 2.37 release + stable updates
+- glib-networking: update 2.72.2 -> 2.74.0
+- glslang: upgrade 1.3.236.0 -> 1.3.239.0
+- gnu-config: upgrade to latest revision
+- gnupg: upgrade 2.3.7 -> 2.4.0
+- gnutls: upgrade 3.7.7 -> 3.8.0
+- gobject-introspection: upgrade 1.72.0 -> 1.74.0
+- go: update 1.19 -> 1.20.1
+- grep: update 3.7 -> 3.10
+- gsettings-desktop-schemas: upgrade 42.0 -> 43.0
+- gstreamer1.0: upgrade 1.20.3 -> 1.22.0
+- gtk+3: upgrade 3.24.34 -> 3.24.36
+- gtk4: update 4.8.2 -> 4.10.0
+- harfbuzz: upgrade 5.1.0 -> 7.1.0
+- hdparm: update 9.64 -> 9.65
+- help2man: upgrade 1.49.2 -> 1.49.3
+- icu: update 71.1 -> 72-1
+- ifupdown: upgrade 0.8.37 -> 0.8.41
+- igt-gpu-tools: upgrade 1.26 -> 1.27.1
+- inetutils: upgrade 2.3 -> 2.4
+- init-system-helpers: upgrade 1.64 -> 1.65.2
+- iproute2: upgrade 5.19.0 -> 6.2.0
+- iptables: update 1.8.8 -> 1.8.9
+- iputils: update to 20221126
+- iso-codes: upgrade 4.11.0 -> 4.13.0
+- jquery: upgrade 3.6.0 -> 3.6.3
+- kexec-tools: upgrade 2.0.25 -> 2.0.26
+- kmscube: upgrade to latest revision
+- libarchive: upgrade 3.6.1 -> 3.6.2
+- libbsd: upgrade 0.11.6 -> 0.11.7
+- libcap: upgrade 2.65 -> 2.67
+- libdnf: update 0.69.0 -> 0.70.0
+- libdrm: upgrade 2.4.113 -> 2.4.115
+- libedit: upgrade 20210910-3.1 -> 20221030-3.1
+- libepoxy: update 1.5.9 -> 1.5.10
+- libffi: upgrade 3.4.2 -> 3.4.4
+- libfontenc: upgrade 1.1.6 -> 1.1.7
+- libgit2: upgrade 1.5.0 -> 1.6.3
+- libgpg-error: update 1.45 -> 1.46
+- libhandy: update 1.6.3 -> 1.8.1
+- libical: upgrade 3.0.14 -> 3.0.16
+- libice: update 1.0.10 -> 1.1.1
+- libidn2: upgrade 2.3.3 -> 2.3.4
+- libinput: upgrade 1.19.4 -> 1.22.1
+- libjpeg-turbo: upgrade 2.1.4 -> 2.1.5.1
+- libksba: upgrade 1.6.0 -> 1.6.3
+- libmicrohttpd: upgrade 0.9.75 -> 0.9.76
+- libmodule-build-perl: update 0.4231 -> 0.4232
+- libmpc: upgrade 1.2.1 -> 1.3.1
+- libnewt: update 0.52.21 -> 0.52.23
+- libnotify: upgrade 0.8.1 -> 0.8.2
+- libpcap: upgrade 1.10.1 -> 1.10.3
+- libpciaccess: update 0.16 -> 0.17
+- libpcre2: upgrade 10.40 -> 10.42
+- libpipeline: upgrade 1.5.6 -> 1.5.7
+- libpng: upgrade 1.6.38 -> 1.6.39
+- libpsl: upgrade 0.21.1 -> 0.21.2
+- librepo: upgrade 1.14.5 -> 1.15.1
+- libsdl2: upgrade 2.24.1 -> 2.26.3
+- libsm: 1.2.3 > 1.2.4
+- libsndfile1: upgrade 1.1.0 -> 1.2.0
+- libsolv: upgrade 0.7.22 -> 0.7.23
+- libsoup-2.4: upgrade 2.74.2 -> 2.74.3
+- libsoup: upgrade 3.0.7 -> 3.2.2
+- libtest-fatal-perl: upgrade 0.016 -> 0.017
+- libtest-needs-perl: upgrade 0.002009 -> 0.002010
+- libunistring: upgrade 1.0 -> 1.1
+- liburcu: upgrade 0.13.2 -> 0.14.0
+- liburi-perl: upgrade 5.08 -> 5.17
+- libva: upgrade 2.15.0 -> 2.16.0
+- libva-utils: upgrade 2.15.0 -> 2.17.1
+- libwebp: upgrade 1.2.4 -> 1.3.0
+- libwpe: upgrade 1.12.3 -> 1.14.1
+- libx11: 1.8.1 -> 1.8.4
+- libx11-compose-data: 1.6.8 -> 1.8.4
+- libxau: upgrade 1.0.10 -> 1.0.11
+- libxcomposite: update 0.4.5 -> 0.4.6
+- libxcrypt-compat: upgrade 4.4.30 -> 4.4.33
+- libxcrypt: upgrade 4.4.28 -> 4.4.30
+- libxdamage: update 1.1.5 -> 1.1.6
+- libxdmcp: update 1.1.3 -> 1.1.4
+- libxext: update 1.3.4 -> 1.3.5
+- libxft: update 2.3.4 -> 2.3.6
+- libxft: upgrade 2.3.6 -> 2.3.7
+- libxinerama: update 1.1.4 -> 1.1.5
+- libxkbcommon: upgrade 1.4.1 -> 1.5.0
+- libxkbfile: update 1.1.0 -> 1.1.1
+- libxkbfile: upgrade 1.1.1 -> 1.1.2
+- libxml2: upgrade 2.9.14 -> 2.10.3
+- libxmu: update 1.1.3 -> 1.1.4
+- libxpm: update 3.5.13 -> 3.5.15
+- libxrandr: update 1.5.2 -> 1.5.3
+- libxrender: update 0.9.10 -> 0.9.11
+- libxres: update 1.2.1 -> 1.2.2
+- libxscrnsaver: update 1.2.3 -> 1.2.4
+- libxshmfence: update 1.3 -> 1.3.2
+- libxslt: upgrade 1.1.35 -> 1.1.37
+- libxtst: update 1.2.3 -> 1.2.4
+- libxv: update 1.0.11 -> 1.0.12
+- libxxf86vm: update 1.1.4 -> 1.1.5
+- lighttpd: upgrade 1.4.66 -> 1.4.69
+- linux-firmware: upgrade 20220913 -> 20230210
+- linux-libc-headers: bump to 6.1
+- linux-yocto/5.15: update genericx86* machines to v5.15.78
+- linux-yocto/5.15: update to v5.15.103
+- linux-yocto/6.1: update to v6.1.20
+- linux-yocto-dev: bump to v6.3
+- linux-yocto-rt/5.15: update to -rt59
+- linux-yocto-rt/6.1: update to -rt7
+- llvm: update 14.0.6 -> 15.0.7
+- log4cplus: upgrade 2.0.8 -> 2.1.0
+- logrotate: upgrade 3.20.1 -> 3.21.0
+- lsof: upgrade 4.95.0 -> 4.98.0
+- ltp: upgrade 20220527 -> 20230127
+- lttng-modules: upgrade 2.13.4 -> 2.13.9
+- lttng-tools: update 2.13.8 -> 2.13.9
+- lttng-ust: upgrade 2.13.4 -> 2.13.5
+- makedepend: upgrade 1.0.6 -> 1.0.8
+- make: update 4.3 -> 4.4.1
+- man-db: update 2.10.2 -> 2.11.2
+- man-pages: upgrade 5.13 -> 6.03
+- matchbox-config-gtk: Update to latest SRCREV
+- matchbox-desktop-2: Update 2.2 -> 2.3
+- matchbox-panel-2: Update 2.11 -> 2.12
+- matchbox-terminal: Update to latest SRCREV
+- matchbox-wm: Update 1.2.2 -> 1.2.3
+- mc: update 4.8.28 -> 4.8.29
+- mesa: update 22.2.0 -> 23.0.0
+- meson: upgrade 0.63.2 -> 1.0.1
+- mmc-utils: upgrade to latest revision
+- mobile-broadband-provider-info: upgrade 20220725 -> 20221107
+- mpfr: upgrade 4.1.0 -> 4.2.0
+- mpg123: upgrade 1.30.2 -> 1.31.2
+- msmtp: upgrade 1.8.22 -> 1.8.23
+- mtd-utils: upgrade 2.1.4 -> 2.1.5
+- mtools: upgrade 4.0.40 -> 4.0.42
+- musl-obstack: Update to 1.2.3
+- musl: Upgrade to latest master
+- nasm: update 2.15.05 -> 2.16.01
+- ncurses: upgrade 6.3+20220423 -> 6.4
+- netbase: upgrade 6.3 -> 6.4
+- newlib: Upgrade 4.2.0 -> 4.3.0
+- nghttp2: upgrade 1.49.0 -> 1.52.0
+- numactl: upgrade 2.0.15 -> 2.0.16
+- opensbi: Upgrade to 1.2 release
+- openssh: upgrade 9.0p1 -> 9.3p1
+- openssl: Upgrade 3.0.5 -> 3.1.0
+- opkg: upgrade to version 0.6.1
+- orc: upgrade 0.4.32 -> 0.4.33
+- ovmf: upgrade edk2-stable202205 -> edk2-stable202211
+- pango: upgrade 1.50.9 -> 1.50.13
+- patchelf: upgrade 0.15.0 -> 0.17.2
+- pciutils: upgrade 3.8.0 -> 3.9.0
+- piglit: upgrade to latest revision
+- pinentry: update 1.2.0 -> 1.2.1
+- pixman: upgrade 0.40.0 -> 0.42.2
+- pkgconf: upgrade 1.9.3 -> 1.9.4
+- popt: update 1.18 -> 1.19
+- powertop: upgrade 2.14 -> 2.15
+- procps: update 3.3.17 -> 4.0.3
+- psmisc: upgrade 23.5 -> 23.6
+- puzzles: upgrade to latest revision
+- python3-alabaster: upgrade 0.7.12 -> 0.7.13
+- python3-attrs: upgrade 22.1.0 -> 22.2.0
+- python3-babel: upgrade 2.10.3 -> 2.12.1
+- python3-bcrypt: upgrade 3.2.2 -> 4.0.1
+- python3-certifi: upgrade 2022.9.14 -> 2022.12.7
+- python3-chardet: upgrade 5.0.0 -> 5.1.0
+- python3-cryptography: upgrade 38.0.3 -> 39.0.4
+- python3-cryptography-vectors: upgrade 37.0.4 -> 39.0.2
+- python3-cython: upgrade 0.29.32 -> 0.29.33
+- python3-dbusmock: update 0.28.4 -> 0.28.7
+- python3-dbus: upgrade 1.2.18 -> 1.3.2
+- python3-dtschema: upgrade 2022.8.3 -> 2023.1
+- python3-flit-core: upgrade 3.7.1 -> 3.8.0
+- python3-gitdb: upgrade 4.0.9 -> 4.0.10
+- python3-git: upgrade 3.1.27 -> 3.1.31
+- python3-hatch-fancy-pypi-readme: upgrade 22.7.0 -> 22.8.0
+- python3-hatchling: upgrade 1.9.0 -> 1.13.0
+- python3-hatch-vcs: upgrade 0.2.0 -> 0.3.0
+- python3-hypothesis: upgrade 6.54.5 -> 6.68.2
+- python3-importlib-metadata: upgrade 4.12.0 -> 6.0.0
+- python3-iniconfig: upgrade 1.1.1 -> 2.0.0
+- python3-installer: update 0.5.1 -> 0.6.0
+- python3-iso8601: upgrade 1.0.2 -> 1.1.0
+- python3-jsonschema: upgrade 4.9.1 -> 4.17.3
+- python3-lxml: upgrade 4.9.1 -> 4.9.2
+- python3-mako: upgrade 1.2.2 -> 1.2.4
+- python3-markupsafe: upgrade 2.1.1 -> 2.1.2
+- python3-more-itertools: upgrade 8.14.0 -> 9.1.0
+- python3-numpy: upgrade 1.23.3 -> 1.24.2
+- python3-packaging: upgrade to 23.0
+- python3-pathspec: upgrade 0.10.1 -> 0.11.0
+- python3-pbr: upgrade 5.10.0 -> 5.11.1
+- python3-pip: upgrade 22.2.2 -> 23.0.1
+- python3-poetry-core: upgrade 1.0.8 -> 1.5.2
+- python3-psutil: upgrade 5.9.2 -> 5.9.4
+- python3-pycairo: upgrade 1.21.0 -> 1.23.0
+- python3-pycryptodome: upgrade 3.15.0 -> 3.17
+- python3-pycryptodomex: upgrade 3.15.0 -> 3.17
+- python3-pygments: upgrade 2.13.0 -> 2.14.0
+- python3-pyopenssl: upgrade 22.0.0 -> 23.0.0
+- python3-pyrsistent: upgrade 0.18.1 -> 0.19.3
+- python3-pytest-subtests: upgrade 0.8.0 -> 0.10.0
+- python3-pytest: upgrade 7.1.3 -> 7.2.2
+- python3-pytz: upgrade 2022.2.1 -> 2022.7.1
+- python3-requests: upgrade 2.28.1 -> 2.28.2
+- python3-scons: upgrade 4.4.0 -> 4.5.2
+- python3-setuptools-rust: upgrade 1.5.1 -> 1.5.2
+- python3-setuptools-scm: upgrade 7.0.5 -> 7.1.0
+- python3-setuptools: upgrade 65.0.2 -> 67.6.0
+- python3-sphinxcontrib-applehelp: update 1.0.2 -> 1.0.4
+- python3-sphinxcontrib-htmlhelp: 2.0.0 -> 2.0.1
+- python3-sphinx-rtd-theme: upgrade 1.0.0 -> 1.2.0
+- python3-sphinx: upgrade 5.1.1 -> 6.1.3
+- python3-subunit: upgrade 1.4.0 -> 1.4.2
+- python3-testtools: upgrade 2.5.0 -> 2.6.0
+- python3-typing-extensions: upgrade 4.3.0 -> 4.5.0
+- python3: update 3.10.6 -> 3.11.2
+- python3-urllib3: upgrade 1.26.12 -> 1.26.15
+- python3-wcwidth: upgrade 0.2.5 -> 0.2.6
+- python3-wheel: upgrade 0.37.1 -> 0.40.0
+- python3-zipp: upgrade 3.8.1 -> 3.15.0
+- qemu: update 7.1.0 -> 7.2.0
+- quota: update 4.06 -> 4.09
+- readline: update 8.1.2 -> 8.2
+- repo: upgrade 2.29.2 -> 2.32
+- rgb: update 1.0.6 -> 1.1.0
+- rng-tools: upgrade 6.15 -> 6.16
+- rsync: update 3.2.5 -> 3.2.7
+- rt-tests: update 2.4 -> 2.5
+- ruby: update 3.1.2 -> 3.2.1
+- rust: update 1.63.0 -> 1.68.1
+- rxvt-unicode: upgrade 9.30 -> 9.31
+- sed: update 4.8 -> 4.9
+- shaderc: upgrade 2022.2 -> 2023.2
+- shadow: update 4.12.1 -> 4.13
+- socat: upgrade 1.7.4.3 -> 1.7.4.4
+- spirv-headers: upgrade 1.3.236.0 -> 1.3.239.0
+- spirv-tools: upgrade 1.3.236.0 -> 1.3.239.0
+- sqlite3: upgrade 3.39.3 -> 3.41.0
+- strace: upgrade 5.19 -> 6.2
+- stress-ng: update 0.14.03 -> 0.15.06
+- sudo: upgrade 1.9.11p3 -> 1.9.13p3
+- swig: update 4.0.2 -> 4.1.1
+- sysstat: upgrade 12.6.0 -> 12.6.2
+- systemd: update 251.4 -> 253.1
+- systemtap: upgrade 4.7 -> 4.8
+- taglib: upgrade 1.12 -> 1.13
+- tcf-agent: Update to current version
+- tcl: update 8.6.11 -> 8.6.13
+- texinfo: update 6.8 -> 7.0.2
+- tiff: update 4.4.0 -> 4.5.0
+- tzdata: update 2022d -> 2023c
+- u-boot: upgrade 2022.07 -> 2023.01
+- unfs: update 0.9.22 -> 0.10.0
+- usbutils: upgrade 014 -> 015
+- util-macros: upgrade 1.19.3 -> 1.20.0
+- vala: upgrade 0.56.3 -> 0.56.4
+- valgrind: update to 3.20.0
+- vim: Upgrade 9.0.0598 -> 9.0.1429
+- virglrenderer: upgrade 0.10.3 -> 0.10.4
+- vte: update 0.68.0 -> 0.72.0
+- vulkan-headers: upgrade 1.3.236.0 -> 1.3.239.0
+- vulkan-loader: upgrade 1.3.236.0 -> 1.3.239.0
+- vulkan-samples: update to latest revision
+- vulkan-tools: upgrade 1.3.236.0 -> 1.3.239.0
+- vulkan: update 1.3.216.0 -> 1.3.236.0
+- wayland-protocols: upgrade 1.26 -> 1.31
+- wayland-utils: update 1.0.0 -> 1.1.0
+- webkitgtk: update 2.36.7 -> 2.38.5
+- weston: update 10.0.2 -> 11.0.1
+- wireless-regdb: upgrade 2022.08.12 -> 2023.02.13
+- wpebackend-fdo: upgrade 1.12.1 -> 1.14.0
+- xcb-util: update 0.4.0 -> 0.4.1
+- xcb-util-keysyms: 0.4.0 -> 0.4.1
+- xcb-util-renderutil: 0.3.9 -> 0.3.10
+- xcb-util-wm: 0.4.1 -> 0.4.2
+- xcb-util-image: 0.4.0 -> 0.4.1
+- xf86-input-mouse: update 1.9.3 -> 1.9.4
+- xf86-input-vmmouse: update 13.1.0 -> 13.2.0
+- xf86-video-vesa: update 2.5.0 -> 2.6.0
+- xf86-video-vmware: update 13.3.0 -> 13.4.0
+- xhost: update 1.0.8 -> 1.0.9
+- xinit: update 1.4.1 -> 1.4.2
+- xkbcomp: update 1.4.5 -> 1.4.6
+- xkeyboard-config: upgrade 2.36 -> 2.38
+- xprop: update 1.2.5 -> 1.2.6
+- xrandr: upgrade 1.5.1 -> 1.5.2
+- xserver-xorg: upgrade 21.1.4 -> 21.1.7
+- xset: update 1.2.4 -> 1.2.5
+- xvinfo: update 1.1.4 -> 1.1.5
+- xwayland: upgrade 22.1.3 -> 22.1.8
+- xz: upgrade 5.2.6 -> 5.4.2
+- zlib: upgrade 1.2.12 -> 1.2.13
+- zstd: upgrade 1.5.2 -> 1.5.4
+
+
+
+
+Contributors to 4.2
+~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+- Adrian Freihofer
+- Ahmad Fatoum
+- Alejandro Hernandez Samaniego
+- Alexander Kanavin
+- Alexandre Belloni
+- Alexey Smirnov
+- Alexis Lothoré
+- Alex Kiernan
+- Alex Stewart
+- Andrej Valek
+- Andrew Geissler
+- Anton Antonov
+- Antonin Godard
+- Archana Polampalli
+- Armin Kuster
+- Arnout Vandecappelle
+- Arturo Buzarra
+- Atanas Bunchev
+- Benjamin Szőke
+- Benoît Mauduit
+- Bernhard Rosenkränzer
+- Bruce Ashfield
+- Caner Altinbasak
+- Carlos Alberto Lopez Perez
+- Changhyeok Bae
+- Changqing Li
+- Charlie Johnston
+- Chase Qi
+- Chee Yang Lee
+- Chen Qi
+- Chris Elledge
+- Christian Eggers
+- Christoph Lauer
+- Chuck Wolber
+- Ciaran Courtney
+- Claus Stovgaard
+- Clément Péron
+- Daniel Ammann
+- David Bagonyi
+- Denys Dmytriyenko
+- Denys Zagorui
+- Diego Sueiro
+- Dmitry Baryshkov
+- Ed Tanous
+- Enguerrand de Ribaucourt
+- Enrico Jörns
+- Enrico Scholz
+- Etienne Cordonnier
+- Fabio Estevam
+- Fabre Sébastien
+- Fawzi KHABER
+- Federico Pellegrin
+- Frank de Brabander
+- Frederic Martinsons
+- Geoffrey GIRY
+- George Kelly
+- Harald Seiler
+- He Zhe
+- Hitendra Prajapati
+- Jagadeesh Krishnanjanappa
+- James Raphael Tiovalen
+- Jan Kircher
+- Jan Luebbe
+- Jan-Simon Moeller
+- Javier Tia
+- Jeremy Puhlman
+- Jermain Horsman
+- Jialing Zhang
+- Joel Stanley
+- Joe Slater
+- Johan Korsnes
+- Jon Mason
+- Jordan Crouse
+- Jose Quaresma
+- Joshua Watt
+- Justin Bronder
+- Kai Kang
+- Kasper Revsbech
+- Keiya Nobuta
+- Kenfe-Mickael Laventure
+- Kevin Hao
+- Khem Raj
+- Konrad Weihmann
+- Lei Maohui
+- Leon Anavi
+- Liam Beguin
+- Louis Rannou
+- Luca Boccassi
+- Luca Ceresoli
+- Luis Martins
+- Maanya Goenka
+- Marek Vasut
+- Mark Asselstine
+- Mark Hatle
+- Markus Volk
+- Marta Rybczynska
+- Martin Jansa
+- Martin Larsson
+- Mateusz Marciniec
+- Mathieu Dubois-Briand
+- Mauro Queiros
+- Maxim Uvarov
+- Michael Halstead
+- Michael Opdenacker
+- Mike Crowe
+- Mikko Rapeli
+- Ming Liu
+- Mingli Yu
+- Narpat Mali
+- Nathan Rossi
+- Niko Mauno
+- Ola x Nilsson
+- Oliver Lang
+- Ovidiu Panait
+- Pablo Saavedra
+- Patrick Williams
+- Paul Eggleton
+- Paulo Neves
+- Pavel Zhukov
+- Pawel Zalewski
+- Pedro Baptista
+- Peter Bergin
+- Peter Kjellerstedt
+- Peter Marko
+- Petr Kubizňák
+- Petr Vorel
+- pgowda
+- Piotr Łobacz
+- Quentin Schulz
+- Randy MacLeod
+- Ranjitsinh Rathod
+- Ravineet Singh
+- Ravula Adhitya Siddartha
+- Richard Elberger
+- Richard Leitner
+- Richard Purdie
+- Robert Andersson
+- Robert Joslyn
+- Robert Yang
+- Romuald JEANNE
+- Ross Burton
+- Ryan Eatmon
+- Sakib Sajal
+- Sandeep Gundlupet Raju
+- Saul Wold
+- Sean Anderson
+- Sergei Zhmylev
+- Siddharth Doshi
+- Soumya
+- Sudip Mukherjee
+- Sundeep KOKKONDA
+- Teoh Jay Shen
+- Thomas De Schampheleire
+- Thomas Perrot
+- Thomas Roos
+- Tim Orling
+- Tobias Hagelborn
+- Tom Hochstein
+- Trevor Woerner
+- Ulrich Ölmann
+- Vincent Davis Jr
+- Vivek Kumbhar
+- Vyacheslav Yurkov
+- Wang Mingyu
+- Wentao Zhang
+- Xiangyu Chen
+- Xiaotian Wu
+- Yan Xinkuan
+- Yash Shinde
+- Yi Zhao
+- Yoann Congal
+- Yureka Lilian
+- Zang Ruochen
+- Zheng Qiu
+- Zheng Ruoqin
+- Zoltan Boszormenyi
+- 张忠山
+
+

documentation/overview-manual/concepts.rst

@@ -638,9 +638,8 @@ package files are kept:
    type sub-folder. Given RPM, IPK, or DEB packaging and tarball
    creation, the
    :term:`DEPLOY_DIR_RPM`,
-   :term:`DEPLOY_DIR_IPK`,
-   :term:`DEPLOY_DIR_DEB`, or
-   :term:`DEPLOY_DIR_TAR`,
+   :term:`DEPLOY_DIR_IPK`, or
+   :term:`DEPLOY_DIR_DEB`
    variables are used, respectively.
 
 -  :term:`PACKAGE_ARCH`: Defines
@@ -653,9 +652,8 @@ tasks to generate packages and place them into the package holding area
 (e.g. ``do_package_write_ipk`` for IPK packages). See the
 ":ref:`ref-tasks-package_write_deb`",
 ":ref:`ref-tasks-package_write_ipk`",
-":ref:`ref-tasks-package_write_rpm`",
 and
-":ref:`ref-tasks-package_write_tar`"
+":ref:`ref-tasks-package_write_rpm`"
 sections in the Yocto Project Reference Manual for additional
 information. As an example, consider a scenario where an IPK packaging
 manager is being used and there is package architecture support for both

documentation/ref-manual/classes.rst

@@ -1192,6 +1192,11 @@ Here are the tests you can list with the :term:`WARN_QA` and
    ``initscripts`` recipe is actually built and thus the
    ``initscripts-functions`` package is made available.
 
+-  ``configure-gettext:`` Checks that if a recipe is building something
+   that uses automake and the automake files contain an ``AM_GNU_GETTEXT``
+   directive, that the recipe also inherits the :ref:`ref-classes-gettext`
+   class to ensure that gettext is available during the build.
+
 -  ``compile-host-path:`` Checks the
    :ref:`ref-tasks-compile` log for indications that
    paths to locations on the build host were used. Using such paths
@@ -1308,11 +1313,39 @@ Here are the tests you can list with the :term:`WARN_QA` and
    ``/usr/libexec``. This check is not performed if the ``libexecdir``
    variable has been set explicitly to ``/usr/libexec``.
 
+-  ``mime:`` Check that if a package contains mime type files (``.xml``
+   files in ``${datadir}/mime/packages``) that the recipe also inherits
+   the :ref:`ref-classes-mime` class in order to ensure that these get
+   properly installed.
+
+-  ``mime-xdg:`` Checks that if a package contains a .desktop file with a
+   'MimeType' key present, that the recipe inherits the
+   :ref:`ref-classes-mime-xdg` class that is required in order for that
+   to be activated.
+
+-  ``missing-update-alternatives:`` Check that if a recipe sets the
+   :term:`ALTERNATIVE` variable that the recipe also inherits
+   :ref:`ref-classes-update-alternatives` such that the alternative will
+   be correctly set up.
+
 -  ``packages-list:`` Checks for the same package being listed
    multiple times through the :term:`PACKAGES` variable
    value. Installing the package in this manner can cause errors during
    packaging.
 
+-  ``patch-fuzz:`` Checks for fuzz in patch files that may allow
+   them to apply incorrectly if the underlying code changes.
+
+-  ``patch-status-core:`` Checks that the Upstream-Status is specified
+   and valid in the headers of patches for recipes in the OE-Core layer.
+
+-  ``patch-status-noncore:`` Checks that the Upstream-Status is specified
+   and valid in the headers of patches for recipes in layers other than
+   OE-Core.
+
+-  ``perllocalpod:`` Checks for ``perllocal.pod`` being erroneously
+   installed and packaged by a recipe.
+
 -  ``perm-config:`` Reports lines in ``fs-perms.txt`` that have an
    invalid format.
 
@@ -1366,12 +1399,20 @@ Here are the tests you can list with the :term:`WARN_QA` and
    options are being passed to the linker commands and your binaries
    have potential security issues.
 
+-  ``shebang-size:`` Check that the shebang line (``#!`` in the first line)
+   in a packaged script is not longer than 128 characters, which can cause
+   an error at runtime depending on the operating system.
+
 -  ``split-strip:`` Reports that splitting or stripping debug symbols
    from binaries has failed.
 
 -  ``staticdev:`` Checks for static library files (``*.a``) in
    non-``staticdev`` packages.
 
+-  ``src-uri-bad:`` Checks that the :term:`SRC_URI` value set by a recipe
+   does not contain a reference to ``${PN}`` (instead of the correct
+   ``${BPN}``) nor refers to unstable Github archive tarballs.
+
 -  ``symlink-to-sysroot:`` Checks for symlinks in packages that point
    into :term:`TMPDIR` on the host. Such symlinks will
    work on the host, but are clearly invalid when running on the target.
@@ -1382,6 +1423,12 @@ Here are the tests you can list with the :term:`WARN_QA` and
    ":doc:`/ref-manual/qa-checks`" for more information regarding runtime performance
    issues.
 
+-  ``unhandled-features-check:`` check that if one of the variables that
+   the :ref:`ref-classes-features_check` class supports (e.g.
+   :term:`REQUIRED_DISTRO_FEATURES`) is set by a recupe, then the recipe
+   also inherits :ref:`ref-classes-features_check` in order for the
+   requirement to actually work.
+
 -  ``unlisted-pkg-lics:`` Checks that all declared licenses applying
    for a package are also declared on the recipe level (i.e. any license
    in ``LICENSE:*`` should appear in :term:`LICENSE`).
@@ -1391,19 +1438,23 @@ Here are the tests you can list with the :term:`WARN_QA` and
    the linker (e.g. ``/lib`` and ``/usr/lib``). While these paths will
    not cause any breakage, they do waste space and are unnecessary.
 
+-  ``usrmerge:`` If ``usrmerge`` is in :term:`DISTRO_FEATURES`, this
+   check will ensure that no package installs files to root (``/bin``,
+   ``/sbin``, ``/lib``, ``/lib64``) directories.
+
 -  ``var-undefined:`` Reports when variables fundamental to packaging
    (i.e. :term:`WORKDIR`,
    :term:`DEPLOY_DIR`, :term:`D`,
    :term:`PN`, and :term:`PKGD`) are undefined
    during :ref:`ref-tasks-package`.
 
--  ``version-going-backwards:`` If Build History is enabled, reports
-   when a package being written out has a lower version than the
-   previously written package under the same name. If you are placing
-   output packages into a feed and upgrading packages on a target system
-   using that feed, the version of a package going backwards can result
-   in the target system not correctly upgrading to the "new" version of
-   the package.
+-  ``version-going-backwards:`` If the :ref:`ref-classes-buildhistory`
+   class is enabled, reports when a package being written out has a lower
+   version than the previously written package under the same name. If
+   you are placing output packages into a feed and upgrading packages on
+   a target system using that feed, the version of a package going
+   backwards can result in the target system not correctly upgrading to
+   the "new" version of the package.
 
    .. note::
 
@@ -2025,13 +2076,7 @@ The :ref:`ref-classes-package` class supports generating packages from a build's
 output. The core generic functionality is in ``package.bbclass``. The
 code specific to particular package types resides in these
 package-specific classes: :ref:`ref-classes-package_deb`,
-:ref:`ref-classes-package_rpm`, :ref:`ref-classes-package_ipk`, and
-:ref:`ref-classes-package_tar`.
-
-.. note::
-
-   The :ref:`ref-classes-package_tar` class is broken and
-   not supported. It is recommended that you do not use this class.
+:ref:`ref-classes-package_rpm`, :ref:`ref-classes-package_ipk`.
 
 You can control the list of resulting package formats by using the
 :term:`PACKAGE_CLASSES` variable defined in your ``conf/local.conf``
@@ -2121,25 +2166,6 @@ This class inherits the :ref:`ref-classes-package` class and
 is enabled through the :term:`PACKAGE_CLASSES`
 variable in the ``local.conf`` file.
 
-.. _ref-classes-package_tar:
-
-``package_tar``
-===============
-
-The :ref:`ref-classes-package_tar` class provides support for creating tarballs. The
-class ensures the packages are written out in a tarball format to the
-``${``\ :term:`DEPLOY_DIR_TAR`\ ``}`` directory.
-
-This class inherits the :ref:`ref-classes-package` class and
-is enabled through the :term:`PACKAGE_CLASSES`
-variable in the ``local.conf`` file.
-
-.. note::
-
-   You cannot specify the :ref:`ref-classes-package_tar` class first using the
-   :term:`PACKAGE_CLASSES` variable. You must use ``.deb``, ``.ipk``, or ``.rpm``
-   file formats for your image or SDK.
-
 .. _ref-classes-packagedata:
 
 ``packagedata``

documentation/ref-manual/qa-checks.rst

@@ -750,6 +750,29 @@ Errors and Warnings
     other things in the patches, those can be discarded.
 
 
+.. _qa-check-patch-status:
+
+- ``Missing Upstream-Status in patch <patchfile> Please add according to <url> [patch-status-core/patch-status-noncore]``
+
+    The Upstream-Status value is missing in the specified patch file's header.
+    This value is intended to track whether or not the patch has been sent
+    upstream, whether or not it has been merged, etc.
+
+    There are two options for this same check - ``patch-status-core`` (for
+    recipes in OE-Core) and ``patch-status-noncore`` (for recipes in any other
+    layer).
+
+    For more information on setting Upstream-Status see:
+    https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines#Patch_Header_Recommendations:_Upstream-Status
+
+
+- ``Malformed Upstream-Status in patch <patchfile> Please correct according to <url> [patch-status-core/patch-status-noncore]``
+
+    The Upstream-Status value in the specified patch file's header is invalid -
+    it must be a specific format. See the "Missing Upstream-Status" entry above
+    for more information.
+
+
 .. _qa-check-buildpaths:
 
 - ``File <filename> in package <packagename> contains reference to TMPDIR [buildpaths]``

documentation/ref-manual/structure.rst

@@ -750,7 +750,9 @@ and lists of files and directories with known permissions.
 -------------
 
 This directory contains OpenEmbedded Python library code used during the
-build process.
+build process. It is enabled via the ``addpylib`` directive in
+``meta/conf/local.conf``. For more information, see
+:ref:`bitbake-user-manual/bitbake-user-manual-metadata:extending python library code`.
 
 .. _structure-meta-recipes-bsp:
 

documentation/ref-manual/tasks.rst

@@ -260,17 +260,6 @@ the package feeds area. For more information, see the
 ":ref:`overview-manual/concepts:package feeds`" section in
 the Yocto Project Overview and Concepts Manual.
 
-.. _ref-tasks-package_write_tar:
-
-``do_package_write_tar``
-------------------------
-
-Creates tarballs and places them in the
-``${``\ :term:`DEPLOY_DIR_TAR`\ ``}`` directory in
-the package feeds area. For more information, see the
-":ref:`overview-manual/concepts:package feeds`" section in
-the Yocto Project Overview and Concepts Manual.
-
 .. _ref-tasks-packagedata:
 
 ``do_packagedata``

documentation/ref-manual/terms.rst

@@ -123,6 +123,10 @@ universal, the list includes them just in case:
       tools, such as a required version of the GCC compiler to run the
       OpenEmbedded build system.
 
+      See the ":ref:`system-requirements-buildtools`" paragraph in the
+      Reference Manual for details about downloading or building an archive
+      of such tools.
+
    :term:`buildtools-make`
       A variant of :term:`buildtools`, just providing the required
       version of ``make`` to run the OpenEmbedded build system.
@@ -208,6 +212,48 @@ universal, the list includes them just in case:
       of the supported image types that the Yocto Project provides, see the
       ":ref:`ref-manual/images:Images`" chapter.
 
+   :term:`Initramfs`
+      An Initial RAM Filesystem (:term:`Initramfs`) is an optionally compressed
+      :wikipedia:`cpio <Cpio>` archive which is extracted
+      by the Linux kernel into RAM in a special :wikipedia:`tmpfs <Tmpfs>`
+      instance, used as the initial root filesystem.
+
+      This is a replacement for the legacy init RAM disk ("initrd")
+      technique, booting on an emulated block device in RAM, but being less
+      efficient because of the overhead of going through a filesystem and
+      having to duplicate accessed file contents in the file cache in RAM,
+      as for any block device.
+
+      .. note:
+
+         As far as bootloaders are concerned, :term:`Initramfs` and "initrd"
+         images are still copied to RAM in the same way. That's why most
+	 most bootloaders refer to :term:`Initramfs` images as "initrd"
+	 or "init RAM disk".
+
+      This kind of mechanism is typically used for two reasons:
+
+      -  For booting the same kernel binary on multiple systems requiring
+         different device drivers. The :term:`Initramfs` image is then customized
+	 for each type of system, to include the specific  kernel modules
+         necessary to access the final root filesystem. This technique
+	 is used on all GNU / Linux distributions for desktops and servers.
+
+      -  For booting faster. As the root filesystem is extracted into RAM,
+         accessing the first user-space applications is very fast, compared
+         to having to initialize a block device, to access multiple blocks
+         from it, and to go through a filesystem having its own overhead.
+         For example, this allows to display a splashscreen very early,
+	 and to later take care of mounting the final root filesystem and
+         loading less time-critical kernel drivers.
+
+      This cpio archive can either be loaded to RAM by the bootloader,
+      or be included in the kernel binary.
+
+      For information on creating and using an :term:`Initramfs`, see the
+      ":ref:`dev-manual/building:building an initial ram filesystem (Initramfs) image`"
+      section in the Yocto Project Development Tasks Manual.
+
    :term:`Layer`
       A collection of related recipes. Layers allow you to consolidate related
       metadata to customize your build. Layers also isolate information used

documentation/ref-manual/variables.rst

@@ -354,6 +354,9 @@ system and gives an overview of their function and contents.
    :term:`BB_BASEHASH_IGNORE_VARS`
       See :term:`bitbake:BB_BASEHASH_IGNORE_VARS` in the BitBake manual.
 
+   :term:`BB_CACHEDIR`
+      See :term:`bitbake:BB_CACHEDIR` in the BitBake manual.
+
    :term:`BB_CHECK_SSL_CERTS`
       See :term:`bitbake:BB_CHECK_SSL_CERTS` in the BitBake manual.
 
@@ -1986,25 +1989,6 @@ system and gives an overview of their function and contents.
       ":ref:`overview-manual/concepts:package feeds`" section
       in the Yocto Project Overview and Concepts Manual.
 
-   :term:`DEPLOY_DIR_TAR`
-      Points to the area that the OpenEmbedded build system uses to place
-      tarballs that are ready to be used outside of the build system. This
-      variable applies only when :term:`PACKAGE_CLASSES` contains
-      ":ref:`ref-classes-package_tar`".
-
-      The BitBake configuration file initially defines this variable as a
-      sub-folder of :term:`DEPLOY_DIR`::
-
-         DEPLOY_DIR_TAR = "${DEPLOY_DIR}/tar"
-
-      The :ref:`ref-classes-package_tar` class uses the
-      :term:`DEPLOY_DIR_TAR` variable to make sure the
-      :ref:`ref-tasks-package_write_tar` task
-      writes TAR packages into the appropriate folder. For more information
-      on how packaging works, see the
-      ":ref:`overview-manual/concepts:package feeds`" section
-      in the Yocto Project Overview and Concepts Manual.
-
    :term:`DEPLOYDIR`
       When inheriting the :ref:`ref-classes-deploy` class, the
       :term:`DEPLOYDIR` points to a temporary work area for deployed files that
@@ -2914,6 +2898,10 @@ system and gives an overview of their function and contents.
       For guidance on how to create your own file permissions settings
       table file, examine the existing ``fs-perms.txt``.
 
+   :term:`FIT_CONF_DEFAULT_DTB`
+      Specifies the default device tree binary (dtb) file for a fitImage when
+      multiple are provided.
+
    :term:`FIT_DESC`
       Specifies the description string encoded into a fitImage. The default
       value is set by the :ref:`ref-classes-kernel-fitimage`
@@ -3583,11 +3571,34 @@ system and gives an overview of their function and contents.
    :term:`IMAGE_LINK_NAME`
       The name of the output image symlink (which does not include
       the version part as :term:`IMAGE_NAME` does). The default value
-      is derived using the :term:`IMAGE_BASENAME` and :term:`MACHINE`
-      variables::
+      is derived using the :term:`IMAGE_BASENAME` and
+      :term:`IMAGE_MACHINE_SUFFIX` variables::
 
-         IMAGE_LINK_NAME ?= "${IMAGE_BASENAME}-${MACHINE}"
+         IMAGE_LINK_NAME ?= "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}"
 
+      .. note::
+
+         It is possible to set this to "" to disable symlink creation,
+         however, you also need to set :term:`IMAGE_NAME` to still have
+         a reasonable value e.g.::
+
+            IMAGE_LINK_NAME = ""
+            IMAGE_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_VERSION_SUFFIX}"
+
+   :term:`IMAGE_MACHINE_SUFFIX`
+      Specifies the by default machine-specific suffix for image file names
+      (before the extension). The default value is set as follows::
+
+         IMAGE_MACHINE_SUFFIX ??= "-${MACHINE}"
+
+      The default :term:`DEPLOY_DIR_IMAGE` already has a :term:`MACHINE`
+      subdirectory, so you may find it unnecessary to also include this suffix
+      in the name of every image file. If you prefer to remove the suffix you
+      can set this variable to an empty string::
+
+         IMAGE_MACHINE_SUFFIX = ""
+
+      (Not to be confused with :term:`IMAGE_NAME_SUFFIX`.)
 
    :term:`IMAGE_MANIFEST`
       The manifest file for the image. This file lists all the installed
@@ -3608,12 +3619,11 @@ system and gives an overview of their function and contents.
       section in the Yocto Project Overview and Concepts Manual.
 
    :term:`IMAGE_NAME`
-      The name of the output image files minus the extension. This variable
-      is derived using the :term:`IMAGE_BASENAME`,
-      :term:`MACHINE`, and :term:`IMAGE_VERSION_SUFFIX`
-      variables::
+      The name of the output image files minus the extension. By default
+      this variable is set using the :term:`IMAGE_LINK_NAME`, and
+      :term:`IMAGE_VERSION_SUFFIX` variables::
 
-         IMAGE_NAME ?= "${IMAGE_BASENAME}-${MACHINE}${IMAGE_VERSION_SUFFIX}"
+         IMAGE_NAME ?= "${IMAGE_LINK_NAME}${IMAGE_VERSION_SUFFIX}"
 
    :term:`IMAGE_NAME_SUFFIX`
       Suffix used for the image output filename --- defaults to ``".rootfs"``
@@ -3654,12 +3664,7 @@ system and gives an overview of their function and contents.
       Defines the package type (i.e. DEB, RPM, IPK, or TAR) used by the
       OpenEmbedded build system. The variable is defined appropriately by
       the :ref:`ref-classes-package_deb`, :ref:`ref-classes-package_rpm`,
-      :ref:`ref-classes-package_ipk`, or :ref:`ref-classes-package_tar` class.
-
-      .. note::
-
-         The ``package_tar`` class is broken and is not supported. It is
-         recommended that you do not use it.
+      or :ref:`ref-classes-package_ipk` class.
 
       The :ref:`ref-classes-populate-sdk-*` and :ref:`ref-classes-image`
       classes use the :term:`IMAGE_PKGTYPE` for packaging up images and SDKs.
@@ -3837,43 +3842,6 @@ system and gives an overview of their function and contents.
       files to be deployed into :term:`IMGDEPLOYDIR`, and the class will take
       care of copying them into :term:`DEPLOY_DIR_IMAGE` afterwards.
 
-   :term:`INC_PR`
-      Helps define the recipe revision for recipes that share a common
-      ``include`` file. You can think of this variable as part of the
-      recipe revision as set from within an include file.
-
-      Suppose, for example, you have a set of recipes that are used across
-      several projects. And, within each of those recipes the revision (its
-      :term:`PR` value) is set accordingly. In this case, when
-      the revision of those recipes changes, the burden is on you to find
-      all those recipes and be sure that they get changed to reflect the
-      updated version of the recipe. In this scenario, it can get
-      complicated when recipes that are used in many places and provide
-      common functionality are upgraded to a new revision.
-
-      A more efficient way of dealing with this situation is to set the
-      :term:`INC_PR` variable inside the ``include`` files that the recipes
-      share and then expand the :term:`INC_PR` variable within the recipes to
-      help define the recipe revision.
-
-      The following provides an example that shows how to use the
-      :term:`INC_PR` variable given a common ``include`` file that defines the
-      variable. Once the variable is defined in the ``include`` file, you
-      can use the variable to set the :term:`PR` values in each recipe. You
-      will notice that when you set a recipe's :term:`PR` you can provide more
-      granular revisioning by appending values to the :term:`INC_PR` variable::
-
-         recipes-graphics/xorg-font/xorg-font-common.inc:INC_PR = "r2"
-         recipes-graphics/xorg-font/encodings_1.0.4.bb:PR = "${INC_PR}.1"
-         recipes-graphics/xorg-font/font-util_1.3.0.bb:PR = "${INC_PR}.0"
-         recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
-
-      The
-      first line of the example establishes the baseline revision to be
-      used for all recipes that use the ``include`` file. The remaining
-      lines in the example are from individual recipes and show how the
-      :term:`PR` value is set.
-
    :term:`INCOMPATIBLE_LICENSE`
       Specifies a space-separated list of license names (as they would
       appear in :term:`LICENSE`) that should be excluded
@@ -3988,46 +3956,19 @@ system and gives an overview of their function and contents.
          even if the toolchain's binaries are strippable, there are other files
          needed for the build that are not strippable.
 
-   :term:`Initramfs`
-      An Initial RAM Filesystem (:term:`Initramfs`) is an optionally compressed
-      :wikipedia:`cpio <Cpio>` archive which is extracted
-      by the Linux kernel into RAM in a special :wikipedia:`tmpfs <Tmpfs>`
-      instance, used as the initial root filesystem.
+   :term:`INIT_MANAGER`
+      Specifies the system init manager to use. Available options are:
 
-      This is a replacement for the legacy init RAM disk ("initrd")
-      technique, booting on an emulated block device in RAM, but being less
-      efficient because of the overhead of going through a filesystem and
-      having to duplicate accessed file contents in the file cache in RAM,
-      as for any block device.
+      -  ``sysvinit`` - System V init (default for poky)
+      -  ``systemd`` - systemd
+      -  ``mdev-busybox`` - mdev provided by busybox
+      -  ``none`` - no init manager
 
-      .. note:
-
-         As far as bootloaders are concerned, :term:`Initramfs` and "initrd"
-         images are still copied to RAM in the same way. That's why most
-	 most bootloaders refer to :term:`Initramfs` images as "initrd"
-	 or "init RAM disk".
-
-      This kind of mechanism is typically used for two reasons:
-
-      -  For booting the same kernel binary on multiple systems requiring
-         different device drivers. The :term:`Initramfs` image is then customized
-	 for each type of system, to include the specific  kernel modules
-         necessary to access the final root filesystem. This technique
-	 is used on all GNU / Linux distributions for desktops and servers.
-
-      -  For booting faster. As the root filesystem is extracted into RAM,
-         accessing the first user-space applications is very fast, compared
-         to having to initialize a block device, to access multiple blocks
-         from it, and to go through a filesystem having its own overhead.
-         For example, this allows to display a splashscreen very early,
-	 and to later take care of mounting the final root filesystem and
-         loading less time-critical kernel drivers.
-
-      This cpio archive can either be loaded to RAM by the bootloader,
-      or be included in the kernel binary.
-
-      For information on creating and using an :term:`Initramfs`, see the
-      ":ref:`dev-manual/building:building an initial ram filesystem (Initramfs) image`"
+      More concretely, this is used to include
+      ``conf/distro/include/init-manager-${INIT_MANAGER}.inc`` into the global
+      configuration. You can have a look at the ``conf/distro/include/init-manager-*.inc``
+      files for more information, and also the
+      ":ref:`dev-manual/init-manager:selecting an initialization manager`"
       section in the Yocto Project Development Tasks Manual.
 
    :term:`INITRAMFS_DEPLOY_DIR_IMAGE`
@@ -4140,6 +4081,19 @@ system and gives an overview of their function and contents.
       :term:`Initramfs`, see the ":ref:`dev-manual/building:building an initial ram filesystem (Initramfs) image`" section
       in the Yocto Project Development Tasks Manual.
 
+   :term:`INITRAMFS_IMAGE_NAME`
+
+      This value needs to stay in sync with :term:`IMAGE_LINK_NAME`, but with
+      :term:`INITRAMFS_IMAGE` instead of :term:`IMAGE_BASENAME`. The default value
+      is set as follows:
+
+         INITRAMFS_IMAGE_NAME ?= "${@['${INITRAMFS_IMAGE}${IMAGE_MACHINE_SUFFIX}', ''][d.getVar('INITRAMFS_IMAGE') == '']}"
+
+      That is, if :term:`INITRAMFS_IMAGE` is set, the value of
+      :term:`INITRAMFS_IMAGE_NAME` will be set based upon
+      :term:`INITRAMFS_IMAGE` and :term:`IMAGE_MACHINE_SUFFIX`.
+
+
    :term:`INITRAMFS_LINK_NAME`
       The link name of the initial RAM filesystem image. This variable is
       set in the ``meta/classes-recipe/kernel-artifact-names.bbclass`` file as
@@ -4174,10 +4128,7 @@ system and gives an overview of their function and contents.
 
          INITRAMFS_NAME ?= "initramfs-${KERNEL_ARTIFACT_NAME}"
 
-      The value of the :term:`KERNEL_ARTIFACT_NAME`
-      variable, which is set in the same file, has the following value::
-
-         KERNEL_ARTIFACT_NAME ?= "${PKGE}-${PKGV}-${PKGR}-${MACHINE}${IMAGE_VERSION_SUFFIX}"
+      See :term:`KERNEL_ARTIFACT_NAME` for additional information.
 
    :term:`INITRD`
       Indicates list of filesystem images to concatenate and use as an
@@ -4381,9 +4332,9 @@ system and gives an overview of their function and contents.
       ``meta/classes-recipe/kernel-artifact-names.bbclass`` file, has the
       following default value::
 
-         KERNEL_ARTIFACT_NAME ?= "${PKGE}-${PKGV}-${PKGR}-${MACHINE}${IMAGE_VERSION_SUFFIX}"
+         KERNEL_ARTIFACT_NAME ?= "${PKGE}-${PKGV}-${PKGR}${IMAGE_MACHINE_SUFFIX}${IMAGE_VERSION_SUFFIX}"
 
-      See the :term:`PKGE`, :term:`PKGV`, :term:`PKGR`, :term:`MACHINE`
+      See the :term:`PKGE`, :term:`PKGV`, :term:`PKGR`, :term:`IMAGE_MACHINE_SUFFIX`
       and :term:`IMAGE_VERSION_SUFFIX` variables for additional information.
 
    :term:`KERNEL_CLASSES`
@@ -4441,10 +4392,7 @@ system and gives an overview of their function and contents.
 
          KERNEL_DTB_NAME ?= "${KERNEL_ARTIFACT_NAME}"
 
-      The value of the :term:`KERNEL_ARTIFACT_NAME`
-      variable, which is set in the same file, has the following value::
-
-         KERNEL_ARTIFACT_NAME ?= "${PKGE}-${PKGV}-${PKGR}-${MACHINE}${IMAGE_VERSION_SUFFIX}"
+      See :term:`KERNEL_ARTIFACT_NAME` for additional information.
 
    :term:`KERNEL_DTC_FLAGS`
       Specifies the ``dtc`` flags that are passed to the Linux kernel build
@@ -4507,10 +4455,7 @@ system and gives an overview of their function and contents.
 
          KERNEL_FIT_NAME ?= "${KERNEL_ARTIFACT_NAME}"
 
-      The value of the :term:`KERNEL_ARTIFACT_NAME`
-      variable, which is set in the same file, has the following value::
-
-         KERNEL_ARTIFACT_NAME ?= "${PKGE}-${PKGV}-${PKGR}-${MACHINE}${IMAGE_VERSION_SUFFIX}"
+      See :term:`KERNEL_ARTIFACT_NAME` for additional information.
 
    :term:`KERNEL_IMAGE_LINK_NAME`
       The link name for the kernel image. This variable is set in the
@@ -4546,11 +4491,7 @@ system and gives an overview of their function and contents.
 
          KERNEL_IMAGE_NAME ?= "${KERNEL_ARTIFACT_NAME}"
 
-      The value of the
-      :term:`KERNEL_ARTIFACT_NAME` variable,
-      which is set in the same file, has the following value::
-
-         KERNEL_ARTIFACT_NAME ?= "${PKGE}-${PKGV}-${PKGR}-${MACHINE}${IMAGE_VERSION_SUFFIX}"
+      See :term:`KERNEL_ARTIFACT_NAME` for additional information.
 
    :term:`KERNEL_IMAGETYPE`
       The type of kernel to build for a device, usually set by the machine
@@ -5299,10 +5240,7 @@ system and gives an overview of their function and contents.
 
          MODULE_TARBALL_NAME ?= "${KERNEL_ARTIFACT_NAME}"
 
-      The value of the :term:`KERNEL_ARTIFACT_NAME` variable,
-      which is set in the same file, has the following value::
-
-         KERNEL_ARTIFACT_NAME ?= "${PKGE}-${PKGV}-${PKGR}-${MACHINE}${IMAGE_VERSION_SUFFIX}"
+      See :term:`KERNEL_ARTIFACT_NAME` for additional information.
 
    :term:`MOUNT_BASE`
       On non-systemd systems (where ``udev-extraconf`` is being used),
@@ -5678,14 +5616,7 @@ system and gives an overview of their function and contents.
       You can provide one or more of the following arguments for the
       variable::
 
-         PACKAGE_CLASSES ?= "package_rpm package_deb package_ipk package_tar"
-
-      .. note::
-
-         While it is a legal option, the :ref:`ref-classes-package_tar`
-         class has limited functionality due to no support for package
-         dependencies by that backend. Therefore, it is recommended that
-         you do not use it.
+         PACKAGE_CLASSES ?= "package_rpm package_deb package_ipk"
 
       The build system uses only the first argument in the list as the
       package manager when creating your image or SDK. However, packages
@@ -7040,6 +6971,11 @@ system and gives an overview of their function and contents.
 
          RSUGGESTS:${PN} = "useful_package another_package"
 
+   :term:`RUST_CHANNEL`
+      Specifies which version of Rust to build - "stable", "beta" or "nightly".
+      The default value is "stable". Set this at your own risk, as values other
+      than "stable" are not guaranteed to work at a given time.
+
    :term:`S`
       The location in the :term:`Build Directory` where
       unpacked recipe source code resides. By default, this directory is
@@ -7090,6 +7026,14 @@ system and gives an overview of their function and contents.
       The target architecture for the SDK. Typically, you do not directly
       set this variable. Instead, use :term:`SDKMACHINE`.
 
+   :term:`SDK_ARCHIVE_TYPE`
+      Specifies the type of archive to create for the SDK. Valid values:
+
+      - ``tar.xz`` (default)
+      - ``zip``
+
+      Only one archive type can be specified.
+
    :term:`SDK_BUILDINFO_FILE`
       When using the :ref:`ref-classes-image-buildinfo` class,
       specifies the file in the SDK to write the build information into. The
@@ -7318,6 +7262,11 @@ system and gives an overview of their function and contents.
       :term:`DISTRO_VERSION` and
       :term:`METADATA_REVISION` variables.
 
+   :term:`SDK_ZIP_OPTIONS`
+      Specifies extra options to pass to the ``zip`` command when zipping the SDK
+      (i.e. when :term:`SDK_ARCHIVE_TYPE` is set to "zip"). The default value is
+      "-y".
+
    :term:`SDKEXTPATH`
       The default installation directory for the Extensible SDK. By
       default, this directory is based on the :term:`DISTRO`

meta/conf/distro/include/cve-extra-exclusions.inc

@@ -438,6 +438,15 @@ CVE_CHECK_IGNORE += "CVE-2023-1073"
 # Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
 CVE_CHECK_IGNORE += "CVE-2023-1074"
 
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1076
+# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a
+# Backported in version v5.4.235 d92d87000eda9884d49f1acec1c1fccd63cd9b11
+# Backported in version v5.10.173 9a31af61f397500ccae49d56d809b2217d1e2178
+# Backported in version v5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427
+# Backported in version v6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44
+# Backported in version v6.2.3 4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6
+CVE_CHECK_IGNORE += "CVE-2023-1076"
+
 # https://nvd.nist.gov/vuln/detail/CVE-2023-1077
 # Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
 # Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
@@ -485,6 +494,16 @@ CVE_CHECK_IGNORE += "CVE-2023-1281"
 # Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
 CVE_CHECK_IGNORE += "CVE-2023-1513"
 
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23005
+# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b
+# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee
+# But, the CVE is disputed:
+# > NOTE: this is disputed by third parties because there are no realistic cases
+# > in which a user can cause the alloc_memory_type error case to be reached.
+# See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2
+# We can safely ignore it.
+CVE_CHECK_IGNORE += "CVE-2023-23005"
+
 # https://nvd.nist.gov/vuln/detail/CVE-2023-28466
 # Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
 # Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962

meta/recipes-core/images/build-appliance-image_15.0.0.bb

@@ -26,8 +26,8 @@ inherit core-image setuptools3 features_check
 
 REQUIRED_DISTRO_FEATURES += "xattr"
 
-SRCREV ?= "311c76c8e8cf39fa41456561148cebe2b8b3c057"
-SRC_URI = "git://git.yoctoproject.org/poky;branch=master \
+SRCREV ?= "b8007d3c22d8062bc257e3b29c4561ef7758aa28"
+SRC_URI = "git://git.yoctoproject.org/poky;branch=mickledore \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \
            file://README_VirtualBox_Guest_Additions.txt \

meta/recipes-devtools/go/go-1.20.1.inc

@@ -16,5 +16,6 @@ SRC_URI += "\
     file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
     file://0010-cmd-compile-re-compile-instantiated-generic-methods-.patch \
     file://CVE-2023-24532.patch \
+    file://CVE-2023-24537.patch \
 "
 SRC_URI[main.sha256sum] = "b5c1a3af52c385a6d1c76aed5361cf26459023980d0320de7658bae3915831a2"

meta/recipes-devtools/go/go/CVE-2023-24537.patch

@@ -0,0 +1,89 @@
+From 110e4fb1c2e3a21631704bbfaf672230b9ba2492 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Wed, 22 Mar 2023 09:33:22 -0700
+Subject: [PATCH] go/scanner: reject large line and column numbers in //line
+ directives
+
+Setting a large line or column number using a //line directive can cause
+integer overflow even in small source files.
+
+Limit line and column numbers in //line directives to 2^30-1, which
+is small enough to avoid int32 overflow on all reasonbly-sized files.
+
+For #59180
+Fixes CVE-2023-24537
+
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802456
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Run-TryBot: Damien Neil <dneil@google.com>
+Change-Id: I149bf34deca532af7994203fa1e6aca3c890ea14
+Reviewed-on: https://go-review.googlesource.com/c/go/+/482078
+Reviewed-by: Matthew Dempsky <mdempsky@google.com>
+TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
+Run-TryBot: Michael Knyszek <mknyszek@google.com>
+Auto-Submit: Michael Knyszek <mknyszek@google.com>
+
+CVE: CVE-2023-24537
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ src/go/parser/parser_test.go | 16 ++++++++++++++++
+ src/go/scanner/scanner.go    |  7 +++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go
+index 153562df75068..22b11a0cc4535 100644
+--- a/src/go/parser/parser_test.go
++++ b/src/go/parser/parser_test.go
+@@ -764,3 +764,19 @@ func TestRangePos(t *testing.T) {
+ 		})
+ 	}
+ }
++
++// TestIssue59180 tests that line number overflow doesn't cause an infinite loop.
++func TestIssue59180(t *testing.T) {
++	testcases := []string{
++		"package p\n//line :9223372036854775806\n\n//",
++		"package p\n//line :1:9223372036854775806\n\n//",
++		"package p\n//line file:9223372036854775806\n\n//",
++	}
++
++	for _, src := range testcases {
++		_, err := ParseFile(token.NewFileSet(), "", src, ParseComments)
++		if err == nil {
++			t.Errorf("ParseFile(%s) succeeded unexpectedly", src)
++		}
++	}
++}
+diff --git a/src/go/scanner/scanner.go b/src/go/scanner/scanner.go
+index 16958d22ce299..0cd9f5901d0bb 100644
+--- a/src/go/scanner/scanner.go
++++ b/src/go/scanner/scanner.go
+@@ -253,13 +253,16 @@ func (s *Scanner) updateLineInfo(next, offs int, text []byte) {
+ 		return
+ 	}
+ 
++	// Put a cap on the maximum size of line and column numbers.
++	// 30 bits allows for some additional space before wrapping an int32.
++	const maxLineCol = 1<<30 - 1
+ 	var line, col int
+ 	i2, n2, ok2 := trailingDigits(text[:i-1])
+ 	if ok2 {
+ 		//line filename:line:col
+ 		i, i2 = i2, i
+ 		line, col = n2, n
+-		if col == 0 {
++		if col == 0 || col > maxLineCol {
+ 			s.error(offs+i2, "invalid column number: "+string(text[i2:]))
+ 			return
+ 		}
+@@ -269,7 +272,7 @@ func (s *Scanner) updateLineInfo(next, offs int, text []byte) {
+ 		line = n
+ 	}
+ 
+-	if line == 0 {
++	if line == 0 || line > maxLineCol {
+ 		s.error(offs+i, "invalid line number: "+string(text[i:]))
+ 		return
+ 	}

meta/recipes-extended/screen/screen/signal-permission.patch

@@ -0,0 +1,40 @@
+From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
+From: Alexander Naumov <alexander_naumov@opensuse.org>
+Date: Mon, 30 Jan 2023 17:22:25 +0200
+Subject: fix: missing signal sending permission check on failed query messages
+
+Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
+
+CVE: CVE-2023-24626
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ src/socket.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/socket.c b/src/socket.c
+index 147dc54..54d8cb8 100644
+--- a/socket.c
++++ b/socket.c
+@@ -1285,11 +1285,16 @@ ReceiveMsg()
+           else
+             queryflag = -1;
+ 
+-          Kill(m.m.command.apid,
++          if (CheckPid(m.m.command.apid)) {
++            Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
++          }
++          else {
++            Kill(m.m.command.apid,
+                (queryflag >= 0)
+                    ? SIGCONT
+                    : SIG_BYE); /* Send SIG_BYE if an error happened */
+-          queryflag = -1;
++            queryflag = -1;
++          }
+         }
+         break;
+       case MSG_COMMAND:
+-- 
+cgit v1.1
+

meta/recipes-extended/screen/screen_4.9.0.bb

@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
            file://0001-fix-for-multijob-build.patch \
            file://0001-Remove-more-compatibility-stuff.patch \
            file://0001-configure-Add-needed-system-headers-in-checks.patch \
+           file://signal-permission.patch \
            "
 
 SRC_URI[sha256sum] = "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4"

meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch

@@ -0,0 +1,65 @@
+From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Fri, 31 Mar 2023 14:46:50 +0200
+Subject: [PATCH] Overhaul valid_field()
+
+e5905c4b ("Added control character check") introduced checking for
+control characters but had the logic inverted, so it rejects all
+characters that are not control ones.
+
+Cast the character to `unsigned char` before passing to the character
+checking functions to avoid UB.
+
+Use strpbrk(3) for the illegal character test and return early.
+
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d55998386e4ceb4273c19eb4]
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ lib/fields.c | 24 ++++++++++--------------
+ 1 file changed, 10 insertions(+), 14 deletions(-)
+
+diff --git a/lib/fields.c b/lib/fields.c
+index fb51b582..53929248 100644
+--- a/lib/fields.c
++++ b/lib/fields.c
+@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal)
+ 
+ 	/* For each character of field, search if it appears in the list
+ 	 * of illegal characters. */
++	if (illegal && NULL != strpbrk (field, illegal)) {
++		return -1;
++	}
++
++	/* Search if there are non-printable or control characters */
+ 	for (cp = field; '\0' != *cp; cp++) {
+-		if (strchr (illegal, *cp) != NULL) {
++		unsigned char c = *cp;
++		if (!isprint (c)) {
++			err = 1;
++		}
++		if (iscntrl (c)) {
+ 			err = -1;
+ 			break;
+ 		}
+ 	}
+ 
+-	if (0 == err) {
+-		/* Search if there are non-printable or control characters */
+-		for (cp = field; '\0' != *cp; cp++) {
+-			if (!isprint (*cp)) {
+-				err = 1;
+-			}
+-			if (!iscntrl (*cp)) {
+-				err = -1;
+-				break;
+-			}
+-		}
+-	}
+-
+ 	return err;
+ }
+ 
+-- 
+2.34.1
+

meta/recipes-extended/shadow/files/CVE-2023-29383.patch

@@ -0,0 +1,53 @@
+From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
+From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
+Date: Thu, 23 Mar 2023 23:39:38 +0000
+Subject: [PATCH] Added control character check
+
+Added control character check, returning -1 (to "err") if control characters are present.
+
+CVE: CVE-2023-29383
+Upstream-Status: Backport
+
+Reference to upstream:
+https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ lib/fields.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/fields.c b/lib/fields.c
+index 640be931..fb51b582 100644
+--- a/lib/fields.c
++++ b/lib/fields.c
+@@ -21,9 +21,9 @@
+  *
+  * The supplied field is scanned for non-printable and other illegal
+  * characters.
+- *  + -1 is returned if an illegal character is present.
+- *  +  1 is returned if no illegal characters are present, but the field
+- *       contains a non-printable character.
++ *  + -1 is returned if an illegal or control character is present.
++ *  +  1 is returned if no illegal or control characters are present,
++ *       but the field contains a non-printable character.
+  *  +  0 is returned otherwise.
+  */
+ int valid_field (const char *field, const char *illegal)
+@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
+ 	}
+ 
+ 	if (0 == err) {
+-		/* Search if there are some non-printable characters */
++		/* Search if there are non-printable or control characters */
+ 		for (cp = field; '\0' != *cp; cp++) {
+ 			if (!isprint (*cp)) {
+ 				err = 1;
++			}
++			if (!iscntrl (*cp)) {
++				err = -1;
+ 				break;
+ 			}
+ 		}
+-- 
+2.34.1
+

meta/recipes-extended/shadow/shadow.inc

@@ -15,6 +15,8 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
            file://useradd \
 	   file://0001-Fix-can-not-print-full-login.patch \
+           file://CVE-2023-29383.patch \
+           file://0001-Overhaul-valid_field.patch \
            "
 
 SRC_URI:append:class-target = " \

meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch

@@ -0,0 +1,46 @@
+From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 13 Mar 2023 11:08:47 +0100
+Subject: [PATCH] composite: Fix use-after-free of the COW
+
+ZDI-CAN-19866/CVE-2023-1393
+
+If a client explicitly destroys the compositor overlay window (aka COW),
+we would leave a dangling pointer to that window in the CompScreen
+structure, which will trigger a use-after-free later.
+
+Make sure to clear the CompScreen pointer to the COW when the latter gets
+destroyed explicitly by the client.
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+
+CVE: CVE-2023-1393
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ composite/compwindow.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/composite/compwindow.c b/composite/compwindow.c
+index 4e2494b86..b30da589e 100644
+--- a/composite/compwindow.c
++++ b/composite/compwindow.c
+@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
+     ret = (*pScreen->DestroyWindow) (pWin);
+     cs->DestroyWindow = pScreen->DestroyWindow;
+     pScreen->DestroyWindow = compDestroyWindow;
++
++    /* Did we just destroy the overlay window? */
++    if (pWin == cs->pOverlayWin)
++        cs->pOverlayWin = NULL;
++
+ /*    compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
+     return ret;
+ }
+-- 
+2.34.1
+

meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb

@@ -1,7 +1,8 @@
 require xserver-xorg.inc
 
 SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
-           file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
+            file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
+            file://0001-composite-Fix-use-after-free-of-the-COW.patch \
            "
 SRC_URI[sha256sum] = "d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb"
 

meta/recipes-kernel/linux/cve-exclusion_6.1.inc

@@ -13,3 +13,24 @@ CVE_CHECK_IGNORE += "CVE-2022-3566"
 # Patched in kernel since v6.1 364f997b5cfe1db0d63a390fe7c801fa2b3115f6
 CVE_CHECK_IGNORE += "CVE-2022-3567"
 
+
+# 2023
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-38457
+# https://nvd.nist.gov/vuln/detail/CVE-2022-40133
+# Both CVE-2022-38457 & CVE-2022-40133 are fixed by the same commit:
+# Introduced in version v4.20 e14c02e6b6990e9f6ee18a214a22ac26bae1b25e
+# Patched in kernel since v6.2 a309c7194e8a2f8bd4539b9449917913f6c2cd50
+# Backported in version v6.1.7 7ac9578e45b20e3f3c0c8eb71f5417a499a7226a
+# See:
+#  * https://www.linuxkernelcves.com/cves/CVE-2022-38457
+#  * https://www.linuxkernelcves.com/cves/CVE-2022-40133
+#  * https://lore.kernel.org/all/CAODzB9q3OBD0k6W2bcWrSZo2jC3EvV0PrLyWmO07rxR4nQgkJA@mail.gmail.com/T/
+CVE_CHECK_IGNORE += "CVE-2022-38457 CVE-2022-40133"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1075
+# Introduced in v4.20 a42055e8d2c30d4decfc13ce943d09c7b9dad221
+# Patched in kernel v6.2 ffe2a22562444720b05bdfeb999c03e810d84cbb
+# Backported in version 6.1.11 37c0cdf7e4919e5f76381ac60817b67bcbdacb50
+# 5.15 still has issue, include/net/tls.h:is_tx_ready() would need patch
+CVE_CHECK_IGNORE += "CVE-2023-1075"

meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb

@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "e1ca9a177aff19013178aa30a8eccb4d7b2b67d7"
-SRCREV_meta ?= "441f5fe00073620cec471166cf6e94c4ef9c69b2"
+SRCREV_machine ?= "8e0611e36c848a07f9cdd778903c9e51bb90b319"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.15.103"
+LINUX_VERSION ?= "5.15.108"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 

meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb

@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "8d55a90b757757f76ec124508fd2bcace5d276b5"
-SRCREV_meta ?= "1a97a82e62ebf4ef3787768a1f5937e2d2f280ce"
+SRCREV_machine ?= "f974a72071f8b481fc4e38517219bc5c503e14f6"
+SRCREV_meta ?= "36901b5b298e601fe73dd79aaff8b615a7762013"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "6.1.20"
+LINUX_VERSION ?= "6.1.25"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 

meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb

@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.15.103"
+LINUX_VERSION ?= "5.15.108"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "4ae6c9a73f4e6e356186a541e3fcbea4fa6a09f1"
-SRCREV_meta ?= "441f5fe00073620cec471166cf6e94c4ef9c69b2"
+SRCREV_machine ?= "3d762b85647844790979dd1e17a762003aaa7476"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 

meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb

@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.1.inc
 
-LINUX_VERSION ?= "6.1.20"
+LINUX_VERSION ?= "6.1.25"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "423e1996694b61fbfc8ec3bf062fc6461d64fde1"
-SRCREV_meta ?= "1a97a82e62ebf4ef3787768a1f5937e2d2f280ce"
+SRCREV_machine ?= "581dc1aa2f340fff2cc010067257185fa2c993f9"
+SRCREV_meta ?= "36901b5b298e601fe73dd79aaff8b615a7762013"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 

meta/recipes-kernel/linux/linux-yocto_5.15.bb

@@ -13,24 +13,24 @@ KBRANCH:qemux86  ?= "v5.15/standard/base"
 KBRANCH:qemux86-64 ?= "v5.15/standard/base"
 KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "21687086c27bb112f19b0aac455d800961c0b830"
-SRCREV_machine:qemuarm64 ?= "7144f86a73fe2ffe4fe57c9e6cf28d8fc8db4b6a"
-SRCREV_machine:qemumips ?= "557c06060cb218ade536fccc66f8f3e755537f31"
-SRCREV_machine:qemuppc ?= "db19dbdcdf51b9d2a071dcf180ba9e20b8286e9b"
-SRCREV_machine:qemuriscv64 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6"
-SRCREV_machine:qemuriscv32 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6"
-SRCREV_machine:qemux86 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6"
-SRCREV_machine:qemux86-64 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6"
-SRCREV_machine:qemumips64 ?= "6f1dbe8c258d49f4dba59827124dfe9aa2c151db"
-SRCREV_machine ?= "024d08fb706170a9723e9751e505681f9d4c7ab6"
-SRCREV_meta ?= "441f5fe00073620cec471166cf6e94c4ef9c69b2"
+SRCREV_machine:qemuarm ?= "80421c525a12141d31bf1592b0d8c176defe3010"
+SRCREV_machine:qemuarm64 ?= "9d140dbc3171bf272f51b524edeeb2f22783aca5"
+SRCREV_machine:qemumips ?= "b29a8fa62d88db512f1fa5d60e430a851d7e3aaf"
+SRCREV_machine:qemuppc ?= "7ee6b7fc4b57933114376cf012218c2ae3d23558"
+SRCREV_machine:qemuriscv64 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemuriscv32 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemux86 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemux86-64 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemumips64 ?= "5c900befc90365f6daa80989e8de0ccc546ff0f5"
+SRCREV_machine ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "8020ae3c051d1c9ec7b7a872e226f9720547649b"
+SRCREV_machine:class-devupstream ?= "3299fb36854fdc288bddc2c4d265f8a2e5105944"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v5.15/base"
 
@@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.103"
+LINUX_VERSION ?= "5.15.108"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"

meta/recipes-kernel/linux/linux-yocto_6.1.bb

@@ -17,25 +17,25 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.1/standard/base"
 KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "fad8850ff15dfbf8fb2e7d71583fc54b809d10ef"
-SRCREV_machine:qemuarm64 ?= "423e1996694b61fbfc8ec3bf062fc6461d64fde1"
-SRCREV_machine:qemuloongarch64 ?= "423e1996694b61fbfc8ec3bf062fc6461d64fde1"
-SRCREV_machine:qemumips ?= "dd663b72efce61f63f0b38403254eb52e6ad9a59"
-SRCREV_machine:qemuppc ?= "423e1996694b61fbfc8ec3bf062fc6461d64fde1"
-SRCREV_machine:qemuriscv64 ?= "423e1996694b61fbfc8ec3bf062fc6461d64fde1"
-SRCREV_machine:qemuriscv32 ?= "423e1996694b61fbfc8ec3bf062fc6461d64fde1"
-SRCREV_machine:qemux86 ?= "423e1996694b61fbfc8ec3bf062fc6461d64fde1"
-SRCREV_machine:qemux86-64 ?= "423e1996694b61fbfc8ec3bf062fc6461d64fde1"
-SRCREV_machine:qemumips64 ?= "587a945baf13cdca2421e280b7b07dead6ad2a77"
-SRCREV_machine ?= "423e1996694b61fbfc8ec3bf062fc6461d64fde1"
-SRCREV_meta ?= "a8881762b53231bb914329cac3c2cf8db8b6779b"
+SRCREV_machine:qemuarm ?= "0b80e90b38ae1735c7dab701ca3d0b2447376ccc"
+SRCREV_machine:qemuarm64 ?= "581dc1aa2f340fff2cc010067257185fa2c993f9"
+SRCREV_machine:qemuloongarch64 ?= "581dc1aa2f340fff2cc010067257185fa2c993f9"
+SRCREV_machine:qemumips ?= "db61d7fe3540904fbe77b532ce3e37aeb737524a"
+SRCREV_machine:qemuppc ?= "581dc1aa2f340fff2cc010067257185fa2c993f9"
+SRCREV_machine:qemuriscv64 ?= "581dc1aa2f340fff2cc010067257185fa2c993f9"
+SRCREV_machine:qemuriscv32 ?= "581dc1aa2f340fff2cc010067257185fa2c993f9"
+SRCREV_machine:qemux86 ?= "581dc1aa2f340fff2cc010067257185fa2c993f9"
+SRCREV_machine:qemux86-64 ?= "581dc1aa2f340fff2cc010067257185fa2c993f9"
+SRCREV_machine:qemumips64 ?= "aacc52b6216955723cebb5bc493a4210357b23b2"
+SRCREV_machine ?= "581dc1aa2f340fff2cc010067257185fa2c993f9"
+SRCREV_meta ?= "36901b5b298e601fe73dd79aaff8b615a7762013"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "7eaef76fbc4621ced374c85dbc000dd80dc681d7"
+SRCREV_machine:class-devupstream ?= "f17b0ab65d17988d5e6d6fe22f708ef3721080bf"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.1/base"
 
@@ -43,7 +43,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.1.20"
+LINUX_VERSION ?= "6.1.25"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"