1Release notes for Yocto-4.0.3 (Kirkstone) 2----------------------------------------- 3 4Security Fixes in Yocto-4.0.3 5~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 6 7- binutils: fix :cve:`2019-1010204` 8- busybox: fix :cve:`2022-30065` 9- cups: ignore :cve:`2022-26691` 10- curl: Fix :cve:`2022-32205`, :cve:`2022-32206`, :cve:`2022-32207` and :cve:`2022-32208` 11- dpkg: fix :cve:`2022-1664` 12- ghostscript: fix :cve:`2022-2085` 13- harfbuzz: fix :cve:`2022-33068` 14- libtirpc: fix :cve:`2021-46828` 15- lua: fix :cve:`2022-33099` 16- nasm: ignore :cve:`2020-18974` 17- qemu: fix :cve:`2022-35414` 18- qemu: ignore :cve:`2021-20255` and :cve:`2019-12067` 19- tiff: fix :cve:`2022-1354`, :cve:`2022-1355`, :cve:`2022-2056`, :cve:`2022-2057` and :cve:`2022-2058` 20- u-boot: fix :cve:`2022-34835` 21- unzip: fix :cve:`2022-0529` and :cve:`2022-0530` 22 23 24Fixes in Yocto-4.0.3 25~~~~~~~~~~~~~~~~~~~~ 26 27- alsa-state: correct license 28- at: take tarballs from debian 29- base.bbclass: Correct the test for obsolete license exceptions 30- base/reproducible: Change Source Date Epoch generation methods 31- bin_package: install into base_prefix 32- bind: Remove legacy python3 PACKAGECONFIG code 33- bind: upgrade to 9.18.4 34- binutils: stable 2.38 branch updates 35- build-appliance-image: Update to kirkstone head revision 36- cargo_common.bbclass: enable bitbake vendoring for externalsrc 37- coreutils: Tweak packaging variable names for coreutils-dev 38- curl: backport openssl fix CN check error code 39- cve-check: hook cleanup to the BuildCompleted event, not CookerExit 40- cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm) 41- devtool: finish: handle patching when S points to subdir of a git repo 42- devtool: ignore pn- overrides when determining SRC_URI overrides 43- docs: BB_HASHSERVE_UPSTREAM: update to new host 44- dropbear: break dependency on base package for -dev package 45- efivar: fix import functionality 46- encodings: update to 1.0.6 47- epiphany: upgrade to 42.3 48- externalsrc.bbclass: support crate fetcher on externalsrc 49- font-util: update 1.3.2 -> 1.3.3 50- gcc-runtime: Fix build when using gold 51- gcc-runtime: Fix missing MLPREFIX in debug mappings 52- gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so 53- gcc: Backport a fix for gcc bug 105039 54- git: upgrade to v2.35.4 55- glib-2.0: upgrade to 2.72.3 56- glib-networking: upgrade to 2.72.1 57- glibc : stable 2.35 branch updates 58- glibc-tests: Avoid reproducibility issues 59- glibc-tests: not clear BBCLASSEXTEND 60- glibc: revert one upstream change to work around broken DEBUG_BUILD build 61- glibc: stable 2.35 branch updates 62- gnupg: upgrade to 2.3.7 63- go: upgrade to v1.17.12 64- gobject-introspection-data: Disable cache for g-ir-scanner 65- gperf: Add a patch to work around reproducibility issues 66- gperf: Switch to upstream patch 67- gst-devtools: upgrade to 1.20.3 68- gstreamer1.0-libav: upgrade to 1.20.3 69- gstreamer1.0-omx: upgrade to 1.20.3 70- gstreamer1.0-plugins-bad: upgrade to 1.20.3 71- gstreamer1.0-plugins-base: upgrade to 1.20.3 72- gstreamer1.0-plugins-good: upgrade to 1.20.3 73- gstreamer1.0-plugins-ugly: upgrade to 1.20.3 74- gstreamer1.0-python: upgrade to 1.20.3 75- gstreamer1.0-rtsp-server: upgrade to 1.20.3 76- gstreamer1.0-vaapi: upgrade to 1.20.3 77- gstreamer1.0: upgrade to 1.20.3 78- gtk-doc: Remove hardcoded buildpath 79- harfbuzz: Fix compilation with clang 80- initramfs-framework: move storage mounts to actual rootfs 81- initscripts: run umountnfs as a KILL script 82- insane.bbclass: host-user-contaminated: Correct per package home path 83- insane: Fix buildpaths test to work with special devices 84- kernel-arch: Fix buildpaths leaking into external module compiles 85- kernel-devsrc: fix reproducibility and buildpaths QA warning 86- kernel-devsrc: ppc32: fix reproducibility 87- kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set 88- kernel.bbclass: pass LD also in savedefconfig 89- libffi: fix native build being not portable 90- libgcc: Fix standalone target builds with usrmerge distro feature 91- libmodule-build-perl: Use env utility to find perl interpreter 92- libsoup: upgrade to 3.0.7 93- libuv: upgrade to 1.44.2 94- linux-firmware: upgrade to 20220708 95- linux-firwmare: restore WHENCE_CHKSUM variable 96- linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge) 97- linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning 98- linux-yocto/5.10: fix buildpaths issue with gen-mach-types 99- linux-yocto/5.10: fix buildpaths issue with pnmtologo 100- linux-yocto/5.10: update to v5.10.135 101- linux-yocto/5.15: drop obselete GPIO sysfs ABI 102- linux-yocto/5.15: fix build_OID_registry buildpaths warning 103- linux-yocto/5.15: fix buildpaths issue with gen-mach-types 104- linux-yocto/5.15: fix buildpaths issue with pnmtologo 105- linux-yocto/5.15: fix qemuppc buildpaths warning 106- linux-yocto/5.15: fix reproducibility issues 107- linux-yocto/5.15: update to v5.15.59 108- log4cplus: upgrade to 2.0.8 109- lttng-modules: Fix build failure for kernel v5.15.58 110- lttng-modules: upgrade to 2.13.4 111- lua: Fix multilib buildpath reproducibility issues 112- mkfontscale: upgrade to 1.2.2 113- oe-selftest-image: Ensure the image has sftp as well as dropbear 114- oe-selftest: devtool: test modify git recipe building from a subdir 115- oeqa/runtime/scp: Disable scp test for dropbear 116- oeqa/runtime: add test that the kernel has CONFIG_PREEMPT_RT enabled 117- oeqa/sdk: drop the nativesdk-python 2.x test 118- openssh: Add openssh-sftp-server to openssh RDEPENDS 119- openssh: break dependency on base package for -dev package 120- openssl: update to 3.0.5 121- package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo 122- package.bbclass: Fix base directory for debugsource files when using externalsrc 123- package.bbclass: Fix kernel source handling when not using externalsrc 124- package_manager/ipk: do not pipe stderr to stdout 125- packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation 126- patch: handle if S points to a subdirectory of a git repo 127- perf: fix reproducibility in 5.19+ 128- perf: fix reproduciblity in older releases of Linux 129- perf: sort-pmuevents: really keep array terminators 130- perl: don't install Makefile.old into perl-ptest 131- poky.conf: bump version for 4.0.3 132- pulseaudio: add m4-native to DEPENDS 133- python3: Backport patch to fix an issue in subinterpreters 134- qemu: Add PACKAGECONFIG for brlapi 135- qemu: Avoid accidental librdmacm linkage 136- qemu: Avoid accidental libvdeplug linkage 137- qemu: Fix slirp determinism issue 138- qemu: add PACKAGECONFIG for capstone 139- recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG 140- ref-manual: variables: remove sphinx directive from literal block 141- rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} 142- ruby: add PACKAGECONFIG for capstone 143- rust: fix issue building cross-canadian tools for aarch64 on x86_64 144- sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity 145- selftest/runtime_test/virgl: Disable for all almalinux 146- sstatesig: Include all dependencies in SPDX task signatures 147- strace: set COMPATIBLE_HOST for riscv32 148- systemd: Added base_bindir into pkg_postinst:udev-hwdb. 149- udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist 150- udev-extraconf/mount.sh: add LABELs to mountpoints 151- udev-extraconf/mount.sh: ignore lvm in automount 152- udev-extraconf/mount.sh: only mount devices on hotplug 153- udev-extraconf/mount.sh: save mount name in our tmp filecache 154- udev-extraconf: fix some systemd automount issues 155- udev-extraconf: force systemd-udevd to use shared MountFlags 156- udev-extraconf: let automount base directory configurable 157- udev-extraconf:mount.sh: fix a umount issue 158- udev-extraconf:mount.sh: fix path mismatching issues 159- vala: Fix on target wrapper buildpaths issue 160- vala: upgrade to 0.56.2 161- vim: upgrade to 9.0.0063 162- waffle: correctly request wayland-scanner executable 163- webkitgtk: upgrade to 2.36.4 164- weston: upgrade to 10.0.1 165- wic/plugins/rootfs: Fix NameError for 'orig_path' 166- wic: fix WicError message 167- wireless-regdb: upgrade to 2022.06.06 168- xdpyinfo: upgrade to 1.3.3 169- xev: upgrade to 1.2.5 170- xf86-input-synaptics: upgrade to 1.9.2 171- xmodmap: upgrade to 1.0.11 172- xorg-app: Tweak handling of compression changes in SRC_URI 173- xserver-xorg: upgrade to 21.1.4 174- xwayland: upgrade to 22.1.3 175- yocto-bsps/5.10: fix buildpaths issue with gen-mach-types 176- yocto-bsps/5.10: fix buildpaths issue with pnmtologo 177- yocto-bsps/5.15: fix buildpaths issue with gen-mach-types 178- yocto-bsps/5.15: fix buildpaths issue with pnmtologo 179- yocto-bsps: buildpaths fixes 180- yocto-bsps: update to v5.10.130 181- yocto-bsps: buildpaths fixes 182- yocto-bsps: update to v5.15.54 183 184 185Known Issues in Yocto-4.0.3 186~~~~~~~~~~~~~~~~~~~~~~~~~~~ 187 188- N/A 189 190 191Contributors to Yocto-4.0.3 192~~~~~~~~~~~~~~~~~~~~~~~~~~~ 193 194- Ahmed Hossam 195- Alejandro Hernandez Samaniego 196- Alex Kiernan 197- Alexander Kanavin 198- Bruce Ashfield 199- Chanho Park 200- Christoph Lauer 201- David Bagonyi 202- Dmitry Baryshkov 203- He Zhe 204- Hitendra Prajapati 205- Jose Quaresma 206- Joshua Watt 207- Kai Kang 208- Khem Raj 209- Lee Chee Yang 210- Lucas Stach 211- Markus Volk 212- Martin Jansa 213- Maxime Roussin-Bélanger 214- Michael Opdenacker 215- Mihai Lindner 216- Ming Liu 217- Mingli Yu 218- Muhammad Hamza 219- Naveen 220- Pascal Bach 221- Paul Eggleton 222- Pavel Zhukov 223- Peter Bergin 224- Peter Kjellerstedt 225- Peter Marko 226- Pgowda 227- Raju Kumar Pothuraju 228- Richard Purdie 229- Robert Joslyn 230- Ross Burton 231- Sakib Sajal 232- Shruthi Ravichandran 233- Steve Sakoman 234- Sundeep Kokkonda 235- Thomas Roos 236- Tom Hochstein 237- Wentao Zhang 238- Yi Zhao 239- Yue Tao 240- gr embeter 241- leimaohui 242- wangmy 243 244 245Repositories / Downloads for Yocto-4.0.3 246~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 247 248poky 249 250- Repository Location: https://git.yoctoproject.org/git/poky 251- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` 252- Tag: :yocto_git:`yocto-4.0.3 </poky/log/?h=yocto-4.0.3>` 253- Git Revision: :yocto_git:`387ab5f18b17c3af3e9e30dc58584641a70f359f </poky/commit/?id=387ab5f18b17c3af3e9e30dc58584641a70f359f>` 254- Release Artefact: poky-387ab5f18b17c3af3e9e30dc58584641a70f359f 255- sha: fe674186bdb0684313746caa9472134fc19e6f1443c274fe02c06cb1e675b404 256- Download Locations: 257 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/poky-387ab5f18b17c3af3e9e30dc58584641a70f359f.tar.bz2 258 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/poky-387ab5f18b17c3af3e9e30dc58584641a70f359f.tar.bz2 259 260openembedded-core 261 262- Repository Location: https://git.openembedded.org/openembedded-core 263- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` 264- Tag: :oe_git:`yocto-4.0.3 </openembedded-core/log/?h=yocto-4.0.3>` 265- Git Revision: :oe_git:`2cafa6ed5f0aa9df5a120b6353755d56c7c7800d </openembedded-core/commit/?id=2cafa6ed5f0aa9df5a120b6353755d56c7c7800d>` 266- Release Artefact: oecore-2cafa6ed5f0aa9df5a120b6353755d56c7c7800d 267- sha: 5181d3e8118c6112936637f01a07308b715e0e3d12c7eba338556747dfcabe92 268- Download Locations: 269 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/oecore-2cafa6ed5f0aa9df5a120b6353755d56c7c7800d.tar.bz2 270 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/oecore-2cafa6ed5f0aa9df5a120b6353755d56c7c7800d.tar.bz2 271 272meta-mingw 273 274- Repository Location: https://git.yoctoproject.org/git/meta-mingw 275- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` 276- Tag: :yocto_git:`yocto-4.0.3 </meta-mingw/log/?h=yocto-4.0.3>` 277- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` 278- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 279- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 280- Download Locations: 281 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 282 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 283 284meta-gplv2 285 286- Repository Location: https://git.yoctoproject.org/git/meta-gplv2 287- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` 288- Tag: :yocto_git:`yocto-4.0.3 </meta-gplv2/log/?h=yocto-4.0.3>` 289- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` 290- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a 291- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d 292- Download Locations: 293 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 294 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 295 296bitbake 297 298- Repository Location: https://git.openembedded.org/bitbake 299- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` 300- Tag: :oe_git:`yocto-4.0.3 </bitbake/log/?h=yocto-4.0.3>` 301- Git Revision: :oe_git:`b8fd6f5d9959d27176ea016c249cf6d35ac8ba03 </bitbake/commit/?id=b8fd6f5d9959d27176ea016c249cf6d35ac8ba03>` 302- Release Artefact: bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03 303- sha: 373818b1dee2c502264edf654d6d8f857b558865437f080e02d5ba6bb9e72cc3 304- Download Locations: 305 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2 306 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2 307 308yocto-docs 309 310- Repository Location: https://git.yoctoproject.org/git/yocto-docs 311- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` 312- Tag: :yocto_git:`yocto-4.0.3 </yocto-docs/log/?h=yocto-4.0.3>` 313- Git Revision: :yocto_git:`d9b3dcf65ef25c06f552482aba460dd16862bf96 </yocto-docs/commit/?id=d9b3dcf65ef25c06f552482aba460dd16862bf96>` 314 315