1.. SPDX-License-Identifier: CC-BY-SA-2.0-UK 2 3Release notes for Yocto-4.0.6 (Kirkstone) 4----------------------------------------- 5 6Security Fixes in Yocto-4.0.6 7~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8 9- bash: Fix :cve:`2022-3715` 10- curl: Fix :cve:`2022-32221`, :cve:`2022-42915` and :cve:`2022-42916` 11- dbus: Fix :cve:`2022-42010`, :cve:`2022-42011` and :cve:`2022-42012` 12- dropbear: Fix :cve:`2021-36369` 13- ffmpeg: Fix :cve:`2022-3964`, :cve:`2022-3965` 14- go: Fix :cve:`2022-2880` 15- grub2: Fix :cve:`2022-2601`, :cve:`2022-3775` and :cve:`2022-28736` 16- libarchive: Fix :cve:`2022-36227` 17- libpam: Fix :cve:`2022-28321` 18- libsndfile1: Fix :cve:`2021-4156` 19- lighttpd: Fix :cve:`2022-41556` 20- openssl: Fix :cve:`2022-3358` 21- pixman: Fix :cve:`2022-44638` 22- python3-mako: Fix :cve:`2022-40023` 23- python3: Fix :cve:`2022-42919` 24- qemu: Fix :cve:`2022-3165` 25- sysstat: Fix :cve:`2022-39377` 26- systemd: Fix :cve:`2022-3821` 27- tiff: Fix :cve:`2022-2953`, :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570`, :cve:`2022-3598` and :cve:`2022-3970` 28- vim: Fix :cve:`2022-3352`, :cve:`2022-3705` and :cve:`2022-4141` 29- wayland: Fix :cve:`2021-3782` 30- xserver-xorg: Fix :cve:`2022-3550` and :cve:`2022-3551` 31 32 33Fixes in Yocto-4.0.6 34~~~~~~~~~~~~~~~~~~~~ 35 36- archiver: avoid using machine variable as it breaks multiconfig 37- babeltrace: upgrade to 1.5.11 38- bind: upgrade to 9.18.8 39- bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK 40- bitbake: gitsm: Fix regression in gitsm submodule path parsing 41- bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse 42- bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware 43- bluez5: add dbus to RDEPENDS 44- build-appliance-image: Update to kirkstone head revision 45- buildtools-tarball: export certificates to python and curl 46- cargo_common.bbclass: Fix typos 47- classes: make TOOLCHAIN more permissive for kernel 48- cmake-native: Fix host tool contamination (Bug: 14951) 49- common-tasks.rst: fix oeqa runtime test path 50- create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED 51- create-spdx: Remove ";name=..." for downloadLocation 52- create-spdx: default share_src for shared sources 53- cve-update-db-native: add timeout to urlopen() calls 54- dbus: upgrade to 1.14.4 55- dhcpcd: fix to work with systemd 56- expat: upgrade to 2.5.0 57- externalsrc.bbclass: Remove a trailing slash from ${B} 58- externalsrc.bbclass: fix git repo detection 59- externalsrc: git submodule--helper list unsupported 60- gcc-shared-source: Fix source date epoch handling 61- gcc-source: Drop gengtype manipulation 62- gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change 63- gcc-source: Fix gengtypes race 64- gdk-pixbuf: upgrade to 2.42.10 65- get_module_deps3.py: Check attribute '__file__' 66- glib-2.0: fix rare GFileInfo test case failure 67- glibc-locale: Do not INHIBIT_DEFAULT_DEPS 68- gnomebase.bbclass: return the whole version for tarball directory if it is a number 69- gnutls: Unified package names to lower-case 70- groff: submit patches upstream 71- gstreamer1.0-libav: fix errors with ffmpeg 5.x 72- gstreamer1.0: upgrade to 1.20.4 73- ifupdown: upgrade to 0.8.39 74- insane.bbclass: Allow hashlib version that only accepts on parameter 75- iso-codes: upgrade to 4.12.0 76- kea: submit patch upstream (fix-multilib-conflict.patch) 77- kern-tools: fix relative path processing 78- kern-tools: integrate ZFS speedup patch 79- kernel-yocto: improve fatal error messages of symbol_why.py 80- kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR 81- kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild 82- kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all 83- libcap: upgrade to 2.66 84- libepoxy: convert to git 85- libepoxy: update to 1.5.10 86- libffi: submit patch upstream (0001-arm-sysv-reverted-clang-VFP-mitigation.patch ) 87- libffi: upgrade to 3.4.4 88- libical: upgrade to 3.0.16 89- libksba: upgrade to 1.6.2 90- libuv: fixup SRC_URI 91- libxcrypt: upgrade to 4.4.30 92- lighttpd: upgrade to 1.4.67 93- linux-firmware: add new fw file to ${PN}-qcom-adreno-a530 94- linux-firmware: don't put the firmware into the sysroot 95- linux-firmware: package amdgpu firmware 96- linux-firmware: split rtl8761 firmware 97- linux-firmware: upgrade to 20221109 98- linux-yocto/5.10: update genericx86* machines to v5.10.149 99- linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings 100- linux-yocto/5.15: update genericx86* machines to v5.15.72 101- linux-yocto/5.15: update to v5.15.78 102- ltp: backport clock_gettime04 fix from upstream 103- lttng-modules: upgrade to 2.13.7 104- lttng-tools: Upgrade to 2.13.8 105- lttng-tools: submit determinism.patch upstream 106- lttng-ust: upgrade to 2.13.5 107- meson: make wrapper options sub-command specific 108- meta-selftest/staticids: add render group for systemd 109- mirrors.bbclass: update CPAN_MIRROR 110- mirrors.bbclass: use shallow tarball for binutils-native 111- mobile-broadband-provider-info: upgrade 20220725 -> 20221107 112- mtd-utils: upgrade 2.1.4 -> 2.1.5 113- numactl: upgrade to 2.0.16 114- oe/packagemanager/rpm: don't leak file objects 115- oeqa/selftest/lic_checksum: Cleanup changes to emptytest include 116- oeqa/selftest/minidebuginfo: Create selftest for minidebuginfo 117- oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file() 118- openssl: Fix SSL_CERT_FILE to match ca-certs location 119- openssl: upgrade to 3.0.7 120- openssl: export necessary env vars in SDK 121- opkg-utils: use a git clone, not a dynamic snapshot 122- opkg: Set correct info_dir and status_file in opkg.conf 123- overlayfs: Allow not used mount points 124- ovmf: correct patches status 125- package: Fix handling of minidebuginfo with newer binutils 126- perf: Depend on native setuptools3 127- poky.conf: bump version for 4.0.6 128- psplash: add psplash-default in rdepends 129- psplash: consider the situation of psplash not exist for systemd 130- python3: advance to version 3.10.8 131- qemu-helper-native: Correctly pass program name as argv[0] 132- qemu-helper-native: Re-write bridge helper as C program 133- qemu-native: Add PACKAGECONFIG option for jack 134- qemu: add io_uring PACKAGECONFIG 135- quilt: backport a patch to address grep 3.8 failures 136- resolvconf: make it work 137- rm_work: exclude the SSTATETASKS from the rm_work tasks sinature 138- runqemu: Do not perturb script environment 139- runqemu: Fix gl-es argument from causing other arguments to be ignored 140- sanity: Drop data finalize call 141- sanity: check for GNU tar specifically 142- scripts/oe-check-sstate: cleanup 143- scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot 144- scripts: convert-overrides: Allow command-line customizations 145- socat: upgrade to 1.7.4.4 146- SPDX and CVE documentation updates 147- sstate: Allow optimisation of do_deploy_archives task dependencies 148- sstatesig: emit more helpful error message when not finding sstate manifest 149- sstatesig: skip the rm_work task signature 150- sudo: upgrade to 1.9.12p1 151- systemd: Consider PACKAGECONFIG in RRECOMMENDS 152- systemd: add group render to udev package 153- tcl: correct patch status 154- tiff: refresh with devtool 155- tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch 156- u-boot: Remove duplicate inherit of cml1 157- uboot-sign: Fix using wrong KEY_REQ_ARGS 158- vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that 159- valgrind: remove most hidden tests for arm64 160- vim: Upgrade to 9.0.0947 161- vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack 162- wic: honor the SOURCE_DATE_EPOCH in case of updated fstab 163- wic: make ext2/3/4 images reproducible 164- wic: swap partitions are not added to fstab 165- wpebackend-fdo: upgrade to 1.14.0 166- xserver-xorg: move some recommended dependencies in required 167- xwayland: upgrade to 22.1.5 168 169 170Known Issues in Yocto-4.0.6 171~~~~~~~~~~~~~~~~~~~~~~~~~~~ 172 173- N/A 174 175 176Contributors to Yocto-4.0.6 177~~~~~~~~~~~~~~~~~~~~~~~~~~~ 178 179- Alex Kiernan 180- Alexander Kanavin 181- Alexey Smirnov 182- Bartosz Golaszewski 183- Bernhard Rosenkränzer 184- Bhabu Bindu 185- Bruce Ashfield 186- Chee Yang Lee 187- Chen Qi 188- Christian Eggers 189- Claus Stovgaard 190- Diego Sueiro 191- Dmitry Baryshkov 192- Ed Tanous 193- Enrico Jörns 194- Etienne Cordonnier 195- Frank de Brabander 196- Harald Seiler 197- Hitendra Prajapati 198- Jan-Simon Moeller 199- Jeremy Puhlman 200- Joe Slater 201- John Edward Broadbent 202- Jose Quaresma 203- Joshua Watt 204- Kai Kang 205- Keiya Nobuta 206- Khem Raj 207- Konrad Weihmann 208- Leon Anavi 209- Liam Beguin 210- Marek Vasut 211- Mark Hatle 212- Martin Jansa 213- Michael Opdenacker 214- Mikko Rapeli 215- Narpat Mali 216- Nathan Rossi 217- Niko Mauno 218- Pavel Zhukov 219- Peter Kjellerstedt 220- Peter Marko 221- Polampalli, Archana 222- Qiu, Zheng 223- Ravula Adhitya Siddartha 224- Richard Purdie 225- Ross Burton 226- Sakib Sajal 227- Sean Anderson 228- Sergei Zhmylev 229- Steve Sakoman 230- Teoh Jay Shen 231- Thomas Perrot 232- Tim Orling 233- Vincent Davis Jr 234- Vivek Kumbhar 235- Vyacheslav Yurkov 236- Wang Mingyu 237- Xiangyu Chen 238- Zheng Qiu 239- Ciaran Courtney 240- Wang Mingyu 241 242 243Repositories / Downloads for Yocto-4.0.6 244~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 245 246poky 247 248- Repository Location: :yocto_git:`/poky` 249- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` 250- Tag: :yocto_git:`yocto-4.0.6 </poky/log/?h=yocto-4.0.6>` 251- Git Revision: :yocto_git:`c4e08719a782fd4119eaf643907b80cebf57f88f </poky/commit/?id=c4e08719a782fd4119eaf643907b80cebf57f88f>` 252- Release Artefact: poky-c4e08719a782fd4119eaf643907b80cebf57f88f 253- sha: 2eb3b323dd2ccd25f9442bfbcbde82bc081fad5afd146a8e6dde439db24a99d4 254- Download Locations: 255 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/poky-c4e08719a782fd4119eaf643907b80cebf57f88f.tar.bz2 256 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/poky-c4e08719a782fd4119eaf643907b80cebf57f88f.tar.bz2 257 258openembedded-core 259 260- Repository Location: :oe_git:`/openembedded-core` 261- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` 262- Tag: :oe_git:`yocto-4.0.6 </openembedded-core/log/?h=yocto-4.0.6>` 263- Git Revision: :oe_git:`45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2 </openembedded-core/commit/?id=45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2>` 264- Release Artefact: oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2 265- sha: de8b443365927befe67cc443b60db57563ff0726377223f836a3f3971cf405ec 266- Download Locations: 267 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2.tar.bz2 268 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2.tar.bz2 269 270meta-mingw 271 272- Repository Location: :yocto_git:`/meta-mingw` 273- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` 274- Tag: :yocto_git:`yocto-4.0.6 </meta-mingw/log/?h=yocto-4.0.6>` 275- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` 276- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 277- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 278- Download Locations: 279 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 280 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 281 282meta-gplv2 283 284- Repository Location: :yocto_git:`/meta-gplv2` 285- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` 286- Tag: :yocto_git:`yocto-4.0.6 </meta-gplv2/log/?h=yocto-4.0.6>` 287- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` 288- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a 289- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d 290- Download Locations: 291 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 292 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 293 294bitbake 295 296- Repository Location: :oe_git:`/bitbake` 297- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` 298- Tag: :oe_git:`yocto-4.0.6 </bitbake/log/?h=yocto-4.0.6>` 299- Git Revision: :oe_git:`7e268c107bb0240d583d2c34e24a71e373382509 </bitbake/commit/?id=7e268c107bb0240d583d2c34e24a71e373382509>` 300- Release Artefact: bitbake-7e268c107bb0240d583d2c34e24a71e373382509 301- sha: c3e2899012358c95962c7a5c85cf98dc30c58eae0861c374124e96d9556bb901 302- Download Locations: 303 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2 304 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2 305 306yocto-docs 307 308- Repository Location: :yocto_git:`/yocto-docs` 309- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` 310- Tag: :yocto_git:`yocto-4.0.6 </yocto-docs/log/?h=yocto-4.0.6>` 311- Git Revision: :yocto_git:`c10d65ef3bbdf4fe3abc03e3aef3d4ca8c2ad87f </yocto-docs/commit/?id=c10d65ef3bbdf4fe3abc03e3aef3d4ca8c2ad87f>` 312 313 314