1.. SPDX-License-Identifier: CC-BY-SA-2.0-UK 2 3Release notes for Yocto-4.0.4 (Kirkstone) 4----------------------------------------- 5 6Security Fixes in Yocto-4.0.4 7~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8 9- binutils : fix :cve_nist:`2022-38533` 10- curl: fix :cve_nist:`2022-35252` 11- sqlite: fix :cve_nist:`2022-35737` 12- grub2: fix :cve_nist:`2021-3695`, :cve_nist:`2021-3696`, :cve_nist:`2021-3697`, :cve_nist:`2022-28733`, :cve_nist:`2022-28734` and :cve_nist:`2022-28735` 13- u-boot: fix :cve_nist:`2022-30552` and :cve_nist:`2022-33967` 14- libxml2: Ignore :cve_nist:`2016-3709` 15- libtiff: fix :cve_nist:`2022-34526` 16- zlib: fix :cve_nist:`2022-37434` 17- gnutls: fix :cve_nist:`2022-2509` 18- u-boot: fix :cve_nist:`2022-33103` 19- qemu: fix :cve_nist:`2021-3507`, :cve_nist:`2021-3929`, :cve_nist:`2021-4158`, :cve_nist:`2022-0216` and :cve_nist:`2022-0358` 20 21 22Fixes in Yocto-4.0.4 23~~~~~~~~~~~~~~~~~~~~ 24 25- apr: Cache configure tests which use AC_TRY_RUN 26- apr: Use correct strerror_r implementation based on libc type 27- apt: fix nativesdk-apt build failure during the second time build 28- archiver.bbclass: remove unsed do_deploy_archives[dirs] 29- archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source 30- autoconf: Fix strict prototype errors in generated tests 31- autoconf: Update K & R stype functions 32- bind: upgrade to 9.18.5 33- bitbake.conf: set :term:`BB_DEFAULT_UMASK` using ??= 34- bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests 35- bitbake: ConfHandler: Remove lingering close 36- bitbake: bb/utils: movefile: use the logger for printing 37- bitbake: bb/utils: remove: check the path again the expand python glob 38- bitbake: bitbake-user-manual: Correct description of the ??= operator 39- bitbake: bitbake-user-manual: npm fetcher: improve description of :term:`SRC_URI` format 40- bitbake: bitbake: bitbake-user-manual: hashserv can be accessed on a dedicated domain 41- bitbake: bitbake: runqueue: add cpu/io pressure regulation 42- bitbake: bitbake: runqueue: add memory pressure regulation 43- bitbake: cooker: Drop sre_constants usage 44- bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher 45- bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers 46- bitbake: event.py: ignore exceptions from stdout and sterr operations in atexit 47- bitbake: fetch2: Ensure directory exists before creating symlink 48- bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls 49- bitbake: runqueue: Change pressure file warning to a note 50- bitbake: runqueue: Fix unihash cache mismatch issues 51- bitbake: toaster: fix kirkstone version 52- bitbake: utils: Pass lock argument in fileslocked 53- bluez5: upgrade to 5.65 54- boost: fix install of fiber shared libraries 55- cairo: Adapt the license information based on what is being built 56- classes: cve-check: Get shared database lock 57- cmake: remove CMAKE_ASM_FLAGS variable in toolchain file 58- connman: Backports for security fixes 59- core-image.bbclass: Exclude openssh complementary packages 60- cracklib: Drop using register keyword 61- cracklib: upgrade to 2.9.8 62- create-spdx: Fix supplier field 63- create-spdx: handle links to inaccessible locations 64- create-spdx: ignore packing control files from ipk and deb 65- cve-check: Don't use f-strings 66- cve-check: close cursors as soon as possible 67- devtool/upgrade: catch bb.fetch2.decodeurl errors 68- devtool/upgrade: correctly clean up when recipe filename isn't yet known 69- devtool: error out when workspace is using old override syntax 70- ell: upgrade to 0.50 71- epiphany: upgrade to 42.4 72- externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used. 73- gcc-multilib-config: Fix i686 toolchain relocation issues 74- gcr: Define _GNU_SOURCE 75- gdk-pixbuf: upgrade to 2.42.9 76- glib-networking: upgrade to 2.72.2 77- go: upgrade to v1.17.13 78- insane.bbclass: Skip patches not in oe-core by full path 79- iso-codes: upgrade to 4.11.0 80- kernel-fitimage.bbclass: add padding algorithm property in config nodes 81- kernel-fitimage.bbclass: only package unique DTBs 82- kernel: Always set :term:`CC` and :term:`LD` for the kernel build 83- kernel: Use consistent make flags for menuconfig 84- lib:npm_registry: initial checkin 85- libatomic-ops: upgrade to 7.6.14 86- libcap: upgrade to 2.65 87- libjpeg-turbo: upgrade to 2.1.4 88- libpam: use /run instead of /var/run in systemd tmpfiles 89- libtasn1: upgrade to 4.19.0 90- liburcu: upgrade to 0.13.2 91- libwebp: upgrade to 1.2.4 92- libwpe: upgrade to 1.12.3 93- libxml2: Port gentest.py to Python-3 94- lighttpd: upgrade to 1.4.66 95- linux-yocto/5.10: update genericx86* machines to v5.10.135 96- linux-yocto/5.10: update to v5.10.137 97- linux-yocto/5.15: update genericx86* machines to v5.15.59 98- linux-yocto/5.15: update to v5.15.62 99- linux-yocto: Fix :term:`COMPATIBLE_MACHINE` regex match 100- linux-yocto: prepend the value with a space when append to :term:`KERNEL_EXTRA_ARGS` 101- lttng-modules: fix 5.19+ build 102- lttng-modules: fix build against mips and v5.19 kernel 103- lttng-modules: fix build for kernel 5.10.137 104- lttng-modules: replace mips compaction fix with upstream change 105- lz4: upgrade to 1.9.4 106- maintainers: update opkg maintainer 107- meta: introduce :term:`UBOOT_MKIMAGE_KERNEL_TYPE` 108- migration guides: add missing release notes 109- mobile-broadband-provider-info: upgrade to 20220725 110- nativesdk: Clear :term:`TUNE_FEATURES` 111- npm: replace 'npm pack' call by 'tar czf' 112- npm: return content of 'package.json' in 'npm_pack' 113- npm: take 'version' directly from 'package.json' 114- npm: use npm_registry to cache package 115- oeqa/gotoolchain: put writable files in the Go module cache 116- oeqa/gotoolchain: set CGO_ENABLED=1 117- oeqa/parselogs: add qemuarmv5 arm-charlcd masking 118- oeqa/qemurunner: add run_serial() comment 119- oeqa/selftest: rename git.py to intercept.py 120- oeqa: qemurunner: Report UNIX Epoch timestamp on login 121- package_rpm: Do not replace square brackets in %files 122- packagegroup-self-hosted: update for strace 123- parselogs: Ignore xf86OpenConsole error 124- perf: Fix reproducibility issues with 5.19 onwards 125- pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses 126- poky.conf: add ubuntu-22.04 to tested distros 127- poky.conf: bump version for 4.0.4 128- pseudo: Update to include recent upstream minor fixes 129- python3-pip: Fix :term:`RDEPENDS` after the update 130- ref-manual: add numa to machine features 131- relocate_sdk.py: ensure interpreter size error causes relocation to fail 132- rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is writable 133- rootfs.py: dont try to list installed packages for baremetal images 134- rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils 135- ruby: drop capstone support 136- runqemu: Add missing space on default display option 137- runqemu: display host uptime when starting 138- sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct 139- scripts/oe-setup-builddir: make it known where configurations come from 140- scripts/runqemu.README: fix typos and trailing whitespaces 141- selftest/wic: Tweak test case to not depend on kernel size 142- shadow: Avoid nss warning/error with musl 143- shadow: Enable subid support 144- system-requirements.rst: Add Ubuntu 22.04 to list of supported distros 145- systemd: Add 'no-dns-fallback' :term:`PACKAGECONFIG` option 146- systemd: Fix unwritable /var/lock when no sysvinit handling 147- sysvinit-inittab/start_getty: Fix respawn too fast 148- tcp-wrappers: Fix implicit-function-declaration warnings 149- tzdata: upgrade to 2022b 150- util-linux: Remove --enable-raw from :term:`EXTRA_OECONF` 151- vala: upgrade to 0.56.3 152- vim: Upgrade to 9.0.0453 153- watchdog: Include needed system header for function decls 154- webkitgtk: upgrade to 2.36.5 155- weston: upgrade to 10.0.2 156- wic/bootimg-efi: use cross objcopy when building unified kernel image 157- wic: add target tools to PATH when executing native commands 158- wic: depend on cross-binutils 159- wireless-regdb: upgrade to 2022.08.12 160- wpebackend-fdo: upgrade to 1.12.1 161- xinetd: Pass missing -D_GNU_SOURCE 162- xz: update to 5.2.6 163 164 165Known Issues in Yocto-4.0.4 166~~~~~~~~~~~~~~~~~~~~~~~~~~~ 167 168- N/A 169 170 171Contributors to Yocto-4.0.4 172~~~~~~~~~~~~~~~~~~~~~~~~~~~ 173 174- Alejandro Hernandez Samaniego 175- Alex Stewart 176- Alexander Kanavin 177- Alexandre Belloni 178- Andrei Gherzan 179- Anuj Mittal 180- Aryaman Gupta 181- Awais Belal 182- Beniamin Sandu 183- Bertrand Marquis 184- Bruce Ashfield 185- Changqing Li 186- Chee Yang Lee 187- Daiane Angolini 188- Enrico Scholz 189- Ernst Sjöstrand 190- Gennaro Iorio 191- Hitendra Prajapati 192- Jacob Kroon 193- Jon Mason 194- Jose Quaresma 195- Joshua Watt 196- Kai Kang 197- Khem Raj 198- Kristian Amlie 199- LUIS ENRIQUEZ 200- Mark Hatle 201- Martin Beeger 202- Martin Jansa 203- Mateusz Marciniec 204- Michael Opdenacker 205- Mihai Lindner 206- Mikko Rapeli 207- Ming Liu 208- Niko Mauno 209- Ola x Nilsson 210- Otavio Salvador 211- Paul Eggleton 212- Pavel Zhukov 213- Peter Bergin 214- Peter Kjellerstedt 215- Peter Marko 216- Rajesh Dangi 217- Randy MacLeod 218- Rasmus Villemoes 219- Richard Purdie 220- Robert Joslyn 221- Roland Hieber 222- Ross Burton 223- Sakib Sajal 224- Shubham Kulkarni 225- Steve Sakoman 226- Ulrich Ölmann 227- Yang Xu 228- Yongxin Liu 229- ghassaneben 230- pgowda 231- Wang Mingyu 232 233Repositories / Downloads for Yocto-4.0.4 234~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 235 236poky 237 238- Repository Location: :yocto_git:`/poky` 239- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` 240- Tag: :yocto_git:`yocto-4.0.4 </poky/log/?h=yocto-4.0.4>` 241- Git Revision: :yocto_git:`d64bef1c7d713b92a51228e5ade945835e5a94a4 </poky/commit/?id=d64bef1c7d713b92a51228e5ade945835e5a94a4>` 242- Release Artefact: poky-d64bef1c7d713b92a51228e5ade945835e5a94a4 243- sha: b5e92506b31f88445755bad2f45978b747ad1a5bea66ca897370542df5f1e7db 244- Download Locations: 245 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/poky-d64bef1c7d713b92a51228e5ade945835e5a94a4.tar.bz2 246 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/poky-d64bef1c7d713b92a51228e5ade945835e5a94a4.tar.bz2 247 248openembedded-core 249 250- Repository Location: :oe_git:`/openembedded-core` 251- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` 252- Tag: :oe_git:`yocto-4.0.4 </openembedded-core/log/?h=yocto-4.0.4>` 253- Git Revision: :oe_git:`f7766da462905ec67bf549d46b8017be36cd5b2a </openembedded-core/commit/?id=f7766da462905ec67bf549d46b8017be36cd5b2a>` 254- Release Artefact: oecore-f7766da462905ec67bf549d46b8017be36cd5b2a 255- sha: ce0ac011474db5e5f0bb1be3fb97f890a02e46252a719dbcac5813268e48ff16 256- Download Locations: 257 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/oecore-f7766da462905ec67bf549d46b8017be36cd5b2a.tar.bz2 258 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/oecore-f7766da462905ec67bf549d46b8017be36cd5b2a.tar.bz2 259 260meta-mingw 261 262- Repository Location: :yocto_git:`/meta-mingw` 263- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` 264- Tag: :yocto_git:`yocto-4.0.4 </meta-mingw/log/?h=yocto-4.0.4>` 265- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` 266- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 267- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 268- Download Locations: 269 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 270 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 271 272meta-gplv2 273 274- Repository Location: :yocto_git:`/meta-gplv2` 275- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` 276- Tag: :yocto_git:`yocto-4.0.4 </meta-gplv2/log/?h=yocto-4.0.4>` 277- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` 278- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a 279- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d 280- Download Locations: 281 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 282 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 283 284bitbake 285 286- Repository Location: :oe_git:`/bitbake` 287- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` 288- Tag: :oe_git:`yocto-4.0.4 </bitbake/log/?h=yocto-4.0.4>` 289- Git Revision: :oe_git:`ac576d6fad6bba0cfea931883f25264ea83747ca </bitbake/commit/?id=ac576d6fad6bba0cfea931883f25264ea83747ca>` 290- Release Artefact: bitbake-ac576d6fad6bba0cfea931883f25264ea83747ca 291- sha: 526c2768874eeda61ade8c9ddb3113c90d36ef44a026d6690f02de6f3dd0ea12 292- Download Locations: 293 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/bitbake-ac576d6fad6bba0cfea931883f25264ea83747ca.tar.bz2 294 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/bitbake-ac576d6fad6bba0cfea931883f25264ea83747ca.tar.bz2 295 296yocto-docs 297 298- Repository Location: :yocto_git:`/yocto-docs` 299- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` 300- Tag: :yocto_git:`yocto-4.0.4 </yocto-docs/log/?h=yocto-4.0.4>` 301- Git Revision: :yocto_git:`f632dad24c39778f948014029e74db3c871d9d21 </yocto-docs/commit/?id=f632dad24c39778f948014029e74db3c871d9d21>` 302