1.. SPDX-License-Identifier: CC-BY-SA-2.0-UK 2 3Release notes for Yocto-4.0.12 (Kirkstone) 4------------------------------------------ 5 6Security Fixes in Yocto-4.0.12 7~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8 9- bind: Fix :cve:`2023-2828` and :cve:`2023-2911` 10- cups: Fix :cve:`2023-34241` 11- curl: Added :cve:`2023-28320` Follow-up patch 12- dbus: Fix :cve:`2023-34969` 13- dmidecode: fix :cve:`2023-30630` 14- ghostscript: fix :cve:`2023-36664` 15- go: fix :cve_mitre:`2023-24531`, :cve:`2023-24536`, :cve:`2023-29400`, :cve:`2023-29402`, :cve:`2023-29404`, :cve:`2023-29405` and :cve:`2023-29406` 16- libarchive: Ignore :cve:`2023-30571` 17- libcap: Fix :cve:`2023-2602` and :cve:`2023-2603` 18- libjpeg-turbo: Fix :cve:`2023-2804` 19- libpcre2: Fix :cve:`2022-41409` 20- libtiff: fix :cve:`2023-26965` 21- libwebp: Fix :cve:`2023-1999` 22- libx11: Fix :cve:`2023-3138` 23- libxpm: Fix :cve:`2022-44617` 24- ninja: Ignore :cve:`2021-4336` 25- openssh: Fix :cve:`2023-38408` 26- openssl: Fix :cve:`2023-2975`, :cve:`2023-3446` and :cve:`2023-3817` 27- perl: Fix :cve:`2023-31486` 28- python3: Ignore :cve:`2023-36632` 29- qemu: Fix :cve:`2023-0330`, :cve_mitre:`2023-2861`, :cve_mitre:`2023-3255` and :cve_mitre:`2023-3301` 30- sqlite3: Fix :cve:`2023-36191` 31- tiff: Fix :cve:`2023-0795`, :cve:`2023-0796`, :cve:`2023-0797`, :cve:`2023-0798`, :cve:`2023-0799`, :cve:`2023-25433`, :cve:`2023-25434` and :cve:`2023-25435` 32- vim: :cve:`2023-2609` and :cve:`2023-2610` 33 34 35Fixes in Yocto-4.0.12 36~~~~~~~~~~~~~~~~~~~~~ 37 38- babeltrace2: Always use BFD linker when building tests with ld-is-lld distro feature 39- babeltrace2: upgrade to 2.0.5 40- bitbake.conf: add unzstd in :term:`HOSTTOOLS` 41- bitbake: bitbake-layers: initialize tinfoil before registering command line arguments 42- bitbake: runqueue: Fix deferred task/multiconfig race issue 43- blktrace: ask for python3 specifically 44- build-appliance-image: Update to kirkstone head revision 45- cmake: Fix CMAKE_SYSTEM_PROCESSOR setting for SDK 46- connman: fix warning by specifying runstatedir at configure time 47- cpio: Replace fix wrong CRC with ASCII CRC for large files with upstream backport 48- cve-update-nvd2-native: actually use API keys 49- cve-update-nvd2-native: always pass str for json.loads() 50- cve-update-nvd2-native: fix cvssV3 metrics 51- cve-update-nvd2-native: handle all configuration nodes, not just first 52- cve-update-nvd2-native: increase retry count 53- cve-update-nvd2-native: log a little more 54- cve-update-nvd2-native: retry all errors and sleep between retries 55- cve-update-nvd2-native: use exact times, don't truncate 56- dbus: upgrade to 1.14.8 57- devtool: Fix the wrong variable in srcuri_entry 58- diffutils: upgrade to 3.10 59- docs: ref-manual: terms: fix typos in :term:`SPDX` term 60- fribidi: upgrade to 1.0.13 61- gcc: upgrade to v11.4 62- gcc-testsuite: Fix ppc cpu specification 63- gcc: don't pass --enable-standard-branch-protection 64- gcc: fix runpath errors in cc1 binary 65- grub: submit determinism.patch upstream 66- image_types: Fix reproducible builds for initramfs and UKI img 67- kernel: add missing path to search for debug files 68- kmod: remove unused ptest.patch 69- layer.conf: Add missing dependency exclusion 70- libassuan: upgrade to 2.5.6 71- libksba: upgrade to 1.6.4 72- libpng: Add ptest for libpng 73- libxcrypt: fix build with perl-5.38 and use master branch 74- libxcrypt: fix hard-coded ".so" extension 75- libxpm: upgrade to 3.5.16 76- linux-firmware: upgrade to 20230515 77- linux-yocto/5.10: cfg: fix DECNET configuration warning 78- linux-yocto/5.10: update to v5.10.185 79- linux-yocto/5.15: cfg: fix DECNET configuration warning 80- linux-yocto/5.15: update to v5.15.120 81- logrotate: Do not create logrotate.status file 82- lttng-ust: upgrade to 2.13.6 83- machine/arch-arm64: add -mbranch-protection=standard 84- maintainers.inc: correct Carlos Rafael Giani's email address 85- maintainers.inc: correct unassigned entries 86- maintainers.inc: unassign Adrian Bunk from wireless-regdb 87- maintainers.inc: unassign Alistair Francis from opensbi 88- maintainers.inc: unassign Andreas Müller from itstool entry 89- maintainers.inc: unassign Pascal Bach from cmake entry 90- maintainers.inc: unassign Ricardo Neri from ovmf 91- maintainers.inc: unassign Richard Weinberger from erofs-utils entry 92- mdadm: fix 07revert-inplace ptest 93- mdadm: fix segfaults when running ptests 94- mdadm: fix util-linux ptest dependency 95- mdadm: skip running known broken ptests 96- meson.bbclass: Point to llvm-config from native sysroot 97- meta: lib: oe: npm_registry: Add more safe caracters 98- migration-guides: add release notes for 4.0.11 99- minicom: remove unused patch files 100- mobile-broadband-provider-info: upgrade to 20230416 101- oe-depends-dot: Handle new format for task-depends.dot 102- oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case 103- oeqa/selftest/bbtests: add non-existent prefile/postfile tests 104- oeqa/selftest/devtool: add unit test for "devtool add -b" 105- openssl: Upgrade to 3.0.10 106- openssl: add PERLEXTERNAL path to test its existence 107- openssl: use a glob on the PERLEXTERNAL to track updates on the path 108- package.bbclass: moving field data process before variable process in process_pkgconfig 109- pm-utils: fix multilib conflictions 110- poky.conf: bump version for 4.0.12 111- psmisc: Set :term:`ALTERNATIVE` for pstree to resolve conflict with busybox 112- pybootchartgui: show elapsed time for each task 113- python3: fix missing comma in get_module_deps3.py 114- python3: upgrade to 3.10.12 115- recipetool: Fix inherit in created -native* recipes 116- ref-manual: add LTS and Mixin terms 117- ref-manual: document image-specific variant of :term:`INCOMPATIBLE_LICENSE` 118- ref-manual: release-process: update for LTS releases 119- rust-llvm: backport a fix for build with gcc-13 120- scripts/runqemu: allocate unfsd ports in a way that doesn't race or clash with unrelated processes 121- scripts/runqemu: split lock dir creation into a reusable function 122- sdk.py: error out when moving file fails 123- sdk.py: fix moving dnf contents 124- selftest reproducible.py: support different build targets 125- selftest/license: Exclude from world 126- selftest/reproducible: Allow chose the package manager 127- serf: upgrade to 1.3.10 128- strace: Disable failing test 129- strace: Merge two similar patches 130- strace: Update patches/tests with upstream fixes 131- sysfsutils: fetch a supported fork from github 132- systemd-systemctl: fix errors in instance name expansion 133- systemd: Backport nspawn: make sure host root can write to the uidmapped mounts we prepare for the container payload 134- tzdata: upgrade to 2023c 135- uboot-extlinux-config.bbclass: fix old override syntax in comment 136- unzip: fix configure check for cross compilation 137- useradd-staticids.bbclass: improve error message 138- util-linux: add alternative links for ipcs,ipcrm 139- v86d: Improve kernel dependency 140- vim: upgrade to 9.0.1592 141- wget: upgrade to 1.21.4 142- wic: Add dependencies for erofs-utils 143- wireless-regdb: upgrade to 2023.05.03 144- xdpyinfo: upgrade to 1.3.4 145- zip: fix configure check by using _Static_assert 146 147 148Known Issues in Yocto-4.0.12 149~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 150 151- N/A 152 153 154Contributors to Yocto-4.0.12 155~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 156 157- Alberto Planas 158- Alexander Kanavin 159- Alexander Sverdlin 160- Andrej Valek 161- Archana Polampalli 162- BELOUARGA Mohamed 163- Benjamin Bouvier 164- Bruce Ashfield 165- Charlie Wu 166- Chen Qi 167- Etienne Cordonnier 168- Fabien Mahot 169- Frieder Paape 170- Frieder Schrempf 171- Heiko Thole 172- Hitendra Prajapati 173- Jermain Horsman 174- Jose Quaresma 175- Kai Kang 176- Khem Raj 177- Lee Chee Yang 178- Marc Ferland 179- Marek Vasut 180- Martin Jansa 181- Mauro Queiros 182- Michael Opdenacker 183- Mikko Rapeli 184- Nikhil R 185- Ovidiu Panait 186- Peter Marko 187- Poonam Jadhav 188- Quentin Schulz 189- Richard Purdie 190- Ross Burton 191- Rusty Howell 192- Sakib Sajal 193- Soumya Sambu 194- Steve Sakoman 195- Sundeep KOKKONDA 196- Tim Orling 197- Tom Hochstein 198- Trevor Gamblin 199- Vijay Anusuri 200- Vivek Kumbhar 201- Wang Mingyu 202- Xiangyu Chen 203- Yoann Congal 204- Yogita Urade 205- Yuta Hayama 206 207 208Repositories / Downloads for Yocto-4.0.12 209~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 210 211poky 212 213- Repository Location: :yocto_git:`/poky` 214- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` 215- Tag: :yocto_git:`yocto-4.0.12 </poky/log/?h=yocto-4.0.12>` 216- Git Revision: :yocto_git:`d6b8790370500b99ca11f0d8a05c39b661ab2ba6 </poky/commit/?id=d6b8790370500b99ca11f0d8a05c39b661ab2ba6>` 217- Release Artefact: poky-d6b8790370500b99ca11f0d8a05c39b661ab2ba6 218- sha: 35f0390e0c5a12f403ed471c0b1254c13cbb9d7c7b46e5a3538e63e36c1ac280 219- Download Locations: 220 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.12/poky-d6b8790370500b99ca11f0d8a05c39b661ab2ba6.tar.bz2 221 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.12/poky-d6b8790370500b99ca11f0d8a05c39b661ab2ba6.tar.bz2 222 223openembedded-core 224 225- Repository Location: :oe_git:`/openembedded-core` 226- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` 227- Tag: :oe_git:`yocto-4.0.12 </openembedded-core/log/?h=yocto-4.0.12>` 228- Git Revision: :oe_git:`e1a604db8d2cf8782038b4016cc2e2052467333b </openembedded-core/commit/?id=e1a604db8d2cf8782038b4016cc2e2052467333b>` 229- Release Artefact: oecore-e1a604db8d2cf8782038b4016cc2e2052467333b 230- sha: 8b302eb3f3ffe5643f88bc6e4ae8f9a5cda63544d67e04637ecc4197e9750a1d 231- Download Locations: 232 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.12/oecore-e1a604db8d2cf8782038b4016cc2e2052467333b.tar.bz2 233 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.12/oecore-e1a604db8d2cf8782038b4016cc2e2052467333b.tar.bz2 234 235meta-mingw 236 237- Repository Location: :yocto_git:`/meta-mingw` 238- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` 239- Tag: :yocto_git:`yocto-4.0.12 </meta-mingw/log/?h=yocto-4.0.12>` 240- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` 241- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 242- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 243- Download Locations: 244 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.12/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 245 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.12/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 246 247meta-gplv2 248 249- Repository Location: :yocto_git:`/meta-gplv2` 250- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` 251- Tag: :yocto_git:`yocto-4.0.12 </meta-gplv2/log/?h=yocto-4.0.12>` 252- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` 253- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a 254- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d 255- Download Locations: 256 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.12/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 257 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.12/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 258 259bitbake 260 261- Repository Location: :oe_git:`/bitbake` 262- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` 263- Tag: :oe_git:`yocto-4.0.12 </bitbake/log/?h=yocto-4.0.12>` 264- Git Revision: :oe_git:`41b6684489d0261753344956042be2cc4adb0159 </bitbake/commit/?id=41b6684489d0261753344956042be2cc4adb0159>` 265- Release Artefact: bitbake-41b6684489d0261753344956042be2cc4adb0159 266- sha: efa2b1c4d0be115ed3960750d1e4ed958771b2db6d7baee2d13ad386589376e8 267- Download Locations: 268 http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.12/bitbake-41b6684489d0261753344956042be2cc4adb0159.tar.bz2 269 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.12/bitbake-41b6684489d0261753344956042be2cc4adb0159.tar.bz2 270 271yocto-docs 272 273- Repository Location: :yocto_git:`/yocto-docs` 274- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` 275- Tag: :yocto_git:`yocto-4.0.12 </yocto-docs/log/?h=yocto-4.0.12>` 276- Git Revision: :yocto_git:`4dfef81ac6164764c6541e39a9fef81d49227096 </yocto-docs/commit/?id=4dfef81ac6164764c6541e39a9fef81d49227096>` 277 278