1.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
2
3Release notes for Yocto-4.0.23 (Kirkstone)
4------------------------------------------
5
6Security Fixes in Yocto-4.0.23
7~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
8
9-  ``curl``: Fix :cve_nist:`2024-9681`
10-  ``expat``: Fix :cve_nist:`2024-50602`
11-  ``gcc``: Ignore :cve_nist:`2023-4039`
12-  ``ghostscript``: Fix :cve_nist:`2023-46361` and :cve_nist:`2024-29508`
13-  ``gstreamer1.0``: Ignore :cve_nist:`2024-0444`
14-  ``libarchive``: Fix :cve_nist:`2024-48957` and :cve_nist:`2024-48958`
15-  ``openssl``: Fix :cve_nist:`2024-9143`
16-  ``orc``: Fix :cve_nist:`2024-40897`
17-  ``python3``: Ignore :cve_nist:`2023-27043`, :cve_nist:`2024-6232` and :cve_nist:`2024-7592`
18-  ``qemu``: Fix :cve_nist:`2023-3019`
19-  ``vim``: Fix :cve_nist:`2024-43790`, :cve_nist:`2024-43802`, :cve_nist:`2024-45306` and :cve_nist:`2024-47814`
20-  ``zstd``: Fix :cve_nist:`2022-4899`
21
22
23Fixes in Yocto-4.0.23
24~~~~~~~~~~~~~~~~~~~~~
25
26-  at-spi2-core: backport a patch to fix build with gcc-14 on host
27-  bitbake: bitbake: doc/user-manual: Update the BB_HASHSERVE_UPSTREAM
28-  bitbake: codeparser: Fix handling of string AST nodes with older Python versions
29-  bitbake: fetch2/git: Use quote from shlex, not pipes
30-  bitbake: gitsm: Add call_process_submodules() to remove duplicated code
31-  bitbake: gitsm: Remove downloads/tmpdir when failed
32-  bitbake: tests/fetch: Use our own mirror of mobile-broadband-provider to decouple from gnome gitlab
33-  bitbake: tests/fetch: Use our own mirror of sysprof to decouple from gnome gitlab
34-  bmap-tools: update :term:`HOMEPAGE` and :term:`SRC_URI`
35-  build-appliance-image: Update to kirkstone head revision
36-  cmake: Fix sporadic issues when determining compiler internals
37-  cracklib: Modify patch to compile with GCC 14
38-  cve-check: add CVSS vector string to CVE database and reports
39-  cve-check: add support for cvss v4.0
40-  cve_check: Use a local copy of the database during builds
41-  dev-manual: document how to provide confs from layer.conf
42-  documentation: Makefile: add SPHINXLINTDOCS to specify subset to sphinx-lint
43-  documentation: Makefile: fix epub and latexpdf targets
44-  documentation: README: add instruction to run Vale on a subset
45-  documentation: brief-yoctoprojectqs: update BB_HASHSERVE_UPSTREAM for new infrastructure
46-  documentation: conf.py: add a bitbake_git extlink
47-  documentation: rename :cve: role to :cve_nist:
48-  documentation: styles: vocabularies: Yocto: add sstate
49-  documnetation: contributor-guide: Remove duplicated words
50-  gcc: restore a patch for Neoverse N2 core
51-  glib-2.0: patch regression of :cve_nist:`2023-32665`
52-  kmscube: create_framebuffer: backport modifier fix
53-  libffi: backport a fix to build libffi-native with gcc-14
54-  linux-firmware: Upgrade to 20240909
55-  local.conf.sample: update BB_HASHSERVE_UPSTREAM for new infrastructure
56-  migration-guide: add release notes for 4.0.22
57-  migration-guide: release-notes-4.0: update BB_HASHSERVE_UPSTREAM for new infrastructure
58-  nativesdk-intercept: Fix bad intercept chgrp/chown logic
59-  orc: Upgrade to  0.4.40
60-  overlayfs-etc: add option to skip creation of mount dirs
61-  overview-manual: concepts: add details on package splitting
62-  package: Switch debug source handling to use prefix map
63-  patch.py: Use shlex instead of deprecated pipe
64-  poky.conf: bump version for 4.0.23
65-  pseudo: Disable LFS on 32bit arches
66-  pseudo: Fix envp bug and add posix_spawn wrapper
67-  pseudo: Fix to work with glibc 2.40
68-  pseudo: Switch back to the master branch
69-  pseudo: Update to include logic fix
70-  pseudo: Update to include open symlink handling bugfix
71-  pseudo: Update to pull in fchmodat fix
72-  pseudo: Update to pull in fd leak fix
73-  pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept
74-  pseudo: Update to pull in linux-libc-headers race fix
75-  pseudo: Update to pull in python 3.12+ fix
76-  pseudo: Update to pull in syncfs probe fix
77-  ref-manual: add description for the "sysroot" term
78-  ref-manual: add missing CVE_CHECK manifest variables
79-  ref-manual: add missing :term:`EXTERNAL_KERNEL_DEVICETREE` variable
80-  ref-manual: add missing :term:`OPKGBUILDCMD` variable
81-  ref-manual: devtool-reference: document missing commands
82-  ref-manual: devtool-reference: refresh example outputs
83-  ref-manual: introduce :term:`CVE_CHECK_REPORT_PATCHED` variable
84-  ref-manual: release-process: add a reference to the doc's release
85-  ref-manual: release-process: refresh the current LTS releases
86-  ref-manual: release-process: update releases.svg
87-  ref-manual: release-process: update releases.svg with month after "Current"
88-  ref-manual: structure.rst: document missing tmp/ dirs
89-  ref-manual: variables: add SIGGEN_LOCKEDSIGS* variables
90-  syslinux: Disable error on implicit-function-declaration
91-  util-linux: Define pidfd_* function signatures
92-  vala: add -Wno-error=incompatible-pointer-types work around
93-  vim: Upgrade to 9.1.0764
94-  xmlto: backport a patch to fix build with gcc-14 on host
95-  zip: Fix build with gcc-14
96-  zip: Make configure checks to be more robust
97
98
99Known Issues in Yocto-4.0.23
100~~~~~~~~~~~~~~~~~~~~~~~~~~~~
101
102-N/A
103
104
105Contributors to Yocto-4.0.23
106~~~~~~~~~~~~~~~~~~~~~~~~~~~~
107
108-  Aleksandar Nikolic
109-  Alexandre Belloni
110-  Antoine Lubineau
111-  Antonin Godard
112-  Archana Polampalli
113-  Ashish Sharma
114-  Baruch Siach
115-  Eilís 'pidge' Ní Fhlannagáin
116-  Jose Quaresma
117-  Julien Stephan
118-  Khem Raj
119-  Lee Chee Yang
120-  Macpaul Lin
121-  Martin Jansa
122-  Michael Opdenacker
123-  Ola x Nilsson
124-  Peter Marko
125-  Philip Lorenz
126-  Randolph Sapp
127-  Richard Purdie
128-  Robert Yang
129-  Rohini Sangam
130-  Ruiqiang Hao
131-  Siddharth Doshi
132-  Steve Sakoman
133-  Talel BELHAJSALEM
134-  Wang Mingyu
135-  Yogita Urade
136-  Zoltan Boszormenyi
137
138
139Repositories / Downloads for Yocto-4.0.23
140~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
141
142poky
143
144-  Repository Location: :yocto_git:`/poky`
145-  Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
146-  Tag:  :yocto_git:`yocto-4.0.23 </poky/log/?h=yocto-4.0.23>`
147-  Git Revision: :yocto_git:`8e092852b63e998d990b8f8e1aa91297dec4430f </poky/commit/?id=8e092852b63e998d990b8f8e1aa91297dec4430f>`
148-  Release Artefact: poky-8e092852b63e998d990b8f8e1aa91297dec4430f
149-  sha: 339d34d8432070dac948449e732ebf06a888eeb27ff548958b2395c9446b029d
150-  Download Locations:
151   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/poky-8e092852b63e998d990b8f8e1aa91297dec4430f.tar.bz2
152   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/poky-8e092852b63e998d990b8f8e1aa91297dec4430f.tar.bz2
153
154openembedded-core
155
156-  Repository Location: :oe_git:`/openembedded-core`
157-  Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
158-  Tag:  :oe_git:`yocto-4.0.23 </openembedded-core/log/?h=yocto-4.0.23>`
159-  Git Revision: :oe_git:`fb45c5cf8c2b663af293acb069d446610f77ff1a </openembedded-core/commit/?id=fb45c5cf8c2b663af293acb069d446610f77ff1a>`
160-  Release Artefact: oecore-fb45c5cf8c2b663af293acb069d446610f77ff1a
161-  sha: 1d394370ea7d43fb885ab8a952d6d1e43f1a850745a5152d5ead5565a283a0f5
162-  Download Locations:
163   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/oecore-fb45c5cf8c2b663af293acb069d446610f77ff1a.tar.bz2
164   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/oecore-fb45c5cf8c2b663af293acb069d446610f77ff1a.tar.bz2
165
166meta-mingw
167
168-  Repository Location: :yocto_git:`/meta-mingw`
169-  Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
170-  Tag:  :yocto_git:`yocto-4.0.23 </meta-mingw/log/?h=yocto-4.0.23>`
171-  Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>`
172-  Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
173-  sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
174-  Download Locations:
175   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
176   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
177
178meta-gplv2
179
180-  Repository Location: :yocto_git:`/meta-gplv2`
181-  Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
182-  Tag:  :yocto_git:`yocto-4.0.23 </meta-gplv2/log/?h=yocto-4.0.23>`
183-  Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
184-  Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
185-  sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
186-  Download Locations:
187   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
188   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
189
190bitbake
191
192-  Repository Location: :oe_git:`/bitbake`
193-  Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
194-  Tag:  :oe_git:`yocto-4.0.23 </bitbake/log/?h=yocto-4.0.23>`
195-  Git Revision: :oe_git:`fb73c495c45d1d4107cfd60b67a5b4f11a99647b </bitbake/commit/?id=fb73c495c45d1d4107cfd60b67a5b4f11a99647b>`
196-  Release Artefact: bitbake-fb73c495c45d1d4107cfd60b67a5b4f11a99647b
197-  sha: 5cd271299951f25912a2e8d4de6d8769a4c0bb3bbcfc90815be41f23fd299a0b
198-  Download Locations:
199   https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/bitbake-fb73c495c45d1d4107cfd60b67a5b4f11a99647b.tar.bz2
200   https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/bitbake-fb73c495c45d1d4107cfd60b67a5b4f11a99647b.tar.bz2
201
202yocto-docs
203
204-  Repository Location: :yocto_git:`/yocto-docs`
205-  Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
206-  Tag: :yocto_git:`yocto-4.0.23 </yocto-docs/log/?h=yocto-4.0.23>`
207-  Git Revision: :yocto_git:`TBD </yocto-docs/commit/?id=TBD>`
208
209
210