1.. SPDX-License-Identifier: CC-BY-SA-2.0-UK 2 3Release notes for Yocto-4.0.23 (Kirkstone) 4------------------------------------------ 5 6Security Fixes in Yocto-4.0.23 7~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8 9- ``curl``: Fix :cve_nist:`2024-9681` 10- ``expat``: Fix :cve_nist:`2024-50602` 11- ``gcc``: Ignore :cve_nist:`2023-4039` 12- ``ghostscript``: Fix :cve_nist:`2023-46361` and :cve_nist:`2024-29508` 13- ``gstreamer1.0``: Ignore :cve_nist:`2024-0444` 14- ``libarchive``: Fix :cve_nist:`2024-48957` and :cve_nist:`2024-48958` 15- ``openssl``: Fix :cve_nist:`2024-9143` 16- ``orc``: Fix :cve_nist:`2024-40897` 17- ``python3``: Ignore :cve_nist:`2023-27043`, :cve_nist:`2024-6232` and :cve_nist:`2024-7592` 18- ``qemu``: Fix :cve_nist:`2023-3019` 19- ``vim``: Fix :cve_nist:`2024-43790`, :cve_nist:`2024-43802`, :cve_nist:`2024-45306` and :cve_nist:`2024-47814` 20- ``zstd``: Fix :cve_nist:`2022-4899` 21 22 23Fixes in Yocto-4.0.23 24~~~~~~~~~~~~~~~~~~~~~ 25 26- at-spi2-core: backport a patch to fix build with gcc-14 on host 27- bitbake: bitbake: doc/user-manual: Update the BB_HASHSERVE_UPSTREAM 28- bitbake: codeparser: Fix handling of string AST nodes with older Python versions 29- bitbake: fetch2/git: Use quote from shlex, not pipes 30- bitbake: gitsm: Add call_process_submodules() to remove duplicated code 31- bitbake: gitsm: Remove downloads/tmpdir when failed 32- bitbake: tests/fetch: Use our own mirror of mobile-broadband-provider to decouple from gnome gitlab 33- bitbake: tests/fetch: Use our own mirror of sysprof to decouple from gnome gitlab 34- bmap-tools: update :term:`HOMEPAGE` and :term:`SRC_URI` 35- build-appliance-image: Update to kirkstone head revision 36- cmake: Fix sporadic issues when determining compiler internals 37- cracklib: Modify patch to compile with GCC 14 38- cve-check: add CVSS vector string to CVE database and reports 39- cve-check: add support for cvss v4.0 40- cve_check: Use a local copy of the database during builds 41- dev-manual: document how to provide confs from layer.conf 42- documentation: Makefile: add SPHINXLINTDOCS to specify subset to sphinx-lint 43- documentation: Makefile: fix epub and latexpdf targets 44- documentation: README: add instruction to run Vale on a subset 45- documentation: brief-yoctoprojectqs: update BB_HASHSERVE_UPSTREAM for new infrastructure 46- documentation: conf.py: add a bitbake_git extlink 47- documentation: rename :cve: role to :cve_nist: 48- documentation: styles: vocabularies: Yocto: add sstate 49- documnetation: contributor-guide: Remove duplicated words 50- gcc: restore a patch for Neoverse N2 core 51- glib-2.0: patch regression of :cve_nist:`2023-32665` 52- kmscube: create_framebuffer: backport modifier fix 53- libffi: backport a fix to build libffi-native with gcc-14 54- linux-firmware: Upgrade to 20240909 55- local.conf.sample: update BB_HASHSERVE_UPSTREAM for new infrastructure 56- migration-guide: add release notes for 4.0.22 57- migration-guide: release-notes-4.0: update BB_HASHSERVE_UPSTREAM for new infrastructure 58- nativesdk-intercept: Fix bad intercept chgrp/chown logic 59- orc: Upgrade to 0.4.40 60- overlayfs-etc: add option to skip creation of mount dirs 61- overview-manual: concepts: add details on package splitting 62- package: Switch debug source handling to use prefix map 63- patch.py: Use shlex instead of deprecated pipe 64- poky.conf: bump version for 4.0.23 65- pseudo: Disable LFS on 32bit arches 66- pseudo: Fix envp bug and add posix_spawn wrapper 67- pseudo: Fix to work with glibc 2.40 68- pseudo: Switch back to the master branch 69- pseudo: Update to include logic fix 70- pseudo: Update to include open symlink handling bugfix 71- pseudo: Update to pull in fchmodat fix 72- pseudo: Update to pull in fd leak fix 73- pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept 74- pseudo: Update to pull in linux-libc-headers race fix 75- pseudo: Update to pull in python 3.12+ fix 76- pseudo: Update to pull in syncfs probe fix 77- ref-manual: add description for the "sysroot" term 78- ref-manual: add missing CVE_CHECK manifest variables 79- ref-manual: add missing :term:`EXTERNAL_KERNEL_DEVICETREE` variable 80- ref-manual: add missing :term:`OPKGBUILDCMD` variable 81- ref-manual: devtool-reference: document missing commands 82- ref-manual: devtool-reference: refresh example outputs 83- ref-manual: introduce :term:`CVE_CHECK_REPORT_PATCHED` variable 84- ref-manual: release-process: add a reference to the doc's release 85- ref-manual: release-process: refresh the current LTS releases 86- ref-manual: release-process: update releases.svg 87- ref-manual: release-process: update releases.svg with month after "Current" 88- ref-manual: structure.rst: document missing tmp/ dirs 89- ref-manual: variables: add SIGGEN_LOCKEDSIGS* variables 90- syslinux: Disable error on implicit-function-declaration 91- util-linux: Define pidfd_* function signatures 92- vala: add -Wno-error=incompatible-pointer-types work around 93- vim: Upgrade to 9.1.0764 94- xmlto: backport a patch to fix build with gcc-14 on host 95- zip: Fix build with gcc-14 96- zip: Make configure checks to be more robust 97 98 99Known Issues in Yocto-4.0.23 100~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 101 102-N/A 103 104 105Contributors to Yocto-4.0.23 106~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 107 108- Aleksandar Nikolic 109- Alexandre Belloni 110- Antoine Lubineau 111- Antonin Godard 112- Archana Polampalli 113- Ashish Sharma 114- Baruch Siach 115- Eilís 'pidge' Ní Fhlannagáin 116- Jose Quaresma 117- Julien Stephan 118- Khem Raj 119- Lee Chee Yang 120- Macpaul Lin 121- Martin Jansa 122- Michael Opdenacker 123- Ola x Nilsson 124- Peter Marko 125- Philip Lorenz 126- Randolph Sapp 127- Richard Purdie 128- Robert Yang 129- Rohini Sangam 130- Ruiqiang Hao 131- Siddharth Doshi 132- Steve Sakoman 133- Talel BELHAJSALEM 134- Wang Mingyu 135- Yogita Urade 136- Zoltan Boszormenyi 137 138 139Repositories / Downloads for Yocto-4.0.23 140~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 141 142poky 143 144- Repository Location: :yocto_git:`/poky` 145- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` 146- Tag: :yocto_git:`yocto-4.0.23 </poky/log/?h=yocto-4.0.23>` 147- Git Revision: :yocto_git:`8e092852b63e998d990b8f8e1aa91297dec4430f </poky/commit/?id=8e092852b63e998d990b8f8e1aa91297dec4430f>` 148- Release Artefact: poky-8e092852b63e998d990b8f8e1aa91297dec4430f 149- sha: 339d34d8432070dac948449e732ebf06a888eeb27ff548958b2395c9446b029d 150- Download Locations: 151 https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/poky-8e092852b63e998d990b8f8e1aa91297dec4430f.tar.bz2 152 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/poky-8e092852b63e998d990b8f8e1aa91297dec4430f.tar.bz2 153 154openembedded-core 155 156- Repository Location: :oe_git:`/openembedded-core` 157- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` 158- Tag: :oe_git:`yocto-4.0.23 </openembedded-core/log/?h=yocto-4.0.23>` 159- Git Revision: :oe_git:`fb45c5cf8c2b663af293acb069d446610f77ff1a </openembedded-core/commit/?id=fb45c5cf8c2b663af293acb069d446610f77ff1a>` 160- Release Artefact: oecore-fb45c5cf8c2b663af293acb069d446610f77ff1a 161- sha: 1d394370ea7d43fb885ab8a952d6d1e43f1a850745a5152d5ead5565a283a0f5 162- Download Locations: 163 https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/oecore-fb45c5cf8c2b663af293acb069d446610f77ff1a.tar.bz2 164 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/oecore-fb45c5cf8c2b663af293acb069d446610f77ff1a.tar.bz2 165 166meta-mingw 167 168- Repository Location: :yocto_git:`/meta-mingw` 169- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` 170- Tag: :yocto_git:`yocto-4.0.23 </meta-mingw/log/?h=yocto-4.0.23>` 171- Git Revision: :yocto_git:`87c22abb1f11be430caf4372e6b833dc7d77564e </meta-mingw/commit/?id=87c22abb1f11be430caf4372e6b833dc7d77564e>` 172- Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e 173- sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8 174- Download Locations: 175 https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2 176 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2 177 178meta-gplv2 179 180- Repository Location: :yocto_git:`/meta-gplv2` 181- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` 182- Tag: :yocto_git:`yocto-4.0.23 </meta-gplv2/log/?h=yocto-4.0.23>` 183- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` 184- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a 185- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d 186- Download Locations: 187 https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 188 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 189 190bitbake 191 192- Repository Location: :oe_git:`/bitbake` 193- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` 194- Tag: :oe_git:`yocto-4.0.23 </bitbake/log/?h=yocto-4.0.23>` 195- Git Revision: :oe_git:`fb73c495c45d1d4107cfd60b67a5b4f11a99647b </bitbake/commit/?id=fb73c495c45d1d4107cfd60b67a5b4f11a99647b>` 196- Release Artefact: bitbake-fb73c495c45d1d4107cfd60b67a5b4f11a99647b 197- sha: 5cd271299951f25912a2e8d4de6d8769a4c0bb3bbcfc90815be41f23fd299a0b 198- Download Locations: 199 https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.23/bitbake-fb73c495c45d1d4107cfd60b67a5b4f11a99647b.tar.bz2 200 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.23/bitbake-fb73c495c45d1d4107cfd60b67a5b4f11a99647b.tar.bz2 201 202yocto-docs 203 204- Repository Location: :yocto_git:`/yocto-docs` 205- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` 206- Tag: :yocto_git:`yocto-4.0.23 </yocto-docs/log/?h=yocto-4.0.23>` 207- Git Revision: :yocto_git:`TBD </yocto-docs/commit/?id=TBD>` 208 209 210