1.. SPDX-License-Identifier: CC-BY-SA-2.0-UK 2 3Release notes for Yocto-4.2.3 (Mickledore) 4------------------------------------------ 5 6Security Fixes in Yocto-4.2.3 7~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8 9- bind: Fix :cve_nist:`2023-2828` and :cve_nist:`2023-2911` 10- cups: Fix :cve_nist:`2023-34241` 11- dmidecode: Fix :cve_nist:`2023-30630` 12- erofs-utils: Fix :cve_nist:`2023-33551` and :cve_nist:`2023-33552` 13- ghostscript: Fix :cve_nist:`2023-36664` 14- go: Fix :cve_mitre:`2023-24531` 15- libarchive: ignore :cve_nist:`2023-30571` 16- libjpeg-turbo: Fix :cve_nist:`2023-2804` 17- libx11: Fix :cve_nist:`2023-3138` 18- ncurses: Fix :cve_nist:`2023-29491` 19- openssh: Fix :cve_nist:`2023-38408` 20- python3-certifi: Fix :cve_nist:`2023-37920` 21- python3-requests: Fix :cve_nist:`2023-32681` 22- python3: Ignore :cve_nist:`2023-36632` 23- qemu: fix :cve_nist:`2023-0330`, :cve_mitre:`2023-2861`, :cve_mitre:`2023-3255` and :cve_mitre:`2023-3301` 24- ruby: Fix :cve_nist:`2023-36617` 25- vim: Fix :cve_nist:`2023-2609` and :cve_nist:`2023-2610` 26- webkitgtk: Fix :cve_nist:`2023-27932` and :cve_nist:`2023-27954` 27 28 29Fixes in Yocto-4.2.3 30~~~~~~~~~~~~~~~~~~~~ 31 32- acpica: Update :term:`SRC_URI` 33- automake: fix buildtest patch 34- baremetal-helloworld: Fix race condition 35- bind: upgrade to v9.18.17 36- binutils: stable 2.40 branch updates 37- build-appliance-image: Update to mickledore head revision 38- cargo.bbclass: set up cargo environment in common do_compile 39- conf.py: add macro for Mitre CVE links 40- curl: ensure all ptest failures are caught 41- cve-update-nvd2-native: actually use API keys 42- cve-update-nvd2-native: fix cvssV3 metrics 43- cve-update-nvd2-native: handle all configuration nodes, not just first 44- cve-update-nvd2-native: increase retry count 45- cve-update-nvd2-native: log a little more 46- cve-update-nvd2-native: retry all errors and sleep between retries 47- cve-update-nvd2-native: use exact times, don't truncate 48- dev-manual: wic.rst: Update native tools build command 49- devtool/upgrade: raise an error if extracting source produces more than one directory 50- diffutils: upgrade to 3.10 51- docs: ref-manual: terms: fix typos in :term:`SPDX` term 52- file: fix the way path is written to environment-setup.d 53- file: return wrapper to fix builds when file is in buildtools-tarball 54- freetype: upgrade to 2.13.1 55- gcc-testsuite: Fix ppc cpu specification 56- gcc: don't pass --enable-standard-branch-protection 57- glibc-locale: use stricter matching for metapackages' runtime dependencies 58- glibc-testsuite: Fix network restrictions causing test failures 59- glibc/check-test-wrapper: don't emit warnings from ssh 60- go: upgrade to 1.20.6 61- gstreamer1.0: upgrade to 1.22.4 62- ifupdown: install missing directories 63- kernel-module-split add systemd modulesloaddir and modprobedir config 64- kernel-module-split: install config modules directories only when they are needed 65- kernel-module-split: make autoload and probeconf distribution specific 66- kernel-module-split: use context manager to open files 67- kernel: Fix path comparison in kernel staging dir symlinking 68- kernel: config modules directories are handled by kernel-module-split 69- kernel: don't fail if Modules.symvers doesn't exist 70- libassuan: upgrade to 2.5.6 71- libksba: upgrade to 1.6.4 72- libnss-nis: upgrade to 3.2 73- libproxy: fetch from git 74- libwebp: upgrade to 1.3.1 75- libx11: upgrade to 1.8.6 76- libxcrypt: fix hard-coded ".so" extension 77- linux-firmware : Add firmware of RTL8822 serie 78- linux-firmware: Fix mediatek mt7601u firmware path 79- linux-firmware: package firmare for Dragonboard 410c 80- linux-firmware: split platform-specific Adreno shaders to separate packages 81- linux-firmware: upgrade to 20230625 82- linux-yocto/5.15: update to v5.15.124 83- linux-yocto/6.1: cfg: update ima.cfg to match current meta-integrity 84- linux-yocto/6.1: upgrade to v6.1.38 85- ltp: Add kernel loopback module dependency 86- ltp: add :term:`RDEPENDS` on findutils 87- lttng-ust: upgrade to 2.13.6 88- machine/arch-arm64: add -mbranch-protection=standard 89- maintainers.inc: Modify email address 90- mdadm: add util-linux-blockdev ptest dependency 91- mdadm: fix 07revert-inplace ptest 92- mdadm: fix segfaults when running ptests 93- mdadm: fix util-linux ptest dependency 94- mdadm: re-add mdadm-ptest to PTESTS_SLOW 95- mdadm: skip running known broken ptests 96- meson.bbclass: Point to llvm-config from native sysroot 97- migration-guides: add release notes for 4.0.10 98- migration-guides: add release notes for 4.0.11 99- migration-guides: add release notes for 4.2.2 100- oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case 101- oeqa/runtime/ltp: Increase ltp test output timeout 102- oeqa/selftest/devtool: add unit test for "devtool add -b" 103- oeqa/ssh: Further improve process exit handling 104- oeqa/target/ssh: Ensure EAGAIN doesn't truncate output 105- oeqa/utils/nfs: allow requesting non-udp ports 106- openssh: upgrade to 9.3p2 107- openssl: add PERLEXTERNAL path to test its existence 108- openssl: use a glob on the PERLEXTERNAL to track updates on the path 109- opkg-utils: upgrade to 0.6.2 110- opkg: upgrade to 0.6.2 111- pkgconf: update :term:`SRC_URI` 112- poky.conf: bump version for 4.2.3 release 113- poky.conf: update :term:`SANITY_TESTED_DISTROS` to match autobuilder 114- ptest-runner: Pull in parallel test fixes and output handling 115- python3-certifi: upgrade to 2023.7.22 116- python3: fix missing comma in get_module_deps3.py 117- recipetool: Fix inherit in created -native* recipes 118- ref-manual: LTS releases now supported for 4 years 119- ref-manual: document image-specific variant of :term:`INCOMPATIBLE_LICENSE` 120- ref-manual: releases.svg: updates 121- resulttool/resultutils: allow index generation despite corrupt json 122- rootfs-postcommands.bbclass: Revert "add post func remove_unused_dnf_log_lock" 123- rootfs: Add debugfs package db file copy and cleanup 124- rootfs_rpm: don't depend on opkg-native for update-alternatives 125- rpm: Pick debugfs package db files/dirs explicitly 126- rust-common.bbclass: move musl-specific linking fix from rust-source.inc 127- scripts/oe-setup-builddir: copy conf-notes.txt to build dir 128- scripts/resulttool: add mention about new detected tests 129- selftest/cases/glibc.py: fix the override syntax 130- selftest/cases/glibc.py: increase the memory for testing 131- selftest/cases/glibc.py: switch to using NFS over TCP 132- shadow-sysroot: add license information 133- systemd-systemctl: fix errors in instance name expansion 134- taglib: upgrade to 1.13.1 135- target/ssh: Ensure exit code set for commands 136- tcf-agent: upgrade to 1.8.0 137- testimage/oeqa: Drop testimage_dump_host functionality 138- tiff: upgrade to 4.5.1 139- uboot-extlinux-config.bbclass: fix old override syntax in comment 140- util-linux: add alternative links for ipcs,ipcrm 141- vim: upgrade to 9.0.1592 142- webkitgtk: upgrade to 2.38.6 143- weston: Cleanup and fix x11 and xwayland dependencies 144 145 146Known Issues in Yocto-4.2.3 147~~~~~~~~~~~~~~~~~~~~~~~~~~~ 148 149- N/A 150 151 152Contributors to Yocto-4.2.3 153~~~~~~~~~~~~~~~~~~~~~~~~~~~ 154 155- Alejandro Hernandez Samaniego 156- Alex Kiernan 157- Alexander Kanavin 158- Alexis Lothoré 159- Andrej Valek 160- Anuj Mittal 161- Archana Polampalli 162- BELOUARGA Mohamed 163- Benjamin Bouvier 164- Bruce Ashfield 165- Changqing Li 166- Chen Qi 167- Daniel Semkowicz 168- Dmitry Baryshkov 169- Enrico Scholz 170- Etienne Cordonnier 171- Joe Slater 172- Joel Stanley 173- Jose Quaresma 174- Julien Stephan 175- Kai Kang 176- Khem Raj 177- Lee Chee Yang 178- Marek Vasut 179- Mark Hatle 180- Michael Halstead 181- Michael Opdenacker 182- Mingli Yu 183- Narpat Mali 184- Oleksandr Hnatiuk 185- Ovidiu Panait 186- Peter Marko 187- Quentin Schulz 188- Richard Purdie 189- Ross Burton 190- Sanjana 191- Sakib Sajal 192- Staffan Rydén 193- Steve Sakoman 194- Stéphane Veyret 195- Sudip Mukherjee 196- Thomas Roos 197- Tom Hochstein 198- Trevor Gamblin 199- Wang Mingyu 200- Yi Zhao 201- Yoann Congal 202- Yogita Urade 203- Yuta Hayama 204 205 206Repositories / Downloads for Yocto-4.2.3 207~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 208 209poky 210 211- Repository Location: :yocto_git:`/poky` 212- Branch: :yocto_git:`mickledore </poky/log/?h=mickledore>` 213- Tag: :yocto_git:`yocto-4.2.3 </poky/log/?h=yocto-4.2.3>` 214- Git Revision: :yocto_git:`aa63b25cbe25d89ab07ca11ee72c17cab68df8de </poky/commit/?id=aa63b25cbe25d89ab07ca11ee72c17cab68df8de>` 215- Release Artefact: poky-aa63b25cbe25d89ab07ca11ee72c17cab68df8de 216- sha: 9e2b40fc25f7984b3227126ec9b8aa68d3747c8821fb7bf8cb635fc143f894c3 217- Download Locations: 218 http://downloads.yoctoproject.org/releases/yocto/yocto-4.2.3/poky-aa63b25cbe25d89ab07ca11ee72c17cab68df8de.tar.bz2 219 http://mirrors.kernel.org/yocto/yocto/yocto-4.2.3/poky-aa63b25cbe25d89ab07ca11ee72c17cab68df8de.tar.bz2 220 221openembedded-core 222 223- Repository Location: :oe_git:`/openembedded-core` 224- Branch: :oe_git:`mickledore </openembedded-core/log/?h=mickledore>` 225- Tag: :oe_git:`yocto-4.2.3 </openembedded-core/log/?h=yocto-4.2.3>` 226- Git Revision: :oe_git:`7e3489c0c5970389c8a239dc7b367bcadf554eb5 </openembedded-core/commit/?id=7e3489c0c5970389c8a239dc7b367bcadf554eb5>` 227- Release Artefact: oecore-7e3489c0c5970389c8a239dc7b367bcadf554eb5 228- sha: 68620aca7c9db6b9a65d9853cacff4e60578f0df39e3e37114e062e1667ba724 229- Download Locations: 230 http://downloads.yoctoproject.org/releases/yocto/yocto-4.2.3/oecore-7e3489c0c5970389c8a239dc7b367bcadf554eb5.tar.bz2 231 http://mirrors.kernel.org/yocto/yocto/yocto-4.2.3/oecore-7e3489c0c5970389c8a239dc7b367bcadf554eb5.tar.bz2 232 233meta-mingw 234 235- Repository Location: :yocto_git:`/meta-mingw` 236- Branch: :yocto_git:`mickledore </meta-mingw/log/?h=mickledore>` 237- Tag: :yocto_git:`yocto-4.2.3 </meta-mingw/log/?h=yocto-4.2.3>` 238- Git Revision: :yocto_git:`92258028e1b5664a9f832541d5c4f6de0bd05e07 </meta-mingw/commit/?id=92258028e1b5664a9f832541d5c4f6de0bd05e07>` 239- Release Artefact: meta-mingw-92258028e1b5664a9f832541d5c4f6de0bd05e07 240- sha: ee081460b5dff4fb8dd4869ce5631718dbaaffbede9532b879b854c18f1b3f5d 241- Download Locations: 242 http://downloads.yoctoproject.org/releases/yocto/yocto-4.2.3/meta-mingw-92258028e1b5664a9f832541d5c4f6de0bd05e07.tar.bz2 243 http://mirrors.kernel.org/yocto/yocto/yocto-4.2.3/meta-mingw-92258028e1b5664a9f832541d5c4f6de0bd05e07.tar.bz2 244 245bitbake 246 247- Repository Location: :oe_git:`/bitbake` 248- Branch: :oe_git:`2.4 </bitbake/log/?h=2.4>` 249- Tag: :oe_git:`yocto-4.2.3 </bitbake/log/?h=yocto-4.2.3>` 250- Git Revision: :oe_git:`08033b63ae442c774bd3fce62844eac23e6882d7 </bitbake/commit/?id=08033b63ae442c774bd3fce62844eac23e6882d7>` 251- Release Artefact: bitbake-08033b63ae442c774bd3fce62844eac23e6882d7 252- sha: 1d070c133bfb6502ac04befbf082cbfda7582c8b1c48296a788384352e5061fd 253- Download Locations: 254 http://downloads.yoctoproject.org/releases/yocto/yocto-4.2.3/bitbake-08033b63ae442c774bd3fce62844eac23e6882d7.tar.bz2 255 http://mirrors.kernel.org/yocto/yocto/yocto-4.2.3/bitbake-08033b63ae442c774bd3fce62844eac23e6882d7.tar.bz2 256 257yocto-docs 258 259- Repository Location: :yocto_git:`/yocto-docs` 260- Branch: :yocto_git:`mickledore </yocto-docs/log/?h=mickledore>` 261- Tag: :yocto_git:`yocto-4.2.3 </yocto-docs/log/?h=yocto-4.2.3>` 262- Git Revision: :yocto_git:`8e6752a9e55d16f3713e248b37f9d4d2745a2375 </yocto-docs/commit/?id=8e6752a9e55d16f3713e248b37f9d4d2745a2375>` 263 264