Release notes for Yocto-4.0.2 (Kirkstone)

Security Fixes in Yocto-4.0.2

libxslt: Mark CVE-2022-29824 as not applying
tiff: Add jbig PACKAGECONFIG and clarify IGNORE CVE-2022-1210
tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid
pcre2:fix CVE-2022-1586 Out-of-bounds read
curl: fix CVE-2022-22576, CVE-2022-27775, CVE-2022-27776, CVE-2022-27774, CVE-2022-30115, CVE-2022-27780, CVE-2022-27781, CVE-2022-27779 and CVE-2022-27782
qemu: fix CVE-2021-4206 and CVE-2021-4207
freetype: fix CVE-2022-27404, CVE-2022-27405 and CVE-2022-27406

Fixes in Yocto-4.0.2

alsa-plugins: fix libavtp vs. avtp packageconfig
archiver: don’t use machine variables in shared recipes
archiver: use bb.note instead of echo
baremetal-image: fix broken symlink in do_rootfs
base-passwd: Disable shell for default users
bash: submit patch upstream
bind: upgrade 9.18.1 -> 9.18.2
binutils: Bump to latest 2.38 release branch
bitbake.conf: Make TCLIBC and TCMODE lazy assigned
bitbake: build: Add clean_stamp API function to allow removal of task stamps
bitbake: data: Do not depend on vardepvalueexclude flag
bitbake: fetch2/osc: Small fixes for osc fetcher
bitbake: server/process: Fix logging issues where only the first message was displayed
build-appliance-image: Update to kirkstone head revision
buildhistory.bbclass: fix shell syntax when using dash
cairo: Add missing GPLv3 license checksum entry
classes: rootfs-postcommands: add skip option to overlayfs_qa_check
cronie: upgrade 1.6.0 -> 1.6.1
cups: upgrade 2.4.1 -> 2.4.2
cve-check.bbclass: Added do_populate_sdk[recrdeptask].
cve-check: Add helper for symlink handling
cve-check: Allow warnings to be disabled
cve-check: Fix report generation
cve-check: Only include installed packages for rootfs manifest
cve-check: add support for Ignored CVEs
cve-check: fix return type in check_cves
cve-check: move update_symlinks to a library
cve-check: write empty fragment files in the text mode
cve-extra-exclusions: Add kernel CVEs
cve-update-db-native: make it possible to disable database updates
devtool: Fix _copy_file() TypeError
e2fsprogs: add alternatives handling of lsattr as well
e2fsprogs: update upstream status
efivar: add musl libc compatibility
epiphany: upgrade 42.0 -> 42.2
ffmpeg: upgrade 5.0 -> 5.0.1
fribidi: upgrade 1.0.11 -> 1.0.12
gcc-cross-canadian: Add nativesdk-zstd dependency
gcc-source: Fix incorrect task dependencies from ${B}
gcc: Upgrade to 11.3 release
gcc: depend on zstd-native
git: fix override syntax in RDEPENDS
glib-2.0: upgrade 2.72.1 -> 2.72.2
glibc: Drop make-native dependency
go: upgrade 1.17.8 -> 1.17.10
gst-devtools: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2
gstreamer1.0: upgrade 1.20.1 -> 1.20.2
gtk+3: upgrade 3.24.33 -> 3.24.34
gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2
image.bbclass: allow overriding dependency on virtual/kernel:do_deploy
insane.bbclass: make sure to close .patch files
iso-codes: upgrade 4.9.0 -> 4.10.0
kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task
libcgroup: upgrade 2.0.1 -> 2.0.2
liberror-perl: Update sstate/equiv versions to clean cache
libinput: upgrade 1.19.3 -> 1.19.4
libpcre2: upgrade 10.39 -> 10.40
librepo: upgrade 1.14.2 -> 1.14.3
libseccomp: Add missing files for ptests
libseccomp: Correct LIC_FILES_CHKSUM
libxkbcommon: upgrade 1.4.0 -> 1.4.1
libxml2: Upgrade 2.9.13 -> 2.9.14
license.bbclass: Bound beginline and endline in copy_license_files()
license_image.bbclass: Make QA errors fail the build
linux-firmware: add support for building snapshots
linux-firmware: package new Qualcomm firmware
linux-firmware: replace mkdir by install
linux-firmware: split ath3k firmware
linux-firmware: upgrade to 20220610
linux-yocto/5.10: update to v5.10.119
linux-yocto/5.15: Enable MDIO bus config
linux-yocto/5.15: bpf: explicitly disable unpriv eBPF by default
linux-yocto/5.15: cfg/xen: Move x86 configs to separate file
linux-yocto/5.15: update to v5.15.44
local.conf.sample: Update sstate url to new ‘all’ path
logrotate: upgrade 3.19.0 -> 3.20.1
lttng-modules: Fix build failure for 5.10.119+ and 5.15.44+ kernel
lttng-modules: fix build against 5.18-rc7+
lttng-modules: fix shell syntax
lttng-ust: upgrade 2.13.2 -> 2.13.3
lzo: Add further info to a patch and mark as Inactive-Upstream
makedevs: Don’t use COPYING.patch just to add license file into ${S}
manuals: switch to the sstate mirror shared between all versions
mesa.inc: package 00-radv-defaults.conf
mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again
mesa: upgrade to 22.0.3
meson.bbclass: add cython binary to cross/native toolchain config
mmc-utils: upgrade to latest revision
mobile-broadband-provider-info: upgrade 20220315 -> 20220511
ncurses: update to patchlevel 20220423
oeqa/selftest/cve_check: add tests for Ignored and partial reports
oeqa/selftest/cve_check: add tests for recipe and image reports
oescripts: change compare logic in OEListPackageconfigTests
openssl: Backport fix for ptest cert expiry
overlayfs: add docs about skipping QA check & service dependencies
ovmf: Fix native build with gcc-12
patch.py: make sure that patches/series file exists before quilt pop
pciutils: avoid lspci conflict with busybox
perl: Add dependency on make-native to avoid race issues
perl: Fix build with gcc-12
poky.conf: bump version for 4.0.2
popt: fix override syntax in RDEPENDS
pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
python3: Ensure stale empty python module directories don’t break the build
python3: Remove problematic paths from sysroot files
python3: fix reproducibility issue with python3-core
python3: use built-in distutils for ptest, rather than setuptools’ ‘fork’
python: Avoid shebang overflow on python-config.py
rootfs-postcommands.bbclass: correct comments
rootfs.py: close kernel_abi_ver_file
rootfs.py: find .ko.zst kernel modules
rust-common: Drop LLVM_TARGET and simplify
rust-common: Ensure sstate signatures have correct dependencues for do_rust_gen_targets
rust-common: Fix for target definitions returning ‘NoneType’ for arm
rust-common: Fix native signature dependency issues
rust-common: Fix sstate signatures between arm hf and non-hf
sanity: Don’t warn about make 4.2.1 for mint
sanity: Switch to make 4.0 as a minimum version
sed: Specify shell for “nobody” user in run-ptest
selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES
selftest/multiconfig: Test that multiconfigs in separate layers works
sqlite3: upgrade to 3.38.5
staging.bbclass: process direct dependencies in deterministic order
staging: Fix rare sysroot corruption issue
strace: Don’t run ptest as “nobody”
systemd: Correct 0001-pass-correct-parameters-to-getdents64.patch
systemd: Correct path returned in sd_path_lookup()
systemd: Document future actions needed for set of musl patches
systemd: Drop 0001-test-parse-argument-Include-signal.h.patch
systemd: Drop 0002-don-t-use-glibc-specific-qsort_r.patch
systemd: Drop 0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
systemd: Drop redundant musl patches
systemd: Fix build regression with latest update
systemd: Remove __compare_fn_t type in musl-specific patch
systemd: Update patch status
systemd: systemd-systemctl: Support instance conf files during enable
systemd: update 0008-add-missing-FTW_-macros-for-musl.patch
systemd: upgrade 250.4 -> 250.5
uboot-sign: Fix potential index error issues
valgrind: submit arm patches upstream
vim: Upgrade to 8.2.5083
webkitgtk: upgrade to 2.36.3
wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions
xwayland: upgrade 22.1.0 -> 22.1.1
xxhash: fix build with gcc 12
zip/unzip: mark all submittable patches as Inactive-Upstream