Release notes for Yocto-4.0.21 (Kirkstone)

Security Fixes in Yocto-4.0.21

• bind: Fix CVE-2024-4076, CVE-2024-1737, CVE-2024-0760 and CVE-2024-1975

• apr: Fix CVE-2023-49582

• busybox: Fix CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366 and CVE-2021-42380

• curl: Ignore CVE-2024-32928

• curl: Fix CVE-2024-7264

• ghostscript: Fix CVE-2024-29506, CVE-2024-29509 and CVE-2024-29511

• go: Fix CVE-2024-24789 and CVE-2024-24791

• gtk+3: Fix CVE-2024-6655

• libarchive: Ignore CVE-2024-37407

• libyaml: Ignore CVE-2024-35325, CVE-2024-35326 and CVE-2024-35328

• linux-yocto/5.15: Fix CVE-2022-48772, CVE-2024-35972, CVE-2024-35984, CVE-2024-35990, CVE-2024-35997, CVE-2024-36008, CVE-2024-36270, CVE-2024-36489, CVE-2024-36897, CVE-2024-36938, CVE-2024-36965, CVE-2024-36967, CVE-2024-36969, CVE-2024-36971, CVE-2024-36978, CVE-2024-38546, CVE-2024-38547, CVE-2024-38549, CVE-2024-38552, CVE-2024-38555, CVE-2024-38571, CVE-2024-38583, CVE-2024-38591, CVE-2024-38597, CVE-2024-38598, CVE-2024-38600, CVE-2024-38627, CVE-2024-38633, CVE-2024-38661, CVE-2024-38662, CVE-2024-38780, CVE-2024-39277, CVE-2024-39292, CVE-2024-39301, CVE-2024-39466, CVE-2024-39468, CVE-2024-39471, CVE-2024-39475, CVE-2024-39476, CVE-2024-39480, CVE-2024-39482, CVE-2024-39484, CVE-2024-39487, CVE-2024-39489, CVE-2024-39493, CVE-2024-39495, CVE-2024-39506, CVE-2024-40902, CVE-2024-40911, CVE-2024-40912, CVE-2024-40932, CVE-2024-40934, CVE-2024-40954, CVE-2024-40956, CVE-2024-40957, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960, CVE-2024-40961, CVE-2024-40967, CVE-2024-40970, CVE-2024-40980, CVE-2024-40981, CVE-2024-40994, CVE-2024-40995, CVE-2024-41000, CVE-2024-41002, CVE-2024-41006, CVE-2024-41007, CVE-2024-41046, CVE-2024-41049, CVE-2024-41055, CVE-2024-41064, CVE-2024-41070, CVE-2024-41073, CVE-2024-41087, CVE-2024-41089, CVE-2024-41092, CVE-2024-41093, CVE-2024-41095, CVE-2024-41097, CVE-2024-42068, CVE-2024-42070, CVE-2024-42076, CVE-2024-42077, CVE-2024-42080, CVE-2024-42082, CVE-2024-42085, CVE-2024-42090, CVE-2024-42093, CVE-2024-42094, CVE-2024-42101, CVE-2024-42102, CVE-2024-42104, CVE-2024-42109, CVE-2024-42140, CVE-2024-42148, CVE-2024-42152, CVE-2024-42153, CVE-2024-42154, CVE-2024-42157, CVE-2024-42161, CVE-2024-42223, CVE-2024-42224, CVE-2024-42225, CVE-2024-42229, CVE-2024-42232, CVE-2024-42236, CVE-2024-42244 and CVE-2024-42247

• llvm: Fix CVE-2023-46049 and CVE-2024-31852

• ofono: fix CVE-2023-2794

• orc: Fix CVE-2024-40897

• python3-certifi: Fix CVE-2024-39689

• python3-jinja2: Fix CVE-2024-34064

• python3: Fix CVE-2024-8088

• qemu: Fix CVE-2024-7409

• ruby: Fix for CVE-2024-27282

• tiff: Fix CVE-2024-7006

• vim: Fix CVE-2024-22667, CVE-2024-41957, CVE-2024-41965 and CVE-2024-43374

• wpa-supplicant: Fix CVE-2023-52160

Fixes in Yocto-4.0.21

• apr: upgrade to 1.7.5

• bind: Upgrade to 9.18.28

• bitbake: data_smart: Improve performance for VariableHistory

• build-appliance-image: Update to kirkstone head revision

• cryptodev-module: Fix build for linux 5.10.220

• gcc-runtime: remove bashism

• grub: fs/fat: Don’t error when mtime is 0

• image_types.bbclass: Use –force also with lz4,lzop

• libsoup: fix compile error on centos7

• linux-yocto/5.15: upgrade to v5.15.164

• lttng-modules: Upgrade to 2.13.14

• migration-guide: add release notes for 4.0.20

• orc: upgrade to 0.4.39

• poky.conf: bump version for 4.0.21

• python3-jinja2: upgrade to 3.1.4

• python3-pycryptodome(x): use python_setuptools_build_meta build class

• python3: add PACKAGECONFIG[editline]

• ref-manual: fix typo and move SYSROOT_DIRS example

• sqlite3: CVE_ID correction for CVE-2023-7104 as patched

• sqlite3: Rename patch for CVE-2022-35737

• uboot-sign: Fix index error in concat_dtb_helper() with multiple configs

• vim: upgrade to 9.1.0682

• wireless-regdb: upgrade to 2024.07.04

Known Issues in Yocto-4.0.21

• N/A

Contributors to Yocto-4.0.21

• Archana Polampalli

• Ashish Sharma

• Bruce Ashfield

• Deepthi Hemraj

• Divya Chellam

• Florian Amstutz

• Guocai He

• Hitendra Prajapati

• Hugo SIMELIERE

• Lee Chee Yang

• Leon Anavi

• Matthias Pritschet

• Ming Liu

• Niko Mauno

• Peter Marko

• Robert Yang

• Rohini Sangam

• Ross Burton

• Siddharth Doshi

• Soumya Sambu

• Steve Sakoman

• Vijay Anusuri

• Vrushti Dabhi

• Wang Mingyu

• Yogita Urade

Repositories / Downloads for Yocto-4.0.21

poky

• Repository Location: https://git.yoctoproject.org/poky

• Branch: kirkstone

• Tag: yocto-4.0.21

• Git Revision: 4cdc553814640851cce85f84ee9c0b58646cd33b

• Release Artefact: poky-4cdc553814640851cce85f84ee9c0b58646cd33b

• sha: 460e3a4ede491a9b66c5d262cd9498d5bcca1f2d880885342b08dc32b967f33d

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.21/poky-4cdc553814640851cce85f84ee9c0b58646cd33b.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.21/poky-4cdc553814640851cce85f84ee9c0b58646cd33b.tar.bz2

openembedded-core

• Repository Location: https://git.openembedded.org/openembedded-core

• Branch: kirkstone

• Tag: yocto-4.0.21

• Git Revision: c40a3fec49942ac6d25ba33e57e801a550e252c9

• Release Artefact: oecore-c40a3fec49942ac6d25ba33e57e801a550e252c9

• sha: afc2aaf312f9fb2590ae006615557ec605c98eff42bc380a1b2d6e39cfdf8930

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.21/oecore-c40a3fec49942ac6d25ba33e57e801a550e252c9.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.21/oecore-c40a3fec49942ac6d25ba33e57e801a550e252c9.tar.bz2

meta-mingw

• Repository Location: https://git.yoctoproject.org/meta-mingw

• Branch: kirkstone

• Tag: yocto-4.0.21

• Git Revision: f6b38ce3c90e1600d41c2ebb41e152936a0357d7

• Release Artefact: meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7

• sha: 7d57167c19077f4ab95623d55a24c2267a3a3fb5ed83688659b4c03586373b25

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.21/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.21/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2

meta-gplv2

• Repository Location: https://git.yoctoproject.org/meta-gplv2

• Branch: kirkstone

• Tag: yocto-4.0.21

• Git Revision: d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a

• Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a

• sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.21/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.21/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2

bitbake

• Repository Location: https://git.openembedded.org/bitbake

• Branch: 2.0

• Tag: yocto-4.0.21

• Git Revision: ec2a99a077da9aa0e99e8b05e0c65dcbd45864b1

• Release Artefact: bitbake-ec2a99a077da9aa0e99e8b05e0c65dcbd45864b1

• sha: 1cb102f4c8dbd067f0262072e4e629ec7cb423103111ccdde75a09fcb8f55e5f

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.21/bitbake-ec2a99a077da9aa0e99e8b05e0c65dcbd45864b1.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.21/bitbake-ec2a99a077da9aa0e99e8b05e0c65dcbd45864b1.tar.bz2

yocto-docs

• Repository Location: https://git.yoctoproject.org/yocto-docs

• Branch: kirkstone

• Tag: yocto-4.0.21

• Git Revision: 512025edd9b3b6b8d0938b35bb6188c9f3b7f17d