Release notes for Yocto-4.1.3 (Langdale)

Security Fixes in Yocto-4.1.3

apr-util: Fix CVE-2022-25147
apr: Fix CVE-2022-24963 and CVE-2022-28331
bind: Fix CVE-2022-3094, CVE-2022-3736 and CVE-2022-3924
curl: Fix CVE-2022-43551 and CVE-2022-43552
dbus: Fix CVE-2022-42010, CVE-2022-42011 and CVE-2022-42012
git: Fix CVE-2022-23521, CVE-2022-39253, CVE-2022-39260 and CVE-2022-41903
git: Ignore CVE-2022-41953
go: Fix CVE-2022-41717 and CVE-2022-41720
grub2: Fix CVE-2022-2601 and CVE-2022-3775
less: Fix CVE-2022-46663
libarchive: Fix CVE-2022-36227
libksba: Fix CVE-2022-47629
openssl: Fix CVE-2022-3996
pkgconf: Fix CVE-2023-24056
ppp: Fix CVE-2022-4603
sudo: Fix CVE-2023-22809
tar: Fix CVE-2022-48303
vim: Fix CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433 and CVE-2023-0512
xserver-xorg: Fix CVE-2023-0494
xwayland: Fix CVE-2023-0494

Fixes in Yocto-4.1.3

apr-util: Upgrade to 1.6.3
apr: Upgrade to 1.7.2
apt: fix do_package_qa failure
at: Change when files are copied
base.bbclass: Fix way to check ccache path
bblayers/makesetup: skip git repos that are submodules
bblayers/setupwriters/oe-setup-layers: create dir if not exists
bind: Upgrade to 9.18.11
bitbake-layers: fix a typo
bitbake: bb/utils: include SSL certificate paths in export_proxies
bitbake: fetch2/git: Clarify the meaning of namespace
bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata
bitbake: process: log odd unlink events with bitbake.sock
bitbake: server/process: Add bitbake.sock race handling
bitbake: siggen: Fix inefficient string concatenation
bootchart2: Fix usrmerge support
bsp-guide: fix broken git URLs and missing word
build-appliance-image: Update to langdale head revision
buildtools-tarball: set pkg-config search path
busybox: Fix depmod patch
busybox: always start do_compile with orig config files
busybox: rm temporary files if do_compile was interrupted
cairo: fix CVE patches assigned wrong CVE number
classes/fs-uuid: Fix command output decoding issue
classes/populate_sdk_base: Append cleandirs
classes: image: Set empty weak default IMAGE_LINGUAS
cml1: remove redundant addtask
core-image.bbclass: Fix missing leading whitespace with ‘:append’
createrepo-c: Include missing rpm/rpmstring.h
curl: don’t enable debug builds
curl: fix dependencies when building with ldap/ldaps
cve-check: write the cve manifest to IMGDEPLOYDIR
cve-update-db-native: avoid incomplete updates
cve-update-db-native: show IP on failure
dbus: Upgrade to 1.14.6
dev-manual: common-tasks.rst: add link to FOSDEM 2023 video
dev-manual: fix old override syntax
devshell: Do not add scripts/git-intercept to PATH
devtool: fix devtool finish when gitmodules file is empty
devtool: process local files only for the main branch
dhcpcd: backport two patches to fix runtime error
dhcpcd: fix dhcpcd start failure on qemuppc64
diffutils: Upgrade to 3.9
ffmpeg: fix configure failure on noexec /tmp host
gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests
git: Upgrade to 2.37.6
glslang: branch rename master -> main
go: Upgrade to 1.19.4
gstreamer1.0 : Revert “disable flaky gstbin:test_watch_for_state_change test” and Fix race conditions in gstbin tests with upstream solution
harfbuzz: remove bindir only if it exists
httpserver: add error handler that write to the logger
image.bbclass: print all QA functions exceptions
kernel-fitimage: Adjust order of dtb/dtbo files
kernel-fitimage: Allow user to select dtb when multiple dtb exists
kernel-yocto: fix kernel-meta data detection
kernel/linux-kernel-base: Fix kernel build artefact determinism issues
lib/buildstats: handle tasks that never finished
lib/oe/reproducible: Use git log without gpg signature
libarchive: Upgrade to 3.6.2
libc-locale: Fix on target locale generation
libgit2: Upgrade to 1.5.1
libjpeg-turbo: Upgrade to 2.1.5.1
libksba: Upgrade to 1.6.3
libpng: Enable NEON for aarch64 to enensure consistency with arm32.
librsvg: Only enable the Vala bindings if GObject Introspection is enabled
librsvg: enable vapi build
libseccomp: fix for the ptest result format
libseccomp: fix typo in DESCRIPTION
libssh2: Clean up ptest patch/coverage
libtirpc: Check if file exists before operating on it
libusb1: Link with latomic only if compiler has no atomic builtins
libusb1: Strip trailing whitespaces
linux-firmware: add yamato fw files to qcom-adreno-a2xx package
linux-firmware: properly set license for all Qualcomm firmware
linux-firmware: Upgrade to 20230210
linux-yocto/5.15: fix perf build with clang
linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
linux-yocto/5.15: ltp and squashfs fixes
linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy
linux-yocto/5.15: Upgrade to v5.15.91
linux-yocto/5.19: fix perf build with clang
linux-yocto/5.19: powerpc: Fix reschedule bug in KUAP-unlocked user copy
lsof: fix old override syntax
lttng-modules: Fix for 5.10.163 kernel version
lttng-modules: fix for kernel 6.2+
lttng-modules: Upgrade to 2.13.8
lttng-tools: Upgrade to 2.13.9
make-mod-scripts: Ensure kernel build output is deterministic
manuals: update patchwork instance URL
mesa-gl: gallium is required when enabling x11
meta: remove True option to getVar and getVarFlag calls (again)
migration-guides: add release-notes for 4.0.7
native: Drop special variable handling
numactl: skip test case when target platform doesn’t have 2 CPU node
oeqa context.py: fix –target-ip comment to include ssh port number
oeqa dump.py: add error counter and stop after 5 failures
oeqa qemurunner.py: add timeout to QMP calls
oeqa qemurunner.py: try to avoid reading one character at a time
oeqa qemurunner: read more data at a time from serial
oeqa ssh.py: add connection keep alive options to ssh client
oeqa ssh.py: fix hangs in run()
oeqa ssh.py: move output prints to new line
oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal
oeqa/rpm.py: Increase timeout and add debug output
oeqa/selftest/debuginfod: improve testcase
oeqa/selftest/locales: Add selftest for locale generation/presence
oeqa/selftest/resulttooltests: fix minor typo
openssl: Upgrade to 3.0.8
opkg: ensure opkg uses private gpg.conf when applying keys.
pango: Upgrade to 1.50.12
perf: Enable debug/source packaging
pkgconf: Upgrade to 1.9.4
poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder
poky.conf: bump version for 4.1.3
populate_sdk_ext.bbclass: Fix missing leading whitespace with ‘:append’
profile-manual: update WireShark hyperlinks
ptest-packagelists.inc: Fix missing leading whitespace with ‘:append’
python3-pytest: depend on python3-tomli instead of python3-toml
quilt: fix intermittent failure in faildiff.test
quilt: use upstreamed faildiff.test fix
recipe_sanity: fix old override syntax
ref-manual: Fix invalid feature name
ref-manual: update DEV_PKG_DEPENDENCY in variables
ref-manual: variables.rst: fix broken hyperlink
rm_work.bbclass: use HOSTTOOLS ‘rm’ binary exclusively
runqemu: kill qemu if it hangs
rust: Do not use default compiler flags defined in CC crate
scons.bbclass: Make MAXLINELENGTH overridable
scons: Pass MAXLINELENGTH to scons invocation
sdkext/cases/devtool: pass a logger to HTTPService
selftest/virgl: use pkg-config from the host
spirv-headers/spirv-tools: set correct branch name
sstate.bbclass: Fetch non-existing local .sig files if needed
sstatesig: Improve output hash calculation
sudo: Upgrade to 1.9.12p2
system-requirements.rst: Add Fedora 36, AlmaLinux 8.7 & 9.1, and OpenSUSE 15.4 to list of supported distros
testimage: Fix error message to reflect new syntax
tiff: Add packageconfig knob for webp
toolchain-scripts: compatibility with unbound variable protection
uninative: Upgrade to 3.8.1 to include libgcc
update-alternatives: fix typos
vim: Upgrade to 9.0.1293
vulkan-samples: branch rename master -> main
wic: Fix usage of fstype=none in wic
wireless-regdb: Upgrade to 2023.02.13
xserver-xorg: Upgrade to 21.1.7
xwayland: Upgrade to 22.1.8