Release notes for Yocto-4.2.3 (Mickledore)

Security Fixes in Yocto-4.2.3

bind: Fix CVE-2023-2828 and CVE-2023-2911
cups: Fix CVE-2023-34241
dmidecode: Fix CVE-2023-30630
erofs-utils: Fix CVE-2023-33551 and CVE-2023-33552
ghostscript: Fix CVE-2023-36664
go: Fix CVE-2023-24531
libarchive: ignore CVE-2023-30571
libjpeg-turbo: Fix CVE-2023-2804
libx11: Fix CVE-2023-3138
ncurses: Fix CVE-2023-29491
openssh: Fix CVE-2023-38408
python3-certifi: Fix CVE-2023-37920
python3-requests: Fix CVE-2023-32681
python3: Ignore CVE-2023-36632
qemu: fix CVE-2023-0330, CVE-2023-2861, CVE-2023-3255 and CVE-2023-3301
ruby: Fix CVE-2023-36617
vim: Fix CVE-2023-2609 and CVE-2023-2610
webkitgtk: Fix CVE-2023-27932 and CVE-2023-27954

Fixes in Yocto-4.2.3

acpica: Update SRC_URI
automake: fix buildtest patch
baremetal-helloworld: Fix race condition
bind: upgrade to v9.18.17
binutils: stable 2.40 branch updates
build-appliance-image: Update to mickledore head revision
cargo.bbclass: set up cargo environment in common do_compile
conf.py: add macro for Mitre CVE links
curl: ensure all ptest failures are caught
cve-update-nvd2-native: actually use API keys
cve-update-nvd2-native: fix cvssV3 metrics
cve-update-nvd2-native: handle all configuration nodes, not just first
cve-update-nvd2-native: increase retry count
cve-update-nvd2-native: log a little more
cve-update-nvd2-native: retry all errors and sleep between retries
cve-update-nvd2-native: use exact times, don’t truncate
dev-manual: wic.rst: Update native tools build command
devtool/upgrade: raise an error if extracting source produces more than one directory
diffutils: upgrade to 3.10
docs: ref-manual: terms: fix typos in SPDX term
file: fix the way path is written to environment-setup.d
file: return wrapper to fix builds when file is in buildtools-tarball
freetype: upgrade to 2.13.1
gcc-testsuite: Fix ppc cpu specification
gcc: don’t pass –enable-standard-branch-protection
glibc-locale: use stricter matching for metapackages’ runtime dependencies
glibc-testsuite: Fix network restrictions causing test failures
glibc/check-test-wrapper: don’t emit warnings from ssh
go: upgrade to 1.20.6
gstreamer1.0: upgrade to 1.22.4
ifupdown: install missing directories
kernel-module-split add systemd modulesloaddir and modprobedir config
kernel-module-split: install config modules directories only when they are needed
kernel-module-split: make autoload and probeconf distribution specific
kernel-module-split: use context manager to open files
kernel: Fix path comparison in kernel staging dir symlinking
kernel: config modules directories are handled by kernel-module-split
kernel: don’t fail if Modules.symvers doesn’t exist
libassuan: upgrade to 2.5.6
libksba: upgrade to 1.6.4
libnss-nis: upgrade to 3.2
libproxy: fetch from git
libwebp: upgrade to 1.3.1
libx11: upgrade to 1.8.6
libxcrypt: fix hard-coded “.so” extension
linux-firmware : Add firmware of RTL8822 serie
linux-firmware: Fix mediatek mt7601u firmware path
linux-firmware: package firmare for Dragonboard 410c
linux-firmware: split platform-specific Adreno shaders to separate packages
linux-firmware: upgrade to 20230625
linux-yocto/5.15: update to v5.15.124
linux-yocto/6.1: cfg: update ima.cfg to match current meta-integrity
linux-yocto/6.1: upgrade to v6.1.38
ltp: Add kernel loopback module dependency
ltp: add RDEPENDS on findutils
lttng-ust: upgrade to 2.13.6
machine/arch-arm64: add -mbranch-protection=standard
maintainers.inc: Modify email address
mdadm: add util-linux-blockdev ptest dependency
mdadm: fix 07revert-inplace ptest
mdadm: fix segfaults when running ptests
mdadm: fix util-linux ptest dependency
mdadm: re-add mdadm-ptest to PTESTS_SLOW
mdadm: skip running known broken ptests
meson.bbclass: Point to llvm-config from native sysroot
migration-guides: add release notes for 4.0.10
migration-guides: add release notes for 4.0.11
migration-guides: add release notes for 4.2.2
oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
oeqa/runtime/ltp: Increase ltp test output timeout
oeqa/selftest/devtool: add unit test for “devtool add -b”
oeqa/ssh: Further improve process exit handling
oeqa/target/ssh: Ensure EAGAIN doesn’t truncate output
oeqa/utils/nfs: allow requesting non-udp ports
openssh: upgrade to 9.3p2
openssl: add PERLEXTERNAL path to test its existence
openssl: use a glob on the PERLEXTERNAL to track updates on the path
opkg-utils: upgrade to 0.6.2
opkg: upgrade to 0.6.2
pkgconf: update SRC_URI
poky.conf: bump version for 4.2.3 release
poky.conf: update SANITY_TESTED_DISTROS to match autobuilder
ptest-runner: Pull in parallel test fixes and output handling
python3-certifi: upgrade to 2023.7.22
python3: fix missing comma in get_module_deps3.py
recipetool: Fix inherit in created -native* recipes
ref-manual: LTS releases now supported for 4 years
ref-manual: document image-specific variant of INCOMPATIBLE_LICENSE
ref-manual: releases.svg: updates
resulttool/resultutils: allow index generation despite corrupt json
rootfs-postcommands.bbclass: Revert “add post func remove_unused_dnf_log_lock”
rootfs: Add debugfs package db file copy and cleanup
rootfs_rpm: don’t depend on opkg-native for update-alternatives
rpm: Pick debugfs package db files/dirs explicitly
rust-common.bbclass: move musl-specific linking fix from rust-source.inc
scripts/oe-setup-builddir: copy conf-notes.txt to build dir
scripts/resulttool: add mention about new detected tests
selftest/cases/glibc.py: fix the override syntax
selftest/cases/glibc.py: increase the memory for testing
selftest/cases/glibc.py: switch to using NFS over TCP
shadow-sysroot: add license information
systemd-systemctl: fix errors in instance name expansion
taglib: upgrade to 1.13.1
target/ssh: Ensure exit code set for commands
tcf-agent: upgrade to 1.8.0
testimage/oeqa: Drop testimage_dump_host functionality
tiff: upgrade to 4.5.1
uboot-extlinux-config.bbclass: fix old override syntax in comment
util-linux: add alternative links for ipcs,ipcrm
vim: upgrade to 9.0.1592
webkitgtk: upgrade to 2.38.6
weston: Cleanup and fix x11 and xwayland dependencies