Release notes for Yocto-4.0.17 (Kirkstone)

Security Fixes in Yocto-4.0.17

• bind: Fix CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-50868 and CVE-2023-50387

• binutils: Fix CVE-2023-39129 and CVE-2023-39130

• curl: Fix CVE-2023-46219

• curl: Ignore CVE-2023-42915

• gcc: Ignore CVE-2023-4039

• gdb: Fix CVE-2023-39129 and CVE-2023-39130

• glibc: Ignore CVE-2023-0687

• go: Fix CVE-2023-29406, CVE-2023-45285, CVE-2023-45287, CVE-2023-45289, CVE-2023-45290, CVE-2024-24784 and CVE-2024-24785

• less: Fix CVE-2022-48624

• libgit2: Fix CVE-2024-24575 and CVE-2024-24577

• libuv: fix CVE-2024-24806

• libxml2: Fix for CVE-2024-25062

• linux-yocto/5.15: Fix CVE-2022-36402, CVE-2022-40982, CVE-2022-47940, CVE-2023-1193, CVE-2023-1194, CVE-2023-3772, CVE-2023-3867, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4244, CVE-2023-4273, CVE-2023-4563, CVE-2023-4569, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5158, CVE-2023-5717, CVE-2023-6040, CVE-2023-6121, CVE-2023-6176, CVE-2023-6546, CVE-2023-6606, CVE-2023-6622, CVE-2023-6817, CVE-2023-6915, CVE-2023-6931, CVE-2023-6932, CVE-2023-20569, CVE-2023-20588, CVE-2023-25775, CVE-2023-31085, CVE-2023-32247, CVE-2023-32250, CVE-2023-32252, CVE-2023-32254, CVE-2023-32257, CVE-2023-32258, CVE-2023-34324, CVE-2023-35827, CVE-2023-38427, CVE-2023-38430, CVE-2023-38431, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-40283, CVE-2023-42752, CVE-2023-42753, CVE-2023-42754, CVE-2023-42755, CVE-2023-45871, CVE-2023-46343, CVE-2023-46813, CVE-2023-46838, CVE-2023-46862, CVE-2023-51042, CVE-2023-51779, CVE-2023-52340, CVE-2023-52429, CVE-2023-52435, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52441, CVE-2023-52442, CVE-2023-52443, CVE-2023-52444, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52454, CVE-2023-52456, CVE-2023-52457, CVE-2023-52458, CVE-2023-52463, CVE-2023-52464, CVE-2024-0340, CVE-2024-0584, CVE-2024-0607, CVE-2024-0641, CVE-2024-0646, CVE-2024-1085, CVE-2024-1086, CVE-2024-1151, CVE-2024-22705, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-24860, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26592, CVE-2024-26593, CVE-2024-26594, CVE-2024-26597 and CVE-2024-26598

• linux-yocto/5.15: Ignore CVE-2020-27418, CVE-2020-36766, CVE-2021-33630, CVE-2021-33631, CVE-2022-48619, CVE-2023-2430, CVE-2023-4610, CVE-2023-4732, CVE-2023-5090, CVE-2023-5178, CVE-2023-5197, CVE-2023-5345, CVE-2023-5633, CVE-2023-5972, CVE-2023-6111, CVE-2023-6200, CVE-2023-6531, CVE-2023-6679, CVE-2023-7192, CVE-2023-40791, CVE-2023-42756, CVE-2023-44466, CVE-2023-45862, CVE-2023-45863, CVE-2023-45898, CVE-2023-51043, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-52433, CVE-2023-52440, CVE-2023-52446, CVE-2023-52450, CVE-2023-52453, CVE-2023-52455, CVE-2023-52459, CVE-2023-52460, CVE-2023-52461, CVE-2023-52462, CVE-2024-0193, CVE-2024-0443, CVE-2024-0562, CVE-2024-0582, CVE-2024-0639, CVE-2024-0775, CVE-2024-26581, CVE-2024-26582, CVE-2024-26590, CVE-2024-26596 and CVE-2024-26599

• linux-yocto/5.10: Fix CVE-2023-6040, CVE-2023-6121, CVE-2023-6606, CVE-2023-6817, CVE-2023-6915, CVE-2023-6931, CVE-2023-6932, CVE-2023-39198, CVE-2023-46838, CVE-2023-51779, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-52340, CVE-2024-0584 and CVE-2024-0646

• linux-yocto/5.10: Ignore CVE-2021-33630, CVE-2021-33631, CVE-2022-1508, CVE-2022-36402, CVE-2022-48619, CVE-2023-2430, CVE-2023-4610, CVE-2023-5972, CVE-2023-6039, CVE-2023-6200, CVE-2023-6531, CVE-2023-6546, CVE-2023-6622, CVE-2023-6679, CVE-2023-7192, CVE-2023-46343, CVE-2023-51042, CVE-2023-51043, CVE-2024-0193, CVE-2024-0443, CVE-2024-0562, CVE-2024-0582, CVE-2024-0639, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085 and CVE-2024-22705

• openssl: Fix CVE-2024-0727

• python3-pycryptodome: Fix CVE-2023-52323

• qemu: Fix CVE-2023-6693, CVE-2023-42467 and CVE-2024-24474

• vim: Fix CVE-2024-22667

• xwayland: Fix CVE-2023-6377 and CVE-2023-6478

Fixes in Yocto-4.0.17

• bind: Upgrade to 9.18.24

• bitbake: bitbake/codeparser.py: address ast module deprecations in py 3.12

• bitbake: bitbake/lib/bs4/tests/test_tree.py: python 3.12 regex

• bitbake: codeparser: replace deprecated ast.Str and ‘s’

• bitbake: fetch2: Ensure that git LFS objects are available

• bitbake: tests/fetch: Add real git lfs tests and decorator

• bitbake: tests/fetch: git-lfs restore _find_git_lfs

• bitbake: toaster/toastergui: Bug-fix verify given layer path only if import/add local layer

• build-appliance-image: Update to kirkstone head revision

• cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES

• contributor-guide: fix lore URL

• curl: don’t enable debug builds

• cve_check: cleanup logging

• dbus: Add missing CVE_PRODUCT

• dev-manual: sbom: Rephrase spdx creation

• dev-manual: runtime-testing: gen-tapdevs need iptables installed

• dev-manual: packages: clarify shared PR service constraint

• dev-manual: packages: need enough free space

• dev-manual: start: remove idle line

• feature-microblaze-versions.inc: python 3.12 regex

• ghostscript: correct LICENSE with AGPLv3

• image-live.bbclass: LIVE_ROOTFS_TYPE support compression

• kernel.bbclass: Set pkg-config variables for building modules

• kernel.bbclass: introduce KERNEL_LOCALVERSION

• kernel: fix localversion in v6.3+

• kernel: make LOCALVERSION consistent between recipes

• ldconfig-native: Fix to point correctly on the DT_NEEDED entries in an ELF file

• librsvg: Fix do_package_qa error for librsvg

• linux-firmware: upgrade to 20231211

• linux-yocto/5.10: update to v5.10.210

• linux-yocto/5.15: update to v5.15.150

• manuals: add minimum RAM requirements

• manuals: suppress excess use of “following” word

• manuals: update disk space requirements

• manuals: update references to buildtools

• manuals: updates for building on Windows (WSL 2)

• meta/lib/oeqa: python 3.12 regex

• meta/recipes: python 3.12 regex

• migration-guide: add release notes for 4.0.16

• oeqa/selftest/oelib/buildhistory: git default branch

• oeqa/selftest/recipetool: downgrade meson version to not use pyproject.toml

• oeqa/selftest/recipetool: expect meson.bb

• oeqa/selftest/recipetool: fix for python 3.12

• oeqa/selftest/runtime_test: only run the virgl tests on qemux86-64

• oeqa: replace deprecated assertEquals

• openssl: Upgrade to 3.0.13

• poky.conf: bump version for 4.0.17

• populate_sdk_ext: use ConfigParser instead of SafeConfigParser

• python3-jinja2: upgrade to 3.1.3

• recipetool/create_buildsys_python: use importlib instead of imp

• ref-manual: system-requirements: recommend buildtools for not supported distros

• ref-manual: system-requirements: add info on buildtools-make-tarball

• ref-manual: release-process: grammar fix

• ref-manual: system-requirements: fix AlmaLinux variable name

• ref-manual: system-requirements: modify anchor

• ref-manual: system-requirements: remove outdated note

• ref-manual: system-requirements: simplify supported distro requirements

• ref-manual: system-requirements: update packages to build docs

• scripts/runqemu: add qmp socket support

• scripts/runqemu: direct mesa to use its own drivers, rather than ones provided by host distro

• scripts/runqemu: fix regex escape sequences

• scripts: python 3.12 regex

• selftest: skip virgl gtk/sdl test on ubuntu 18.04

• systemd: Only add myhostname to nsswitch.conf if in PACKAGECONFIG

• tzdata : Upgrade to 2024a

• u-boot: Move UBOOT_INITIAL_ENV back to u-boot.inc

• useradd-example: do not use unsupported clear text password

• vim: upgrade to v9.0.2190

• yocto-bsp: update to v5.15.150

Known Issues in Yocto-4.0.17

• N/A

Contributors to Yocto-4.0.17

• Adrian Freihofer

• Alassane Yattara

• Alexander Kanavin

• Alexander Sverdlin

• Archana Polampalli

• Baruch Siach

• Bruce Ashfield

• Chen Qi

• Chris Laplante

• Deepthi Hemraj

• Dhairya Nagodra

• Fabien Mahot

• Fabio Estevam

• Hitendra Prajapati

• Hugo SIMELIERE

• Jermain Horsman

• Kai Kang

• Lee Chee Yang

• Ludovic Jozeau

• Michael Opdenacker

• Ming Liu

• Munehisa Kamata

• Narpat Mali

• Nikhil R

• Paul Eggleton

• Paulo Neves

• Peter Marko

• Philip Lorenz

• Poonam Jadhav

• Priyal Doshi

• Ross Burton

• Simone Weiß

• Soumya Sambu

• Steve Sakoman

• Tim Orling

• Trevor Gamblin

• Vijay Anusuri

• Vivek Kumbhar

• Wang Mingyu

• Zahir Hussain

Repositories / Downloads for Yocto-4.0.17

poky

• Repository Location: https://git.yoctoproject.org/poky

• Branch: kirkstone

• Tag: yocto-4.0.17

• Git Revision: 6d1a878bbf24c66f7186b270f823fcdf82e35383

• Release Artefact: poky-6d1a878bbf24c66f7186b270f823fcdf82e35383

• sha: 3bc3010340b674f7b0dd0a7997f0167b2240b794fbd4aa28c0c4217bddd15e30

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/poky-6d1a878bbf24c66f7186b270f823fcdf82e35383.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/poky-6d1a878bbf24c66f7186b270f823fcdf82e35383.tar.bz2

openembedded-core

• Repository Location: https://git.openembedded.org/openembedded-core

• Branch: kirkstone

• Tag: yocto-4.0.17

• Git Revision: 2501534c9581c6c3439f525d630be11554a57d24

• Release Artefact: oecore-2501534c9581c6c3439f525d630be11554a57d24

• sha: 52cc6cce9e920bdce078584b89136e81cc01e0c55616fab5fca6c3e04264c88e

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/oecore-2501534c9581c6c3439f525d630be11554a57d24.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/oecore-2501534c9581c6c3439f525d630be11554a57d24.tar.bz2

meta-mingw

• Repository Location: https://git.yoctoproject.org/meta-mingw

• Branch: kirkstone

• Tag: yocto-4.0.17

• Git Revision: f6b38ce3c90e1600d41c2ebb41e152936a0357d7

• Release Artefact: meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7

• sha: 7d57167c19077f4ab95623d55a24c2267a3a3fb5ed83688659b4c03586373b25

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2

meta-gplv2

• Repository Location: https://git.yoctoproject.org/meta-gplv2

• Branch: kirkstone

• Tag: yocto-4.0.17

• Git Revision: d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a

• Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a

• sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2

meta-clang

• Repository Location: https://git.yoctoproject.org/meta-clang

• Branch: kirkstone

• Tag: yocto-4.0.17

• Git Revision: eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52

• Release Artefact: meta-clang-eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52

• sha: 3299e96e069a22c0971e903fbc191f2427efffc83d910ac51bf0237caad01d17

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/meta-clang-eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/meta-clang-eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52.tar.bz2

bitbake

• Repository Location: https://git.openembedded.org/bitbake

• Branch: 2.0

• Tag: yocto-4.0.17

• Git Revision: 40fd5f4eef7460ca67f32cfce8e229e67e1ff607

• Release Artefact: bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607

• sha: 5d20a0e4c5d0fce44bd84778168714a261a30a4b83f67c88df3b8a7e7115e444

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607.tar.bz2

yocto-docs

• Repository Location: https://git.yoctoproject.org/yocto-docs

• Branch: kirkstone

• Tag: yocto-4.0.17

• Git Revision: 08ce7db2aa3a38deb8f5aa59bafc78542986babb