Release notes for Yocto-5.0.2 (Scarthgap)
Security Fixes in Yocto-5.0.2
cups: Fix CVE-2024-35235
gcc: Fix CVE-2024-0151
gdk-pixbuf: Fix CVE-2022-48622
ghostscript: fix CVE-2024-29510, CVE-2024-33869, CVE-2024-33870 and CVE-2024-33871
git: Fix CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021 and CVE-2024-32465
glib-2.0: Fix CVE-2024-34397
glibc: Fix CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601 and CVE-2024-33602
ncurses: Fix CVE-2023-45918 and CVE-2023-50495
openssl: Fix CVE-2024-4603 and CVE-2024-4741
util-linux: Fix CVE-2024-28085
xserver-xorg: Fix CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083
Fixes in Yocto-5.0.2
appstream: Upgrade to 1.0.3
apr: submit 0001-Add-option-to-disable-timed-dependant-tests.patch upstream
base-files: profile: fix error sh: 1: unknown operand
bash: Fix file-substitution error-handling bug
bash: mark build-tests.patch as Inappropriate
binutils: Fix aarch64 disassembly abort
bitbake: bb: Use namedtuple for Task data
bitbake: cooker: Handle ImportError for websockets
bitbake: fetch2/gcp: Add missing runfetchcmd import
bitbake: fetch2/wget: Canonicalize DL_DIR paths for wget2 compatibility
bitbake: fetch2/wget: Fix failure path for files that are empty or don’t exist
bitbake: hashserv: client: Add batch stream API
bitbake: parse: Improve/fix cache invalidation via mtime
bitbake: runqueue: Add timing warnings around slow loops
bitbake: runqueue: Allow rehash loop to exit in case of interrupts
bitbake: runqueue: Improve rehash get_unihash parallelism
bitbake: runqueue: Process unihashes in parallel at init
bitbake: siggen/runqueue: Report which dependencies affect the taskhash
bitbake: siggen: Enable batching of unihash queries
bitbake: tests/fetch: Tweak test to match upstream repo url change
bitbake: tests/fetch: Tweak to work on Fedora40
build-appliance-image: Update to scarthgap head revision
busybox: update CVE-2022-28391 patches upstream status
cdrtools-native: Fix build with GCC 14
classes: image_types: apply EXTRA_IMAGECMD:squashfs* in oe_mksquashfs()
classes: image_types: quote variable assignment needed by dash
consolekit: Disable incompatible-pointer-types warning as error
cracklib: Modify patch to compile with GCC 14
cronie: Upgrade to 1.7.2
cups: Upgrade to 2.4.9
db: ignore implicit-int and implicit-function-declaration issues fatal with gcc-14
devtool: modify: Catch git submodule error for go code
devtool: standard: update-recipe/finish: fix update localfile in another layer
devtool: sync: Fix Execution error
expect: ignore various issues now fatal with gcc-14
expect: mark patches as Inactive-Upstream
gawk: fix readline detection
gcc : Upgrade to v13.3
gcc-runtime: libgomp fix for gcc 14 warnings with mandb selftest
gdk-pixbuf: Upgrade to 2.42.12
git: set –with-gitconfig=/etc/gitconfig for -native builds
git: Upgrade to 2.44.1
glib-2.0: Upgrade to 2.78.6
glibc: Update to latest on stable 2.39 branch (273a835fe7…)
glibc: correct LICENSE to “GPL-2.0-only & LGPL-2.1-or-later”
go: Drop the linkmode completely
goarch: Revert “disable dynamic linking globally”
gstreamer1.0-plugins-good: Include qttools-native during the build with qt5 PACKAGECONFIG
gtk4: Disable int-conversion warning as error
icu: add upstream submission links for fix-install-manx.patch
ipk: Fix clean up of extracted IPK payload
iproute2: Fix build with GCC-14
iproute2: drop obsolete patch
iputils: splitting the ping6 as a package
kea: Remove -fvisibility-inlines-hidden from C++ flags
kea: remove unnecessary reproducibility patch
kernel.bbclass: check, if directory exists before removing empty module directory
kexec-tools: Fix build with GCC-14 on musl
lib/oe/package-manager: allow including self in create_packages_dir
lib/package_manager/ipk: Do not hardcode payload compression algorithm
libarchive: Upgrade to 3.7.4
libcgroup: fix build on non-systemd systems
libgloss: Do not apply non-existent patch
libinput: fix building with debug-gui option
libtraceevent: submit meson.patch upstream
libunwind: ignore various issues now fatal with gcc-14
libusb1: Set CVE_PRODUCT
llvm: Switch to using release tarballs
llvm: Upgrade to 18.1.5
lrzsz connman-gnome libfm: ignore various issues fatal with gcc-14
ltp: Fix build with GCC-14
ltp: add iputils-ping6 to RDEPENDS
lttng-ust: Upgrade to 2.13.8
mesa: Upgrade to 24.0.5
oeqa/postactions: Do not use -l option with df
oeqa/sdk/assimp: Upgrade and fix for gcc 14
oeqa/sdkext/devtool: replace use of librdfa
oeqa/selftest/debuginfod: use localpkgfeed to speed server startup
oeqa/selftest/devtool: Revert fix test_devtool_add_git_style2”
oeqa/selftest/devtool: add test for modifying recipes using go.bbclass
oeqa/selftest/devtool: add test for updating local files into another layer
oeqa/selftest/devtool: fix _test_devtool_add_git_url
oeqa: selftest: context: run tests serially if testtools/subunit modules are not found
openssl: Upgrade to 3.2.2
p11-kit: ignore various issues fatal with gcc-14 (for 32bit MACHINEs)
patchtest: test_metadata: fix invalid escape sequences
poky.conf: bump version for 5.0.2
ppp: Add RSA-MD in LICENSE
procps: fix build with new glibc but old kernel headers
ptest-runner: Bump to 2.4.4 (95f528c)
recipetool: Handle several go-import tags in go resolver
recipetool: Handle unclean response in go resolver
run-postinsts.service: Removed –no-reload to fix reload warning when users execute systemctl in the first boot.
selftest/classes: add localpkgfeed class
serf: mark patch as inappropriate for upstream submission
taglib: Upgrade to 2.0.1
ttyrun: define CVE_PRODUCT
uboot-sign: fix loop in do_uboot_assemble_fitimage
update-rc.d: add +git to PV
webkitgtk: Upgrade to 2.44.1
xinput-calibrator: mark upstream as inactive in a patch
xserver-xorg: Upgrade to 21.1.12
yocto-uninative: Update to 4.5 for gcc 14
zip: Fix build with gcc-14
Known Issues in Yocto-5.0.2
N/A
Contributors to Yocto-5.0.2
Adriaan Schmidt
Alexander Kanavin
Alexandre Truong
Anton Almqvist
Archana Polampalli
Changqing Li
Deepthi Hemraj
Felix Nilsson
Heiko Thole
Jose Quaresma
Joshua Watt
Julien Stephan
Kai Kang
Khem Raj
Lei Maohui
Marc Ferland
Marek Vasut
Mark Hatle
Martin Hundebøll
Martin Jansa
Maxin B. John
Michael Halstead
Mingli Yu
Ola x Nilsson
Peter Marko
Philip Lorenz
Poonam Jadhav
Ralph Siemsen
Rasmus Villemoes
Ricardo Simoes
Richard Purdie
Robert Joslyn
Ross Burton
Rudolf J Streif
Siddharth Doshi
Soumya Sambu
Steve Sakoman
Sven Schwermer
Trevor Gamblin
Vincent Kriek
Wang Mingyu
Xiangyu Chen
Yogita Urade
Zev Weiss
Zoltan Boszormenyi
Repositories / Downloads for Yocto-5.0.2
poky
Repository Location: https://git.yoctoproject.org/poky
Branch: scarthgap
Tag: yocto-5.0.2
Git Revision: f7def85be9f99dcb4ba488bead201f670304379b
Release Artefact: poky-f7def85be9f99dcb4ba488bead201f670304379b
sha: 0610a3175846d87f8a853020e8d517c94fe5e8b3fd4e40cd2d0ddbc22e75db4c
Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-5.0.2/poky-f7def85be9f99dcb4ba488bead201f670304379b.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-5.0.2/poky-f7def85be9f99dcb4ba488bead201f670304379b.tar.bz2
openembedded-core
Repository Location: https://git.openembedded.org/openembedded-core
Branch: scarthgap
Tag: yocto-5.0.2
Git Revision: 803cc32e72b4fc2fc28d92090e61f5dd288a10cb
Release Artefact: oecore-803cc32e72b4fc2fc28d92090e61f5dd288a10cb
sha: b63f1214438e540ec15f1ec7f49615f31584c93e9cff10833273eefc710a7862
Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-5.0.2/oecore-803cc32e72b4fc2fc28d92090e61f5dd288a10cb.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-5.0.2/oecore-803cc32e72b4fc2fc28d92090e61f5dd288a10cb.tar.bz2
meta-mingw
Repository Location: https://git.yoctoproject.org/meta-mingw
Branch: scarthgap
Tag: yocto-5.0.2
Git Revision: acbba477893ef87388effc4679b7f40ee49fc852
Release Artefact: meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852
sha: 3b7c2f475dad5130bace652b150367f587d44b391218b1364a8bbc430b48c54c
Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-5.0.2/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-5.0.2/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
bitbake
Repository Location: https://git.openembedded.org/bitbake
Branch: 2.8
Tag: yocto-5.0.2
Git Revision: 8714a02e13477a9d97858b3642e05f28247454b5
Release Artefact: bitbake-8714a02e13477a9d97858b3642e05f28247454b5
sha: f22b56447e321c308353196da1d6dd76af5e9957e7e654c75dfd707f58091fd1
Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-5.0.2/bitbake-8714a02e13477a9d97858b3642e05f28247454b5.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-5.0.2/bitbake-8714a02e13477a9d97858b3642e05f28247454b5.tar.bz2
yocto-docs
Repository Location: https://git.yoctoproject.org/yocto-docs
Branch: scarthgap
Tag: yocto-5.0.2
Git Revision: 875dfe69e93bf8fee3b8c07818a6ac059f228a13