Release notes for Yocto-4.0.10 (Kirkstone)

Security Fixes in Yocto-4.0.10

• binutils: Fix CVE-2023-1579, CVE-2023-1972, CVE-2023-25584, CVE-2023-25585 and CVE-2023-25588

• cargo : Ignore CVE-2022-46176

• connman: Fix CVE-2023-28488

• curl: Fix CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536 and CVE-2023-27538

• ffmpeg: Fix CVE-2022-48434

• freetype: Fix CVE-2023-2004

• ghostscript: Fix CVE-2023-29979

• git: Fix CVE-2023-25652 and CVE-2023-29007

• go: Fix CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2023-24534, CVE-2023-24537 and CVE-2023-24538

• go: Ignore CVE-2022-41716

• libxml2: Fix CVE-2023-28484 and CVE-2023-29469

• libxpm: Fix CVE-2022-44617, CVE-2022-46285 and CVE-2022-4883

• linux-yocto: Ignore CVE-2021-3759, CVE-2021-4135, CVE-2021-4155, CVE-2022-0168, CVE-2022-0171, CVE-2022-1016, CVE-2022-1184, CVE-2022-1198, CVE-2022-1199, CVE-2022-1462, CVE-2022-1734, CVE-2022-1852, CVE-2022-1882, CVE-2022-1998, CVE-2022-2078, CVE-2022-2196, CVE-2022-2318, CVE-2022-2380, CVE-2022-2503, CVE-2022-26365, CVE-2022-2663, CVE-2022-2873, CVE-2022-2905, CVE-2022-2959, CVE-2022-3028, CVE-2022-3078, CVE-2022-3104, CVE-2022-3105, CVE-2022-3106, CVE-2022-3107, CVE-2022-3111, CVE-2022-3112, CVE-2022-3113, CVE-2022-3115, CVE-2022-3202, CVE-2022-32250, CVE-2022-32296, CVE-2022-32981, CVE-2022-3303, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-33743, CVE-2022-33744, CVE-2022-33981, CVE-2022-3424, CVE-2022-3435, CVE-2022-34918, CVE-2022-3521, CVE-2022-3545, CVE-2022-3564, CVE-2022-3586, CVE-2022-3594, CVE-2022-36123, CVE-2022-3621, CVE-2022-3623, CVE-2022-3629, CVE-2022-3633, CVE-2022-3635, CVE-2022-3646, CVE-2022-3649, CVE-2022-36879, CVE-2022-36946, CVE-2022-3707, CVE-2022-39188, CVE-2022-39190, CVE-2022-39842, CVE-2022-40307, CVE-2022-40768, CVE-2022-4095, CVE-2022-41218, CVE-2022-4139, CVE-2022-41849, CVE-2022-41850, CVE-2022-41858, CVE-2022-42328, CVE-2022-42329, CVE-2022-42703, CVE-2022-42721, CVE-2022-42722, CVE-2022-42895, CVE-2022-4382, CVE-2022-4662, CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47929, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0590, CVE-2023-1073, CVE-2023-1074, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1252, CVE-2023-1281, CVE-2023-1382, CVE-2023-1513, CVE-2023-1829, CVE-2023-1838, CVE-2023-1998, CVE-2023-2006, CVE-2023-2008, CVE-2023-2162, CVE-2023-2166, CVE-2023-2177, CVE-2023-22999, CVE-2023-23002, CVE-2023-23004, CVE-2023-23454, CVE-2023-23455, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28327 and CVE-2023-28328

• nasm: Fix CVE-2022-44370

• python3-cryptography: Fix CVE-2023-23931

• qemu: Ignore CVE-2023-0664

• ruby: Fix CVE-2023-28755 and CVE-2023-28756

• screen: Fix CVE-2023-24626

• shadow: Fix CVE-2023-29383

• tiff: Fix CVE-2022-4645

• webkitgtk: Fix CVE-2022-32888 and CVE-2022-32923

• xserver-xorg: Fix CVE-2023-1393

Fixes in Yocto-4.0.10

• bitbake: bin/utils: Ensure locale en_US.UTF-8 is available on the system

• build-appliance-image: Update to kirkstone head revision

• cmake: add CMAKE_SYSROOT to generated toolchain file

• glibc: stable 2.35 branch updates.

• kernel-devsrc: depend on python3-core instead of python3

• kernel: improve initramfs bundle processing time

• libarchive: Enable acls, xattr for native as well as target

• libbsd: Add correct license for all packages

• libpam: Fix the xtests/tst-pam_motd[1|3] failures

• libxpm: upgrade to 3.5.15

• linux-firmware: upgrade to 20230404

• linux-yocto/5.15: upgrade to v5.15.108

• migration-guides: add release-notes for 4.0.9

• oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set

• openssl: Move microblaze to linux-latomic config

• package.bbclass: correct check for /build in copydebugsources()

• poky.conf: bump version for 4.0.10

• populate_sdk_base: add zip options

• populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override

• run-postinsts: Set dependency for ldconfig to avoid boot issues

• update-alternatives.bbclass: fix old override syntax

• wic/bootimg-efi: if fixed-size is set then use that for mkdosfs

• wpebackend-fdo: upgrade to 1.14.2

• xorg-lib-common: Add variable to set tarball type

• xserver-xorg: upgrade to 21.1.8

Known Issues in Yocto-4.0.10

• N/A

Contributors to Yocto-4.0.10

• Archana Polampalli

• Arturo Buzarra

• Bruce Ashfield

• Christoph Lauer

• Deepthi Hemraj

• Dmitry Baryshkov

• Frank de Brabander

• Hitendra Prajapati

• Joe Slater

• Kai Kang

• Kyle Russell

• Lee Chee Yang

• Mark Hatle

• Martin Jansa

• Mingli Yu

• Narpat Mali

• Pascal Bach

• Pawan Badganchi

• Peter Bergin

• Peter Marko

• Piotr Łobacz

• Randolph Sapp

• Ranjitsinh Rathod

• Ross Burton

• Shubham Kulkarni

• Siddharth Doshi

• Steve Sakoman

• Sundeep KOKKONDA

• Thomas Roos

• Virendra Thakur

• Vivek Kumbhar

• Wang Mingyu

• Xiangyu Chen

• Yash Shinde

• Yoann Congal

• Yogita Urade

• Zhixiong Chi

Repositories / Downloads for Yocto-4.0.10

poky

• Repository Location: https://git.yoctoproject.org/poky

• Branch: kirkstone

• Tag: yocto-4.0.10

• Git Revision: f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f

• Release Artefact: poky-f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f

• sha: 8820aeac857ce6bbd1c7ef26cadbb86eca02be93deded253b4a5f07ddd69255d

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/poky-f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/poky-f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f.tar.bz2

openembedded-core

• Repository Location: https://git.openembedded.org/openembedded-core

• Branch: kirkstone

• Tag: yocto-4.0.10

• Git Revision: d2713785f9cd2d58731df877bc8b7bcc71b6c8e6

• Release Artefact: oecore-d2713785f9cd2d58731df877bc8b7bcc71b6c8e6

• sha: 78e084a1aceaaa6ec022702f29f80eaffade3159e9c42b6b8985c1b7ddd2fbab

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/oecore-d2713785f9cd2d58731df877bc8b7bcc71b6c8e6.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/oecore-d2713785f9cd2d58731df877bc8b7bcc71b6c8e6.tar.bz2

meta-mingw

• Repository Location: https://git.yoctoproject.org/meta-mingw

• Branch: kirkstone

• Tag: yocto-4.0.10

• Git Revision: a90614a6498c3345704e9611f2842eb933dc51c1

• Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1

• sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2

meta-gplv2

• Repository Location: https://git.yoctoproject.org/meta-gplv2

• Branch: kirkstone

• Tag: yocto-4.0.10

• Git Revision: d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a

• Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a

• sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2

bitbake

• Repository Location: https://git.openembedded.org/bitbake

• Branch: 2.0

• Tag: yocto-4.0.10

• Git Revision: 0c6f86b60cfba67c20733516957c0a654eb2b44c

• Release Artefact: bitbake-0c6f86b60cfba67c20733516957c0a654eb2b44c

• sha: 4caa94ee4d644017b0cc51b702e330191677f7d179018cbcec8b1793949ebc74

• Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/bitbake-0c6f86b60cfba67c20733516957c0a654eb2b44c.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/bitbake-0c6f86b60cfba67c20733516957c0a654eb2b44c.tar.bz2

yocto-docs

• Repository Location: https://git.yoctoproject.org/yocto-docs

• Branch: kirkstone

• Tag: yocto-4.0.10

• Git Revision: 8388be749806bd0bf4fccf1005dae8f643aa4ef4