Release notes for Yocto-4.0.2 (Kirkstone)
Security Fixes in Yocto-4.0.2
libxslt: Mark CVE-2022-29824 as not applying
tiff: Add jbig PACKAGECONFIG and clarify IGNORE CVE-2022-1210
tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid
pcre2:fix CVE-2022-1586 Out-of-bounds read
curl: fix CVE-2022-22576, CVE-2022-27775, CVE-2022-27776, CVE-2022-27774, CVE-2022-30115, CVE-2022-27780, CVE-2022-27781, CVE-2022-27779 and CVE-2022-27782
qemu: fix CVE-2021-4206 and CVE-2021-4207
freetype: fix CVE-2022-27404, CVE-2022-27405 and CVE-2022-27406
Fixes in Yocto-4.0.2
alsa-plugins: fix libavtp vs. avtp packageconfig
archiver: don’t use machine variables in shared recipes
archiver: use bb.note instead of echo
baremetal-image: fix broken symlink in do_rootfs
base-passwd: Disable shell for default users
bash: submit patch upstream
bind: upgrade 9.18.1 -> 9.18.2
binutils: Bump to latest 2.38 release branch
bitbake: build: Add clean_stamp API function to allow removal of task stamps
bitbake: data: Do not depend on vardepvalueexclude flag
bitbake: fetch2/osc: Small fixes for osc fetcher
bitbake: server/process: Fix logging issues where only the first message was displayed
build-appliance-image: Update to kirkstone head revision
buildhistory.bbclass: fix shell syntax when using dash
cairo: Add missing GPLv3 license checksum entry
classes: rootfs-postcommands: add skip option to overlayfs_qa_check
cronie: upgrade 1.6.0 -> 1.6.1
cups: upgrade 2.4.1 -> 2.4.2
cve-check.bbclass: Added do_populate_sdk[recrdeptask].
cve-check: Add helper for symlink handling
cve-check: Allow warnings to be disabled
cve-check: Fix report generation
cve-check: Only include installed packages for rootfs manifest
cve-check: add support for Ignored CVEs
cve-check: fix return type in check_cves
cve-check: move update_symlinks to a library
cve-check: write empty fragment files in the text mode
cve-extra-exclusions: Add kernel CVEs
cve-update-db-native: make it possible to disable database updates
devtool: Fix _copy_file() TypeError
e2fsprogs: add alternatives handling of lsattr as well
e2fsprogs: update upstream status
efivar: add musl libc compatibility
epiphany: upgrade 42.0 -> 42.2
ffmpeg: upgrade 5.0 -> 5.0.1
fribidi: upgrade 1.0.11 -> 1.0.12
gcc-cross-canadian: Add nativesdk-zstd dependency
gcc-source: Fix incorrect task dependencies from ${B}
gcc: Upgrade to 11.3 release
gcc: depend on zstd-native
git: fix override syntax in RDEPENDS
glib-2.0: upgrade 2.72.1 -> 2.72.2
glibc: Drop make-native dependency
go: upgrade 1.17.8 -> 1.17.10
gst-devtools: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2
gstreamer1.0: upgrade 1.20.1 -> 1.20.2
gtk+3: upgrade 3.24.33 -> 3.24.34
gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2
image.bbclass: allow overriding dependency on virtual/kernel:do_deploy
insane.bbclass: make sure to close .patch files
iso-codes: upgrade 4.9.0 -> 4.10.0
kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task
libcgroup: upgrade 2.0.1 -> 2.0.2
liberror-perl: Update sstate/equiv versions to clean cache
libinput: upgrade 1.19.3 -> 1.19.4
libpcre2: upgrade 10.39 -> 10.40
librepo: upgrade 1.14.2 -> 1.14.3
libseccomp: Add missing files for ptests
libseccomp: Correct LIC_FILES_CHKSUM
libxkbcommon: upgrade 1.4.0 -> 1.4.1
libxml2: Upgrade 2.9.13 -> 2.9.14
license.bbclass: Bound beginline and endline in copy_license_files()
license_image.bbclass: Make QA errors fail the build
linux-firmware: add support for building snapshots
linux-firmware: package new Qualcomm firmware
linux-firmware: replace mkdir by install
linux-firmware: split ath3k firmware
linux-firmware: upgrade to 20220610
linux-yocto/5.10: update to v5.10.119
linux-yocto/5.15: Enable MDIO bus config
linux-yocto/5.15: bpf: explicitly disable unpriv eBPF by default
linux-yocto/5.15: cfg/xen: Move x86 configs to separate file
linux-yocto/5.15: update to v5.15.44
local.conf.sample: Update sstate url to new ‘all’ path
logrotate: upgrade 3.19.0 -> 3.20.1
lttng-modules: Fix build failure for 5.10.119+ and 5.15.44+ kernel
lttng-modules: fix build against 5.18-rc7+
lttng-modules: fix shell syntax
lttng-ust: upgrade 2.13.2 -> 2.13.3
lzo: Add further info to a patch and mark as Inactive-Upstream
makedevs: Don’t use COPYING.patch just to add license file into ${S}
manuals: switch to the sstate mirror shared between all versions
mesa.inc: package 00-radv-defaults.conf
mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again
mesa: upgrade to 22.0.3
meson.bbclass: add cython binary to cross/native toolchain config
mmc-utils: upgrade to latest revision
mobile-broadband-provider-info: upgrade 20220315 -> 20220511
ncurses: update to patchlevel 20220423
oeqa/selftest/cve_check: add tests for Ignored and partial reports
oeqa/selftest/cve_check: add tests for recipe and image reports
oescripts: change compare logic in OEListPackageconfigTests
openssl: Backport fix for ptest cert expiry
overlayfs: add docs about skipping QA check & service dependencies
ovmf: Fix native build with gcc-12
patch.py: make sure that patches/series file exists before quilt pop
pciutils: avoid lspci conflict with busybox
perl: Add dependency on make-native to avoid race issues
perl: Fix build with gcc-12
poky.conf: bump version for 4.0.2
popt: fix override syntax in RDEPENDS
pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
python3: Ensure stale empty python module directories don’t break the build
python3: Remove problematic paths from sysroot files
python3: fix reproducibility issue with python3-core
python3: use built-in distutils for ptest, rather than setuptools’ ‘fork’
python: Avoid shebang overflow on python-config.py
rootfs-postcommands.bbclass: correct comments
rootfs.py: close kernel_abi_ver_file
rootfs.py: find .ko.zst kernel modules
rust-common: Drop LLVM_TARGET and simplify
rust-common: Ensure sstate signatures have correct dependencues for do_rust_gen_targets
rust-common: Fix for target definitions returning ‘NoneType’ for arm
rust-common: Fix native signature dependency issues
rust-common: Fix sstate signatures between arm hf and non-hf
sanity: Don’t warn about make 4.2.1 for mint
sanity: Switch to make 4.0 as a minimum version
sed: Specify shell for “nobody” user in run-ptest
selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES
selftest/multiconfig: Test that multiconfigs in separate layers works
sqlite3: upgrade to 3.38.5
staging.bbclass: process direct dependencies in deterministic order
staging: Fix rare sysroot corruption issue
strace: Don’t run ptest as “nobody”
systemd: Correct 0001-pass-correct-parameters-to-getdents64.patch
systemd: Correct path returned in sd_path_lookup()
systemd: Document future actions needed for set of musl patches
systemd: Drop 0001-test-parse-argument-Include-signal.h.patch
systemd: Drop 0002-don-t-use-glibc-specific-qsort_r.patch
systemd: Drop 0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
systemd: Drop redundant musl patches
systemd: Fix build regression with latest update
systemd: Remove __compare_fn_t type in musl-specific patch
systemd: Update patch status
systemd: systemd-systemctl: Support instance conf files during enable
systemd: update
0008-add-missing-FTW_-macros-for-musl.patch
systemd: upgrade 250.4 -> 250.5
uboot-sign: Fix potential index error issues
valgrind: submit arm patches upstream
vim: Upgrade to 8.2.5083
webkitgtk: upgrade to 2.36.3
wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions
xwayland: upgrade 22.1.0 -> 22.1.1
xxhash: fix build with gcc 12
zip/unzip: mark all submittable patches as Inactive-Upstream
Known Issues in Yocto-4.0.2
There were build failures at the autobuilder due to a known scp issue on Fedora-36 hosts.
Contributors to Yocto-4.0.2
Alex Kiernan
Alexander Kanavin
Aryaman Gupta
Bruce Ashfield
Claudius Heine
Davide Gardenal
Dmitry Baryshkov
Ernst Sjöstrand
Felix Moessbauer
Gunjan Gupta
He Zhe
Hitendra Prajapati
Jack Mitchell
Jeremy Puhlman
Jiaqing Zhao
Joerg Vehlow
Jose Quaresma
Kai Kang
Khem Raj
Konrad Weihmann
Marcel Ziswiler
Markus Volk
Marta Rybczynska
Martin Jansa
Michael Opdenacker
Mingli Yu
Naveen Saini
Nick Potenski
Paulo Neves
Pavel Zhukov
Peter Kjellerstedt
Rasmus Villemoes
Richard Purdie
Robert Joslyn
Ross Burton
Samuli Piippo
Sean Anderson
Stefan Wiehler
Steve Sakoman
Sundeep Kokkonda
Tomasz Dziendzielski
Xiaobing Luo
Yi Zhao
leimaohui
Wang Mingyu
Repositories / Downloads for Yocto-4.0.2
poky
Repository Location: https://git.yoctoproject.org/poky
Branch: kirkstone
Tag: yocto-4.0.2
Git Revision: a5ea426b1da472fc8549459fff3c1b8c6e02f4b5
Release Artefact: poky-a5ea426b1da472fc8549459fff3c1b8c6e02f4b5
sha: 474ddfacfed6661be054c161597a1a5273188dfe021b31d6156955d93c6b7359
Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/poky-a5ea426b1da472fc8549459fff3c1b8c6e02f4b5.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/poky-a5ea426b1da472fc8549459fff3c1b8c6e02f4b5.tar.bz2
openembedded-core
Repository Location: https://git.openembedded.org/openembedded-core
Branch: kirkstone
Tag: yocto-4.0.2
Git Revision: eea52e0c3d24c79464f4afdbc3c397e1cb982231
Release Artefact: oecore-eea52e0c3d24c79464f4afdbc3c397e1cb982231
sha: 252d5c2c2db7e14e7365fcc69d32075720b37d629894bae36305eba047a39907
Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/oecore-eea52e0c3d24c79464f4afdbc3c397e1cb982231.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/oecore-eea52e0c3d24c79464f4afdbc3c397e1cb982231.tar.bz2
meta-mingw
Repository Location: https://git.yoctoproject.org/meta-mingw
Branch: kirkstone
Tag: yocto-4.0.2
Git Revision: a90614a6498c3345704e9611f2842eb933dc51c1
Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1
sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302
Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
meta-gplv2
Repository Location: https://git.yoctoproject.org/meta-gplv2
Branch: kirkstone
Tag: yocto-4.0.2
Git Revision: d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
bitbake
Repository Location: https://git.openembedded.org/bitbake
Branch: 2.0
Tag: yocto-4.0.2
Git Revision: b8fd6f5d9959d27176ea016c249cf6d35ac8ba03
Release Artefact: bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03
sha: 373818b1dee2c502264edf654d6d8f857b558865437f080e02d5ba6bb9e72cc3
Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2
yocto-docs
Repository Location: https://git.yoctoproject.org/yocto-docs
Branch: kirkstone
Tag: yocto-4.0.2
Git Revision: 662294dccd028828d5c7e9fd8f5c8e14df53df4b