Release notes for Yocto-5.0.7 (Scarthgap)
Security Fixes in Yocto-5.0.7
avahi: Fix CVE-2024-52616
binutils: Fix CVE-2024-53589
ffmpeg: Fix CVE-2024-35366, CVE-2024-35367 and CVE-2024-35368
gstreamer1.0-plugins-base: Fix CVE-2024-47538, CVE-2024-47541, CVE-2024-47542, CVE-2024-47600, CVE-2024-47607, CVE-2024-47615 and CVE-2024-47835
gstreamer1.0-plugins-good: Fix CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47543, CVE-2024-47544, CVE-2024-47545, CVE-2024-47546, CVE-2024-47596, CVE-2024-47597, CVE-2024-47598, CVE-2024-47599, CVE-2024-47601, CVE-2024-47602, CVE-2024-47603, CVE-2024-47606, CVE-2024-47613, CVE-2024-47774, CVE-2024-47775, CVE-2024-47776, CVE-2024-47777, CVE-2024-47778 and CVE-2024-47834
gstreamer1.0: Ignore CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47543, CVE-2024-47544, CVE-2024-47545, CVE-2024-47538, CVE-2024-47541, CVE-2024-47542, CVE-2024-47600, CVE-2024-47607, CVE-2024-47615, CVE-2024-47835, CVE-2024-47546, CVE-2024-47596, CVE-2024-47597, CVE-2024-47598, CVE-2024-47599, CVE-2024-47601, CVE-2024-47602, CVE-2024-47603, CVE-2024-47613, CVE-2024-47774, CVE-2024-47775, CVE-2024-47776, CVE-2024-47777, CVE-2024-47778 and CVE-2024-47834
libarchive: Fix CVE-2024-20696
libxml2: Fix CVE-2024-40896
linux-yocto/6.6: Fix CVE-2024-27059, CVE-2024-43098, CVE-2024-45828, CVE-2024-47141, CVE-2024-47143, CVE-2024-47704, CVE-2024-47809, CVE-2024-48873, CVE-2024-48875, CVE-2024-48881, CVE-2024-49863, CVE-2024-49864, CVE-2024-49866, CVE-2024-49867, CVE-2024-49868, CVE-2024-49870, CVE-2024-49871, CVE-2024-49874, CVE-2024-49875, CVE-2024-49877, CVE-2024-49878, CVE-2024-49879, CVE-2024-49881, CVE-2024-49882, CVE-2024-49883, CVE-2024-49884, CVE-2024-49886, CVE-2024-49889, CVE-2024-49890, CVE-2024-49892, CVE-2024-49894, CVE-2024-49895, CVE-2024-49896, CVE-2024-49900, CVE-2024-49901, CVE-2024-49902, CVE-2024-49903, CVE-2024-49905, CVE-2024-49907, CVE-2024-49912, CVE-2024-49913, CVE-2024-49924, CVE-2024-49925, CVE-2024-49927, CVE-2024-49929, CVE-2024-49930, CVE-2024-49931, CVE-2024-49933, CVE-2024-49935, CVE-2024-49936, CVE-2024-49937, CVE-2024-49938, CVE-2024-49939, CVE-2024-49944, CVE-2024-49946, CVE-2024-49947, CVE-2024-49948, CVE-2024-49949, CVE-2024-49950, CVE-2024-49951, CVE-2024-49952, CVE-2024-49953, CVE-2024-49954, CVE-2024-49955, CVE-2024-49957, CVE-2024-49958, CVE-2024-49959, CVE-2024-49960, CVE-2024-49961, CVE-2024-49962, CVE-2024-49963, CVE-2024-49965, CVE-2024-49966, CVE-2024-49969, CVE-2024-49973, CVE-2024-49975, CVE-2024-49976, CVE-2024-49977, CVE-2024-49978, CVE-2024-49980, CVE-2024-49981, CVE-2024-49982, CVE-2024-49983, CVE-2024-49985, CVE-2024-49986, CVE-2024-49987, CVE-2024-49988, CVE-2024-49989, CVE-2024-49991, CVE-2024-49992, CVE-2024-49995, CVE-2024-49996, CVE-2024-49997, CVE-2024-50000, CVE-2024-50001, CVE-2024-50002, CVE-2024-50003, CVE-2024-50005, CVE-2024-50006, CVE-2024-50007, CVE-2024-50008, CVE-2024-50012, CVE-2024-50013, CVE-2024-50015, CVE-2024-50016, CVE-2024-50019, CVE-2024-50022, CVE-2024-50023, CVE-2024-50024, CVE-2024-50026, CVE-2024-50029, CVE-2024-50031, CVE-2024-50032, CVE-2024-50033, CVE-2024-50035, CVE-2024-50036, CVE-2024-50038, CVE-2024-50039, CVE-2024-50040, CVE-2024-50041, CVE-2024-50044, CVE-2024-50045, CVE-2024-50046, CVE-2024-50047, CVE-2024-50048, CVE-2024-50049, CVE-2024-50051, CVE-2024-50055, CVE-2024-50057, CVE-2024-50058, CVE-2024-50059, CVE-2024-50060, CVE-2024-50061, CVE-2024-50062, CVE-2024-50063, CVE-2024-50064, CVE-2024-50065, CVE-2024-50066, CVE-2024-50069, CVE-2024-50070, CVE-2024-50072, CVE-2024-50073, CVE-2024-50074, CVE-2024-50075, CVE-2024-50076, CVE-2024-50077, CVE-2024-50078, CVE-2024-50080, CVE-2024-50082, CVE-2024-50083, CVE-2024-50084, CVE-2024-50085, CVE-2024-50086, CVE-2024-50087, CVE-2024-50088, CVE-2024-50093, CVE-2024-50095, CVE-2024-50096, CVE-2024-50098, CVE-2024-50099, CVE-2024-50101, CVE-2024-50103, CVE-2024-50108, CVE-2024-50110, CVE-2024-50111, CVE-2024-50112, CVE-2024-50115, CVE-2024-50116, CVE-2024-50117, CVE-2024-50120, CVE-2024-50121, CVE-2024-50124, CVE-2024-50125, CVE-2024-50126, CVE-2024-50127, CVE-2024-50128, CVE-2024-50130, CVE-2024-50131, CVE-2024-50133, CVE-2024-50134, CVE-2024-50135, CVE-2024-50136, CVE-2024-50139, CVE-2024-50140, CVE-2024-50141, CVE-2024-50142, CVE-2024-50143, CVE-2024-50145, CVE-2024-50147, CVE-2024-50148, CVE-2024-50150, CVE-2024-50151, CVE-2024-50152, CVE-2024-50153, CVE-2024-50154, CVE-2024-50155, CVE-2024-50156, CVE-2024-50158, CVE-2024-50159, CVE-2024-50160, CVE-2024-50162, CVE-2024-50163, CVE-2024-50164, CVE-2024-50166, CVE-2024-50167, CVE-2024-50168, CVE-2024-50169, CVE-2024-50170, CVE-2024-50171, CVE-2024-50172, CVE-2024-50175, CVE-2024-50176, CVE-2024-50179, CVE-2024-50180, CVE-2024-50181, CVE-2024-50182, CVE-2024-50183, CVE-2024-50184, CVE-2024-50185, CVE-2024-50186, CVE-2024-50187, CVE-2024-50188, CVE-2024-50189, CVE-2024-50191, CVE-2024-50192, CVE-2024-50193, CVE-2024-50194, CVE-2024-50195, CVE-2024-50196, CVE-2024-50198, CVE-2024-50201, CVE-2024-50202, CVE-2024-50205, CVE-2024-50208, CVE-2024-50209, CVE-2024-50211, CVE-2024-50215, CVE-2024-50222, CVE-2024-50223, CVE-2024-50224, CVE-2024-50226, CVE-2024-50229, CVE-2024-50230, CVE-2024-50231, CVE-2024-50232, CVE-2024-50233, CVE-2024-50234, CVE-2024-50235, CVE-2024-50236, CVE-2024-50237, CVE-2024-50239, CVE-2024-50240, CVE-2024-50242, CVE-2024-50243, CVE-2024-50244, CVE-2024-50245, CVE-2024-50246, CVE-2024-50247, CVE-2024-50248, CVE-2024-50249, CVE-2024-50250, CVE-2024-50251, CVE-2024-50252, CVE-2024-50255, CVE-2024-50256, CVE-2024-50257, CVE-2024-50258, CVE-2024-50259, CVE-2024-50261, CVE-2024-50262, CVE-2024-50264, CVE-2024-50265, CVE-2024-50267, CVE-2024-50268, CVE-2024-50269, CVE-2024-50271, CVE-2024-50272, CVE-2024-50273, CVE-2024-50275, CVE-2024-50276, CVE-2024-50278, CVE-2024-50279, CVE-2024-50282, CVE-2024-50283, CVE-2024-50284, CVE-2024-50285, CVE-2024-50286, CVE-2024-50287, CVE-2024-50292, CVE-2024-50296, CVE-2024-50298, CVE-2024-50299, CVE-2024-50300, CVE-2024-50301, CVE-2024-50302, CVE-2024-53042, CVE-2024-53043, CVE-2024-53046, CVE-2024-53047, CVE-2024-53052, CVE-2024-53055, CVE-2024-53057, CVE-2024-53058, CVE-2024-53059, CVE-2024-53060, CVE-2024-53061, CVE-2024-53063, CVE-2024-53066, CVE-2024-53068, CVE-2024-53072, CVE-2024-53076, CVE-2024-53079, CVE-2024-53081, CVE-2024-53082, CVE-2024-53083, CVE-2024-53088, CVE-2024-53091, CVE-2024-53093, CVE-2024-53094, CVE-2024-53096, CVE-2024-53099, CVE-2024-53100, CVE-2024-53101, CVE-2024-53103, CVE-2024-53108, CVE-2024-53109, CVE-2024-53110, CVE-2024-53112, CVE-2024-53113, CVE-2024-53119, CVE-2024-53120, CVE-2024-53121, CVE-2024-53122, CVE-2024-53123, CVE-2024-53126, CVE-2024-53127, CVE-2024-53129, CVE-2024-53130, CVE-2024-53131, CVE-2024-53134, CVE-2024-53135, CVE-2024-53138, CVE-2024-53139, CVE-2024-53140, CVE-2024-53141, CVE-2024-53142, CVE-2024-53145, CVE-2024-53146, CVE-2024-53150, CVE-2024-53151, CVE-2024-53154, CVE-2024-53155, CVE-2024-53156, CVE-2024-53157, CVE-2024-53161, CVE-2024-53165, CVE-2024-53166, CVE-2024-53168, CVE-2024-53171, CVE-2024-53173, CVE-2024-53175, CVE-2024-53180, CVE-2024-53188, CVE-2024-53191, CVE-2024-53200, CVE-2024-53202, CVE-2024-53208, CVE-2024-53210, CVE-2024-53213, CVE-2024-53215, CVE-2024-53217, CVE-2024-53224, CVE-2024-53226, CVE-2024-53227, CVE-2024-53230, CVE-2024-53231, CVE-2024-53237, CVE-2024-53239, CVE-2024-54683, CVE-2024-55916, CVE-2024-56369, CVE-2024-56538, CVE-2024-56551, CVE-2024-56567, CVE-2024-56568, CVE-2024-56569, CVE-2024-56572, CVE-2024-56574, CVE-2024-56575, CVE-2024-56577, CVE-2024-56578, CVE-2024-56579, CVE-2024-56581, CVE-2024-56587, CVE-2024-56593, CVE-2024-56595, CVE-2024-56596, CVE-2024-56598, CVE-2024-56600, CVE-2024-56601, CVE-2024-56602, CVE-2024-56603, CVE-2024-56604, CVE-2024-56605, CVE-2024-56606, CVE-2024-56611, CVE-2024-56613, CVE-2024-56614, CVE-2024-56615, CVE-2024-56617, CVE-2024-56622, CVE-2024-56623, CVE-2024-56626, CVE-2024-56627, CVE-2024-56629, CVE-2024-56631, CVE-2024-56634, CVE-2024-56635, CVE-2024-56640, CVE-2024-56642, CVE-2024-56643, CVE-2024-56648, CVE-2024-56649, CVE-2024-56650, CVE-2024-56651, CVE-2024-56653, CVE-2024-56654, CVE-2024-56657, CVE-2024-56658, CVE-2024-56659, CVE-2024-56660, CVE-2024-56662, CVE-2024-56663, CVE-2024-56664, CVE-2024-56667, CVE-2024-56670, CVE-2024-56672, CVE-2024-56675, CVE-2024-56687, CVE-2024-56688, CVE-2024-56689, CVE-2024-56692, CVE-2024-56694, CVE-2024-56698, CVE-2024-56704, CVE-2024-56708, CVE-2024-56710, CVE-2024-56715, CVE-2024-56716, CVE-2024-56717, CVE-2024-56718, CVE-2024-56720, CVE-2024-56722, CVE-2024-56723, CVE-2024-56724, CVE-2024-56725, CVE-2024-56726, CVE-2024-56727, CVE-2024-56728, CVE-2024-56729, CVE-2024-56739, CVE-2024-56741, CVE-2024-56744, CVE-2024-56745, CVE-2024-56746, CVE-2024-56747, CVE-2024-56748, CVE-2024-56751, CVE-2024-56752, CVE-2024-56754, CVE-2024-56755, CVE-2024-56756, CVE-2024-56760, CVE-2024-56763, CVE-2024-56765, CVE-2024-56767, CVE-2024-56769, CVE-2024-56770, CVE-2024-56774, CVE-2024-56776, CVE-2024-56777, CVE-2024-56778, CVE-2024-56779, CVE-2024-56780, CVE-2024-56781, CVE-2024-56783, CVE-2024-56785, CVE-2024-56786, CVE-2024-56787, CVE-2024-57798, CVE-2024-57807 and CVE-2024-57874
ofono: Fix CVE-2023-4232, CVE-2023-4235, CVE-2024-7539, CVE-2024-7540, CVE-2024-7541, CVE-2024-7542, CVE-2024-7543, CVE-2024-7544, CVE-2024-7545, CVE-2024-7546 and CVE-2024-7547
rsync: Fix CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088 and CVE-2024-12747
socat: Fix CVE-2024-54661
subversion: Fix CVE-2024-46901
wget: Fix CVE-2024-10524
Fixes in Yocto-5.0.7
bitbake: cooker: Make cooker ‘skiplist’ per-multiconfig/mc
bitbake: tests/fetch: Fix git shallow test failure with git >= 2.48
bitbake: ui/knotty: print log paths for failed tasks in summary
bitbake: ui/knotty: respect NO_COLOR & check for tty; rename print_hyperlink => format_hyperlink
bluez5: Revert “bluez5: remove configuration files from install task”
bluez5: backport patch to fix address type when loading keys
boost: fix do_fetch error
build-appliance-image: Update to scarthgap head revision
classes/nativesdk: also override TUNE_PKGARCH
classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture
contributor-guide/submit-changes.rst: suggest to remove the git signature
cve-update-nvd2-native: Handle BB_NO_NETWORK and missing db
cve-update-nvd2-native: Tweak to work better with NFS DL_DIR
dev-manual/bmaptool.rst: correct command for bmaptool-native
dev-manual/bmaptool.rst: simplify and fix instructions
dev-manual: fix styling of references to bmaptool
docs: Gather dependencies in poky.yaml.in
docs: Update autobuilder URLs to valkyrie
docs: Update the documentation for SRCPV
gcc: Fix c++: tweak for Wrange-loop-construct
groff: Fix race issues for parallel build
libgfortran: fix buildpath QA issue
libxml2: Upgrade to 2.12.9
linux-yocto/6.6: bsp/genericarm64: disable ARM64_SME
linux-yocto/6.6: genericarm64.cfg: enable CONFIG_DMA_CMA
linux-yocto/6.6: update to v6.6.69
lttng-modules: fix sched_stat_runtime changed in Linux 6.6.66
migration-guides: add release notes for 5.0.6
oeqa/ssh: allow to retrieve raw, unformatted ouput
ovmf-native: remove .pyc files from install
poky.conf: add new tested distros
poky.conf: bump version for 5.0.7
poky.yaml.in: add missing locales dependency
poky.yaml.in: replace inkscape dependency by librsvg2-bin
populate_sdk_ext: write_local_conf add shutil import
pulseaudio: fix webrtc audio depdency
python3-requests: upgrade to 2.32.3
python3: Drop empty patch
python3: add dependency on -compression to -core
python3: upgrade to 3.12.7
ref-manual: move runtime-testing section to the test-manual
ref-manual: use standardized method accross both ubuntu and debian for locale install
ref-manual: SSTATE_MIRRORS/SOURCE_MIRROR_URL: add instructions for mirror authentication
reproducible-builds.rst: show how to build a single package
rust-target-config: Fix TARGET_C_INT_WIDTH with correct size
rust: Revert “rust: Add new varaible RUST_ENABLE_EXTRA_TOOLS”
rust: add reproducibility patch to eliminate host leakage
rust: build the default set of tools
rust: correctly link rust-snapshot into build/stage0
rust: use rust-snapshot binaries only in rust-native
sanity.bbclass: skip check_userns for non-local uid
scripts/install-buildtools: Update to 5.0.6
system-requirements.rst: add dependencies for pdf builds
system-requirements: add fedora 39 to supported distros
system-requirements: update list of supported distros
systemd: enable create-log-dirs
test-manual/reproducible-builds: fix reproducible links
Known Issues in Yocto-5.0.7
N/A
Contributors to Yocto-5.0.7
Thanks to the following people who contributed to this release:
Aleksandar Nikolic
Alexander Kanavin
Alexis Lothoré
Antonin Godard
Archana Polampalli
Bruce Ashfield
Catalin Popescu
Changqing Li
Chen Qi
Chris Laplante
Divya Chellam
Esben Haabendal
Guénaël Muller
Guðni Már Gilbert
Harish Sadineni
Hiago De Franco
Hitendra Prajapati
Jiaying Song
Khem Raj
Lee Chee Yang
Mark Hatle
Michael Opdenacker
Mikko Rapeli
Peter Marko
Richard Purdie
Robert Yang
Ross Burton
Soumya Sambu
Steve Sakoman
Sunil Dora
Trevor Gamblin
Xiangyu Chen
Yash Shinde
Zhang Peng
Zahir Hussain
Repositories / Downloads for Yocto-5.0.7
poky
Repository Location: https://git.yoctoproject.org/poky
Branch: scarthgap
Tag: yocto-5.0.7
Git Revision: 7dad83c7e5e9637c0ff5d5712409611fd4a14946
Release Artefact: poky-7dad83c7e5e9637c0ff5d5712409611fd4a14946
sha: ae688031b19b88582bb4a76d0525e3704b981ad1d21eb38a0873cd01dd9a4652
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.7/poky-7dad83c7e5e9637c0ff5d5712409611fd4a14946.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.7/poky-7dad83c7e5e9637c0ff5d5712409611fd4a14946.tar.bz2
openembedded-core
Repository Location: https://git.openembedded.org/openembedded-core
Branch: scarthgap
Tag: yocto-5.0.7
Git Revision: 62cb12967391db709315820d48853ffa4c6b4740
Release Artefact: oecore-62cb12967391db709315820d48853ffa4c6b4740
sha: bc45429df1805445b678f1b0ed6ce017edfac38c7226dce92ce393b3ef311f95
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.7/oecore-62cb12967391db709315820d48853ffa4c6b4740.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.7/oecore-62cb12967391db709315820d48853ffa4c6b4740.tar.bz2
meta-mingw
Repository Location: https://git.yoctoproject.org/meta-mingw
Branch: scarthgap
Tag: yocto-5.0.7
Git Revision: acbba477893ef87388effc4679b7f40ee49fc852
Release Artefact: meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852
sha: 3b7c2f475dad5130bace652b150367f587d44b391218b1364a8bbc430b48c54c
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.7/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.7/meta-mingw-acbba477893ef87388effc4679b7f40ee49fc852.tar.bz2
bitbake
Repository Location: https://git.openembedded.org/bitbake
Branch: 2.8
Tag: yocto-5.0.7
Git Revision: aa0e540fc31a1c26839efd2c7785a751ce24ebfb
Release Artefact: bitbake-aa0e540fc31a1c26839efd2c7785a751ce24ebfb
sha: 169b68ed7d5e55015b1c35a82d35efaa25c87cba4722c85e66514a15d31e1d28
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.7/bitbake-aa0e540fc31a1c26839efd2c7785a751ce24ebfb.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.7/bitbake-aa0e540fc31a1c26839efd2c7785a751ce24ebfb.tar.bz2
yocto-docs
Repository Location: https://git.yoctoproject.org/yocto-docs
Branch: scarthgap
Tag: yocto-5.0.7
Git Revision: bb9e018adcc10c642f87d0b95432783b5eb8057b