Release notes for Yocto-5.3.1 (Whinlatter)
Users of Alma 9, Rocky 9 and Centos Stream 9 rolling releases have seen obtuse failures in the execution of tar in various tasks after recent host distro updates. These newer versions of tar contain a CVE fix which uses a new glibc call/syscall (openat2). The fix is to update to a newer pseudo version which handles this syscall. This is not included in this stable release but we aim to include it in the next one.
Security Fixes in Yocto-5.3.1
binutils: Fix CVE-2025-11494, CVE-2025-11839 and CVE-2025-11840
cups: Fix CVE-2025-58436 and CVE-2025-61915
dropbear: Fix CVE-2019-6111
glib-2.0: Fix CVE-2025-13601, CVE-2025-14087 and CVE-2025-14512
gnutls: Fix CVE-2025-9820
go: Fix CVE-2025-61727 and CVE-2025-61729
libarchive: Fix CVE-2025-60753
libpcap: Fix CVE-2025-11961 and CVE-2025-11964
libpng: Fix CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018 and CVE-2025-66293
linux-yocto/6.12: Ignore CVE-2023-7324, CVE-2024-57995, CVE-2025-21833, CVE-2025-22105, CVE-2025-22107, CVE-2025-22121, CVE-2025-23129, CVE-2025-23130, CVE-2025-37803, CVE-2025-37860, CVE-2025-38643, CVE-2025-38678, CVE-2025-39678, CVE-2025-39981, CVE-2025-40014, CVE-2025-40026, CVE-2025-40027, CVE-2025-40028, CVE-2025-40029, CVE-2025-40030, CVE-2025-40031, CVE-2025-40032, CVE-2025-40033, CVE-2025-40034, CVE-2025-40035, CVE-2025-40036, CVE-2025-40037, CVE-2025-40038, CVE-2025-40039, CVE-2025-40040, CVE-2025-40041, CVE-2025-40042, CVE-2025-40043, CVE-2025-40044, CVE-2025-40045, CVE-2025-40046, CVE-2025-40047, CVE-2025-40048, CVE-2025-40049, CVE-2025-40050, CVE-2025-40051, CVE-2025-40052, CVE-2025-40053, CVE-2025-40055, CVE-2025-40056, CVE-2025-40057, CVE-2025-40058, CVE-2025-40059, CVE-2025-40060, CVE-2025-40061, CVE-2025-40062, CVE-2025-40063, CVE-2025-40066, CVE-2025-40067, CVE-2025-40068, CVE-2025-40069, CVE-2025-40070, CVE-2025-40071, CVE-2025-40072, CVE-2025-40073, CVE-2025-40076, CVE-2025-40077, CVE-2025-40078, CVE-2025-40079, CVE-2025-40080, CVE-2025-40081, CVE-2025-40082, CVE-2025-40083, CVE-2025-40084, CVE-2025-40085, CVE-2025-40087, CVE-2025-40088, CVE-2025-40089, CVE-2025-40090, CVE-2025-40091, CVE-2025-40092, CVE-2025-40093, CVE-2025-40094, CVE-2025-40095, CVE-2025-40096, CVE-2025-40097, CVE-2025-40099, CVE-2025-40100, CVE-2025-40101, CVE-2025-40103, CVE-2025-40104, CVE-2025-40105, CVE-2025-40106, CVE-2025-40107, CVE-2025-40108, CVE-2025-40109, CVE-2025-40110, CVE-2025-40111, CVE-2025-40112, CVE-2025-40115, CVE-2025-40116, CVE-2025-40117, CVE-2025-40118, CVE-2025-40119, CVE-2025-40120, CVE-2025-40121, CVE-2025-40122, CVE-2025-40123, CVE-2025-40124, CVE-2025-40125, CVE-2025-40126, CVE-2025-40127, CVE-2025-40129, CVE-2025-40131, CVE-2025-40132, CVE-2025-40133, CVE-2025-40134, CVE-2025-40137, CVE-2025-40138, CVE-2025-40140, CVE-2025-40141, CVE-2025-40142, CVE-2025-40143, CVE-2025-40144, CVE-2025-40145, CVE-2025-40148, CVE-2025-40151, CVE-2025-40152, CVE-2025-40153, CVE-2025-40154, CVE-2025-40155, CVE-2025-40156, CVE-2025-40157, CVE-2025-40159, CVE-2025-40160, CVE-2025-40161, CVE-2025-40162, CVE-2025-40163, CVE-2025-40165, CVE-2025-40166, CVE-2025-40167, CVE-2025-40169, CVE-2025-40171, CVE-2025-40172, CVE-2025-40173, CVE-2025-40174, CVE-2025-40175, CVE-2025-40176, CVE-2025-40177, CVE-2025-40178, CVE-2025-40179, CVE-2025-40180, CVE-2025-40181, CVE-2025-40182, CVE-2025-40183, CVE-2025-40184, CVE-2025-40185, CVE-2025-40186, CVE-2025-40187, CVE-2025-40188, CVE-2025-40189, CVE-2025-40190, CVE-2025-40191, CVE-2025-40192, CVE-2025-40193, CVE-2025-40194, CVE-2025-40195, CVE-2025-40196, CVE-2025-40197, CVE-2025-40198, CVE-2025-40199, CVE-2025-40200, CVE-2025-40201, CVE-2025-40202, CVE-2025-40203, CVE-2025-40204, CVE-2025-40205, CVE-2025-40206, CVE-2025-40207, CVE-2025-40208, CVE-2025-40209, CVE-2025-40211, CVE-2025-40212 and CVE-2025-40213
python3-urllib3: Fix CVE-2025-66418
python3: Fix CVE-2025-6075 and CVE-2025-12084
sqlite3: Fix CVE-2025-3277, CVE-2025-6965 and CVE-2025-29087
Fixes in Yocto-5.3.1
bitbake
bin: Hide os.fork() deprecation warning in all bitbake scripts
bitbake-layers: Also hide os.fork() deprecation warning
meta-yocto
poky.conf: bump version for 5.3.1
openembedded-core
build-appliance-image: Update to whinlatter head revisions
ccache: upgrade to 4.12.2
cross.bbclass: Propagate dependencies to outhash
cups: upgrade to 2.4.15
curl: Use host CA bundle by default for native(sdk) builds
cve-update: Avoid NFS caching issues
e2fsprogs: misc/create_inode.c: Fix for file larger than 2GB
ell: upgrade to 0.80
enchant2: upgrade to 2.8.14
glib-2.0: Upgrade to 2.86.1
glib-2.0: upgrade to 2.86.3
go: upgrade to 1.25.5
gst-devtools: upgrade to 1.26.7
gst-examples: upgrade to 1.26.7
gstreamer1.0: upgrade to 1.26.7
gstreamer1.0-libav: upgrade to 1.26.7
gstreamer1.0-plugins-bad: upgrade to 1.26.7
gstreamer1.0-plugins-base: upgrade to 1.26.7
gstreamer1.0-plugins-good: upgrade to 1.26.7
gstreamer1.0-plugins-ugly: upgrade to 1.26.7
gstreamer1.0-python: upgrade to 1.26.7
gstreamer1.0-rtsp-server: upgrade to 1.26.7
gstreamer1.0-vaapi: upgrade to 1.26.7
libarchive: upgrade to 3.8.3
libarchive: upgrade to 3.8.4
libpcap: upgrade to 1.10.6
libpng: upgrade to 1.6.52
libssh2: fix regression in KEX method validation (GH-1553)
libxmlb: upgrade to 0.3.24
linux-yocto/6.12: update to v6.12.60
llvm/clang: Upgrade to 21.1.7
mesa: upgrade to 25.2.8
python3: upgrade to 3.13.11
spdx30_tasks: Fix SPDX_CUSTOM_ANNOTATION_VARS implementation
xserver-nodm-init: avoid race condition related to udev
yocto-docs
Add the sphinx-copybutton extension
Fix bitbake version mapping for whinlatter
Makefile: fix rsvg-convert –format capitalization
brief-yoctoprojectqs/index.rst: fix improper code-block indentation
brief-yoctoprojectqs/index.rst: switch shell block to to console/text blocks
brief-yoctoprojectqs/index.rst: update available bitbake-setup configurations
brief-yoctoprojectqs: specify what “recent Ubuntu Linux distribution” is
dev-manual/limiting-resources.rst: update how to track pressure info
make sure Quick Build section and System Requirements are in sync
migration-guide: update 5.3 release notes download section
migration-guides/release-notes-5.3.rst: add contributors
migration-guides/release-notes-5.3.rst: add fixed cve
migration-guides/release-notes-5.3.rst: add license updates
migration-guides/release-notes-5.3.rst: add recipe upgrades
migration-guides/release-notes-5.3.rst: latest changes from master
overview-manual/concepts.rst: update the cross-development toolchain section
poky.yaml.in: add DISTRO_RELEASE_SERIES
ref-manual/classes.rst: document the image-container class
ref-manual/faq.rst: add Q&A on third-party vuln scanning tools
ref-manual/system-requirements.rst: add RockyLinux install instructions
ref-manual/system-requirements.rst: fix AlmaLinux PDF build
ref-manual/tasks.rst: document the do_list_image_features task
ref-manual/variables.rst: document WESTON_USER/WESTON_USER_HOME variables
ref-manual: Document SPDX 3.0.1 variables
set_versions.py: add wrynose as devbranch
tools/build-docs-container: add CentOS Stream 9 support
tools/build-docs-container: move container files in their own directory
tools: add gen-cve-release-notes
tools: ubuntu_docs: remove duplicate python3-saneyaml
Known Issues in Yocto-5.3.1
N/A
Contributors to Yocto-5.3.1
Thanks to the following people who contributed to this release:
Alexander Kanavin
Ankur Tyagi
Antonin Godard
Bruce Ashfield
Chen Qi
Deepesh Varatharajan
Dmitry Baryshkov
Gyorgy Sarvari
Jayasurya Maganuru
Jörg Sommer
Lee Chee Yang
Martin Jansa
Mathieu Dubois-Briand
Moritz Haase
Paul Barker
Peter Marko
Quentin Schulz
Robert Yang
Stefano Tondo
Vijay Anusuri
Wang Mingyu
Yash Shinde
Yoann Congal
Zhang Peng
Repositories / Downloads for Yocto-5.3.1
yocto-docs
Repository Location: https://git.yoctoproject.org/yocto-docs
Branch: whinlatter
Tag: yocto-5.3.1
Git Revision: 102a33294e63a5581c413555040f790161fc80ff
Release Artefact: yocto-docs-102a33294e63a5581c413555040f790161fc80ff
sha: 377b828c5dbf82b8a918360a52ff7b4122d37fd8d13d0451738edd57a1924083
Download Locations:
openembedded-core
Repository Location: https://git.openembedded.org/openembedded-core
Branch: whinlatter
Tag: yocto-5.3.1
Git Revision: dd10706cfafb5574b7cf316fca2300d166ef71b0
Release Artefact: oecore-dd10706cfafb5574b7cf316fca2300d166ef71b0
sha: b3182231a4a10f57215289b0f42ebe658ee9b1ed0b0bfe414d846a778ff7c598
Download Locations:
meta-yocto
Repository Location: https://git.yoctoproject.org/meta-yocto
Branch: whinlatter
Tag: yocto-5.3.1
Git Revision: 6973ca663aaa9c3ab517ee960ab7985a5bf54c07
Release Artefact: meta-yocto-6973ca663aaa9c3ab517ee960ab7985a5bf54c07
sha: 0e126b092e74bb217416d9603002b20db8e552b45b23d634cdae955fd089dfe2
Download Locations:
meta-mingw
Repository Location: https://git.yoctoproject.org/meta-mingw
Branch: whinlatter
Tag: yocto-5.3.1
Git Revision: 00323de97e397d4f6734ef2191806616989f5e10
Release Artefact: meta-mingw-00323de97e397d4f6734ef2191806616989f5e10
sha: c9a70539b12c0642596fde6a2766d4a6a8fec8b2a366453fb6473363127a1c77
Download Locations:
bitbake
Repository Location: https://git.openembedded.org/bitbake
Branch: 2.16
Tag: yocto-5.3.1
Git Revision: 663021740bc086bd959a8457ad9ddb6da52a8278
Release Artefact: bitbake-663021740bc086bd959a8457ad9ddb6da52a8278
sha: a290072317e5c533fafd18608e61c9ebe9acf24d2ce46b43ba99df42c77e7073
Download Locations: