.. SPDX-License-Identifier: CC-BY-SA-2.0-UK Release notes for Yocto-5.0.9 (Scarthgap) ----------------------------------------- Security Fixes in Yocto-5.0.9 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - binutils: Fix :cve_nist:`2024-57360`, :cve_nist:`2025-1176`, :cve_nist:`2025-1178` and :cve_nist:`2025-1181` - expat: Fix :cve_nist:`2024-8176` - freetype: Fix :cve_nist:`2025-27363` - ghostscript: Fix :cve_nist:`2025-27830`, :cve_nist:`2025-27831`, :cve_nist:`2025-27832`, :cve_nist:`2025-27833`, :cve_nist:`2025-27833`, :cve_nist:`2025-27834`, :cve_nist:`2025-27835` and :cve_nist:`2025-27836` - go: fix :cve_nist:`2025-22870` and :cve_nist:`2025-22871` - grub: Fix :cve_nist:`2024-45781`, :cve_nist:`2024-45774`, :cve_nist:`2024-45775`, :cve_nist:`2024-45776`, :cve_nist:`2024-45777`, :cve_nist:`2024-45778`, :cve_nist:`2024-45779`, :cve_nist:`2024-45780`, :cve_nist:`2024-45782`, :cve_nist:`2024-45783`, :cve_nist:`2024-56737`, :cve_nist:`2025-0622`, :cve_nist:`2025-0624`, :cve_nist:`2025-0677`, :cve_nist:`2025-0678`, :cve_nist:`2025-0684`, :cve_nist:`2025-0685`, :cve_nist:`2025-0686`, :cve_nist:`2025-0689`, :cve_nist:`2025-0690`, :cve_nist:`2025-1118` and :cve_nist:`2025-1125` - libarchive: Fix :cve_nist:`2024-20696`, :cve_nist:`2024-48957`, :cve_nist:`2024-48958`, :cve_nist:`2025-1632` and :cve_nist:`2025-25724` - libxslt: Fix :cve_nist:`2024-24855` and :cve_nist:`2024-55549` - linux-yocto/6.6: Fix :cve_nist:`2024-54458`, :cve_nist:`2024-57834`, :cve_nist:`2024-57973`, :cve_nist:`2024-57978`, :cve_nist:`2024-57979`, :cve_nist:`2024-57980`, :cve_nist:`2024-57981`, :cve_nist:`2024-57984`, :cve_nist:`2024-57996`, :cve_nist:`2024-57997`, :cve_nist:`2024-58002`, :cve_nist:`2024-58005`, :cve_nist:`2024-58007`, :cve_nist:`2024-58010`, :cve_nist:`2024-58011`, :cve_nist:`2024-58013`, :cve_nist:`2024-58017`, :cve_nist:`2024-58020`, :cve_nist:`2024-58034`, :cve_nist:`2024-58052`, :cve_nist:`2024-58055`, :cve_nist:`2024-58058`, :cve_nist:`2024-58063`, :cve_nist:`2024-58068`, :cve_nist:`2024-58069`, :cve_nist:`2024-58070`, :cve_nist:`2024-58071`, :cve_nist:`2024-58076`, :cve_nist:`2024-58080`, :cve_nist:`2024-58083`, :cve_nist:`2024-58088`, :cve_nist:`2025-21700`, :cve_nist:`2025-21703`, :cve_nist:`2025-21707`, :cve_nist:`2025-21711`, :cve_nist:`2025-21715`, :cve_nist:`2025-21716`, :cve_nist:`2025-21718`, :cve_nist:`2025-21726`, :cve_nist:`2025-21727`, :cve_nist:`2025-21731`, :cve_nist:`2025-21735`, :cve_nist:`2025-21736`, :cve_nist:`2025-21741`, :cve_nist:`2025-21742`, :cve_nist:`2025-21743`, :cve_nist:`2025-21744`, :cve_nist:`2025-21745`, :cve_nist:`2025-21748`, :cve_nist:`2025-21749`, :cve_nist:`2025-21753`, :cve_nist:`2025-21756`, :cve_nist:`2025-21759`, :cve_nist:`2025-21760`, :cve_nist:`2025-21761`, :cve_nist:`2025-21762`, :cve_nist:`2025-21763`, :cve_nist:`2025-21764`, :cve_nist:`2025-21773`, :cve_nist:`2025-21775`, :cve_nist:`2025-21776`, :cve_nist:`2025-21779`, :cve_nist:`2025-21780`, :cve_nist:`2025-21782`, :cve_nist:`2025-21783`, :cve_nist:`2025-21785`, :cve_nist:`2025-21787`, :cve_nist:`2025-21789`, :cve_nist:`2025-21790`, :cve_nist:`2025-21791`, :cve_nist:`2025-21792`, :cve_nist:`2025-21793`, :cve_nist:`2025-21796`, :cve_nist:`2025-21811`, :cve_nist:`2025-21812`, :cve_nist:`2025-21814`, :cve_nist:`2025-21820`, :cve_nist:`2025-21844`, :cve_nist:`2025-21846`, :cve_nist:`2025-21847`, :cve_nist:`2025-21848`, :cve_nist:`2025-21853`, :cve_nist:`2025-21854`, :cve_nist:`2025-21855`, :cve_nist:`2025-21856`, :cve_nist:`2025-21857`, :cve_nist:`2025-21858`, :cve_nist:`2025-21859`, :cve_nist:`2025-21862`, :cve_nist:`2025-21863`, :cve_nist:`2025-21864`, :cve_nist:`2025-21865`, :cve_nist:`2025-21866`, :cve_nist:`2025-21867`, :cve_nist:`2025-21887`, :cve_nist:`2025-21891`, :cve_nist:`2025-21898`, :cve_nist:`2025-21904`, :cve_nist:`2025-21905`, :cve_nist:`2025-21908`, :cve_nist:`2025-21912`, :cve_nist:`2025-21915`, :cve_nist:`2025-21917`, :cve_nist:`2025-21918`, :cve_nist:`2025-21919`, :cve_nist:`2025-21920`, :cve_nist:`2025-21922`, :cve_nist:`2025-21928`, :cve_nist:`2025-21934`, :cve_nist:`2025-21936`, :cve_nist:`2025-21937`, :cve_nist:`2025-21941`, :cve_nist:`2025-21943`, :cve_nist:`2025-21945`, :cve_nist:`2025-21947`, :cve_nist:`2025-21948`, :cve_nist:`2025-21951`, :cve_nist:`2025-21957`, :cve_nist:`2025-21959`, :cve_nist:`2025-21962`, :cve_nist:`2025-21963`, :cve_nist:`2025-21964`, :cve_nist:`2025-21966`, :cve_nist:`2025-21967`, :cve_nist:`2025-21968`, :cve_nist:`2025-21969`, :cve_nist:`2025-21979`, :cve_nist:`2025-21980`, :cve_nist:`2025-21981`, :cve_nist:`2025-21991` and :cve_nist:`2025-21993` - mpg123: Fix :cve_nist:`2024-10573` - ofono: Fix :cve_nist:`2024-7537` - openssh: Fix :cve_nist:`2025-26465` - puzzles: Ignore :cve_nist:`2024-13769`, :cve_nist:`2024-13770` and :cve_nist:`2025-0837` - qemu: Ignore :cve_nist:`2023-1386` - ruby: Fix :cve_nist:`2025-27219` and :cve_nist:`2025-27220` - rust-cross-canadian: Ignore :cve_nist:`2024-43402` - vim: Fix :cve_nist:`2025-1215`, :cve_nist:`2025-26603`, :cve_nist:`2025-27423` and :cve_nist:`2025-29768` - xserver-xorg: Fix :cve_nist:`2025-26594`, :cve_nist:`2025-26595`, :cve_nist:`2025-26596`, :cve_nist:`2025-26597`, :cve_nist:`2025-26598`, :cve_nist:`2025-26599`, :cve_nist:`2025-26600` and :cve_nist:`2025-26601` - xz: Fix :cve_nist:`2025-31115` Fixes in Yocto-5.0.9 ~~~~~~~~~~~~~~~~~~~~ - babeltrace2: extend to nativesdk - babeltrace: extend to nativesdk - bitbake: event/utils: Avoid deadlock from lock_timeout() and recursive events - bitbake: utils: Add signal blocking for lock_timeout - bitbake: utils: Print information about lock issue before exiting - bitbake: utils: Tweak lock_timeout logic - build-appliance-image: Update to scarthgap head revision - cve-check.bbclass: Mitigate symlink related error - cve-update-nvd2-native: add workaround for json5 style list - cve-update-nvd2-native: handle missing vulnStatus - gcc: remove paths to sysroot from configargs.h and checksum-options for gcc-cross-canadian - gcc: unify cleanup of include-fixed, apply to cross-canadian - ghostscript: upgrade to 10.05.0 - grub: backport strlcpy function - grub: drop obsolete CVE statuses - icu: Adjust ICU_DATA_DIR path on big endian targets - kernel-arch: add macro-prefix-map in KERNEL_CC - libarchive: upgrade to 3.7.9 - libxslt: upgrade to 1.1.43 - linux-yocto/6.6: update to v6.6.84 - mc: set ac_cv_path_ZIP to avoid buildpaths QA issues - mpg123: upgrade to 1.32.10 - nativesdk-libtool: sanitize the script, remove buildpaths - openssl: rewrite ptest installation - overview-manual/concepts: remove :term:`PR` from the build dir list - patch.py: set commituser and commitemail for addNote - poky.conf: bump version for 5.0.9 - vim: Upgrade to 9.1.1198 - xserver-xf86-config: add a configuration fragment to disable screen blanking - xserver-xf86-config: remove obsolete configuration files - xserver-xorg: upgrade to 21.1.16 - xz: upgrade to 5.4.7 - yocto-uninative: Update to 4.7 for glibc 2.41 Known Issues in Yocto-5.0.9 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ - N/A Contributors to Yocto-5.0.9 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to the following people who contributed to this release: - Antonin Godard - Archana Polampalli - Ashish Sharma - Bruce Ashfield - Changqing Li - Denys Dmytriyenko - Divya Chellam - Hitendra Prajapati - Madhu Marri - Makarios Christakis - Martin Jansa - Michael Halstead - Niko Mauno - Oleksandr Hnatiuk - Peter Marko - Richard Purdie - Ross Burton - Sana Kazi - Stefan Mueller-Klieser - Steve Sakoman - Vijay Anusuri - Virendra Thakur - Vishwas Udupa - Wang Mingyu - Zhang Peng Repositories / Downloads for Yocto-5.0.9 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ poky - Repository Location: :yocto_git:`/poky` - Branch: :yocto_git:`scarthgap ` - Tag: :yocto_git:`yocto-5.0.9 ` - Git Revision: :yocto_git:`bab0f9f62af9af580744948dd3240f648a99879a ` - Release Artefact: poky-bab0f9f62af9af580744948dd3240f648a99879a - sha: ee6811d9fb6c4913e19d6e3569f1edc8ccd793779b237520596506446a6b4531 - Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/poky-bab0f9f62af9af580744948dd3240f648a99879a.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/poky-bab0f9f62af9af580744948dd3240f648a99879a.tar.bz2 openembedded-core - Repository Location: :oe_git:`/openembedded-core` - Branch: :oe_git:`scarthgap ` - Tag: :oe_git:`yocto-5.0.9 ` - Git Revision: :oe_git:`04038ecd1edd6592b826665a2b787387bb7074fa ` - Release Artefact: oecore-04038ecd1edd6592b826665a2b787387bb7074fa - sha: 6e201a4b486dfbdfcb7e96d83b962a205ec4764db6ad0e34bd623db18910eddb - Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/oecore-04038ecd1edd6592b826665a2b787387bb7074fa.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/oecore-04038ecd1edd6592b826665a2b787387bb7074fa.tar.bz2 meta-mingw - Repository Location: :yocto_git:`/meta-mingw` - Branch: :yocto_git:`scarthgap ` - Tag: :yocto_git:`yocto-5.0.9 ` - Git Revision: :yocto_git:`bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f ` - Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f - sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65 - Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2 bitbake - Repository Location: :oe_git:`/bitbake` - Branch: :oe_git:`2.8 ` - Tag: :oe_git:`yocto-5.0.9 ` - Git Revision: :oe_git:`696c2c1ef095f8b11c7d2eff36fae50f58c62e5e ` - Release Artefact: bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e - sha: fc83f879cd6dd14b9b7eba0161fec23ecc191fed0fb00556ba729dceef6c145f - Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e.tar.bz2 yocto-docs - Repository Location: :yocto_git:`/yocto-docs` - Branch: :yocto_git:`scarthgap ` - Tag: :yocto_git:`yocto-5.0.9 ` - Git Revision: :yocto_git:`56db4fd81f6235428bef9e46a61c11ca0ba89733 `