Release notes for Yocto-4.0.28 (Kirkstone)
Security Fixes in Yocto-4.0.28
binutils: Fix CVE-2025-1180, CVE-2025-1182, CVE-2025-5244 and CVE-2025-5245
connman: Fix CVE-2025-32366
ffmpeg: Fix CVE-2025-1373, CVE-2025-22919 and CVE-2025-22921
ffmpeg: Ignore CVE-2022-48434
ghostscript: Fix CVE-2025-48708
git: Fix CVE-2024-50349 and CVE-2024-52006
glib-2.0: Fix CVE-2025-4373
glibc: Fix for CVE-2025-4802
go: Fix CVE-2025-4673
go: ignore CVE-2024-3566
icu: Fix CVE-2025-5222
iputils: Fix CVE-2025-47268
libsoup-2.4: Fix CVE-2025-2784, CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-32050, CVE-2025-32052, CVE-2025-32053, CVE-2025-32907, CVE-2025-32910, CVE-2025-32911, CVE-2025-32912, CVE-2025-32913, CVE-2025-32914, CVE-2025-46420 and CVE-2025-46421
libsoup: Fix CVE-2025-2784, CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-32050, CVE-2025-32051, CVE-2025-32052, CVE-2025-32053, CVE-2025-32907, CVE-2025-46420 and CVE-2025-46421
linux-yocto/5.15: Fix CVE-2024-26952, CVE-2025-21941, CVE-2025-21957, CVE-2025-21959, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-21968, CVE-2025-21996, CVE-2025-22018, CVE-2025-22020, CVE-2025-22035, CVE-2025-22054, CVE-2025-22056, CVE-2025-22063, CVE-2025-22066, CVE-2025-22081, CVE-2025-22097, CVE-2025-23136, CVE-2025-37785, CVE-2025-37803, CVE-2025-37805, CVE-2025-38152, CVE-2025-39728 and CVE-2025-39735
net-tools: Fix CVE-2025-46836
openssh: Fix CVE-2025-32728
python3: Fix CVE-2024-12718, CVE-2025-0938, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4516 and CVE-2025-4517
python3-requests: Fix CVE-2024-47081
python3-setuptools: Fix CVE-2025-47273
ruby: Fix CVE-2025-27221
screen: Fix CVE-2025-46802, CVE-2025-46804 and CVE-2025-46805
taglib: Fix CVE-2023-47466
Fixes in Yocto-4.0.28
babeltrace/libatomic-ops: correct the SRC_URI
brief-yoctoprojectqs/ref-manual: Switch to new CDN
bsp guide: update kernel version example to 6.12
bsp-guide: update lonely “4.12” kernel reference to “6.12”
build-appliance-image: Update to kirkstone head revision
cmake: Correctly handle cost data of tests with arbitrary chars in name
conf.py: tweak SearchEnglish to be hyphen-friendly
contributor-guide/submit-changes: encourage patch version changelogs
dev-manual/sbom.rst: fix wrong build outputs
docs: Clean up explanation of minimum required version numbers
docs: README: specify how to contribute instead of pointing at another file
docs: conf.py: silence SyntaxWarning on js_splitter_code
e2fsprogs: removed ‘sed -u’ option
ffmpeg: Add “libswresample libavcodec” to CVE_PRODUCT
ffmpeg: upgrade to 5.0.3
gcc: AArch64 - Fix strict-align cpymem/setmem
glibc: nptl Fix indentation
glibc: nptl Remove unnecessary catch-all-wake in condvar group switch
glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait
glibc: nptl Update comments and indentation for new condvar implementation
glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loop
glibc: nptl Use all of g1_start and g_signals
glibc: nptl rename __condvar_quiesce_and_switch_g1
glibc: pthreads NPTL lost wakeup fix 2
kernel.bbclass: add original package name to RPROVIDES for -image and -base
libpng: Improve ptest
linux-yocto/5.15: update to v5.15.184
migration-guides: add release notes for 4.0.26 and 4.0.27
nfs-utils: don’t use signals to shut down nfs server.
poky.conf: bump version for 4.0.28
python3: upgrade to 3.10.18
ref-manual/release-process: update releases.svg
ref-manual/variables.rst: document INHIBIT_DEFAULT_RUST_DEPS INHIBIT_UPDATERCD_BBCLASS SSTATE_SKIP_CREATION WIC_CREATE_EXTRA_ARGS IMAGE_ROOTFS_MAXSIZE INITRAMFS_MAXSIZE
ref-manual: clarify KCONFIG_MODE default behaviour
ref-manual: classes: nativesdk: move note to appropriate section
ref-manual: classes: reword to clarify that native/nativesdk options are exclusive
ref-manual: kernel-fitimage.bbclass does not use SPL_SIGN_KEYNAME
scripts/install-buildtools: Update to 4.0.27
sphinx-lint: role missing opening tag colon
sphinx-lint: trailing whitespace
sphinx-lint: unbalanced inline literal markup
sysstat: correct the SRC_URI
systemtap: add sysroot Python paths to configure flags
test-manual/intro: remove Buildbot version used
util-linux: Add fix to isolate test fstab entries using CUSTOM_FSTAB
xz: Update LICENSE variable for xz packages
Known Issues in Yocto-4.0.28
N/A
Contributors to Yocto-4.0.28
Aditya Tayade
Adrian Freihofer
Aleksandar Nikolic
Alper Ak
Antonin Godard
Archana Polampalli
Ashish Sharma
Bruce Ashfield
Carlos Sánchez de La Lama
Changqing Li
Christos Gavros
Colin Pinnell McAllister
Deepesh Varatharajan
Divya Chellam
Enrico Jörns
Etienne Cordonnier
Guocai He
Harish Sadineni
Hitendra Prajapati
Jiaying Song
Lee Chee Yang
Martin Jansa
Moritz Haase
NeilBrown
Peter Marko
Poonam Jadhav
Praveen Kumar
Quentin Schulz
Richard Purdie
Robert P. J. Day
Soumya Sambu
Steve Sakoman
Sundeep KOKKONDA
Sunil Dora
Trevor Woerner
Vijay Anusuri
Virendra Thakur
Yi Zhao
aszh07
Repositories / Downloads for Yocto-4.0.28
poky
Repository Location: https://git.yoctoproject.org/poky
Branch: kirkstone
Tag: yocto-4.0.28
Git Revision: 78c9cb3eaf071932567835742608404d5ce23cc4
Release Artefact: poky-78c9cb3eaf071932567835742608404d5ce23cc4
sha: 9c73c6f89e70c2041a52851e5cc582e5a2f05ad2fdc110d2c518f2c4994e8de3
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.28/poky-78c9cb3eaf071932567835742608404d5ce23cc4.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.28/poky-78c9cb3eaf071932567835742608404d5ce23cc4.tar.bz2
openembedded-core
Repository Location: https://git.openembedded.org/openembedded-core
Branch: kirkstone
Tag: yocto-4.0.28
Git Revision: 75e54301c5076eb0454aee33c870adf078f563fd
Release Artefact: oecore-75e54301c5076eb0454aee33c870adf078f563fd
sha: c5ffceab90881c4041ec4304da8b7b32d9c1f89a4c63ee7b8cbd53c796b0187b
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.28/oecore-75e54301c5076eb0454aee33c870adf078f563fd.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.28/oecore-75e54301c5076eb0454aee33c870adf078f563fd.tar.bz2
meta-mingw
Repository Location: https://git.yoctoproject.org/meta-mingw
Branch: kirkstone
Tag: yocto-4.0.28
Git Revision: 87c22abb1f11be430caf4372e6b833dc7d77564e
Release Artefact: meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e
sha: f0bc4873e2e0319fb9d6d6ab9b98eb3f89664d4339a167d2db6a787dd12bc1a8
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.28/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.28/meta-mingw-87c22abb1f11be430caf4372e6b833dc7d77564e.tar.bz2
meta-gplv2
Repository Location: https://git.yoctoproject.org/meta-gplv2
Branch: kirkstone
Tag: yocto-4.0.28
Git Revision: d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.28/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.28/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
bitbake
Repository Location: https://git.openembedded.org/bitbake
Branch: 2.0
Tag: yocto-4.0.28
Git Revision: 046871d9fd76efdca7b72718b328d8f545523f7e
Release Artefact: bitbake-046871d9fd76efdca7b72718b328d8f545523f7e
sha: e9df0a9f5921b583b539188d66b23f120e1751000e7822e76c3391d5c76ee21a
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-4.0.28/bitbake-046871d9fd76efdca7b72718b328d8f545523f7e.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-4.0.28/bitbake-046871d9fd76efdca7b72718b328d8f545523f7e.tar.bz2
meta-yocto
Repository Location: https://git.yoctoproject.org/meta-yocto
Branch: kirkstone
Tag: yocto-4.0.28
Git Revision: 0bf3dcef1caa80fb047bf9c3514314ab658e30ea
yocto-docs
Repository Location: https://git.yoctoproject.org/yocto-docs
Branch: kirkstone
Tag: yocto-4.0.28
Git Revision: 97cd3ee7f3bf1de8454708d1852ea9cdbd45c39b