Release notes for Yocto-5.0.15 (Scarthgap)

Users of Alma 9, Rocky 9 and Centos Stream 9 rolling releases have seen obtuse failures in the execution of tar in various tasks after recent host distro updates. These newer versions of tar contain a CVE fix which uses a new glibc call/syscall (openat2). The fix is to update to a newer pseudo version which handles this syscall. This is not included in this stable release but we aim to include it in the next one.

Security Fixes in Yocto-5.0.15

Fixes and Feature Changes in Yocto-5.0.15

  • build-appliance-image: Update to scarthgap head revision

  • classes/create-spdx-2.2: Define SPDX_VERSION to 2.2

  • cml1.bbclass: use consistent make flags for menuconfig

  • cross.bbclass: Propagate dependencies to outhash

  • curl: Ensure ‘CURL_CA_BUNDLE’ from host env is indeed respected

  • curl: Use host CA bundle by default for native(sdk) builds

  • cve-check: extract extending CVE_STATUS to library function

  • dev-manual/layers.rst: document “bitbake-layers show-machines”

  • dev-manual/new-recipe.rst: replace ‘bitbake -e’ with ‘bitbake-getvar’

  • dev-manual/new-recipe.rst: typo, “whith” -> “which”

  • dev-manual/new-recipe.rst: update “recipetool -h” output

  • dev-manual/sbom.rst: reflect that create-spdx is enabled by default

  • dev-manual: debugging: use bitbake-getvar in Viewing Variable Values section

  • documentation: link to the Releases page on yoctoproject.org instead of wiki

  • glslang: fix compiling with gcc15

  • go: add sdk test

  • go: extend runtime test

  • go: remove duplicate arch map in sdk test

  • goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task signatures

  • kernel-dev: add disable config example

  • kernel-dev: common: migrate bitbake -e to bitbake-getvar

  • kernel.bbclass: Add task to export kernel configuration to SPDX

  • libssh2: fix regression in KEX method validation (GH-1553)

  • libssh2: upgrade to 1.11.1

  • migration-guides: add release notes for 4.0.31 and 5.0.13

  • oe/sdk: fix empty SDK manifests

  • oeqa/sdk/buildepoxy: skip test in eSDK

  • oeqa/selftest: oe-selftest: Add SPDX tests for kernel config and PACKAGECONFIG

  • oeqa: drop unnecessary dependency from go runtime tests

  • oeqa: fix package detection in go sdk tests

  • overview-manual: migrate to SVG + fix typo

  • poky.conf: bump version for 5.0.15

  • ref-manual: variables: migrate the OVERRIDES note to bitbake-getvar

  • ruby: Upgrade to 3.3.10

  • rust-target-config: fix nativesdk-libstd-rs build with baremetal

  • scripts/install-buildtools: Update to 5.0.14

  • spdx30: Provide software_packageUrl field in SPDX 3.0 SBOM

  • spdx30: fix cve status for patch files in VEX

  • spdx30: provide all CVE_STATUS, not only Patched status

  • spdx30_tasks: Add support for exporting PACKAGECONFIG to SPDX

  • spdx: Revert “spdx: Update for bitbake changes”

  • spdx: extend CVE_STATUS variables

  • testsdk: allow user to specify which tests to run

  • vex.bbclass: add a new class

  • vex: fix rootfs manifest

  • xserver-xorg: remove redundant patch

Known Issues in Yocto-5.0.15

  • N/A

Contributors to Yocto-5.0.15

Thanks to the following people who contributed to this release:

  • Adarsh Jagadish Kamini

  • Aleksandar Nikolic

  • Alexander Kanavin

  • Benjamin Robin (Schneider Electric)

  • Changqing Li

  • Daniel Turull

  • Deepak Rathore

  • Deepesh Varatharajan

  • Enrico Jörns

  • Gyorgy Sarvari

  • Hitendra Prajapati

  • Hongxu Jia

  • Hugo SIMELIERE

  • Jiaying Song

  • Kai Kang

  • Kamel Bouhara (Schneider Electric)

  • Lee Chee Yang

  • Martin Jansa

  • Mingli Yu

  • Moritz Haase

  • Osama Abdelkader

  • Ovidiu Panait

  • Peter Marko

  • Praveen Kumar

  • Quentin Schulz

  • Robert P. J. Day

  • Ross Burton

  • Steve Sakoman

  • Vijay Anusuri

  • Walter Werner SCHNEIDER

  • Yash Shinde

  • Yogita Urade

Repositories / Downloads for Yocto-5.0.15

yocto-docs

poky

openembedded-core

meta-yocto

meta-mingw

bitbake