Release notes for Yocto-5.0.5 (Scarthgap)

Security Fixes in Yocto-5.0.5

cups: Fix CVE-2024-47175
curl: Fix CVE-2024-8096
gnupg: Ignore CVE-2022-3219 (wont-fix)
libarchive: Fix CVE-2024-48957 and CVE-2024-48958
openssh: Ignore CVE-2023-51767 (wont-fix)
openssl: Fix CVE-2024-9143
ruby: Fix CVE-2024-41123 and CVE-2024-41496
rust-llvm: Fix CVE-2024-0151
rust, libstd-rs: Ignore CVE-2024-43402
wpa-supplicant: Patch SAE H2E and incomplete downgrade protection for group negotiation
wpa-supplicant: Fix CVE-2024-3596
wpa-supplicant: Ignore CVE-2024-5290

Fixes in Yocto-5.0.5

binutils: stable 2.42 branch updates
bitbake.conf: Add truncate to HOSTTOOLS
bitbake: asyncrpc: Use client timeout for websocket open timeout
bitbake: bitbake: doc/user-manual: Update the BB_HASHSERVE_UPSTREAM
bitbake: gitsm: Add call_process_submodules() to remove duplicated code
bitbake: gitsm: Remove downloads/tmpdir when failed
bitbake: tests/fetch: Use our own mirror of mobile-broadband-provider to decouple from gnome gitlab
bitbake: tests/fetch: Use our own mirror of sysprof to decouple from gnome gitlab
build-appliance-image: Update to scarthgap head revision
cryptodev: upgrade to 1.14
cve-check: add support for cvss v4.0
cve_check: Use a local copy of the database during builds
dev-manual: add bblock documentation
documentation: conf.py: rename :cve: role to :cve_nist:
documentation: README: add instruction to run Vale on a subset
documentation: Makefile: add SPHINXLINTDOCS to specify subset to sphinx-lint
e2fsprogs: removed ‘sed -u’ option
ffmpeg: Add “libswresample libavcodec” to CVE_PRODUCT
glibc: stable 2.39 branch updates.
go: upgrade to 1.22.8
icu: update patch Upstream-Status
image.bbclass: Drop support for ImageQAFailed exceptions in image_qa
image_qa: fix error handling
install-buildtools: fix “test installation” step
install-buildtools: remove md5 checksum validation
install-buildtools: update base-url, release and installer version
kernel-devsrc: remove 64 bit vdso cmd files
kernel-fitimage: fix external dtb check
kernel-fitimage: fix intentation
lib/oe/package-manager: skip processing installed-pkgs with empty globs
liba52: fix do_fetch error
libpcre2: Update base uri PhilipHazel -> PCRE2Project
libsdl2: Fix non-deterministic configure option for libsamplerate
license: Fix directory layout issues
linux-firmware: upgrade to 20240909
linux-yocto/6.6: fix genericarm64 config warning
linux-yocto/6.6: upgrade to v6.6.54
lsb-release: fix Distro Codename shell escaping
makedevs: Fix issue when rootdir of / is given
makedevs: Fix matching uid/gid
meta-ide-support: Mark recipe as MACHINE-specific
meta-world-pkgdata: Inherit nopackages
migration-guide: add release notes for 4.0.21, 4.0.22 and 5.0.4
migration-guide: release-notes-4.0: update BB_HASHSERVE_UPSTREAM for new infrastructure
migration-guide: release-notes-5.0.rst: update NO_OUTPUT -> NO_COLOR
orc: upgrade to 0.4.40
overview-manual: concepts: add details on package splitting
poky.conf: bump version for 5.0.5
populate_sdk_base: inherit nopackages
ptest-runner: upgrade to 2.4.5
pulseaudio: correct freedesktop.org -> www.freedesktop.org SRC_URI
desktop-file-utils: correct freedesktop.org -> www.freedesktop.org SRC_URI
python3-lxml: upgrade to v5.0.2
python3-setuptools: Add “python:setuptools” to CVE_PRODUCT
recipes-bsp: usbutils: Fix usb-devices command using busybox
ref-manual: add missing CVE_CHECK manifest variables
ref-manual: add missing EXTERNAL_KERNEL_DEVICETREE variable
ref-manual: add missing OPKGBUILDCMD variable
ref-manual: add missing TESTIMAGE_FAILED_QA_ARTIFACTS
ref-manual: devtool-reference: document missing commands
ref-manual: devtool-reference: refresh example outputs
ref-manual: faq: add q&a on class appends
ref-manual: introduce CVE_CHECK_REPORT_PATCHED variable
ref-manual: merge patch-status-* to patch-status
ref-manual: release-process: add a reference to the doc’s release
ref-manual: release-process: refresh the current LTS releases
ref-manual: release-process: update releases.svg
ref-manual: release-process: update releases.svg with month after “Current”
ref-manual: structure.rst: document missing tmp/ dirs
ref-manual: variables: add SIGGEN_LOCKEDSIGS* variables
rootfs-postcommands.bbclass: make opkg status reproducible
rpm: fix expansion of %_libdir in macros
ruby: upgrade to 3.3.5
runqemu: Fix detection of -serial parameter
runqemu: keep generating tap devices
scripts/install-buildtools: Update to 5.0.3
sqlite3: upgrade to 3.45.3
styles: vocabularies: Yocto: add sstate
systemtap: fix systemtap-native build error on Fedora 40
sysvinit: take release tarballs from github
testexport: fallback for empty IMAGE_LINK_NAME
testimage: fallback for empty IMAGE_LINK_NAME
uboot-sign: fix counters in do_uboot_assemble_fitimage
vim: upgrade to 9.1.0764
virglrenderer: Add patch to fix -int-conversion build issue
webkitgtk: upgrade to 2.44.3
weston: backport patch to allow neatvnc < v0.9.0
wpa-supplicant: Patch security advisory 2024-2
xserver-xorg: upgrade to 21.1.14

Known Issues in Yocto-5.0.5

oeqa/runtime: the beaglebone-yocto target fails the parselogs runtime test due to unexpected kernel error messages in the log (see bug 15624 on Bugzilla).