Release notes for Yocto-5.0.9 (Scarthgap)
Security Fixes in Yocto-5.0.9
binutils: Fix CVE-2024-57360, CVE-2025-1176, CVE-2025-1178 and CVE-2025-1181
expat: Fix CVE-2024-8176
freetype: Fix CVE-2025-27363
ghostscript: Fix CVE-2025-27830, CVE-2025-27831, CVE-2025-27832, CVE-2025-27833, CVE-2025-27833, CVE-2025-27834, CVE-2025-27835 and CVE-2025-27836
go: fix CVE-2025-22870 and CVE-2025-22871
grub: Fix CVE-2024-45781, CVE-2024-45774, CVE-2024-45775, CVE-2024-45776, CVE-2024-45777, CVE-2024-45778, CVE-2024-45779, CVE-2024-45780, CVE-2024-45782, CVE-2024-45783, CVE-2024-56737, CVE-2025-0622, CVE-2025-0624, CVE-2025-0677, CVE-2025-0678, CVE-2025-0684, CVE-2025-0685, CVE-2025-0686, CVE-2025-0689, CVE-2025-0690, CVE-2025-1118 and CVE-2025-1125
libarchive: Fix CVE-2024-20696, CVE-2024-48957, CVE-2024-48958, CVE-2025-1632 and CVE-2025-25724
libxslt: Fix CVE-2024-24855 and CVE-2024-55549
linux-yocto/6.6: Fix CVE-2024-54458, CVE-2024-57834, CVE-2024-57973, CVE-2024-57978, CVE-2024-57979, CVE-2024-57980, CVE-2024-57981, CVE-2024-57984, CVE-2024-57996, CVE-2024-57997, CVE-2024-58002, CVE-2024-58005, CVE-2024-58007, CVE-2024-58010, CVE-2024-58011, CVE-2024-58013, CVE-2024-58017, CVE-2024-58020, CVE-2024-58034, CVE-2024-58052, CVE-2024-58055, CVE-2024-58058, CVE-2024-58063, CVE-2024-58068, CVE-2024-58069, CVE-2024-58070, CVE-2024-58071, CVE-2024-58076, CVE-2024-58080, CVE-2024-58083, CVE-2024-58088, CVE-2025-21700, CVE-2025-21703, CVE-2025-21707, CVE-2025-21711, CVE-2025-21715, CVE-2025-21716, CVE-2025-21718, CVE-2025-21726, CVE-2025-21727, CVE-2025-21731, CVE-2025-21735, CVE-2025-21736, CVE-2025-21741, CVE-2025-21742, CVE-2025-21743, CVE-2025-21744, CVE-2025-21745, CVE-2025-21748, CVE-2025-21749, CVE-2025-21753, CVE-2025-21756, CVE-2025-21759, CVE-2025-21760, CVE-2025-21761, CVE-2025-21762, CVE-2025-21763, CVE-2025-21764, CVE-2025-21773, CVE-2025-21775, CVE-2025-21776, CVE-2025-21779, CVE-2025-21780, CVE-2025-21782, CVE-2025-21783, CVE-2025-21785, CVE-2025-21787, CVE-2025-21789, CVE-2025-21790, CVE-2025-21791, CVE-2025-21792, CVE-2025-21793, CVE-2025-21796, CVE-2025-21811, CVE-2025-21812, CVE-2025-21814, CVE-2025-21820, CVE-2025-21844, CVE-2025-21846, CVE-2025-21847, CVE-2025-21848, CVE-2025-21853, CVE-2025-21854, CVE-2025-21855, CVE-2025-21856, CVE-2025-21857, CVE-2025-21858, CVE-2025-21859, CVE-2025-21862, CVE-2025-21863, CVE-2025-21864, CVE-2025-21865, CVE-2025-21866, CVE-2025-21867, CVE-2025-21887, CVE-2025-21891, CVE-2025-21898, CVE-2025-21904, CVE-2025-21905, CVE-2025-21908, CVE-2025-21912, CVE-2025-21915, CVE-2025-21917, CVE-2025-21918, CVE-2025-21919, CVE-2025-21920, CVE-2025-21922, CVE-2025-21928, CVE-2025-21934, CVE-2025-21936, CVE-2025-21937, CVE-2025-21941, CVE-2025-21943, CVE-2025-21945, CVE-2025-21947, CVE-2025-21948, CVE-2025-21951, CVE-2025-21957, CVE-2025-21959, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-21966, CVE-2025-21967, CVE-2025-21968, CVE-2025-21969, CVE-2025-21979, CVE-2025-21980, CVE-2025-21981, CVE-2025-21991 and CVE-2025-21993
mpg123: Fix CVE-2024-10573
ofono: Fix CVE-2024-7537
openssh: Fix CVE-2025-26465
puzzles: Ignore CVE-2024-13769, CVE-2024-13770 and CVE-2025-0837
qemu: Ignore CVE-2023-1386
ruby: Fix CVE-2025-27219 and CVE-2025-27220
rust-cross-canadian: Ignore CVE-2024-43402
vim: Fix CVE-2025-1215, CVE-2025-26603, CVE-2025-27423 and CVE-2025-29768
xserver-xorg: Fix CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600 and CVE-2025-26601
xz: Fix CVE-2025-31115
Fixes in Yocto-5.0.9
babeltrace2: extend to nativesdk
babeltrace: extend to nativesdk
bitbake: event/utils: Avoid deadlock from lock_timeout() and recursive events
bitbake: utils: Add signal blocking for lock_timeout
bitbake: utils: Print information about lock issue before exiting
bitbake: utils: Tweak lock_timeout logic
build-appliance-image: Update to scarthgap head revision
cve-check.bbclass: Mitigate symlink related error
cve-update-nvd2-native: add workaround for json5 style list
cve-update-nvd2-native: handle missing vulnStatus
gcc: remove paths to sysroot from configargs.h and checksum-options for gcc-cross-canadian
gcc: unify cleanup of include-fixed, apply to cross-canadian
ghostscript: upgrade to 10.05.0
grub: backport strlcpy function
grub: drop obsolete CVE statuses
icu: Adjust ICU_DATA_DIR path on big endian targets
kernel-arch: add macro-prefix-map in KERNEL_CC
libarchive: upgrade to 3.7.9
libxslt: upgrade to 1.1.43
linux-yocto/6.6: update to v6.6.84
mc: set ac_cv_path_ZIP to avoid buildpaths QA issues
mpg123: upgrade to 1.32.10
nativesdk-libtool: sanitize the script, remove buildpaths
openssl: rewrite ptest installation
overview-manual/concepts: remove PR from the build dir list
patch.py: set commituser and commitemail for addNote
poky.conf: bump version for 5.0.9
vim: Upgrade to 9.1.1198
xserver-xf86-config: add a configuration fragment to disable screen blanking
xserver-xf86-config: remove obsolete configuration files
xserver-xorg: upgrade to 21.1.16
xz: upgrade to 5.4.7
yocto-uninative: Update to 4.7 for glibc 2.41
Known Issues in Yocto-5.0.9
N/A
Contributors to Yocto-5.0.9
Thanks to the following people who contributed to this release:
Antonin Godard
Archana Polampalli
Ashish Sharma
Bruce Ashfield
Changqing Li
Denys Dmytriyenko
Divya Chellam
Hitendra Prajapati
Madhu Marri
Makarios Christakis
Martin Jansa
Michael Halstead
Niko Mauno
Oleksandr Hnatiuk
Peter Marko
Richard Purdie
Ross Burton
Sana Kazi
Stefan Mueller-Klieser
Steve Sakoman
Vijay Anusuri
Virendra Thakur
Vishwas Udupa
Wang Mingyu
Zhang Peng
Repositories / Downloads for Yocto-5.0.9
poky
Repository Location: https://git.yoctoproject.org/poky
Branch: scarthgap
Tag: yocto-5.0.9
Git Revision: bab0f9f62af9af580744948dd3240f648a99879a
Release Artefact: poky-bab0f9f62af9af580744948dd3240f648a99879a
sha: ee6811d9fb6c4913e19d6e3569f1edc8ccd793779b237520596506446a6b4531
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/poky-bab0f9f62af9af580744948dd3240f648a99879a.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/poky-bab0f9f62af9af580744948dd3240f648a99879a.tar.bz2
openembedded-core
Repository Location: https://git.openembedded.org/openembedded-core
Branch: scarthgap
Tag: yocto-5.0.9
Git Revision: 04038ecd1edd6592b826665a2b787387bb7074fa
Release Artefact: oecore-04038ecd1edd6592b826665a2b787387bb7074fa
sha: 6e201a4b486dfbdfcb7e96d83b962a205ec4764db6ad0e34bd623db18910eddb
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/oecore-04038ecd1edd6592b826665a2b787387bb7074fa.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/oecore-04038ecd1edd6592b826665a2b787387bb7074fa.tar.bz2
meta-mingw
Repository Location: https://git.yoctoproject.org/meta-mingw
Branch: scarthgap
Tag: yocto-5.0.9
Git Revision: bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
Release Artefact: meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f
sha: ab073def6487f237ac125d239b3739bf02415270959546b6b287778664f0ae65
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/meta-mingw-bd9fef71ec005be3c3a6d7f8b99d8116daf70c4f.tar.bz2
bitbake
Repository Location: https://git.openembedded.org/bitbake
Branch: 2.8
Tag: yocto-5.0.9
Git Revision: 696c2c1ef095f8b11c7d2eff36fae50f58c62e5e
Release Artefact: bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e
sha: fc83f879cd6dd14b9b7eba0161fec23ecc191fed0fb00556ba729dceef6c145f
Download Locations: https://downloads.yoctoproject.org/releases/yocto/yocto-5.0.9/bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e.tar.bz2 https://mirrors.kernel.org/yocto/yocto/yocto-5.0.9/bitbake-696c2c1ef095f8b11c7d2eff36fae50f58c62e5e.tar.bz2
yocto-docs
Repository Location: https://git.yoctoproject.org/yocto-docs
Branch: scarthgap
Tag: yocto-5.0.9
Git Revision: 56db4fd81f6235428bef9e46a61c11ca0ba89733