Release notes for Yocto-6.0.1 (Wrynose)
Security Fixes in Yocto-6.0.1
avahi: Fix CVE-2026-34933
base-files: Ignore CVE-2018-6557
bind: Ignore CVE-2017-3139
busybox: fix CVE-2024-58251 and CVE-2026-29004
cargo: Ignore CVE-2023-40030
cve-extra-exclusions: Ignore CVE-2019-2708
ffmpeg: Ignore CVE-2022-2566, CVE-2025-9951, CVE-2025-59729 and CVE-2025-59730
git: Ignore CVE-2024-32002, CVE-2024-50349, CVE-2024-52006, CVE-2025-48385 and CVE-2025-48386
glibc: Fix CVE-2026-4046
gnutls: Ignore CVE-2026-1584
harfbuzz: Ignore CVE-2024-56732
inetutils: Fix CVE-2026-32772
libarchive: Ignore CVE-2026-4426 and CVE-2026-5745
libsoup: Fix CVE-2026-2708 and CVE-2026-5119
libsoup: Ignore CVE-2026-2369 and CVE-2026-2436
libssh2: Fix CVE-2026-7598
libva: Ignore CVE-2023-39929
ovmf: Ignore CVE-2024-38796, CVE-2024-38797, CVE-2024-38798, CVE-2024-38805, CVE-2025-2295, CVE-2025-2296 and CVE-2025-3770
p11-kit: Ignore CVE-2026-2100
python3-requests: Ignore CVE-2024-35195 and CVE-2024-47081
python3-setuptools: Ignore CVE-2024-6345
rsync: Ignore CVE-2024-12084
ruby: Ignore CVE-2025-0306
sed: Fix CVE-2026-5958
sudo: Fix CVE-2026-35535
tiff: Fix CVE-2026-4775
Fixes in Yocto-6.0.1
bitbake
README: Add “2.18” subject-prefix to git-send-email suggestion
b4-config: add send-prefixes for 2.18/wrynose
fetch/git: Fix leaking of temporary directory
fetch/git: Improve temporary directory handling
fetch/wget: in upstream version checks, match versioned directories exactly
fetch2/crate: use CDN endpoint for version checking if possible
fetch2/crate: use CDN for fetching crates
meta-yocto
poky.conf: Bump version for 6.0.1 release
openembedded-core
README: Add wrynose subject-prefix to git-send-email suggestion
apr-util: Add CVE_PRODUCT to support product name
apr: Add CVE_PRODUCT to support product name
b4-config: add send-prefixes for wrynose
bluez5: add patches to fix 8.56 cli & gatt issues
build-appliance-image: Update to wrynose head revisions
build-appliance-image: fix branches for wrynose revisions
cargo: set CVE_PRODUCT
ccache: upgrade to 4.13.3
classes/base: add explicit bzip2-native dependency for unpacking .bz2
coreutils: set CVE_PRODUCT
default-distrovars.inc: add missing spaces in append overrides
devtool: Disable gpg signing when setting up source tree repos
dhcpcd: upgrade to 10.3.1
efivar: Backport patch to fix -march issue for ppc64le
features-check.bbclass: add reference to required TUNE_FEATURES
glibc: Fix recipe bug that disabled stack protector
glibc: stable 2.43 branch updates
groff: upgrade to 1.24.1
gsettings-desktop-schemas: upgrade to 50.1
gtk4: upgrade to 4.22.2
gtk+3: upgrade to 3.24.52
hwdata: upgrade to 0.406
mirrors: remove inactive sources.openembedded.org URLs
oe-pkgdata-util: fix empty runtime-rprovides directory handling
oe-pkgdata-util: fix runtime-rprovides handling in lookup_pkg error path
package.py: fix kernel module file pre-filter and document strip asymmetry
perf: add PACKAGECONFIG for llvm
pseudo: Upgrade to 1.9.7
python3-requests: Increase chardet upper limit
python3-sbom-cve-check: Update to version 1.3.1
qemu: fix iotlb_to_section() for different AddressSpace
rust: fix codegen test failure on big-endian targets
sbom-cve-check-update-cvelist-native: Update source revision
sbom-cve-check-update-nvd-native: Update source revision
sbom-cve-check: set PV from upstream tags and ensure version checks are correct
scripts/makefile-getvar: quote MAKEFILE variable
sed: upgrade to 4.10
shadow-native: Change upstream status of disable_syslog.patch
shadow: set CVE_PRODUCT
sudo: set CVE_PRODUCT
tzdata/tzcode-native: upgrade to2026b
utils: Handle unexpanded variables in DISTRO_FEATURES
wireless-regdb: upgrade to 2026.03.18
yocto-docs
“Transitioning …” doc: Various pedantic cleanups
Quick Build guide: Various pedantic cleanups
What I Wish I’d KNown: Various pedantic cleanups
YP Quick Build: delete extraneous periods in list
YP Quick Build: use “set up” as a verb
conf.py: add a :yocto_bug: role
contributor-guide: fix type “maintainance” to “maintenance”
dev-manual: “–runonly” should be “–runall”
docs-wide: drop documentation for cve-check and variables
index.rst: update “Software Overview” to “Technical Overview”
migration-guide: add release notes for 4.0.35 5.3.4
migration-guide: migration-6.0: fix typos in cve-check removal
migration-guides/migration-6.0.rst: add migration notes on cve-check removal
migration-guides/migration-6.0.rst: document the CVE_PRODUCT behavior change
migration-guides/migration-6.0.rst: mention python3-roman-numerals-py rename
migration-guides/release-notes-6.0.rst: add contributors, CVE fixes, downloads, known issue, license, recipe version changes
migration-guides: fix https:// prefix missing in anonymous reference
migration-guides: migration-6.0: fix grammar and missing word
migration-guides: migration-6.0: reword meta-poky templates removal
migration-guides: release-notes-6.0: fix typo in documentation changes
overview-manual/concepts.rst: fix do_prepare_recipe_sysroot task description
overview-manual: fix “checkout” versus “check out”
ref-manual/system-requirements.rst: add CentOS 10 as a supported distro
ref-manual/variables.rst: document the SBOM_CVE_CHECK_SHOW_WARNINGS variable
ref-manual/variables: IMAGE_TYPES: add new wicenv type
ref-manual/variables: document the ‘dynamic layer’ concept
ref-manual: classes: add missing “task” after create_recipe_sbom
ref-manual: classes: fix https:// prefix missing in anonymous reference
ref-manual: fix “include to” grammar for UKI_DEVICETREE
ref-manual: fragments: fix style inconsistencies
ref-manual: replace “naive” with “simple”
ref-manual: variables: add hyphen to “space separated” and “auto generated”
security-manual/vulnerabilities.rst: refresh the document after cve-check removal
security-manual/vulnerabilities.rst: require Upstream-Status, not recommend
tools/build-docs-container: add CentOS 10 support
tools/build-docs-container: add missing leap 16.0 in help message
yp-intro.rst: add link to “buildbot”
yp-intro.rst: delete really old references
Known Issues in Yocto-6.0.1
N/A
Contributors to Yocto-6.0.1
Thanks to the following people who contributed to this release:
Alexander Kanavin
Andrew Geissler
Ankur Tyagi
Antonin Godard
Benjamin Robin (Schneider Electric)
Chen Qi
Daniel McGregor
Dawid Bijak
Dmitry Sakhonchik
Himanshu Jadon
Ivan Nestlerode
Jinwang Li
Johan Anderholm
João Marcos Costa
Lee Chee Yang
Leonardo Costa
Li Wang
Minwoo Choi
Moritz Haase
Paul Barker
Peter Marko
Peter Tatrai
Quan Sun
Quentin Schulz
Richard Purdie
Robert P. J. Day
Ross Burton
Sam Kent
Thomas Perrot
Vijay Anusuri
Wang Mingyu
Yoann Congal
Repositories / Downloads for Yocto-6.0.1
yocto-docs
Repository Location: https://git.yoctoproject.org/yocto-docs
Branch: wrynose
Tag: yocto-6.0.1
Git Revision: 7ac955621b36a221126cd40f12c41fa98c213a24
Release Artefact: yocto-docs-7ac955621b36a221126cd40f12c41fa98c213a24
sha: 32e25828d25662db5e92829ae6a471291e27d950b5c273458fae211a776e4131
Download Locations:
openembedded-core
Repository Location: https://git.openembedded.org/openembedded-core
Branch: wrynose
Tag: yocto-6.0.1
Git Revision: 06dd66e6220e5ce4ed4b9af4d8231ae5f0a8ce80
Release Artefact: oecore-06dd66e6220e5ce4ed4b9af4d8231ae5f0a8ce80
sha: 26de701c73d43ab8904bc57b162385901f9a1114807b3e28b665437d4ba23624
Download Locations:
meta-yocto
Repository Location: https://git.yoctoproject.org/meta-yocto
Branch: wrynose
Tag: yocto-6.0.1
Git Revision: 8251bdad5fda780a000fb41e6eda82eadf0fa39e
Release Artefact: meta-yocto-8251bdad5fda780a000fb41e6eda82eadf0fa39e
sha: ac9125ddd150febba0da9ae4fb7e222dde1d6e8f2ad3aaae1c0c2a4c1f738f36
Download Locations:
bitbake
Repository Location: https://git.openembedded.org/bitbake
Branch: 2.18
Tag: yocto-6.0.1
Git Revision: 22021758e66737bcf68dfd2b74adc6a0cb1d42d9
Release Artefact: bitbake-22021758e66737bcf68dfd2b74adc6a0cb1d42d9
sha: ce9c213f9b8c5fb677b0a64ac883386a4d578fdb66881dcc9f1cd8bc4e79e7f6
Download Locations: