This service is available only in Japanese-language.

Yocto2.3.3リリース


2018年1月11日付けで、Yocto2.3.3(pyro)のリリースがアナウンスされています。
この時期のリリースですが、2017/12/14にコミットされたものがQAを経てのリリースとなっています。
“Meltdown”及び“Spectre”への対応は、今後の対応となります。

注意点ですが、Release Noteで記載されているupdate/Fixは、現時点のFixであり、2017/12/07の段階では
対応が行われていないものもあります。

詳細は以下のURLをご覧ください。
https://www.yoctoproject.org/downloads/core/pyro233

更新状況/セキュリティFix/Updates以下のとおりです。
---------------
Fixes
---------------
ovmf: Fix build with gcc7
portmaper: checkuri fails.
linux-firmware: Remove iwlwifi-8000C-19 SRC_URI
diffstat: use HTTP mirror for SRC_URI
liburi-perl: update SRC_URI to yoctoproject mirror
v86d: take tarball from debian
staging.bbclass: handle postinst-useradd-* fixmes
runqemu: Add workaround for APIC hang on pre 4.15 kernels on qemux86
cross.bbclass: Remove usage of host flags for cross-compilation
archiver: preserve sysroot paths in configured mode
archiver: avoid archiving source for glibc-locale
archiver.bbclass: adapt do_unpack_and_patch to RSS
archiver.bbclass: fix do_ar_original error for matchbox-desktop
archiver.bbclass: do not cause kernel rebuilds
archiver.bbclass: various fixes for original+diff mode
archiver.bbclass: enhance do_ar_recipe task signature
archiver: Escape recipe name in regex
classes: drop image dependencies on TOPDIR variable
image.bbclass: drop initramfs bundle related code
local.conf.sample: Weakly set BB_DISKMON_DIRS
documenation: Prepared docs for a 2.3.3 point release
build-appliance-image: Update to pyro head revision
poky: Update version to 2.3.3
cross-localedef-native: Include locale_t.h
glibc_2.25: fix building for x86 with -Os (or -fno-omit-frame-pointer)
weston: add patch to set pitch correctly for subsampled textures
lib/oe/terminal.py: use an absolute path to execute oe-gnome-terminal-phonehome
gcc: Use libssp_nonshared linker specs only for ppc/musl
dpkg: Add missing RDEPENDS for dpkg-perl
dpkg: Fix perl modules by moving them to the versioned perl directory
cpan-base.bbclass: Move PERLVERSION and get_perl_version to a new file
populate_sdk_ext: Use prebuilt uninative tarball
bitbake: toaster: allow dots in user path names
bitbake: toaster: reserve HEAD from imported layers
valgrind: enable on mips soft-float
oeqa/sdk: Replace buildiptables for buildlzip tests
oeqa/runtime: Replace buildiptables for buildlzip on runtime tests
image_types.bbclass: Make u-boot signed images more versatile
openssh: Fix key generation with systemd
json-c: backport patch to fix gcc7 compilation
useradd-staticids: don't create username-group if gid is specified
curl: enable threaded resolver
kernel-fitimage: support MIPS (compressed)
kernel-uboot: support compressed kernel on MIPS
kernel-uimage: optimise UBOOT_ENTRYSYMBOL support
kernel-fitimage: unbreak UBOOT_ENTRYSYMBOL support
kernel-fitimage: sanitize dtb section name (unbreak MIPS)
kernel-uimage.bbclass: Fix up generation of uImage from vmlinux
ca-certificates: Fix postinst dependency issues
debianutils: Add a native version (for run-parts)
copyleft_filter.bbclass: restore possiblity to filter on type
selftest/archiver: only execute deploy_archives task
selftest/archiver: add tests for recipe type filtering
openssh: allow to override OpenSSL HostKeys when read-only-rootfs
busybox: add backported patch to support iproute 'scope'
busybox: fix a linking issue
gdb: fix gdbserver not working in musl/mips context
oe-pkgdata-util: package-info: Allow extra variables to be displayed
binutils: apply mingw fix only for binutils-cross-canadian
oe-build-perf-report: use correct x-axis max value in html charts
oe-build-perf-report: allow slashes in {branch} field in tag names
oe-build-perf-report: accept parenthesis in tag names
oeqa/selftest/recipetool: use stable tarball for recipetool create test
wic: accept '-' in bitbake variables
useradd: don't override pseudo environment
bitbake: tests/fetch: handle network failures gracefully
bitbake: bitbake: Fix return value checks from subprocess.call()'s
bitbake: Replace deprecated git branch parameter "--set-upstream"
goarch.bbclass: Replace logic for setting GOARM
wpa_supplicant: fix WPA2 key replay security bug
bitbake: toaster/highlight.pack.js: Fix corrupted file
bitbake: toaster: Remove prettify
image.bbclass: Sorted ctypes to avoid basehash error
bitbake: cooker: add BB_CMDLINE to enable access to UI command line with memres
linux-yocto/4.1: generix86* bsp fix perf issue with gcc >=7
linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.1
meta-yocto-bsp: bump 4.1 to latest linux stable kernel for the non-x86 BSPs
linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.9
linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.10
linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.4
linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.1
gcc-6.3.inc: Use ucontext_t not struct ucontext.
libproxy: use stable download URL
linux-yocto/4.9: update to v4.9.49
linux-yocto/4.4: update to v4.4.87
(PRE)MIRRORS: fix pattern for npm:// without slash
waffle: fix REQUIRED_DISTRO_FEATURES and PACKAGECONFIG virtual/libgl dependencies
rootfs-postcommands: add test for unsatisfied RRECOMMENDS
rootfs-postcommands: remove empty line
rootfs-postcommands.bbclass: Filter out dangling symlinks in ssh_allow_empty_password()
alsa-utils: Do not hardcode path to /lib/udev
package_rpm.bbclass: disable generation of .build-id links
package_rpm.bbclass: use multithreaded xz compression
rpm: allow arch-dependent binaries in noarch packages
bitbake: cooker.py: Fix layer priority processing
bitbake: toaster: recipe links broken for default layers
bitbake: toaster: edit column list not sorted
bitbake: toaster: set default pokydirname if no external layers
bitbake: toaster: debug message for lists layers missing separators
bitbake: toaster: Order column in Tasks selectable
bitbake: toaster: display error when the fstype select is empty
bitbake: cooker: ensure monkey-patching in collect_bbfiles() gets undone on error
bitbake: cooker: fix watching empty directories
bitbake: cooker: Track directories searched for bbappend/bb files
bitbake.conf: add bzr to HOSTTOOLS_NONFATAL
glibc-locale: add runtime dependency on glibc

---------------
Security Fixes
---------------
bluez5: fix out-of-bounds access in SDP server (CVE-2017-1000250)
binutls: Security fixes for CVE-2017-9955, CVE-2017-9954, CVE-2017-9756, CVE-2017-9755, CVE-2017-9753, CVE-2017-9752, CVE-2017-9751, CVE-2017-9750, CVE-2017-9749, CVE-2017-9748, CVE-2017-9747, CVE-2017-9746, CVE-2017-9745, CVE-2017-9744, CVE-2017-9742, CVE-2017-9040, CVE-2017-9042, CVE-2017-9039, CVE-2017-9038, CVE-2017-9044, CVE-2017-8421, CVE-2017-8398, CVE-2017-8396, CVE-2017-8397, CVE-2017-8395, CVE-2017-8394, CVE-2017-8393, CVE-2017-7614, CVE-2017-7223
ruby: Security fix for CVE-2017-14064
curl: Security fixes for CVE-2017-1000101 and CVE-2017-1000100
tiff: Security fixed for CVE-2017-7593, CVE-2017-7602, CVE-2017-7601, CVE-2017-7598, CVE-2017-7596, CVE-2017-7595, CVE-2017-7594, CVE-2017-7592, CVE-2016-10270, CVE-2016-10269, CVE-2016-10267, CVE-2016-10266, CVE-2016-10268, CVE-2016-10093, CVE-2016-10271
linuux-yocto/4.1: update to 4.1.43 plus bluetooth CVE-2017-1000251
linux-yocto/4.9: bluetooth: CVE-2017-1000251
linux-yocto/4.4: bluetooth: CVE-2017-1000251
linux-yocto/4.10: bluetooth: CVE-2017-1000251