This service is available only in Japanese-language.
昨年4月にリリースされたYocto3.1LTS(Dunfell)の7回目のポイントリリース、3.1.7 公開のアナウンスが
2021年4月21日付けでありました。
当初は3月29日版で構築、4月9日リリース予定でしたが、4月13日付のコミットを元にQAテストを実施
したものがリリースとなっています。
現時点では、4/13以降のレシピ変更点はコミットされていません。
次のポイントリリース3.1.8は 、2021/5/17 を予定しています。
ポイントリリースは、基本的にCVEに登録された脆弱性対応の
Security Fix 、 発見されたbugへの対処が主となります、
今回のポイントリリースでは cve-check 関連で、
・CVE_CHECK_REPORT_PATCHED
・CVE_CHECK_RECIPE_FILE
の2変数を使用するYocto3.2 で採用された機能追加がバックポート
されています。
本リリースの詳細は以下のURLでご確認ください。
(現時点では、www.yoctoproject.org内では更新日が誤記されています)
https://lists.yoctoproject.org/g/yocto-announce/message/216
---------------
Security Fixes
----------------
openssl: update to 1.1.1k to fix CVE-2021-3450 and CVE-2021-3449
git: fix CVE-2021-21300
connman: fix CVE-2021-26675, CVE-2021-26676
cve-check: CVE_VERSION_SUFFIX to work with patched release
cve-update-db-native: consider version suffix when update CVE db
wpa-supplicant: update CVE-2021-27803.patch
python3-jinja2: set CVE_PRODUCT
shadow: whitelist CVE-2013-4235
qemu: fix CVE-2021-20203
wpa-supplicant: fix CVE-2021-27803
librepo: fix CVE-2020-14352
libsdl2: fix CVE-2020-14409 CVE-2020-14410
wpa-supplicant: fix CVE-2021-0326
bind: fix CVE-2020-8625
screen: fix CVE-2021-26937
python3: fix CVE-2021-3177
u-boot: fix CVE-2020-8432 and CVE-2020-10648
cve-check: add CVE_CHECK_REPORT_PATCHED variable to suppress reporting of patched CVEs
cve-check: introduce CVE_CHECK_RECIPE_FILE variable to allow changing of per-recipe check file
----------------
Fixes
----------------
build-appliance-image: Update to dunfell head revision
poky.conf: Bump version for 3.1.7 release
documentation: prepare for 3.1.7 release
image,populate_sdk_base: move 'func' flag setting for sdk command vars
buildhistory: add missing vardepsexcludes
populate_sdk_ext: Avoid copying and producing .pyc files
libtool: make sure autoheader run before autoconf
bitbake.conf: correct description of HOSTTOOLS_DIR
documentation-audit.sh: Fix typo in specifying LICENSE_FLAGS_WHITELIST
run-postinsts: do not remove postinsts directory.
cryptodev-module: fix build failure with kernel v5.10
cryptodev-module: Backport a patch to fix build failure with kernel v5.8
linux-firmware: Fix packaging
linux-yocto/5.4: update to v5.4.107
bitbake: Force parser shutdown after catching an exception
linux-yocto/5.4: update to v5.4.105
selftest/wic: Fix dependency issue in rawcopy test
linux-dummy: add empty dependent packages
devshell.bbclass: Exceptions displayed within devpyshell
scripts/verify-bashisms: Update checkbashisms.pl URL
externalsrc: Detect code changes in submodules
cmake: Fully-qualified path to ar
initrdscripts: init-install-efi.sh install extra files for ESP
glibc: Pull latest 2.31 HEAD
iputils: fix various arping regressions
systemd-conf: do not ask for DHCP if configured on kernel command line
maintainers: update own email address
meta-selftest: Add HOMEPAGE / DESCRIPTION
bitbake-whatchanged: change ending quote to proper period
populate_sdk_ext: record METADATA_REVISION
devtool: Fix do_kernel_configme task
iso-codes: fix protocol in SRC_URI
Revert "sstatesig.py: show an error instead of warning when sstate manifest isn't found"
bitbake: runqueue: Add setscene task overlap sanity check
bitbake: runqueue: Fix task execution corruption issue
cups: use /run instead /var/run in systemd's unit file
insane: don't check for a warning string that is never output
build-appliance-image: Drop kernel module handling
ptest-packagelists: remove libinput-ptest
bitbake-bblayers/create: Fix incorrect priority help message
runqemu: use "raw" instead of "bin" for ovmf
dtc: Fix array-bounds error
rxvt-unicode: Do not use throw specifications
valgrind: Increase timeout duration 30 -> 90 s
oeqa/pam: Need shadow installed for the tests
wic: Warn if an ext filesystem affected by the Y2038 problem is used
selftest/reproducible: Add ability to pull some objects from sstate
efivar: Fix reproducibility issue
swig: Fix reproducibility issue
syslinux: Fix reproducibility issues
libid3tag: Fix reproducibility issue
meta/recipes-devtools: Add HOMEPAGE / DESCRIPTION
meta/recipes-graphics: Add HOMEPAGE / DESCRIPTION
meta/recipes-multimedia: Add HOMEPAGE / DESCRIPTION
meta/recipes-kernel: Add HOMEPAGE / DESCRIPTION
meta/recipes-support: Add HOMEPAGE / DESCRIPTION
meta/recipes-extended: Add HOMEPAGE / DESCRIPTION
meta-skeleton: Add HOMEPAGE / DESCRIPTION
meta/recipes-rt: Add HOMEPAGE / DESCRIPTION
recipes-support: Add missing HOMEPAGE and DESCRIPTION for recipes
recipes-sato: Add missing HOMEPAGE and DESCRIPTION for recipes
recipes-multimedia: Add missing HOMEPAGE and DESCRIPTION for recipes.
recipes-kernel: Add missing HOMEPAGE and DESCRIPTION for recipes.
recipes-graphics: Add missing HOMEPAGE and DESCRIPTION for recipes.
recipes-gnome: Add missing HOMEPAGE and DESCRIPTION for recipes
linux-yocto/5.4: update to v5.4.103
linux-yocto/5.4: update to v5.4.101
linux-yocto/5.4: update to v5.4.99
yocto-uninative.inc: version 3.0 incorporate seccomp filter workaround
yocto-uninative.inc: version 2.11 updates glibc to 2.33
linux-yocto: update genericx86* to v5.4.94
linux-yocto: update genericx86 to v5.4.87
linux-yocto: update genericx86* SRCREV for 5.4
local.conf.sample.extended: prefer INIT_MANAGER
local.conf.sample.extended: fix double 'of' typo
meta/recipes-core: Add HOMEPAGE / DESCRIPTION
meta/recipes-devtools: Add HOMEPAGE / DESCRIPTION
meta/recipes-connectivity: Add HOMEPAGE / DESCRIPTION
meta/recipes-bsp: Add HOMEPAGE / DESCRIPTION
cups: Fix reproducibility issues
asciidoc: Switch to using the main branch
package/package_rpm: Disable font_provides configuration for reproducibilty
reproducible: Improve SOURCE_DATE_EPOCH_FALLBACK handling
reproducible_builds: SOURCE_DATE_EPOCH should not be 0
report-error.bbclass: Add layer and bitbake version info to error report
libpcre: Drop old/stale patch
ca-certificates: Clean up two patches and submit upstream
libevdev: Update patch status to backport
maintainers: Update email address for Victor
bitbake.conf: Split PSEUDO_IGNORE_PATHS to be more readable
bitbake.conf/image: Move image specific PSEUDO_IGNORE_PATHS to image class
populate_sdk: Add directories to PSEUDO_IGNORE_PATHS
image: Add directories to PSEUDO_IGNORE_PATHS
sstatesig.py: show an error instead of warning when sstate manifest isn't found
linux-firmware: upgrade 20201218 -> 20210208
openssl: upgrade 1.1.1i -> 1.1.1j
bitbake: __init__.py: Fix bitbake debug log handling
selftest/reproducible: Don't call sync between each file compare
qemu: Backport patch to avoid assertion fails on icache line size
oeqa/commands: Fix compatibility with python 3.9
oe/recipeutils: Fix copying patches when BBLAYERS entries are not normalised
icu: backport fix for rare random genrb segmentation fault
wpebackend-fdo: Fix missing .so symlink when using dev package
package_rpm: Enable use_source_date_epoch_as_buildtime in package_rpm class
df.py: Add feature check for read-only-rootfs
weston-init: Fix weston-keyboard path in weston.ini
mtd-utils: Remove duplicate assignments to alternative link names
libomxil: Fix up commercial license flag
npm.bbclass: avoid building target nodejs for native npm recipes
groff: Fix determinism issue
xmlto: Fix reproducibility
xorg-minimal-fonts: Really fix determinism
xorg-fonts-minimal: Fix reproducibility
watchdog: Avoid reproducibility failures after fixing build
watchdog: Fix determinism issue from sendmail host path
vim: Fix a race over creation of the desktop files
vim: Improve determinism
cwautomacros: Ensure version is set deterministically
oeqa/runlevel : add test for runlevels
oeqa: reproducible: Add more logging
oeqa: reproducible: Fix SSTATE_MIRRORS variable
buildtools-extended-tarball: Add glibc-gconvs needed for build
quilt: Be determnistic about column presence
linux-yocto/5.4: update to v5.4.98
linux-yocto/5.4: update to v5.4.96
go: update to 1.14.15
sudo: 1.8.31 -> 1.8.32
cve-check.bbclass: add layer to cve log
pseudo: Update to include fixes for glibc 2.33
pseudo: Update for rename and faccessat fixes
pseudo: Update to work with glibc 2.33
poky.conf: Drop OELAYOUT_ABI poking