This service is available only in Japanese-language.

Yocto4.0.6 LTS(Kirkstone)リリース


2022年4月にリリースされたYocto4.0 LTS (Kirkstone)の6回目のポイントリリース4.0.6公開のアナウンスが2022年12月29日付けでありました。
当初予定では12月12日版で構築、12月23日にリリースとなっていましたが、12月13日版で構築、QAは12月20日時点で完了していましたがクリスマス休暇の関係で一週間遅れてのリリースアナウンスとなりました。
今回のリリースでの主な変更点:
  〇 CVEに登録された脆弱性への対応
  〇 カーネルは 5.15.78 にアップグレード

※アナウンス時のリリースノートでは、vim:のアップグレードに伴うCVEのFIXに関して記載漏れがありましたが、migration-guidesでは今後修正が行われる予定です。
  https://lists.yoctoproject.org/g/docs/message/3567

本日の時点で、12月12日以降 次のポイントリリースに向けたコミットとして以下のCVEへの対応を含んだ複数のレシピのアップグレードが行われています。
python3: CVE-2022-45061
libxml2: CVE-2022-40303 CVE-2022-40304
golang: CVE-2022-41715

次のポイントリリース4.0.77 は 2023/1/30 版で構築、QA後の2023/2/10 のリリースを予定しています。

本リリースの詳細は以下のURLでご確認ください。
https://lists.yoctoproject.org/g/yocto-announce/message/264

----------------
Known Issues
----------------
N/A

----------------
Security Fixes
----------------
bash: Fix CVE-2022-3715
curl: Fix CVE-2022-32221 CVE-2022-42915 CVE-2022-42916
dbus: Fix CVE-2022-42010 CVE-2022-42011 CVE-2022-42012
dropbear: fix CVE-2021-36369
ffmpeg: Fix CVE-2022-3964 CVE-2022-3965
go: Fix CVE-2022-2880
grub2: Fix CVE-2022-2601 CVE-2022-3775 CVE-2022-28736
libarchive: Fix CVE-2022-36227
libpam: Fix CVE-2022-28321
libsndfile1: Fix CVE-2021-4156
lighttpd: Fix CVE-2022-41556
openssl: Fix CVE-2022-3358
pixman: Fix CVE-2022-44638
python3-mako: Fix CVE-2022-40023
python3: Fix CVE-2022-42919
qemu: Fix CVE-2022-3165
sysstat: Fix CVE-2022-39377
systemd: Fix CVE-2022-3821
tiff: Fix CVE-2022-2953 CVE-2022-3599 CVE-2022-3597 CVE-2022-3626 CVE-2022-3627 CVE-2022-3570 CVE-2022-3598 CVE-2022-3970
vim: Fix :CVE-2022-3352 CVE-2022-3705 CVE-2022-4141
wayland: fix CVE-2021-3782
xserver-xorg: Fix CVE-2022-3550 CVE-2022-3551

----------------
Fixes
----------------
archiver: avoid using machine variable as it breaks multiconfig
babeltrace: upgrade to 1.5.11
bind: upgrade to 9.18.8
bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK
bitbake: gitsm: Fix regression in gitsm submodule path parsing
bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse
bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware
bluez5: add dbus to RDEPENDS
build-appliance-image: Update to kirkstone head revision
buildtools-tarball: export certificates to python and curl
cargo_common.bbclass: Fix typos
classes: make TOOLCHAIN more permissive for kernel
cmake-native: Fix host tool contamination (Bug: 14951)
common-tasks.rst: fix oeqa runtime test path
create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
create-spdx: Remove ";name=..." for downloadLocation
create-spdx: default share_src for shared sources
cve-update-db-native: add timeout to urlopen() calls
dbus: upgrade to 1.14.4
dhcpcd: fix to work with systemd
expat: upgrade to 2.5.0
externalsrc.bbclass: Remove a trailing slash from ${B}
externalsrc.bbclass: fix git repo detection
externalsrc: git submodule--helper list unsupported
gcc-shared-source: Fix source date epoch handling
gcc-source: Drop gengtype manipulation
gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change
gcc-source: Fix gengtypes race
gdk-pixbuf: upgrade to 2.42.10
get_module_deps3.py: Check attribute '__file__'
glib-2.0: fix rare GFileInfo test case failure
glibc-locale: Do not INHIBIT_DEFAULT_DEPS
gnomebase.bbclass: return the whole version for tarball directory if it is a number
gnutls: Unified package names to lower-case
groff: submit patches upstream
gstreamer1.0-libav: fix errors with ffmpeg 5.x
gstreamer1.0: upgrade to 1.20.4
ifupdown: upgrade to 0.8.39
insane.bbclass: Allow hashlib version that only accepts on parameter
iso-codes: upgrade to 4.12.0
kea: submit patch upstream (fix-multilib-conflict.patch)
kern-tools: fix relative path processing
kern-tools: integrate ZFS speedup patch
kernel-yocto: improve fatal error messages of symbol_why.py
kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR
kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all
libcap: upgrade to 2.66
libepoxy: convert to git
libepoxy: update to 1.5.10
libffi: submit patch upstream (0001-arm-sysv-reverted-clang-VFP-mitigation.patch )
libffi: upgrade to 3.4.4
libical: upgrade to 3.0.16
libksba: upgrade to 1.6.2
libuv: fixup SRC_URI
libxcrypt: upgrade to 4.4.30
lighttpd: upgrade to 1.4.67
linux-firmware: add new fw file to ${PN}-qcom-adreno-a530
linux-firmware: don't put the firmware into the sysroot
linux-firmware: package amdgpu firmware
linux-firmware: split rtl8761 firmware
linux-firmware: upgrade to 20221109
linux-yocto/5.10: update genericx86* machines to v5.10.149
linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings
linux-yocto/5.15: update genericx86* machines to v5.15.72
linux-yocto/5.15: update to v5.15.78
ltp: backport clock_gettime04 fix from upstream
lttng-modules: upgrade to 2.13.7
lttng-tools: Upgrade to 2.13.8
lttng-tools: submit determinism.patch upstream
lttng-ust: upgrade to 2.13.5
meson: make wrapper options sub-command specific
meta-selftest/staticids: add render group for systemd
mirrors.bbclass: update CPAN_MIRROR
mirrors.bbclass: use shallow tarball for binutils-native
mobile-broadband-provider-info: upgrade 20220725 -> 20221107
mtd-utils: upgrade 2.1.4 -> 2.1.5
numactl: upgrade to 2.0.16
oe/packagemanager/rpm: don't leak file objects
oeqa/selftest/lic_checksum: Cleanup changes to emptytest include
oeqa/selftest/minidebuginfo: Create selftest for minidebuginfo
oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file()
openssl: Fix SSL_CERT_FILE to match ca-certs location
openssl: upgrade to 3.0.7
openssl: export necessary env vars in SDK
opkg-utils: use a git clone, not a dynamic snapshot
opkg: Set correct info_dir and status_file in opkg.conf
overlayfs: Allow not used mount points
ovmf: correct patches status
package: Fix handling of minidebuginfo with newer binutils
perf: Depend on native setuptools3
poky.conf: bump version for 4.0.6
psplash: add psplash-default in rdepends
psplash: consider the situation of psplash not exist for systemd
python3: advance to version 3.10.8
qemu-helper-native: Correctly pass program name as argv[0]
qemu-helper-native: Re-write bridge helper as C program
qemu-native: Add PACKAGECONFIG option for jack
qemu: add io_uring PACKAGECONFIG
quilt: backport a patch to address grep 3.8 failures
resolvconf: make it work
rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
runqemu: Do not perturb script environment
runqemu: Fix gl-es argument from causing other arguments to be ignored
sanity: Drop data finalize call
sanity: check for GNU tar specifically
scripts/oe-check-sstate: cleanup
scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot
scripts: convert-overrides: Allow command-line customizations
socat: upgrade to 1.7.4.4
SPDX and CVE documentation updates
sstate: Allow optimisation of do_deploy_archives task dependencies
sstatesig: emit more helpful error message when not finding sstate manifest
sstatesig: skip the rm_work task signature
sudo: upgrade to 1.9.12p1
systemd: Consider PACKAGECONFIG in RRECOMMENDS
systemd: add group render to udev package
tcl: correct patch status
tiff: refresh with devtool
tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch
u-boot: Remove duplicate inherit of cml1
uboot-sign: Fix using wrong KEY_REQ_ARGS
vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that
valgrind: remove most hidden tests for arm64
vim: Upgrade to 9.0.0947
vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack
wic: honor the SOURCE_DATE_EPOCH in case of updated fstab
wic: make ext2/3/4 images reproducible
wic: swap partitions are not added to fstab
wpebackend-fdo: upgrade to 1.14.0
xserver-xorg: move some recommended dependencies in required
xwayland: upgrade to 22.1.5