This service is available only in Japanese-language.

Yocto4.0.9 LTS(Kirkstone)リリース


2022年4月にリリースされたYocto4.0 LTS (Kirkstone)の9回目のポイントリリース4.0.9公開のアナウンスが2023年4月22日付けでありました。
当初予定より1日遅れの4月11日版で構築、QA後の4月22日にリリースアナウンスとなりました。

今回のリリースでの主な変更点:
  〇 CVEに登録された脆弱性への対応
  〇 カーネルは 5.10.160/5.15.91から5.10.175/5.15.103 にアップグレード
  〇 bitbake/devtool といったツールの不具合対策
  〇 いくつかのレシピのアップデート

  リリースアナウンスの時点で、4月11日以降 次のポイントリリースに向けて既に複数の脆弱性対策を含んだコミットが行われています。
  ・binutils : CVE-20230-1579
  ・curl: CVE-2023-27533 CVE-2023-27534
  ・tiff: CVE-2022-4645
  ・go; CVE-2022-41724 CVE-2022-41725

次のポイントリリース4.0.10 は 2023/5/15 版で構築、QA後の2023/5/26 のリリースを予定しています。

本リリースの詳細は以下のURLでご確認ください。
https://lists.yoctoproject.org/g/yocto-announce/message/274

※上記アナウンスでは、opensslのcve-2022-2879 が Security Fixesに含まれていますが、Yocto4.0.7に先行してバックポートパッチが適応され、既に対応されていたため、下記のFixeedでは除外してあります。

---------------
Known Issues
---------------
N/A

---------------
Security Fixes
---------------
binutils: Fix CVE-2023-22608
curl: Fix CVE-2023-23914 CVE-2023-23915 CVE-2023-23916
epiphany: Fix CVE-2023-26081
git: Ignore CVE-2023-22743
glibc: Fix CVE-2023-0687
gnutls: Fix CVE-2023-0361
go: Fix CVE-2022-2879 CVE-2022-41720 CVE-2022-41723
harfbuzz: Fix CVE-2023-25193
less: Fix CVE-2022-46663
libmicrohttpd: Fix CVE-2023-27371
libsdl2: Fix CVE-2022-4743
openssl: Fix CVE-2023-0464 CVE-2023-0465 CVE-2023-0466
pkgconf: Fix CVE-2023-24056
python3: Fix CVE-2023-24329
shadow: Ignore CVE-2016-15024
systemd: Fix CVE-2022-4415
tiff: Fix CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804
vim: Fix CVE-2023-0433 CVE-2023-0512 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 CVE-2023-1264 CVE-2023-1355
xserver-xorg: Fix CVE-2023-0494
xwayland: Fix CVE-2023-0494

---------------
Fixes
---------------
base-files: Drop localhost.localdomain from hosts file
binutils: Fix nativesdk ld.so search
bitbake: cookerdata: Drop dubious exception handling code
bitbake: cookerdata: Improve early exception handling
bitbake: cookerdata: Remove incorrect SystemExit usage
bitbake: fetch/git: Fix local clone url to make it work with repo
bitbake: utils: Allow to_boolean to support int values
bmap-tools: switch to main branch
buildtools-tarball: Handle spaces within user $PATH
busybox: Fix depmod patch
cracklib: update github branch to 'main'
cups: add/fix web interface packaging
cups: check PACKAGECONFIG for pam feature
cups: use BUILDROOT instead of DESTDIR
curl: fix dependencies when building with ldap/ldaps
cve-check: Fix false negative version issue
dbus: upgrade to 1.14.6
devtool/upgrade: do not delete the workspace/recipes directory
dhcpcd: Fix install conflict when enable multilib.
dhcpcd: fix dhcpcd start failure on qemuppc64
gcc-shared-source: do not use ${S}/.. in deploy_source_date_epoch
glibc: Add missing binutils dependency
image_types: fix multiubi var init
iso-codes: upgrade to 4.13.0
json-c: Add ptest for json-c
kernel-yocto: fix kernel-meta data detection
lib/buildstats: handle tasks that never finished
lib/resulttool: fix typo breaking resulttool log --ptest
libjpeg-turbo: upgrade to 2.1.5.1
libmicrohttpd: upgrade to 0.9.76
libseccomp: fix for the ptest result format
libssh2: Clean up ptest patch/coverage
linux-firmware: add yamato fw files to qcom-adreno-a2xx package
linux-firmware: properly set license for all Qualcomm firmware
linux-firmware: upgrade to 20230210
linux-yocto-rt/5.15: update to -rt59
linux-yocto/5.10: upgrade to v5.10.175
linux-yocto/5.15: upgrade to v5.15.103
linux: inherit pkgconfig in kernel.bbclass
lttng-modules: fix for kernel 6.2+
lttng-modules: upgrade to v2.13.9
lua: Fix install conflict when enable multilib.
mdadm: Fix raid0, 06wrmostly and 02lineargrow tests
meson: Fix wrapper handling of implicit setup command
migration-guides: add 4.0.8 release notes
nghttp2: never build python bindings
oeqa rtc.py: skip if read-only-rootfs
oeqa ssh.py: fix hangs in run()
oeqa/sdk: Improve Meson test
oeqa/selftest/prservice: Improve debug output for failure
oeqa/selftest/resulttooltests: fix minor typo
openssl: upgrade to 3.0.8
package.bbclase: Add check for /build in copydebugsources()
patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak
poky.conf: bump version for 4.0.9
populate_sdk_ext: Handle spaces within user $PATH
pybootchartui: Fix python syntax issue
python3-git: fix indent error
python3-setuptools-rust-native: Add direct dependency of native python3 modules
qemu: Revert "fix CVE-2021-3507" as not applicable for qemu 6.2
rsync: Add missing prototypes to function declarations
rsync: Turn on -pedantic-errors at the end of 'configure'
runqemu: kill qemu if it hangs
scripts/lib/buildstats: handle top-level build_stats not being complete
selftest/recipetool: Stop test corrupting tinfoil class
selftest/runtime_test/virgl: Disable for all Rocky Linux
selftest: devtool: set BB_HASHSERVE_UPSTREAM when setting SSTATE_MIRROR
sstatesig: Improve output hash calculation
staging/multilib: Fix manifest corruption
staging: Separate out different multiconfig manifests
sudo: update 1.9.12p2 -> 1.9.13p3
systemd.bbclass: Add /usr/lib/systemd to searchpaths as well
systemd: add group sgx to udev package
systemd: fix wrong nobody-group assignment
timezone: use 'tz' subdir instead of ${WORKDIR} directly
toolchain-scripts: Handle spaces within user $PATH
tzcode-native: fix build with gcc-13 on host
tzdata: use separate B instead of WORKDIR for zic output
uninative: upgrade to 3.9 to include libgcc and glibc 2.37
vala: Fix install conflict when enable multilib.
vim: add missing pkgconfig inherit
vim: set modified-by to the recipe MAINTAINER
vim: upgrade to 9.0.1429
wic: Fix usage of fstype=none in wic
wireless-regdb: upgrade to 2023.02.13
xserver-xorg: upgrade to 21.1.7
xwayland: upgrade to 22.1.8