2021年4月にリリースされたYocto3.3(Hardknott)の5回目のポイントリリース3.3.5公開のアナウンスが
2022年3月4日付けでありました。
2022年2月20日付けでコミットされたものがQAを経てリリースとなっています。
当初予定では 2/25 公開予定でしたが、1W遅延でのリリースとなっています。

3.3 公開当初はリリース後7ヶ月経過した前回のポイントリリースで、STABLEとしてのサポートは終了する
予定でしたが、2022/3 までSTABLEの期間が延長となっており、ポイントリリース後のFixも継続して実施
されています。

今回のリリースでは、22のレシピに対して38のCVE対応の更新が含まれています。

なお、2/20 以降、
virglrenderer: fix CVE-2022-0135 and -0175
expat: fix CVE-2022-23990
のコミットが行われています。

次回　3.3.6 は Build 2022/03/28 Release 2022/04/08 となっています。

本リリースの詳細は以下のURLでご確認ください。
https://lists.yoctoproject.org/g/yocto-announce/message/239

----------------
Security Fixes
----------------
vim: update to include latest CVE fixes
expat: fix CVE-2022-23852
qemu: fix CVE-2021-20196
qemu: fix CVE-2021-3930
qemu: fix CVE-2021-3748
qemu: fix CVE-2021-3713
lighttpd: backport a fix for CVE-2022-22707
speex: fix CVE-2020-23903
expat: fix CVE-2021-46143
expat: fix CVE-2021-45960
expat fix CVE-2022-22822 through CVE-2022-22827
linux-yocto/5.10: amdgpu: updates for CVE-2021-42327
xserver-xorg: whitelist two CVEs
curl: Backport CVE fixes
libsndfile1: fix CVE-2021-4156
glibc: Backport fix for CVE-2021-43396
busybox: backport patches to fix CVEs
gcc: Fix CVE-2021-42574
grub2: fix CVE-2021-3981
webkitgtk: fix fix CVE-2021-42762
xserver-xorg: update CVE_PRODUCT
binutils: Fix CVE-2021-45078
xserver-xorg: fix CVE-2021-4011
xserver-xorg: fix CVE-2021-4010
xserver-xorg: fix CVE-2021-4009
xserver-xorg: fix CVE-2021-4008
binutils: CVE-2021-42574
gcc: Add CVE-2021-37322 to the list of CVEs to ignore
gmp: fix CVE-2021-43618
squashfs-tools: fix CVE-2021-41072
vim: fix CVE-2021-3927 and CVE-2021-3928
bind: fix CVE-2021-25219
vim: fix CVE-2021-3875
vim: fix CVE-2021-3872 and CVE-2021-3903
rpm: fix CVE-2021-3521
gcc: Fix CVE-2021-35465
inetutils: fix CVE-2021-40491
avahi: update CVE id fixed by local-ping.patch

----------------
Fixes
----------------
README.OE-Core.md: update URLs
arch-armv8-5a.inc: Add tune include for armv8.5a
armv9a/tune: Add the support for the Neoverse N2 core
binutils: upgrade binutils-2.36 to latest version
bitbake: bitbake: adjust parser error check for python 3.10 compatibility
bitbake: bitbake: correct deprecation warning in process.py
bitbake: bitbake: correct the collections vs collections.abc deprecation
bitbake: bitbake:toaster:test: Update SSTATE URL
bitbake: cooker: Fix task-depends.dot for multiconfig targets
bitbake: cooker: Handle parse threads disappearing to avoid hangs
bitbake: cooker: Handle parsing results queue race
bitbake: cooker: Remove debug code, oops :(
bitbake: cooker: check if upstream hash equivalence server is available
bitbake: fetch/wget: Add timeout for checkstatus calls (30s)
bitbake: fetch2/perforce: Fix typo
bitbake: fetch: Handle mirror user/password replacements correctly
bitbake: hashserv: let asyncio discover the running loop
bitbake: process: Do not mix stderr with stdout
bitbake: runqueue: Fix runall option handling
bitbake: runqueue: Fix runall option task deletion ordering issue
bitbake: tests/fetch: Drop gnu urls from wget connectivity test
bitbake: tests/fetch: Update github urls
bitbake: tests/fetch: Update pcre.org address after github changes
bitbake: utils: Handle lockfile filenames that are too long for filesystems
bitbake: utils: Update to use exec_module() instead of load_module()
build-appliance-image: Update to hardknott head revision
buildhistory: Fix srcrevs output
busybox: upgrade 1.33.1 -> 1.33.2
convert-srcuri.py: use regex to check space in SRC_URI
cross-canadian: correct the location of pkg-config files
cups: Fix missing installation of cups sysv init scripts
cve-check: add lockfile to task
cve-check: create directory of CVE_CHECK_MANIFEST before copy
cve-extra-exclusions: add db CVEs to exclusion list
default-distrovars.inc: Switch connectivity check to a yoctoproject.org page
documentation: conf.py: fix version of bitbake objects.inv
gcc: add aarch64 support for Arm's Neoverse N2 CPU
gcc: add support for Neoverse N2 CPU
gcc: upgrade to gcc-10.3 version
glibc: Fix i586/c3 support
glibc: upgrade glibc-2.33 to latest version
go: upgrade to 1.16.13
lib/oe/reproducible: correctly set .git location when recursively looking for git repos
libpcre/libpcre2: correct SRC_URI
libusb1: correct SRC_URI
linunistring: Add missing gperf-native dependency
linux-firmware: Add CLM blob to linux-firmware-bcm4373 package
linux-firmware: upgrade 20211027 -> 20211216
linux-yocto-rt/5.10: update to -rt56
linux-yocto/5.10/cfg: add kcov feature fragment
linux-yocto/5.10: update genericx86* machines to v5.10.82
linux-yocto/5.10: update to v5.10.99
linux-yocto/5.4: update genericx86* machines to v5.4.158
linux-yocto/5.4: update to v5.4.178
linux-yocto: add libmpc-native to DEPENDS
llvm: bump HASHEQUIV_HASH_VERSION
manuals: releases.rst: move gatesgarth to outdated releases section
meta/scripts: Manual git url branch additions
meta: add explicit branch and protocol to SRC_URI
mirrors: Add kernel.org sources mirror for downloads.yoctoproject.org
mirrors: Add uninative mirror on kernel.org
mklibs-native: drop deprecated cpp17 exceptions
oeqa/parselogs: Fix quoting
oeqa/selftest/bbtests: Use YP sources mirror instead of GNU
openssl: Add reproducibility fix
os-release: Add DISTRO_CODENAME as vardeps for do_compile
patch.py: Initialize git repo before patching
patchelf: fix PT_PHDR program header corruption
pigz: fix one failure of command "unpigz -l"
poky.conf: add debian11 to supported distros
poky.conf: add fedora 34 to supported distros
poky.conf: bump version for 3.3.5 release
populate_sdk_base: remove unneeded dirs such as /dev
pseudo: Add fcntl64 wrapper
pseudo: Add in ability to flush database with shutdown request
python3-pyelftools: Depend on debugger, pprint
python3-pyelftools: fix the override syntax
python3: upgrade to 3.9.9
recipetool: Fix circular reference in SRC_URI
recipetool: Set master branch only as fallback
recipetool: extend curl detection when creating recipes
recipetool: handle GitLab URLs like we do GitHub
ref-manual: fix patch documentation
rootfs-postcommands: update systemd_create_users
runqemu: check the qemu PID has been set before kill()ing it
runtime_test: skip virgl test on fedora 34
scripts/checklayer/common.py: Fixed a minor grammatical error
scripts/convert-srcuri: Backport SRC_URI conversion script from master branch
scripts/lib/wic/help.py: Update Fedora Kickstart URLs
scripts/oe-package-browser: Handle no packages being built
scripts/runqemu-ifdown: Don't treat the last iptables command as special
scripts: Update to use exec_module() instead of load_module()
sdk: fix search for dynamic loader
selftest/devtool: Check branch in git fetch
selftest: reproducible: Set maximum report size
selftest: skip virgl test on centos 8 entirely
selftest: skip virgl test on fedora 34 entirely
socat: update SRC_URI
sstate: A third fix for for touching files inside pseudo
sstate: Account for reserved characters when shortening sstate filenames
sstate: another fix for touching files inside pseudo
tune-cortexa72: Drop the redundant cortexa72-crc tune
tune-cortexa72: Enable the crc extension by default for cortexa72
tune-cortexa72: remove crypto for the default cortex-a72
uboot-sign: fix the concatenation when multiple U-BOOT configurations are specified
uninative: Add version to uninative tarball name
updates for recent releases
vim: upgrade to patch 4269
webkitgtk: Add reproducibility fix
wic: support rootdev identified by partition label
wic: use shutil.which
yocto-check-layer: add debug output for the layers that were found