2022年4月にリリースされたYocto4.0 LTS (Kirkstone)の5回目のポイントリリース4.0.5公開のアナウンスが2022年11月7日付けでありました。
当初予定より2日早く10月29日版で構築され、4日早い11月7日にリリースとなっています。

今回のリリースでの主な変更点：
　　〇 CVEに登録された脆弱性への対応
　　〇 カーネルは 5.10.149 及び 5.15.68 にアップグレード

本日の時点で、10月29日以降 次のポイントリリースに向けたコミットとして以下のCVEへの対応が行われています。
openssl:CVE-2022-3358,CVE-2022-3502,CVE-2022-3786
lighttpd:CVE-2022041556
tiff:CVE-2022-2953
expat:CVE-2022-43680
wayland:CVE-2021-3782

次のポイントリリース4.0.6 は 2022/12/12 版で構築、QA後の2022/12/23 のリリースを予定しています。

本リリースの詳細は以下のURLでご確認ください。
https://lists.yoctoproject.org/g/yocto-announce/message/260

----------------
Known Issues
----------------
There are recent CVEs in key components such as openssl. They are not included in this release as it was built before the issues were known and fixes were available but these are now available on the kirkstone branch.

----------------
Security Fixes
----------------
qemu: fix CVE-2021-3611 CVE-2021-3750 CVE-2022-2962
binutils : Fix CVE-2022-38126 CVE-2022-38127 CVE-2022-38128
tiff: Fix CVE-2022-2867 CVE-2022-2868 CVE-2022-2869
inetutils: fix CVE-2022-39028
go: fix CVE-2022-27664

----------------
Fixes
----------------
Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks"
bind: upgrade to 9.18.7
binutils: stable 2.38 branch updates (dc2474e7)
bitbake: Fix npm to use https rather than http
bitbake: asyncrpc/client: Fix unix domain socket chdir race issues
bitbake: bitbake: Add copyright headers where missing
bitbake: gitsm: Error out if submodule refers to parent repo
bitbake: runqueue: Drop deadlock breaking force fail
bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig
bitbake: runqueue: Improve deadlock warning messages
bitbake: siggen: Fix insufficent entropy in sigtask file names
bitbake: tests/fetch: Allow handling of a file:// url within a submodule
build-appliance-image: Update to kirkstone head revision (4a88ada)
busybox: add devmem 128-bit support
classes: files: Extend overlayfs-etc class
coreutils: add openssl PACKAGECONFIG
create-pull-request: don't switch the git remote protocol to git://
dev-manual: fix reference to BitBake user manual
expat: upgrade 2.4.8 -> 2.4.9
files: overlayfs-etc: refactor preinit template
gcc-cross-canadian: add default plugin linker
gcc: add arm-v9 support
git: upgrade 2.35.4 -> 2.35.5
glibc-locale: explicitly remove empty dirs in ${libdir}
glibc-tests: use += instead of :append
glibc: stable 2.35 branch updates.(8d125a1f)
go-native: switch from SRC_URI:append to SRC_URI +=
image_types_wic.bbclass: fix cross binutils dependency
kern-tools: allow 'y' or 'm' to avoid config audit warnings
kern-tools: fix queue processing in relative TOPDIR configurations
kernel-yocto: allow patch author date to be commit date
libpng: upgrade to 1.6.38
linux-firmware: package new Qualcomm firmware
linux-firmware: upgrade 20220708 -> 20220913
linux-libc-headers: switch from SRC_URI:append to SRC_URI +=
linux-yocto-dev: add qemuarm64
linux-yocto/5.10: update to v5.10.149
linux-yocto/5.15: cfg: fix ACPI warnings for -tiny
linux-yocto/5.15: update to v5.15.68
local.conf.sample: correct the location of public hashserv
ltp: Fix pread02 case trigger the glibc overflow detection
lttng-modules: Fix crash on powerpc64
lttng-tools: Disable on qemuriscv32
lttng-tools: Disable on riscv32
migration-guides: add 4.0.4 release notes
oeqa/runtime/dnf: fix typo
own-mirrors: add crate
perf: Fix for recent kernel upgrades
poky.conf: bump version for 4.0.5
poky.yaml.in: update version requirements
python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI +=
python3: upgrade 3.10.4 -> 3.10.7
qemu: Backport patches from upstream to support float128 on qemu-ppc64
rpm: Remove -Wimplicit-function-declaration warnings
rpm: update to 4.17.1
rsync: update to 3.2.5
stress-cpu: disable float128 math on powerpc64 to avoid SIGILL
tune-neoversen2: support tune-neoversen2 base on armv9a
tzdata: update to 2022d
u-boot: switch from append to += in SRC_URI
uninative: Upgrade to 3.7 to work with glibc 2.36
vim: Upgrade to 9.0.0598
webkitgtk: Update to 2.36.7