This service is available only in Japanese-language.
Yocto4.0.7 LTS(Kirkstone)リリース
2022年4月にリリースされたYocto4.0 LTS (Kirkstone)の7回目のポイントリリース4.0.7公開のアナウンスが2023年2月5日付けでありました。
当初予定では1月30日版で構築、2月10日にリリースとなっていましたが、1月26日版で構築、QA完了後の2月5日にリリースアナウンスがなりました。
今回のリリースでの主な変更点:
〇 CVEに登録された脆弱性への対応
〇 カーネルは 5.15.78から5.15.84 にアップグレード
現時点、Security Fixesにリストアップされていませんが、Yocto4.0.6でunpatchedとなっているPytho3のCVE-2022-45061は、Python3.10.9にアップグレードを行ったことでFixedにステータスが変更となっているため、現在migration-guildeの修正を提案中です。
本日の時点で、1月26日以降 次のポイントリリースに向けたコミットとして以下のCVEへの対応を含んだ複数のレシピのアップグレードが行われています。
ppp:backport fix for CVE-2022-4603
次のポイントリリース4.0.8 は 2023/2/27 版で構築、QA後の2023/3/10 のリリースを予定しています。
本リリースの詳細は以下のURLでご確認ください。
https://lists.yoctoproject.org/g/yocto-announce/message/268
----------------
Security Fixes
----------------
binutils: Fix CVE-2022-4285
curl: Fix CVE-2022-43551 CVE-2022-43552
ffmpeg: Fix CVE-2022-3109 CVE-2022-3341
go: Fix CVE-2022-41715 CVE-2022-41717
libX11: Fix CVE-2022-3554 CVE-2022-3555
libarchive: Fix CVE-2022-36227
libksba: Fix CVE-2022-47629
libpng: Fix CVE-2019-6129
libxml2: Fix CVE-2022-40303 CVE-2022-40304
openssl: Fix CVE-2022-3996
python3-git: Fix CVE-2022-24439
python3-setuptools: Fix CVE-2022-40897
python3-wheel: Fix CVE-2022-40898
qemu: Fix CVE-2022-4144
sqlite: Fix CVE-2022-46908
systemd: Fix CVE-2022-45873
vim: Fix CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0088
webkitgtk: Fix CVE-2022-32886 CVE-2022-32891 CVE-2022-32912
----------------
Fixes
----------------
Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test"
at: Change when files are copied
baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES
base.bbclass: Fix way to check ccache path
bc: extend to nativesdk
bind: upgrade to 9.18.10
busybox: always start do_compile with orig config files
busybox: rm temporary files if do_compile was interrupted
cairo: fix CVE patches assigned wrong CVE number
cairo: update patch for CVE-2019-6461 with upstream solution
classes/create-spdx: Add SPDX_PRETTY option
classes: image: Set empty weak default IMAGE_LINGUAS
combo-layer: add sync-revs command
combo-layer: dont use bb.utils.rename
combo-layer: remove unused import
curl: Correct LICENSE from MIT-open-group to curl
cve-check: write the cve manifest to IMGDEPLOYDIR
cve-update-db-native: avoid incomplete updates
cve-update-db-native: show IP on failure
dbus: Add missing CVE product name
devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree
devtool: process local files only for the main branch
dhcpcd: backport two patches to fix runtime error
docs: kernel-dev: faq: update tip on how to not include kernel in image
docs: migration-4.0: specify variable name change for kernel inclusion in image recipe
efibootmgr: update compilation with musl
externalsrc: fix lookup for .gitmodules
ffmpeg: refresh patches to apply cleanly
freetype:update mirror site.
gcc: Refactor linker patches and fix linker on arm with usrmerge
glibc: stable 2.35 branch updates.
go-crosssdk: avoid host contamination by GOCACHE
gstreamer1.0: Fix race conditions in gstbin tests
gstreamer1.0: upgrade to 1.20.5
gtk-icon-cache: Fix GTKIC_CMD if-else condition
harfbuzz: remove bindir only if it exists
kernel-fitimage: Adjust order of dtb/dtbo files
kernel-fitimage: Allow user to select dtb when multiple dtb exists
kernel.bbclass: remove empty module directories to prevent QA issues
lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
lib/oe/reproducible: Use git log without gpg signature
libarchive: upgrade to 3.6.2
libepoxy: remove upstreamed patch
libksba: upgrade to 1.6.3
libnewt: upgrade to 0.52.23
libpng: upgrade to 1.6.39
libseccomp: fix typo in DESCRIPTION
libxcrypt-compat: upgrade to 4.4.33
libxml2: fix test data checksums
linux-firmware: upgrade to 20221214
linux-yocto/5.10: update to v5.10.160
linux-yocto/5.15: fix perf build with clang
linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
linux-yocto/5.15: ltp and squashfs fixes
linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy
linux-yocto/5.15: update to v5.15.84
lsof: add update-alternatives logic
lttng-modules: upgrade to 2.13.8
manuals: add 4.0.5 and 4.0.6 release notes
manuals: document SPDX_PRETTY variable
mpfr: upgrade to 4.1.1
oeqa/concurrencytest: Add number of failures to summary output
oeqa/rpm.py: Increase timeout and add debug output
oeqa/selftest/externalsrc: add test for srctree_hash_files
openssh: remove RRECOMMENDS to rng-tools for sshd package
poky.conf: bump version for 4.0.7
python3: upgrade to 3.10.9
qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image
rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work
ruby: merge .inc into .bb
ruby: upgrade to 3.1.3
selftest/virgl: use pkg-config from the host
systemd: backport another change from v252 to fix build with CVE-2022-45873.patch
tiff: Add packageconfig knob for webp
toolchain-scripts: compatibility with unbound variable protection
tzdata: upgrade to 2022g
valgrind: skip the boost_thread test on arm
vim: upgrade to 9.0.1211
webkitgtk: upgrade to 2.36.8
xserver-xorg: upgrade to 21.1.6
xwayland: libxshmfence is needed when dri3 is enabled
xwayland: upgrade to 22.1.7
yocto-check-layer: Allow OE-Core to be tested