From patchwork Wed Feb 8 15:17:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Opdenacker X-Patchwork-Id: 19219 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D85DC636CC for ; Wed, 8 Feb 2023 15:18:05 +0000 (UTC) Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by mx.groups.io with SMTP id smtpd.web10.327.1675869480491677445 for ; Wed, 08 Feb 2023 07:18:00 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=gm1 header.b=Y+XeLvX/; spf=pass (domain: bootlin.com, ip: 217.70.183.201, mailfrom: michael.opdenacker@bootlin.com) Received: (Authenticated sender: michael.opdenacker@bootlin.com) by mail.gandi.net (Postfix) with ESMTPSA id 8A3961BF206; Wed, 8 Feb 2023 15:17:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=gm1; t=1675869478; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CoQ8scUpNwg2LbF3f/xg3Ntsw2XAwF84ILR8Ow6iYi0=; b=Y+XeLvX/JSmaY8QvdmfVN+u9bdKtRE4goAl5MnlYVBlS4tgYk2circ1vizAZXPr+Akweez j5KwEHQQ+zOYnltXUjPrSHo+GI+TTyFPQfmemh1qnezvt9GxKBeeXljW6x8/3RtzcSiQLR A6AeeH4PpBZ7NBieBFVlZ0mQihfCo0UXy6gBMF0GpPnnYhNrxqU/shCxd7+TO27qP05Ilv j2cIRtG2KEJcFVXQfcImm9fgIjq/l3+MWJol10CbtNih5tHxYymvVdxzlkA0mpwzO4+fuW dTW1w7hDpO3zxpu+AnGV1piRgyfKQ/YwQ5HVYCgjs23AIH1Zbnlsc3DBc8PiUg== From: michael.opdenacker@bootlin.com To: docs@lists.yoctoproject.org Cc: Michael Opdenacker , Lee Chee Yang , Takayasu Ito Subject: [PATCH v3] migration-guides: add release-notes for 4.0.7 Date: Wed, 8 Feb 2023 16:17:54 +0100 Message-Id: <20230208151754.93494-1-michael.opdenacker@bootlin.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <1741DEE3ED944C18.20031@lists.yoctoproject.org> References: <1741DEE3ED944C18.20031@lists.yoctoproject.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 08 Feb 2023 15:18:05 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/3648 From: Michael Opdenacker From: Lee Chee Yang Signed-off-by: Lee Chee Yang Signed-off-by: Michael Opdenacker Suggested-by: Takayasu Ito --- Changes in V3: - Fix "underline too short" warnings - Fix broken links in CVEs, not existing in the NIST dababase because of a "RESERVED" state. Replaced by other links: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32891 - Also added: - python3: Fix :cve:`2022-45061` Reported by Takayasu Ito Changes in V2: - V2 was sent by mistake with no changes --- .../migration-guides/release-4.0.rst | 1 + .../migration-guides/release-notes-4.0.7.rst | 242 ++++++++++++++++++ 2 files changed, 243 insertions(+) create mode 100644 documentation/migration-guides/release-notes-4.0.7.rst diff --git a/documentation/migration-guides/release-4.0.rst b/documentation/migration-guides/release-4.0.rst index 8ca8498838..87ba768a22 100644 --- a/documentation/migration-guides/release-4.0.rst +++ b/documentation/migration-guides/release-4.0.rst @@ -13,3 +13,4 @@ Release 4.0 (kirkstone) release-notes-4.0.4 release-notes-4.0.5 release-notes-4.0.6 + release-notes-4.0.7 diff --git a/documentation/migration-guides/release-notes-4.0.7.rst b/documentation/migration-guides/release-notes-4.0.7.rst new file mode 100644 index 0000000000..9e8ad51a0c --- /dev/null +++ b/documentation/migration-guides/release-notes-4.0.7.rst @@ -0,0 +1,242 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.0.7 (Kirkstone) +----------------------------------------- + +Security Fixes in Yocto-4.0.7 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- binutils: Fix :cve:`2022-4285` +- curl: Fix :cve:`2022-43551` and `CVE-2022-43552 `__ +- ffmpeg: Fix :cve:`2022-3109` and :cve:`2022-3341` +- go: Fix :cve:`2022-41715` and :cve:`2022-41717` +- libX11: Fix :cve:`2022-3554` and :cve:`2022-3555` +- libarchive: Fix :cve:`2022-36227` +- libksba: Fix :cve:`2022-47629` +- libpng: Fix :cve:`2019-6129` +- libxml2: Fix :cve:`2022-40303` and :cve:`2022-40304` +- openssl: Fix :cve:`2022-3996` +- python3: Fix :cve:`2022-45061` +- python3-git: Fix :cve:`2022-24439` +- python3-setuptools: Fix :cve:`2022-40897` +- python3-wheel: Fix :cve:`2022-40898` +- qemu: Fix :cve:`2022-4144` +- sqlite: Fix :cve:`2022-46908` +- systemd: Fix :cve:`2022-45873` +- vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054` and :cve:`2023-0088` +- webkitgtk: Fix :cve:`2022-32886`, `CVE-2022-32891 `__ and :cve:`2022-32912` + + +Fixes in Yocto-4.0.7 +~~~~~~~~~~~~~~~~~~~~ + +- Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test" +- at: Change when files are copied +- baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES +- base.bbclass: Fix way to check ccache path +- bc: extend to nativesdk +- bind: upgrade to 9.18.10 +- busybox: always start do_compile with orig config files +- busybox: rm temporary files if do_compile was interrupted +- cairo: fix CVE patches assigned wrong CVE number +- cairo: update patch for :cve:`2019-6461` with upstream solution +- classes/create-spdx: Add SPDX_PRETTY option +- classes: image: Set empty weak default IMAGE_LINGUAS +- combo-layer: add sync-revs command +- combo-layer: dont use bb.utils.rename +- combo-layer: remove unused import +- curl: Correct LICENSE from MIT-open-group to curl +- cve-check: write the cve manifest to IMGDEPLOYDIR +- cve-update-db-native: avoid incomplete updates +- cve-update-db-native: show IP on failure +- dbus: Add missing CVE product name +- devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree +- devtool: process local files only for the main branch +- dhcpcd: backport two patches to fix runtime error +- docs: kernel-dev: faq: update tip on how to not include kernel in image +- docs: migration-4.0: specify variable name change for kernel inclusion in image recipe +- efibootmgr: update compilation with musl +- externalsrc: fix lookup for .gitmodules +- ffmpeg: refresh patches to apply cleanly +- freetype:update mirror site. +- gcc: Refactor linker patches and fix linker on arm with usrmerge +- glibc: stable 2.35 branch updates. +- go-crosssdk: avoid host contamination by GOCACHE +- gstreamer1.0: Fix race conditions in gstbin tests +- gstreamer1.0: upgrade to 1.20.5 +- gtk-icon-cache: Fix GTKIC_CMD if-else condition +- harfbuzz: remove bindir only if it exists +- kernel-fitimage: Adjust order of dtb/dtbo files +- kernel-fitimage: Allow user to select dtb when multiple dtb exists +- kernel.bbclass: remove empty module directories to prevent QA issues +- lib/buildstats: fix parsing of trees with reduced_proc_pressure directories +- lib/oe/reproducible: Use git log without gpg signature +- libepoxy: remove upstreamed patch +- libnewt: update 0.52.21 -> 0.52.23 +- libseccomp: fix typo in DESCRIPTION +- libxcrypt-compat: upgrade 4.4.30 -> 4.4.33 +- libxml2: fix test data checksums +- linux-firmware: upgrade 20221109 -> 20221214 +- linux-yocto/5.10: update to v5.10.152 +- linux-yocto/5.10: update to v5.10.154 +- linux-yocto/5.10: update to v5.10.160 +- linux-yocto/5.15: fix perf build with clang +- linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off +- linux-yocto/5.15: ltp and squashfs fixes +- linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy +- linux-yocto/5.15: update to v5.15.84 +- lsof: add update-alternatives logic +- lttng-modules: update 2.13.7 -> 2.13.8 +- manuals: add 4.0.5 and 4.0.6 release notes +- manuals: document SPDX_PRETTY variable +- mpfr: upgrade 4.1.0 -> 4.1.1 +- oeqa/concurrencytest: Add number of failures to summary output +- oeqa/rpm.py: Increase timeout and add debug output +- oeqa/selftest/externalsrc: add test for srctree_hash_files +- openssh: remove RRECOMMENDS to rng-tools for sshd package +- poky.conf: bump version for 4.0.7 +- qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image +- rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively +- rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work +- ruby: merge .inc into .bb +- ruby: update 3.1.2 -> 3.1.3 +- selftest/virgl: use pkg-config from the host +- tiff: Add packageconfig knob for webp +- toolchain-scripts: compatibility with unbound variable protection +- tzdata: update 2022d -> 2022g +- valgrind: skip the boost_thread test on arm +- xserver-xorg: upgrade 21.1.4 -> 21.1.6 +- xwayland: libxshmfence is needed when dri3 is enabled +- xwayland: upgrade 22.1.5 -> 22.1.7 +- yocto-check-layer: Allow OE-Core to be tested + + +Known Issues in Yocto-4.0.7 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.7 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alejandro Hernandez Samaniego +- Alex Kiernan +- Alex Stewart +- Alexander Kanavin +- Antonin Godard +- Benoît Mauduit +- Bhabu Bindu +- Bruce Ashfield +- Carlos Alberto Lopez Perez +- Changqing Li +- Chen Qi +- Daniel Gomez +- Florin Diaconescu +- He Zhe +- Hitendra Prajapati +- Jagadeesh Krishnanjanappa +- Jan Kircher +- Jermain Horsman +- Jose Quaresma +- Joshua Watt +- KARN JYE LAU +- Kai Kang +- Khem Raj +- Luis +- Marta Rybczynska +- Martin Jansa +- Mathieu Dubois-Briand +- Michael Opdenacker +- Narpat Mali +- Ovidiu Panait +- Pavel Zhukov +- Peter Marko +- Petr Kubizňák +- Quentin Schulz +- Randy MacLeod +- Ranjitsinh Rathod +- Richard Purdie +- Robert Andersson +- Ross Burton +- Sandeep Gundlupet Raju +- Saul Wold +- Steve Sakoman +- Vivek Kumbhar +- Wang Mingyu +- Xiangyu Chen +- Yash Shinde +- Yogita Urade + + +Repositories / Downloads for Yocto-4.0.7 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.7 ` +- Git Revision: :yocto_git:`65dafea22018052fe7b2e17e6e4d7eb754224d38 ` +- Release Artefact: poky-65dafea22018052fe7b2e17e6e4d7eb754224d38 +- sha: 6b1b67600b84503e2d5d29bcd6038547339f4f9413b830cd2408df825eda642d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/poky-65dafea22018052fe7b2e17e6e4d7eb754224d38.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/poky-65dafea22018052fe7b2e17e6e4d7eb754224d38.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone ` +- Tag: :oe_git:`yocto-4.0.7 ` +- Git Revision: :oe_git:`a8c82902384f7430519a31732a4bb631f21693ac ` +- Release Artefact: oecore-a8c82902384f7430519a31732a4bb631f21693ac +- sha: 6f2dbc4ea1e388620ef77ac3a7bbb2b5956bb8bf9349b0c16cd7610e9996f5ea +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/oecore-a8c82902384f7430519a31732a4bb631f21693ac.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/oecore-a8c82902384f7430519a31732a4bb631f21693ac.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.7 ` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 ` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: :yocto_git:`/meta-gplv2` +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.7 ` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a ` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 ` +- Tag: :oe_git:`yocto-4.0.7 ` +- Git Revision: :oe_git:`7e268c107bb0240d583d2c34e24a71e373382509 ` +- Release Artefact: bitbake-7e268c107bb0240d583d2c34e24a71e373382509 +- sha: c3e2899012358c95962c7a5c85cf98dc30c58eae0861c374124e96d9556bb901 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.7 ` +- Git Revision: :yocto_git:`5883e897c34f25401b358a597fb6e18d80f7f90b ` + +