@@ -7,3 +7,4 @@ Release 5.3 (whinlatter)
migration-5.3
release-notes-5.3
+ release-notes-5.3.1
new file mode 100644
@@ -0,0 +1,262 @@
+Release notes for Yocto-5.3.1 (Whinlatter)
+------------------------------------------
+
+Users of Alma 9, Rocky 9 and Centos Stream 9 rolling releases have seen obtuse failures in the execution of tar in various tasks after recent host distro updates. These newer versions of tar contain a CVE fix which uses a new glibc call/syscall (openat2). The fix is to update to a newer pseudo version which handles this syscall. This is not included in this stable release but we aim to include it in the next one.
+
+Security Fixes in Yocto-5.3.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- binutils: Fix :cve_nist:`2025-11494`, :cve_nist:`2025-11839` and :cve_nist:`2025-11840`
+- cups: Fix :cve_nist:`2025-58436` and :cve_nist:`2025-61915`
+- dropbear: Fix :cve_nist:`2019-6111`
+- glib-2.0: Fix :cve_nist:`2025-13601`, :cve_nist:`2025-14087` and :cve_nist:`2025-14512`
+- gnutls: Fix :cve_nist:`2025-9820`
+- go: Fix :cve_nist:`2025-61727` and :cve_nist:`2025-61729`
+- libarchive: Fix :cve_nist:`2025-60753`
+- libpcap: Fix :cve_nist:`2025-11961` and :cve_nist:`2025-11964`
+- libpng: Fix :cve_nist:`2025-64505`, :cve_nist:`2025-64506`, :cve_nist:`2025-64720`,
+ :cve_nist:`2025-65018` and :cve_nist:`2025-66293`
+- linux-yocto/6.12: Ignore :cve_nist:`2023-7324`, :cve_nist:`2024-57995`, :cve_nist:`2025-21833`,
+ :cve_nist:`2025-22105`, :cve_nist:`2025-22107`, :cve_nist:`2025-22121`, :cve_nist:`2025-23129`,
+ :cve_nist:`2025-23130`, :cve_nist:`2025-37803`, :cve_nist:`2025-37860`, :cve_nist:`2025-38643`,
+ :cve_nist:`2025-38678`, :cve_nist:`2025-39678`, :cve_nist:`2025-39981`, :cve_nist:`2025-40014`,
+ :cve_nist:`2025-40026`, :cve_nist:`2025-40027`, :cve_nist:`2025-40028`, :cve_nist:`2025-40029`,
+ :cve_nist:`2025-40030`, :cve_nist:`2025-40031`, :cve_nist:`2025-40032`, :cve_nist:`2025-40033`,
+ :cve_nist:`2025-40034`, :cve_nist:`2025-40035`, :cve_nist:`2025-40036`, :cve_nist:`2025-40037`,
+ :cve_nist:`2025-40038`, :cve_nist:`2025-40039`, :cve_nist:`2025-40040`, :cve_nist:`2025-40041`,
+ :cve_nist:`2025-40042`, :cve_nist:`2025-40043`, :cve_nist:`2025-40044`, :cve_nist:`2025-40045`,
+ :cve_nist:`2025-40046`, :cve_nist:`2025-40047`, :cve_nist:`2025-40048`, :cve_nist:`2025-40049`,
+ :cve_nist:`2025-40050`, :cve_nist:`2025-40051`, :cve_nist:`2025-40052`, :cve_nist:`2025-40053`,
+ :cve_nist:`2025-40055`, :cve_nist:`2025-40056`, :cve_nist:`2025-40057`, :cve_nist:`2025-40058`,
+ :cve_nist:`2025-40059`, :cve_nist:`2025-40060`, :cve_nist:`2025-40061`, :cve_nist:`2025-40062`,
+ :cve_nist:`2025-40063`, :cve_nist:`2025-40066`, :cve_nist:`2025-40067`, :cve_nist:`2025-40068`,
+ :cve_nist:`2025-40069`, :cve_nist:`2025-40070`, :cve_nist:`2025-40071`, :cve_nist:`2025-40072`,
+ :cve_nist:`2025-40073`, :cve_nist:`2025-40076`, :cve_nist:`2025-40077`, :cve_nist:`2025-40078`,
+ :cve_nist:`2025-40079`, :cve_nist:`2025-40080`, :cve_nist:`2025-40081`, :cve_nist:`2025-40082`,
+ :cve_nist:`2025-40083`, :cve_nist:`2025-40084`, :cve_nist:`2025-40085`, :cve_nist:`2025-40087`,
+ :cve_nist:`2025-40088`, :cve_nist:`2025-40089`, :cve_nist:`2025-40090`, :cve_nist:`2025-40091`,
+ :cve_nist:`2025-40092`, :cve_nist:`2025-40093`, :cve_nist:`2025-40094`, :cve_nist:`2025-40095`,
+ :cve_nist:`2025-40096`, :cve_nist:`2025-40097`, :cve_nist:`2025-40099`, :cve_nist:`2025-40100`,
+ :cve_nist:`2025-40101`, :cve_nist:`2025-40103`, :cve_nist:`2025-40104`, :cve_nist:`2025-40105`,
+ :cve_nist:`2025-40106`, :cve_nist:`2025-40107`, :cve_nist:`2025-40108`, :cve_nist:`2025-40109`,
+ :cve_nist:`2025-40110`, :cve_nist:`2025-40111`, :cve_nist:`2025-40112`, :cve_nist:`2025-40115`,
+ :cve_nist:`2025-40116`, :cve_nist:`2025-40117`, :cve_nist:`2025-40118`, :cve_nist:`2025-40119`,
+ :cve_nist:`2025-40120`, :cve_nist:`2025-40121`, :cve_nist:`2025-40122`, :cve_nist:`2025-40123`,
+ :cve_nist:`2025-40124`, :cve_nist:`2025-40125`, :cve_nist:`2025-40126`, :cve_nist:`2025-40127`,
+ :cve_nist:`2025-40129`, :cve_nist:`2025-40131`, :cve_nist:`2025-40132`, :cve_nist:`2025-40133`,
+ :cve_nist:`2025-40134`, :cve_nist:`2025-40137`, :cve_nist:`2025-40138`, :cve_nist:`2025-40140`,
+ :cve_nist:`2025-40141`, :cve_nist:`2025-40142`, :cve_nist:`2025-40143`, :cve_nist:`2025-40144`,
+ :cve_nist:`2025-40145`, :cve_nist:`2025-40148`, :cve_nist:`2025-40151`, :cve_nist:`2025-40152`,
+ :cve_nist:`2025-40153`, :cve_nist:`2025-40154`, :cve_nist:`2025-40155`, :cve_nist:`2025-40156`,
+ :cve_nist:`2025-40157`, :cve_nist:`2025-40159`, :cve_nist:`2025-40160`, :cve_nist:`2025-40161`,
+ :cve_nist:`2025-40162`, :cve_nist:`2025-40163`, :cve_nist:`2025-40165`, :cve_nist:`2025-40166`,
+ :cve_nist:`2025-40167`, :cve_nist:`2025-40169`, :cve_nist:`2025-40171`, :cve_nist:`2025-40172`,
+ :cve_nist:`2025-40173`, :cve_nist:`2025-40174`, :cve_nist:`2025-40175`, :cve_nist:`2025-40176`,
+ :cve_nist:`2025-40177`, :cve_nist:`2025-40178`, :cve_nist:`2025-40179`, :cve_nist:`2025-40180`,
+ :cve_nist:`2025-40181`, :cve_nist:`2025-40182`, :cve_nist:`2025-40183`, :cve_nist:`2025-40184`,
+ :cve_nist:`2025-40185`, :cve_nist:`2025-40186`, :cve_nist:`2025-40187`, :cve_nist:`2025-40188`,
+ :cve_nist:`2025-40189`, :cve_nist:`2025-40190`, :cve_nist:`2025-40191`, :cve_nist:`2025-40192`,
+ :cve_nist:`2025-40193`, :cve_nist:`2025-40194`, :cve_nist:`2025-40195`, :cve_nist:`2025-40196`,
+ :cve_nist:`2025-40197`, :cve_nist:`2025-40198`, :cve_nist:`2025-40199`, :cve_nist:`2025-40200`,
+ :cve_nist:`2025-40201`, :cve_nist:`2025-40202`, :cve_nist:`2025-40203`, :cve_nist:`2025-40204`,
+ :cve_nist:`2025-40205`, :cve_nist:`2025-40206`, :cve_nist:`2025-40207`, :cve_nist:`2025-40208`,
+ :cve_nist:`2025-40209`, :cve_nist:`2025-40211`, :cve_nist:`2025-40212` and :cve_nist:`2025-40213`
+- python3-urllib3: Fix :cve_nist:`2025-66418`
+- python3: Fix :cve_nist:`2025-6075` and :cve_nist:`2025-12084`
+- sqlite3: Fix :cve_nist:`2025-3277`, :cve_nist:`2025-6965` and :cve_nist:`2025-29087`
+
+
+Fixes in Yocto-5.3.1
+~~~~~~~~~~~~~~~~~~~~
+
+bitbake
+^^^^^^^
+- bin: Hide os.fork() deprecation warning in all bitbake scripts
+- bitbake-layers: Also hide os.fork() deprecation warning
+
+meta-yocto
+^^^^^^^^^^
+- poky.conf: bump version for 5.3.1
+
+oecore
+^^^^^^
+- build-appliance-image: Update to whinlatter head revisions
+- ccache: upgrade to 4.12.2
+- cross.bbclass: Propagate dependencies to outhash
+- cups: upgrade to 2.4.15
+- curl: Use host CA bundle by default for native(sdk) builds
+- cve-update: Avoid NFS caching issues
+- e2fsprogs: misc/create_inode.c: Fix for file larger than 2GB
+- ell: upgrade to 0.80
+- enchant2: upgrade to 2.8.14
+- glib-2.0: Upgrade to 2.86.1
+- glib-2.0: upgrade to 2.86.3
+- go: upgrade to 1.25.5
+- gst-devtools: upgrade to 1.26.7
+- gst-examples: upgrade to 1.26.7
+- gstreamer1.0: upgrade to 1.26.7
+- gstreamer1.0-libav: upgrade to 1.26.7
+- gstreamer1.0-plugins-bad: upgrade to 1.26.7
+- gstreamer1.0-plugins-base: upgrade to 1.26.7
+- gstreamer1.0-plugins-good: upgrade to 1.26.7
+- gstreamer1.0-plugins-ugly: upgrade to 1.26.7
+- gstreamer1.0-python: upgrade to 1.26.7
+- gstreamer1.0-rtsp-server: upgrade to 1.26.7
+- gstreamer1.0-vaapi: upgrade to 1.26.7
+- libarchive: upgrade to 3.8.3
+- libarchive: upgrade to 3.8.4
+- libpcap: upgrade to 1.10.6
+- libpng: upgrade to 1.6.52
+- libssh2: fix regression in KEX method validation (GH-1553)
+- libxmlb: upgrade to 0.3.24
+- linux-yocto/6.12: update to v6.12.60
+- llvm/clang: Upgrade to 21.1.7
+- mesa: upgrade to 25.2.8
+- python3: upgrade to 3.13.11
+- spdx30_tasks: Fix :term:`SPDX_CUSTOM_ANNOTATION_VARS` implementation
+- xserver-nodm-init: avoid race condition related to udev
+
+yocto-docs
+^^^^^^^^^^
+- Add the sphinx-copybutton extension
+- Fix bitbake version mapping for whinlatter
+- Makefile: fix rsvg-convert --format capitalization
+- brief-yoctoprojectqs/index.rst: fix improper code-block indentation
+- brief-yoctoprojectqs/index.rst: switch shell block to to console/text blocks
+- brief-yoctoprojectqs/index.rst: update available bitbake-setup configurations
+- brief-yoctoprojectqs: specify what "recent Ubuntu Linux distribution" is
+- dev-manual/limiting-resources.rst: update how to track pressure info
+- make sure Quick Build section and System Requirements are in sync
+- migration-guide: update 5.3 release notes download section
+- migration-guides/release-notes-5.3.rst: add contributors
+- migration-guides/release-notes-5.3.rst: add fixed cve
+- migration-guides/release-notes-5.3.rst: add license updates
+- migration-guides/release-notes-5.3.rst: add recipe upgrades
+- migration-guides/release-notes-5.3.rst: latest changes from master
+- overview-manual/concepts.rst: update the cross-development toolchain section
+- poky.yaml.in: add DISTRO_RELEASE_SERIES
+- ref-manual/classes.rst: document the image-container class
+- ref-manual/faq.rst: add Q&A on third-party vuln scanning tools
+- ref-manual/system-requirements.rst: add RockyLinux install instructions
+- ref-manual/system-requirements.rst: fix AlmaLinux PDF build
+- ref-manual/tasks.rst: document the do_list_image_features task
+- ref-manual/variables.rst: document WESTON_USER/WESTON_USER_HOME variables
+- ref-manual: Document :term:`SPDX` 3.0.1 variables
+- set_versions.py: add wrynose as devbranch
+- tools/build-docs-container: add CentOS Stream 9 support
+- tools/build-docs-container: move container files in their own directory
+- tools: add gen-cve-release-notes
+- tools: ubuntu_docs: remove duplicate python3-saneyaml
+
+
+Known Issues in Yocto-5.3.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-5.3.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+- Alexander Kanavin
+- Ankur Tyagi
+- Antonin Godard
+- Bruce Ashfield
+- Chen Qi
+- Deepesh Varatharajan
+- Dmitry Baryshkov
+- Gyorgy Sarvari
+- Jayasurya Maganuru
+- Jörg Sommer
+- Lee Chee Yang
+- Martin Jansa
+- Mathieu Dubois-Briand
+- Moritz Haase
+- Paul Barker
+- Peter Marko
+- Quentin Schulz
+- Robert Yang
+- Stefano Tondo
+- Vijay Anusuri
+- Wang Mingyu
+- Yash Shinde
+- Yoann Congal
+- Zhang Peng
+
+
+Repositories / Downloads for Yocto-5.3.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`whinlatter </yocto-docs/log/?h=whinlatter>`
+- Tag: :yocto_git:`yocto-5.3.1 </yocto-docs/log/?h=yocto-5.3.1>`
+- Git Revision: :yocto_git:`102a33294e63a5581c413555040f790161fc80ff </yocto-docs/commit/?id=102a33294e63a5581c413555040f790161fc80ff>`
+- Release Artefact: yocto-docs-102a33294e63a5581c413555040f790161fc80ff
+- sha: 377b828c5dbf82b8a918360a52ff7b4122d37fd8d13d0451738edd57a1924083
+- Download Locations:
+
+ https://downloads.yoctoproject.org/releases/yocto/yocto-5.3.1/yocto-docs-102a33294e63a5581c413555040f790161fc80ff.tar.bz2
+
+ https://mirrors.kernel.org/yocto/yocto/yocto-5.3.1/yocto-docs-102a33294e63a5581c413555040f790161fc80ff.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`whinlatter </openembedded-core/log/?h=whinlatter>`
+- Tag: :oe_git:`yocto-5.3.1 </openembedded-core/log/?h=yocto-5.3.1>`
+- Git Revision: :oe_git:`dd10706cfafb5574b7cf316fca2300d166ef71b0 </openembedded-core/commit/?id=dd10706cfafb5574b7cf316fca2300d166ef71b0>`
+- Release Artefact: oecore-dd10706cfafb5574b7cf316fca2300d166ef71b0
+- sha: b3182231a4a10f57215289b0f42ebe658ee9b1ed0b0bfe414d846a778ff7c598
+- Download Locations:
+
+ https://downloads.yoctoproject.org/releases/yocto/yocto-5.3.1/oecore-dd10706cfafb5574b7cf316fca2300d166ef71b0.tar.bz2
+
+ https://mirrors.kernel.org/yocto/yocto/yocto-5.3.1/oecore-dd10706cfafb5574b7cf316fca2300d166ef71b0.tar.bz2
+
+meta-yocto
+
+- Repository Location: :yocto_git:`/meta-yocto`
+- Branch: :yocto_git:`whinlatter </meta-yocto/log/?h=whinlatter>`
+- Tag: :yocto_git:`yocto-5.3.1 </meta-yocto/log/?h=yocto-5.3.1>`
+- Git Revision: :yocto_git:`6973ca663aaa9c3ab517ee960ab7985a5bf54c07 </meta-yocto/commit/?id=6973ca663aaa9c3ab517ee960ab7985a5bf54c07>`
+- Release Artefact: meta-yocto-6973ca663aaa9c3ab517ee960ab7985a5bf54c07
+- sha: 0e126b092e74bb217416d9603002b20db8e552b45b23d634cdae955fd089dfe2
+- Download Locations:
+
+ https://downloads.yoctoproject.org/releases/yocto/yocto-5.3.1/meta-yocto-6973ca663aaa9c3ab517ee960ab7985a5bf54c07.tar.bz2
+
+ https://mirrors.kernel.org/yocto/yocto/yocto-5.3.1/meta-yocto-6973ca663aaa9c3ab517ee960ab7985a5bf54c07.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`whinlatter </meta-mingw/log/?h=whinlatter>`
+- Tag: :yocto_git:`yocto-5.3.1 </meta-mingw/log/?h=yocto-5.3.1>`
+- Git Revision: :yocto_git:`00323de97e397d4f6734ef2191806616989f5e10 </meta-mingw/commit/?id=00323de97e397d4f6734ef2191806616989f5e10>`
+- Release Artefact: meta-mingw-00323de97e397d4f6734ef2191806616989f5e10
+- sha: c9a70539b12c0642596fde6a2766d4a6a8fec8b2a366453fb6473363127a1c77
+- Download Locations:
+
+ https://downloads.yoctoproject.org/releases/yocto/yocto-5.3.1/meta-mingw-00323de97e397d4f6734ef2191806616989f5e10.tar.bz2
+
+ https://mirrors.kernel.org/yocto/yocto/yocto-5.3.1/meta-mingw-00323de97e397d4f6734ef2191806616989f5e10.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.16 </bitbake/log/?h=2.16>`
+- Tag: :oe_git:`yocto-5.3.1 </bitbake/log/?h=yocto-5.3.1>`
+- Git Revision: :oe_git:`663021740bc086bd959a8457ad9ddb6da52a8278 </bitbake/commit/?id=663021740bc086bd959a8457ad9ddb6da52a8278>`
+- Release Artefact: bitbake-663021740bc086bd959a8457ad9ddb6da52a8278
+- sha: a290072317e5c533fafd18608e61c9ebe9acf24d2ce46b43ba99df42c77e7073
+- Download Locations:
+
+ https://downloads.yoctoproject.org/releases/yocto/yocto-5.3.1/bitbake-663021740bc086bd959a8457ad9ddb6da52a8278.tar.bz2
+
+ https://mirrors.kernel.org/yocto/yocto/yocto-5.3.1/bitbake-663021740bc086bd959a8457ad9ddb6da52a8278.tar.bz2
+
+