-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


- --------------------------
yocto-3.0.3 Release Notes
- --------------------------


- --------------------------
 Repositories/Downloads
- --------------------------

Repository Name: poky
Repository Location: https://git.yoctoproject.org/git/poky
Branch: zeus
Tag: yocto-3.0.3
Git Revision: eac84e73e8d94610173c3bb3b6c6d74b58e44f60
Release Arefact: poky-zeus-22.0.3
sha: dc963c04e2a0658f8c1dff859b020611bf36bf4cde2f939f6cb7675ed19f834b
Download Locations:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.0.3/poky-zeus-22.0.3.tar.bz2
http://mirrors.kernel.org/yocto/yocto/yocto-3.0.3/poky-zeus-22.0.3.tar.bz2

Repository Name: openembedded-core
Repository Location: https://git.openembedded.org/openembedded-core
Branch: zeus
Tag: 2019-10.3-zeus
Git Revision: 9bab7c1a29a58ba7f97e253e4e0ac167b77d0e65
Release Arefact: oecore-zeus-22.0.3
sha: 8389b9795dca3580a123e58353fd508778eed741d60bb820cc075554b4944b03
Download Locations:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.0.3/oecore-zeus-22.0.3.tar.bz2
http://mirrors.kernel.org/yocto/yocto/yocto-3.0.3/oecore-zeus-22.0.3.tar.bz2

Repository Name: meta-mingw
Repository Location: https://git.yoctoproject.org/git/meta-mingw
Branch: zeus
Tag: yocto-3.0.3
Git Revision: 756963cc28ebc163df7d7f4b4ee004c18d3d3260
Release Arefact: meta-mingw-zeus-22.0.3
sha: 538fc3b098ac3b8727c1f612cb3b5cba81bb2ed32d61d3beeccdea8c94cf4932
Download Locations:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.0.3/meta-mingw-zeus-22.0.3.tar.bz2
http://mirrors.kernel.org/yocto/yocto/yocto-3.0.3/meta-mingw-zeus-22.0.3.tar.bz2

Repository Name: meta-gplv2
Repository Location: https://git.yoctoproject.org/git/meta-gplv2
Branch: zeus
Tag: yocto-3.0.3
Git Revision: 0f4eecc000f66d114ad258fa31aed66afa292166
Release Arefact: meta-gplv2-zeus-22.0.3
sha: 01d9ad212536b2ac1993aa94d84d83d710bde5910b6dcc71767f9a34d23b3810
Download Locations:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.0.3/meta-gplv2-zeus-22.0.3.tar.bz2
http://mirrors.kernel.org/yocto/yocto/yocto-3.0.3/meta-gplv2-zeus-22.0.3.tar.bz2

Repository Name: bitbake
Repository Location: https://git.openembedded.org/bitbake
Branch: zeus
Tag: 2019-10.3-zeus
Git Revision: 6836184ef5220488a1127413c7d2e523fc37e2e9
Release Arefact: bitbake-zeus-22.0.3
sha: 6225331c9c2f85b978d15cc8f72e4b794423919ccd24f6df7988012c8e4c2262
Download Locations:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.0.3/bitbake-zeus-22.0.3.tar.bz2
http://mirrors.kernel.org/yocto/yocto/yocto-3.0.3/bitbake-zeus-22.0.3.tar.bz2

- --------------
Contributors
- --------------
Adrian Bunk
akuster
Alexander Kanavin
Alex Kiernan
Anuj Mittal
Armin Kuster
Bruce Ashfield
Changqing Li
Chee Yang Lee
Daisuke Yamane
Denys Dmytriyenko
haiqing
Jan Luebbe
Jeremy Puhlman
Joshua Watt
Julius Hemanth Pitti
Jain Sangeeta
Kevin Hao
Khem Raj
Lee Chee Yang
Li Zhou
Marek Vasut
Mark Hatle
Martin Jansa
Michael Halstead
Nathan Rossi
Nicolas Dechesne
Ovidiu Panait
Paul Barker
Rahul Chauhan
Richard Purdie
Ross Burton
Stefan Ghinea
Stephen Jolley
Tim Orling
Tom Hochstein
Trevor Gamblin
Vineela Tummalapalli
Wang Mingyu
Wenlin Kang
wenlin.kang@windriver.com
Yi Zhao
Zhixiong Chi

- ---------------
 Known Issues
- ---------------
Bug 13905: strace ptest failed.
Bug 13906: valgrind ptest failed.
Bug 13907: zlib ptest failed.

These bugs were single ptest failures which appear to be intermittent in nature.
In a rerun those test passed. As such we don't believe they are regressions affecting
the release but runtime testing issues.

- ---------------
Security Fixes
- ---------------
systemd: Fix CVE-2020-1712
qemu/slirp: fix CVE-2020-7211
qemu: fix CVE-2020-7039
git: Security Advisory - git - CVE-2020-11008
git: Security Advisory - git - CVE-2020-5260
glibc: CVE-2020-1751
glib-2.0: fix CVE-2020-6750
e2fsprogs: fix CVE-2019-5188
screen: fix CVE-2020-9366
icu: fix CVE-2020-10531
bluez: fix CVE-2020-0556
libarchive: Fix CVE-2020-9308
aspell: CVE-2019-20433
sqlite: fix numerous CVEs
libpcre2: fix CVE-2019-20454
qemu: fix CVE-2019-20382
glibc: CVE-2020-10029
virglrenderer: fix multiple CVEs
ruby: fix CVE-2019-16254
libxml2: Fix CVE-2019-20388
libxml2: fix CVE-2020-7595
ppp: Security fix CVE-2020-8597
ncurses: add CVE_VERSION
qemu: Fix CVE-2020-1711


- ---------------
Fixes
- ---------------
Documentation: Prepared for 3.0.3 release
resulttool/resultutils: Fix unicode error handling
build-appliance-image: Update to zeus head revision
poky.conf: Bump version for 3.0.3 zeus release
openssl: upgrade 1.1.1f -> 1.1.1g
gnutls: upgrade 3.6.12 -> 3.6.13
gnutls: upgrade 3.6.11.1 -> 3.6.12
gnutls: upgrade 3.6.8 -> 3.6.11.1
python: Upgrade 2.7.17 -> 2.17.18
gnupg: upgrade 2.2.17 -> 2.2.19
qemu: Add PACKAGECONFIG for glusterfs
cve-update-db-native: clean DB if temporary file exist
apt-native: don't let dpkg overwrite files by default
prservice.py: fix do_package with newer Python in Ubuntu 20.04
qemu: Replace stime() API with clock_settime
python3-native: Should not search the system for headers/libraries.
openssl: update to 1.1.1f
openssl: Upgrade 1.1.1d -> 1.1.1e
openssl: recommend cryptodev-module for corresponding PACKAGECONFIG
inetutils: Use alternatives to avoid manpage conflict
wic: align layer plugin path
pseudo: Ensure we use our own libsqlite
cve-check: CPE version '-' as all version
kernelsrc.bbclass: Fix externalsrc support
perf: Fix externalsrc support
kernel-yocto.bbclass: Support config fragments with externalsrc
lib/oe/package_manager: don't try to rm /var/lib/opkg
lib/oe/package_manager: avoid installing provided packages via apt
lib/oe/package_manager: collect provided package names when using debs
lib/oe/package_manager: fix handling of last package
lib/oe/package_manager: make sure to not remove packages in apt install
busybox: on upgrade save busybox if it is the last shell
lttng-modules: update to 2.10.14
waffle: no need to depend on target python3
u-boot-tools: Split out inc file
wic/direct: reserve 2 sector for extended partition
linux-yocto/4.19: update to v4.19.107
security_flags.inc: fix flags missing from SDK toolchain
e2fsprogs: backport upstream patch
nfs-utils: Disable statx if using glibc emulation
sanity: check for more bits of Python
python3: Upgrade 3.7.6 -> 3.7.7
cve-check: fix ValueError
cve-check: show whitelisted status
maintainers: Add entry for buildtools-extended-tarball
dhcp: Fix REQUIRE(ctx->running) assertion triggered on SIGTERM/SIGINT
gcc-target.inc: Prevent sysroot from leaking into configargs.h
gcc-cross.inc: Prevent native sysroot from leaking into configargs.h
gcc-cross-canadian: A missing space in an append caused an invalid option
wic/engine: lets display an error not a traceback
dummy-sdk-package: Add DUMMYPROVIDES_PACKAGES
cve-check: fail gracefully when file not found
linux-yocto/5.2: backport perf build fix for latest binutils
yocto-uninative.inc: version 2.8 updates glibc to 2.31
linux-yocto/5.2: update to v5.2.32
toolchain-shar-extract: ignore timestamp on decompress
liberror-perl: upgrade 0.17028 -> 0.17029
perl: Fix makefile race causing configuration differences
perl: Fix encode module reproducibility issues
perl: fix failing ptests
perl: improve reproducibility
libmodule-build-perl: fix ptests
perl: install typemap and other extutils metadata as part of perl-core
perl: package Config.pm from arch directory into the main perl package
perl: update to 5.30.1
linux-yocto/5.2: update to v5.2.29
openssh: backport patch to fix "cert not yet valid" test
xserver-nodm-init: Fix the start failure for non-root user
qemurunner.py: add try/except for pid handling race
glibc-testsuite: Exclude this recipe from world builds
glibc-testsuite: Remove the do_install task
bitbake: lib/bb/utils.py: Preserve ownership of symlink
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETAATlWjYlkbLPLeFXGgH0cJ5dnMFAl7QFW8ACgkQXGgH0cJ5
dnNLIAf+Kobk8BFXlopiBsC4okKoZKPasQpcujpF0tnm4XMqx/7rnFtEX42RcPVZ
HBqkvGS9R0QCFN83RwOE1Z/bMqDSNP0qmMlZ2m2z80WRzav+2amgT2iurbx9jN1U
l+Weqg7fs8SSWHvMfi0RYUlkRIUGbykgkjgs3iBJidzr2e39mFRy/eZxyR13w+nR
yhGZB4fzL1UFMQHFboMge0N9EX2SHQPDPt+khkKZW2VjVnhuEu6ByUr234bqL7ei
3JosTkSDauWZ8IbL624sPkrBMjs9RRoUeb43dNn1S9CopRQBZm8IvsXfbKFeaPcz
rARILiqRZqWGdB0dCVnmpzkrOAQPsw==
=xCNu
-----END PGP SIGNATURE-----