[ANNOUNCEMENT] Yocto Project 2.7.3 (Warrior 21.0.3) Released



We are pleased to announce the Yocto Project 2.7.3 (warrior-21.0.3) Release is now available for download.


A gpg signed version of these release notes is available at:


Full Test Report:


Thank you for everyone's contributions to this release.


Vineela Tummalapalli
Yocto Project Build and Release
<vineela.tummalapalli at intel.com>

yocto-2.7.3 Release Notes


Repository Name: poky
Repository Location: https://git.yoctoproject.org/git/poky
Branch: warrior
Tag: yocto-2.7.3
Git Revision: f475afc5df0837532dcd0f3a831ddc3aec8941f1
Release Arefact: poky-warrior-21.0.3
md5: a71a3bd899851ca0980d109b7e10fe89
Download Locations:

Repository Name: openembedded-core
Repository Location: https://git.openembedded.org/openembedded-core
Branch: warrior
Tag: 2019-04.3-warrior
Git Revision: ca019eec1304ca2a400ea744c0eaafe0a766d5d1
Release Arefact: oecore-warrior-21.0.3
md5: c0f11de2936e613089a87668c8cf13cd
Download Locations:

Repository Name: meta-mingw
Repository Location: https://git.yoctoproject.org/git/meta-mingw
Branch: warrior
Tag: yocto-2.7.3
Git Revision: 10695afe8cd406844e0d0dd868c11677e07557d4
Release Arefact: meta-mingw-warrior-21.0.3
md5: 3b32f4b398a9c1e05242676e851c07cd
Download Locations:

Repository Name: meta-gplv2
Repository Location: https://git.yoctoproject.org/git/meta-gplv2
Branch: warrior
Tag: yocto-2.7.3
Git Revision: d5d9fc9a4bbd365d6cd6fe4d6a8558f7115c17da
Release Arefact: meta-gplv2-warrior-21.0.3
md5: 19b0970ef6cfcb9380eedc327fde6808
Download Locations:

Repository Name: bitbake
Repository Location: https://git.openembedded.org/bitbake
Branch: warrior
Tag: 2019-04.3-warrior
Git Revision: d411b097d810c386d35dc561f8812bb3f35c9a36
Release Arefact: bitbake-warrior-21.0.3
md5: 5f11436a4b329a74084e0c4f1e1ff54e
Download Locations:

Known Issues
Bug 13818: Opensshptest failed. The fix is in zeus branch and it needs backported to warrior.
Its a date issue with the test and is minor. The fix will be available in the next release.

Bug 13817: Perl ptest failed. This is another test related to date issue and is of minor significance.

Bug 13816: gstreamer ptest failed. This is a single test result regression which is being
investigated but doesn't appear to be a release blocking issue.

Security Fixes
cpio: fix CVE-2019-14866
rsync: whitelist CVE-2017-16548
libxml2: Fix CVE-2019-19956
openssl: fix CVE-2019-1551
openssl: Whitelist CVE-2019-0190
systemd: Whitelist CVE-2018-21029 CVE-2019-3843 CVE-2019-3844
iputils: Whitelist CVE-2000-1213 CVE-2000-1214
lz4: Whitelist CVE-2014-4715
sysstat: fix CVE-2019-19725
go: fix CVE-2019-17596
nasm: fix CVE-2019-14248
nasm: fix CVE-2018-19755
glib-2.0: Backport the CVE-2019-12450 fix
lighttpd: Backport the CVE-2019-11072 fix
glibc: fix CVE-2019-19126
libarchive: fix CVE-2019-19221
gdb: Fix CVE-2019-1010180
bind: Whitelist CVE-2019-6470
binutils: fix CVE-2019-17451
binutils: fix CVE-2019-17450
wpa-supplicant: fix CVE-2019-16275
python/python3: Whitelist CVE-2019-18348
python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652
cve-check: Switch to NVD CVE JSON feed version 1.1
cve-check: fetch CVE data once at a time instead of in a single call
cve-update-db-native: add an index on the CVE ID column
cve-check: ensure all known CVEs are in the report
procps: whitelist CVE-2018-1121
webkitgtk: set CVE_PRODUCT
libsndfile1: whitelist CVE-2018-13419
libxfont2: set CVE_PRODUCT
libpam: set CVE_PRODUCT
boost: set CVE vendor to Boost
ed: set CVE vendor to avoid false positives
subversion: set CVE vendor to Apache
git: set CVE vendor to git-scm
flex: set CVE_PRODUCT to include vendor
openssl: set CVE vendor to openssl
python: fix CVE-2018-20852
python: fix CVE-2019-16935
bind: fix CVE-2019-6471 and CVE-2018-5743
file: fix CVE-2019-18218
patch: the CVE-2019-13638 fix also handles CVE-2018-20969
python3: CVE-2019-16056
libxslt: fix CVE-2019-18197
libtiff: fix CVE-2019-17546
tiff: fix CVE-2019-14973

build-appliance-image: Update to warrior head revision
poky.conf: Bump version for 2.7.3 warrior release
Documenation: Prepared for the 2.7.3 release
linux-firmware: update packaging for brcm files
linux-firmware: Upgrade 20190618 -> 20190815
linux-firmware: add PE back
linux-firmware: bump to 20190618
timezone:upgrade 2019b -> 2019c
timezone: update to 2019b
python2: add ntpath
linux-yocto/4.19: update to v4.19.87
linux-yocto/4.19: update to v4.19.84
linux-yocto/4.19: update to v4.19.78
linux-yocto/4.19: update to v4.19.72
bitbake: cooker/siggen: Empty siggen cache during parsing
Adding memoriam to scottrif
bitbake: cooker: Keep track of watched files using a set instead of a list
sanity.bbclass: Move sanity_info from conf to cache
populate_sdk_ext.bbclass: No longer needed to clean away conf/sanity_info
openssl: Enable os option for with-rand-seed as well
openssl: Upgrade 1.1.1c -> 1.1.1d
openssl: Upgrade 1.1.1b -> 1.1.1c
systemd: Upgrade to a more recent snapshot from the 241 branch
base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot
python3: RDEPEND on libgcc
python3: Upgrade 3.7.5 -> 3.7.6
stress: update SRC_URI
sudo: Fix fetching sources
sudo: correct SRC_URI
popt: fix SRC_URI
cve-check: neaten get_cve_info
cve-check: rewrite look to fix false negatives
cve-update-db-native: clean up proxy handling
cve-update-db-native: don't hardcode the database name
cve-update-db-native: don't refresh more than once an hour
cve-check: we don't actually need to unpack to check
cve-check: failure to parse versions should be more visible
sdk: Install nativesdk locales for all TCLIBC variants
libpcap: upgrade 1.9.0 -> 1.9.1
python: update to 2.7.17
mega-manual: Fixed broken mega-manual build for 2.7.2
dev-manual: Removed duplicate paragraph for selecting init manager.
pseudo: Add statx support to fix fedora30 issues
pseudo: Drop static linking to sqlite3
pseudo: Fix openat() with a symlink pointing to a directory
python3: Upgrade 3.7.4 -> 3.7.5
python3: fix the test_locale output format
python3: Fix .pyc file reproduciblility
python3: Reformat sysconfig
python3: python3: Fix build error x86->x86
python3: fix build on softfloat mips
python3: fix do_install fail for parallel buiild
lib/oe/lsb: Make sure the distro ID is always lowercased
devtool: finish: Add suppport for the --no-clean option
devtool: finish: Keep patches ordered when updating bbappend
tzdata: Correct the packaging of /etc/localtime and /etc/timezone
package_rpm.bbclass: Remove a misleading bb.note()
devtool: Avoid failure for recipes with S == WORKDIR and no local files
nativesdk-meson: Remove some unused variables
meson.bbclass: Remove the MESON_*_ARGS variables
meson: Backport patch to handle strings in cross file args
go-1.12: update to 1.12.9 minor release
go: Upgrade 1.12.5 -> 1.12.6
go: update 1.12.1->1.12.5
bitbake: fetch2: Ensure cached url data is matched to a datastore
bitbake: bitbake-worker child process create group before registering SIGTERM handler
build-appliance-image: Update to warrior head revision