Yocto Project - User contributions [en]

Stable Release and LTS

2026-03-16T16:44:27Z

Yoann Congal: /* Normal process */

= Yocto Project Stable Branch Maintenance and Long Term Support (LTS) =

Background on how the project's LTS plans came about can be found [[LTS_Background | here]]. The document below details the current project release lifecycle and LTS plans. The aim is to have a stable series maintenance policy which allows for different stages of maintenance including standard "stable" series, LTS series and community support.

'''[[Releases|Current Maintainers list]]'''

== Release Lifecycle ==
The project releases every six months in April and October (spring and fall). This is necessary to bring development together to a focus point and provide points of increased testing and focus on stability. There are two possible lifecycles a release may follow:

Initial Release -> Stable -> Community -> EOL
:: or
Initial Release -> LTS -> Community -> EOL

The change in status of a given release series should be announced in the weekly status report and reflected on the “Releases” wiki page.

The stages have the following properties:

'''Stable/LTS common properties:'''
* Has point release tarballs created
* Has release artefacts
* Patches merged to the main repository branch
* Requires autobuilder testing
* The project will appoint someone to act as the maintainer to coordinate and handle patch testing and merging
* Strict “backport only”, master first policy

'''Stable/LTS differences:'''
* Stable releases are maintained for seven months
* LTS releases are maintained for four years (as of June 2023, [https://lists.yoctoproject.org/g/yocto/message/60459 announced here])
* LTS releases are preannounced and known to be LTS in advance (usually every two years)
* LTS tested only on a subset of supported native build platforms (announced at time of LTS)

'''Community status properties:'''
* A branch transitions to community support after the last stable dot release identified by the stable/LTS maintainer.
* A call for a community support maintainer is sent to the mailing lists.
** A six (6) week waiting period.
** if there is no new maintainer, then the branch goes to into EOL status
* Branches only have community support status if there is an active community member willing to step into the maintainer role for that series
* All the same repos are covered as in Stable
* Follows the same the Stable processes, except;
** Patches merge to the main repository but in a community/XXX namespace
** Automated testing is on a best effort basis, some autobuilder cycles may be available but not guaranteed.
** The maintainer is required to publish a testing plan to show what testing will be made for patches to merge to the community branch.
** No point releases version and no release artifacts
* Master first policy recommended

'''EOL (End of life):'''
* No community support maintainer after the six (6) week waiting period
* When there is no longer any active community maintainer, branches become EOL
** No new changes for 2 months
* Artifacts will be removed for EOL older than????
** process under development

== LTS “Mixin” repositories ==
We realise that a given LTS may need other versions of some components within its lifetime as no “one size” fits everyone’s needs. Rather than adding potentially invasive changes to older releases (such as new gcc versions), the project proposes the use of “mixin” layers (see https://docs.yoctoproject.org/dev//ref-manual/release-process.html#stable-release-process).

The structure would be to create them in the repository meta-lts-mixins with the branch naming scheme <releaseseries>/<mixin name>. We expect this may be used for gcc and possibly for rapidly changing languages like go/nodejs/rust. Policies on testing these layers will depend on how widespread their usage is and determined on a case by case basis. There may be other 'mixin' layers within the wider community too. Access to the repository branches can be granted by the Yocto Project TSC upon application.

The layers should have a single purpose and be Yocto Project Compatible (passing the test script) allowing them to be selected by users as needed. The maintainer should be listed in the README and note when the layer is no longer maintained.

== Stable/LTS Patch Acceptance Policies ==
All changes must have already been accepted into the current master release and any other release still within its “stable” seven month support window.

Patches must pass testing on the project’s automated test infrastructure.

'''Acceptable:'''
* Security and CVE fixes
* Fixes for bugs
* Changes to follow an upstream stable series or LTS that aligns with the original release (based on compatibility)

'''Potentially Acceptable:'''
* Fixes so codebase works with newly released distros (only in the first six months after a given release series first releases)
* Bug fix only version upgrades for upstreams with a good stable process

'''Unacceptable:'''
* General version upgrades
* New features
* ABI/API breakage

== Components (layers) to be covered ==

The project LTS covers:
* Bitbake
* OE-Core
* Meta-yocto
* yocto-docs

The project LTS does not cover:
* meta-mingw
* meta-gplv2
* vendor layers

Other layers can and will have their own LTS processes.

== Testing ==
The project releases are only tested using the automated testing based on virtual environments. The build host OSes used to run these tests are determined at the initial release time. For LTS releases only some subset of native OSes maybe supported, particularly where the lifetime of the OS would be shorter than the LTS.

Further testing of releases, e.g. on real hardware platforms is encouraged and there is a process to allow these results to be merged into the release test results but the process for making the release no longer depends upon this happening.

== Process ( TOC)==
* Need to document the following processes:
** How maintainer is selected
** How are patches proposed - Done
** How are patches queued/tested/reviewed/merged - Done
** When are point releases made? - Done
** How to trigger and run a point release - Done
** Release process itself
** Transferring stable/LTS release to community/EOL status - YP TSC
** New maintainer training - TBD

== Requesting a fix in a stable branch ==

With reference to the above policies, if you would like to request a backport of a commit in a newer release, you can either (a) do the backport yourself and send the patch marked with <tt>[branchname]</tt> to the appropriate mailing list; or alternatively (b) you can send a simple request giving commit hashes / URLs that you would like to be backported. In both cases it helps to CC the maintainer - refer to the [[Stable branch maintenance|stable release table]].

For information on which mailing list you should send these to see the README file in [https://git.openembedded.org/openembedded-core/tree/README.OE-Core.md OE-Core], [https://git.openembedded.org/bitbake/tree/README bitbake], [https://git.yoctoproject.org/meta-yocto/tree/meta-poky/README.poky.md meta-yocto], [https://git.yoctoproject.org/yocto-docs/tree/documentation/README yocto-docs]. Each repository should contain a README file at the root.

== '''Maintainer Procedures''' ==

=== Normal process ===

When there are enough changes (or a few critical ones), the stable/LTS maintainer should follow this procedure:

# Look out for patches on the mailing list marked with the appropriate branch name in the subject
# Look through recently merged patches in master that are suitable for backporting
# Collect patches together on a branch
#* If a submitted patch is a backport from master, rather than taking the patch as submitted, it is preferable to backport the patch from master so that the original commit message is preserved.
#* If you do the backporting from poky you will get the original commit ID in the commit message which is useful for reference.
#* It is beneficial to change the original commit ID line to say "OE-Core master rev" instead of "OE-Core rev" to distinguish it from the OE-Core branch revision that will be added when the commit is merged
# Run a local build or two to pick up any obvious problems
# Bitbake change should be in the bitbake-contrib repo
## https://git.openembedded.org/bitbake-contrib stable/{branch}-nut
# Openembedded-core changes should be be in the openembedded-core-contrib stable/{branch}-nut
## https://git.openembedded.org/openembedded-core-contrib
# Meta-yocto changes should be in meta-yocto-contrib stable/{branch}-nut
## git://git.yoctoproject.org/meta-yocto-contrib
# yocto-docs changes should be in yocto-docs contrib/stable/{branch}-nut
## git://git.yoctoproject.org/yocto-docs
# For stable branches using a assembled poky repository (i.e. before whinlatter), now create your Poky distro for testing.
## The Autobuilder requires changes to reside in poky, bitbake and openembedded-core
## Combine bitabke, core, meta-yocto and yocto-docs changes into one repo.
## Push the changes to poky-contrib stable/{branch}-nut
## git://git.yoctoproject.org/poky-contrib
# Test the changes on the autobuilder (see [[The_Yocto_Autobuilder#Starting_Builds]])
#* Make sure you check directly for the results of the build as these won't be reported to the yocto-builds mailing list.
## For any build failure, Defects should be opened
## Address any build failures, update repo's accordingly and rebuild

There will very likely be a number of these cycles during the lifetime of the stable branch.

=== Patch review ===
# When collating patches for review, Make sure of the following:
## Subject indicates "Patch review"
## Provide a deadline for any comments included in the body of the email
## Standard to date is 2 days.
###Exception is if the changes are patches sent to the appropriate mailing list.
## Use the appropriate branch reference.
## Use create-pull-request -p "{branch}" ...{etc}
# Send any bitbake changes bitbake-devel mailing list
# Send any OE-Core changes openembedded-core mailing list.
# Send any meta-yocto changes to the poky@lists.yoctoproject.org mailing list.
# Send any yocto-docs changes the docs@lists.yoctoproject.org mailing list.
# Wait for any feedback
## If there are changes make any necessary adjustments
### rebuild if necessary
# Push any changes to the appropriate repos and branches.

=== Merge request===
# Push affected repos and branches to stable/{branch}-next branch
# When preparing patches for merge, Make sure of the following:
## Subject indicates "Merge Request"
## Use the appropriate branch reference.
## Use create-pull-requests -p"{branch}"
# Send any bitbake changes bitbake-devel mailing list
# Send any OE-Core changes openembedded-core mailing list.
# Send any meta-yocto changes to the poky@lists.yoctoproject.org mailing list.
# Send any yocto-docs changes the docs@lists.yoctoproject.org mailing list.
# When the patches are merged, mark any bugs specific to the stable branch as resolved as appropriate

=== Point release ===

Normally point releases are scheduled in advance as appropriate - contact Stephen Jolley <sjolley.yp.pm@gmail.com> and CC: Ricard Purdie <richard.purdie@linuxfoundation.org> about scheduling point releases.

# Update yocto-docs with release information.
## Send a patch to docs@lists.yoctoproject.org
# Once all dot release changes are merged, ask Richard to run the release candidate build
#* The stable branch or LTS maintainer should monitor the build and follow up on any failures
# When the release candidate build completes successfully, The stable branch or LTS maintainer should notify the QA team to start the release QA process.
# Gather together changes in the form needed for a release notes and send them Yocto Project TSC, Branch or LTS maintainer for review and approval.
## If acceptable the changes will be incorporated into the final release notes and to Stephen Jolley <sjolley.yp.pm@gmail.com> so he can have them in preparation for the release meeting.
# Send a patch to update the stable version in meta-yocto/conf/distro/poky.conf for the release

=== Other ===

* It is useful to provide status updates on the Yocto Project technical call, particularly coming up to a stable release. If you're not able to be on the call, send the status update information to Stephen Jolley <sjolley.yp.pm@gmail.com> and he will present it.

=== Releases ===
[[Releases|Yocto Project releases]]

=== Kernel LTS ===
[[Linux Yocto#Release_Cadence|Kernel cadence]]

=== New Releases process ===
[[Yocto Project Release Process|Standard release process]]

== Decision Makers==
Decisions are expected to be handled by the maintainers. The TSC holds the ultimate decision making authority in case of disagreement. The TSC makes the final release go/nogo decisions.

Stable Release and LTS

2026-03-16T16:42:24Z

Yoann Congal: /* Normal process */

= Yocto Project Stable Branch Maintenance and Long Term Support (LTS) =

Background on how the project's LTS plans came about can be found [[LTS_Background | here]]. The document below details the current project release lifecycle and LTS plans. The aim is to have a stable series maintenance policy which allows for different stages of maintenance including standard "stable" series, LTS series and community support.

'''[[Releases|Current Maintainers list]]'''

== Release Lifecycle ==
The project releases every six months in April and October (spring and fall). This is necessary to bring development together to a focus point and provide points of increased testing and focus on stability. There are two possible lifecycles a release may follow:

Initial Release -> Stable -> Community -> EOL
:: or
Initial Release -> LTS -> Community -> EOL

The change in status of a given release series should be announced in the weekly status report and reflected on the “Releases” wiki page.

The stages have the following properties:

'''Stable/LTS common properties:'''
* Has point release tarballs created
* Has release artefacts
* Patches merged to the main repository branch
* Requires autobuilder testing
* The project will appoint someone to act as the maintainer to coordinate and handle patch testing and merging
* Strict “backport only”, master first policy

'''Stable/LTS differences:'''
* Stable releases are maintained for seven months
* LTS releases are maintained for four years (as of June 2023, [https://lists.yoctoproject.org/g/yocto/message/60459 announced here])
* LTS releases are preannounced and known to be LTS in advance (usually every two years)
* LTS tested only on a subset of supported native build platforms (announced at time of LTS)

'''Community status properties:'''
* A branch transitions to community support after the last stable dot release identified by the stable/LTS maintainer.
* A call for a community support maintainer is sent to the mailing lists.
** A six (6) week waiting period.
** if there is no new maintainer, then the branch goes to into EOL status
* Branches only have community support status if there is an active community member willing to step into the maintainer role for that series
* All the same repos are covered as in Stable
* Follows the same the Stable processes, except;
** Patches merge to the main repository but in a community/XXX namespace
** Automated testing is on a best effort basis, some autobuilder cycles may be available but not guaranteed.
** The maintainer is required to publish a testing plan to show what testing will be made for patches to merge to the community branch.
** No point releases version and no release artifacts
* Master first policy recommended

'''EOL (End of life):'''
* No community support maintainer after the six (6) week waiting period
* When there is no longer any active community maintainer, branches become EOL
** No new changes for 2 months
* Artifacts will be removed for EOL older than????
** process under development

== LTS “Mixin” repositories ==
We realise that a given LTS may need other versions of some components within its lifetime as no “one size” fits everyone’s needs. Rather than adding potentially invasive changes to older releases (such as new gcc versions), the project proposes the use of “mixin” layers (see https://docs.yoctoproject.org/dev//ref-manual/release-process.html#stable-release-process).

The structure would be to create them in the repository meta-lts-mixins with the branch naming scheme <releaseseries>/<mixin name>. We expect this may be used for gcc and possibly for rapidly changing languages like go/nodejs/rust. Policies on testing these layers will depend on how widespread their usage is and determined on a case by case basis. There may be other 'mixin' layers within the wider community too. Access to the repository branches can be granted by the Yocto Project TSC upon application.

The layers should have a single purpose and be Yocto Project Compatible (passing the test script) allowing them to be selected by users as needed. The maintainer should be listed in the README and note when the layer is no longer maintained.

== Stable/LTS Patch Acceptance Policies ==
All changes must have already been accepted into the current master release and any other release still within its “stable” seven month support window.

Patches must pass testing on the project’s automated test infrastructure.

'''Acceptable:'''
* Security and CVE fixes
* Fixes for bugs
* Changes to follow an upstream stable series or LTS that aligns with the original release (based on compatibility)

'''Potentially Acceptable:'''
* Fixes so codebase works with newly released distros (only in the first six months after a given release series first releases)
* Bug fix only version upgrades for upstreams with a good stable process

'''Unacceptable:'''
* General version upgrades
* New features
* ABI/API breakage

== Components (layers) to be covered ==

The project LTS covers:
* Bitbake
* OE-Core
* Meta-yocto
* yocto-docs

The project LTS does not cover:
* meta-mingw
* meta-gplv2
* vendor layers

Other layers can and will have their own LTS processes.

== Testing ==
The project releases are only tested using the automated testing based on virtual environments. The build host OSes used to run these tests are determined at the initial release time. For LTS releases only some subset of native OSes maybe supported, particularly where the lifetime of the OS would be shorter than the LTS.

Further testing of releases, e.g. on real hardware platforms is encouraged and there is a process to allow these results to be merged into the release test results but the process for making the release no longer depends upon this happening.

== Process ( TOC)==
* Need to document the following processes:
** How maintainer is selected
** How are patches proposed - Done
** How are patches queued/tested/reviewed/merged - Done
** When are point releases made? - Done
** How to trigger and run a point release - Done
** Release process itself
** Transferring stable/LTS release to community/EOL status - YP TSC
** New maintainer training - TBD

== Requesting a fix in a stable branch ==

With reference to the above policies, if you would like to request a backport of a commit in a newer release, you can either (a) do the backport yourself and send the patch marked with <tt>[branchname]</tt> to the appropriate mailing list; or alternatively (b) you can send a simple request giving commit hashes / URLs that you would like to be backported. In both cases it helps to CC the maintainer - refer to the [[Stable branch maintenance|stable release table]].

For information on which mailing list you should send these to see the README file in [https://git.openembedded.org/openembedded-core/tree/README.OE-Core.md OE-Core], [https://git.openembedded.org/bitbake/tree/README bitbake], [https://git.yoctoproject.org/meta-yocto/tree/meta-poky/README.poky.md meta-yocto], [https://git.yoctoproject.org/yocto-docs/tree/documentation/README yocto-docs]. Each repository should contain a README file at the root.

== '''Maintainer Procedures''' ==

=== Normal process ===

When there are enough changes (or a few critical ones), the stable/LTS maintainer should follow this procedure:

# Look out for patches on the mailing list marked with the appropriate branch name in the subject
# Look through recently merged patches in master that are suitable for backporting
# Collect patches together on a branch
#* If a submitted patch is a backport from master, rather than taking the patch as submitted, it is preferable to backport the patch from master so that the original commit message is preserved.
#* If you do the backporting from poky you will get the original commit ID in the commit message which is useful for reference.
#* It is beneficial to change the original commit ID line to say "OE-Core master rev" instead of "OE-Core rev" to distinguish it from the OE-Core branch revision that will be added when the commit is merged
# Run a local build or two to pick up any obvious problems
# Bitbake change should be in the bitbake-contrib repo
## https://git.openembedded.org/bitbake-contrib stable/{branch}-nut
# Openembedded-core changes should be be in the openembedded-core-contrib stable/{branch}-nut
## https://git.openembedded.org/openembedded-core-contrib
# Meta-yocto changes should be in meta-yocto-contrib stable/{branch}-nut
## git://git.yoctoproject.org/meta-yocto-contrib
# yocto-docs changes should be in yocto-docs contrib/stable/{branch}-nut
## git://git.yoctoproject.org/yocto-docs
# For stable branches using a assembled poky repository (i.e. before whinlatter), now create your Poky distro for testing.
## The Autobuilder requires changes to reside in poky, bitbake and openembedded-core
## Combine bitabke, core, meta-yocto and yocto-docs changes into one repo.
## Push the changes to poky-contrib stable/{branch}-nut
## git://git.yoctoproject.org/poky-contrib
# Test the changes on the autobuilder (see [[How to start a build on the Autobuilder]])
#* Make sure you check directly for the results of the build as these won't be reported to the yocto-builds mailing list.
## For any build failure, Defects should be opened
## Address any build failures, update repo's accordingly and rebuild

There will very likely be a number of these cycles during the lifetime of the stable branch.

=== Patch review ===
# When collating patches for review, Make sure of the following:
## Subject indicates "Patch review"
## Provide a deadline for any comments included in the body of the email
## Standard to date is 2 days.
###Exception is if the changes are patches sent to the appropriate mailing list.
## Use the appropriate branch reference.
## Use create-pull-request -p "{branch}" ...{etc}
# Send any bitbake changes bitbake-devel mailing list
# Send any OE-Core changes openembedded-core mailing list.
# Send any meta-yocto changes to the poky@lists.yoctoproject.org mailing list.
# Send any yocto-docs changes the docs@lists.yoctoproject.org mailing list.
# Wait for any feedback
## If there are changes make any necessary adjustments
### rebuild if necessary
# Push any changes to the appropriate repos and branches.

=== Merge request===
# Push affected repos and branches to stable/{branch}-next branch
# When preparing patches for merge, Make sure of the following:
## Subject indicates "Merge Request"
## Use the appropriate branch reference.
## Use create-pull-requests -p"{branch}"
# Send any bitbake changes bitbake-devel mailing list
# Send any OE-Core changes openembedded-core mailing list.
# Send any meta-yocto changes to the poky@lists.yoctoproject.org mailing list.
# Send any yocto-docs changes the docs@lists.yoctoproject.org mailing list.
# When the patches are merged, mark any bugs specific to the stable branch as resolved as appropriate

=== Point release ===

Normally point releases are scheduled in advance as appropriate - contact Stephen Jolley <sjolley.yp.pm@gmail.com> and CC: Ricard Purdie <richard.purdie@linuxfoundation.org> about scheduling point releases.

# Update yocto-docs with release information.
## Send a patch to docs@lists.yoctoproject.org
# Once all dot release changes are merged, ask Richard to run the release candidate build
#* The stable branch or LTS maintainer should monitor the build and follow up on any failures
# When the release candidate build completes successfully, The stable branch or LTS maintainer should notify the QA team to start the release QA process.
# Gather together changes in the form needed for a release notes and send them Yocto Project TSC, Branch or LTS maintainer for review and approval.
## If acceptable the changes will be incorporated into the final release notes and to Stephen Jolley <sjolley.yp.pm@gmail.com> so he can have them in preparation for the release meeting.
# Send a patch to update the stable version in meta-yocto/conf/distro/poky.conf for the release

=== Other ===

* It is useful to provide status updates on the Yocto Project technical call, particularly coming up to a stable release. If you're not able to be on the call, send the status update information to Stephen Jolley <sjolley.yp.pm@gmail.com> and he will present it.

=== Releases ===
[[Releases|Yocto Project releases]]

=== Kernel LTS ===
[[Linux Yocto#Release_Cadence|Kernel cadence]]

=== New Releases process ===
[[Yocto Project Release Process|Standard release process]]

== Decision Makers==
Decisions are expected to be handled by the maintainers. The TSC holds the ultimate decision making authority in case of disagreement. The TSC makes the final release go/nogo decisions.

Stable Release and LTS

2026-03-16T16:41:14Z

Yoann Congal: /* Normal process */

= Yocto Project Stable Branch Maintenance and Long Term Support (LTS) =

Background on how the project's LTS plans came about can be found [[LTS_Background | here]]. The document below details the current project release lifecycle and LTS plans. The aim is to have a stable series maintenance policy which allows for different stages of maintenance including standard "stable" series, LTS series and community support.

'''[[Releases|Current Maintainers list]]'''

== Release Lifecycle ==
The project releases every six months in April and October (spring and fall). This is necessary to bring development together to a focus point and provide points of increased testing and focus on stability. There are two possible lifecycles a release may follow:

Initial Release -> Stable -> Community -> EOL
:: or
Initial Release -> LTS -> Community -> EOL

The change in status of a given release series should be announced in the weekly status report and reflected on the “Releases” wiki page.

The stages have the following properties:

'''Stable/LTS common properties:'''
* Has point release tarballs created
* Has release artefacts
* Patches merged to the main repository branch
* Requires autobuilder testing
* The project will appoint someone to act as the maintainer to coordinate and handle patch testing and merging
* Strict “backport only”, master first policy

'''Stable/LTS differences:'''
* Stable releases are maintained for seven months
* LTS releases are maintained for four years (as of June 2023, [https://lists.yoctoproject.org/g/yocto/message/60459 announced here])
* LTS releases are preannounced and known to be LTS in advance (usually every two years)
* LTS tested only on a subset of supported native build platforms (announced at time of LTS)

'''Community status properties:'''
* A branch transitions to community support after the last stable dot release identified by the stable/LTS maintainer.
* A call for a community support maintainer is sent to the mailing lists.
** A six (6) week waiting period.
** if there is no new maintainer, then the branch goes to into EOL status
* Branches only have community support status if there is an active community member willing to step into the maintainer role for that series
* All the same repos are covered as in Stable
* Follows the same the Stable processes, except;
** Patches merge to the main repository but in a community/XXX namespace
** Automated testing is on a best effort basis, some autobuilder cycles may be available but not guaranteed.
** The maintainer is required to publish a testing plan to show what testing will be made for patches to merge to the community branch.
** No point releases version and no release artifacts
* Master first policy recommended

'''EOL (End of life):'''
* No community support maintainer after the six (6) week waiting period
* When there is no longer any active community maintainer, branches become EOL
** No new changes for 2 months
* Artifacts will be removed for EOL older than????
** process under development

== LTS “Mixin” repositories ==
We realise that a given LTS may need other versions of some components within its lifetime as no “one size” fits everyone’s needs. Rather than adding potentially invasive changes to older releases (such as new gcc versions), the project proposes the use of “mixin” layers (see https://docs.yoctoproject.org/dev//ref-manual/release-process.html#stable-release-process).

The structure would be to create them in the repository meta-lts-mixins with the branch naming scheme <releaseseries>/<mixin name>. We expect this may be used for gcc and possibly for rapidly changing languages like go/nodejs/rust. Policies on testing these layers will depend on how widespread their usage is and determined on a case by case basis. There may be other 'mixin' layers within the wider community too. Access to the repository branches can be granted by the Yocto Project TSC upon application.

The layers should have a single purpose and be Yocto Project Compatible (passing the test script) allowing them to be selected by users as needed. The maintainer should be listed in the README and note when the layer is no longer maintained.

== Stable/LTS Patch Acceptance Policies ==
All changes must have already been accepted into the current master release and any other release still within its “stable” seven month support window.

Patches must pass testing on the project’s automated test infrastructure.

'''Acceptable:'''
* Security and CVE fixes
* Fixes for bugs
* Changes to follow an upstream stable series or LTS that aligns with the original release (based on compatibility)

'''Potentially Acceptable:'''
* Fixes so codebase works with newly released distros (only in the first six months after a given release series first releases)
* Bug fix only version upgrades for upstreams with a good stable process

'''Unacceptable:'''
* General version upgrades
* New features
* ABI/API breakage

== Components (layers) to be covered ==

The project LTS covers:
* Bitbake
* OE-Core
* Meta-yocto
* yocto-docs

The project LTS does not cover:
* meta-mingw
* meta-gplv2
* vendor layers

Other layers can and will have their own LTS processes.

== Testing ==
The project releases are only tested using the automated testing based on virtual environments. The build host OSes used to run these tests are determined at the initial release time. For LTS releases only some subset of native OSes maybe supported, particularly where the lifetime of the OS would be shorter than the LTS.

Further testing of releases, e.g. on real hardware platforms is encouraged and there is a process to allow these results to be merged into the release test results but the process for making the release no longer depends upon this happening.

== Process ( TOC)==
* Need to document the following processes:
** How maintainer is selected
** How are patches proposed - Done
** How are patches queued/tested/reviewed/merged - Done
** When are point releases made? - Done
** How to trigger and run a point release - Done
** Release process itself
** Transferring stable/LTS release to community/EOL status - YP TSC
** New maintainer training - TBD

== Requesting a fix in a stable branch ==

With reference to the above policies, if you would like to request a backport of a commit in a newer release, you can either (a) do the backport yourself and send the patch marked with <tt>[branchname]</tt> to the appropriate mailing list; or alternatively (b) you can send a simple request giving commit hashes / URLs that you would like to be backported. In both cases it helps to CC the maintainer - refer to the [[Stable branch maintenance|stable release table]].

For information on which mailing list you should send these to see the README file in [https://git.openembedded.org/openembedded-core/tree/README.OE-Core.md OE-Core], [https://git.openembedded.org/bitbake/tree/README bitbake], [https://git.yoctoproject.org/meta-yocto/tree/meta-poky/README.poky.md meta-yocto], [https://git.yoctoproject.org/yocto-docs/tree/documentation/README yocto-docs]. Each repository should contain a README file at the root.

== '''Maintainer Procedures''' ==

=== Normal process ===

When there are enough changes (or a few critical ones), the stable/LTS maintainer should follow this procedure:

# Look out for patches on the mailing list marked with the appropriate branch name in the subject
# Look through recently merged patches in master that are suitable for backporting
# Collect patches together on a branch
#* If a submitted patch is a backport from master, rather than taking the patch as submitted, it is preferable to backport the patch from master so that the original commit message is preserved.
#* If you do the backporting from poky you will get the original commit ID in the commit message which is useful for reference.
#* It is beneficial to change the original commit ID line to say "OE-Core master rev" instead of "OE-Core rev" to distinguish it from the OE-Core branch revision that will be added when the commit is merged
# Run a local build or two to pick up any obvious problems
# Bitbake change should be in the bitbake-contrib repo
## https://git.openembedded.org/bitbake-contrib stable/{branch}-nut
# Openembedded-core changes should be be in the openembedded-core-contrib stable/{branch}-nut
## https://git.openembedded.org/openembedded-core-contrib
# Meta-yocto changes should be in meta-yocto-contrib stable/{branch}-nut
## git://git.yoctoproject.org/meta-yocto-contrib
# yocto-docs changes should be in yocto-docs contrib/stable/{branch}-nut
## git://git.yoctoproject.org/yocto-docs
#Now create your Poky distro for testing.
## The Autobuilder requires changes to reside in poky, bitbake and openembedded-core
## Combine bitabke, core, meta-yocto and yocto-docs changes into one repo.
## Push the changes to poky-contrib stable/{branch}-nut
## git://git.yoctoproject.org/poky-contrib
# Test the changes on the autobuilder (see [[How to start a build on the Autobuilder]])
#* Make sure you check directly for the results of the build as these won't be reported to the yocto-builds mailing list.
## For any build failure, Defects should be opened
## Address any build failures, update repo's accordingly and rebuild

There will very likely be a number of these cycles during the lifetime of the stable branch.

=== Patch review ===
# When collating patches for review, Make sure of the following:
## Subject indicates "Patch review"
## Provide a deadline for any comments included in the body of the email
## Standard to date is 2 days.
###Exception is if the changes are patches sent to the appropriate mailing list.
## Use the appropriate branch reference.
## Use create-pull-request -p "{branch}" ...{etc}
# Send any bitbake changes bitbake-devel mailing list
# Send any OE-Core changes openembedded-core mailing list.
# Send any meta-yocto changes to the poky@lists.yoctoproject.org mailing list.
# Send any yocto-docs changes the docs@lists.yoctoproject.org mailing list.
# Wait for any feedback
## If there are changes make any necessary adjustments
### rebuild if necessary
# Push any changes to the appropriate repos and branches.

=== Merge request===
# Push affected repos and branches to stable/{branch}-next branch
# When preparing patches for merge, Make sure of the following:
## Subject indicates "Merge Request"
## Use the appropriate branch reference.
## Use create-pull-requests -p"{branch}"
# Send any bitbake changes bitbake-devel mailing list
# Send any OE-Core changes openembedded-core mailing list.
# Send any meta-yocto changes to the poky@lists.yoctoproject.org mailing list.
# Send any yocto-docs changes the docs@lists.yoctoproject.org mailing list.
# When the patches are merged, mark any bugs specific to the stable branch as resolved as appropriate

=== Point release ===

Normally point releases are scheduled in advance as appropriate - contact Stephen Jolley <sjolley.yp.pm@gmail.com> and CC: Ricard Purdie <richard.purdie@linuxfoundation.org> about scheduling point releases.

# Update yocto-docs with release information.
## Send a patch to docs@lists.yoctoproject.org
# Once all dot release changes are merged, ask Richard to run the release candidate build
#* The stable branch or LTS maintainer should monitor the build and follow up on any failures
# When the release candidate build completes successfully, The stable branch or LTS maintainer should notify the QA team to start the release QA process.
# Gather together changes in the form needed for a release notes and send them Yocto Project TSC, Branch or LTS maintainer for review and approval.
## If acceptable the changes will be incorporated into the final release notes and to Stephen Jolley <sjolley.yp.pm@gmail.com> so he can have them in preparation for the release meeting.
# Send a patch to update the stable version in meta-yocto/conf/distro/poky.conf for the release

=== Other ===

* It is useful to provide status updates on the Yocto Project technical call, particularly coming up to a stable release. If you're not able to be on the call, send the status update information to Stephen Jolley <sjolley.yp.pm@gmail.com> and he will present it.

=== Releases ===
[[Releases|Yocto Project releases]]

=== Kernel LTS ===
[[Linux Yocto#Release_Cadence|Kernel cadence]]

=== New Releases process ===
[[Yocto Project Release Process|Standard release process]]

== Decision Makers==
Decisions are expected to be handled by the maintainers. The TSC holds the ultimate decision making authority in case of disagreement. The TSC makes the final release go/nogo decisions.

Stable Release and LTS

2026-03-16T16:37:14Z

Yoann Congal: /* Requesting a fix in a stable branch */ replace a dead poky link with individual repos

= Yocto Project Stable Branch Maintenance and Long Term Support (LTS) =

Background on how the project's LTS plans came about can be found [[LTS_Background | here]]. The document below details the current project release lifecycle and LTS plans. The aim is to have a stable series maintenance policy which allows for different stages of maintenance including standard "stable" series, LTS series and community support.

'''[[Releases|Current Maintainers list]]'''

== Release Lifecycle ==
The project releases every six months in April and October (spring and fall). This is necessary to bring development together to a focus point and provide points of increased testing and focus on stability. There are two possible lifecycles a release may follow:

Initial Release -> Stable -> Community -> EOL
:: or
Initial Release -> LTS -> Community -> EOL

The change in status of a given release series should be announced in the weekly status report and reflected on the “Releases” wiki page.

The stages have the following properties:

'''Stable/LTS common properties:'''
* Has point release tarballs created
* Has release artefacts
* Patches merged to the main repository branch
* Requires autobuilder testing
* The project will appoint someone to act as the maintainer to coordinate and handle patch testing and merging
* Strict “backport only”, master first policy

'''Stable/LTS differences:'''
* Stable releases are maintained for seven months
* LTS releases are maintained for four years (as of June 2023, [https://lists.yoctoproject.org/g/yocto/message/60459 announced here])
* LTS releases are preannounced and known to be LTS in advance (usually every two years)
* LTS tested only on a subset of supported native build platforms (announced at time of LTS)

'''Community status properties:'''
* A branch transitions to community support after the last stable dot release identified by the stable/LTS maintainer.
* A call for a community support maintainer is sent to the mailing lists.
** A six (6) week waiting period.
** if there is no new maintainer, then the branch goes to into EOL status
* Branches only have community support status if there is an active community member willing to step into the maintainer role for that series
* All the same repos are covered as in Stable
* Follows the same the Stable processes, except;
** Patches merge to the main repository but in a community/XXX namespace
** Automated testing is on a best effort basis, some autobuilder cycles may be available but not guaranteed.
** The maintainer is required to publish a testing plan to show what testing will be made for patches to merge to the community branch.
** No point releases version and no release artifacts
* Master first policy recommended

'''EOL (End of life):'''
* No community support maintainer after the six (6) week waiting period
* When there is no longer any active community maintainer, branches become EOL
** No new changes for 2 months
* Artifacts will be removed for EOL older than????
** process under development

== LTS “Mixin” repositories ==
We realise that a given LTS may need other versions of some components within its lifetime as no “one size” fits everyone’s needs. Rather than adding potentially invasive changes to older releases (such as new gcc versions), the project proposes the use of “mixin” layers (see https://docs.yoctoproject.org/dev//ref-manual/release-process.html#stable-release-process).

The structure would be to create them in the repository meta-lts-mixins with the branch naming scheme <releaseseries>/<mixin name>. We expect this may be used for gcc and possibly for rapidly changing languages like go/nodejs/rust. Policies on testing these layers will depend on how widespread their usage is and determined on a case by case basis. There may be other 'mixin' layers within the wider community too. Access to the repository branches can be granted by the Yocto Project TSC upon application.

The layers should have a single purpose and be Yocto Project Compatible (passing the test script) allowing them to be selected by users as needed. The maintainer should be listed in the README and note when the layer is no longer maintained.

== Stable/LTS Patch Acceptance Policies ==
All changes must have already been accepted into the current master release and any other release still within its “stable” seven month support window.

Patches must pass testing on the project’s automated test infrastructure.

'''Acceptable:'''
* Security and CVE fixes
* Fixes for bugs
* Changes to follow an upstream stable series or LTS that aligns with the original release (based on compatibility)

'''Potentially Acceptable:'''
* Fixes so codebase works with newly released distros (only in the first six months after a given release series first releases)
* Bug fix only version upgrades for upstreams with a good stable process

'''Unacceptable:'''
* General version upgrades
* New features
* ABI/API breakage

== Components (layers) to be covered ==

The project LTS covers:
* Bitbake
* OE-Core
* Meta-yocto
* yocto-docs

The project LTS does not cover:
* meta-mingw
* meta-gplv2
* vendor layers

Other layers can and will have their own LTS processes.

== Testing ==
The project releases are only tested using the automated testing based on virtual environments. The build host OSes used to run these tests are determined at the initial release time. For LTS releases only some subset of native OSes maybe supported, particularly where the lifetime of the OS would be shorter than the LTS.

Further testing of releases, e.g. on real hardware platforms is encouraged and there is a process to allow these results to be merged into the release test results but the process for making the release no longer depends upon this happening.

== Process ( TOC)==
* Need to document the following processes:
** How maintainer is selected
** How are patches proposed - Done
** How are patches queued/tested/reviewed/merged - Done
** When are point releases made? - Done
** How to trigger and run a point release - Done
** Release process itself
** Transferring stable/LTS release to community/EOL status - YP TSC
** New maintainer training - TBD

== Requesting a fix in a stable branch ==

With reference to the above policies, if you would like to request a backport of a commit in a newer release, you can either (a) do the backport yourself and send the patch marked with <tt>[branchname]</tt> to the appropriate mailing list; or alternatively (b) you can send a simple request giving commit hashes / URLs that you would like to be backported. In both cases it helps to CC the maintainer - refer to the [[Stable branch maintenance|stable release table]].

For information on which mailing list you should send these to see the README file in [https://git.openembedded.org/openembedded-core/tree/README.OE-Core.md OE-Core], [https://git.openembedded.org/bitbake/tree/README bitbake], [https://git.yoctoproject.org/meta-yocto/tree/meta-poky/README.poky.md meta-yocto], [https://git.yoctoproject.org/yocto-docs/tree/documentation/README yocto-docs]. Each repository should contain a README file at the root.

== '''Maintainer Procedures''' ==

=== Normal process ===

When there are enough changes (or a few critical ones), the stable/LTS maintainer should follow this procedure:

# Look out for patches on the mailing list marked with the appropriate branch name in the subject
# Look through recently merged patches in master that are suitable for backporting
# Collect patches together on a branch
#* If a submitted patch is a backport from master, rather than taking the patch as submitted, it is preferable to backport the patch from master so that the original commit message is preserved.
#* If you do the backporting from poky you will get the original commit ID in the commit message which is useful for reference.
#* It is beneficial to change the original commit ID line to say "OE-Core master rev" instead of "OE-Core rev" to distinguish it from the OE-Core branch revision that will be added when the commit is merged
# Run a local build or two to pick up any obvious problems
# Bitbake change should be in the bitbake-contrib repo
## https://git.openembedded.org/bitbake-contrib stable/{branch}-nut
# Openembedded-core changes should be be in the openembedded-core-contrib stable/{branch}-nut
## https://git.openembedded.org/openembedded-core-contrib
# Meta-yocto changes should be in poky-contrib meta-yocto/stable/{branch}-nut
## git://git.yoctoproject.org/poky-contrib
# yocto-docs changes should be in poky-contrib yocto-docs/stable/{branch}-nut
## git://git.yoctoproject.org/poky-contrib
#Now create your Poky distro for testing.
## The Autobuilder requires changes to reside in poky, bitbake and openembedded-core
## Combine bitabke, core, meta-yocto and yocto-docs changes into one repo.
## Push the changes to poky-contrib stable/{branch}-nut
## git://git.yoctoproject.org/poky-contrib
# Test the changes on the autobuilder (see [[How to start a build on the Autobuilder]])
#* Make sure you check directly for the results of the build as these won't be reported to the yocto-builds mailing list.
## For any build failure, Defects should be opened
## Address any build failures, update repo's accordingly and rebuild

There will very likely be a number of these cycles during the lifetime of the stable branch.

=== Patch review ===
# When collating patches for review, Make sure of the following:
## Subject indicates "Patch review"
## Provide a deadline for any comments included in the body of the email
## Standard to date is 2 days.
###Exception is if the changes are patches sent to the appropriate mailing list.
## Use the appropriate branch reference.
## Use create-pull-request -p "{branch}" ...{etc}
# Send any bitbake changes bitbake-devel mailing list
# Send any OE-Core changes openembedded-core mailing list.
# Send any meta-yocto changes to the poky@lists.yoctoproject.org mailing list.
# Send any yocto-docs changes the docs@lists.yoctoproject.org mailing list.
# Wait for any feedback
## If there are changes make any necessary adjustments
### rebuild if necessary
# Push any changes to the appropriate repos and branches.

=== Merge request===
# Push affected repos and branches to stable/{branch}-next branch
# When preparing patches for merge, Make sure of the following:
## Subject indicates "Merge Request"
## Use the appropriate branch reference.
## Use create-pull-requests -p"{branch}"
# Send any bitbake changes bitbake-devel mailing list
# Send any OE-Core changes openembedded-core mailing list.
# Send any meta-yocto changes to the poky@lists.yoctoproject.org mailing list.
# Send any yocto-docs changes the docs@lists.yoctoproject.org mailing list.
# When the patches are merged, mark any bugs specific to the stable branch as resolved as appropriate

=== Point release ===

Normally point releases are scheduled in advance as appropriate - contact Stephen Jolley <sjolley.yp.pm@gmail.com> and CC: Ricard Purdie <richard.purdie@linuxfoundation.org> about scheduling point releases.

# Update yocto-docs with release information.
## Send a patch to docs@lists.yoctoproject.org
# Once all dot release changes are merged, ask Richard to run the release candidate build
#* The stable branch or LTS maintainer should monitor the build and follow up on any failures
# When the release candidate build completes successfully, The stable branch or LTS maintainer should notify the QA team to start the release QA process.
# Gather together changes in the form needed for a release notes and send them Yocto Project TSC, Branch or LTS maintainer for review and approval.
## If acceptable the changes will be incorporated into the final release notes and to Stephen Jolley <sjolley.yp.pm@gmail.com> so he can have them in preparation for the release meeting.
# Send a patch to update the stable version in meta-yocto/conf/distro/poky.conf for the release

=== Other ===

* It is useful to provide status updates on the Yocto Project technical call, particularly coming up to a stable release. If you're not able to be on the call, send the status update information to Stephen Jolley <sjolley.yp.pm@gmail.com> and he will present it.

=== Releases ===
[[Releases|Yocto Project releases]]

=== Kernel LTS ===
[[Linux Yocto#Release_Cadence|Kernel cadence]]

=== New Releases process ===
[[Yocto Project Release Process|Standard release process]]

== Decision Makers==
Decisions are expected to be handled by the maintainers. The TSC holds the ultimate decision making authority in case of disagreement. The TSC makes the final release go/nogo decisions.

Weekly Status

2026-03-09T07:42:21Z

Yoann Congal: Typo dashbard -> dashboard

== Yocto Project Status 3 March 2026 ==
Current Dev Position: YP 6.0 M3 
Next Deadline: YP 6.0 M3 Build Date 2026-03-09 

'''Next Team Meetings:''' 
*Bug Triage meeting - Thursday 5th Mar. 7:30am PDT (https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09)
*Weekly Project Engineering Sync - Tuesday 3rd Mar. 8am PDT (https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09)
*Yocto Project Patch Review - Thursday 5th Mar. 10am GMT and Monday 9th Mar. 9am PDT (https://zoom.us/j/97762397148?pwd=1xk0iC9hp9SjEonaTaONwTb6iWry4Eb.1)

'''Project data dashboard: https://dashboard.yoctoproject.org/''' 

'''Key Status/Updates:''' 
*YP 4.0.33 has been released
*YP 5.0.16 is in TSC review
*YP 6.0 M2, 5.3.2, & 4.0.34 are in QA.
**We are aware of changes in QA timelines and are discussing how to address them.
*We have issues which need further work that will block M3:
**x86 kvm seemingly broken with certain CPU features (#16074)
**AB-INT: opkg-build segmentation fault (memory corruption in pseudo?) (#16078)
**Failure to generate regression reports in release builds
*We also have issues we need to resolve before release:
**Allowing non-destructive git fetcher updates for bitbake-setup.
**Splitting wic into an external tool.
**Kernel rust support.
**Switching to pkg-config.
**Deprecation of ltp (upstream dropped runltp and mandate kirk)
**How to improve DEBUG_BUILD?
**DISTRO_FEATURES defaults improvements.
**SBOM/cve-check changes.
**Reconcile poky and OE-Core defaults templates.
*OE-Core switched to enabling a hash equivalence server by default.
*We’re working through the backlog of patches and the high number of intermittent build failures is still problematic. We continue to struggle for bandwidth for changes needing in depth review/feedback. This could impact features making it into the LTS.
*The project has a booth at Embedded World next week, feel free to come and say Hi if you’re there!

'''Ways to contribute:''' 
*We have several open issues for pseudo and limited maintainer time to work on them. Help from someone familiar with systems programming in C would be greatly appreciated. https://bugzilla.yoctoproject.org/buglist.cgi?list_id=661406&priority=High&priority=Medium%2B&product=Pseudo&query_format=advanced&resolution=---
*There are a large number of intermittent failures on our autobuilder, any help with investigating, reproducing or solving these issues would be welcome! https://valkyrie.yocto.io/pub/non-release/abint/
*Many recipes in openembedded-core would benefit from a new recipe maintainer. Please look at https://git.openembedded.org/openembedded-core/tree/meta/conf/distro/include/maintainers.inc and see if you can adopt any of the unassigned recipes.
*For more ways to contribute, see https://docs.google.com/document/d/18oxKWxLorfF813h82mK6yKTIHeBp_-9owFuCWbzgjOk/edit?usp=sharing

'''New to the project?''' 
*We have a list of issues we think are good places to start contributing: https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=NEWCOMER

'''Tracking Metrics:''' 
*WDD 2908 (last week 2893) (https://wiki.yoctoproject.org/charts/combo.html)
*OE-Core/Poky Patch Metrics
**Total patches found: 11063 (last week 1107)
**Patches in the Pending State: 151 (14%) [last week 151 (14%)]
**https://valkyrie.yocto.io/pub/non-release/patchmetrics/

'''YP 6.0 Milestone Dates:''' 
*YP 6.0 M2 is in QA.
*YP 6.0 M3 Build Date 2026-03-09
*YP 6.0 M3 Release Date 2026-03-20
*YP 6.0 M4 Build Date 2026-03-30
*YP 6.0 M4 Release Date 2026-04-26

'''Upcoming dot releases:''' 
*YP 5.0.16 is in review.
*YP 5.3.2 is in QA.
*YP 4.0.34 is in QA.
*YP 5.3.3 Build Date 2026-03-09
*YP 5.3.3 Release Date 2026-03-20
*YP 5.0.17 Build Date 2026-03-16
*YP 5.0.17 Release Date 2026-03-23
*YP 4.0.35 Build Date 2026-04-06
*YP 4.0.35 Release Date 2026-04-17
*YP 5.3.4 Build Date 2026-04-13
*YP 5.3.4 Release Date 2026-04-24
*YP 5.0.18 Build Date 2026-04-20
*YP 5.0.18 Release Date 2026-05-01
*YP 5.0.19 Build Date 2026-05-26
*YP 5.0.19 Release Date 2026-06-05

'''The Yocto Project’s technical governance is through its Technical Steering Committee, more information is available at:''' 
https://wiki.yoctoproject.org/wiki/TSC 

== Archives ==
*[[2026 Yocto Project Weekly Status Archive]]
*[[2025 Yocto Project Weekly Status Archive]]
*[[2024 Yocto Project Weekly Status Archive]]
*[[2023 Yocto Project Weekly Status Archive]]
*[[2022 Yocto Project Weekly Status Archive]]
*[[2021 Yocto Project Weekly Status Archive]]
*[[2020 Yocto Project Weekly Status Archive]]
*[[2019 Yocto Project Weekly Status Archive]]
*[[2018 Yocto Project Weekly Status Archive]]

Weekly Status

2026-02-24T16:03:31Z

Yoann Congal: 5.2.3 -> 5.3.2

== Yocto Project Status 24 February 2026 ==
Current Dev Position: YP 6.0 M2 
Next Deadline: YP 6.0 M2 Build Date 2026-02-16 

'''Next Team Meetings:''' 
*Bug Triage meeting - Thursday 26th Feb. 7:30am PDT (https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09)
*Weekly Project Engineering Sync - Tuesday 24th Feb. 8am PDT (https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09)
*Yocto Project Patch Review - Thursday 26th Feb. 10am GMT and Monday 2nd Mar. 9am PDT (https://zoom.us/j/97762397148?pwd=1xk0iC9hp9SjEonaTaONwTb6iWry4Eb.1)

'''Project data dashboard: https://dashboard.yoctoproject.org/''' 

'''Key Status/Updates:''' 
*YP 4.0.33 is due for release
*YP 5.0.16 is in QA
*YP 5.3.2 is queued for QA
*YP 6.0 M2 is due to build when we have patches merged
*We have two open high issues which need further work that will block M3:
**x86 kvm broken on Fedora 43 (cpu features issue?) (#16074)
**AB-INT: opkg-build segmentation fault (memory corruption in pseudo?) (#16078)
*We also have issues we need to resolve before release:
**Allowing non-destructive git fetcher updates for bitbake-setup
**Splitting wic into an external tool
**Kernel rust support
**Switching to pkg-config
**Deprecation of ltp (upstream dropped runltp and mandate kirk)
**How to improve DEBUG_BUILD?
**DISTRO_FEATURES changes to ‘nodistro’ in OE-Core
**SBOM/cve-check changes
*We updated “nodistro” to use 3 of the include files poky was already using:
**Space optimization to reduce build footprint and sstate object size
**Disabling most static libraries by default (build size/speed wins)
**Enabling security flags by default
*“nodistro” now also enables uninative by default to allow for better CDN sstate reuse
*Distros now need to use INIT_MANAGER to select their preferred init system with the default being systemd for “nodistro”. Poky’s defaults remain unchanged and we don’t have plans to change this at this time due to the work involved and impact (e.g test result comparisons).
*The number of intermittent failures affecting builds, both stable and development, continues to be problematic - we continue to prioritise addressing these since any given build is now statistically likely to hit one or more of them.
*Patches are merging but there is a backlog and we’ve had to prioritize simpler changes. We continue to struggle for bandwidth for changes needing in depth review/feedback. This could impact features making it into the LTS.

'''Ways to contribute:''' 
*We have several open issues for pseudo and limited maintainer time to work on them. Help from someone familiar with systems programming in C would be greatly appreciated. https://bugzilla.yoctoproject.org/buglist.cgi?list_id=661406&priority=High&priority=Medium%2B&product=Pseudo&query_format=advanced&resolution=---
*There are a large number of intermittent failures on our autobuilder, any help with investigating, reproducing or solving these issues would be welcome! https://valkyrie.yocto.io/pub/non-release/abint/
*Many recipes in openembedded-core would benefit from a new recipe maintainer. Please look at https://git.openembedded.org/openembedded-core/tree/meta/conf/distro/include/maintainers.inc and see if you can adopt any of the unassigned recipes.
*For more ways to contribute, see https://docs.google.com/document/d/18oxKWxLorfF813h82mK6yKTIHeBp_-9owFuCWbzgjOk/edit?usp=sharing

'''New to the project?''' 
*We have a list of issues we think are good places to start contributing: https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=NEWCOMER

'''Tracking Metrics:''' 
*WDD 2893 (last week 2941) (https://wiki.yoctoproject.org/charts/combo.html)
*OE-Core/Poky Patch Metrics
**Total patches found: 1107 (last week 1108)
**Patches in the Pending State: 151 (14%) [last week 151 (14%)]
**https://valkyrie.yocto.io/pub/non-release/patchmetrics/

'''YP 6.0 Milestone Dates:''' 
*YP 6.0 M2 Build Date 2026-02-16
*YP 6.0 M2 Release Date 2026-02-27
*YP 6.0 M3 Build Date 2026-03-09
*YP 6.0 M3 Release Date 2026-03-20
*YP 6.0 M4 Build Date 2026-03-30
*YP 6.0 M4 Release Date 2026-04-26

'''Upcoming dot releases:''' 
*YP 5.0.16 Release Date 2026-02-20
*YP 5.3.2 Release Date 2026-02-27
*YP 4.0.34 Build Date 2026-02-23
*YP 4.0.34 Release Date 2026-03-06
*YP 5.3.3 Build Date 2026-03-09
*YP 5.3.3 Release Date 2026-03-20
*YP 5.0.17 Build Date 2026-03-16
*YP 5.0.17 Release Date 2026-03-23
*YP 4.0.35 Build Date 2026-04-06
*YP 4.0.35 Release Date 2026-04-17
*YP 5.3.4 Build Date 2026-04-13
*YP 5.3.4 Release Date 2026-04-24
*YP 5.0.18 Build Date 2026-04-20
*YP 5.0.18 Release Date 2026-05-01
*YP 5.0.19 Build Date 2026-05-26
*YP 5.0.19 Release Date 2026-06-05

'''The Yocto Project’s technical governance is through its Technical Steering Committee, more information is available at:''' 
https://wiki.yoctoproject.org/wiki/TSC 

== Archives ==
*[[2026 Yocto Project Weekly Status Archive]]
*[[2025 Yocto Project Weekly Status Archive]]
*[[2024 Yocto Project Weekly Status Archive]]
*[[2023 Yocto Project Weekly Status Archive]]
*[[2022 Yocto Project Weekly Status Archive]]
*[[2021 Yocto Project Weekly Status Archive]]
*[[2020 Yocto Project Weekly Status Archive]]
*[[2019 Yocto Project Weekly Status Archive]]
*[[2018 Yocto Project Weekly Status Archive]]

Releases

2026-01-09T11:27:03Z

Yoann Congal: Set maintainer as myself for supported stable/LTS branches

'''Note that https://www.yoctoproject.org/development/releases/ is the preferred source of information.'''

This page remains as it currently contains more information.

== Release Activity==

See also [https://docs.yoctoproject.org/dev/_images/releases.svg a graphical release timeline].

Releases can be downloaded at https://www.yoctoproject.org/software-overview/downloads/

{| class="wikitable" border="2"
!Codename
!Yocto Project Version
!Release Date
!Current Version
!Support Level
!Poky Version
!BitBake branch
! Maintainer
!Notes
|-
|Wrynose (like 'rhinos')
|6.0
| April 2026
|
|Future
|N/A
|2.18
|Richard Purdie <richard.purdie@linuxfoundation.org>
|
|-
|Whinlatter (like 'win latter')
|5.3
| December 2025
|5.3 (December 2025)
|Support for 6 months (until May 2026)
|N/A
|2.16
|Yoann Congal <yoann.congal@smile.fr>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Walnascar (aka Walna)
|5.2
| May 2025
|5.2.4 (October 2025)
|EOL since November 2025
|N/A
|2.12
|Steve Sakoman <steve@sakoman.com>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Styhead (like 'try head')
|5.1
| October 2024
|5.1.4 (April 2025)
|EOL
|N/A
|2.10
|Steve Sakoman <steve@sakoman.com>
|
|-
|Scarthgap
|5.0
| April 2024
| 5.0.14 (December 2025)
|Long Term Support (until April 2028)
|N/A
|2.8
|Yoann Congal <yoann.congal@smile.fr>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Nanbield (like 'man field')
|4.3
| November 2023
| 4.3.4 (April 2024)
| EOL
|N/A
|2.6
|Steve Sakoman <steve@sakoman.com>
|- style="color: slategray;"
|Mickledore
|4.2
| May 2023
| 4.2.4 (December 2023)
| EOL
|N/A
|2.4
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Langdale
|4.1
| October 2022
| 4.1.4 (May 2023)
| EOL
|N/A
|2.2
|Steve Sakoman <steve@sakoman.com>
|-
|Kirkstone (like 'kirk stun')
|4.0
|May 2022
|4.0.32 (December 2025)
|Long Term Support (Apr. 2026¹)
|N/A
|2.0
|Yoann Congal <yoann.congal@smile.fr>
|-
|-style="color: slategray;"
|Honister
|3.4
|October 2021
|3.4.4 (May 2022)
|EOL
|N/A
|1.52
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Hardknott
|3.3
|April 2021
|3.3.6 (April 2022)
|EOL
|N/A
|1.50
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Gatesgarth
|3.2
|Oct 2020
|3.2.4 (May 2021)
|EOL
|N/A
|1.48
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Dunfell
|3.1
|April 2020
|3.1.33 (May 2024)
| EOL - LTS¹
|23.0
|1.46
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Zeus
|3.0
|October 2019
|3.0.4 (August 2020)
|EOL
|22.0.3
|1.44
| Anuj/Armin
|-style="color: slategray;"
|Warrior
|2.7
|April 2019
|2.7.4 (June 2020)
|EOL
|21.0
|1.42
|Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Thud
|2.6
|Nov 2018
|2.6.4 (October 2019)
|EOL
|20.0
|1.40
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Sumo
|2.5
|April 2018
|2.5.3 (April 2019)
|EOL
|19.0
|1.38
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Rocko
|2.4
|Oct 2017
|2.4.4 (November 2018)
|EOL
|18.0
|1.36
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Pyro
|2.3
|May 2017
|2.3.4 (July 2018)
|EOL
|17.0
|1.34
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Morty
|2.2
|Nov 2016
|2.2.4 (July 2018)
|EOL
|16.0
|1.32
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Krogoth
|2.1
|Apr 2016
|2.1.3 (July 2017)
|EOL
|15.0
|1.30
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Jethro
|2.0
|Nov 2015
|2.0.3 (January 2017)
|EOL
|14.0
|1.28
|Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Fido
|1.8
|Apr 2015
|1.8.2
|EOL
|13.0
|1.26
|Joshua Lock <joshua.g.lock@intel.com>
|-style="color: slategray;"
|Dizzy
|1.7
|Oct 2014
|1.7.3
|EOL
|12.0
|1.24
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Daisy
|1.6
|Apr 2014
|1.6.3
|EOL
|11.0
|1.22
| Saul Wold <sgw@linux.intel.com>
|-style="color: slategray;"
|Dora
|1.5
|Oct 2013
|1.5.4
|EOL
|10.0
|1.20
| Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Dylan
|1.4
|Apr 2013
|1.4.3
|EOL
|9.0
|1.18
| Paul Eggleton <paul.eggleton@linux.intel.com>
|-style="color: slategray;"
|Danny
|1.3
|Oct 2012
|1.3.2
|EOL
|8.0
|1.16
|Ross Burton <ross.burton@intel.com>
|-style="color: slategray;"
|Denzil
|1.2
|Apr 2012
|1.2.2
|EOL
|7.0
|1.15
|-style="color: slategray;"
|Edison
|1.1
|Oct 2011
|1.1.2
|EOL
|6.0
|1.13
|-style="color: slategray;"
|Bernard
|1.0
|Apr 2011
|1.0.2
|EOL
|5.0
|1.11
|-style="color: slategray;"
|Laverne
|0.9
|Oct 2010
|
|
|4.0
|1.11
|-style="color: slategray;"
|Green
|N/A
|11 June 2010
|
|
|3.3
|
|-style="color: slategray;"
|Purple
|N/A
|15 Dec 2009
|
|
|3.2
|
|-style="color: slategray;"
|Pinky
|N/A
|12 Nov 2009
|
|
|3.1
|
|-style="color: slategray;"
|Blinky
|N/A
|1 Aug 2007
|
|
|3.0
|
|-style="color: slategray;"
|Clyde
|N/A
|19 Jan 2007
|
|
|2.0
|
|-style="color: slategray;"
|Inky
|N/A
|10 Feb 2006
|
|
|1.0
|
|}

'''Note:''' see also [[Stable Release and LTS]], [[Linux Yocto]], [[Planning]] and [[Release Feature Table]] pages. EOL means some community support on email lists but no commit updates in the repos. There is also OS Vendor support for some Yocto EOL releases.

¹ The 3.1 series and 4.0 were originally planned for two years but extended to four. Future LTS releases are planned for 4 years.

== Releases Links==
{| class="wikitable" border="2"
| align="center" style="background:#f0f0f0;"|'''Yocto Project Release'''
| align="center" style="background:#f0f0f0;"|'''Code Name'''
| align="center" style="background:#f0f0f0;"|'''Poky version'''
| align="center" style="background:#f0f0f0;"|'''Maintainer'''
| align="center" style="background:#f0f0f0;"|'''Features'''
| align="center" style="background:#f0f0f0;"|'''Schedule'''
| align="center" style="background:#f0f0f0;"|'''Status'''
| align="center" style="background:#f0f0f0;"|'''QA Test Plan'''
| align="center" style="background:#f0f0f0;"|'''QA Test Report'''
| align="center" style="background:#f0f0f0;"|'''Release notes'''

|-valign="top"
| Yocto Project 3.4
| Honister
| 26.0
| Anuj Mittal
| [[Yocto_3.4_Features]]
| [[Yocto_3.4_Schedule]]
| [[Yocto_Project_v3.4_Status]]
| [[Yocto_Project_3.4_Release_Test_Plan | Yocto_3.4_Overall_Test_Plan]]
| [[Yocto_Project_3.4_Release_Test_Plan#Execution_History | 3.4 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/229 3.4 release notes]
|-
| Yocto Project 3.3
| Hardknott
| 25.0
| Anuj Mittal
| [[Yocto_3.3_Features]]
| [[Yocto_3.3_Schedule]]
| [[Yocto_Project_v3.3_Status]]
| [[Yocto_Project_3.3_Release_Test_Plan | Yocto_3.3_Overall_Test_Plan]]
| [[Yocto_Project_3.3_Release_Test_Plan#Execution_History | 3.3 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/215 3.3 release notes]
|-
| Yocto Project 3.2
| Gatesgarth
| 24.0
| Anuj Mittal
| [[Yocto_3.2_Features]]
| [[Yocto_3.2_Schedule]]
| [[Yocto_Project_v3.2_Status]]
| [[Yocto_Project_3.2_Release_Test_Plan | Yocto_3.2_Overall_Test_Plan]]
| [[Yocto_Project_3.2_Release_Test_Plan#Execution_History | 3.2 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/51262 3.2 release notes]
|-
|-valign="top"
| Yocto Project 3.1
| Dunfell
| 23.0
| Steve Sakoman
| [[Yocto_3.1_Features]]
| [[Yocto_3.1_Schedule]]
| [[Yocto_Project_v3.1_Status]]
| [[Yocto_Project_3.1_Release_Test_Plan | Yocto_3.1_Overall_Test_Plan]]
| [[Yocto_Project_3.1_Release_Test_Plan#Execution_History | 3.1 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/49201 3.1 release notes]
|-

|-valign="top"
| Yocto Project 3.0
| Zeus
| 22.0
| Armin Kuster/Anuj Mittal
| [[Yocto_2.8_Features]]
| [[Yocto_2.8_Schedule]]
| [[Yocto_Project_v2.8_Status]]
| [[Yocto_Project_2.8_Release_Test_Plan | Yocto_2.8_Overall_Test_Plan]]
| [[Yocto_Project_2.8_Release_Test_Plan#Execution_History | 2.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-October/047111.html 3.0 release notes]
|-
|-valign="top"
| Yocto Project 2.7
| Warrior
| 21.0
| Community
| [[Yocto_2.7_Features]]
| [[Yocto_2.7_Schedule]]
| [[Yocto_Project_v2.7_Status]]
| [[Yocto_Project_2.7_Release_Test_Plan | Yocto_2.7_Overall_Test_Plan]]
| [[Yocto_Project_2.7_Release_Test_Plan#Execution_History | 2.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-May/045028.html 2.7 release notes]
|-
|-valign="top"
| Yocto Project 2.6
| Thud
| 20.0
| Community
| [[Yocto_2.6_Features]]
| [[Yocto_2.6_Schedule]]
| [[Yocto_Project_v2.6_Status]]
| [[Yocto_Project_2.6_Release_Test_Plan | Yocto_2.6_Overall_Test_Plan]]
| [[Yocto_Project_2.6_Release_Test_Plan#Execution_History | 2.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-November/000147.html 2.6 release notes]
|-
|-valign="top"
| Yocto Project 2.5
| Sumo
| 19.0
| Community
| [[Yocto_2.5_Features]]
| [[Yocto_2.5_Schedule]]
| [[Yocto_Project_v2.5_Status]]
| [[Yocto_Project_2.5_Release_Test_Plan | Yocto_2.5_Overall_Test_Plan]]
| [[Yocto_Project_2.5_Release_Test_Plan#Execution_History | 2.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-May/000136.html 2.5 release notes]
|-
|-valign="top"
| Yocto Project 2.4
| Rocko
| 18.0
| Community
| [[Yocto_2.4_Features]]
| [[Yocto_2.4_Schedule]]
| [[Yocto_Project_v2.4_Status]]
| [[Yocto_Project_2.4_Release_Test_Plan | Yocto_2.4_Overall_Test_Plan]]
| [[Yocto_Project_2.4_Release_Test_Plan#Execution_History | 2.4 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-October/000125.html 2.4 release notes]
|-
|-valign="top"
| Yocto Project 2.3
| Pyro
| 17.0
| Community
| [[Yocto_2.3_Features]]
| [[Yocto_2.3_Schedule]]
| [[Yocto_Project_v2.3_Status]]
| [[Yocto_Project_2.3_Release_Test_Plan | Yocto_2.3_Overall_Test_Plan]]
| [[Yocto_Project_2.3_Release_Test_Plan#Execution_History | 2.3 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-May/000112.html 2.3 release notes]
|-
|-valign="top"
| Yocto Project 2.2
| Morty
| 16.0
| Community
| [[Yocto_2.2_Features]]
| [[Yocto_2.2_Schedule]]
| [[Yocto_Project_v2.2_Status]]
| [[Yocto_2.2_Overall_Test_Plan]]
| [[Yocto_Project_2.2_Release_Test_Plan#Execution_History | 2.2 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-November/000101.html 2.2 release notes]
|-
|-valign="top"
| Yocto Project 2.1
| Krogoth
| 15.0
| Community
| [[Yocto_2.1_Features]]
| [[Yocto_2.1_Schedule]]
| [[Yocto_Project_v2.1_Status]]
| [[Yocto_2.1_Overall_Test_Plan]]
| [[2.1 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-May/000089.html 2.1 release notes]
|-
|-valign="top"
| Yocto Project 2.0
| Jethro
| 14.0
| Community
| [[Yocto_1.9_Features]]
| [[Yocto_1.9_Schedule]]
| [[Yocto_Project_v1.9_Status]]
|
| [[1.9 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-November/000076.html 2.0 release notes]
|-valign="top"
| Yocto Project 1.8
| Fido
| 13.0
| Community
| [[Yocto_1.8_Features]]
| [[Yocto_1.8_Schedule]]
| [[Yocto_Project_v1.8_Status]]
| [[Yocto_1.8_Overall_Test_Plan]]
| [[1.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-April/000062.html 1.8 release notes]
|-
| Yocto Project 1.7
| Dizzy
| 12.0
| Community
| [[Yocto_1.7_Features]]
| [[Yocto_1.7_Schedule]]
| [[Yocto_Project_v1.7_Status]]
| [[Yocto_1.7_Overall_Test_Plan]]
| [[1.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-October/000053.html 1.7 release notes]
|-
| Yocto Project 1.6
| Daisy
| 11.0
| Community
| [[Yocto_1.6_Features]]
| [[Yocto_1.6_Schedule]]
| [[Yocto_Project_v1.6_Status]]
| [[Yocto_1.6_Overall_Test_Plan]]
| [[1.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-April/000045.html 1.6 release notes]
|-
| Yocto Project 1.5
| Dora
| 10.0
| Community
| [[Yocto_1.5_Features]]
| [[Yocto_1.5_Schedule]]
| [[Yocto_Project_v1.5_Status]]
| [[Yocto_1.5_Overall_Test_Plan]]
| [[1.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-October/000037.html 1.5 release notes]
|-
| Yocto Project 1.4
| Dylan
| 9.0
| Community
| [[Yocto_1.4_Features]]
| [[Yocto_1.4_Schedule]]
| [[Yocto_Project_v1.4_Status]]
| [[Yocto_1.4_Overall_Test_Plan]]
| [[Yocto_1.4_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-April/000027.html 1.4 release notes]
|-
| Yocto Project 1.3
| Danny
| 8.0
| Community
| [[Yocto_1.3_Features]]
| [[Yocto_1.3_Schedule]]
| [[Yocto_Project_v1.3_Status]]
| [[Yocto_1.3_Overall_Test_Plan]]
| [[Yocto_1.3_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-October/000020.html 1.3 release notes]
|-
| Yocto Project 1.2
| Denzil
| 7.0
| Community
| [[Yocto_1.2_Features]]
| [[Yocto_1.2_Schedule]]
| [[Yocto_Project_v1.2_Status]]
| [[Yocto_1.2_Overall_Test_Plan]]
| [[Yocto_1.2_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-April/000009.html 1.2 release notes]
|-
| Yocto Project 1.1
| Edison
| 6.0
| Community
| [[Yocto_1.1_Features]]
| [[Yocto_1.1_Schedule]]
| [[Yocto_Project_v1.1_Release_Criteria]]
| [[Yocto_1.1_Overall_Test_Plan]]
| [[Yocto_1.1_Milestone_Test_Report]]
|
|-
| Yocto Project 1.0
| Bernard
| 5.0
| Community
| [[Yocto_Features]]
| [[Yocto_1.0_Schedule]]
| [[Yocto_Project_v1.0_Release_Criteria]]
| [[Yocto_1.0_Overall_Test_Plan]]
|
|
|}

Releases

2026-01-09T11:25:38Z

Yoann Congal: Display Walnascar as EOL

'''Note that https://www.yoctoproject.org/development/releases/ is the preferred source of information.'''

This page remains as it currently contains more information.

== Release Activity==

See also [https://docs.yoctoproject.org/dev/_images/releases.svg a graphical release timeline].

Releases can be downloaded at https://www.yoctoproject.org/software-overview/downloads/

{| class="wikitable" border="2"
!Codename
!Yocto Project Version
!Release Date
!Current Version
!Support Level
!Poky Version
!BitBake branch
! Maintainer
!Notes
|-
|Wrynose (like 'rhinos')
|6.0
| April 2026
|
|Future
|N/A
|2.18
|Richard Purdie <richard.purdie@linuxfoundation.org>
|
|-
|Whinlatter (like 'win latter')
|5.3
| December 2025
|5.3 (December 2025)
|Support for 6 months (until May 2026)
|N/A
|2.16
|Steve Sakoman <steve@sakoman.com>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Walnascar (aka Walna)
|5.2
| May 2025
|5.2.4 (October 2025)
|EOL since November 2025
|N/A
|2.12
|Steve Sakoman <steve@sakoman.com>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Styhead (like 'try head')
|5.1
| October 2024
|5.1.4 (April 2025)
|EOL
|N/A
|2.10
|Steve Sakoman <steve@sakoman.com>
|
|-
|Scarthgap
|5.0
| April 2024
| 5.0.14 (December 2025)
|Long Term Support (until April 2028)
|N/A
|2.8
|Steve Sakoman <steve@sakoman.com>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Nanbield (like 'man field')
|4.3
| November 2023
| 4.3.4 (April 2024)
| EOL
|N/A
|2.6
|Steve Sakoman <steve@sakoman.com>
|- style="color: slategray;"
|Mickledore
|4.2
| May 2023
| 4.2.4 (December 2023)
| EOL
|N/A
|2.4
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Langdale
|4.1
| October 2022
| 4.1.4 (May 2023)
| EOL
|N/A
|2.2
|Steve Sakoman <steve@sakoman.com>
|-
|Kirkstone (like 'kirk stun')
|4.0
|May 2022
|4.0.32 (December 2025)
|Long Term Support (Apr. 2026¹)
|N/A
|2.0
|Steve Sakoman <steve@sakoman.com>
|-
|-style="color: slategray;"
|Honister
|3.4
|October 2021
|3.4.4 (May 2022)
|EOL
|N/A
|1.52
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Hardknott
|3.3
|April 2021
|3.3.6 (April 2022)
|EOL
|N/A
|1.50
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Gatesgarth
|3.2
|Oct 2020
|3.2.4 (May 2021)
|EOL
|N/A
|1.48
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Dunfell
|3.1
|April 2020
|3.1.33 (May 2024)
| EOL - LTS¹
|23.0
|1.46
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Zeus
|3.0
|October 2019
|3.0.4 (August 2020)
|EOL
|22.0.3
|1.44
| Anuj/Armin
|-style="color: slategray;"
|Warrior
|2.7
|April 2019
|2.7.4 (June 2020)
|EOL
|21.0
|1.42
|Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Thud
|2.6
|Nov 2018
|2.6.4 (October 2019)
|EOL
|20.0
|1.40
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Sumo
|2.5
|April 2018
|2.5.3 (April 2019)
|EOL
|19.0
|1.38
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Rocko
|2.4
|Oct 2017
|2.4.4 (November 2018)
|EOL
|18.0
|1.36
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Pyro
|2.3
|May 2017
|2.3.4 (July 2018)
|EOL
|17.0
|1.34
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Morty
|2.2
|Nov 2016
|2.2.4 (July 2018)
|EOL
|16.0
|1.32
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Krogoth
|2.1
|Apr 2016
|2.1.3 (July 2017)
|EOL
|15.0
|1.30
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Jethro
|2.0
|Nov 2015
|2.0.3 (January 2017)
|EOL
|14.0
|1.28
|Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Fido
|1.8
|Apr 2015
|1.8.2
|EOL
|13.0
|1.26
|Joshua Lock <joshua.g.lock@intel.com>
|-style="color: slategray;"
|Dizzy
|1.7
|Oct 2014
|1.7.3
|EOL
|12.0
|1.24
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Daisy
|1.6
|Apr 2014
|1.6.3
|EOL
|11.0
|1.22
| Saul Wold <sgw@linux.intel.com>
|-style="color: slategray;"
|Dora
|1.5
|Oct 2013
|1.5.4
|EOL
|10.0
|1.20
| Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Dylan
|1.4
|Apr 2013
|1.4.3
|EOL
|9.0
|1.18
| Paul Eggleton <paul.eggleton@linux.intel.com>
|-style="color: slategray;"
|Danny
|1.3
|Oct 2012
|1.3.2
|EOL
|8.0
|1.16
|Ross Burton <ross.burton@intel.com>
|-style="color: slategray;"
|Denzil
|1.2
|Apr 2012
|1.2.2
|EOL
|7.0
|1.15
|-style="color: slategray;"
|Edison
|1.1
|Oct 2011
|1.1.2
|EOL
|6.0
|1.13
|-style="color: slategray;"
|Bernard
|1.0
|Apr 2011
|1.0.2
|EOL
|5.0
|1.11
|-style="color: slategray;"
|Laverne
|0.9
|Oct 2010
|
|
|4.0
|1.11
|-style="color: slategray;"
|Green
|N/A
|11 June 2010
|
|
|3.3
|
|-style="color: slategray;"
|Purple
|N/A
|15 Dec 2009
|
|
|3.2
|
|-style="color: slategray;"
|Pinky
|N/A
|12 Nov 2009
|
|
|3.1
|
|-style="color: slategray;"
|Blinky
|N/A
|1 Aug 2007
|
|
|3.0
|
|-style="color: slategray;"
|Clyde
|N/A
|19 Jan 2007
|
|
|2.0
|
|-style="color: slategray;"
|Inky
|N/A
|10 Feb 2006
|
|
|1.0
|
|}

'''Note:''' see also [[Stable Release and LTS]], [[Linux Yocto]], [[Planning]] and [[Release Feature Table]] pages. EOL means some community support on email lists but no commit updates in the repos. There is also OS Vendor support for some Yocto EOL releases.

¹ The 3.1 series and 4.0 were originally planned for two years but extended to four. Future LTS releases are planned for 4 years.

== Releases Links==
{| class="wikitable" border="2"
| align="center" style="background:#f0f0f0;"|'''Yocto Project Release'''
| align="center" style="background:#f0f0f0;"|'''Code Name'''
| align="center" style="background:#f0f0f0;"|'''Poky version'''
| align="center" style="background:#f0f0f0;"|'''Maintainer'''
| align="center" style="background:#f0f0f0;"|'''Features'''
| align="center" style="background:#f0f0f0;"|'''Schedule'''
| align="center" style="background:#f0f0f0;"|'''Status'''
| align="center" style="background:#f0f0f0;"|'''QA Test Plan'''
| align="center" style="background:#f0f0f0;"|'''QA Test Report'''
| align="center" style="background:#f0f0f0;"|'''Release notes'''

|-valign="top"
| Yocto Project 3.4
| Honister
| 26.0
| Anuj Mittal
| [[Yocto_3.4_Features]]
| [[Yocto_3.4_Schedule]]
| [[Yocto_Project_v3.4_Status]]
| [[Yocto_Project_3.4_Release_Test_Plan | Yocto_3.4_Overall_Test_Plan]]
| [[Yocto_Project_3.4_Release_Test_Plan#Execution_History | 3.4 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/229 3.4 release notes]
|-
| Yocto Project 3.3
| Hardknott
| 25.0
| Anuj Mittal
| [[Yocto_3.3_Features]]
| [[Yocto_3.3_Schedule]]
| [[Yocto_Project_v3.3_Status]]
| [[Yocto_Project_3.3_Release_Test_Plan | Yocto_3.3_Overall_Test_Plan]]
| [[Yocto_Project_3.3_Release_Test_Plan#Execution_History | 3.3 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/215 3.3 release notes]
|-
| Yocto Project 3.2
| Gatesgarth
| 24.0
| Anuj Mittal
| [[Yocto_3.2_Features]]
| [[Yocto_3.2_Schedule]]
| [[Yocto_Project_v3.2_Status]]
| [[Yocto_Project_3.2_Release_Test_Plan | Yocto_3.2_Overall_Test_Plan]]
| [[Yocto_Project_3.2_Release_Test_Plan#Execution_History | 3.2 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/51262 3.2 release notes]
|-
|-valign="top"
| Yocto Project 3.1
| Dunfell
| 23.0
| Steve Sakoman
| [[Yocto_3.1_Features]]
| [[Yocto_3.1_Schedule]]
| [[Yocto_Project_v3.1_Status]]
| [[Yocto_Project_3.1_Release_Test_Plan | Yocto_3.1_Overall_Test_Plan]]
| [[Yocto_Project_3.1_Release_Test_Plan#Execution_History | 3.1 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/49201 3.1 release notes]
|-

|-valign="top"
| Yocto Project 3.0
| Zeus
| 22.0
| Armin Kuster/Anuj Mittal
| [[Yocto_2.8_Features]]
| [[Yocto_2.8_Schedule]]
| [[Yocto_Project_v2.8_Status]]
| [[Yocto_Project_2.8_Release_Test_Plan | Yocto_2.8_Overall_Test_Plan]]
| [[Yocto_Project_2.8_Release_Test_Plan#Execution_History | 2.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-October/047111.html 3.0 release notes]
|-
|-valign="top"
| Yocto Project 2.7
| Warrior
| 21.0
| Community
| [[Yocto_2.7_Features]]
| [[Yocto_2.7_Schedule]]
| [[Yocto_Project_v2.7_Status]]
| [[Yocto_Project_2.7_Release_Test_Plan | Yocto_2.7_Overall_Test_Plan]]
| [[Yocto_Project_2.7_Release_Test_Plan#Execution_History | 2.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-May/045028.html 2.7 release notes]
|-
|-valign="top"
| Yocto Project 2.6
| Thud
| 20.0
| Community
| [[Yocto_2.6_Features]]
| [[Yocto_2.6_Schedule]]
| [[Yocto_Project_v2.6_Status]]
| [[Yocto_Project_2.6_Release_Test_Plan | Yocto_2.6_Overall_Test_Plan]]
| [[Yocto_Project_2.6_Release_Test_Plan#Execution_History | 2.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-November/000147.html 2.6 release notes]
|-
|-valign="top"
| Yocto Project 2.5
| Sumo
| 19.0
| Community
| [[Yocto_2.5_Features]]
| [[Yocto_2.5_Schedule]]
| [[Yocto_Project_v2.5_Status]]
| [[Yocto_Project_2.5_Release_Test_Plan | Yocto_2.5_Overall_Test_Plan]]
| [[Yocto_Project_2.5_Release_Test_Plan#Execution_History | 2.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-May/000136.html 2.5 release notes]
|-
|-valign="top"
| Yocto Project 2.4
| Rocko
| 18.0
| Community
| [[Yocto_2.4_Features]]
| [[Yocto_2.4_Schedule]]
| [[Yocto_Project_v2.4_Status]]
| [[Yocto_Project_2.4_Release_Test_Plan | Yocto_2.4_Overall_Test_Plan]]
| [[Yocto_Project_2.4_Release_Test_Plan#Execution_History | 2.4 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-October/000125.html 2.4 release notes]
|-
|-valign="top"
| Yocto Project 2.3
| Pyro
| 17.0
| Community
| [[Yocto_2.3_Features]]
| [[Yocto_2.3_Schedule]]
| [[Yocto_Project_v2.3_Status]]
| [[Yocto_Project_2.3_Release_Test_Plan | Yocto_2.3_Overall_Test_Plan]]
| [[Yocto_Project_2.3_Release_Test_Plan#Execution_History | 2.3 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-May/000112.html 2.3 release notes]
|-
|-valign="top"
| Yocto Project 2.2
| Morty
| 16.0
| Community
| [[Yocto_2.2_Features]]
| [[Yocto_2.2_Schedule]]
| [[Yocto_Project_v2.2_Status]]
| [[Yocto_2.2_Overall_Test_Plan]]
| [[Yocto_Project_2.2_Release_Test_Plan#Execution_History | 2.2 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-November/000101.html 2.2 release notes]
|-
|-valign="top"
| Yocto Project 2.1
| Krogoth
| 15.0
| Community
| [[Yocto_2.1_Features]]
| [[Yocto_2.1_Schedule]]
| [[Yocto_Project_v2.1_Status]]
| [[Yocto_2.1_Overall_Test_Plan]]
| [[2.1 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-May/000089.html 2.1 release notes]
|-
|-valign="top"
| Yocto Project 2.0
| Jethro
| 14.0
| Community
| [[Yocto_1.9_Features]]
| [[Yocto_1.9_Schedule]]
| [[Yocto_Project_v1.9_Status]]
|
| [[1.9 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-November/000076.html 2.0 release notes]
|-valign="top"
| Yocto Project 1.8
| Fido
| 13.0
| Community
| [[Yocto_1.8_Features]]
| [[Yocto_1.8_Schedule]]
| [[Yocto_Project_v1.8_Status]]
| [[Yocto_1.8_Overall_Test_Plan]]
| [[1.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-April/000062.html 1.8 release notes]
|-
| Yocto Project 1.7
| Dizzy
| 12.0
| Community
| [[Yocto_1.7_Features]]
| [[Yocto_1.7_Schedule]]
| [[Yocto_Project_v1.7_Status]]
| [[Yocto_1.7_Overall_Test_Plan]]
| [[1.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-October/000053.html 1.7 release notes]
|-
| Yocto Project 1.6
| Daisy
| 11.0
| Community
| [[Yocto_1.6_Features]]
| [[Yocto_1.6_Schedule]]
| [[Yocto_Project_v1.6_Status]]
| [[Yocto_1.6_Overall_Test_Plan]]
| [[1.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-April/000045.html 1.6 release notes]
|-
| Yocto Project 1.5
| Dora
| 10.0
| Community
| [[Yocto_1.5_Features]]
| [[Yocto_1.5_Schedule]]
| [[Yocto_Project_v1.5_Status]]
| [[Yocto_1.5_Overall_Test_Plan]]
| [[1.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-October/000037.html 1.5 release notes]
|-
| Yocto Project 1.4
| Dylan
| 9.0
| Community
| [[Yocto_1.4_Features]]
| [[Yocto_1.4_Schedule]]
| [[Yocto_Project_v1.4_Status]]
| [[Yocto_1.4_Overall_Test_Plan]]
| [[Yocto_1.4_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-April/000027.html 1.4 release notes]
|-
| Yocto Project 1.3
| Danny
| 8.0
| Community
| [[Yocto_1.3_Features]]
| [[Yocto_1.3_Schedule]]
| [[Yocto_Project_v1.3_Status]]
| [[Yocto_1.3_Overall_Test_Plan]]
| [[Yocto_1.3_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-October/000020.html 1.3 release notes]
|-
| Yocto Project 1.2
| Denzil
| 7.0
| Community
| [[Yocto_1.2_Features]]
| [[Yocto_1.2_Schedule]]
| [[Yocto_Project_v1.2_Status]]
| [[Yocto_1.2_Overall_Test_Plan]]
| [[Yocto_1.2_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-April/000009.html 1.2 release notes]
|-
| Yocto Project 1.1
| Edison
| 6.0
| Community
| [[Yocto_1.1_Features]]
| [[Yocto_1.1_Schedule]]
| [[Yocto_Project_v1.1_Release_Criteria]]
| [[Yocto_1.1_Overall_Test_Plan]]
| [[Yocto_1.1_Milestone_Test_Report]]
|
|-
| Yocto Project 1.0
| Bernard
| 5.0
| Community
| [[Yocto_Features]]
| [[Yocto_1.0_Schedule]]
| [[Yocto_Project_v1.0_Release_Criteria]]
| [[Yocto_1.0_Overall_Test_Plan]]
|
|
|}

Releases

2025-12-19T10:38:13Z

Yoann Congal: Precise support dates for Whinlatter (6 months, dec 2025 -> may 2026)

'''Note that https://www.yoctoproject.org/development/releases/ is the preferred source of information.'''

This page remains as it currently contains more information.

== Release Activity==

See also [https://docs.yoctoproject.org/dev/_images/releases.svg a graphical release timeline].

Releases can be downloaded at https://www.yoctoproject.org/software-overview/downloads/

{| class="wikitable" border="2"
!Codename
!Yocto Project Version
!Release Date
!Current Version
!Support Level
!Poky Version
!BitBake branch
! Maintainer
!Notes
|-
|Wrynose (like 'rhinos')
|6.0
| April 2026
|
|Future
|N/A
|2.18
|Richard Purdie <richard.purdie@linuxfoundation.org>
|
|-
|Whinlatter (like 'win latter')
|5.3
| December 2025
|5.3 (December 2025)
|Support for 6 months (until May 2026)
|N/A
|2.16
|Richard Purdie <richard.purdie@linuxfoundation.org>
|[[Recipe_Versions|Recipe versions]]
|-
|Walnascar (aka Walna)
|5.2
| May 2025
|5.2.4 (October 2025)
|Support for 7 months (until November 2025)
|N/A
|2.12
|Steve Sakoman <steve@sakoman.com>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Styhead (like 'try head')
|5.1
| October 2024
|5.1.4 (April 2025)
|EOL
|N/A
|2.10
|Steve Sakoman <steve@sakoman.com>
|
|-
|Scarthgap
|5.0
| April 2024
| 5.0.14 (December 2025)
|Long Term Support (until April 2028)
|N/A
|2.8
|Steve Sakoman <steve@sakoman.com>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Nanbield (like 'man field')
|4.3
| November 2023
| 4.3.4 (April 2024)
| EOL
|N/A
|2.6
|Steve Sakoman <steve@sakoman.com>
|- style="color: slategray;"
|Mickledore
|4.2
| May 2023
| 4.2.4 (December 2023)
| EOL
|N/A
|2.4
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Langdale
|4.1
| October 2022
| 4.1.4 (May 2023)
| EOL
|N/A
|2.2
|Steve Sakoman <steve@sakoman.com>
|-
|Kirkstone (like 'kirk stun')
|4.0
|May 2022
|4.0.31 (November 2025)
|Long Term Support (Apr. 2026¹)
|N/A
|2.0
|Steve Sakoman <steve@sakoman.com>
|-
|-style="color: slategray;"
|Honister
|3.4
|October 2021
|3.4.4 (May 2022)
|EOL
|N/A
|1.52
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Hardknott
|3.3
|April 2021
|3.3.6 (April 2022)
|EOL
|N/A
|1.50
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Gatesgarth
|3.2
|Oct 2020
|3.2.4 (May 2021)
|EOL
|N/A
|1.48
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Dunfell
|3.1
|April 2020
|3.1.33 (May 2024)
| EOL - LTS¹
|23.0
|1.46
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Zeus
|3.0
|October 2019
|3.0.4 (August 2020)
|EOL
|22.0.3
|1.44
| Anuj/Armin
|-style="color: slategray;"
|Warrior
|2.7
|April 2019
|2.7.4 (June 2020)
|EOL
|21.0
|1.42
|Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Thud
|2.6
|Nov 2018
|2.6.4 (October 2019)
|EOL
|20.0
|1.40
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Sumo
|2.5
|April 2018
|2.5.3 (April 2019)
|EOL
|19.0
|1.38
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Rocko
|2.4
|Oct 2017
|2.4.4 (November 2018)
|EOL
|18.0
|1.36
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Pyro
|2.3
|May 2017
|2.3.4 (July 2018)
|EOL
|17.0
|1.34
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Morty
|2.2
|Nov 2016
|2.2.4 (July 2018)
|EOL
|16.0
|1.32
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Krogoth
|2.1
|Apr 2016
|2.1.3 (July 2017)
|EOL
|15.0
|1.30
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Jethro
|2.0
|Nov 2015
|2.0.3 (January 2017)
|EOL
|14.0
|1.28
|Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Fido
|1.8
|Apr 2015
|1.8.2
|EOL
|13.0
|1.26
|Joshua Lock <joshua.g.lock@intel.com>
|-style="color: slategray;"
|Dizzy
|1.7
|Oct 2014
|1.7.3
|EOL
|12.0
|1.24
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Daisy
|1.6
|Apr 2014
|1.6.3
|EOL
|11.0
|1.22
| Saul Wold <sgw@linux.intel.com>
|-style="color: slategray;"
|Dora
|1.5
|Oct 2013
|1.5.4
|EOL
|10.0
|1.20
| Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Dylan
|1.4
|Apr 2013
|1.4.3
|EOL
|9.0
|1.18
| Paul Eggleton <paul.eggleton@linux.intel.com>
|-style="color: slategray;"
|Danny
|1.3
|Oct 2012
|1.3.2
|EOL
|8.0
|1.16
|Ross Burton <ross.burton@intel.com>
|-style="color: slategray;"
|Denzil
|1.2
|Apr 2012
|1.2.2
|EOL
|7.0
|1.15
|-style="color: slategray;"
|Edison
|1.1
|Oct 2011
|1.1.2
|EOL
|6.0
|1.13
|-style="color: slategray;"
|Bernard
|1.0
|Apr 2011
|1.0.2
|EOL
|5.0
|1.11
|-style="color: slategray;"
|Laverne
|0.9
|Oct 2010
|
|
|4.0
|1.11
|-style="color: slategray;"
|Green
|N/A
|11 June 2010
|
|
|3.3
|
|-style="color: slategray;"
|Purple
|N/A
|15 Dec 2009
|
|
|3.2
|
|-style="color: slategray;"
|Pinky
|N/A
|12 Nov 2009
|
|
|3.1
|
|-style="color: slategray;"
|Blinky
|N/A
|1 Aug 2007
|
|
|3.0
|
|-style="color: slategray;"
|Clyde
|N/A
|19 Jan 2007
|
|
|2.0
|
|-style="color: slategray;"
|Inky
|N/A
|10 Feb 2006
|
|
|1.0
|
|}

'''Note:''' see also [[Stable Release and LTS]], [[Linux Yocto]], [[Planning]] and [[Release Feature Table]] pages. EOL means some community support on email lists but no commit updates in the repos. There is also OS Vendor support for some Yocto EOL releases.

¹ The 3.1 series and 4.0 were originally planned for two years but extended to four. Future LTS releases are planned for 4 years.

== Releases Links==
{| class="wikitable" border="2"
| align="center" style="background:#f0f0f0;"|'''Yocto Project Release'''
| align="center" style="background:#f0f0f0;"|'''Code Name'''
| align="center" style="background:#f0f0f0;"|'''Poky version'''
| align="center" style="background:#f0f0f0;"|'''Maintainer'''
| align="center" style="background:#f0f0f0;"|'''Features'''
| align="center" style="background:#f0f0f0;"|'''Schedule'''
| align="center" style="background:#f0f0f0;"|'''Status'''
| align="center" style="background:#f0f0f0;"|'''QA Test Plan'''
| align="center" style="background:#f0f0f0;"|'''QA Test Report'''
| align="center" style="background:#f0f0f0;"|'''Release notes'''

|-valign="top"
| Yocto Project 3.4
| Honister
| 26.0
| Anuj Mittal
| [[Yocto_3.4_Features]]
| [[Yocto_3.4_Schedule]]
| [[Yocto_Project_v3.4_Status]]
| [[Yocto_Project_3.4_Release_Test_Plan | Yocto_3.4_Overall_Test_Plan]]
| [[Yocto_Project_3.4_Release_Test_Plan#Execution_History | 3.4 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/229 3.4 release notes]
|-
| Yocto Project 3.3
| Hardknott
| 25.0
| Anuj Mittal
| [[Yocto_3.3_Features]]
| [[Yocto_3.3_Schedule]]
| [[Yocto_Project_v3.3_Status]]
| [[Yocto_Project_3.3_Release_Test_Plan | Yocto_3.3_Overall_Test_Plan]]
| [[Yocto_Project_3.3_Release_Test_Plan#Execution_History | 3.3 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/215 3.3 release notes]
|-
| Yocto Project 3.2
| Gatesgarth
| 24.0
| Anuj Mittal
| [[Yocto_3.2_Features]]
| [[Yocto_3.2_Schedule]]
| [[Yocto_Project_v3.2_Status]]
| [[Yocto_Project_3.2_Release_Test_Plan | Yocto_3.2_Overall_Test_Plan]]
| [[Yocto_Project_3.2_Release_Test_Plan#Execution_History | 3.2 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/51262 3.2 release notes]
|-
|-valign="top"
| Yocto Project 3.1
| Dunfell
| 23.0
| Steve Sakoman
| [[Yocto_3.1_Features]]
| [[Yocto_3.1_Schedule]]
| [[Yocto_Project_v3.1_Status]]
| [[Yocto_Project_3.1_Release_Test_Plan | Yocto_3.1_Overall_Test_Plan]]
| [[Yocto_Project_3.1_Release_Test_Plan#Execution_History | 3.1 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/49201 3.1 release notes]
|-

|-valign="top"
| Yocto Project 3.0
| Zeus
| 22.0
| Armin Kuster/Anuj Mittal
| [[Yocto_2.8_Features]]
| [[Yocto_2.8_Schedule]]
| [[Yocto_Project_v2.8_Status]]
| [[Yocto_Project_2.8_Release_Test_Plan | Yocto_2.8_Overall_Test_Plan]]
| [[Yocto_Project_2.8_Release_Test_Plan#Execution_History | 2.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-October/047111.html 3.0 release notes]
|-
|-valign="top"
| Yocto Project 2.7
| Warrior
| 21.0
| Community
| [[Yocto_2.7_Features]]
| [[Yocto_2.7_Schedule]]
| [[Yocto_Project_v2.7_Status]]
| [[Yocto_Project_2.7_Release_Test_Plan | Yocto_2.7_Overall_Test_Plan]]
| [[Yocto_Project_2.7_Release_Test_Plan#Execution_History | 2.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-May/045028.html 2.7 release notes]
|-
|-valign="top"
| Yocto Project 2.6
| Thud
| 20.0
| Community
| [[Yocto_2.6_Features]]
| [[Yocto_2.6_Schedule]]
| [[Yocto_Project_v2.6_Status]]
| [[Yocto_Project_2.6_Release_Test_Plan | Yocto_2.6_Overall_Test_Plan]]
| [[Yocto_Project_2.6_Release_Test_Plan#Execution_History | 2.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-November/000147.html 2.6 release notes]
|-
|-valign="top"
| Yocto Project 2.5
| Sumo
| 19.0
| Community
| [[Yocto_2.5_Features]]
| [[Yocto_2.5_Schedule]]
| [[Yocto_Project_v2.5_Status]]
| [[Yocto_Project_2.5_Release_Test_Plan | Yocto_2.5_Overall_Test_Plan]]
| [[Yocto_Project_2.5_Release_Test_Plan#Execution_History | 2.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-May/000136.html 2.5 release notes]
|-
|-valign="top"
| Yocto Project 2.4
| Rocko
| 18.0
| Community
| [[Yocto_2.4_Features]]
| [[Yocto_2.4_Schedule]]
| [[Yocto_Project_v2.4_Status]]
| [[Yocto_Project_2.4_Release_Test_Plan | Yocto_2.4_Overall_Test_Plan]]
| [[Yocto_Project_2.4_Release_Test_Plan#Execution_History | 2.4 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-October/000125.html 2.4 release notes]
|-
|-valign="top"
| Yocto Project 2.3
| Pyro
| 17.0
| Community
| [[Yocto_2.3_Features]]
| [[Yocto_2.3_Schedule]]
| [[Yocto_Project_v2.3_Status]]
| [[Yocto_Project_2.3_Release_Test_Plan | Yocto_2.3_Overall_Test_Plan]]
| [[Yocto_Project_2.3_Release_Test_Plan#Execution_History | 2.3 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-May/000112.html 2.3 release notes]
|-
|-valign="top"
| Yocto Project 2.2
| Morty
| 16.0
| Community
| [[Yocto_2.2_Features]]
| [[Yocto_2.2_Schedule]]
| [[Yocto_Project_v2.2_Status]]
| [[Yocto_2.2_Overall_Test_Plan]]
| [[Yocto_Project_2.2_Release_Test_Plan#Execution_History | 2.2 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-November/000101.html 2.2 release notes]
|-
|-valign="top"
| Yocto Project 2.1
| Krogoth
| 15.0
| Community
| [[Yocto_2.1_Features]]
| [[Yocto_2.1_Schedule]]
| [[Yocto_Project_v2.1_Status]]
| [[Yocto_2.1_Overall_Test_Plan]]
| [[2.1 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-May/000089.html 2.1 release notes]
|-
|-valign="top"
| Yocto Project 2.0
| Jethro
| 14.0
| Community
| [[Yocto_1.9_Features]]
| [[Yocto_1.9_Schedule]]
| [[Yocto_Project_v1.9_Status]]
|
| [[1.9 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-November/000076.html 2.0 release notes]
|-valign="top"
| Yocto Project 1.8
| Fido
| 13.0
| Community
| [[Yocto_1.8_Features]]
| [[Yocto_1.8_Schedule]]
| [[Yocto_Project_v1.8_Status]]
| [[Yocto_1.8_Overall_Test_Plan]]
| [[1.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-April/000062.html 1.8 release notes]
|-
| Yocto Project 1.7
| Dizzy
| 12.0
| Community
| [[Yocto_1.7_Features]]
| [[Yocto_1.7_Schedule]]
| [[Yocto_Project_v1.7_Status]]
| [[Yocto_1.7_Overall_Test_Plan]]
| [[1.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-October/000053.html 1.7 release notes]
|-
| Yocto Project 1.6
| Daisy
| 11.0
| Community
| [[Yocto_1.6_Features]]
| [[Yocto_1.6_Schedule]]
| [[Yocto_Project_v1.6_Status]]
| [[Yocto_1.6_Overall_Test_Plan]]
| [[1.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-April/000045.html 1.6 release notes]
|-
| Yocto Project 1.5
| Dora
| 10.0
| Community
| [[Yocto_1.5_Features]]
| [[Yocto_1.5_Schedule]]
| [[Yocto_Project_v1.5_Status]]
| [[Yocto_1.5_Overall_Test_Plan]]
| [[1.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-October/000037.html 1.5 release notes]
|-
| Yocto Project 1.4
| Dylan
| 9.0
| Community
| [[Yocto_1.4_Features]]
| [[Yocto_1.4_Schedule]]
| [[Yocto_Project_v1.4_Status]]
| [[Yocto_1.4_Overall_Test_Plan]]
| [[Yocto_1.4_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-April/000027.html 1.4 release notes]
|-
| Yocto Project 1.3
| Danny
| 8.0
| Community
| [[Yocto_1.3_Features]]
| [[Yocto_1.3_Schedule]]
| [[Yocto_Project_v1.3_Status]]
| [[Yocto_1.3_Overall_Test_Plan]]
| [[Yocto_1.3_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-October/000020.html 1.3 release notes]
|-
| Yocto Project 1.2
| Denzil
| 7.0
| Community
| [[Yocto_1.2_Features]]
| [[Yocto_1.2_Schedule]]
| [[Yocto_Project_v1.2_Status]]
| [[Yocto_1.2_Overall_Test_Plan]]
| [[Yocto_1.2_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-April/000009.html 1.2 release notes]
|-
| Yocto Project 1.1
| Edison
| 6.0
| Community
| [[Yocto_1.1_Features]]
| [[Yocto_1.1_Schedule]]
| [[Yocto_Project_v1.1_Release_Criteria]]
| [[Yocto_1.1_Overall_Test_Plan]]
| [[Yocto_1.1_Milestone_Test_Report]]
|
|-
| Yocto Project 1.0
| Bernard
| 5.0
| Community
| [[Yocto_Features]]
| [[Yocto_1.0_Schedule]]
| [[Yocto_Project_v1.0_Release_Criteria]]
| [[Yocto_1.0_Overall_Test_Plan]]
|
|
|}

Releases

2025-12-19T10:35:58Z

Yoann Congal: Missing space

'''Note that https://www.yoctoproject.org/development/releases/ is the preferred source of information.'''

This page remains as it currently contains more information.

== Release Activity==

See also [https://docs.yoctoproject.org/dev/_images/releases.svg a graphical release timeline].

Releases can be downloaded at https://www.yoctoproject.org/software-overview/downloads/

{| class="wikitable" border="2"
!Codename
!Yocto Project Version
!Release Date
!Current Version
!Support Level
!Poky Version
!BitBake branch
! Maintainer
!Notes
|-
|Wrynose (like 'rhinos')
|6.0
| April 2026
|
|Future
|N/A
|2.18
|Richard Purdie <richard.purdie@linuxfoundation.org>
|
|-
|Whinlatter (like 'win latter')
|5.3
| December 2025
|5.3 (December 2025)
|Support for 7 months (until April 2026)
|N/A
|2.16
|Richard Purdie <richard.purdie@linuxfoundation.org>
|[[Recipe_Versions|Recipe versions]]
|-
|Walnascar (aka Walna)
|5.2
| May 2025
|5.2.4 (October 2025)
|Support for 7 months (until November 2025)
|N/A
|2.12
|Steve Sakoman <steve@sakoman.com>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Styhead (like 'try head')
|5.1
| October 2024
|5.1.4 (April 2025)
|EOL
|N/A
|2.10
|Steve Sakoman <steve@sakoman.com>
|
|-
|Scarthgap
|5.0
| April 2024
| 5.0.14 (December 2025)
|Long Term Support (until April 2028)
|N/A
|2.8
|Steve Sakoman <steve@sakoman.com>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Nanbield (like 'man field')
|4.3
| November 2023
| 4.3.4 (April 2024)
| EOL
|N/A
|2.6
|Steve Sakoman <steve@sakoman.com>
|- style="color: slategray;"
|Mickledore
|4.2
| May 2023
| 4.2.4 (December 2023)
| EOL
|N/A
|2.4
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Langdale
|4.1
| October 2022
| 4.1.4 (May 2023)
| EOL
|N/A
|2.2
|Steve Sakoman <steve@sakoman.com>
|-
|Kirkstone (like 'kirk stun')
|4.0
|May 2022
|4.0.31 (November 2025)
|Long Term Support (Apr. 2026¹)
|N/A
|2.0
|Steve Sakoman <steve@sakoman.com>
|-
|-style="color: slategray;"
|Honister
|3.4
|October 2021
|3.4.4 (May 2022)
|EOL
|N/A
|1.52
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Hardknott
|3.3
|April 2021
|3.3.6 (April 2022)
|EOL
|N/A
|1.50
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Gatesgarth
|3.2
|Oct 2020
|3.2.4 (May 2021)
|EOL
|N/A
|1.48
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Dunfell
|3.1
|April 2020
|3.1.33 (May 2024)
| EOL - LTS¹
|23.0
|1.46
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Zeus
|3.0
|October 2019
|3.0.4 (August 2020)
|EOL
|22.0.3
|1.44
| Anuj/Armin
|-style="color: slategray;"
|Warrior
|2.7
|April 2019
|2.7.4 (June 2020)
|EOL
|21.0
|1.42
|Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Thud
|2.6
|Nov 2018
|2.6.4 (October 2019)
|EOL
|20.0
|1.40
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Sumo
|2.5
|April 2018
|2.5.3 (April 2019)
|EOL
|19.0
|1.38
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Rocko
|2.4
|Oct 2017
|2.4.4 (November 2018)
|EOL
|18.0
|1.36
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Pyro
|2.3
|May 2017
|2.3.4 (July 2018)
|EOL
|17.0
|1.34
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Morty
|2.2
|Nov 2016
|2.2.4 (July 2018)
|EOL
|16.0
|1.32
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Krogoth
|2.1
|Apr 2016
|2.1.3 (July 2017)
|EOL
|15.0
|1.30
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Jethro
|2.0
|Nov 2015
|2.0.3 (January 2017)
|EOL
|14.0
|1.28
|Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Fido
|1.8
|Apr 2015
|1.8.2
|EOL
|13.0
|1.26
|Joshua Lock <joshua.g.lock@intel.com>
|-style="color: slategray;"
|Dizzy
|1.7
|Oct 2014
|1.7.3
|EOL
|12.0
|1.24
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Daisy
|1.6
|Apr 2014
|1.6.3
|EOL
|11.0
|1.22
| Saul Wold <sgw@linux.intel.com>
|-style="color: slategray;"
|Dora
|1.5
|Oct 2013
|1.5.4
|EOL
|10.0
|1.20
| Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Dylan
|1.4
|Apr 2013
|1.4.3
|EOL
|9.0
|1.18
| Paul Eggleton <paul.eggleton@linux.intel.com>
|-style="color: slategray;"
|Danny
|1.3
|Oct 2012
|1.3.2
|EOL
|8.0
|1.16
|Ross Burton <ross.burton@intel.com>
|-style="color: slategray;"
|Denzil
|1.2
|Apr 2012
|1.2.2
|EOL
|7.0
|1.15
|-style="color: slategray;"
|Edison
|1.1
|Oct 2011
|1.1.2
|EOL
|6.0
|1.13
|-style="color: slategray;"
|Bernard
|1.0
|Apr 2011
|1.0.2
|EOL
|5.0
|1.11
|-style="color: slategray;"
|Laverne
|0.9
|Oct 2010
|
|
|4.0
|1.11
|-style="color: slategray;"
|Green
|N/A
|11 June 2010
|
|
|3.3
|
|-style="color: slategray;"
|Purple
|N/A
|15 Dec 2009
|
|
|3.2
|
|-style="color: slategray;"
|Pinky
|N/A
|12 Nov 2009
|
|
|3.1
|
|-style="color: slategray;"
|Blinky
|N/A
|1 Aug 2007
|
|
|3.0
|
|-style="color: slategray;"
|Clyde
|N/A
|19 Jan 2007
|
|
|2.0
|
|-style="color: slategray;"
|Inky
|N/A
|10 Feb 2006
|
|
|1.0
|
|}

'''Note:''' see also [[Stable Release and LTS]], [[Linux Yocto]], [[Planning]] and [[Release Feature Table]] pages. EOL means some community support on email lists but no commit updates in the repos. There is also OS Vendor support for some Yocto EOL releases.

¹ The 3.1 series and 4.0 were originally planned for two years but extended to four. Future LTS releases are planned for 4 years.

== Releases Links==
{| class="wikitable" border="2"
| align="center" style="background:#f0f0f0;"|'''Yocto Project Release'''
| align="center" style="background:#f0f0f0;"|'''Code Name'''
| align="center" style="background:#f0f0f0;"|'''Poky version'''
| align="center" style="background:#f0f0f0;"|'''Maintainer'''
| align="center" style="background:#f0f0f0;"|'''Features'''
| align="center" style="background:#f0f0f0;"|'''Schedule'''
| align="center" style="background:#f0f0f0;"|'''Status'''
| align="center" style="background:#f0f0f0;"|'''QA Test Plan'''
| align="center" style="background:#f0f0f0;"|'''QA Test Report'''
| align="center" style="background:#f0f0f0;"|'''Release notes'''

|-valign="top"
| Yocto Project 3.4
| Honister
| 26.0
| Anuj Mittal
| [[Yocto_3.4_Features]]
| [[Yocto_3.4_Schedule]]
| [[Yocto_Project_v3.4_Status]]
| [[Yocto_Project_3.4_Release_Test_Plan | Yocto_3.4_Overall_Test_Plan]]
| [[Yocto_Project_3.4_Release_Test_Plan#Execution_History | 3.4 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/229 3.4 release notes]
|-
| Yocto Project 3.3
| Hardknott
| 25.0
| Anuj Mittal
| [[Yocto_3.3_Features]]
| [[Yocto_3.3_Schedule]]
| [[Yocto_Project_v3.3_Status]]
| [[Yocto_Project_3.3_Release_Test_Plan | Yocto_3.3_Overall_Test_Plan]]
| [[Yocto_Project_3.3_Release_Test_Plan#Execution_History | 3.3 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/215 3.3 release notes]
|-
| Yocto Project 3.2
| Gatesgarth
| 24.0
| Anuj Mittal
| [[Yocto_3.2_Features]]
| [[Yocto_3.2_Schedule]]
| [[Yocto_Project_v3.2_Status]]
| [[Yocto_Project_3.2_Release_Test_Plan | Yocto_3.2_Overall_Test_Plan]]
| [[Yocto_Project_3.2_Release_Test_Plan#Execution_History | 3.2 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/51262 3.2 release notes]
|-
|-valign="top"
| Yocto Project 3.1
| Dunfell
| 23.0
| Steve Sakoman
| [[Yocto_3.1_Features]]
| [[Yocto_3.1_Schedule]]
| [[Yocto_Project_v3.1_Status]]
| [[Yocto_Project_3.1_Release_Test_Plan | Yocto_3.1_Overall_Test_Plan]]
| [[Yocto_Project_3.1_Release_Test_Plan#Execution_History | 3.1 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/49201 3.1 release notes]
|-

|-valign="top"
| Yocto Project 3.0
| Zeus
| 22.0
| Armin Kuster/Anuj Mittal
| [[Yocto_2.8_Features]]
| [[Yocto_2.8_Schedule]]
| [[Yocto_Project_v2.8_Status]]
| [[Yocto_Project_2.8_Release_Test_Plan | Yocto_2.8_Overall_Test_Plan]]
| [[Yocto_Project_2.8_Release_Test_Plan#Execution_History | 2.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-October/047111.html 3.0 release notes]
|-
|-valign="top"
| Yocto Project 2.7
| Warrior
| 21.0
| Community
| [[Yocto_2.7_Features]]
| [[Yocto_2.7_Schedule]]
| [[Yocto_Project_v2.7_Status]]
| [[Yocto_Project_2.7_Release_Test_Plan | Yocto_2.7_Overall_Test_Plan]]
| [[Yocto_Project_2.7_Release_Test_Plan#Execution_History | 2.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-May/045028.html 2.7 release notes]
|-
|-valign="top"
| Yocto Project 2.6
| Thud
| 20.0
| Community
| [[Yocto_2.6_Features]]
| [[Yocto_2.6_Schedule]]
| [[Yocto_Project_v2.6_Status]]
| [[Yocto_Project_2.6_Release_Test_Plan | Yocto_2.6_Overall_Test_Plan]]
| [[Yocto_Project_2.6_Release_Test_Plan#Execution_History | 2.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-November/000147.html 2.6 release notes]
|-
|-valign="top"
| Yocto Project 2.5
| Sumo
| 19.0
| Community
| [[Yocto_2.5_Features]]
| [[Yocto_2.5_Schedule]]
| [[Yocto_Project_v2.5_Status]]
| [[Yocto_Project_2.5_Release_Test_Plan | Yocto_2.5_Overall_Test_Plan]]
| [[Yocto_Project_2.5_Release_Test_Plan#Execution_History | 2.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-May/000136.html 2.5 release notes]
|-
|-valign="top"
| Yocto Project 2.4
| Rocko
| 18.0
| Community
| [[Yocto_2.4_Features]]
| [[Yocto_2.4_Schedule]]
| [[Yocto_Project_v2.4_Status]]
| [[Yocto_Project_2.4_Release_Test_Plan | Yocto_2.4_Overall_Test_Plan]]
| [[Yocto_Project_2.4_Release_Test_Plan#Execution_History | 2.4 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-October/000125.html 2.4 release notes]
|-
|-valign="top"
| Yocto Project 2.3
| Pyro
| 17.0
| Community
| [[Yocto_2.3_Features]]
| [[Yocto_2.3_Schedule]]
| [[Yocto_Project_v2.3_Status]]
| [[Yocto_Project_2.3_Release_Test_Plan | Yocto_2.3_Overall_Test_Plan]]
| [[Yocto_Project_2.3_Release_Test_Plan#Execution_History | 2.3 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-May/000112.html 2.3 release notes]
|-
|-valign="top"
| Yocto Project 2.2
| Morty
| 16.0
| Community
| [[Yocto_2.2_Features]]
| [[Yocto_2.2_Schedule]]
| [[Yocto_Project_v2.2_Status]]
| [[Yocto_2.2_Overall_Test_Plan]]
| [[Yocto_Project_2.2_Release_Test_Plan#Execution_History | 2.2 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-November/000101.html 2.2 release notes]
|-
|-valign="top"
| Yocto Project 2.1
| Krogoth
| 15.0
| Community
| [[Yocto_2.1_Features]]
| [[Yocto_2.1_Schedule]]
| [[Yocto_Project_v2.1_Status]]
| [[Yocto_2.1_Overall_Test_Plan]]
| [[2.1 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-May/000089.html 2.1 release notes]
|-
|-valign="top"
| Yocto Project 2.0
| Jethro
| 14.0
| Community
| [[Yocto_1.9_Features]]
| [[Yocto_1.9_Schedule]]
| [[Yocto_Project_v1.9_Status]]
|
| [[1.9 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-November/000076.html 2.0 release notes]
|-valign="top"
| Yocto Project 1.8
| Fido
| 13.0
| Community
| [[Yocto_1.8_Features]]
| [[Yocto_1.8_Schedule]]
| [[Yocto_Project_v1.8_Status]]
| [[Yocto_1.8_Overall_Test_Plan]]
| [[1.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-April/000062.html 1.8 release notes]
|-
| Yocto Project 1.7
| Dizzy
| 12.0
| Community
| [[Yocto_1.7_Features]]
| [[Yocto_1.7_Schedule]]
| [[Yocto_Project_v1.7_Status]]
| [[Yocto_1.7_Overall_Test_Plan]]
| [[1.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-October/000053.html 1.7 release notes]
|-
| Yocto Project 1.6
| Daisy
| 11.0
| Community
| [[Yocto_1.6_Features]]
| [[Yocto_1.6_Schedule]]
| [[Yocto_Project_v1.6_Status]]
| [[Yocto_1.6_Overall_Test_Plan]]
| [[1.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-April/000045.html 1.6 release notes]
|-
| Yocto Project 1.5
| Dora
| 10.0
| Community
| [[Yocto_1.5_Features]]
| [[Yocto_1.5_Schedule]]
| [[Yocto_Project_v1.5_Status]]
| [[Yocto_1.5_Overall_Test_Plan]]
| [[1.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-October/000037.html 1.5 release notes]
|-
| Yocto Project 1.4
| Dylan
| 9.0
| Community
| [[Yocto_1.4_Features]]
| [[Yocto_1.4_Schedule]]
| [[Yocto_Project_v1.4_Status]]
| [[Yocto_1.4_Overall_Test_Plan]]
| [[Yocto_1.4_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-April/000027.html 1.4 release notes]
|-
| Yocto Project 1.3
| Danny
| 8.0
| Community
| [[Yocto_1.3_Features]]
| [[Yocto_1.3_Schedule]]
| [[Yocto_Project_v1.3_Status]]
| [[Yocto_1.3_Overall_Test_Plan]]
| [[Yocto_1.3_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-October/000020.html 1.3 release notes]
|-
| Yocto Project 1.2
| Denzil
| 7.0
| Community
| [[Yocto_1.2_Features]]
| [[Yocto_1.2_Schedule]]
| [[Yocto_Project_v1.2_Status]]
| [[Yocto_1.2_Overall_Test_Plan]]
| [[Yocto_1.2_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-April/000009.html 1.2 release notes]
|-
| Yocto Project 1.1
| Edison
| 6.0
| Community
| [[Yocto_1.1_Features]]
| [[Yocto_1.1_Schedule]]
| [[Yocto_Project_v1.1_Release_Criteria]]
| [[Yocto_1.1_Overall_Test_Plan]]
| [[Yocto_1.1_Milestone_Test_Report]]
|
|-
| Yocto Project 1.0
| Bernard
| 5.0
| Community
| [[Yocto_Features]]
| [[Yocto_1.0_Schedule]]
| [[Yocto_Project_v1.0_Release_Criteria]]
| [[Yocto_1.0_Overall_Test_Plan]]
|
|
|}

Releases

2025-11-03T15:00:52Z

Yoann Congal: Update Whinlatter release date

Note that https://www.yoctoproject.org/development/releases/ is the preferred source of information. This page remains as it currently contains more information.

== Release Activity==

See also [https://docs.yoctoproject.org/dev/_images/releases.svg a graphical release timeline].

Releases can be downloaded at https://www.yoctoproject.org/software-overview/downloads/

{| class="wikitable" border="2"
!Codename
!Yocto Project Version
!Release Date
!Current Version
!Support Level
!Poky Version
!BitBake branch
! Maintainer
!Notes
|-
|Wrynose
|6.0
| April 2026
|
|Future
|N/A
|2.16
|Richard Purdie <richard.purdie@linuxfoundation.org>
|
|-
|Whinlatter
|5.3
| End of November 2025
|
|Future
|N/A
|2.14
|Richard Purdie <richard.purdie@linuxfoundation.org>
|[[Recipe_Versions|Recipe versions]]
|-
|Walnascar (aka Walna)
|5.2
| May 2025
|5.2.4(October 2025)
|Support for 7 months (until November 2025)
|N/A
|2.12
|Steve Sakoman <steve@sakoman.com>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Styhead (like 'try head')
|5.1
| October 2024
|5.1.4 (April 2025)
|EOL
|N/A
|2.10
|Steve Sakoman <steve@sakoman.com>
|
|-
|Scarthgap
|5.0
| April 2024
| 5.0.12 (September 2025)
|Long Term Support (until April 2028)
|N/A
|2.8
|Steve Sakoman <steve@sakoman.com>
|[[Recipe_Versions|Recipe versions]]
|-
|-style="color: slategray;"
|Nanbield (like 'man field')
|4.3
| November 2023
| 4.3.4 (April 2024)
| EOL
|N/A
|2.6
|Steve Sakoman <steve@sakoman.com>
|- style="color: slategray;"
|Mickledore
|4.2
| May 2023
| 4.2.4 (December 2023)
| EOL
|N/A
|2.4
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Langdale
|4.1
| October 2022
| 4.1.4 (May 2023)
| EOL
|N/A
|2.2
|Steve Sakoman <steve@sakoman.com>
|-
|Kirkstone (like 'kirk stun')
|4.0
|May 2022
|4.0.30 (October 2025)
|Long Term Support (Apr. 2026¹)
|N/A
|2.0
|Steve Sakoman <steve@sakoman.com>
|-
|-style="color: slategray;"
|Honister
|3.4
|October 2021
|3.4.4 (May 2022)
|EOL
|N/A
|1.52
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Hardknott
|3.3
|April 2021
|3.3.6 (April 2022)
|EOL
|N/A
|1.50
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Gatesgarth
|3.2
|Oct 2020
|3.2.4 (May 2021)
|EOL
|N/A
|1.48
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Dunfell
|3.1
|April 2020
|3.1.33 (May 2024)
| EOL - LTS¹
|23.0
|1.46
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Zeus
|3.0
|October 2019
|3.0.4 (August 2020)
|EOL
|22.0.3
|1.44
| Anuj/Armin
|-style="color: slategray;"
|Warrior
|2.7
|April 2019
|2.7.4 (June 2020)
|EOL
|21.0
|1.42
|Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Thud
|2.6
|Nov 2018
|2.6.4 (October 2019)
|EOL
|20.0
|1.40
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Sumo
|2.5
|April 2018
|2.5.3 (April 2019)
|EOL
|19.0
|1.38
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Rocko
|2.4
|Oct 2017
|2.4.4 (November 2018)
|EOL
|18.0
|1.36
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Pyro
|2.3
|May 2017
|2.3.4 (July 2018)
|EOL
|17.0
|1.34
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Morty
|2.2
|Nov 2016
|2.2.4 (July 2018)
|EOL
|16.0
|1.32
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Krogoth
|2.1
|Apr 2016
|2.1.3 (July 2017)
|EOL
|15.0
|1.30
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Jethro
|2.0
|Nov 2015
|2.0.3 (January 2017)
|EOL
|14.0
|1.28
|Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Fido
|1.8
|Apr 2015
|1.8.2
|EOL
|13.0
|1.26
|Joshua Lock <joshua.g.lock@intel.com>
|-style="color: slategray;"
|Dizzy
|1.7
|Oct 2014
|1.7.3
|EOL
|12.0
|1.24
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Daisy
|1.6
|Apr 2014
|1.6.3
|EOL
|11.0
|1.22
| Saul Wold <sgw@linux.intel.com>
|-style="color: slategray;"
|Dora
|1.5
|Oct 2013
|1.5.4
|EOL
|10.0
|1.20
| Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Dylan
|1.4
|Apr 2013
|1.4.3
|EOL
|9.0
|1.18
| Paul Eggleton <paul.eggleton@linux.intel.com>
|-style="color: slategray;"
|Danny
|1.3
|Oct 2012
|1.3.2
|EOL
|8.0
|1.16
|Ross Burton <ross.burton@intel.com>
|-style="color: slategray;"
|Denzil
|1.2
|Apr 2012
|1.2.2
|EOL
|7.0
|1.15
|-style="color: slategray;"
|Edison
|1.1
|Oct 2011
|1.1.2
|EOL
|6.0
|1.13
|-style="color: slategray;"
|Bernard
|1.0
|Apr 2011
|1.0.2
|EOL
|5.0
|1.11
|-style="color: slategray;"
|Laverne
|0.9
|Oct 2010
|
|
|4.0
|1.11
|-style="color: slategray;"
|Green
|N/A
|11 June 2010
|
|
|3.3
|
|-style="color: slategray;"
|Purple
|N/A
|15 Dec 2009
|
|
|3.2
|
|-style="color: slategray;"
|Pinky
|N/A
|12 Nov 2009
|
|
|3.1
|
|-style="color: slategray;"
|Blinky
|N/A
|1 Aug 2007
|
|
|3.0
|
|-style="color: slategray;"
|Clyde
|N/A
|19 Jan 2007
|
|
|2.0
|
|-style="color: slategray;"
|Inky
|N/A
|10 Feb 2006
|
|
|1.0
|
|}

'''Note:''' see also [[Stable Release and LTS]], [[Linux Yocto]], [[Planning]] and [[Release Feature Table]] pages. EOL means some community support on email lists but no commit updates in the repos. There is also OS Vendor support for some Yocto EOL releases.

¹ The 3.1 series and 4.0 were originally planned for two years but extended to four. Future LTS releases are planned for 4 years.

== Releases Links==
{| class="wikitable" border="2"
| align="center" style="background:#f0f0f0;"|'''Yocto Project Release'''
| align="center" style="background:#f0f0f0;"|'''Code Name'''
| align="center" style="background:#f0f0f0;"|'''Poky version'''
| align="center" style="background:#f0f0f0;"|'''Maintainer'''
| align="center" style="background:#f0f0f0;"|'''Features'''
| align="center" style="background:#f0f0f0;"|'''Schedule'''
| align="center" style="background:#f0f0f0;"|'''Status'''
| align="center" style="background:#f0f0f0;"|'''QA Test Plan'''
| align="center" style="background:#f0f0f0;"|'''QA Test Report'''
| align="center" style="background:#f0f0f0;"|'''Release notes'''

|-valign="top"
| Yocto Project 3.4
| Honister
| 26.0
| Anuj Mittal
| [[Yocto_3.4_Features]]
| [[Yocto_3.4_Schedule]]
| [[Yocto_Project_v3.4_Status]]
| [[Yocto_Project_3.4_Release_Test_Plan | Yocto_3.4_Overall_Test_Plan]]
| [[Yocto_Project_3.4_Release_Test_Plan#Execution_History | 3.4 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/229 3.4 release notes]
|-
| Yocto Project 3.3
| Hardknott
| 25.0
| Anuj Mittal
| [[Yocto_3.3_Features]]
| [[Yocto_3.3_Schedule]]
| [[Yocto_Project_v3.3_Status]]
| [[Yocto_Project_3.3_Release_Test_Plan | Yocto_3.3_Overall_Test_Plan]]
| [[Yocto_Project_3.3_Release_Test_Plan#Execution_History | 3.3 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/215 3.3 release notes]
|-
| Yocto Project 3.2
| Gatesgarth
| 24.0
| Anuj Mittal
| [[Yocto_3.2_Features]]
| [[Yocto_3.2_Schedule]]
| [[Yocto_Project_v3.2_Status]]
| [[Yocto_Project_3.2_Release_Test_Plan | Yocto_3.2_Overall_Test_Plan]]
| [[Yocto_Project_3.2_Release_Test_Plan#Execution_History | 3.2 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/51262 3.2 release notes]
|-
|-valign="top"
| Yocto Project 3.1
| Dunfell
| 23.0
| Steve Sakoman
| [[Yocto_3.1_Features]]
| [[Yocto_3.1_Schedule]]
| [[Yocto_Project_v3.1_Status]]
| [[Yocto_Project_3.1_Release_Test_Plan | Yocto_3.1_Overall_Test_Plan]]
| [[Yocto_Project_3.1_Release_Test_Plan#Execution_History | 3.1 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/49201 3.1 release notes]
|-

|-valign="top"
| Yocto Project 3.0
| Zeus
| 22.0
| Armin Kuster/Anuj Mittal
| [[Yocto_2.8_Features]]
| [[Yocto_2.8_Schedule]]
| [[Yocto_Project_v2.8_Status]]
| [[Yocto_Project_2.8_Release_Test_Plan | Yocto_2.8_Overall_Test_Plan]]
| [[Yocto_Project_2.8_Release_Test_Plan#Execution_History | 2.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-October/047111.html 3.0 release notes]
|-
|-valign="top"
| Yocto Project 2.7
| Warrior
| 21.0
| Community
| [[Yocto_2.7_Features]]
| [[Yocto_2.7_Schedule]]
| [[Yocto_Project_v2.7_Status]]
| [[Yocto_Project_2.7_Release_Test_Plan | Yocto_2.7_Overall_Test_Plan]]
| [[Yocto_Project_2.7_Release_Test_Plan#Execution_History | 2.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-May/045028.html 2.7 release notes]
|-
|-valign="top"
| Yocto Project 2.6
| Thud
| 20.0
| Community
| [[Yocto_2.6_Features]]
| [[Yocto_2.6_Schedule]]
| [[Yocto_Project_v2.6_Status]]
| [[Yocto_Project_2.6_Release_Test_Plan | Yocto_2.6_Overall_Test_Plan]]
| [[Yocto_Project_2.6_Release_Test_Plan#Execution_History | 2.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-November/000147.html 2.6 release notes]
|-
|-valign="top"
| Yocto Project 2.5
| Sumo
| 19.0
| Community
| [[Yocto_2.5_Features]]
| [[Yocto_2.5_Schedule]]
| [[Yocto_Project_v2.5_Status]]
| [[Yocto_Project_2.5_Release_Test_Plan | Yocto_2.5_Overall_Test_Plan]]
| [[Yocto_Project_2.5_Release_Test_Plan#Execution_History | 2.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-May/000136.html 2.5 release notes]
|-
|-valign="top"
| Yocto Project 2.4
| Rocko
| 18.0
| Community
| [[Yocto_2.4_Features]]
| [[Yocto_2.4_Schedule]]
| [[Yocto_Project_v2.4_Status]]
| [[Yocto_Project_2.4_Release_Test_Plan | Yocto_2.4_Overall_Test_Plan]]
| [[Yocto_Project_2.4_Release_Test_Plan#Execution_History | 2.4 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-October/000125.html 2.4 release notes]
|-
|-valign="top"
| Yocto Project 2.3
| Pyro
| 17.0
| Community
| [[Yocto_2.3_Features]]
| [[Yocto_2.3_Schedule]]
| [[Yocto_Project_v2.3_Status]]
| [[Yocto_Project_2.3_Release_Test_Plan | Yocto_2.3_Overall_Test_Plan]]
| [[Yocto_Project_2.3_Release_Test_Plan#Execution_History | 2.3 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-May/000112.html 2.3 release notes]
|-
|-valign="top"
| Yocto Project 2.2
| Morty
| 16.0
| Community
| [[Yocto_2.2_Features]]
| [[Yocto_2.2_Schedule]]
| [[Yocto_Project_v2.2_Status]]
| [[Yocto_2.2_Overall_Test_Plan]]
| [[Yocto_Project_2.2_Release_Test_Plan#Execution_History | 2.2 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-November/000101.html 2.2 release notes]
|-
|-valign="top"
| Yocto Project 2.1
| Krogoth
| 15.0
| Community
| [[Yocto_2.1_Features]]
| [[Yocto_2.1_Schedule]]
| [[Yocto_Project_v2.1_Status]]
| [[Yocto_2.1_Overall_Test_Plan]]
| [[2.1 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-May/000089.html 2.1 release notes]
|-
|-valign="top"
| Yocto Project 2.0
| Jethro
| 14.0
| Community
| [[Yocto_1.9_Features]]
| [[Yocto_1.9_Schedule]]
| [[Yocto_Project_v1.9_Status]]
|
| [[1.9 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-November/000076.html 2.0 release notes]
|-valign="top"
| Yocto Project 1.8
| Fido
| 13.0
| Community
| [[Yocto_1.8_Features]]
| [[Yocto_1.8_Schedule]]
| [[Yocto_Project_v1.8_Status]]
| [[Yocto_1.8_Overall_Test_Plan]]
| [[1.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-April/000062.html 1.8 release notes]
|-
| Yocto Project 1.7
| Dizzy
| 12.0
| Community
| [[Yocto_1.7_Features]]
| [[Yocto_1.7_Schedule]]
| [[Yocto_Project_v1.7_Status]]
| [[Yocto_1.7_Overall_Test_Plan]]
| [[1.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-October/000053.html 1.7 release notes]
|-
| Yocto Project 1.6
| Daisy
| 11.0
| Community
| [[Yocto_1.6_Features]]
| [[Yocto_1.6_Schedule]]
| [[Yocto_Project_v1.6_Status]]
| [[Yocto_1.6_Overall_Test_Plan]]
| [[1.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-April/000045.html 1.6 release notes]
|-
| Yocto Project 1.5
| Dora
| 10.0
| Community
| [[Yocto_1.5_Features]]
| [[Yocto_1.5_Schedule]]
| [[Yocto_Project_v1.5_Status]]
| [[Yocto_1.5_Overall_Test_Plan]]
| [[1.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-October/000037.html 1.5 release notes]
|-
| Yocto Project 1.4
| Dylan
| 9.0
| Community
| [[Yocto_1.4_Features]]
| [[Yocto_1.4_Schedule]]
| [[Yocto_Project_v1.4_Status]]
| [[Yocto_1.4_Overall_Test_Plan]]
| [[Yocto_1.4_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-April/000027.html 1.4 release notes]
|-
| Yocto Project 1.3
| Danny
| 8.0
| Community
| [[Yocto_1.3_Features]]
| [[Yocto_1.3_Schedule]]
| [[Yocto_Project_v1.3_Status]]
| [[Yocto_1.3_Overall_Test_Plan]]
| [[Yocto_1.3_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-October/000020.html 1.3 release notes]
|-
| Yocto Project 1.2
| Denzil
| 7.0
| Community
| [[Yocto_1.2_Features]]
| [[Yocto_1.2_Schedule]]
| [[Yocto_Project_v1.2_Status]]
| [[Yocto_1.2_Overall_Test_Plan]]
| [[Yocto_1.2_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-April/000009.html 1.2 release notes]
|-
| Yocto Project 1.1
| Edison
| 6.0
| Community
| [[Yocto_1.1_Features]]
| [[Yocto_1.1_Schedule]]
| [[Yocto_Project_v1.1_Release_Criteria]]
| [[Yocto_1.1_Overall_Test_Plan]]
| [[Yocto_1.1_Milestone_Test_Report]]
|
|-
| Yocto Project 1.0
| Bernard
| 5.0
| Community
| [[Yocto_Features]]
| [[Yocto_1.0_Schedule]]
| [[Yocto_Project_v1.0_Release_Criteria]]
| [[Yocto_1.0_Overall_Test_Plan]]
|
|
|}

Bug Triage

2025-01-23T15:53:16Z

Yoann Congal: /* Bug Triage Order */ Update "graphical report" to valkyrie (previous was 403)

= Goal =
The output of the bug triage meeting should be that all bugs have an owner, a target milestone, and a priority.

Prior to the meeting, each Product Owner should review their Weekly New and High Bugs and be ready with any opens. An example open would be a bug that may need to change Products.

= Roles =
* Call facilitator: Stephen Jolley (sjolley.yp.pm@gmail.com)
** Ensure we keep to the agenda, don't rathole on bug resolution, and stay within our time block.
* Team Leads should pre-triage bugs for their areas of responsibility. Some guidelines on what they should/shouldn't do are:
** a) Pre-triage should happen in the presence of the appropriate team lead,
** b) The bugs being pre-triaged should be the responsibility of the team in question.
** c) The pre-triage team should be confident when dis-positioning the bugs, taking into account the individual's workload.
** d) If the bug raises any doubt or needs information prior, defer it to the main bug triage team.
** e) To insure a bug is triaged by the main bug triage team; set its priority to Undecided.

= Agenda =
* Thursdays at 07:30 Pacific Time (15:30 GMT)
* [https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09 Zoom Call Link]
* Review [https://bugzilla.yoctoproject.org/buglist.cgi?list_id=604307&resolution=---&query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ACCEPTED&bug_status=IN%20PROGRESS%20DESIGN&bug_status=IN%20PROGRESS%20DESIGN%20COMPLETE&bug_status=IN%20PROGRESS%20IMPLEMENTATION&bug_status=IN%20PROGRESS%20REVIEW&bug_status=REOPENED&bug_status=NEEDINFO&product=Security&product=Security%20-%20Recipe%20Upgrade security issues]

* Review Queries
** State number, title, and owner
** Owner makes any modifications
** Assign owner, target milestone, and priority.
* Opens
** Collect opens
** Discuss opens

Note: for Minnowboard or MinnowBoard-MAX bugs go to: [[Minnow Bug Triage]]

= Bug Triage Order =
*[https://bugzilla.yoctoproject.org/buglist.cgi?list_id=604307&resolution=---&query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ACCEPTED&bug_status=IN%20PROGRESS%20DESIGN&bug_status=IN%20PROGRESS%20DESIGN%20COMPLETE&bug_status=IN%20PROGRESS%20IMPLEMENTATION&bug_status=IN%20PROGRESS%20REVIEW&bug_status=REOPENED&bug_status=NEEDINFO&product=Security&product=Security%20-%20Recipe%20Upgrade Security Issues]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Non-Prioritized_Bugs Non-Prioritized Bugs and Non Targeted Bugs]
*[https://bugzilla.yoctoproject.org/buglist.cgi?columnlist=product%2Ccomponent%2Cassigned_to%2Cbug_status%2Cresolution%2Cshort_desc%2Ctarget_milestone%2Cchangeddate&list_id=657544&query_format=advanced&resolution=---&status_whiteboard=AB-INT&status_whiteboard_type=allwordssubstr Autobuilder issues] ([https://valkyrie.yocto.io/pub/non-release/abint/ graphical report (valkyrie)])
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#High_Enhancements.2FBugs High Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium+_5.2_Unassigned_Enhancements/Bugs Medium+ 5.2 Unassigned Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium+_5.99_Unassigned_Enhancements/Bugs Medium+ 5.99 Unassigned Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#NEEDINFO NEEDINFO]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Re-Opened Reopened]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Old_Milestone Old Milestone]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Future_.26_5.99_Milestones Future & 5.99 Milestones]

* Note/Suggestion for the Weekly Triage Meeting: Open the first link in a new browser window and then each additional link in a new tab in that new window. Close the new window when the triage meeting is done.

= Bug Criteria =
* Priority-Severity
** High: Two Week - shouldn't slip to next milestone without review by Triage team.
** Medium+: Milestone Target Required
** Medium: Nice to have for milestone, should have for release
** Low: Nice to have, but no urgency

* Future bugs and enhancements are a good idea to do, but not able in the near term to get fixed or done.
** If you want to work on them, please talk first to the existing owner or change the ownership to yourself if unassigned or newcomer.
*** Note: we have a special owner - newcomer@yoctoproject.org - which we think would be great opportunities for a newcomer to open source to start learning on.

* Special Case: Medium+ and Future Enhancement or Bug - These are a good idea and important to do, but not currently scheduled at this time.
** If you want to work on them, please talk first to the existing owner or change the ownership to yourself if unassigned or newcomer.
*** Note: we have a special owner - newcomer@yoctoproject.org - which we think would be great opportunities for a newcomer to open source to start learning on.

* For more details see the wiki [[Bugzilla Configuration and Bug Tracking]]

= Bug Status Dashboards =

Weekly - https://wiki.yoctoproject.org/charts/combo.html

Daily - https://wiki.yoctoproject.org/charts/daily/combo.html

= Bug Product Searches =

* [[Bug Product Triage]]

= Yocto Bug Triage Searches =
== Newcomer Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|to=newcomer@yoctoproject.org, unassigned@yoctoproject.org
|whiteboard=NEWCOMER
|product=!opkg
|severity=!janitors
|priority=!(Undecided)
|columns=id,summary,to,status,milestone,severity,priority,whiteboard
|sort=id
|noresultsmessage="No matching bugs found. Check for unassigned bugs."
|total=summary
}}

== Non-Prioritized Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=Undecided
|product=!(opkg, IoT Reference OS Kit, Toaster, Security Response Tool)
|severity=!janitors
|component=!(meta-cgl, meta-security, bsps-meta-ti)
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Non-Targeted Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|severity=!janitors
|product=!(opkg, IoT Reference OS Kit, Toaster, Security Response Tool)
|milestone=0.0.0
|component=!(meta-cgl, meta-security, infrastructure-general, bsps-meta-ti)
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== New This Week ==
{{#bugzilla:
|created=-1w
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=status,id
|noresultsmessage="No matching bugs found."
|total=summary,estimated
}}
== Closed This week ==
{{#bugzilla:
|status=(RESOLVED,VERIFIED,CLOSED)
|modified=-1w
|product=!opkg
|severity=!janitors
|columns=id,modified,summary,severity,priority,milestone,to,status,resolution
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== High Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=high
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ 5.2 Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=!(5.99, Q1, Q2, Q3, Q4, future)
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ 5.99 Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=5.99
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ Future Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=Future
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== NEEDINFO ==
{{#bugzilla:
|status=NEEDINFO
|columns=id,summary,to,status,severity,priority,milestone,modified,whiteboard
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
|modifiedformat=date
}}

== Re-Opened ==
{{#bugzilla:
|status=REOPENED
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone,priority,id
|product=!(opkg, IoT Reference OS Kit)
|severity=!janitors
|component=!(meta-cgl, meta-security)
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Old Milestone ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|milestone= !(4.0.24, 4.0.25, 4.0.26, 4.0.27, 4.0.28, 5.0.7, 5.0.8, 5.0.9, 5.1.2, 5.1.3, 5.2, 5.2 M2, 5.2 M3, 5.2 M4, 5.3, 5.99, Q1, Q2, Q3, Q4, future)
|product=!(opkg, IoT Reference OS Kit)
|severity=!janitors
|component=!(meta-cgl, meta-security)
|priority= !Undecided
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone,priority,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Future Dot Releases==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone= 4.0.21, 5.0.2
|severity=!janitors
|priority= !Undecided
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone
|noresultsmessage="No matching bugs found."
|total=summary
}}

== YP Toaster Bugs==
Please refer to the [[Bug_Triage_Toaster]] Page

== YP Archived Queries==
Please refer to the [[Bug_Triage_Archive]] Page

== YP BSP Team Triage==
Please refer to the [[BSP Team Bug Triage]] Page

== YP Validation and Infrastructure Team Triage==
Please refer to the [[Validation and Infrastructure Team Bug Triage]] Page

== Future & 5.99 Milestones ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone=Future, 4.99, 5.99
|severity=!janitors
|priority= !(Undecided)
|columns=id,modified,summary,to,status,milestone,severity,priority
|sort=modified,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Future & 3.99 Milestones Check ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone=Future, 4.99
|whiteboard=REVIEW, QA, QA REVIEW, OB, OB REVIEW
|severity=!janitors
|priority= !(Undecided)
|columns=id,modified,summary,to,status,milestone,severity,priority,whiteboard
|sort=whiteboard,modified,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Quarterly Milestones==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|milestone=Q1,Q2,Q3,Q4
|severity=!janitors
|priority= !Undecided
|columns=id,modified,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone
|noresultsmessage="No matching bugs found."
|total=summary
}}

Bug Triage

2024-06-13T14:46:21Z

Yoann Congal: /* Bug Triage Order */ Add "Target milestone" column to the Autobuilder link

= Goal =
The output of the bug triage meeting should be that all bugs have an owner, a target milestone, and a priority.

Prior to the meeting, each Product Owner should review their Weekly New and High Bugs and be ready with any opens. An example open would be a bug that may need to change Products.

= Roles =
* Call facilitator: Stephen Jolley (sjolley.yp.pm@gmail.com)
** Ensure we keep to the agenda, don't rathole on bug resolution, and stay within our time block.
* Team Leads should pre-triage bugs for their areas of responsibility. Some guidelines on what they should/shouldn't do are:
** a) Pre-triage should happen in the presence of the appropriate team lead,
** b) The bugs being pre-triaged should be the responsibility of the team in question.
** c) The pre-triage team should be confident when dis-positioning the bugs, taking into account the individual's workload.
** d) If the bug raises any doubt or needs information prior, defer it to the main bug triage team.
** e) To insure a bug is triaged by the main bug triage team; set its priority to Undecided.

= Agenda =
* Thursdays at 07:30 Pacific Time (15:30 GMT)
* [https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09 Zoom Call Link]
* Review [https://bugzilla.yoctoproject.org/buglist.cgi?list_id=604307&resolution=---&query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ACCEPTED&bug_status=IN%20PROGRESS%20DESIGN&bug_status=IN%20PROGRESS%20DESIGN%20COMPLETE&bug_status=IN%20PROGRESS%20IMPLEMENTATION&bug_status=IN%20PROGRESS%20REVIEW&bug_status=REOPENED&bug_status=NEEDINFO&product=Security&product=Security%20-%20Recipe%20Upgrade security issues]

* Review Queries
** State number, title, and owner
** Owner makes any modifications
** Assign owner, target milestone, and priority.
* Opens
** Collect opens
** Discuss opens

Note: for Minnowboard or MinnowBoard-MAX bugs go to: [[Minnow Bug Triage]]

= Bug Triage Order =
*[https://bugzilla.yoctoproject.org/buglist.cgi?list_id=604307&resolution=---&query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ACCEPTED&bug_status=IN%20PROGRESS%20DESIGN&bug_status=IN%20PROGRESS%20DESIGN%20COMPLETE&bug_status=IN%20PROGRESS%20IMPLEMENTATION&bug_status=IN%20PROGRESS%20REVIEW&bug_status=REOPENED&bug_status=NEEDINFO&product=Security&product=Security%20-%20Recipe%20Upgrade Security Issues]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Non-Prioritized_Bugs Non-Prioritized Bugs and Non Targeted Bugs]
*[https://bugzilla.yoctoproject.org/buglist.cgi?columnlist=product%2Ccomponent%2Cassigned_to%2Cbug_status%2Cresolution%2Cshort_desc%2Ctarget_milestone%2Cchangeddate&list_id=657544&query_format=advanced&resolution=---&status_whiteboard=AB-INT&status_whiteboard_type=allwordssubstr Autobuilder issues] ([https://autobuilder.yocto.io/pub/non-release/abint/ graphical report])
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#High_Enhancements.2FBugs High Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium+_5.1_Unassigned_Enhancements/Bugs Medium+ 5.1 Unassigned Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium+_5.99_Unassigned_Enhancements/Bugs Medium+ 5.99 Unassigned Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#NEEDINFO NEEDINFO]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Re-Opened Reopened]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Old_Milestone Old Milestone]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Future_.26_5.99_Milestones Future & 5.99 Milestones]

* Note/Suggestion for the Weekly Triage Meeting: Open the first link in a new browser window and then each additional link in a new tab in that new window. Close the new window when the triage meeting is done.

= Bug Criteria =
* Priority-Severity
** High: Two Week - shouldn't slip to next milestone without review by Triage team.
** Medium+: Milestone Target Required
** Medium: Nice to have for milestone, should have for release
** Low: Nice to have, but no urgency

* Future bugs and enhancements are a good idea to do, but not able in the near term to get fixed or done.
** If you want to work on them, please talk first to the existing owner or change the ownership to yourself if unassigned or newcomer.
*** Note: we have a special owner - newcomer@yoctoproject.org - which we think would be great opportunities for a newcomer to open source to start learning on.

* Special Case: Medium+ and Future Enhancement or Bug - These are a good idea and important to do, but not currently scheduled at this time.
** If you want to work on them, please talk first to the existing owner or change the ownership to yourself if unassigned or newcomer.
*** Note: we have a special owner - newcomer@yoctoproject.org - which we think would be great opportunities for a newcomer to open source to start learning on.

* For more details see the wiki [[Bugzilla Configuration and Bug Tracking]]

= Bug Status Dashboards =

Weekly - https://wiki.yoctoproject.org/charts/combo.html

Daily - https://wiki.yoctoproject.org/charts/daily/combo.html

= Bug Product Searches =

* [[Bug Product Triage]]

= Yocto Bug Triage Searches =
== Newcomer Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|to=newcomer@yoctoproject.org, unassigned@yoctoproject.org
|whiteboard=NEWCOMER
|product=!opkg
|severity=!janitors
|priority=!(Undecided)
|columns=id,summary,to,status,milestone,severity,priority,whiteboard
|sort=id
|noresultsmessage="No matching bugs found. Check for unassigned bugs."
|total=summary
}}

== Non-Prioritized Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=Undecided
|product=!(opkg, IoT Reference OS Kit, Toaster, Security Response Tool)
|severity=!janitors
|component=!(meta-cgl, meta-security, bsps-meta-ti)
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Non-Targeted Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|severity=!janitors
|product=!(opkg, IoT Reference OS Kit, Toaster, Security Response Tool)
|milestone=0.0.0
|component=!(meta-cgl, meta-security, infrastructure-general, bsps-meta-ti)
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== New This Week ==
{{#bugzilla:
|created=-1w
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=status,id
|noresultsmessage="No matching bugs found."
|total=summary,estimated
}}
== Closed This week ==
{{#bugzilla:
|status=(RESOLVED,VERIFIED,CLOSED)
|modified=-1w
|product=!opkg
|severity=!janitors
|columns=id,modified,summary,severity,priority,milestone,to,status,resolution
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== High Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=high
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ 5.1 Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=!(5.99, Q1, Q2, Q3, Q4, future)
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ 5.99 Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=5.99
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ Future Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=Future
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== NEEDINFO ==
{{#bugzilla:
|status=NEEDINFO
|columns=id,summary,to,status,severity,priority,milestone,modified,whiteboard
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
|modifiedformat=date
}}

== Re-Opened ==
{{#bugzilla:
|status=REOPENED
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone,priority,id
|product=!(opkg, IoT Reference OS Kit)
|severity=!janitors
|component=!(meta-cgl, meta-security)
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Old Milestone ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|milestone= !(3.1.34, 4.0.20, 4.0.21, 4.0.22, 5.0.2, 5.0.3, 5.0.4, 5.1, 5.1 M2, 5.1 M3, 5.1 M4, 5.99, Q1, Q2, Q3, Q4, future)
|product=!(opkg, IoT Reference OS Kit)
|severity=!janitors
|component=!(meta-cgl, meta-security)
|priority= !Undecided
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone,priority,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Future Dot Releases==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone= 3.1.27, 3.1.28, 3.1.29, 4.0.12, 4.0.13, 4.0.14, 4.2.3
|severity=!janitors
|priority= !Undecided
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone
|noresultsmessage="No matching bugs found."
|total=summary
}}

== YP Toaster Bugs==
Please refer to the [[Bug_Triage_Toaster]] Page

== YP Archived Queries==
Please refer to the [[Bug_Triage_Archive]] Page

== YP BSP Team Triage==
Please refer to the [[BSP Team Bug Triage]] Page

== YP Validation and Infrastructure Team Triage==
Please refer to the [[Validation and Infrastructure Team Bug Triage]] Page

== Future & 5.99 Milestones ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone=Future, 4.99, 5.99
|severity=!janitors
|priority= !(Undecided)
|columns=id,modified,summary,to,status,milestone,severity,priority
|sort=modified,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Future & 3.99 Milestones Check ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone=Future, 4.99
|whiteboard=REVIEW, QA, QA REVIEW, OB, OB REVIEW
|severity=!janitors
|priority= !(Undecided)
|columns=id,modified,summary,to,status,milestone,severity,priority,whiteboard
|sort=whiteboard,modified,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Quarterly Milestones==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|milestone=Q1,Q2,Q3,Q4
|severity=!janitors
|priority= !Undecided
|columns=id,modified,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone
|noresultsmessage="No matching bugs found."
|total=summary
}}

Bug Triage

2024-04-04T14:31:01Z

Yoann Congal: /* Bug Triage Order */ "Medium+ 5.0/5.1 Unassigned Enhancements/Bugs" link

= Goal =
The output of the bug triage meeting should be that all bugs have an owner, a target milestone, and a priority.

Prior to the meeting, each Product Owner should review their Weekly New and High Bugs and be ready with any opens. An example open would be a bug that may need to change Products.

= Roles =
* Call facilitator: Stephen Jolley (sjolley.yp.pm@gmail.com)
** Ensure we keep to the agenda, don't rathole on bug resolution, and stay within our time block.
* Team Leads should pre-triage bugs for their areas of responsibility. Some guidelines on what they should/shouldn't do are:
** a) Pre-triage should happen in the presence of the appropriate team lead,
** b) The bugs being pre-triaged should be the responsibility of the team in question.
** c) The pre-triage team should be confident when dis-positioning the bugs, taking into account the individual's workload.
** d) If the bug raises any doubt or needs information prior, defer it to the main bug triage team.
** e) To insure a bug is triaged by the main bug triage team; set its priority to Undecided.

= Agenda =
* Thursdays at 07:30 Pacific Time (15:30 GMT)
* [https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09 Zoom Call Link]
* Review [https://bugzilla.yoctoproject.org/buglist.cgi?list_id=604307&resolution=---&query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ACCEPTED&bug_status=IN%20PROGRESS%20DESIGN&bug_status=IN%20PROGRESS%20DESIGN%20COMPLETE&bug_status=IN%20PROGRESS%20IMPLEMENTATION&bug_status=IN%20PROGRESS%20REVIEW&bug_status=REOPENED&bug_status=NEEDINFO&product=Security&product=Security%20-%20Recipe%20Upgrade security issues]

* Review Queries
** State number, title, and owner
** Owner makes any modifications
** Assign owner, target milestone, and priority.
* Opens
** Collect opens
** Discuss opens

Note: for Minnowboard or MinnowBoard-MAX bugs go to: [[Minnow Bug Triage]]

= Bug Triage Order =
*[https://bugzilla.yoctoproject.org/buglist.cgi?list_id=604307&resolution=---&query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ACCEPTED&bug_status=IN%20PROGRESS%20DESIGN&bug_status=IN%20PROGRESS%20DESIGN%20COMPLETE&bug_status=IN%20PROGRESS%20IMPLEMENTATION&bug_status=IN%20PROGRESS%20REVIEW&bug_status=REOPENED&bug_status=NEEDINFO&product=Security&product=Security%20-%20Recipe%20Upgrade Security Issues]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Non-Prioritized_Bugs Non-Prioritized Bugs and Non Targeted Bugs]
*[https://bugzilla.yoctoproject.org/buglist.cgi?list_id=652616&query_format=advanced&resolution=---&status_whiteboard=AB-INT&status_whiteboard_type=allwordssubstr Autobuilder issues] ([https://autobuilder.yocto.io/pub/non-release/abint/ graphical report])
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#High_Enhancements.2FBugs High Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium+_5.0/5.1_Unassigned_Enhancements/Bugs Medium+ 5.0/5.1 Unassigned Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium+_5.99_Unassigned_Enhancements/Bugs Medium+ 5.99 Unassigned Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#NEEDINFO NEEDINFO]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Re-Opened Reopened]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Old_Milestone Old Milestone]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Future_.26_5.99_Milestones Future & 5.99 Milestones]

* Note/Suggestion for the Weekly Triage Meeting: Open the first link in a new browser window and then each additional link in a new tab in that new window. Close the new window when the triage meeting is done.

= Bug Criteria =
* Priority-Severity
** High: Two Week - shouldn't slip to next milestone without review by Triage team.
** Medium+: Milestone Target Required
** Medium: Nice to have for milestone, should have for release
** Low: Nice to have, but no urgency

* Future bugs and enhancements are a good idea to do, but not able in the near term to get fixed or done.
** If you want to work on them, please talk first to the existing owner or change the ownership to yourself if unassigned or newcomer.
*** Note: we have a special owner - newcomer@yoctoproject.org - which we think would be great opportunities for a newcomer to open source to start learning on.

* Special Case: Medium+ and Future Enhancement or Bug - These are a good idea and important to do, but not currently scheduled at this time.
** If you want to work on them, please talk first to the existing owner or change the ownership to yourself if unassigned or newcomer.
*** Note: we have a special owner - newcomer@yoctoproject.org - which we think would be great opportunities for a newcomer to open source to start learning on.

* For more details see the wiki [[Bugzilla Configuration and Bug Tracking]]

= Bug Status Dashboards =

Weekly - https://wiki.yoctoproject.org/charts/combo.html

Daily - https://wiki.yoctoproject.org/charts/daily/combo.html

= Bug Product Searches =

* [[Bug Product Triage]]

= Yocto Bug Triage Searches =
== Newcomer Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|to=newcomer@yoctoproject.org, unassigned@yoctoproject.org
|whiteboard=NEWCOMER
|product=!opkg
|severity=!janitors
|priority=!(Undecided)
|columns=id,summary,to,status,milestone,severity,priority,whiteboard
|sort=id
|noresultsmessage="No matching bugs found. Check for unassigned bugs."
|total=summary
}}

== Non-Prioritized Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=Undecided
|product=!(opkg, IoT Reference OS Kit, Toaster, Security Response Tool)
|severity=!janitors
|component=!(meta-cgl, meta-security, bsps-meta-ti)
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Non-Targeted Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|severity=!janitors
|product=!(opkg, IoT Reference OS Kit, Toaster, Security Response Tool)
|milestone=0.0.0
|component=!(meta-cgl, meta-security, infrastructure-general, bsps-meta-ti)
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== New This Week ==
{{#bugzilla:
|created=-1w
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=status,id
|noresultsmessage="No matching bugs found."
|total=summary,estimated
}}
== Closed This week ==
{{#bugzilla:
|status=(RESOLVED,VERIFIED,CLOSED)
|modified=-1w
|product=!opkg
|severity=!janitors
|columns=id,modified,summary,severity,priority,milestone,to,status,resolution
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== High Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=high
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ 5.0/5.1 Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=!(5.99, Q1, Q2, Q3, Q4, future)
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ 5.99 Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=5.99
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ Future Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=Future
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== NEEDINFO ==
{{#bugzilla:
|status=NEEDINFO
|columns=id,summary,to,status,severity,priority,milestone,modified,whiteboard
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
|modifiedformat=date
}}

== Re-Opened ==
{{#bugzilla:
|status=REOPENED
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone,priority,id
|product=!(opkg, IoT Reference OS Kit)
|severity=!janitors
|component=!(meta-cgl, meta-security)
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Old Milestone ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|milestone= !(3.1.33, 3.1.34, 4.0.17, 4.0.18, 4.0.19, 4.0.20, 5.0, 5.0 M4, 5.1, 5.1 M1, 5.1 M2, 5.1 M3, 5.1 M4, 5.99, Q1, Q2, Q3, Q4, future)
|product=!(opkg, IoT Reference OS Kit)
|severity=!janitors
|component=!(meta-cgl, meta-security)
|priority= !Undecided
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone,priority,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Future Dot Releases==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone= 3.1.27, 3.1.28, 3.1.29, 4.0.12, 4.0.13, 4.0.14, 4.2.3
|severity=!janitors
|priority= !Undecided
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone
|noresultsmessage="No matching bugs found."
|total=summary
}}

== YP Toaster Bugs==
Please refer to the [[Bug_Triage_Toaster]] Page

== YP Archived Queries==
Please refer to the [[Bug_Triage_Archive]] Page

== YP BSP Team Triage==
Please refer to the [[BSP Team Bug Triage]] Page

== YP Validation and Infrastructure Team Triage==
Please refer to the [[Validation and Infrastructure Team Bug Triage]] Page

== Future & 5.99 Milestones ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone=Future, 4.99, 5.99
|severity=!janitors
|priority= !(Undecided)
|columns=id,modified,summary,to,status,milestone,severity,priority
|sort=modified,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Future & 3.99 Milestones Check ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone=Future, 4.99
|whiteboard=REVIEW, QA, QA REVIEW, OB, OB REVIEW
|severity=!janitors
|priority= !(Undecided)
|columns=id,modified,summary,to,status,milestone,severity,priority,whiteboard
|sort=whiteboard,modified,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Quarterly Milestones==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|milestone=Q1,Q2,Q3,Q4
|severity=!janitors
|priority= !Undecided
|columns=id,modified,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone
|noresultsmessage="No matching bugs found."
|total=summary
}}

AutoBuilder Cluster Setup

2024-03-18T21:29:01Z

Yoann Congal: /* As root */ Fix QuickStart doc URL

While the instructions below are targeted at setting up a new AutoBuilder cluster, they are equally valid for an single machine with combined controller and worker, except you probably won't use a NAS for storage. The controller portion requires only 2 GB of local disk space; the worker requires 2+ TB to hold all the build temp files and git repos. If build artifacts and a local sstate mirror are included, additional worker space is required.

==As root==
* Install base OS with minimal target
* Install the requirements from https://docs.yoctoproject.org/brief-yoctoprojectqs/index.html#build-host-packages
** (Note: if you plan to build the poky-eclipse-neon plugin, openjdk-headless 1.8 is required.)
* If you plan to run the sanity tests (which is typical for an AB), the following additional packages need to be installed:
** GitPython for Python2 and Python3
** zstd & lz4 (or liblz4-tool)
** xsltproc
** gnupg
** vncserver (whichever one is provided by the distro is fine)
* Add pokybuild user (uid=6000, or for older clusters 1006)
* Add pokybuild user to "users" group (gid 100) (if "users" group does not exist, create it)
* Following the instructions from https://wiki.yoctoproject.org/wiki/How_to_enable_KVM_for_Poky_qemu, give /dev/kvm permissions to the pokybuild user.
* If a "kvm" group does not exist, add it to /etc/group and ensure /dev/kvm gid is set to "kvm" and is mode 660. Add pokybuild user to the "kvm" group.
* git clone --single-branch https://git.yoctoproject.org/git/poky /root/poky (in /root for historical reasons, should change in the future)
* ''If adding tap devs for sanity testing.'' Install https://downloads.yoctoproject.org/releases/yocto/yocto-{latest_release}/toolchain/x86_64/poky-glibc-x86_64-core-image-sato-core2-64-toolchain-{relver}.sh to /opt/poky.
* Add startup scripts to create tap devs and start vncserver, in /etc/rc.local, /etc/init.d/boot.local, or as systemd unit files, which should perform the following:
** cd /root/poky/scripts/; ./runqemu-gen-tapdevs 6000 100 32 /opt/poky/sysroots/x86_64-pokysdk-linux/
** /bin/su - pokybuild -c "/usr/bin/vncserver"
**Note that the location of the buildtools might actually be different than the example shown here, depending on the default path, etc. If you run into a tunctl error when generating the tapdevs, it's likely a path problem.
** You will need to run vncserver once as the pokybuild user, and set the password. The password of "builder" is generally used. Sanity tests require vncserver to listen on port 5901, the default.
* Disable or edit firewall rules to allow all connections to the tap devices. This allows sanity tests to connect to booted images.
* Install nfs-utils or nfs-common, add Domain to /etc/idmapd.conf, fstab entry, mount NAS under /srv/autobuilder.
* We use more watches then the defaults generally allow so, echo "fs.inotify.max_user_watches=65536" >> /etc/sysctl.conf
* We open more files than most distros allow so adjust ulimits. Add to /etc/security/limits.conf
** * hard nproc 515294
** * soft nproc 514543
** * soft nofile 131072
** * hard nofile 131072
** * hard memlock 16384
** * soft memlock 16384

==As pokybuild==

* Set up buildset-config, either:
** Add ssh key to clone production yocto-autobuilder
** git clone https://git.yoctoproject.org/git/yocto-autobuilder && cd yocto-autobuilder && git remote add prod git@git.yoctoproject.org:yocto-autobuilder-production && git fetch prod && git checkout -b yoctoio prod/yoctoio
* or:
** edit one of the several examples included in repo e.g. cp -r buildset-config.controller buildset-config

* configure git
** git config --global gc.auto 0
** git config --global user.name pokybuild
** git config --global user.email pokybuild@$(hostname -f)
* update config/autobuilder.conf and yocto-worker/buildbot.tac
* Start the worker
** touch ~/yocto-autobuilder/.setupdone
** . yocto-autobuilder-setup
** ./yocto-start-autobuilder worker

CVE Status

2024-02-07T14:26:55Z

Yoann Congal: CVE-2023-6693

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 CVE-2023-5088] (qemu) ===

Fix merged https://github.com/qemu/qemu/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e
Present in >=8.2.0 (OE-core qemu = 8.2.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 CVE-2023-4692] (grub) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 CVE-2023-4693] (grub:grub-efi:grub-native) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6683 CVE-2023-6683] (qemu) ===

Patch posted : [https://lists.nongnu.org/archive/html/qemu-devel/2024-01/msg02382.html ui/clipboard: avoid crash upon request when clipboard peer is no] not merged yet

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6693 CVE-2023-6693] (qemu) ===

Backported upstream 939a09575fff7048446e36ce438fa7be6e251d41 in v8.2.1. CPE change request sent to NVD 07/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 CVE-2023-48795] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 CVE-2023-51384] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 CVE-2023-51385] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 CVE-2023-51767] (openssh) ===

"openssh: authentication bypass via row hammer attack"
Upstream bug : https://bugzilla.mindrot.org/show_bug.cgi?id=3656 (still open, no patch)
Real-world impacts seem quite low

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52355 CVE-2023-52355] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/621
Closed with a doc patch only
=> This one is here to stay? (Dev & security people don't seem to agree on what constitute a vulnerability)

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52356 CVE-2023-52356] (tiff) ===

Simone Weiß sent a patch : https://lists.openembedded.org/g/openembedded-core/message/195011

CVE Status

2024-02-07T14:24:00Z

Yoann Congal: CVE-2023-6683

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 CVE-2023-5088] (qemu) ===

Fix merged https://github.com/qemu/qemu/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e
Present in >=8.2.0 (OE-core qemu = 8.2.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 CVE-2023-4692] (grub) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 CVE-2023-4693] (grub:grub-efi:grub-native) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6683 CVE-2023-6683] (qemu) ===

Patch posted : [https://lists.nongnu.org/archive/html/qemu-devel/2024-01/msg02382.html ui/clipboard: avoid crash upon request when clipboard peer is no] not merged yet

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 CVE-2023-48795] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 CVE-2023-51384] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 CVE-2023-51385] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 CVE-2023-51767] (openssh) ===

"openssh: authentication bypass via row hammer attack"
Upstream bug : https://bugzilla.mindrot.org/show_bug.cgi?id=3656 (still open, no patch)
Real-world impacts seem quite low

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52355 CVE-2023-52355] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/621
Closed with a doc patch only
=> This one is here to stay? (Dev & security people don't seem to agree on what constitute a vulnerability)

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52356 CVE-2023-52356] (tiff) ===

Simone Weiß sent a patch : https://lists.openembedded.org/g/openembedded-core/message/195011

CVE Status

2024-02-07T14:19:56Z

Yoann Congal: CVE-2023-52356

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 CVE-2023-5088] (qemu) ===

Fix merged https://github.com/qemu/qemu/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e
Present in >=8.2.0 (OE-core qemu = 8.2.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 CVE-2023-4692] (grub) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 CVE-2023-4693] (grub:grub-efi:grub-native) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 CVE-2023-48795] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 CVE-2023-51384] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 CVE-2023-51385] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 CVE-2023-51767] (openssh) ===

"openssh: authentication bypass via row hammer attack"
Upstream bug : https://bugzilla.mindrot.org/show_bug.cgi?id=3656 (still open, no patch)
Real-world impacts seem quite low

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52355 CVE-2023-52355] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/621
Closed with a doc patch only
=> This one is here to stay? (Dev & security people don't seem to agree on what constitute a vulnerability)

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52356 CVE-2023-52356] (tiff) ===

Simone Weiß sent a patch : https://lists.openembedded.org/g/openembedded-core/message/195011

CVE Status

2024-02-07T14:17:13Z

Yoann Congal: CVE-2023-52355 ordering

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 CVE-2023-5088] (qemu) ===

Fix merged https://github.com/qemu/qemu/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e
Present in >=8.2.0 (OE-core qemu = 8.2.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 CVE-2023-4692] (grub) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 CVE-2023-4693] (grub:grub-efi:grub-native) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 CVE-2023-48795] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 CVE-2023-51384] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 CVE-2023-51385] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 CVE-2023-51767] (openssh) ===

"openssh: authentication bypass via row hammer attack"
Upstream bug : https://bugzilla.mindrot.org/show_bug.cgi?id=3656 (still open, no patch)
Real-world impacts seem quite low

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52355 CVE-2023-52355] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/621
Closed with a doc patch only
=> This one is here to stay? (Dev & security people don't seem to agree on what constitute a vulnerability)

CVE Status

2024-02-07T14:16:34Z

Yoann Congal: CVE-2023-52355

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 CVE-2023-5088] (qemu) ===

Fix merged https://github.com/qemu/qemu/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e
Present in >=8.2.0 (OE-core qemu = 8.2.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 CVE-2023-4692] (grub) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 CVE-2023-4693] (grub:grub-efi:grub-native) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 CVE-2023-48795] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 CVE-2023-51384] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 CVE-2023-51385] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52355 CVE-2023-52355] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/621
Closed with a doc patch only
=> This one is here to stay? (Dev & security people don't seem to agree on what constitute a vulnerability)

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 CVE-2023-51767] (openssh) ===

"openssh: authentication bypass via row hammer attack"
Upstream bug : https://bugzilla.mindrot.org/show_bug.cgi?id=3656 (still open, no patch)
Real-world impacts seem quite low

CVE Status

2024-02-07T14:12:21Z

Yoann Congal: CVE-2023-51767 ordering

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 CVE-2023-5088] (qemu) ===

Fix merged https://github.com/qemu/qemu/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e
Present in >=8.2.0 (OE-core qemu = 8.2.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 CVE-2023-4692] (grub) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 CVE-2023-4693] (grub:grub-efi:grub-native) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 CVE-2023-48795] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 CVE-2023-51384] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 CVE-2023-51385] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 CVE-2023-51767] (openssh) ===

"openssh: authentication bypass via row hammer attack"
Upstream bug : https://bugzilla.mindrot.org/show_bug.cgi?id=3656 (still open, no patch)
Real-world impacts seem quite low

CVE Status

2024-02-07T14:11:21Z

Yoann Congal: /* CVE-2023-51767 (openssh) */

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 CVE-2023-5088] (qemu) ===

Fix merged https://github.com/qemu/qemu/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e
Present in >=8.2.0 (OE-core qemu = 8.2.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 CVE-2023-4692] (grub) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 CVE-2023-4693] (grub:grub-efi:grub-native) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 CVE-2023-48795] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 CVE-2023-51384] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 CVE-2023-51767] (openssh) ===

"openssh: authentication bypass via row hammer attack"
Upstream bug : https://bugzilla.mindrot.org/show_bug.cgi?id=3656 (still open, no patch)
Real-world impacts seem quite low

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 CVE-2023-51385] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

CVE Status

2024-02-07T14:09:07Z

Yoann Congal: CVE-2023-5088

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 CVE-2023-5088] (qemu) ===

Fix merged https://github.com/qemu/qemu/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e
Present in >=8.2.0 (OE-core qemu = 8.2.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 CVE-2023-4692] (grub) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 CVE-2023-4693] (grub:grub-efi:grub-native) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 CVE-2023-48795] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 CVE-2023-51384] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 CVE-2023-51385] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

CVE Status

2024-02-07T14:07:02Z

Yoann Congal: CVE-2023-48795 CVE-2023-51384 CVE-2023-51385

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 CVE-2023-4692] (grub) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 CVE-2023-4693] (grub:grub-efi:grub-native) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 CVE-2023-48795] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 CVE-2023-51384] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 CVE-2023-51385] (openssh) ===

Fix WIP : https://lists.openembedded.org/g/openembedded-core/topic/103546397#193372

CVE Status

2024-02-07T14:02:57Z

Yoann Congal: CVE-2023-4693

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 CVE-2023-4692] (grub) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 CVE-2023-4693] (grub:grub-efi:grub-native) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

CVE Status

2024-02-07T14:01:21Z

Yoann Congal: CVE-2023-4692

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 CVE-2023-4692] (grub) ===

(in NTFS support) : Fix merged : e58b870ff926415e23fc386af41ff81b2f588763 + 6 parents , released in 2.12
OE-Core grub = 2.12
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

CVE Status

2024-02-07T13:53:10Z

Yoann Congal: /* CVE-2023-42366 (busybox) */ syntax fix (again)

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – PATCH awk.c: fix CVE-2023-42366 (bug #15874)]

CVE Status

2024-02-07T13:52:42Z

Yoann Congal: /* CVE-2023-42366 (busybox) */ syntax fix

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [https://bugs.busybox.net/attachment.cgi?id=9697&action=edit Attachment 9697 Details for Bug 15874 – [PATCH] awk.c: fix CVE-2023-42366 (bug #15874)]

CVE Status

2024-02-07T13:52:06Z

Yoann Congal: CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366

This is a list of CVEs which are currently being reported as open, and the current state.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===

Claims to be about breaking into VPN tunnels. OpenVPN dispute, Red Hat think it might actually have a larger scope but also the paper is misleading.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===

Flaw in kernel memory de-duplication. Still an issue, albeit minor.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===

Issue with suid binaries and coredumps. Last known progress on mitigating was [https://lore.kernel.org/lkml/CAAq0SUmw3fGtwDifbBMrD7jgPBGQb7uC0K9hJetVTRQO7boPtA@mail.gmail.com/t/#u this thread].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 CVE-2022-3219] (gnupg) ===

Hypothetical DoS. A patch [https://dev.gnupg.org/D556 was proposed] but hasn't been reviewed or merged.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===

Out-of-bounds read in the SMC stack. Details are still embargoed so can't tell what this actually impacts.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===

Race in the X.25 AF_ROSE implementation, so only an issue if <tt>CONFIG_ROSE</tt> is enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===

aka EntryBleed. Vulnerable on x86-64 systems.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===

Bug in vmwgfx driver, still open. Mitigated if CONFIG_DRM_VMWGFX is not enabled.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 CVE-2022-46456] (nasm) ===

Buffer overflow, [https://bugzilla.nasm.us/show_bug.cgi?id=3392814 still open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 CVE-2023-0687] (glibc) ===

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===

Still [https://github.com/v9fs/linux/issues/29 open upstream].

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===

Fixed in 8.2.0 with 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc. NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 CVE-2023-3164] (tiff) ===

Upstream issue https://gitlab.com/libtiff/libtiff/-/issues/542 closed as "wontfix-unmaintained"
Only affect the tiffcrop tool not compiled by default since 4.6.0 (OE-Core = 4.6.0).
NVD pinged 06/02/2024.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===

CPU-level address leak specific to x86, still an issue.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===

Merged in 00374d9b6d9f932802b55181be9831aa948e5b7c, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===

Merged in 5e2424708da7207087934c5c75211e8584d553a0, needs backport.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===

Hang in USB subsystem. No fix yet.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===

Merged in 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81, needs backporting.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 CVE-2023-37769] (pixman) ===

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===

[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 CVE-2023-4569] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/346.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 CVE-2023-4611] (linux-yocto) ===

Fixed upstream. LKC https://github.com/nluedtke/linux_kernel_cves/issues/347.

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 CVE-2023-25584] (binutils) ===

Merged fix in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44. Present in binutils >=2.40
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 CVE-2023-38559] (ghostscript) ===

Fix https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1
Present in >= 10.02.0 (OE-core ghostscript = 10.02.1)
NVD pinged 06/02/2024

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 CVE-2023-42363] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15865"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 CVE-2023-42364] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15868"

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 CVE-2023-42365] (busybox) ===

Upstream bug still open https://bugs.busybox.net/show_bug.cgi?id=15871 "

=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 CVE-2023-42366] (busybox) ===

Patch available (not merged yet) : [Attachment 9697 Details for Bug 15874 – [PATCH] awk.c: fix CVE-2023-42366 (bug #15874) https://bugs.busybox.net/attachment.cgi?id=9697&action=edit]

CVE Status

2024-02-07T13:48:49Z

Yoann Congal: /* CVE-2023-25584 (binutils) */ CVE-2023-38559

CVE Status

2024-02-07T13:46:50Z

Yoann Congal: /* CVE-2023-3019 (qemu) */ CVE-2023-3164

CVE Status

2024-02-07T13:45:03Z

Yoann Congal: /* CVE-2023-3019 (qemu) */ NVD pinged 06/02/2024.

CVE Status

2024-02-07T11:34:25Z

Yoann Congal: CVE-2023-25584

Releases

2024-01-26T21:24:13Z

Yoann Congal: Added a Notes column to add Recipe_Versions link

== Release Activity==

See also [https://docs.yoctoproject.org/dev/_images/releases.svg a graphical release timeline].

Releases can be downloaded at https://www.yoctoproject.org/software-overview/downloads/

{| class="wikitable" border="2"
!Codename
!Yocto Project Version
!Release Date
!Current Version
!Support Level
!Poky Version
!BitBake branch
! Maintainer
!Notes
|-
|Scarthgap
|5.0
| April 2024
|
|Future - Long Term Support (until April 2028)
|N/A
|2.8
|Richard Purdie <richard.purdie@linuxfoundation.org>
|[[Recipe_Versions|Recipe versions]]
|-
|Nanbield (like 'man field')
|4.3
| November 2023
| 4.3.2 (January 2024)
|Support for 7 months (until May 2024)
|N/A
|2.6
|Steve Sakoman <steve@sakoman.com>
|- style="color: slategray;"
|Mickledore
|4.2
| May 2023
| 4.2.4 (December 2023)
| EOL
|N/A
|2.4
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Langdale
|4.1
| October 2022
| 4.1.4 (May 2023)
| EOL
|N/A
|2.2
|Steve Sakoman <steve@sakoman.com>
|-
|Kirkstone (like 'kirk stun')
|4.0
|May 2022
|4.0.15 (December 2023)
|Long Term Support (Apr. 2026¹)
|N/A
|2.0
|Steve Sakoman <steve@sakoman.com>
|-
|-style="color: slategray;"
|Honister
|3.4
|October 2021
|3.4.4 (May 2022)
|EOL
|N/A
|1.52
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Hardknott
|3.3
|April 2021
|3.3.6 (April 2022)
|EOL
|N/A
|1.50
|Anuj Mittal <anuj.mittal@intel.com>
|-
|-style="color: slategray;"
|Gatesgarth
|3.2
|Oct 2020
|3.2.4 (May 2021)
|EOL
|N/A
|1.48
|Anuj Mittal <anuj.mittal@intel.com>
|-
|Dunfell
|3.1
|April 2020
|3.1.30 (December 2023)
|Long Term Support (until Apr. 2024¹)
|23.0
|1.46
|Steve Sakoman <steve@sakoman.com>
|-style="color: slategray;"
|Zeus
|3.0
|October 2019
|3.0.4 (August 2020)
|EOL
|22.0.3
|1.44
| Anuj/Armin
|-style="color: slategray;"
|Warrior
|2.7
|April 2019
|2.7.4 (June 2020)
|EOL
|21.0
|1.42
|Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Thud
|2.6
|Nov 2018
|2.6.4 (October 2019)
|EOL
|20.0
|1.40
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Sumo
|2.5
|April 2018
|2.5.3 (April 2019)
|EOL
|19.0
|1.38
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Rocko
|2.4
|Oct 2017
|2.4.4 (November 2018)
|EOL
|18.0
|1.36
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Pyro
|2.3
|May 2017
|2.3.4 (July 2018)
|EOL
|17.0
|1.34
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Morty
|2.2
|Nov 2016
|2.2.4 (July 2018)
|EOL
|16.0
|1.32
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Krogoth
|2.1
|Apr 2016
|2.1.3 (July 2017)
|EOL
|15.0
|1.30
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Jethro
|2.0
|Nov 2015
|2.0.3 (January 2016)
|EOL
|14.0
|1.28
|Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Fido
|1.8
|Apr 2015
|1.8.2
|EOL
|13.0
|1.26
|Joshua Lock <joshua.g.lock@intel.com>
|-style="color: slategray;"
|Dizzy
|1.7
|Oct 2014
|1.7.3
|EOL
|12.0
|1.24
| Armin Kuster <akuster808@gmail.com>
|-style="color: slategray;"
|Daisy
|1.6
|Apr 2014
|1.6.3
|EOL
|11.0
|1.22
| Saul Wold <sgw@linux.intel.com>
|-style="color: slategray;"
|Dora
|1.5
|Oct 2013
|1.5.4
|EOL
|10.0
|1.20
| Robert Yang <liezhi.yang@windriver.com>
|-style="color: slategray;"
|Dylan
|1.4
|Apr 2013
|1.4.3
|EOL
|9.0
|1.18
| Paul Eggleton <paul.eggleton@linux.intel.com>
|-style="color: slategray;"
|Danny
|1.3
|Oct 2012
|1.3.2
|EOL
|8.0
|1.16
|Ross Burton <ross.burton@intel.com>
|-style="color: slategray;"
|Denzil
|1.2
|Apr 2012
|1.2.2
|EOL
|7.0
|1.15
|-style="color: slategray;"
|Edison
|1.1
|Oct 2011
|1.1.2
|EOL
|6.0
|1.13
|-style="color: slategray;"
|Bernard
|1.0
|Apr 2011
|1.0.2
|EOL
|5.0
|1.11
|-style="color: slategray;"
|Laverne
|0.9
|Oct 2010
|
|
|4.0
|1.11
|-style="color: slategray;"
|Green
|N/A
|11 June 2010
|
|
|3.3
|
|-style="color: slategray;"
|Purple
|N/A
|15 Dec 2009
|
|
|3.2
|
|-style="color: slategray;"
|Pinky
|N/A
|12 Nov 2009
|
|
|3.1
|
|-style="color: slategray;"
|Blinky
|N/A
|1 Aug 2007
|
|
|3.0
|
|-style="color: slategray;"
|Clyde
|N/A
|19 Jan 2007
|
|
|2.0
|
|-style="color: slategray;"
|Inky
|N/A
|10 Feb 2006
|
|
|1.0
|
|}

'''Note:''' see also [[Stable Release and LTS]], [[Linux Yocto]], [[Planning]] and [[Release Feature Table]] pages. EOL means some community support on email lists but no commit updates in the repos. There is also OS Vendor support for some Yocto EOL releases.

¹ The 3.1 series and 4.0 were originally planned for two years but extended to four. Future LTS releases are planned for 4 years.

== Releases Links==
{| class="wikitable" border="2"
| align="center" style="background:#f0f0f0;"|'''Yocto Project Release'''
| align="center" style="background:#f0f0f0;"|'''Code Name'''
| align="center" style="background:#f0f0f0;"|'''Poky version'''
| align="center" style="background:#f0f0f0;"|'''Maintainer'''
| align="center" style="background:#f0f0f0;"|'''Features'''
| align="center" style="background:#f0f0f0;"|'''Schedule'''
| align="center" style="background:#f0f0f0;"|'''Status'''
| align="center" style="background:#f0f0f0;"|'''QA Test Plan'''
| align="center" style="background:#f0f0f0;"|'''QA Test Report'''
| align="center" style="background:#f0f0f0;"|'''Release notes'''

|-valign="top"
| Yocto Project 3.4
| Honister
| 26.0
| Anuj Mittal
| [[Yocto_3.4_Features]]
| [[Yocto_3.4_Schedule]]
| [[Yocto_Project_v3.4_Status]]
| [[Yocto_Project_3.4_Release_Test_Plan | Yocto_3.4_Overall_Test_Plan]]
| [[Yocto_Project_3.4_Release_Test_Plan#Execution_History | 3.4 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/229 3.4 release notes]
|-
| Yocto Project 3.3
| Hardknott
| 25.0
| Anuj Mittal
| [[Yocto_3.3_Features]]
| [[Yocto_3.3_Schedule]]
| [[Yocto_Project_v3.3_Status]]
| [[Yocto_Project_3.3_Release_Test_Plan | Yocto_3.3_Overall_Test_Plan]]
| [[Yocto_Project_3.3_Release_Test_Plan#Execution_History | 3.3 qa run history]]
| [https://lists.yoctoproject.org/g/yocto-announce/message/215 3.3 release notes]
|-
| Yocto Project 3.2
| Gatesgarth
| 24.0
| Anuj Mittal
| [[Yocto_3.2_Features]]
| [[Yocto_3.2_Schedule]]
| [[Yocto_Project_v3.2_Status]]
| [[Yocto_Project_3.2_Release_Test_Plan | Yocto_3.2_Overall_Test_Plan]]
| [[Yocto_Project_3.2_Release_Test_Plan#Execution_History | 3.2 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/51262 3.2 release notes]
|-
|-valign="top"
| Yocto Project 3.1
| Dunfell
| 23.0
| Steve Sakoman
| [[Yocto_3.1_Features]]
| [[Yocto_3.1_Schedule]]
| [[Yocto_Project_v3.1_Status]]
| [[Yocto_Project_3.1_Release_Test_Plan | Yocto_3.1_Overall_Test_Plan]]
| [[Yocto_Project_3.1_Release_Test_Plan#Execution_History | 3.1 qa run history]]
| [https://lists.yoctoproject.org/g/yocto/message/49201 3.1 release notes]
|-

|-valign="top"
| Yocto Project 3.0
| Zeus
| 22.0
| Armin Kuster/Anuj Mittal
| [[Yocto_2.8_Features]]
| [[Yocto_2.8_Schedule]]
| [[Yocto_Project_v2.8_Status]]
| [[Yocto_Project_2.8_Release_Test_Plan | Yocto_2.8_Overall_Test_Plan]]
| [[Yocto_Project_2.8_Release_Test_Plan#Execution_History | 2.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-October/047111.html 3.0 release notes]
|-
|-valign="top"
| Yocto Project 2.7
| Warrior
| 21.0
| Community
| [[Yocto_2.7_Features]]
| [[Yocto_2.7_Schedule]]
| [[Yocto_Project_v2.7_Status]]
| [[Yocto_Project_2.7_Release_Test_Plan | Yocto_2.7_Overall_Test_Plan]]
| [[Yocto_Project_2.7_Release_Test_Plan#Execution_History | 2.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto/2019-May/045028.html 2.7 release notes]
|-
|-valign="top"
| Yocto Project 2.6
| Thud
| 20.0
| Community
| [[Yocto_2.6_Features]]
| [[Yocto_2.6_Schedule]]
| [[Yocto_Project_v2.6_Status]]
| [[Yocto_Project_2.6_Release_Test_Plan | Yocto_2.6_Overall_Test_Plan]]
| [[Yocto_Project_2.6_Release_Test_Plan#Execution_History | 2.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-November/000147.html 2.6 release notes]
|-
|-valign="top"
| Yocto Project 2.5
| Sumo
| 19.0
| Community
| [[Yocto_2.5_Features]]
| [[Yocto_2.5_Schedule]]
| [[Yocto_Project_v2.5_Status]]
| [[Yocto_Project_2.5_Release_Test_Plan | Yocto_2.5_Overall_Test_Plan]]
| [[Yocto_Project_2.5_Release_Test_Plan#Execution_History | 2.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2018-May/000136.html 2.5 release notes]
|-
|-valign="top"
| Yocto Project 2.4
| Rocko
| 18.0
| Community
| [[Yocto_2.4_Features]]
| [[Yocto_2.4_Schedule]]
| [[Yocto_Project_v2.4_Status]]
| [[Yocto_Project_2.4_Release_Test_Plan | Yocto_2.4_Overall_Test_Plan]]
| [[Yocto_Project_2.4_Release_Test_Plan#Execution_History | 2.4 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-October/000125.html 2.4 release notes]
|-
|-valign="top"
| Yocto Project 2.3
| Pyro
| 17.0
| Community
| [[Yocto_2.3_Features]]
| [[Yocto_2.3_Schedule]]
| [[Yocto_Project_v2.3_Status]]
| [[Yocto_Project_2.3_Release_Test_Plan | Yocto_2.3_Overall_Test_Plan]]
| [[Yocto_Project_2.3_Release_Test_Plan#Execution_History | 2.3 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2017-May/000112.html 2.3 release notes]
|-
|-valign="top"
| Yocto Project 2.2
| Morty
| 16.0
| Community
| [[Yocto_2.2_Features]]
| [[Yocto_2.2_Schedule]]
| [[Yocto_Project_v2.2_Status]]
| [[Yocto_2.2_Overall_Test_Plan]]
| [[Yocto_Project_2.2_Release_Test_Plan#Execution_History | 2.2 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-November/000101.html 2.2 release notes]
|-
|-valign="top"
| Yocto Project 2.1
| Krogoth
| 15.0
| Community
| [[Yocto_2.1_Features]]
| [[Yocto_2.1_Schedule]]
| [[Yocto_Project_v2.1_Status]]
| [[Yocto_2.1_Overall_Test_Plan]]
| [[2.1 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2016-May/000089.html 2.1 release notes]
|-
|-valign="top"
| Yocto Project 2.0
| Jethro
| 14.0
| Community
| [[Yocto_1.9_Features]]
| [[Yocto_1.9_Schedule]]
| [[Yocto_Project_v1.9_Status]]
|
| [[1.9 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-November/000076.html 2.0 release notes]
|-valign="top"
| Yocto Project 1.8
| Fido
| 13.0
| Community
| [[Yocto_1.8_Features]]
| [[Yocto_1.8_Schedule]]
| [[Yocto_Project_v1.8_Status]]
| [[Yocto_1.8_Overall_Test_Plan]]
| [[1.8 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2015-April/000062.html 1.8 release notes]
|-
| Yocto Project 1.7
| Dizzy
| 12.0
| Community
| [[Yocto_1.7_Features]]
| [[Yocto_1.7_Schedule]]
| [[Yocto_Project_v1.7_Status]]
| [[Yocto_1.7_Overall_Test_Plan]]
| [[1.7 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-October/000053.html 1.7 release notes]
|-
| Yocto Project 1.6
| Daisy
| 11.0
| Community
| [[Yocto_1.6_Features]]
| [[Yocto_1.6_Schedule]]
| [[Yocto_Project_v1.6_Status]]
| [[Yocto_1.6_Overall_Test_Plan]]
| [[1.6 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2014-April/000045.html 1.6 release notes]
|-
| Yocto Project 1.5
| Dora
| 10.0
| Community
| [[Yocto_1.5_Features]]
| [[Yocto_1.5_Schedule]]
| [[Yocto_Project_v1.5_Status]]
| [[Yocto_1.5_Overall_Test_Plan]]
| [[1.5 qa run history]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-October/000037.html 1.5 release notes]
|-
| Yocto Project 1.4
| Dylan
| 9.0
| Community
| [[Yocto_1.4_Features]]
| [[Yocto_1.4_Schedule]]
| [[Yocto_Project_v1.4_Status]]
| [[Yocto_1.4_Overall_Test_Plan]]
| [[Yocto_1.4_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2013-April/000027.html 1.4 release notes]
|-
| Yocto Project 1.3
| Danny
| 8.0
| Community
| [[Yocto_1.3_Features]]
| [[Yocto_1.3_Schedule]]
| [[Yocto_Project_v1.3_Status]]
| [[Yocto_1.3_Overall_Test_Plan]]
| [[Yocto_1.3_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-October/000020.html 1.3 release notes]
|-
| Yocto Project 1.2
| Denzil
| 7.0
| Community
| [[Yocto_1.2_Features]]
| [[Yocto_1.2_Schedule]]
| [[Yocto_Project_v1.2_Status]]
| [[Yocto_1.2_Overall_Test_Plan]]
| [[Yocto_1.2_Milestone_Test_Report]]
| [https://lists.yoctoproject.org/pipermail/yocto-announce/2012-April/000009.html 1.2 release notes]
|-
| Yocto Project 1.1
| Edison
| 6.0
| Community
| [[Yocto_1.1_Features]]
| [[Yocto_1.1_Schedule]]
| [[Yocto_Project_v1.1_Release_Criteria]]
| [[Yocto_1.1_Overall_Test_Plan]]
| [[Yocto_1.1_Milestone_Test_Report]]
|
|-
| Yocto Project 1.0
| Bernard
| 5.0
| Community
| [[Yocto_Features]]
| [[Yocto_1.0_Schedule]]
| [[Yocto_Project_v1.0_Release_Criteria]]
| [[Yocto_1.0_Overall_Test_Plan]]
|
|
|}

Bug Triage

2023-12-07T16:09:37Z

Yoann Congal: /* Bug Triage Order */ Change links to 5.x releases

= Goal =
The output of the bug triage meeting should be that all bugs have an owner, a target milestone, and a priority.

Prior to the meeting, each Product Owner should review their Weekly New and High Bugs and be ready with any opens. An example open would be a bug that may need to change Products.

= Roles =
* Call facilitator: Stephen Jolley (sjolley.yp.pm@gmail.com)
** Ensure we keep to the agenda, don't rathole on bug resolution, and stay within our time block.
* Team Leads should pre-triage bugs for their areas of responsibility. Some guidelines on what they should/shouldn't do are:
** a) Pre-triage should happen in the presence of the appropriate team lead,
** b) The bugs being pre-triaged should be the responsibility of the team in question.
** c) The pre-triage team should be confident when dis-positioning the bugs, taking into account the individual's workload.
** d) If the bug raises any doubt or needs information prior, defer it to the main bug triage team.
** e) To insure a bug is triaged by the main bug triage team; set its priority to Undecided.

= Agenda =
* Thursdays at 07:30 Pacific Time (15:30 GMT)
* [https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09 Zoom Call Link]
* Review [https://bugzilla.yoctoproject.org/buglist.cgi?list_id=604307&resolution=---&query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ACCEPTED&bug_status=IN%20PROGRESS%20DESIGN&bug_status=IN%20PROGRESS%20DESIGN%20COMPLETE&bug_status=IN%20PROGRESS%20IMPLEMENTATION&bug_status=IN%20PROGRESS%20REVIEW&bug_status=REOPENED&bug_status=NEEDINFO&product=Security&product=Security%20-%20Recipe%20Upgrade security issues]

* Review Queries
** State number, title, and owner
** Owner makes any modifications
** Assign owner, target milestone, and priority.
* Opens
** Collect opens
** Discuss opens

Note: for Minnowboard or MinnowBoard-MAX bugs go to: [[Minnow Bug Triage]]

= Bug Triage Order =
*[https://bugzilla.yoctoproject.org/buglist.cgi?list_id=604307&resolution=---&query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ACCEPTED&bug_status=IN%20PROGRESS%20DESIGN&bug_status=IN%20PROGRESS%20DESIGN%20COMPLETE&bug_status=IN%20PROGRESS%20IMPLEMENTATION&bug_status=IN%20PROGRESS%20REVIEW&bug_status=REOPENED&bug_status=NEEDINFO&product=Security&product=Security%20-%20Recipe%20Upgrade Security Issues]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Non-Prioritized_Bugs Non-Prioritized Bugs and Non Targeted Bugs]
*[https://bugzilla.yoctoproject.org/buglist.cgi?list_id=652616&query_format=advanced&resolution=---&status_whiteboard=AB-INT&status_whiteboard_type=allwordssubstr Autobuilder issues]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#High_Enhancements.2FBugs High Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium+_5.0_Unassigned_Enhancements/Bugs Medium+ 5.0 Unassigned Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium+_5.99_Unassigned_Enhancements/Bugs Medium+ 5.99 Unassigned Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#NEEDINFO NEEDINFO]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Re-Opened Reopened]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Old_Milestone Old Milestone]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Future_.26_5.99_Milestones Future & 5.99 Milestones]

* Note/Suggestion for the Weekly Triage Meeting: Open the first link in a new browser window and then each additional link in a new tab in that new window. Close the new window when the triage meeting is done.

= Bug Criteria =
* Priority-Severity
** High: Two Week - shouldn't slip to next milestone without review by Triage team.
** Medium+: Milestone Target Required
** Medium: Nice to have for milestone, should have for release
** Low: Nice to have, but no urgency

* Future bugs and enhancements are a good idea to do, but not able in the near term to get fixed or done.
** If you want to work on them, please talk first to the existing owner or change the ownership to yourself if unassigned or newcomer.
*** Note: we have a special owner - newcomer@yoctoproject.org - which we think would be great opportunities for a newcomer to open source to start learning on.

* Special Case: Medium+ and Future Enhancement or Bug - These are a good idea and important to do, but not currently scheduled at this time.
** If you want to work on them, please talk first to the existing owner or change the ownership to yourself if unassigned or newcomer.
*** Note: we have a special owner - newcomer@yoctoproject.org - which we think would be great opportunities for a newcomer to open source to start learning on.

* For more details see the wiki [[Bugzilla Configuration and Bug Tracking]]

= Bug Status Dashboards =

Weekly - https://wiki.yoctoproject.org/charts/combo.html

Daily - https://wiki.yoctoproject.org/charts/daily/combo.html

= Bug Product Searches =

* [[Bug Product Triage]]

= Yocto Bug Triage Searches =
== Newcomer Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|to=newcomer@yoctoproject.org, unassigned@yoctoproject.org
|whiteboard=NEWCOMER
|product=!opkg
|severity=!janitors
|priority=!(Undecided)
|columns=id,summary,to,status,milestone,severity,priority,whiteboard
|sort=id
|noresultsmessage="No matching bugs found. Check for unassigned bugs."
|total=summary
}}

== Non-Prioritized Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=Undecided
|product=!(opkg, IoT Reference OS Kit, Toaster, Security Response Tool)
|severity=!janitors
|component=!(meta-cgl, meta-security, bsps-meta-ti)
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Non-Targeted Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|severity=!janitors
|product=!(opkg, IoT Reference OS Kit, Toaster, Security Response Tool)
|milestone=0.0.0
|component=!(meta-cgl, meta-security, infrastructure-general, bsps-meta-ti)
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== New This Week ==
{{#bugzilla:
|created=-1w
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=status,id
|noresultsmessage="No matching bugs found."
|total=summary,estimated
}}
== Closed This week ==
{{#bugzilla:
|status=(RESOLVED,VERIFIED,CLOSED)
|modified=-1w
|product=!opkg
|severity=!janitors
|columns=id,modified,summary,severity,priority,milestone,to,status,resolution
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== High Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=high
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ 5.0 Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=!(4.3, 4.3 M1, 4.3 M2, 4.3 M3, 4.3 M4, 5.1, 5.99, Q1, Q2, Q3, Q4, future)
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ 5.99 Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=5.99
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ Future Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=Future
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== NEEDINFO ==
{{#bugzilla:
|status=NEEDINFO
|columns=id,summary,to,status,severity,priority,milestone,modified,whiteboard
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
|modifiedformat=date
}}

== Re-Opened ==
{{#bugzilla:
|status=REOPENED
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone,priority,id
|product=!(opkg, IoT Reference OS Kit)
|severity=!janitors
|component=!(meta-cgl, meta-security)
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Old Milestone ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|milestone= !(3.1.30, 3.1.32, 3.1.33, 3.1.34, 4.0.15, 4.0.16, 4.0.17, 4.0.18, 4.0.19, 4.0.20, 5.0, 5.0 M1, 5.0 M2, 5.0 M3, 5.0 M4, 4.99, 5.1, 5.99, Q1, Q2, Q3, Q4, future)
|product=!(opkg, IoT Reference OS Kit)
|severity=!janitors
|component=!(meta-cgl, meta-security)
|priority= !Undecided
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone,priority,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Future Dot Releases==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone= 3.1.27, 3.1.28, 3.1.29, 4.0.12, 4.0.13, 4.0.14, 4.2.3
|severity=!janitors
|priority= !Undecided
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone
|noresultsmessage="No matching bugs found."
|total=summary
}}

== YP Toaster Bugs==
Please refer to the [[Bug_Triage_Toaster]] Page

== YP Archived Queries==
Please refer to the [[Bug_Triage_Archive]] Page

== YP BSP Team Triage==
Please refer to the [[BSP Team Bug Triage]] Page

== YP Validation and Infrastructure Team Triage==
Please refer to the [[Validation and Infrastructure Team Bug Triage]] Page

== Future & 5.99 Milestones ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone=Future, 4.99, 5.99
|severity=!janitors
|priority= !(Undecided)
|columns=id,modified,summary,to,status,milestone,severity,priority
|sort=modified,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Future & 3.99 Milestones Check ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone=Future, 4.99
|whiteboard=REVIEW, QA, QA REVIEW, OB, OB REVIEW
|severity=!janitors
|priority= !(Undecided)
|columns=id,modified,summary,to,status,milestone,severity,priority,whiteboard
|sort=whiteboard,modified,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Quarterly Milestones==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|milestone=Q1,Q2,Q3,Q4
|severity=!janitors
|priority= !Undecided
|columns=id,modified,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone
|noresultsmessage="No matching bugs found."
|total=summary
}}

Bug Triage

2023-09-14T15:07:34Z

Yoann Congal: /* Bug Triage Order */ Updated the "Future & 5.99 Milestones" link in the agenda

= Goal =
The output of the bug triage meeting should be that all bugs have an owner, a target milestone, and a priority.

Prior to the meeting, each Product Owner should review their Weekly New and High Bugs and be ready with any opens. An example open would be a bug that may need to change Products.

= Roles =
* Call facilitator: Stephen Jolley (sjolley.yp.pm@gmail.com)
** Ensure we keep to the agenda, don't rathole on bug resolution, and stay within our time block.
* Team Leads should pre-triage bugs for their areas of responsibility. Some guidelines on what they should/shouldn't do are:
** a) Pre-triage should happen in the presence of the appropriate team lead,
** b) The bugs being pre-triaged should be the responsibility of the team in question.
** c) The pre-triage team should be confident when dis-positioning the bugs, taking into account the individual's workload.
** d) If the bug raises any doubt or needs information prior, defer it to the main bug triage team.
** e) To insure a bug is triaged by the main bug triage team; set its priority to Undecided.

= Agenda =
* [https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09 Zoom Call Link]
* Review [https://bugzilla.yoctoproject.org/buglist.cgi?list_id=604307&resolution=---&query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ACCEPTED&bug_status=IN%20PROGRESS%20DESIGN&bug_status=IN%20PROGRESS%20DESIGN%20COMPLETE&bug_status=IN%20PROGRESS%20IMPLEMENTATION&bug_status=IN%20PROGRESS%20REVIEW&bug_status=REOPENED&bug_status=NEEDINFO&product=Security&product=Security%20-%20Recipe%20Upgrade security issues]

* Review Queries
** State number, title, and owner
** Owner makes any modifications
** Assign owner, target milestone, and priority.
* Opens
** Collect opens
** Discuss opens

Note: for Minnowboard or MinnowBoard-MAX bugs go to: [[Minnow Bug Triage]]

= Bug Triage Order =
*[https://bugzilla.yoctoproject.org/buglist.cgi?list_id=604307&resolution=---&query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ACCEPTED&bug_status=IN%20PROGRESS%20DESIGN&bug_status=IN%20PROGRESS%20DESIGN%20COMPLETE&bug_status=IN%20PROGRESS%20IMPLEMENTATION&bug_status=IN%20PROGRESS%20REVIEW&bug_status=REOPENED&bug_status=NEEDINFO&product=Security&product=Security%20-%20Recipe%20Upgrade Security Issues]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Non-Prioritized_Bugs Non-Prioritized Bugs and Non Targeted Bugs]
*[https://bugzilla.yoctoproject.org/buglist.cgi?list_id=652616&query_format=advanced&resolution=---&status_whiteboard=AB-INT&status_whiteboard_type=allwordssubstr Autobuilder issues]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#High_Enhancements.2FBugs High Enhancements/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium.2B_4.3_Unassigned_Enhancements.2FBugs Medium+ 4.3 Unassigned Enhancement/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium.2B_4.99_Unassigned_Enhancements.2FBugs Medium+ 4.99 Unassigned Enhancement/Bugs]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#NEEDINFO NEEDINFO]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Re-Opened Reopened]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Old_Milestone Old Milestone]
*[https://wiki.yoctoproject.org/wiki/Bug_Triage#Future_.26_5.99_Milestones Future & 5.99 Milestones]

* Note/Suggestion for the Weekly Triage Meeting: Open the first link in a new browser window and then each additional link in a new tab in that new window. Close the new window when the triage meeting is done.

= Bug Criteria =
* Priority-Severity
** High: Two Week - shouldn't slip to next milestone without review by Triage team.
** Medium+: Milestone Target Required
** Medium: Nice to have for milestone, should have for release
** Low: Nice to have, but no urgency

* Future bugs and enhancements are a good idea to do, but not able in the near term to get fixed or done.
** If you want to work on them, please talk first to the existing owner or change the ownership to yourself if unassigned or newcomer.
*** Note: we have a special owner - newcomer@yoctoproject.org - which we think would be great opportunities for a newcomer to open source to start learning on.

* Special Case: Medium+ and Future Enhancement or Bug - These are a good idea and important to do, but not currently scheduled at this time.
** If you want to work on them, please talk first to the existing owner or change the ownership to yourself if unassigned or newcomer.
*** Note: we have a special owner - newcomer@yoctoproject.org - which we think would be great opportunities for a newcomer to open source to start learning on.

* For more details see the wiki [[Bugzilla Configuration and Bug Tracking]]

= Bug Status Dashboards =

Weekly - https://wiki.yoctoproject.org/charts/combo.html

Daily - https://wiki.yoctoproject.org/charts/daily/combo.html

= Bug Product Searches =

* [[Bug Product Triage]]

= Yocto Bug Triage Searches =
== Newcomer Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|to=newcomer@yoctoproject.org, unassigned@yoctoproject.org
|whiteboard=NEWCOMER
|product=!opkg
|severity=!janitors
|priority=!(Undecided)
|columns=id,summary,to,status,milestone,severity,priority,whiteboard
|sort=id
|noresultsmessage="No matching bugs found. Check for unassigned bugs."
|total=summary
}}

== Non-Prioritized Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=Undecided
|product=!(opkg, IoT Reference OS Kit, Toaster, Security Response Tool)
|severity=!janitors
|component=!(meta-cgl, meta-security, bsps-meta-ti)
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Non-Targeted Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|severity=!janitors
|product=!(opkg, IoT Reference OS Kit, Toaster, Security Response Tool)
|milestone=0.0.0
|component=!(meta-cgl, meta-security, infrastructure-general, bsps-meta-ti)
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== New This Week ==
{{#bugzilla:
|created=-1w
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=status,id
|noresultsmessage="No matching bugs found."
|total=summary,estimated
}}
== Closed This week ==
{{#bugzilla:
|status=(RESOLVED,VERIFIED,CLOSED)
|modified=-1w
|product=!opkg
|severity=!janitors
|columns=id,modified,summary,severity,priority,milestone,to,status,resolution
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== High Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=high
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ 4.3 Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=!(4.09, 4.2, 4.2 M1, 4.2 M2, 4.2 M3, 4.2 M4, 4.4, 4.99, Q1, Q2, Q3, Q4, future)
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ 4.99 Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=4.99, 5.99
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Medium+ Future Unassigned Enhancements/Bugs ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|priority=!(Undecided,Medium,Low,High)
|milestone=Future
|to=unassigned@yoctoproject.org
|product=!opkg
|columns=id,summary,severity,priority,milestone,to,status,whiteboard,estimated
|sort=milestone,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== NEEDINFO ==
{{#bugzilla:
|status=NEEDINFO
|columns=id,summary,to,status,severity,priority,milestone,modified,whiteboard
|sort=id
|noresultsmessage="No matching bugs found."
|total=summary
|modifiedformat=date
}}

== Re-Opened ==
{{#bugzilla:
|status=REOPENED
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone,priority,id
|product=!(opkg, IoT Reference OS Kit)
|severity=!janitors
|component=!(meta-cgl, meta-security)
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Old Milestone ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|milestone= !(3.1.27, 3.1.28, 3.1.29, 4.0.13, 4.0.14, 4.2.3, 4.3, 4.3 M4, 4.4, 4.99, Q1, Q2, Q3, Q4, future)
|product=!(opkg, IoT Reference OS Kit)
|severity=!janitors
|component=!(meta-cgl, meta-security)
|priority= !Undecided
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone,priority,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Future Dot Releases==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone= 3.1.27, 3.1.28, 3.1.29, 4.0.12, 4.0.13, 4.0.14, 4.2.3
|severity=!janitors
|priority= !Undecided
|columns=id,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone
|noresultsmessage="No matching bugs found."
|total=summary
}}

== YP Toaster Bugs==
Please refer to the [[Bug_Triage_Toaster]] Page

== YP Archived Queries==
Please refer to the [[Bug_Triage_Archive]] Page

== YP BSP Team Triage==
Please refer to the [[BSP Team Bug Triage]] Page

== YP Validation and Infrastructure Team Triage==
Please refer to the [[Validation and Infrastructure Team Bug Triage]] Page

== Future & 5.99 Milestones ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone=Future, 4.99, 5.99
|severity=!janitors
|priority= !(Undecided)
|columns=id,modified,summary,to,status,milestone,severity,priority
|sort=modified,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Future & 3.99 Milestones Check ==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|product=!opkg
|milestone=Future, 4.99
|whiteboard=REVIEW, QA, QA REVIEW, OB, OB REVIEW
|severity=!janitors
|priority= !(Undecided)
|columns=id,modified,summary,to,status,milestone,severity,priority,whiteboard
|sort=whiteboard,modified,id
|noresultsmessage="No matching bugs found."
|total=summary
}}

== Quarterly Milestones==
{{#bugzilla:
|status=!(RESOLVED,VERIFIED,CLOSED)
|milestone=Q1,Q2,Q3,Q4
|severity=!janitors
|priority= !Undecided
|columns=id,modified,summary,to,status,severity,priority,milestone,whiteboard
|sort=milestone
|noresultsmessage="No matching bugs found."
|total=summary
}}

Contributors Manual

2023-08-31T12:28:56Z

Yoann Congal: Point to "Yocto Project and OpenEmbedded Contributor Guide"

'''Note: The [https://docs.yoctoproject.org/dev/contributor-guide/index.html Yocto Project and OpenEmbedded Contributor Guide] should be the place to store this information.'''

Plans for a hypothetical Maintainers Manual (which doubles as a Contributor manual).

* Patch guidelines (style guide (code and patch description), patch tags)
** What to look for before sending? (No warning added, tests to do)
** A checklist
* Patch submission process (git-send-email, lore, master-then-branches)
** What does it mean to review a patch? (kernel doc "Submitting patches" has an example of this)
* [[CVE Triage]] process
* Autobuilder

Some related sparse info elsewhere :
* [https://docs.yoctoproject.org/dev/ref-manual/resources.html Yocto docs: Contributions and Additional Information]
* [https://docs.yoctoproject.org/dev/dev-manual/changes.html Yocto docs: Making Changes to the Yocto Project]
* [[Newcomers]]
* [[Community_Guidelines]]
* [[Poky_Contributions]]
* [https://kernel.org/doc/html/latest/process/submitting-patches.html Submitting patches: the essential guide to getting your code into the kernel]

Member Technical Contacts

2023-06-12T15:33:26Z

Yoann Congal:

This page tracks the official technical contributors to the YP core from each of the Yocto Project's member organizations. Note that many organizations provide more resources than just one, particularly in terms of hardware or specific feature support, which is why the Yocto Project is a de facto standard for building Linux for embedded systems.

Platinum Members
* Amazon: Richard Elberger <elberger@amazon.com>, Megan Knight <megankn@amazon.com>
* Arm: Ross Burton <ross.burton@arm.com>, Akanksha Jain <akanksha.jain2@arm.com>, Ellie Stanford-Reed <ellie.stanford-reed@arm.com>
* BMW: Mario Goulart <mario.goulart@bmw.de>, Nisha Parrakat <nisha.m.parrakat@bmw.de>
* Cisco: Taras Kondratiuk <takondra@cisco.com>
* Comcast: Raj, Khem <Khem_Raj@comcast.com>
* Exein: Giovanni Alberto Falcione <giovanni@exein.io>
* Intel: apoorv sangal <apoorvsangal@gmail.com>
* Meta: DJ (Dharmesh Jani) <janidb@fb.com>
* Microsoft: Paul Eggleton <paul.eggleton@microsoft.com>
* Wind River: Robert Yang <liezhi.yang@windriver.com>; Saul Wold <Saul.Wold@windriver.com>
* AMD/Xilinx: Mark Hatle <mhatle@xilinx.com>

Gold Members
* AGL: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>, Walt Miner <wminer@linuxfoundation.org>
* Huawei: Davide Ricci <davide.ricci@huawei.com>
* Renesas: Mr. Takamitsu Honda <takamitsu.honda.pv@renesas.com>
* Siemens: Chris Larson <chris_larson@mentor.com>, Wade Farnsworth <wade_farnsworth@mentor.com>
* Texas Instruments: Praneeth Bajjuri <praneeth@ti.com>

Silver Members
* Axis: Hakan Rick <hakan.rick@axis.com>, Peter Kjellerstedt <peter.kjellerstedt@axis.com>
* Bootlin: Alexandre Belloni <alexandre.belloni@bootlin.com>
* Dell: Michael Brown <michael.e.brown@dell.com>
* Founderiesio: Ricardo Salveti <ricardo@foundries.io>
* LG: Kyunglik Min <dp.min@lge.com>
* Linaro: Nicolas Dechesne <nicolas.dechesne@linaro.org>
* Lineo Solutions: Masahiro Miyake <miya@lineo.co.jp>
* Roku: Cameron Esfahani <cesfahani@roku.com>
* Smile: Yoann Congal <yoann.congal@smile.fr>
* MontaVista: Armin Kuster <akuster@mvista.com>
* NXP: Lauren Post <lauren.post@nxp.com>, Tom Hochstein <tom.hochstein@nxp.com>
* Savoir-faire Linux: Christophe Villemer <christophe.villemer@savoirfairelinux.com>, Eloi Bail <eloi.bail@saviorfairelinux.com>, Jerome Oufella <jerome.oufella@saviorfairelinux.com>
* ST: Christophe Priouzeau <christophe.priouzeau@foss.st.com>

Technical Partners
* OpenEmbedded: Philip Balister <philip@balister.org>

'''Note''': a ''private'' mailing list exists with all individuals listed here, mainly to facilitate the communication and the organization of meetings. All technical discussions are encouraged to be made on the existing, open, project mailing lists. If you believe you need to be added to the private list, please reach out to the Yocto Project Community Manager.

Stable Release and LTS

2023-05-07T23:03:03Z

Yoann Congal: /* Yocto Project Stable Branch Maintenance and Long Term Support (LTS) */ Shortcut the "Current Maintainers list" to the Release page to avoid a redirection.

= Yocto Project Stable Branch Maintenance and Long Term Support (LTS) =

Background on how the project's LTS plans came about can be found [[LTS_Background | here]]. The document below details the current project release lifecycle and LTS plans. The aim is to have a stable series maintenance policy which allows for different stages of maintenance including standard "stable" series, LTS series and community support.

'''[[Releases|Current Maintainers list]]'''

== Release Lifecycle ==
The project releases every six months in April and October (spring and fall). This is necessary to bring development together to a focus point and provide points of increased testing and focus on stability. There are two possible lifecycles a release may follow:

Initial Release -> Stable -> Community -> EOL
:: or
Initial Release -> LTS -> Community -> EOL

The change in status of a given release series should be announced in the weekly status report and reflected on the “Releases” wiki page.

The stages have the following properties:

'''Stable/LTS common properties:'''
* Has point release tarballs created
* Has release artefacts
* Patches merged to the main repository branch
* Requires autobuilder testing
* The project will appoint someone to act as the maintainer to coordinate and handle patch testing and merging
* Strict “backport only”, master first policy

'''Stable/LTS differences:'''
* Stable releases are maintained for seven months
* LTS releases are maintained initially for two years
* LTS releases are preannounced and known to be LTS in advance (usually every two years)
* LTS tested only on a subset of supported native build platforms (announced at time of LTS)

'''Community status properties:'''
* A branch transitions to community support after the last stable dot release identified by the stable/LTS maintainer.
* A call for a community support maintainer is sent to the mailing lists.
** A six (6) week waiting period.
** if there is no new maintainer, then the branch goes to into EOL status
* Branches only have community support status if there is an active community member willing to step into the maintainer role for that series
* All the same repos are covered as in Stable
* Follows the same the Stable processes, except;
** Patches merge to the main repository but in a community/XXX namespace
** Automated testing is on a best effort basis, some autobuilder cycles may be available but not guaranteed.
** The maintainer is required to publish a testing plan to show what testing will be made for patches to merge to the community branch.
** No point releases version and no release artifacts
* Master first policy recommended

'''EOL (End of life):'''
* No community support maintainer after the six (6) week waiting period
* When there is no longer any active community maintainer, branches become EOL
** No new changes for 2 months
* Artifacts will be removed for EOL older than????
** process under development

== LTS “Mixin” repositories ==
We realise that a given LTS may need other versions of some components within its lifetime as no “one size” fits everyone’s needs. Rather than adding potentially invasive changes to older releases (such as new gcc versions), the project proposes the use of “mixin” layers (see https://docs.yoctoproject.org/dev//ref-manual/release-process.html#stable-release-process).

The structure would be to create them in the repository meta-lts-mixins with the branch naming scheme <releaseseries>/<mixin name>. We expect this may be used for gcc and possibly for rapidly changing languages like go/nodejs/rust. Policies on testing these layers will depend on how widespread their usage is and determined on a case by case basis. There may be other 'mixin' layers within the wider community too.

The layers should have a single purpose and be Yocto Project Compatible (passing the test script) allowing them to be selected by users as needed. The maintainer should be listed in the README and note when the layer is no longer maintained.

== Stable/LTS Patch Acceptance Policies ==
All changes must have already been accepted into the current master release and any other release still within its “stable” seven month support window.

Patches must pass testing on the project’s automated test infrastructure.

'''Acceptable:'''
* Security and CVE fixes
* Fixes for bugs
* Changes to follow an upstream stable series or LTS that aligns with the original release (based on compatibility)

'''Potentially Acceptable:'''
* Fixes so codebase works with newly released distros (only in the first six months after a given release series first releases)
* Bug fix only version upgrades for upstreams with a good stable process

'''Unacceptable:'''
* General version upgrades
* New features
* ABI/API breakage

== Components (layers) to be covered ==

The project LTS covers:
* Bitbake
* OE-Core
* Meta-yocto
* yocto-docs

The project LTS does not cover:
* meta-mingw
* meta-gplv2
* vendor layers

Other layers can and will have their own LTS processes.

== Testing ==
The project releases are only tested using the automated testing based on virtual environments. The build host OSes used to run these tests are determined at the initial release time. For LTS releases only some subset of native OSes maybe supported, particularly where the lifetime of the OS would be shorter than the LTS.

Further testing of releases, e.g. on real hardware platforms is encouraged and there is a process to allow these results to be merged into the release test results but the process for making the release no longer depends upon this happening.

== Process ( TOC)==
* Need to document the following processes:
** How maintainer is selected
** How are patches proposed - Done
** How are patches queued/tested/reviewed/merged - Done
** When are point releases made? - Done
** How to trigger and run a point release - Done
** Release process itself
** Transferring stable/LTS release to community/EOL status - YP TSC
** New maintainer training - TBD

== Requesting a fix in a stable branch ==

With reference to the above policies, if you would like to request a backport of a commit in a newer release, you can either (a) do the backport yourself and send the patch marked with <tt>[branchname]</tt> to the appropriate mailing list; or alternatively (b) you can send a simple request giving commit hashes / URLs that you would like to be backported. In both cases it helps to CC the maintainer - refer to the [[Stable branch maintenance|stable release table]].

For information on which mailing list you should send these to see the [http://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/README README file] in the Poky repository.

== '''Maintainer Procedures''' ==

=== Normal process ===

When there are enough changes (or a few critical ones), the stable/LTS maintainer should follow this procedure:

# Look out for patches on the mailing list marked with the appropriate branch name in the subject
# Look through recently merged patches in master that are suitable for backporting
# Collect patches together on a branch
#* If a submitted patch is a backport from master, rather than taking the patch as submitted, it is preferable to backport the patch from master so that the original commit message is preserved.
#* If you do the backporting from poky you will get the original commit ID in the commit message which is useful for reference.
#* It is beneficial to change the original commit ID line to say "OE-Core master rev" instead of "OE-Core rev" to distinguish it from the OE-Core branch revision that will be added when the commit is merged
# Run a local build or two to pick up any obvious problems
# Bitbake change should be in the bitbake-contrib repo
## https://git.openembedded.org/bitbake-contrib stable/{branch}-nut
# Openembedded-core changes should be be in the openembedded-core-contrib stable/{branch}-nut
## https://git.openembedded.org/openembedded-core-contrib
# Meta-yocto changes should be in poky-contrib meta-yocto/stable/{branch}-nut
## git://git.yoctoproject.org/poky-contrib
# yocto-docs changes should be in poky-contrib yocto-docs/stable/{branch}-nut
## git://git.yoctoproject.org/poky-contrib
#Now create your Poky distro for testing.
## The Autobuilder requires changes to reside in poky, bitbake and openembedded-core
## Combine bitabke, core, meta-yocto and yocto-docs changes into one repo.
## Push the changes to poky-contrib stable/{branch}-nut
## git://git.yoctoproject.org/poky-contrib
# Test the changes on the autobuilder (see [[How to start a build on the Autobuilder]])
#* Make sure you check directly for the results of the build as these won't be reported to the yocto-builds mailing list.
## For any build failure, Defects should be opened
## Address any build failures, update repo's accordingly and rebuild

There will very likely be a number of these cycles during the lifetime of the stable branch.

=== Patch review ===
# When collating patches for review, Make sure of the following:
## Subject indicates "Patch review"
## Provide a deadline for any comments included in the body of the email
## Standard to date is 2 days.
###Exception is if the changes are patches sent to the appropriate mailing list.
## Use the appropriate branch reference.
## Use create-pull-request -p "{branch}" ...{etc}
# Send any bitbake changes bitbake-devel mailing list
# Send any OE-Core changes openembedded-core mailing list.
# Send any meta-yocto changes to the poky@lists.yoctoproject.org mailing list.
# Send any yocto-docs changes the docs@lists.yoctoproject.org mailing list.
# Wait for any feedback
## If there are changes make any necessary adjustments
### rebuild if necessary
# Push any changes to the appropriate repos and branches.

=== Merge request===
# Push affected repos and branches to stable/{branch}-next branch
# When preparing patches for merge, Make sure of the following:
## Subject indicates "Merge Request"
## Use the appropriate branch reference.
## Use create-pull-requests -p"{branch}"
# Send any bitbake changes bitbake-devel mailing list
# Send any OE-Core changes openembedded-core mailing list.
# Send any meta-yocto changes to the poky@lists.yoctoproject.org mailing list.
# Send any yocto-docs changes the docs@lists.yoctoproject.org mailing list.
# When the patches are merged, mark any bugs specific to the stable branch as resolved as appropriate

=== Point release ===

Normally point releases are scheduled in advance as appropriate - contact Stephen Jolley <sjolley.yp.pm@gmail.com> and CC: Ricard Purdie <richard.purdie@linuxfoundation.org> about scheduling point releases.

# Update yocto-docs with release information.
## Send a patch to docs@lists.yoctoproject.org
# Once all dot release changes are merged, ask Richard to run the release candidate build
#* The stable branch or LTS maintainer should monitor the build and follow up on any failures
# When the release candidate build completes successfully, The stable branch or LTS maintainer should notify the QA team to start the release QA process.
# Gather together changes in the form needed for a release notes and send them Yocto Project TSC, Branch or LTS maintainer for review and approval.
## If acceptable the changes will be incorporated into the final release notes and to Stephen Jolley <sjolley.yp.pm@gmail.com> so he can have them in preparation for the release meeting.
# Send a patch to update the stable version in meta-yocto/conf/distro/poky.conf for the release

=== Other ===

* It is useful to provide status updates on the Yocto Project technical call, particularly coming up to a stable release. If you're not able to be on the call, send the status update information to Stephen Jolley <sjolley.yp.pm@gmail.com> and he will present it.

=== Releases ===
[[Releases|Yocto Project releases]]

=== Kernel LTS ===
[[Linux Yocto#Release_Cadence|Kernel cadence]]

=== New Releases process ===
[[Yocto Project Release Process|Standard release process]]

== Decision Makers==
Decisions are expected to be handled by the maintainers. The TSC holds the ultimate decision making authority in case of disagreement. The TSC makes the final release go/nogo decisions.

Contributors Manual

2023-02-14T09:38:45Z

Yoann Congal:

Plans for a hypothetical Maintainers Manual (which doubles as a Contributor manual).

* Patch guidelines (style guide (code and patch description), patch tags)
** What to look for before sending? (No warning added, tests to do)
** A checklist
* Patch submission process (git-send-email, lore, master-then-branches)
** What does it mean to review a patch? (kernel doc "Submitting patches" has an example of this)
* [[CVE Triage]] process
* Autobuilder

Some related sparse info elsewhere :
* [https://docs.yoctoproject.org/dev/ref-manual/resources.html Yocto docs: Contributions and Additional Information]
* [https://docs.yoctoproject.org/dev/dev-manual/changes.html Yocto docs: Making Changes to the Yocto Project]
* [[Newcomers]]
* [[Community_Guidelines]]
* [[Poky_Contributions]]
* [https://kernel.org/doc/html/latest/process/submitting-patches.html Submitting patches: the essential guide to getting your code into the kernel]

Developer Workflow Improvements

2023-01-24T19:52:51Z

Yoann Congal: /* Configure */ small typo

Back to Yocto Project [[Main Page]]
= Introduction =
The page describes how new tools such as [https://www.gitbook.com/book/dnplas/yocto-project-crops/details Cross Platform Support] (CROPS), [http://www.yoctoproject.org/docs/current/sdk-manual/sdk-manual.html#sdk-extensible-sdk-intro Extensible SDK] (eSDK), [http://www.yoctoproject.org/docs/current/dev-manual/dev-manual.html#dev-modifying-source-code devtool] and [https://www.yoctoproject.org/docs/current/toaster-manual/toaster-manual.html#toaster-manual-intro Toaster] make it easier to get the best out of Yocto. To benefit from this article the reader must be comfortable with the basics of the Yocto Project (i.e. has gone through [http://www.yoctoproject.org/docs/current/yocto-project-qs/yocto-project-qs.html Quick Start Guide] and knows how to add packages to an image).

We envisage two distinct workflows, layer maintenance and application development.

== Layer Maintenance ==
* This workflow is mainly bug fixing recipes and upgrading to never versions. Updated recipes are then submitted to layer maintainers. It also includes building images that exercise the recipes under test.
* Typically this is done in the distro maintainer (i.e. bitbake) environment, but the extensible SDK can be a better option as it enables an easy to configure common development environment.

== Application Development ==
* Poky or Toaster is used to generate a minimal eSDK installer.
* A developer uses resulting eSDK to create/modify an application by using devtool (iterative process).
* Once application is complete its recipe is added to a layer and Toaster is used to build an image that includes it

= Workflow Vision =
This section calls out the workflows in more detail, describing specific use of tools in each step.

The [[Developer Workflow Improvements#Instructions for Workflow in Current Form | set-up instructions]] at the end of this page represent the "what can currently be done" version of the workflows.

== Build OS Image ==
# On OS of your choice start containerized Poky or Toaster instance.
# If running Poky container on Windows or Mac you must also start the samba container so that host OS has access to files in the container.
# Add new layers and packages as required to create OS on which applications will run
# Build image and validate

== Creating Extensible SDK ==
# Build image as above
# Then build Extensible SDK
# Publish components required for app development
## eSDK installer
## eSDK updater files
## shared state

== Application Development ==
=== One time set-up on OS of your choice ===
# Create docker volume so that files fetched and created in the container are visible to host OS.
# Use extensible SDK container to install eSDK to volume.
# Development can also be done on the command line.
# Optionally install Eclipse and CROPS plug-in that
=== App development ===
# Start extensible SDK container so you can run devtool from command line or invoke it from Eclipse plug-in.
# Start samba container so that files are visible to host OS
# Use '''devtool''' to 'add' application project from its URL. This pulls down source code, tries to work out dependent packages and generates a recipe
# Although generated recipe will likely build, it may need some tweaks to some of the tasks (e.g. configure, compile, install)
# Once app is building, iteratvely develop using devtool (or Eclipse) to deploy and test on target
# Build new image including new layer and recipe and validate

== Layer Maintenance ==
# Build image as above
# Use '''devtool modify''' to update recipe
# Iterative development as per application development.
# Build image and validate
# Publish updated recipe

= Instructions for Workflow in Current Form =
If you are inside a corporate firewall, install and configure the [https://github.com/crops/chameleonsocks Chameleonsocks] container based proxy solution.

You have choice between using the Yocto Project tools on the command line with the Poky container or by using the Toaster web interface. Toaster is easier to get going but most needs more work to get the best of out interface (see section below), so these instructions will assume use of the command line.

== Build OS image ==
We recommend that you first [https://github.com/crops/docker-win-mac-docs/wiki install docker] on your OS of choice and then follow instructions to set up [https://github.com/crops/poky-container/blob/master/README.md Poky] or [https://github.com/crops/toaster-container/blob/master/README.md Toaster] containers. However, these instructions will work for Poky or Toaster on Linux directly but you're on your own for installation and configuration.

Now add layers and configure so you can build your image.

== Build and Publish eSDK ==
This section is not part of the developer workflow but documents how the SDK components are generated and published.
This step creates a small installer that is made available to the developer. You must have access to an http server so you can publish SDK update files. 
Building and publishing the SDK takes a number of steps.
=== Configure ===
Set the following variables in local.conf
:<tt>SDK_EXT_TYPE = "minimal"</tt> ensure a minimal SDK build. This produces a small installer and enable components to de downloaded as they are installed
: SDK_UPDATE_URL points eSDK to URL that contains updates
:Optionally set <tt>SDK_INCLUDE_PKGDATA = "1"</tt> to help eSDK users by pre-building all packages in all layers (i.e. not just packages included in the image). The installer remains small as build data is made available via sstate mirror. Downside is that eSDK build will take much longer.

Here are some example settings
SDK_EXT_TYPE = "minimal"
SDK_UPDATE_URL = "http://my.server.com/path/to/esdk-update"
SDK_INCLUDE_PKGDATA = "1"

The URL for the eSDK sstate mirror is not included in the above settings as it would conflict with the mirror used by the main build system. To handle this conflict, the value in put into a separate conf file <tt>conf/sdk-extra.conf</tt>
SSTATE_MIRRORS = "file://.* http://my.server.com/path/to/sstate-cache/PATH"
Note that if you are using Toaster, you don't have access to <tt>conf/sdk-extra.conf</tt>, so you have to set variables via the U/I. This means that Toaster cannot have an sstate mirror for the OS build and set the eSDK's as follows:
SDK_LOCAL_CONF_WHITELIST = "SSTATE_MIRRORS"
SSTATE_MIRRORS = "file://.* http://my.server.com/path/to/sstate-cache/PATH"

=== Build ===
Assuming image name is my-image, build as follows from command line
bitbake my-image -c populate_sdk_ext
If using Toaster, build <tt>my-image:populate_sdk_ext</tt>.

=== Publish SDK Updater ===
The eSDK allows web updates, so you have to ensure they appeat at the URK specified by SDK_UPDATE_URL. Assuming /var/www/html/path/to is served up as http://my.server.com/path/to, publish as follows
oe-publish-sdk tmp/deploy/sdk/distro-image-toolchain-ext-ver.sh /var/www/html/path/to/esdk-update

=== Publish SSTATE ===
cp -r build/sstate-cache /var/www/html/path/to/sstate-cache

=== Publish installer ===
Copy installer to web server and give this URL to your app developers.
cp tmp/deploy/sdk/distro-image-toolchain-ext-ver.sh /var/www/html/path/to/sdk-installer.sh

== Application Development ==
=== Install and Use eSDK ===
* This assumes you have docker already installed as per Toaster instructions. No other dependencies are required (that the beauty of containers).
* Create folder for esdk bind mount where output from container will appear, say /path/to/esdk/workdir
mkdir /path/to/esdk/workdir
* Run container, pointing to URL of eSDK minimal installer. You must do this every time you want to use eSDK. In this example I'm suing an eSDk installer I created that is available at https://downloads.yoctoproject.org/tools/support/workflow/poky-glibc-x86_64-core-image-minimal-i586-toolchain-ext-2.2.sh
docker run --rm -it -v /path/to/esdk-workdir:/workdir crops/extsdk-container --url https://downloads.yoctoproject.org/tools/support/workflow/poky-glibc-x86_64-core-image-minimal-i586-toolchain-ext-2.2.sh
If you see the error '''ERROR: The extensible sdk cannot be installed as root.''' it means that the folder /path/to/esdk-workdir does not exist
* You now be in the eSDK container shell.
** For more details on eSDK container see https://github.com/crops/extsdk-container.
* Now follow instructions from [https://wiki.yoctoproject.org/wiki/Cookbook:Example:Creating_and_updating_recipes_with_devtool Yocto Project cookbook] on building an app.
* Recipe will be available in /path/to/esdk/workdir/workspace/recipes/bbexample/

= Missing Features =
These are the features currently missing from the above workflow vision. Think of these as stories in an Agile development environment, rather than bugs. Where possible these are linked to bugzilla entries.
* Toaster: Base configuration (e.g. define what was Ostro in single configuration file) [https://bugzilla.yoctoproject.org/show_bug.cgi?id=9588 [9588]]
* Toaster: Simple generation of eSDK installer in Toaster. [https://bugzilla.yoctoproject.org/show_bug.cgi?id=9297 [9297]]
* Toaster: Layer Maintenance workflow. Requires "local layers" re-design. No bugzilla entry, but see [https://www.youtube.com/watch?v=z5wVjBwJDzY design proposal video]
* Toaster: Publish layer to Layer Index from Toaster [https://bugzilla.yoctoproject.org/show_bug.cgi?id=9895 [9895]]
* CROPS: Application builder (but running eSDK in a container gets us close). [https://bugzilla.yoctoproject.org/show_bug.cgi?id=10119 [10119]] [https://bugzilla.yoctoproject.org/show_bug.cgi?id=4209 [4209]]
* CROPS: Eclipse integration. ''In progress. No bugzilla entry.''

Contributors Manual

2023-01-24T16:57:44Z

Yoann Congal:

Plans for a hypothetical Maintainers Manual (which doubles as a Contributor manual).

* Patch guidelines (style guide (code and patch description), patch tags)
** What to look for before sending? (No warning added, tests to do)
** A checklist
* Patch submission process (git-send-email, lore, master-then-branches)
** What does it mean to review a patch? (kernel doc "Submitting patches" has an example of this)
* [[CVE Triage]] process
* Autobuilder

Some related sparse info elsewhere :
* [https://docs.yoctoproject.org/dev/ref-manual/resources.html Contributions and Additional Information]
* [[Newcomers]]
* [[Community_Guidelines]]
* [[Poky_Contributions]]
* [https://kernel.org/doc/html/latest/process/submitting-patches.html Submitting patches: the essential guide to getting your code into the kernel]

Contributors Manual

2023-01-24T16:52:43Z

Yoann Congal: Add references

Plans for a hypothetical Maintainers Manual (which doubles as a Contributor manual).

* Patch guidelines (style guide (code and patch description), patch tags)
** What to look for before sending? (No warning added, tests to do)
** A checklist
* Patch submission process (git-send-email, lore, master-then-branches)
* [[CVE Triage]] process
* Autobuilder

Some related sparse info elsewhere :
* [https://docs.yoctoproject.org/dev/ref-manual/resources.html Contributions and Additional Information]
* [[Newcomers]]
* [[Community_Guidelines]]
* [[Poky_Contributions]]
* [https://kernel.org/doc/html/latest/process/submitting-patches.html Submitting patches: the essential guide to getting your code into the kernel]

Contributors Manual

2023-01-24T16:45:06Z

Yoann Congal:

User:Yoann Congal

2023-01-24T16:27:28Z

Yoann Congal:

Embedded software expert at [https://www.smile.eu/fr/offres/embarque-iot Smile ECS] (France)

Project Users

2021-06-18T20:56:55Z

Yoann Congal: /* Others */ Add URL for Smile ECS

It's hard to know which companies or projects use the Yocto Project since there is no requirement to tell us. This list is here to informally collate the companies, projects and products that use the Yocto Project in some way.

= Companies using the Yocto Project =

== Semiconductor Vendors ==
* AMD (Silver Member)
* ARM (Platinum Member)
* Intel (Platinum Member)
* Microchip
* NXP (Silver Member)
* Qualcomm
* Renesas (Gold Member)
* STMicroelectronics (Silver Member)
* Texas Instruments (Gold Member)
* Xilinx (Platinum Member)

== Operating System Vendors ==
* ENEA (Silver Member)
* Linaro (Silver Member)
* Lineo (Silver Member)
* Mentor Graphics (Gold Member)
* Montavista (Silver Member)
* Wind River (Gold Member)

== Others ==
* [https://alladin.at/ alladin-IT GmbH]
* Atlas Copco
* AWS (Platinum Member)
* Axis Communications
* [https://www.balena.io/ Balena]
* BMW
* BMW Car IT
* [https://bootlin.com/ Bootlin]
* Cisco (Platinum Member)
* Comcast (Platinum Member)
* [https://www.cytera.bio/ Cytera] (via Belena)
* Dell (Silver Member)
* Dynamic Devices
* Facebook (Platinum Member)
* Fujitsu
* [https://www.gardena.com/ GARDENA] (Husqvarna Group)
* [https://www.garmin.com/ Garmin]
* General Electric
* Juniper
* [https://koansoftware.com/ KOAN sas]
* Kodak
* Lexmark
* LG (Silver Member)
* Microsoft (Platinum Member)
* National Instruments
* [https://www.ovo.auto/ OVO Automotive]
* [https://www.smile.eu/en/offers/embedded-iot Smile ECS]
* StreamUnlimited Engineering GmbH
* [https://www.witekio.com/values-expertise/ Witekio]

= Products that use the Yocto Project =

* BMW cars
* Comcast set top boxes
* [https://www.gardena.com/int/products/smart/ GARDENA smart garden] (The smart garden gateway runs Yocto/OpenEmbedded. Open source parts can be found [https://github.com/husqvarnagroup/smart-garden-gateway-public on GitHub.])
* Some Garmin [https://www.garmin.com/marine/ Marine] Products
* Go Pro (https://gopro.com/content/dam/help/open-source/2020-09-28%20-%20HERO9%20Black%20-GoPro%20Open%20Source%20Software%20Notice.pdf)
* Lexmark Printers
* LG webOS TVs
* Mellanox Bluefield SmartNIC
* [https://www.streamunlimited.com/hardware-modules/ StreamUnlimited hardware modules for voice assistants and connected speakers]
* Vernier LabQuest

= Projects that use the Yocto Project =

* [https://www.automotivelinux.org/ Automotive Grade Linux (AGL)]
* [https://www.balena.io/ Balena]
* Comcast RDK
* Nvidia vibrante SDK [https://docs.nvidia.com/drive/archive/4.1.8.0L/nvoss_docs/index.html]
* OpenBMC
* [https://oryx-linux.org/ Oryx Linux]
* [https://www.streamunlimited.com/stream-sdk/ StreamSDK for voice assistants and connected speakers]
* Windows Subsystem Linux (v1+v2)
* webOS