This file highlights changes to the product made in RCPLs that may be of interest to the user. The features are grouped by the RCPL in which they were made available. BSP specific changes are located in the BSP section. 7.0.0.14 1) Disable SSLv2 default build, default negotiation and weak ciphers. FYI http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800 Technical details can be found in the published paper "DROWN: Breaking TLS using SSLv2": https://www.drownattack.com/drown-attack-paper.pdf The packages 'monit' and 'python-m2crypto' call SSLv2_method() by default, so disable the SSLv2 in both pacakges. 2) We add new version ntp 4.2.8p6 in order to fix following CVEs CVE-2015-7974 CVE-2015-8158 CVE-2015-7976 CVE-2015-7973 CVE-2015-7978 CVE-2015-8138 CVE-2015-7977 CVE-2015-7979 CVE-2015-8139 CVE-2015-8140 CVE-2015-5300 The default version is still 4.2.6p5. configure ... --with-template=feature/ntp428p6 to enable ntp 4.2.8.p6. Note: we will change the default version to 4.2.8.p6 in 7.0.0.16. 7.0.0.13 1) We upgrade mariadb 5.5.47 in order to integrate following CVE fixes: CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 2) Add dpdk 2.1.0 Default DPDK version is 1.7.1, if you want to use DPDK 2.1.0, please please add the following option when configuring your project: --with-template=feature/dpdk-2.1 7.0.0.12 upgrade mariadb to 5.5.46 7.0.0.11 1) We plan to upgrade mariadb 5.5.46 in 7.0.0.12 in order to integrate following security fixes: CVE-2015-4879 CVE-2015-4870 CVE-2015-4830 CVE-2015-4836 CVE-2015-4802 CVE-2015-4792 CVE-2015-4858 CVE-2015-4864 CVE-2015-4861 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4913 CVE-2015-4826 CVE-2015-4807 2) We plan to upgrade linux 3.14.x stable tree in 7.0.0.13 3) We rebase the Yocto 1.7.1 stable tree. The last commit we merged from upstream is http://git.openembedded.org/openembedded-core/commit/?h=dizzy&id=7bb182bdd130266100fc541fd09b82d09c51cd80 7.0.0.10 We plan to rebase Yocto 1.7.x stable tree in 7.0.0.11 7.0.0.9 1) We merge the newest yocto 3.14.x kernel stable tree FYI http://git.yoctoproject.org/cgit/cgit.cgi/linux-yocto-3.14/ 2) We rebase the Yocto 1.7.1 stable tree. The last commit we merged from upstream is http://git.openembedded.org/openembedded-core/commit/?h=dizzy&id=4621675632518caae3a8c2098ee36896b9372551 The fixes of following CVEs and YOCTO issues haven been merged. CVE-2014-3707 CVE-2014-8118 CVE-2013-6435 [YOCTO #7586] [YOCTO #7390] [YOCTO #7181] [YOCTO #6276] [YOCTO #7988] 7.0.0.8: 1) We plan to rebase Yocto 1.7.3 stable tree in 7.0.0.9 2) We plan to upgrade mariadb 5.5.44 in 7.0.0.3 in order to integrate following security fixes: CVE-2015-2643 CVE-2015-2648 CVE-2015-2582 CVE-2015-2620 CVE-2015-4752 CVE-2015-4757 CVE-2015-4737 7.0.0.7: 1) We plan to sync up yocto 3.14.x kernel stable tree in 7.0.0.9 FYI http://git.yoctoproject.org/cgit/cgit.cgi/linux-yocto-3.14/ 2) Doing 'yum update' before building WRLinux 7.0 on Redhat 7.0 or CentOS 7.0 A bug on Redhat 7.0 and CentOS 7.0 can causes building WRLinux 7.0 failed. The bug has been fixed by the last Redhat 7.0 or CentOS 7.0, please run # yum update # reboot 7.0.0.6: 1) We plan to upgrade mariadb 5.5.43 in 7.0.0.7 in order to integrate following security fixes: CVE-2015-0433 CVE-2015-0499 CVE-2015-2573 CVE-2015-2568 CVE-2015-0441 CVE-2015-0505 CVE-2015-0501 CVE-2015-2571 FYI https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ 2) We rebase the Yocto 1.7.1 stable tree. The last commit we merged from upstream is http://git.openembedded.org/openembedded-core/commit/?h=dizzy&id=4a44c9287d80dec0973b31d30d3d6250ce4b4df4 The fixes of following CVEs and YOCTO issues haven been merged. CVE-2014-8503 CVE-2014-8504 CVE-2014-8500 CVE-2014-9114 CVE-2014-4877 CVE-2014-4607 [YOCTO #7645] [YOCTO #7411] [YOCTO #7287] [YOCTO #7529] [YOCTO #7032] [YOCTO #7410] [YOCTO #7522] [YOCTO #7182] [YOCTO #7180] [YOCTO #7317] [YOCTO #7265] [YOCTO #6735] [YOCTO #7128] [YOCTO #7090] [YOCTO #7112] [YOCTO #7129] [YOCTO #6827] [YOCTO #7134] [YOCTO #7114] [YOCTO #7098] [YOCTO #7033] [YOCTO #6997] [YOCTO #7077] [YOCTO #6967] [YOCTO #6994] [YOCTO #7001] [YOCTO #5361] [YOCTO #6833] [YOCTO #6685] [YOCTO #6890] [YOCTO #6816] [YOCTO #6842] [YOCTO #6844] [YOCTO #6413] [YOCTO #6863]. [YOCTO #6464] [YOCTO #6290] 7.0.0.4: Set HOSTNAME as environment variable. Before $env | grep HOSTNAME (nulla) After $env | grep HOSTNAME HOSTNAME=qemu111 (running on a qemu) 7.0.0.3: 1) Upgrade the kernel to v3.14.29 2) Upgrade the mariadb to 5.5.41 7.0.0.2: 1) We plan to sync up yocto 3.14.x kernel stable tree in 7.0.0.3 FYI http://git.yoctoproject.org/cgit/cgit.cgi/linux-yocto-3.14/ 2) We plan to upgrade mariadb 5.5.41 in 7.0.0.3 in order to integrate following security fixes: CVE-2015-0411 CVE-2015-0382 CVE-2015-0381 CVE-2015-0432 CVE-2014-6568 CVE-2015-0374 FYI https://mariadb.com/kb/en/mariadb/mariadb-5541-release-notes/ BSP Updates: 7.0.0.14: fsl-t2xxx: add 32b support intel-edison: Intel Edison 7.0.0.12: fsl-ls1021: EPIC: [Update] Freescale LS1021 - (Update SDK and enable Rev 2 hardware) 7.0.0.11: fsl-ls1043: [NEW] Freescale LS1043 (Cortex A5) 7.0.0.10: xilinx-zynq: update latest PCIe driver fsl-p10xx: add fsl-p10xx support ti-ompa3: add Ti OMAP 3530 7.0.0.9: lsi-acp34xx: add lsi-acp34xx support fsl-ls20xx: add lx20xx bsp support cav-thunderx: Add hardware support fsl-e500mc: Add P4080 Rev2 7.0.0.8: fsl-p50xx: Freescale P50xx (FSL SDK 1.7 based) fsl-imx6: Full Featured ti-am335x: add cgl support fsl-e500mc: Add P4080 7.0.0.7: fsl-ls10xx: Enable features for Avnet Event Demo 7.0.0.6: fsl-b4xxx: Add fsl-b4xxx BSP to WRL7 based on SDK1.7 ti-am335x: Add ti-am335x BSP to WRL7 based on TISDK-8 fsl-ls10xx: Freescale LS10xx (LS1021A) - FSL SDK 1.7 Rebase fsl-imx6: add imx6 bsp support ti-66ak2xxx: TI 66AK2H (Add 66AK2E) fsl-e500mc: support fsl e500mc SDK 1.7 intel-x86: update DPDK to latest 2.0.0 in WRL7 7.0.0.5: cav-octeon3: support cavium sdk 3.1.1 GA release intel-x86: [CF] Fortville (40Gb Eth card) 7.0.0.4: xilinx_zynq fsl_t4xxx: support fsl 4xxx SDK 1.7 intel-x86: Add Intel Baytrail Platform support [New] Intel Denlow Refresh(BDW) + Basking Ridge(BDW-H) support [New] Intel Grangeville (Broadwell-DE) [Update] Intel graphic software stack update to fully support Broadwell GPU 7.0.0.2: intel-x86: integrate new fixes/features suggested by Intel OSVE team(Jan 2015) 7.0.0.1: altera-socfpga: Add Async BSP altera-socfpga support intel-x86: integrate new fixes/features suggested by Intel OSVE team(Dec 2014)