This file highlights changes to the product made in RCPLs that may be of interest to the user. The features are grouped by the RCPL in which they were made available. BSP specific changes are located in the BSP section. 8.0.0.19: 1) Fixed the CVE-2017-1000364, CVE-2017-1000365, CVE-2017-1000366 2) We openvswitch to v2.70 and qemu to 2.7 in OVP profile. The default versions of openvswith/dpdk/qemu are not changed. After upgrading OVP 8.0.0.19, the new versions can't be applied on your existing configuration directly. To enable the new version packages, you need to append the option --with-template=feature/ovs-2.7.0 to your configuration. NOTE: the qemu 2.7 only can be built with host gcc 4.8 and upper, so please check your host gcc version before enabling the template 3) The fix of apache2 CVE-2016-8743 The fix for CVE-2016-8743 introduces a behavioural change and may introduce compatibility issues with clients that do not strictly follow specifications. A new configuration directive, "HttpProtocolOptions Unsafe" can be used to re-enable some of the less strict parsing restrictions, at the expense of security. 8.0.0.18: 1) We upgrade MariaDB to 5.5.55 2) Change to gdb.sh in an SDK The gdb.sh script, which is in the scripts directory of an SDK, is used to start a gdb session with gdb set to look for source files in the target image installed under export/dist in the SDK. In prior releases, gdb.sh wrote an initialization file into the SDK so the installation could not be read-only. The script has been modified to create the initialization file in a temporary file which would usually be in the /tmp directory. The file is created with the mktemp command, so it will be uniquely named. 8.0.0.17: We plan to upgrade MariaDB 5.5.55 in 8.0.0.18 to fix the CVEs: CVE-2017-3329 CVE-2017-3453 CVE-2017-3309 CVE-2017-3600 CVE-2017-3308 CVE-2017-3305 CVE-2017-3456 CVE-2017-3462 CVE-2017-3463 CVE-2017-3461 CVE-2017-3464 8.0.0.16: We add new version ntp 4.2.8p10 to fix following CVEs CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 CVE-2017-6458 CVE-2017-6451 CVE-2017-6460 CVE-2016-9042 The default version is still 4.2.8p4. configure ... --with-template=feature/ntp428p10 to enable ntp 4.2.8.p10. 8.0.0.15: 1) We upgrade MariaDB 5.5.54 2) We plan to add new ntp 4.2.8.p10 in 8.0.0.16 to fix a bundle of CVEs 8.0.0.14: 1) Rebase the Yocto 2.0 stable tree Update to the commit http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=a9db40da62c13b0010ce5afc1fde16d987bdfbc6 2) We plan to upgrade MariaDB 5.5.54 in 8.0.0.15 to fix a bundle of CVEs. 8.0.0.12: 1) We upgrade MariaDB 5.5.53 2) We added the new version ntp 4.2.8p9 in order to fix following CVEs CVE-2016-9311 CVE-2016-9310 CVE-2016-7427 CVE-2016-7428 CVE-2016-9312 CVE-2016-7431 CVE-2016-7434 CVE-2016-7429 CVE-2016-7426 CVE-2016-7433 The default version is still 4.2.8p4. configure ... --with-template=feature/ntp428p9 to enable ntp 4.2.8.p9. 8.0.0.11: 1) Rebase the Yocto 2.0 stable tree Update to the commit http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=39ef8e22b52d3f5daa853aa7866145e9c5469d4b 8.0.0.9: 1) Rebase the Yocto 2.0 stable tree Update to the commit http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=a27b907dd3ad20fc60b7732c19012793aaaba2df 8.0.0.8: 1) Rebase the Yocto 2.0 stable tree Update to the commit http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=1f4bfa33073584c25396d74f3929f263f3df188b 8.0.0.7: We add new version ntp 4.2.8p8 in order to fix following CVEs CVE-2016-1551 CVE-2016-1549 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-1547 CVE-2016-1548 CVE-2015-7704 CVE-2016-1550 CVE-2016-4957 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 The default version is still 4.2.8p4. configure ... --with-template=feature/ntp428p8 to enable ntp 4.2.8.p8. 8.0.0.6: 1) Rebase the Yocto 2.0 stable tree Update to the commit http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=69b1e25a53255433262178b91ab3e328768ad725 2) We plant to upgrade MariaDB 5.5.49 in RCPL 7 8.0.0.5: 1) Upgrade linux kernel version from 4.1.18 to 4.1.21 2) Rebase the Yocto 2.0 stable tree Update to the commit http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=28032d8c3122b75ceb3f4a664a2b478c9a9a6a2c [YOCTO #9379] [YOCTO #9357] [YOCTO #9265] 3) Add X server resource database utility - xrdb 1.1.0 8.0.0.4: 1) Disable SSLv2 default build, default negotiation and weak ciphers. FYI http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800 Technical details can be found in the published paper "DROWN: Breaking TLS using SSLv2": https://www.drownattack.com/drown-attack-paper.pdf The packages 'monit' and 'python-m2crypto' call SSLv2_method() by default, so disable the SSLv2 in both pacakges. 2) We rebase the Yocto 2.0 stable tree Update to the commit http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=883c38cf0e59082276f933f9b47e276b6b88270f 3) We add new version ntp 4.2.8p6 in order to fix following CVEs CVE-2015-7974 CVE-2015-8158 CVE-2015-7976 CVE-2015-7973 CVE-2015-7978 CVE-2015-8138 CVE-2015-7977 CVE-2015-7979 CVE-2015-8139 CVE-2015-8140 CVE-2015-5300 The default version is still 4.2.8p4. configure ... --with-template=feature/ntp428p6 to enable ntp 4.2.8.p6. 4) We add new version webkitgtk 2.10.9 to fix many CVEs FYI http://webkitgtk.org/security/WSA-2016-0002.html The default version is still 2.8.5. configure ... --with-template=feature/webkitgtk2109 to enable webkitgtk 2.10.9. 8.0.0.3: 1) We rebase the Yocto 2.0 stable tree Update to the commit http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=c99ed6b73f397906475c09323b03b53deb83de55 [YOCTO #9197] [YOCTO #9067] [YOCTO #8553] [YOCTO #8693] [YOCTO #8854] 2) We upgrade linux kernel version from 4.1.17 to 4.1.18 8.0.0.2: 1) We upgrade linux kernel version from 4.1.15 to 4.1.17 2) We rebase the Yocto 2.0 stable tree. The last commit we merged from upstream is http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=824a43c30b99971a382abd5edcf126f96cf4d485 [YOCTO #8739] [YOCTO #8739] [YOCTO #8869] [YOCTO #8611] [YOCTO #8243] [YOCTO #8971] [YOCTO 8966] [YOCTO #8028] [YOCTO #8509] [YOCTO #8825] [YOCTO #8839] [YOCTO #8625] [YOCTO #8658] [YOCTO #8661] [YOCTO #8639] [YOCTO #8639] [YOCTO #8645] [YOCTO #8124] [YOCTO #8562] 3) We upgrade mariadb 5.5.47 in order to integrate following CVE fixes: CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 8.0.0.1: 1) We upgrade linux kernel version from 4.1.13 to 4.1.15 2) We rebase the Yocto 2.0 stable tree. The last commit we merged from upstream is http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=224bcc2ead676600bcd9e290ed23d9b2ed2f481e [YOCTO #8709] [YOCTO #8710] [YOCTO #8448] BSP Updates: 8.0.0.20: nxp-ls1012: EPIC: [NEW] WRL8 BSP for NXP LS1012A? RDB renesas-rcar3: EPIC: [NEW] Renesas R-Car H3 (Salvator-X) in WRL8 fls-ls1043: EPIC: [Update] LS1043 - Add support for Rev 1.1 (WRL8) 8.0.0.18: nxp-imx7: EPIC: [NEW] Add NXP i.MX7 support in WRL8 8.0.0.17: intel-apollolake-i: [update] Intel Apollo Lake BSP update to yocto MR2 version 8.0.0.12: rose-apple-pi: EPIC: [NEW] Add Roseapple Pi support - WRL8 8.0.0.11: fsl-imx6: Freescale i.MX6 rebase to kernel 4.1 SDK intel-apollolake-i: EPIC: [update] intel-x86: update Apollo Lake (Broxton) to Yocto gold release - WRL8 xilinx-zynqmp: EPIC: [NEW] Xilinx Ultrascale MPSoC? - ZCU102 8.0.0.10: mv-armada-38x: Marvell Armada 385 8.0.0.9: fsl-t4xxx: Freescale T4240 (FSL SDK 2.0 based) fsl-p2020: Freescale e500v2 fsl-p2020 BSP (SDK 1.8 Based) fsl-ls1043: Freescale LS1043 - based on SDK 2.0 8.0.0.7: altera-socfpga: Altera Arria 10 fsl-ls20xx: EPIC: [CF] Freescale LS2085 8.0.0.5: fsl-t4xxx: Freescale T4240 (FSL SDK 1.8 based) axxiaarm64: add BSP axxiaarm64 ti-am335x: add TI AM335X 8.0.0.4: fsl-imx6: Freescale i.MX6 intel-x86: add support for Intel Compute Stick Add Broadwell-DE support 8.0.0.3: fsl-ls10xx: Freescale LS1021 8.0.0.2: altera-socfpga: Add BSP altera-socfpga fsl-e500mc: add fsl-e500mc BSP 8.0.0.1: xilinx-zynq: [Update] Add Avnet Mini-ITX, MicroZED?, PicoZED axxiaarm: [Add] LSI AXM55xx