This file highlights changes to the product made in RCPLs that may be of
interest to the user. The features are grouped by the RCPL in which they were
made available.  BSP specific changes are located in the BSP section.


8.0.0.23:

Upgrade MariaDB to 5.5.58 to fix following CVEs

CVE-2017-10268
CVE-2017-10379
CVE-2017-10384
CVE-2017-10378

8.0.0.22:

1) Wi-Fi WPA/WPA2 Security Protocol Vulnerability [a.k.a. KRACK]

The patch of the vulnerability missed the window of 8.0.0.22. Please download
the source patch from

https://knowledge.windriver.com/Content_Lookup?id=K-511283

We will integrate the patch into 8.0.0.23

2) Gdb-gdbserver add new feature to show the thread names in remote protocol.

3) xf86-video-intel: use UXA to replace SNA as the default acceleration mode

The SNA mode causes screen distortion issue on board MinnowMAX described in this link:
https://bugs.freedesktop.org/show_bug.cgi?id=100700
The UXA mode is verified to not have above issue. UXA is more stable and has more releases
than SNA, so use UXA to replace sna as the default acceleration mode. 

If SNA mode is still more preferred than UXA, you can change uxa to SNA in PACKAGECONFIG
of the xf86-video-intel bb file.

8.0.0.21:

Upgrade MariaDB to 5.5.57 to fix following CVEs

CVE-2017-3636
CVE-2017-3651
CVE-2017-3653
CVE-2017-3652
CVE-2017-3641
CVE-2017-3648

8.0.0.19:

1) Fixed the CVE-2017-1000364, CVE-2017-1000365, CVE-2017-1000366

2) We openvswitch to v2.70 and qemu to 2.7 in OVP profile.

The default versions of openvswith/dpdk/qemu are not changed. After upgrading OVP 8.0.0.19,
the new versions can't be applied on your existing configuration directly.

To enable the new version packages, you need to append the option --with-template=feature/ovs-2.7.0
to your configuration.

NOTE: the qemu 2.7 only can be built with host gcc 4.8 and upper, so please check your host gcc version
before enabling the template

3) The fix of apache2 CVE-2016-8743

The fix for CVE-2016-8743 introduces a behavioural change and may introduce compatibility
issues with clients that do not strictly follow specifications. A new configuration directive,
"HttpProtocolOptions Unsafe" can be used to re-enable some of the less strict parsing
restrictions, at the expense of security.

8.0.0.18:

1) We upgrade MariaDB to 5.5.55

2) Change to gdb.sh in an SDK

The gdb.sh script, which is in the scripts directory of an SDK, is used to
start a gdb session with gdb set to look for source files in the target image
installed under export/dist in the SDK.

In prior releases, gdb.sh wrote an initialization file into the SDK
so the installation could not be read-only.  The script has been modified to
create the initialization file in a temporary file which would usually be
in the /tmp directory.  The file is created with the mktemp command, so it will
be uniquely named.

8.0.0.17:

We plan to upgrade MariaDB 5.5.55 in 8.0.0.18 to fix the CVEs:

CVE-2017-3329
CVE-2017-3453
CVE-2017-3309
CVE-2017-3600
CVE-2017-3308
CVE-2017-3305
CVE-2017-3456
CVE-2017-3462
CVE-2017-3463
CVE-2017-3461
CVE-2017-3464

8.0.0.16:

We add new version ntp 4.2.8p10 to fix following CVEs

CVE-2017-6464
CVE-2017-6462
CVE-2017-6463
CVE-2017-6458
CVE-2017-6451
CVE-2017-6460
CVE-2016-9042

The default version is still 4.2.8p4. 

configure ... --with-template=feature/ntp428p10 to enable ntp 4.2.8.p10.

8.0.0.15:

1) We upgrade MariaDB 5.5.54

2) We plan to add new ntp 4.2.8.p10 in 8.0.0.16 to fix a bundle of CVEs

8.0.0.14:

1) Rebase the Yocto 2.0 stable tree

Update to the commit

http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=a9db40da62c13b0010ce5afc1fde16d987bdfbc6

2) We plan to upgrade MariaDB 5.5.54 in 8.0.0.15 to fix a bundle of CVEs.

8.0.0.12:

1) We upgrade MariaDB 5.5.53

2) We added the new version ntp 4.2.8p9 in order to fix following CVEs

CVE-2016-9311
CVE-2016-9310
CVE-2016-7427
CVE-2016-7428
CVE-2016-9312
CVE-2016-7431
CVE-2016-7434
CVE-2016-7429
CVE-2016-7426
CVE-2016-7433

The default version is still 4.2.8p4. 

configure ... --with-template=feature/ntp428p9 to enable ntp 4.2.8.p9.


8.0.0.11:

1) Rebase the Yocto 2.0 stable tree

Update to the commit

http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=39ef8e22b52d3f5daa853aa7866145e9c5469d4b

8.0.0.9:

1) Rebase the Yocto 2.0 stable tree

Update to the commit

http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=a27b907dd3ad20fc60b7732c19012793aaaba2df

8.0.0.8:

1) Rebase the Yocto 2.0 stable tree

Update to the commit

http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=1f4bfa33073584c25396d74f3929f263f3df188b

8.0.0.7:

We add new version ntp 4.2.8p8 in order to fix following CVEs

CVE-2016-1551
CVE-2016-1549
CVE-2016-2516
CVE-2016-2517
CVE-2016-2518
CVE-2016-2519
CVE-2016-1547
CVE-2016-1548
CVE-2015-7704
CVE-2016-1550
CVE-2016-4957
CVE-2016-4953
CVE-2016-4954
CVE-2016-4955
CVE-2016-4956

The default version is still 4.2.8p4. 

configure ... --with-template=feature/ntp428p8 to enable ntp 4.2.8.p8.

8.0.0.6:

1) Rebase the Yocto 2.0 stable tree

Update to the commit

http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=69b1e25a53255433262178b91ab3e328768ad725

2) We plant to upgrade MariaDB 5.5.49 in RCPL 7

8.0.0.5:

1) Upgrade linux kernel version from 4.1.18 to 4.1.21

2) Rebase the Yocto 2.0 stable tree

Update to the commit

http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=28032d8c3122b75ceb3f4a664a2b478c9a9a6a2c

[YOCTO #9379]
[YOCTO #9357]
[YOCTO #9265]

3) Add X server resource database utility - xrdb 1.1.0

8.0.0.4:

1) Disable SSLv2 default build, default negotiation and weak ciphers.

FYI
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800

Technical details can be found in the published paper "DROWN: Breaking TLS using SSLv2":

https://www.drownattack.com/drown-attack-paper.pdf

The packages 'monit' and 'python-m2crypto' call SSLv2_method() by default, so disable the
SSLv2 in both pacakges.

2) We rebase the Yocto 2.0 stable tree

Update to the commit

http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=883c38cf0e59082276f933f9b47e276b6b88270f

3) We add new version ntp 4.2.8p6 in order to fix following CVEs

CVE-2015-7974
CVE-2015-8158 
CVE-2015-7976
CVE-2015-7973
CVE-2015-7978
CVE-2015-8138
CVE-2015-7977
CVE-2015-7979
CVE-2015-8139
CVE-2015-8140
CVE-2015-5300

The default version is still 4.2.8p4. 

configure ... --with-template=feature/ntp428p6 to enable ntp 4.2.8.p6.

4) We add new version webkitgtk 2.10.9 to fix many CVEs

FYI
http://webkitgtk.org/security/WSA-2016-0002.html

The default version is still 2.8.5. 

configure ... --with-template=feature/webkitgtk2109 to enable webkitgtk 2.10.9.

8.0.0.3:

1) We rebase the Yocto 2.0 stable tree

Update to the commit

http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=c99ed6b73f397906475c09323b03b53deb83de55

[YOCTO #9197]
[YOCTO #9067]
[YOCTO #8553]
[YOCTO #8693]
[YOCTO #8854]

2) We upgrade linux kernel version from 4.1.17 to 4.1.18

8.0.0.2:

1) We upgrade linux kernel version from 4.1.15 to 4.1.17

2) We rebase the Yocto 2.0 stable tree. The last commit we merged from upstream is

http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=824a43c30b99971a382abd5edcf126f96cf4d485

[YOCTO #8739]
[YOCTO #8739]
[YOCTO #8869]
[YOCTO #8611]
[YOCTO #8243]
[YOCTO #8971]
[YOCTO 8966]
[YOCTO #8028]
[YOCTO #8509]
[YOCTO #8825]
[YOCTO #8839]
[YOCTO #8625]
[YOCTO #8658]
[YOCTO #8661]
[YOCTO #8639]
[YOCTO #8639]
[YOCTO #8645]
[YOCTO #8124]
[YOCTO #8562]

3) We upgrade mariadb 5.5.47 in order to integrate following CVE fixes:
CVE-2016-0505
CVE-2016-0546
CVE-2016-0596
CVE-2016-0597
CVE-2016-0598
CVE-2016-0600
CVE-2016-0606
CVE-2016-0608
CVE-2016-0609
CVE-2016-0616

8.0.0.1:

1) We upgrade linux kernel version from 4.1.13 to 4.1.15

2) We rebase the Yocto 2.0 stable tree. The last commit we merged from upstream is

http://git.openembedded.org/openembedded-core/commit/?h=jethro&id=224bcc2ead676600bcd9e290ed23d9b2ed2f481e

[YOCTO #8709]
[YOCTO #8710]
[YOCTO #8448]

BSP Updates:

8.0.0.25
     xilinx-zynqmp: SCP 8 Support for Xilinx Zynq UltraScale

8.0.0.22:
     fsl-ls1021atwr: EPIC: LIN8-6638: Validate LS1021-TWR on existing LS1021-IoT BSP in WRL8
     fsl-ls1046: EPIC: [NEW] NXP LS1046
     cav_octeon3: Update cav_octeon3 from SDK 3.1.1 to 3.1.2-568

8.0.0.20:
     nxp-ls1012: EPIC: [NEW] WRL8 BSP for NXP LS1012A? RDB
     renesas-rcar3: EPIC: [NEW] Renesas R-Car H3 (Salvator-X) in WRL8
     fls-ls1043: EPIC: [Update] LS1043 - Add support for Rev 1.1 (WRL8)

8.0.0.18:
     nxp-imx7: EPIC: [NEW] Add NXP i.MX7 support in WRL8

8.0.0.17:
     intel-apollolake-i: [update] Intel Apollo Lake BSP update to yocto MR2 version

8.0.0.12:
     rose-apple-pi: EPIC: [NEW] Add Roseapple Pi support - WRL8

8.0.0.11:
     fsl-imx6: Freescale i.MX6 rebase to kernel 4.1 SDK
     intel-apollolake-i: EPIC: [update] intel-x86: update Apollo Lake (Broxton) to Yocto gold release - WRL8
     xilinx-zynqmp: EPIC: [NEW] Xilinx Ultrascale MPSoC? - ZCU102

8.0.0.10:
     mv-armada-38x: Marvell Armada 385

8.0.0.9:
     fsl-t4xxx: Freescale T4240 (FSL SDK 2.0 based)
     fsl-p2020: Freescale e500v2 fsl-p2020 BSP (SDK 1.8 Based)
     fsl-ls1043: Freescale LS1043 - based on SDK 2.0

8.0.0.7:
     altera-socfpga: Altera Arria 10
     fsl-ls20xx: EPIC: [CF] Freescale LS2085

8.0.0.5:
     fsl-t4xxx: Freescale T4240 (FSL SDK 1.8 based)
     axxiaarm64: add BSP axxiaarm64
     ti-am335x: add TI AM335X

8.0.0.4:
     fsl-imx6: Freescale i.MX6
     intel-x86: add support for Intel Compute Stick
                Add Broadwell-DE support

8.0.0.3:
     fsl-ls10xx: Freescale LS1021 

8.0.0.2:
     altera-socfpga: Add BSP altera-socfpga
     fsl-e500mc: add fsl-e500mc BSP

8.0.0.1:
     xilinx-zynq: [Update] Add Avnet Mini-ITX, MicroZED?, PicoZED
     axxiaarm: [Add] LSI AXM55xx