Summary

Zephyr microPlatform changes for 0.30

Zephyr's v1.13 release and improvements to the reference applications.

Linux microPlatform changes for 0.30

OSF Unified Linux Kernel updated to the 4.18.10 stable release. Core layer updates based on the latest OE/Yocto master changes.

Zephyr microPlatform

Highlights

• Zephyr v1.13
• Numerous improvements to sample application helper scripts

Components

MCUboot

Features

Not addressed in this update

Bugs

Not addressed in this update

Zephyr

Features

Bluetooth

Support for the Central Address Resolution characteristic was added.

Continuous Integration

Sanitycheck footprint data for the v1.13.0 release was added.

Cryptography

The crypto tests were converted to use config-tls- generic.h, an mbedTLS configuration file that is part of Zephyr which is configurable with Kconfig.

Bugs

Documentation

The release's documentation was finalized.

Drivers

A fix was merged for ADC on SAM E70.

External

mbedTLS was updated to version 2.12.0 from 2.9.0. This includes various security fixes and functional improvements. These come at the cost of increased resource requirements.

Kernel

Various attempts to support interrupts when CONFIG_MULTITHREADING=n were postponed until after v1.13.0, resolving some observed scheduler issues.

Libraries

A couple of fixes were made to Zephyr's CMSIS RTOS v1 support shim.

Miscellaneous

A C++-related warning fix was merged to the stack checking feature.

Samples

The latest mbedTLS increased resource requirements; the drivers/crypto sample was adjusted. The main stack size was increased to a rather large 4096 B; the minimum target RAM required to run the sample increased from 16 KB to 20 KB.

Testing

Various final adjustments and fixes were made to the tests to get to release readiness.

hawkBit and MQTT sample application

Features

Helper script improvements

The helper hawkbit.py script now supports Python 3, has "rollout" parameters for controlling a hawkBit-based firmware update to multiple devices, was updated for compatibility with the latest hawkBit release, and has improved help text.

Bugs

Helper script fixes

The help text for the hawkbit.py script was fixed, along with internal fixes for control of hawkBit's REST API.

LWM2M sample application

Features

Helper script improvements

The helper script now uses mgmt.foundries.io as the default host, supports multithreading with a --threads option, device type filtering with a --device option, logs with the standard logging module, updating of all connected clients, and has quieter output.

Bugs

Helper script fixes

Numerous fixes for error handling were merged to the leshan.py helper script.

Linux microPlatform

Highlights

• OSF Unified Linux Kernel updated to 4.18.10.
• Binutils updated to the 2.31.1 release.
• Busybox updated to the 1.29.2 release.
• Glibc updated to the 2.28 release.
• Openssl 1.1.x is now the default version.
• Python3 updated to the 3.5.6 release.

Components

OpenEmbedded-Core Layer

Features

Layer Update

Acpid updated to 2.0.30. Binutils updated to 2.31.1. Boost updated to 1.68.0. Busybox updated to 1.29.2. Ca-certificates updated to 20180409. Cmake updated to 3.12.1. Dbus updated to 1.12.10. Distcc updated to 3.3.2. Dtc updated to 1.4.7. Elfutils updated to 0.173. Expat updated to 2.2.6. File updated to 5.34. Freetype updated to 2.9.1. Gdb updated to 8.2. Gdbm updated to 1.18. Glib updated to 2.58.0. Glibc updated to 2.28. Gnutls updated to 3.6.3. Gobject-introspection updated to 1.58.0. Gptfdisk updated to 1.0.4. Gtk-doc updated to 1.29. Icu updated to 61.1. Iproute2 updated to 4.18.0. Libc-headers updated to 4.18. Libpng updated to 1.6.35. Libsolv updated to 0.6.35. Libxcrypt updated to 4.1.1. Linux-firmware updated to the feb25f3e revision. Meson updated to 0.47.2. Mpfr updated to 4.0.1. Musl updated to 1.1.20. OpenSSH updated to 7.8p1+git. OpenSSL updated to 1.1.1 and 1.0.2p. Pciutils updated to 3.6.2. Pcmciautils removed from OE-Core, now available in meta-openembedded. Python3 updated to 3.5.6. Python3-pip updated to 18.0. Qemu updated to 3.0. Re2c updated to 1.0.1. Rpm updated to 4.14.2. SERIAL_CONSOLE updated to SERIAL_CONSOLES. Strace updated to 4.24. Sysprof updated to 3.30.0 and enabled for aarch64. Util-linux updated to 2.32.1. Vala updated to 0.42.0. Yasm removed from OE-core.

Bugs

libxml2

Multiple issues.

• CVE-2018-14404
• CVE-2018-9251
• CVE-2018-14567

libvorbis

Multiple issues.

• CVE-2017-14160
• CVE-2018-10393
• CVE-2018-10392

openssl

Client DoS due to large DH parameter.

• CVE-2018-0732

unzip

Heap-based buffer overflow in password protected ZIP archives.

• CVE-2018-1000035

nasm

Multiple issues.

• CVE-2018-8882
• CVE-2018-8883
• CVE-2018-10316

flac

Fix memory leak in stream_decoder.c.

• CVE-2017-6888

u-boot

Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot.

• CVE-2018-1000205

libsndfile1

Multiple issues.

• CVE-2017-14245
• CVE-2017-14246
• CVE-2017-14634

libsndfile1

Multiple issues.

• CVE-2017-14245
• CVE-2017-14246
• CVE-2017-14634

libarchive

Multiple issues.

• CVE-2017-14501
• CVE-2017-14503

perl

Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

• CVE-2018-12015

patch

Double free in the another_hunk function in pch.c

• CVE-2018-6952

wpa-supplicant

Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle.

• CVE-2018-14526

elfutils

Out-of-bounds read in the way elfutils reads DWARF address ranges information.

• CVE-2018-16062

busybox

User enumeration vulnerability in authentication requests.

• CVE-2018-16062

qemu

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.

• CVE-2018-15746

bind

Named could crash during recursive processing of DNAME records when "deny-answer-aliases" was in use.

• CVE-2018-5740

lrzsz

Integer overflow in src/zm.c:zsdata causes crash in sz and can leak information to receiver.

• CVE-2018-10195

curl

Buffer overrun in the NTLM authentication code.

• CVE-2018-14618

Meta OpenEmbedded Layer

Features

Layer Update

Efibootmgr updated to 0.16. Efivar updated to 0.36. Fuse updated to 2.9.8. Python3-certifi updated to 2018.8.13. Python3-cython updated to 0.28.5. Python3-pip updated to 18.0.

Bugs

hostapd

Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle.

• CVE-2018-14526

Meta Freescale

Features

Layer Update

Added i.MX 8 support for imx-kobs, imx-test, pulseaudio, u-boot-imx, imx-gpu-viv, alsa-state and gstreamer1.0. EULA updated to the v24 revision. Firmware-imx updated to 7.6, with support for BCM4356 and BCM89359. Imx-codec, imx-vpuwrap and imx-parser updated to v4.4.0. Imx-dpu-g2d updated to 1.4.6. Imx-gpu-g2d updated to 6.2.4.p1.6. Imx-gpu-viv updated to 6.2.4.p1.6. Imx-vpu-hantro updated to 1.7.0. Kernel-module-imx-gpu-viv updated to 6.2.4.p1.6. New machine definition for imx8mqevk, imx8qmmek and imx8qxpmek. U-boot-fslc updated to the 1e13b91a revision.

Bugs

Not addressed in this update

Meta Intel

Features

Layer Update

Intel-microcode updated to 20180807.

Bugs

Not addressed in this update

Meta Qualcomm

Features

Layer Update

Updated bootrr, qmic, qrtr and rmtfs to the latest revision available.

Bugs

Not addressed in this update

Meta RaspberryPi

Features

Layer Update

Firmware updated to 20180817.

Bugs

Not addressed in this update

Meta RISC-V

Features

Layer Update

Gdb updated to the latest RISC-V fork. Qemu-riscv removed in favor of the upstream version.

Bugs

Not addressed in this update

Meta LMP Layer

Features

Layer Update

OSF Unified Linux Kernel updated to 4.18.10. U-boot autoboot disabled for DragonBoard 410c and 820c to avoid boot failures caused by serial noise without the UART adapter.

Bugs

Not addressed in this update