Topics

[ANNOUNCEMENT] Yocto Project 1.6.2 (daisy) now available.


Flanagan, Elizabeth <elizabeth.flanagan@...>
 

All,

We are pleased to release the second point release for the Yocto
Project's "daisy" release. This release has fixes for 25 CVEs
including CVE-2014-3566.

Several fixes for CVE-2014-3566 (the SSL Poodle vulnerability) have
been applied to OpenSSL in this release; however, due to the nature of
the vulnerability you will need to ensure that SSL 3.0 support is
either disabled, or alternatively that TLS_FALLBACK_SCSV is
implemented in both clients and servers that use TLS/SSL.

For more information, check with the upstream provider of TLS/SSL
client / server software that you are using.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
https://www.us-cert.gov/ncas/alerts/TA14-290A

Downloads are available at:
http://downloads.yoctoproject.org/releases/yocto/yocto-1.6.2/poky-daisy-11.0.2.tar.bz2


Release Name: poky-daisy-11.0.2
Branch: daisy
Tag: daisy-11.0.2
Hash: e3dd621197548b4cf64988e757e9bc926082db73
md5sum: d0fec76994622bf668ce13779ac73f43
download: http://downloads.yoctoproject.org/releases/yocto/yocto-1.6.2/poky-daisy-11.0.2.tar.bz2

Release Name: meta-qt3-daisy-11.0.2
Branch: daisy
Tag: daisy-11.0.2
Hash: 3016129d90b7ac8517a5227d819f10ad417b5b45
md5sum: 139394eca6575b9ab31d2f79f7830f2a
download: http://downloads.yoctoproject.org/releases/yocto/yocto-1.6.2/meta-qt3-daisy-11.0.2.tar.bz2

Release Name: eclipse-poky-juno-daisy-11.0.2
Branch: daisy
Tag: daisy-11.0.2
Hash: 26bfc407781aa185f244a47ba63120343cee4a37
md5sum: bce7d1644d6bf4ea528db9a511124bba
download: http://downloads.yoctoproject.org/releases/yocto/yocto-1.6.2/eclipse-poky-juno-daisy-11.0.2.tar.bz2

Release Name: eclipse-poky-kepler-daisy-11.0.2
Branch: daisy
Tag: daisy-11.0.2
Hash: 932891014ea068e196fcf1f9efedb8a672fb81a0
md5sum: f85546bfd1da67d72c0b743780146220
download: http://downloads.yoctoproject.org/releases/yocto/yocto-1.6.2/eclipse-poky-kepler-daisy-11.0.2.tar.bz2

Bug Fixes
---------
adt-installer: fix sed input file error
bash: Fix for exported function namespace change
binutils: Add fix for recent patch on older gcc
binutils: Apply the proper fix for PR 16428
bitbake: codeparser: don't interact with the cache for subshells
bitbake: codeparser: Fix to better catch all getVar references
build-appliance-image: Update to daisy head revision
build-appliance-image: Update to daisy head revision
cairo: explicitly disable LTO support by backporting patch which removes it
crosssdk: Clear MACHINEOVERRIDES
dev-manual: Updated the "Making Images More Secure" section.
documentation: Added "November 2014" to manual history lists.
documentation: Updated manual history tables to support 1.6.2
kernel: don't copy .so.dbg files into kernel source install
kernelshark: Remove trace-cmd from the kernelshark package
layer.conf: Add in useradd dependencies as ABISAFE dependencies
layer.conf: Mark opkg-utils as ABISAFE for update-alternatives usage
libarchive: avoid dependency on e2fsprogs
libxml2: fix python packaging for nativesdk
ltp: Added zip-native as a DEPENDS
lttng-modules: Update to version 2.4.2
mega-manual.sed: Updates to support links to BB manual
native/nativesdk: Clear MACHINEOVERRIDES
openssh: avoid screen sessions being killed on disconnect with systemd
openssl: upgrade to 1.0.1j
openssl: Upgrade to 1.0.1j
perf: add slang to the dependencies
perf: explicitly disable libunwind
perf: fix broken shell comparsion in do_install
perf: split packging
poky.conf: Bump DISTRO_VERISON for 1.6.2
poky-ent: Updated the YOCTO_RELEASE_NOTES variable.
poky.ent: Updated variables to support a 1.6.2 release.
populate_sdk_base: Fix grep command usage on old hosts
populate_sdk_deb: Fix non x86_64 SDK builds
profile-manual: Updates to the LTTng Documentation section.
pseudo*.bb: update to pseudo 1.6.2
pseudo.inc: Clean up backport of version update to 1.6.2
python: force off_t size to 8 to enable large file support
qemu: Explicitly disable libiscsi, its not in DEPENDS
qt4: Fix Qt 4.8.5 source to new location
readline: Patch for readline multikey dispatch issue
ref-manual: Updated note in the "CentOS Packages" section.
ref-manual, yocto-project-qs: Fixed some references to BitBake Manual.
shadow-securetty: add freescale lpuart
udev-cache.default: set PROBE_PLATFORM_BUS to "yes" by default
udev: update init script for conditional probing of platform bus
update-rc.d/systemd: Remove OVERRIDES dependency
useradd-staticids.bbclass: Fix for Bug 6633
wic: Fix bad directory name in bootimg-efi
wic: Remove fstype from mkefidisk canned wks

Security Fixes
--------------
bash: Fix CVE-2014-6271
bash: Fix CVE-2014-7169
bash: Fix for CVE-2014-6277
bash: Fix-for-CVE-2014-6278
bash: Fix for CVE-2014-7186 and CVE-2014-7187
curl: Security Advisory - curl - CVE-2014-3613
curl: Security Advisory - curl - CVE-2014-3620
dpkg: Security Advisory - CVE-2014-0471
dpkg: Security Advisory - CVE-2014-3127
eglibc: CVE-2014-5119 fix
gnupg: CVE-2013-4242
gst-ffmpeg: Add CVE patches
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0869
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-4358
libpam: Security Advisory - CVE-2014-2583
libtiff: fix CVE-2013-1961
libtiff: Security Advisory - CVE-2012-4564
nspr: Fix for CVE-2014-1545
nss-3.15.1: fix CVE-2013-1739
nss: CVE-2013-5606
nss: CVE-2014-1544
perl: fix for CVE-2010-4777
pulseaudio: fix CVE-2014-3970
readline: Security Advisory - readline - CVE-2014-2524
wget: Fix for CVE-2014-4887

--
Elizabeth Flanagan
Yocto Project
Build and Release