All,

I am pleased to announce the next point release for the dora branch,
Yocto Project 1.5.4 (dora 10.0.4). A full pass test report is
available at:

https://wiki.yoctoproject.org/wiki/WW48_-_2014-11-25_
_Full_Pass_Release_Dora_1.5.4

Several fixes for CVE-2014-3566 (the SSL Poodle vulnerability) have
been applied to OpenSSL in this release; however, due to the nature of
the vulnerability you will need to ensure that SSL 3.0 support is
either disabled, or alternatively that TLS_FALLBACK_SCSV is
implemented in both clients and servers that use TLS/SSL.

For more information, check with the upstream provider of TLS/SSL
client / server software that you are using.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
https://www.us-cert.gov/ncas/alerts/TA14-290A

Downloads are available at:
http://downloads.yoctoproject.org/releases/yocto/yocto-1.5.4/poky-dora-10.0.4.tar.bz2

--------

Release Name: poky-dora-10.0.4
Branch: dora
Tag: dora-10.0.4
Hash: e035c59d7d331ddaeff19b069169567af5e6f8ac
md5sum: e3d2250514c68b038640c65c19d9038c
Download: http://downloads.yoctoproject.org/releases/yocto/yocto-1.5.4/poky-dora-10.0.4.tar.bz2

Release Name: eclipse-poky-juno-dora-10.0.4
Branch: dora
Tag: dora-10.0.4
Hash: 79cd3c6ff119526f3f85567253450d2e857afed0
md5sum: 01c3e68daa8e337d3aa70b0512cff79d
Download: http://downloads.yoctoproject.org/releases/yocto/yocto-1.5.4/eclipse-poky-juno-dora-10.0.4.tar.bz2

Release Name: eclipse-poky-kepler-dora-10.0.4
Branch: dora
Tag: dora-10.0.4
Hash: e2cc15b1549d197ab15073f52274401d0fd86686
md5sum: 99f144fbee42289c7cfd7283d8be3a9e
Download: http://downloads.yoctoproject.org/releases/yocto/yocto-1.5.4/eclipse-poky-kepler-dora-10.0.4.tar.bz2

Release Name: meta-qt3-dora-10.0.4
Branch: dora
Tag: dora-10.0.4
Hash: 4772424ab69908d4e3b9d6d4717ca889468e6acd
md5sum: 7843a578d15202d6e4603d3cea09392d
Download: http://downloads.yoctoproject.org/releases/yocto/yocto-1.5.4/meta-qt3-dora-10.0.4.tar.bz2

Security Fixes
---------
openssl: Fix for CVE-2014-3568
openssl: Fix for CVE-2014-3567
openssl: Fix for CVE-2014-3513
openssl: Fix for CVE-2014-3566
bash: Fix-for-CVE-2014-6278
bash: Fix for CVE-2014-6277
bash: Fix for CVE-2014-7186 and CVE-2014-7187
bash: add missing patch for CVE-2014-7169 to 4.2 recipe
bash: add missing patch for CVE-2014-6271 to 4.2 recipe
bash: Fix CVE-2014-7169
bash: fix CVE-2014-6271

Bug Fixes
---------
documentation: Updated the date in Manual Revision History table
yocto-bsp: Update qemu inclusion lists
build-appliance-image: Update to dora head revision
poky: Update version to 1.5.4
build-appliance-image: Update to dora head revision
systemtap: fix do_compile failed on fedora21
ltp: Added zip-native as a DEPENDS
package.bbclass: Add CONFFILES to list of package specific variables
profile-manual: Updates to the LTTng Documentation section.
build-appliance-image: Update to dora head revision
build-appliance-image: Update to daisy head revision
poky.ent: Updated the YOCTO_RELEASE_NOTES variable.
bash: Fix for exported function namespace change
apmd.service: Fix typo (not mandatory EnvironmentFile prefix)
documentation: Steps to prepare for 1.5.4 YP doc set.
qt4: Fix Qt 4.8.5 source to new location
gcc-4.8: backport fix for ICE when building opus
cairo: explicitly disable LTO support by backporting patch which removes it
binutils: Fix building nativesdk binutils with gcc 4.9
ref-manual: Updated note in the "CentOS Packages" section.
dev-manual: Fixed broken link to MACHINE variable.
dev-manual: Updates to the "Creating Partitioned Images" section.

Notes
---------
- The source archiver code is not functional.

--
Elizabeth Flanagan
Yocto Project
Build and Release