Skip to content

@nashif nashif released this Apr 20, 2020 · 13379 commits to master since this release

This is an LTS maintenance release with fixes.

Security Vulnerability Related

The following security vulnerabilities (CVEs) were addressed in this
release:

  • CVE-2020-10019
  • CVE-2020-10021
  • CVE-2020-10022
  • CVE-2020-10023
  • CVE-2020-10024
  • CVE-2020-10027
  • CVE-2020-10028

More detailed information can be found in:
https://docs.zephyrproject.org/latest/security/vulnerabilities.html

Issues Fixed

These GitHub issues were addressed since the previous 1.14.0 tagged
release:

  • #11617 - net: ipv4: udp: broadcast delivery not supported
  • #11743 - logging: add user mode access
  • #14459 - usb: samples: mass: doesn't build with FLASH overlay
  • #15119 - GPIO callback not disabled from an interrupt
  • #15339 - RISC-V: RV32M1: Load access fault when accessing GPIO port E
  • #15354 - counter: stm32: Issue with LSE clock source selection
  • #15373 - IPv4 link local packets are not sent with ARP ethernet type
  • #15443 - usb_dc_stm32: Missing semaphore initialization and missing pin remapping configuration
  • #15444 - Error initiating sdhc disk
  • #15497 - USB DFU: STM32: usb dfu mode doesn't work
  • #15507 - NRF52840: usb composite MSC + HID (with CONFIG_ENABLE_HID_INT_OUT_EP)
  • #15526 - Unhandled identity in bt_conn_create_slave_le
  • #15558 - support for power-of-two MPUs on non-XIP systems
  • #15601 - pwm: nRF default prescalar value is wrong
  • #15603 - Unable to use C++ Standard Library
  • #15605 - Unaligned memory access by ldrd
  • #15678 - Watchdog peripheral api docs aren't generated correctly.
  • #15698 - bluetooth: bt_conn: No proper ID handling
  • #15733 - Bluetooth: controller: Central Encryption setup overlaps Length Request procedure
  • #15794 - mps2_an385 crashes if CONFIG_INIT_STACKS=y and CONFIG_COVERAGE=y
  • #15817 - nrf52: HFXO is not turned off as expected
  • #15904 - concerns with use of CONFIG_BT_MESH_RPL_STORE_TIMEOUT in examples
  • #15911 - Stack size is smaller than it should be
  • #15975 - Openthread - fault with dual network interfaces
  • #16001 - ARC iotdk supports MPU and fpu in hardware but not enabled in kconfig
  • #16002 - the spi base reg address in arc_iot.dtsi has an error
  • #16010 - Coverage reporting fails on many tests
  • #16012 - Source IP address for DHCP renewal messages is unset
  • #16046 - modules are being processed too late.
  • #16080 - Zephyr UART shell crashes on start if main() is blocked
  • #16089 - Mcux Ethernet driver does not detect carrier anymore (it's alway on)
  • #16090 - mpu align support for code relocation on non-XIP system
  • #16143 - posix: clock_settime calculates the base time incorrectly
  • #16155 - drivers: can: wrong value used for filter mode set
  • #16257 - net: icmpv4: Zephyr sends echo reply with multicast source address
  • #16307 - cannot move location counter backwards error happen
  • #16323 - net: ipv6: tcp: unexpected reply to malformed HBH in TCP/IPv6 SYN
  • #16339 - openthread: off-by-one error when calculating ot_flash_offset for settings
  • #16354 - net: ipv6: Zephyr does not reply to fragmented packet
  • #16375 - net: ipv4: udp: Zephyr does not reply to a valid datagram with checksum zero
  • #16379 - net: ipv6: udp: Zephyr replies with illegal UDP checksum zero
  • #16411 - bad regex for west version check in host-tools.cmake
  • #16412 - on reel_board the consumption increases because TX pin is floating
  • #16413 - Missing dependency in cmake
  • #16414 - Backport west build --pristine
  • #16415 - Build errors with C++
  • #16416 - sram size for RT1015 and RT1020 needs to be update.
  • #16417 - issues with can filter mode set
  • #16418 - drivers: watchdog: sam0: check if timeout is valid
  • #16419 - Bluetooth: XTAL feature regression
  • #16478 - Bluetooth: Improper bonded peers handling
  • #16570 - [Coverity CID :198877]Null pointer dereferences in /subsys/net/ip/net_if.c
  • #16577 - [Coverity CID :198870]Error handling issues in /subsys/net/lib/lwm2m/lwm2m_obj_firmware_pull.c
  • #16581 - [Coverity CID :198866]Null pointer dereferences in /subsys/net/lib/dns/llmnr_responder.c
  • #16584 - [Coverity CID :198863]Error handling issues in /subsys/net/lib/sntp/sntp.c
  • #16600 - Bluetooth: Mesh: Proxy SAR timeout is not implemented
  • #16602 - Bluetooth: GATT Discovery: Descriptor Discovery by range Seg Fault
  • #16639 - eth: pinging frdm k64f eventually leads to unresponsive ethernet device
  • #16678 - LPN establishment of Friendship never completes if there is no response to the initial Friend Poll
  • #16711 - Settings reworked to const char processing
  • #16734 - Bluetooth: GATT: Writing 1 byte to a CCC access invalid memory
  • #16745 - PTHREAD_MUTEX_DEFINE(): don't store into the _k_mutex section
  • #16746 - boards: nrf52840_pca10059: Configure NFC pins as GPIOs by default
  • #16749 - IRQ_CONNECT and irq_enable calls in the SiFive UART driver is misconfigured
  • #16750 - counter: lack of interrupt when CC=0
  • #16760 - K_THREAD_STACK_EXTERN() confuses gen_kobject_list.py
  • #16779 - [Zephyr v1.14] ARM: fix the start address of MPU guard in stack-fail checking (when building with no user mode)
  • #16799 - Bluetooth: L2CAP: Interpretation of SCID and DCID in Disconnect is wrong
  • #16861 - nRF52: UARTE: Data corruption right after resuming device
  • #16864 - Bluetooth: Mesh: Rx buffer exhaustion causes deadlock
  • #16893 - Bluetooth: Multiple local IDs, privacy problem
  • #16943 - Missing test coverage for lib/os/crc*.c
  • #16944 - Insufficient test coverage for lib/os/json.c
  • #17031 - Compiler warnings in settings module in Zephyr 1.14
  • #17038 - code relocation generating different memory layout cause user mode not working
  • #17041 - [1.14] Bluetooth: Mesh: RPL handling is not in line with the spec
  • #17055 - net: Incorrect data length after the connection is established
  • #17057 - Bluetooth: Mesh: Implementation doesn't conform to latest errata and 1.0.1 version
  • #17092 - Bluetooth: GAP/IDLE/NAMP/BV-01-C requires Read by UUID
  • #17170 - x86_64 crash with spinning child thread
  • #17171 - Insufficient code coverage for lib/os/fdtable.c
  • #17177 - ARM: userspace/test_bad_syscall fails on ARMv8-M
  • #17190 - net-mgmt should pass info element size to callback
  • #17250 - After first GC operation the 1st sector had become scratch and the 2nd sector had became write sector.
  • #17251 - w25q: erase operations must be erase-size aligned
  • #17262 - insufficient code coverage for lib/os/base64.c
  • #17288 - Bluetooth: controller: Fix handling of L2CAP start frame with zero PDU length
  • #17294 - DB corruption when adding/removing service
  • #17337 - ArmV7-M mpu sub region alignment
  • #17338 - kernel objects address check in elf_helper.py
  • #17368 - Time Slicing cause system sleep short time
  • #17399 - LwM2M: Can't use an alternate mbedtls implementation
  • #17401 - LwM2M: requires that CONFIG_NET_IPV* be enabled (can't use 100% offloaded IP stack)
  • #17415 - Settings Module - settings_line_val_read() returning -EINVAL instead of 0 for deleted setting entries
  • #17427 - net: IPv4/UDP datagram with zero src addr and TTL causes Zephyr to segfault
  • #17450 - net: IPv6/UDP datagram with unspecified addr and zero hop limit causes Zephyr to quit
  • #17463 - Bluetooth: API limits usage of MITM flags in Pairing Request
  • #17534 - Race condition in GATT API.
  • #17595 - two userspace tests fail if stack canaries are enabled in board configuration
  • #17600 - Enable Mesh Friend support in Bluetooth tester application
  • #17613 - POSIX arch: occasional failures of tests/kernel/sched/schedule_api on CI
  • #17630 - efr32mg_sltb004a tick clock error
  • #17723 - Advertiser never clears state flags
  • #17732 - cannot use bt_conn_security in connected callback
  • #17764 - Broken link to latest development version of docs
  • #17802 - [zephyr 1.14] Address type 0x02 is used by LE Create Connection in device privacy mode
  • #17820 - Mesh bug report In access.c
  • #17838 - state DEVICE_PM_LOW_POWER_STATE of Device Power Management
  • #17843 - Bluetooth: controller: v1.14.x release conformance test failures
  • #17857 - GATT: Incorrect byte order for GATT database hash
  • #17861 - Tester application lacks BTP Discover All Primary Services handler
  • #17880 - Unable to re-connect to privacy enabled peer when using stack generated Identity
  • #17944 - [zephyr 1.14] LE Enhanced Connection Complete indicates Resolved Public once connected to Public peer address
  • #17948 - Bluetooth: privacy: Reconnection issue
  • #17967 - drivers/pwm/pwm_api test failed on frdm_k64f board.
  • #17971 - [zephyr 1.14] Unable to register GATT service that was unregistered before
  • #17979 - Security level cannot be elevated after re-connection with privacy
  • #18021 - Socket vtable can access null pointer callback function
  • #18090 - [zephyr 1.14][MESH/NODE/FRND/FN/BV-08-C] Mesh Friend queues more messages than indicates it's Friend Cache
  • #18178 - BLE Mesh When Provisioning Use Input OOB Method
  • #18183 - [zephyr 1.14][GATT/SR/GAS/BV-07-C] GATT Server does not inform change-unaware client about DB changes
  • #18297 - Bluetooth: SMP: Pairing issues
  • #18306 - Unable to reconnect paired devices with controller privacy disabled (host privacy enabled)
  • #18308 - net: TCP/IPv6 set of fragmented packets causes Zephyr to quit
  • #18394 - [Coverity CID :203464]Memory - corruptions in /subsys/net/l2/ethernet/gptp/gptp_mi.c
  • #18462 - potential buffer overrun in logging infrastructure
  • #18580 - Bluetooth: Security fail on initial pairing
  • #18658 - Bluetooth BR/EDR encryption key negotiation vulnerability
  • #18739 - k_uptime_get_32() does not behave as documented
  • #18935 - [Zephyr 1.14] drivers: flash: spi_nor: Problematic write with page boundaries
  • #18961 - [Coverity CID :203912]Error handling issues in /samples/net/sockets/coap_client/src/coap-client.c
  • #19015 - Bluetooth: Mesh: Node doesn't respond to "All Proxies" address
  • #19038 - [zephyr branch 1.14 and master -stm32-netusb]:errors when i view RNDIS Device‘s properties on Windows 10
  • #19059 - i2c_ll_stm32_v2: nack on write is not handled correctly
  • #19103 - zsock_accept_ctx blocks even when O_NONBLOCK is specified
  • #19165 - zephyr_file generates bad links on branches
  • #19263 - Bluetooth: Mesh: Friend Clear Procedure Timeout
  • #19515 - Bluetooth: Controller: assertion failed
  • #19612 - ICMPv6 packet is routed to wrong interface when peer is not found in neighbor cache
  • #19678 - Noticeable delay between processing multiple client connection requests (200ms+)
  • #19612 - ICMPv6 packet is routed to wrong interface when peer is not found in neighbor cache
  • #19678 - Noticeable delay between processing multiple client connection requests (200ms+)
  • #19889 - Buffer leak in GATT for Write Without Response and Notifications
  • #19982 - Periodically wake up log process thread consume more power
  • #20042 - Telnet can connect only once
  • #20100 - Slave PTP clock time is updated with large value when Master PTP Clock time has changed
  • #20229 - cmake: add --divide to GNU assembler options for x86
  • #20299 - bluetooth: host: Connection not being unreferenced when using CCC match callback
  • #20313 - Zperf documentation points to wrong iPerf varsion
  • #20811 - spi driver
  • #20970 - Bluetooth: Mesh: seg_tx_reset in the transport layer
  • #21131 - Bluetooth: host: Subscriptions not removed upon unpair
  • #21306 - ARC: syscall register save/restore needs backport to 1.14
  • #21431 - missing async uart.h system calls
  • #21432 - watchdog subsystem has no system calls
  • #22275 - arm: cortex-R & M: CONFIG_USERSPACE: intermittent Memory region write access failures
  • #22280 - incorrect linker routing
  • #23153 - Binding AF_PACKET socket second time will fail with multiple network interfaces
  • #23339 - tests/kernel/sched/schedule_api failed on mps2_an385 with v1.14 branch.
  • #23346 - bl65x_dvk boards do not reset after flashing
Assets 2
You can’t perform that action at this time.