Releases: zephyrproject-rtos/zephyr
Zephyr v3.4.0-rc3
nashif
Anas Nashif
Zephyr v3.4.0-rc3
Zephyr v3.4.0-rc2
nashif
Anas Nashif
Zephyr v3.4.0-rc2
Zephyr v2.7.5
We are pleased to announce the release of Zephyr version 2.7.5.
This is an LTS maintenance release with fixes.
Issues Fixed
These GitHub issues were addressed since the previous 2.7.4 tagged release:
- 41111 - utils: tmcvt: fix integer overflow after 6.4 days with gettimeofday() and z_tmcvt()
- 51663 - tests: kernel: increase coverage for kernel and mmu tests
- 53124 - bmake: fix argument passing in zephyr_check_compiler_flag() cmake function
- 53315 - net: tcp: fix possible underflow in tcp_flags().
- 53981 - scripts: fixes for gen_syscalls and gen_app_partitions
- 53983 - init: correct early init time calls to k_current_get() when TLS is enabled
- 54140 - net: fix BUS FAULT when running nmap towards echo_async sample
- 54325 - coredump: support out-of-tree coredump backend definition
- 54386 - kernel: correct SMP scheduling with more than 2 CPUs
- 54527 - tests: kernel: remove faulty test from tests/kernel/poll
- 55019 - bluetooth: host: initialize value passed to k_sem_init()
- 55068 - net: ipv6: validate arguments in net_if_ipv6_set_reachable_time()
- 55069 - net: core: net pkt shell command missing input validation
- 55323 - logging: fix userspace runtime filtering
- 55490 - cxx: fix compile error in C++ project for bad flags -Wno-pointer-sign and -Werror=implicit-int
- 56071 - security: MbedTLS: update to v2.28.3
- 56729 - posix: SCHED_RR valid thread priorities
- 57210 - drivers: pcie: endpoint: pcie_ep_iproc: correct use of optional devicetree binding
- 57419 - tests: dma: support 64-bit addressing in tests
- 57710 - posix: support building eventfd on arm-clang
mbedTLS
Moving mbedTLS to 2.28.x series (2.28.3 precisely). This is a LTS release that will be supported with bug fixes and security fixes until the end of 2024.
Detailed information can be found in:
This version is incompatible with TF-M and because of this TF-M is no longer supported in Zephyr LTS. If TF-M is required it can be manually added back changing the mbedTLS revision on west.yaml to the previous one (5765cb7f75a9973ae9232d438e361a9d7bbc49e7). This should be carefully assessed by a security expert to ensure that the know vulnerabilities in that version don’t affect the product.
Vulnerabilities addressed in this update:
-
MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on builds that couldn’t compile the GCC-style assembly implementation (most notably builds with Visual Studio), leaving them vulnerable to timing side-channel attacks. There is now an intrinsics-based AES-NI implementation as a fallback for when the assembly one cannot be used.
-
Fix potential heap buffer overread and overwrite in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
-
An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) could recover an RSA private key after observing the victim performing a single private-key operation if the window size used for the exponentiation was 3 or smaller. Found and reported by Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG. See “Cache Side-channel Attacks and Defenses of the Sliding Window Algorithm in TEEs” - Design, Automation and Test in Europe 2023.
-
Zeroize dynamically-allocated buffers used by the PSA Crypto key storage module before freeing them. These buffers contain secret key material, and could thus potentially leak the key through freed heap.
-
Fix a potential heap buffer overread in TLS 1.2 server-side when MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite is selected. This may result in an application crash or potentially an information leak.
-
Fix a buffer overread in DTLS ClientHello parsing in servers with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client or a man-in-the-middle could cause a DTLS server to read up to 255 bytes after the end of the SSL input buffer. The buffer overread only happens when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(), and possibly up to 571 bytes with a custom cookie check function. Reported by the Cybeats PSI Team.
-
Zeroize several intermediate variables used to calculate the expected value when verifying a MAC or AEAD tag. This hardens the library in case the value leaks through a memory disclosure vulnerability. For example, a memory disclosure vulnerability could have allowed a man-in-the-middle to inject fake ciphertext into a DTLS connection.
-
In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back from the output buffer. This fixes a potential policy bypass or decryption oracle vulnerability if the output buffer is in memory that is shared with an untrusted application.
-
Fix a double-free that happened after mbedtls_ssl_set_session() or mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED (out of memory). After that, calling mbedtls_ssl_session_free() and mbedtls_ssl_free() would cause an internal session buffer to be free()’d twice.
-
Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM) private keys and of blinding values for DHM and elliptic curves (ECP) computations.
-
Fix a potential side channel vulnerability in ECDSA ephemeral key generation. An adversary who is capable of very precise timing measurements could learn partial information about the leading bits of the nonce used for the signature, allowing the recovery of the private key after observing a large number of signature operations. This completes a partial fix in Mbed TLS 2.20.0.
Security Vulnerability Related
The following security vulnerabilities (CVEs) were addressed in this release:
-
CVE-2023-0397: Zephyr project bug tracker GHSA-wc2h-h868-q7hj
-
CVE-2023-0779: Zephyr project bug tracker GHSA-9xj8-6989-r549
More detailed information can be found in:
https://docs.zephyrproject.org/latest/security/vulnerabilities.html
Zephyr v3.4.0-rc1
nashif
Anas Nashif
The first release candidate for Zephyr 3.4.0 has been tagged:
https://github.com/zephyrproject-rtos/zephyr/releases/tag/v3.4.0-rc1
The merge window for features and enhancements is now closed for this
release, and it will remain closed until 3.4.0 is released.
We are now in the stabilisation phase, and only bug-fix, documentation
and stabilisation patches may be merged to the main branch. Additional
features and enhancements for the 3.4.0 release require approval by the
TSC.
You may continue to submit pull requests for new features in order to
gather feedback early or collaborate with others, but the release team
would like to encourage everyone to focus on testing and fixing bugs.
Release milestone dates:
https://github.com/zephyrproject-rtos/zephyr/wiki/Release-Management
Release process:
https://docs.zephyrproject.org/latest/project/release_process.html
Zephyr 3.3.0
stephanosio
Stephanos Ioannidis
We are pleased to announce the release of Zephyr version 3.3.0.
Major enhancements with this release include:
- Introduced Fuel Gauge subsystem for battery level monitoring.
- Introduced USB-C device stack with PD (power delivery) support.
- Introduced DSP (digital signal processing) subsystem with CMSIS-DSP as the default backend.
- Added Picolibc support for all architectures when using Zephyr SDK.
The full release notes are available at: Zephyr 3.3.0 Release Notes
Zephyr v2.7.4
We are pleased to announce the release of Zephyr version 2.7.4.
This is an LTS maintenance release with fixes.
Issues Fixed
These GitHub issues were addressed since the previous 2.7.3 tagged
release:
- 25417 - net: socket: socketpair: check for ISR context
- 41012 - irq_enable() doesn’t support enabling NVIC IRQ number more than 127
- 44070 - west spdx TypeError: 'NoneType' object is not iterable
- 46072 - subsys/hawkBit: Debug log error in hawkbit example "CONFIG_LOG_STRDUP_MAX_STRING"
- 48056 - Possible null pointer dereference after k_mutex_lock times out
- 49102 - hawkbit - dns name randomly not resolved
- 49139 - can't run west or DT tests on windows / py 3.6
- 49564 - Newer versions of pylink are not supported in latest zephyr 2.7 release
- 49569 - Backport cmake string cache fix to v2.7 branch
- 50221 - tests: debug: test case subsys/debug/coredump failed on acrn_ehl_crb on branch v2.7
- 50467 - Possible memory corruption on ARC when userspace is enabled
- 50468 - Incorrect Z_THREAD_STACK_BUFFER in arch_start_cpu for Xtensa
- 50961 - drivers: counter: Update counter_set_channel_alarm documentation
- 51714 - Bluetooth: Application with buffer that cannot unref it in disconnect handler leads to advertising issues
- 51776 - POSIX API is not portable across arches
- 52247 - mgmt: mcumgr: image upload, then image erase, then image upload does not restart upload from start
- 52517 - lib: posix: sleep() does not return the number of seconds left if interrupted
- 52518 - lib: posix: usleep() does not follow the POSIX spec
- 52542 - lib: posix: make sleep() and usleep() standards-compliant
- 52591 - mcumgr user data size out of sync with net buffer user data size
- 52829 - kernel/sched: Fix SMP race on pend
- 53088 - Unable to change initialization priority of logging subsys
Security Vulnerability Related
The following security vulnerabilities (CVEs) were addressed in this
release:
-
CVE-2022-2741: Zephyr project bug tracker GHSA-hx5v-j59q-c3j8
-
CVE-2022-1841: Zephyr project bug tracker GHSA-5c3j-p8cr-2pgh
More detailed information can be found in:
https://docs.zephyrproject.org/latest/security/vulnerabilities.html
Changes since zephyr-v2.7.3
Anas Nashif (2):
actions: west/devicetree: exclude python 3.6 on windows
ci: update cancel-workflow-action action to 0.11.0
Andy Ross (1):
kernel/sched: Fix SMP race on pend
Chris Friedt (8):
net: sockets: socketpair: do not allow blocking IO in ISR context
tests: kernel: mutex: move race timeout test to mutex_api
tests: posix: clock: do not use usleep in a broken way
lib: posix: sleep() should report unslept time in seconds
lib: posix: update usleep() to follow the POSIX spec
tests: posix: add tests for sleep() and usleep()
release: update v2.7.4 release notes
release: Zephyr 2.7.4
Daniel Leung (3):
tests: coredump: skip acrn_ehl_crb
soc: intel_adsp: use Z_KERNEL_STACK_BUFFER instead of...
soc: esp32: use Z_KERNEL_STACK_BUFFER instead of...
Flavio Ceolin (1):
net: tcp: Fix possible buffer underflow
Gerard Marull-Paretas (6):
scripts: west_commands: runners: jlink: support pylink >= 0.14
scripts: west_commands: runners: jlink: support pylink >= 0.14.2
ci: doc-build: set timeout to 30 minutes
ci: doc-build: disable parallel build
ci: doc-build: use concurrency group to cancel in progress builds
ci: doc-build: skip Kconfig docs build on pull requests
Ian Oliver (1):
log_core: Add Kconfig symbol for init priority
Jamie McCrae (4):
drivers: counter: Update counter_set_channel_alarm documentation
mgmt: mcumgr: Fix Bluetooth transport issues
net: Synchronise user data size with mcumgr
manifest: Update mcumgr revision
Jay Vasanth (1):
soc arm: MEC172x soc.h - Include custom IRQn_Type
Jordan Yates (1):
scripts: zspdx: fix writing custom license IDs
Martí Bolívar (2):
edtlib: remove python 3.5 workaround
python-devicetree: CI hotfix
Qi Yang (1):
kernel: mutex: fix races when lock timeout
Ruud Derwig (1):
ARC: fx possible memory corruption with userspace
Stephanos Ioannidis (50):
ci: Limit workflow scope to v2.7-branch
ci: doc: Publish pull request docs to builds.zephyrproject.io
ci: issue_count: Fix stale reference to master branch
ci: bluetooth-tests: Use Ubuntu 20.04 runner image
ci: backport_issue_check: Use Ubuntu 20.04 runner image
ci: clang: Use Ubuntu 20.04 runner image
ci: coding_guidelines: Use Ubuntu 20.04 runner image
ci: compliance: Use Ubuntu 20.04 runner image
ci: daily_test_version: Use Ubuntu 20.04 runner image
ci: doc: Use Ubuntu 20.04 runner image
ci: errno: Use Ubuntu 20.04 runner image
ci: footprint-tracking: Use Ubuntu 20.04 runner image
ci: footprint: Use Ubuntu 20.04 runner image
ci: issue_count: Use Ubuntu 20.04 runner image
ci: license_check: Use Ubuntu 20.04 runner image
ci: manifest: Use Ubuntu 20.04 runner image
ci: release: Use Ubuntu 20.04 runner image
ci: stale_issue: Use Ubuntu 20.04 runner image
ci: twister_tests: Use Ubuntu 20.04 runner image
ci: twister: Use Ubuntu 20.04 runner image
ci: devicetree_checks: Use specific version of runner image
ci: west_cmds: Use specific version of runner image
ci: backport: Use Ubuntu 20.04 runner image
ci: compliance: Use upload-artifact action v3
ci: doc-build: Use upload-artifact action v3
ci: issue_count: Use upload-artifact action v3
ci: compliance: Use upload-artifact action v3
ci: bluetooth-tests: Use "concurrency" to cancel previous runs
ci: twister: Use "concurrency" to cancel previous runs
ci: clang: Use "concurrency" to cancel previous runs
ci: codecov: Use "concurrency" to cancel previous runs
ci: footprint: Use "concurrency" to cancel previous runs
ci: footprint-tracking: Use "concurrency" to cancel previous runs
ci: clang: Use output parameter file
ci: codecov: Use output parameter file
ci: release: Use output parameter file
ci: twister: Use output parameter file
ci: Use actions/checkout@v3
ci: Use actions/upload-artifact@v3
ci: Use actions/setup-python@v4
ci: Use actions/cache@v3
ci: twister: Use zephyr-runner
ci: twister: Clone cached Zephyr repository
ci: twister: Remove obsolete clean-up steps
ci: clang: Use zephyr-runner
ci: clang: Clone cached Zephyr repository
ci: clang: Remove obsolete clean-up steps
ci: codecov: Use zephyr-runner
ci: codecov: Clone cached Zephyr repository
ci: Clone cached Zephyr repository with shared objects
Torsten Rasmussen (1):
cmake: kconfig: preserved quotes for Kconfig string values
Yong Cong Sin (3):
subsys/mgmt/hawkbit: Init the `hints` struct to a known value
subsys/mgmt/hawkbit: Set `ai_socktype` if IPV4/IPV6
mgmt/hawkbit: Print hrefs only if there's an update
Zephyr 3.2.0
fabiobaltieri
Fabio Baltieri
We are pleased to announce the release of Zephyr version 3.2.0.
Major enhancements with this release include:
- Introduced
sysbuild. - Added support for
bin-blobs. - Added support for Picolibc (see
CONFIG_PICOLIBC). - Converted all supported boards from
pinmuxtopinctrl. - Initial support for
i3c_apicontrollers. - Support for
W1 api. - Improved access to Devicetree compatibles from Kconfig (new generated
DTS_HAS_..._ENABLEDconfigs).
The full release notes are available at: 3.2 Release Notes
Zephyr 3.2.0-rc3
fabiobaltieri
Fabio Baltieri
Zephyr 3.2.0-rc3
Zephyr 3.2.0-rc2
fabiobaltieri
Fabio Baltieri
Zephyr 3.2.0-rc2
Zephyr 2.7.3
Changes since zephyr-v2.7.2:
Aleksandr Khromykh (1):
Bluetooth: Mesh: add check for rx buffer overflow in pb adv
Alexander Wachter (1):
drivers: can: m_can: fix alignmed issues
Alexej Rempel (1):
logging: shell: fix shell stats null pointer dereference
Andrei Emeltchenko (1):
edac: ibecc: Add support for EHL SKU13, SKU14, SKU15
Andriy Gelman (1):
net: route: Fix pkt leak if net_send_data() fails
Christopher Friedt (10):
release: update v2.7.2 release notes
lib: posix: semaphore: use consistent timebase in sem_timedwait
posix: pthread: consider PTHREAD_EXITED state in pthread_create
tests: posix: pthread: test for pthread descriptor leaks
scripts: release: use GITHUB_TOKEN and start_date in scripts
scripts: release: list_backports.py
ci: backports: check if a backport PR has a valid issue
scripts: release: list_backports: use older python dict merge method
release: update v2.7.3 release notes
release: Zephyr 2.7.3
Erwan Gouriou (1):
boards: nucleo_wb55rg: Fix documentation about BLE binary compatibility
Flavio Ceolin (1):
release: security: Notes for 2.7.3
Francois Ramu (1):
drivers: spi: stm32 spi with dma must enable cs after periph
Henrik Brix Andersen (4):
drivers: can: mcan: acknowledge all received frames
drivers: can: mcux: flexcan: fix handling of RTR frames
drivers: can: loopback: check frame ID type and RTR bit in filters
tests: drivers: can: api: add test for RTR filter matching
Jamie McCrae (1):
drivers: sensor: sm351lt: Fix global thread triggering bug
Mark Holden (1):
coredump: adjust mem_region find in gdbstub
Michał Narajowski (1):
tests/bluetooth/tester: Refactor Read UUID callback
Pavel Vasilyev (2):
Bluetooth: Mesh: Check SegN when receiving Transaction Start PDU
Bluetooth: Mesh: Fix segmentation when sending proxy message
Piotr Pryga (1):
Bluetooth: Controller: Fix per adv scheduling issue
Stephanos Ioannidis (7):
drivers: i2c: Fix infinite recursion in driver unregister function
lib: libc: minimal: Initialise libc heap during POST_KERNEL phase
lib: libc: newlib: Initialise libc heap during POST_KERNEL phase
tests: cpp: cxx: Add static global constructor invocation test
tests: cpp: cxx: Add dynamic memory availability test for static init
tests: cpp: cxx: Test with various types of libc
tests: cpp: cxx: Add qemu_cortex_a53 as integration platform
Szymon Janc (2):
Bluetooth: host: Fix L2CAP reconfigure response with invalid MTU
Bluetooth: host: Fix L2CAP reconfigure response with invalid CID
Torsten Rasmussen (3):
Revert "cmake: Zephyr sdk backward compatibility with 0.11.1 and 0.11.2"
cmake: zephyr toolchain code cleanup
cmake: remove xtensa workaround in Zephyr toolchain code.
Vinayak Kariappa Chettimada (1):
Bluetooth: Controller: Fix PHY update for unsupported PHY
Security Vulnerability Related
The following security vulnerabilities (CVEs) were addressed in this release:
- CVE-2022-2741: Under embargo until 2022-10-14
- CVE-2022-1042
- CVE-2022-1041
- CVE-2021-3966
More detailed information can be found in:
https://docs.zephyrproject.org/latest/security/vulnerabilities.html