Zephyr 1.14.3

This is an LTS maintenance release with fixes.

Issues Fixed

These GitHub issues were addressed since the previous 1.14.0 tagged release:

  • 18334 - DNS resolution is broken for some addresses in master/2.0-pre

  • 19917 - Bluetooth: Controller: Missing LL_ENC_RSP after HCI LTK Negative Reply

  • 21107 - LL_ASSERT and ‘Imprecise data bus error’ in LL Controller

  • 21257 - tests/net/net_pkt failed on mimxrt1050_evk board.

  • 21299 - bluetooth: Controller does not release buffer on central side after peripheral reset

  • 21601 - ‘!radio_is_ready()’ failed

  • 21756 - tests/kernel/obj_tracing failed on mec15xxevb_assy6853 board.

  • 22968 - Bluetooth: controller: LEGACY: ASSERTION failure on invalid packet sequence

  • 23069 - Bluetooth: controller: Assert in data length update procedure

  • 23109 - LL.TS Test LL/CON/SLA/BV-129-C fails (split)

  • 23805 - Bluetooth: controller: Switching to non conn adv fails for Mesh LPN

  • 24601 - Bluetooth: Mesh: Config Client’s net_key_status pulls two key indexes, should pull one.

  • 25518 - settings_fcb: Fix storing the data

  • 25519 - wrong debug function cause kinds of building error

  • 26080 - gPTP time sync fails if having more than one port

  • 28151 - gPTP should allow user setting of priority1 and priority2 fields used in BMCA

  • 28177 - gPTP gptp_priority_vector struct field ordering is wrong

  • 29386 - unexpected behavior when doing syscall with 7 or more arguments

  • 29858 - Bluetooth: Mesh: RPL cleared on LPN disconnect

  • 32430 - Bluetooth: thread crashes when configuring a non 0 Slave Latency

  • 32898 - Bluetooth: controller: Control PDU buffer leak into Data PDU buffer pool

Zephyr 1.14.2

This is an LTS maintenance release with fixes.

Security Vulnerability Related

The following security vulnerabilities (CVEs) were addressed in this release:

  • CVE-2020-10019

  • CVE-2020-10021

  • CVE-2020-10022

  • CVE-2020-10023

  • CVE-2020-10024

  • CVE-2020-10027

  • CVE-2020-10028

More detailed information can be found in: https://docs.zephyrproject.org/latest/security/vulnerabilities.html

Issues Fixed

These GitHub issues were addressed since the previous 1.14.0 tagged release:

  • 11617 - net: ipv4: udp: broadcast delivery not supported

  • 11743 - logging: add user mode access

  • 14459 - usb: samples: mass: doesn’t build with FLASH overlay

  • 15119 - GPIO callback not disabled from an interrupt

  • 15339 - RISC-V: RV32M1: Load access fault when accessing GPIO port E

  • 15354 - counter: stm32: Issue with LSE clock source selection

  • 15373 - IPv4 link local packets are not sent with ARP ethernet type

  • 15443 - usb_dc_stm32: Missing semaphore initialization and missing pin remapping configuration

  • 15444 - Error initiating sdhc disk

  • 15497 - USB DFU: STM32: usb dfu mode doesn’t work

  • 15507 - NRF52840: usb composite MSC + HID (with CONFIG_ENABLE_HID_INT_OUT_EP)

  • 15526 - Unhandled identity in bt_conn_create_slave_le

  • 15558 - support for power-of-two MPUs on non-XIP systems

  • 15601 - pwm: nRF default prescalar value is wrong

  • 15603 - Unable to use C++ Standard Library

  • 15605 - Unaligned memory access by ldrd

  • 15678 - Watchdog peripheral api docs aren’t generated correctly.

  • 15698 - bluetooth: bt_conn: No proper ID handling

  • 15733 - Bluetooth: controller: Central Encryption setup overlaps Length Request procedure

  • 15794 - mps2_an385 crashes if CONFIG_INIT_STACKS=y and CONFIG_COVERAGE=y

  • 15817 - nrf52: HFXO is not turned off as expected

  • 15904 - concerns with use of CONFIG_BT_MESH_RPL_STORE_TIMEOUT in examples

  • 15911 - Stack size is smaller than it should be

  • 15975 - Openthread - fault with dual network interfaces

  • 16001 - ARC iotdk supports MPU and fpu in hardware but not enabled in kconfig

  • 16002 - the spi base reg address in arc_iot.dtsi has an error

  • 16010 - Coverage reporting fails on many tests

  • 16012 - Source IP address for DHCP renewal messages is unset

  • 16046 - modules are being processed too late.

  • 16080 - Zephyr UART shell crashes on start if main() is blocked

  • 16089 - Mcux Ethernet driver does not detect carrier anymore (it’s alway on)

  • 16090 - mpu align support for code relocation on non-XIP system

  • 16143 - posix: clock_settime calculates the base time incorrectly

  • 16155 - drivers: can: wrong value used for filter mode set

  • 16257 - net: icmpv4: Zephyr sends echo reply with multicast source address

  • 16307 - cannot move location counter backwards error happen

  • 16323 - net: ipv6: tcp: unexpected reply to malformed HBH in TCP/IPv6 SYN

  • 16339 - openthread: off-by-one error when calculating ot_flash_offset for settings

  • 16354 - net: ipv6: Zephyr does not reply to fragmented packet

  • 16375 - net: ipv4: udp: Zephyr does not reply to a valid datagram with checksum zero

  • 16379 - net: ipv6: udp: Zephyr replies with illegal UDP checksum zero

  • 16411 - bad regex for west version check in host-tools.cmake

  • 16412 - on reel_board the consumption increases because TX pin is floating

  • 16413 - Missing dependency in cmake

  • 16414 - Backport west build –pristine

  • 16415 - Build errors with C++

  • 16416 - sram size for RT1015 and RT1020 needs to be update.

  • 16417 - issues with can filter mode set

  • 16418 - drivers: watchdog: sam0: check if timeout is valid

  • 16419 - Bluetooth: XTAL feature regression

  • 16478 - Bluetooth: Improper bonded peers handling

  • 16570 - [Coverity CID :198877]Null pointer dereferences in /subsys/net/ip/net_if.c

  • 16577 - [Coverity CID :198870]Error handling issues in /subsys/net/lib/lwm2m/lwm2m_obj_firmware_pull.c

  • 16581 - [Coverity CID :198866]Null pointer dereferences in /subsys/net/lib/dns/llmnr_responder.c

  • 16584 - [Coverity CID :198863]Error handling issues in /subsys/net/lib/sntp/sntp.c

  • 16600 - Bluetooth: Mesh: Proxy SAR timeout is not implemented

  • 16602 - Bluetooth: GATT Discovery: Descriptor Discovery by range Seg Fault

  • 16639 - eth: pinging frdm k64f eventually leads to unresponsive ethernet device

  • 16678 - LPN establishment of Friendship never completes if there is no response to the initial Friend Poll

  • 16711 - Settings reworked to const char processing

  • 16734 - Bluetooth: GATT: Writing 1 byte to a CCC access invalid memory

  • 16745 - PTHREAD_MUTEX_DEFINE(): don’t store into the _k_mutex section

  • 16746 - boards: nrf52840_pca10059: Configure NFC pins as GPIOs by default

  • 16749 - IRQ_CONNECT and irq_enable calls in the SiFive UART driver is misconfigured

  • 16750 - counter: lack of interrupt when CC=0

  • 16760 - K_THREAD_STACK_EXTERN() confuses gen_kobject_list.py

  • 16779 - [Zephyr v1.14] ARM: fix the start address of MPU guard in stack-fail checking (when building with no user mode)

  • 16799 - Bluetooth: L2CAP: Interpretation of SCID and DCID in Disconnect is wrong

  • 16861 - nRF52: UARTE: Data corruption right after resuming device

  • 16864 - Bluetooth: Mesh: Rx buffer exhaustion causes deadlock

  • 16893 - Bluetooth: Multiple local IDs, privacy problem

  • 16943 - Missing test coverage for lib/os/crc*.c

  • 16944 - Insufficient test coverage for lib/os/json.c

  • 17031 - Compiler warnings in settings module in Zephyr 1.14

  • 17038 - code relocation generating different memory layout cause user mode not working

  • 17041 - [1.14] Bluetooth: Mesh: RPL handling is not in line with the spec

  • 17055 - net: Incorrect data length after the connection is established

  • 17057 - Bluetooth: Mesh: Implementation doesn’t conform to latest errata and 1.0.1 version

  • 17092 - Bluetooth: GAP/IDLE/NAMP/BV-01-C requires Read by UUID

  • 17170 - x86_64 crash with spinning child thread

  • 17171 - Insufficient code coverage for lib/os/fdtable.c

  • 17177 - ARM: userspace/test_bad_syscall fails on ARMv8-M

  • 17190 - net-mgmt should pass info element size to callback

  • 17250 - After first GC operation the 1st sector had become scratch and the 2nd sector had became write sector.

  • 17251 - w25q: erase operations must be erase-size aligned

  • 17262 - insufficient code coverage for lib/os/base64.c

  • 17288 - Bluetooth: controller: Fix handling of L2CAP start frame with zero PDU length

  • 17294 - DB corruption when adding/removing service

  • 17337 - ArmV7-M mpu sub region alignment

  • 17338 - kernel objects address check in elf_helper.py

  • 17368 - Time Slicing cause system sleep short time

  • 17399 - LwM2M: Can’t use an alternate mbedtls implementation

  • 17401 - LwM2M: requires that CONFIG_NET_IPV* be enabled (can’t use 100% offloaded IP stack)

  • 17415 - Settings Module - settings_line_val_read() returning -EINVAL instead of 0 for deleted setting entries

  • 17427 - net: IPv4/UDP datagram with zero src addr and TTL causes Zephyr to segfault

  • 17450 - net: IPv6/UDP datagram with unspecified addr and zero hop limit causes Zephyr to quit

  • 17463 - Bluetooth: API limits usage of MITM flags in Pairing Request

  • 17534 - Race condition in GATT API.

  • 17595 - two userspace tests fail if stack canaries are enabled in board configuration

  • 17600 - Enable Mesh Friend support in Bluetooth tester application

  • 17613 - POSIX arch: occasional failures of tests/kernel/sched/schedule_api on CI

  • 17630 - efr32mg_sltb004a tick clock error

  • 17723 - Advertiser never clears state flags

  • 17732 - cannot use bt_conn_security in connected callback

  • 17764 - Broken link to latest development version of docs

  • 17802 - [zephyr 1.14] Address type 0x02 is used by LE Create Connection in device privacy mode

  • 17820 - Mesh bug report In access.c

  • 17838 - state DEVICE_PM_LOW_POWER_STATE of Device Power Management

  • 17843 - Bluetooth: controller: v1.14.x release conformance test failures

  • 17857 - GATT: Incorrect byte order for GATT database hash

  • 17861 - Tester application lacks BTP Discover All Primary Services handler

  • 17880 - Unable to re-connect to privacy enabled peer when using stack generated Identity

  • 17944 - [zephyr 1.14] LE Enhanced Connection Complete indicates Resolved Public once connected to Public peer address

  • 17948 - Bluetooth: privacy: Reconnection issue

  • 17967 - drivers/pwm/pwm_api test failed on frdm_k64f board.

  • 17971 - [zephyr 1.14] Unable to register GATT service that was unregistered before

  • 17979 - Security level cannot be elevated after re-connection with privacy

  • 18021 - Socket vtable can access null pointer callback function

  • 18090 - [zephyr 1.14][MESH/NODE/FRND/FN/BV-08-C] Mesh Friend queues more messages than indicates it’s Friend Cache

  • 18178 - BLE Mesh When Provisioning Use Input OOB Method

  • 18183 - [zephyr 1.14][GATT/SR/GAS/BV-07-C] GATT Server does not inform change-unaware client about DB changes

  • 18297 - Bluetooth: SMP: Pairing issues

  • 18306 - Unable to reconnect paired devices with controller privacy disabled (host privacy enabled)

  • 18308 - net: TCP/IPv6 set of fragmented packets causes Zephyr to quit

  • 18394 - [Coverity CID :203464]Memory - corruptions in /subsys/net/l2/ethernet/gptp/gptp_mi.c

  • 18462 - potential buffer overrun in logging infrastructure

  • 18580 - Bluetooth: Security fail on initial pairing

  • 18658 - Bluetooth BR/EDR encryption key negotiation vulnerability

  • 18739 - k_uptime_get_32() does not behave as documented

  • 18935 - [Zephyr 1.14] drivers: flash: spi_nor: Problematic write with page boundaries

  • 18961 - [Coverity CID :203912]Error handling issues in /samples/net/sockets/coap_client/src/coap-client.c

  • 19015 - Bluetooth: Mesh: Node doesn’t respond to “All Proxies” address

  • 19038 - [zephyr branch 1.14 and master -stm32-netusb]:errors when i view RNDIS Device‘s properties on Windows 10

  • 19059 - i2c_ll_stm32_v2: nack on write is not handled correctly

  • 19103 - zsock_accept_ctx blocks even when O_NONBLOCK is specified

  • 19165 - zephyr_file generates bad links on branches

  • 19263 - Bluetooth: Mesh: Friend Clear Procedure Timeout

  • 19515 - Bluetooth: Controller: assertion failed

  • 19612 - ICMPv6 packet is routed to wrong interface when peer is not found in neighbor cache

  • 19678 - Noticeable delay between processing multiple client connection requests (200ms+)

  • 19889 - Buffer leak in GATT for Write Without Response and Notifications

  • 19982 - Periodically wake up log process thread consume more power

  • 20042 - Telnet can connect only once

  • 20100 - Slave PTP clock time is updated with large value when Master PTP Clock time has changed

  • 20229 - cmake: add –divide to GNU assembler options for x86

  • 20299 - bluetooth: host: Connection not being unreferenced when using CCC match callback

  • 20313 - Zperf documentation points to wrong iPerf varsion

  • 20811 - spi driver

  • 20970 - Bluetooth: Mesh: seg_tx_reset in the transport layer

  • 21131 - Bluetooth: host: Subscriptions not removed upon unpair

  • 21306 - ARC: syscall register save/restore needs backport to 1.14

  • 21431 - missing async uart.h system calls

  • 21432 - watchdog subsystem has no system calls

  • 22275 - arm: cortex-R & M: CONFIG_USERSPACE: intermittent Memory region write access failures

  • 22280 - incorrect linker routing

  • 23153 - Binding AF_PACKET socket second time will fail with multiple network interfaces

  • 23339 - tests/kernel/sched/schedule_api failed on mps2_an385 with v1.14 branch.

  • 23346 - bl65x_dvk boards do not reset after flashing

Zephyr 1.14.1

This is an LTS maintenance release with fixes, as well as Bluetooth qualification listings for the Bluetooth protocol stack included in Zephyr.

See Zephyr Kernel 1.14.0 for the previous version release notes.

Security Vulnerability Related

The following security vulnerability (CVE) was addressed in this release:

  • Fixes CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka “KNOB”) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

Bluetooth

  • Qualification:

    • 1.14.x Host subsystem qualified with QDID 139258

    • 1.14.x Mesh subsystem qualified with QDID 139259

    • 1.14.x Controller component qualified on Nordic nRF52 with QDID 135679

Issues Fixed

These GitHub issues were addressed since the previous 1.14.0 tagged release:

  • 11617 - net: ipv4: udp: broadcast delivery not supported

  • 11743 - logging: add user mode access

  • 14459 - usb: samples: mass: doesn’t build with FLASH overlay

  • 15279 - mempool alignment might cause a memory block allocated twice

  • 15339 - RISC-V: RV32M1: Load access fault when accessing GPIO port E

  • 15354 - counter: stm32: Issue with LSE clock source selection

  • 15373 - IPv4 link local packets are not sent with ARP ethernet type

  • 15443 - usb_dc_stm32: Missing semaphore initialization and missing pin remapping configuration

  • 15444 - Error initiating sdhc disk

  • 15497 - USB DFU: STM32: usb dfu mode doesn’t work

  • 15507 - NRF52840: usb composite MSC + HID (with CONFIG_ENABLE_HID_INT_OUT_EP)

  • 15526 - Unhandled identity in bt_conn_create_slave_le

  • 15558 - support for power-of-two MPUs on non-XIP systems

  • 15601 - pwm: nRF default prescalar value is wrong

  • 15603 - Unable to use C++ Standard Library

  • 15605 - Unaligned memory access by ldrd

  • 15606 - trickle.c can’t work for multiple triggerings

  • 15678 - Watchdog peripheral api docs aren’t generated correctly.

  • 15698 - bluetooth: bt_conn: No proper ID handling

  • 15733 - Bluetooth: controller: Central Encryption setup overlaps Length Request procedure

  • 15794 - mps2_an385 crashes if CONFIG_INIT_STACKS=y and CONFIG_COVERAGE=y

  • 15817 - nrf52: HFXO is not turned off as expected

  • 15904 - concerns with use of CONFIG_BT_MESH_RPL_STORE_TIMEOUT in examples

  • 15911 - Stack size is smaller than it should be

  • 15975 - Openthread - fault with dual network interfaces

  • 16001 - ARC iotdk supports MPU and fpu in hardware but not enabled in kconfig

  • 16002 - the spi base reg address in arc_iot.dtsi has an error

  • 16010 - Coverage reporting fails on many tests

  • 16012 - Source IP address for DHCP renewal messages is unset

  • 16027 - support for no-flash systems

  • 16046 - modules are being processed too late.

  • 16090 - mpu align support for code relocation on non-XIP system

  • 16107 - Using bt_gatt_read() with ‘by_uuid’ method returns 3 extra bytes

  • 16143 - posix: clock_settime calculates the base time incorrectly

  • 16155 - drivers: can: wrong value used for filter mode set

  • 16257 - net: icmpv4: Zephyr sends echo reply with multicast source address

  • 16307 - cannot move location counter backwards error happen

  • 16323 - net: ipv6: tcp: unexpected reply to malformed HBH in TCP/IPv6 SYN

  • 16339 - openthread: off-by-one error when calculating ot_flash_offset for settings

  • 16354 - net: ipv6: Zephyr does not reply to fragmented packet

  • 16375 - net: ipv4: udp: Zephyr does not reply to a valid datagram with checksum zero

  • 16379 - net: ipv6: udp: Zephyr replies with illegal UDP checksum zero

  • 16411 - bad regex for west version check in host-tools.cmake

  • 16412 - on reel_board the consumption increases because TX pin is floating

  • 16413 - Missing dependency in cmake

  • 16414 - Backport west build –pristine

  • 16415 - Build errors with C++

  • 16416 - sram size for RT1015 and RT1020 needs to be update.

  • 16417 - issues with can filter mode set

  • 16418 - drivers: watchdog: sam0: check if timeout is valid

  • 16419 - Bluetooth: XTAL feature regression

  • 16478 - Bluetooth: Improper bonded peers handling

  • 16570 - [Coverity CID :198877]Null pointer dereferences in /subsys/net/ip/net_if.c

  • 16577 - [Coverity CID :198870]Error handling issues in /subsys/net/lib/lwm2m/lwm2m_obj_firmware_pull.c

  • 16581 - [Coverity CID :198866]Null pointer dereferences in /subsys/net/lib/dns/llmnr_responder.c

  • 16584 - [Coverity CID :198863]Error handling issues in /subsys/net/lib/sntp/sntp.c

  • 16594 - net: dns: Zephyr is unable to unpack mDNS answers produced by another Zephyr node

  • 16600 - Bluetooth: Mesh: Proxy SAR timeout is not implemented

  • 16602 - Bluetooth: GATT Discovery: Descriptor Discovery by range Seg Fault

  • 16639 - eth: pinging frdm k64f eventually leads to unresponsive ethernet device

  • 16678 - LPN establishment of Friendship never completes if there is no response to the initial Friend Poll

  • 16711 - Settings reworked to const char processing

  • 16734 - Bluetooth: GATT: Writing 1 byte to a CCC access invalid memory

  • 16745 - PTHREAD_MUTEX_DEFINE(): don’t store into the _k_mutex section

  • 16746 - boards: nrf52840_pca10059: Configure NFC pins as GPIOs by default

  • 16749 - IRQ_CONNECT and irq_enable calls in the SiFive UART driver is misconfigured

  • 16750 - counter: lack of interrupt when CC=0

  • 16760 - K_THREAD_STACK_EXTERN() confuses gen_kobject_list.py

  • 16779 - [Zephyr v1.14] ARM: fix the start address of MPU guard in stack-fail checking (when building with no user mode)

  • 16799 - Bluetooth: L2CAP: Interpretation of SCID and DCID in Disconnect is wrong

  • 16864 - Bluetooth: Mesh: Rx buffer exhaustion causes deadlock

  • 16893 - Bluetooth: Multiple local IDs, privacy problem

  • 16943 - Missing test coverage for lib/os/crc*.c

  • 16944 - Insufficient test coverage for lib/os/json.c

  • 17031 - Compiler warnings in settings module in Zephyr 1.14

  • 17038 - code relocation generating different memory layout cause user mode not working

  • 17041 - [1.14] Bluetooth: Mesh: RPL handling is not in line with the spec

  • 17055 - net: Incorrect data length after the connection is established

  • 17057 - Bluetooth: Mesh: Implementation doesn’t conform to latest errata and 1.0.1 version

  • 17092 - Bluetooth: GAP/IDLE/NAMP/BV-01-C requires Read by UUID

  • 17170 - x86_64 crash with spinning child thread

  • 17177 - ARM: userspace/test_bad_syscall fails on ARMv8-M

  • 17190 - net-mgmt should pass info element size to callback

  • 17250 - After first GC operation the 1st sector had become scratch and the 2nd sector had became write sector.

  • 17251 - w25q: erase operations must be erase-size aligned

  • 17262 - insufficient code coverage for lib/os/base64.c

  • 17288 - Bluetooth: controller: Fix handling of L2CAP start frame with zero PDU length

  • 17294 - DB corruption when adding/removing service

  • 17337 - ArmV7-M mpu sub region alignment

  • 17338 - kernel objects address check in elf_helper.py

  • 17368 - Time Slicing cause system sleep short time

  • 17399 - LwM2M: Can’t use an alternate mbedtls implementation

  • 17401 - LwM2M: requires that CONFIG_NET_IPV* be enabled (can’t use 100% offloaded IP stack)

  • 17415 - Settings Module - settings_line_val_read() returning -EINVAL instead of 0 for deleted setting entries

  • 17427 - net: IPv4/UDP datagram with zero src addr and TTL causes Zephyr to segfault

  • 17450 - net: IPv6/UDP datagram with unspecified addr and zero hop limit causes Zephyr to quit

  • 17463 - Bluetooth: API limits usage of MITM flags in Pairing Request

  • 17534 - Race condition in GATT API.

  • 17564 - Missing stdlib.h include when C++ standard library is used.

  • 17595 - two userspace tests fail if stack canaries are enabled in board configuration

  • 17600 - Enable Mesh Friend support in Bluetooth tester application

  • 17613 - POSIX arch: occasional failures of tests/kernel/sched/schedule_api on CI

  • 17723 - Advertiser never clears state flags

  • 17732 - cannot use bt_conn_security in connected callback

  • 17764 - Broken link to latest development version of docs

  • 17789 - Bluetooth: host: conn.c missing parameter copy

  • 17802 - [zephyr 1.14] Address type 0x02 is used by LE Create Connection in device privacy mode

  • 17809 - Bluetooth Mesh message cached too early when LPN

  • 17820 - Mesh bug report In access.c

  • 17821 - Mesh Bug on access.c

  • 17843 - Bluetooth: controller: v1.14.x release conformance test failures

  • 17857 - GATT: Incorrect byte order for GATT database hash

  • 17861 - Tester application lacks BTP Discover All Primary Services handler

  • 17880 - Unable to re-connect to privacy enabled peer when using stack generated Identity

  • 17882 - [zephyr 1.14] Database Out of Sync error is not returned as expected

  • 17907 - BLE Mesh when resend use GATT bearer

  • 17932 - BLE Mesh When Friend Send Seg Message To LPN

  • 17936 - Bluetooth: Mesh: The canceled buffer is not free, causing a memory leak

  • 17944 - [zephyr 1.14] LE Enhanced Connection Complete indicates Resolved Public once connected to Public peer address

  • 17948 - Bluetooth: privacy: Reconnection issue

  • 17971 - [zephyr 1.14] Unable to register GATT service that was unregistered before

  • 17977 - BLE Mesh When IV Update Procedure

  • 17979 - Security level cannot be elevated after re-connection with privacy

  • 18013 - BLE Mesh On Net Buffer free issue

  • 18021 - Socket vtable can access null pointer callback function

  • 18090 - [zephyr 1.14][MESH/NODE/FRND/FN/BV-08-C] Mesh Friend queues more messages than indicates it’s Friend Cache

  • 18150 - [zephyr 1.14] Host does not change the RPA

  • 18178 - BLE Mesh When Provisioning Use Input OOB Method

  • 18183 - [zephyr 1.14][GATT/SR/GAS/BV-07-C] GATT Server does not inform change-unaware client about DB changes

  • 18194 - [zephyr 1.14][MESH/NODE/CFG/HBP/BV-05-C] Zephyr does not send Heartbeat message on friendship termination

  • 18297 - Bluetooth: SMP: Pairing issues

  • 18306 - Unable to reconnect paired devices with controller privacy disabled (host privacy enabled)

  • 18308 - net: TCP/IPv6 set of fragmented packets causes Zephyr to quit

  • 18394 - [Coverity CID :203464]Memory - corruptions in /subsys/net/l2/ethernet/gptp/gptp_mi.c

  • 18462 - potential buffer overrun in logging infrastructure

  • 18522 - BLE: Mesh: When transport send seg_msg to LPN

  • 18580 - Bluetooth: Security fail on initial pairing

  • 18658 - Bluetooth BR/EDR encryption key negotiation vulnerability

  • 18739 - k_uptime_get_32() does not behave as documented

  • 18813 - fs: nvs: Cannot delete entries

  • 18873 - zsock_socket() should support proto==0

  • 18935 - [Zephyr 1.14] drivers: flash: spi_nor: Problematic write with page boundaries

  • 18961 - [Coverity CID :203912]Error handling issues in /samples/net/sockets/coap_client/src/coap-client.c

  • 19015 - Bluetooth: Mesh: Node doesn’t respond to “All Proxies” address

  • 19165 - zephyr_file generates bad links on branches

  • 19181 - sock_set_flag implementation in sock_internal.h does not work for 64 bit pointers

  • 19191 - problem with implementation of sock_set_flag

Zephyr Kernel 1.14.0

We are pleased to announce the release of Zephyr kernel version 1.14.0.

Major enhancements with this release include:

  • The Zephyr project now supports over 160 different board configurations spanning 8 architectures. All architectures are rigorously tested and validated using one of the many simulation platforms supported by the project: QEMU, Renode, ARC Simulator, and the native POSIX configuration.

  • The timing subsystem has been reworked and reimplemented, greatly simplifying the resulting drivers, removing thousands of lines of code, and reducing a typical kernel build size by hundreds of bytes. TICKLESS_KERNEL mode is now the default on all architectures.

  • The Symmetric Multi-Processing (SMP) subsystem continues to evolve with the addition of a new CPU affinity API that can “pin” threads to specific cores or sets of cores. The core kernel no longer uses the global irq_lock on SMP systems, and exclusively uses the spinlock API (which on uniprocessor systems reduces to the same code).

  • Zephyr now has support for the x86_64 architecture. It is currently implemented only for QEMU targets, supports arbitrary numbers of CPUs, and runs in SMP mode by default, our first platform to do so.

  • We’ve overhauled the Network packet (net-pkt) API and moved the majority of components and protocols to use the BSD socket API, including MQTT, CoAP, LWM2M, and SNTP.

  • We enhanced the native POSIX port by adding UART, USB, and display drivers. Based on this port, we added a simulated NRF52832 SoC which enables running full system, multi-node simulations, without the need of real hardware.

  • We added an experimental BLE split software Controller with Upper Link Layer and Lower Link Layer for supporting multiple BLE radio hardware architectures.

  • The power management subsystem has been overhauled to support device idle power management and move most of the power management logic from the application back to the BSP.

  • We introduced major updates and an overhaul to both the logging and shell subsystems, supporting multiple back-ends, integration of logging into the shell, and delayed log processing.

  • Introduced the west tool for management of multiple repositories and enhanced support for flashing and debugging.

  • Added support for application user mode, application memory partitions, and hardware stack protection in ARMv8m

  • Applied MISRA-C code guideline on the kernel and core components of Zephyr. MISRA-C is a well established code guideline focused on embedded systems and aims to improve code safety, security and portability.

The following sections provide detailed lists of changes by component.

Security Vulnerability Related

The following security vulnerabilities (CVEs) were addressed in this release:

  • Tinycrypt HMAC-PRNG implementation doesn’t take the HMAC state clearing into account as it performs the HMAC operations, thereby using a incorrect HMAC key for some of the HMAC operations. (CVE-2017-14200)

  • The shell DNS command can cause unpredictable results due to misuse of stack variables. (CVE-2017-14201)

  • The shell implementation does not protect against buffer overruns resulting in unpredictable behavior. (CVE-2017-14202)

  • We introduced Kernel Page Table Isolation, a technique for mitigating the Meltdown security vulnerability on x86 systems. This technique helps isolate user and kernel space memory by ensuring non-essential kernel pages are unmapped in the page tables when the CPU is running in the least privileged user mode, Ring 3. This is the fix for Rogue Data Cache Load. (CVE-2017-5754)

  • We also addressed these CVEs for the x86 port:

    • Bounds Check Bypass (CVE-2017-5753)

    • Branch Target Injection (CVE-2017-5715)

    • Speculative Store Bypass (CVE-2018-3639)

    • L1 Terminal Fault (CVE-2018-3620)

    • Lazy FP State Restore (CVE-2018-3665)

Kernel

  • The timing subsystem has been reworked and mostly replaced:

    • The timer driver API has been extensively reworked, greatly simplifying the resulting drivers. By removing thousands of lines of code, we reduced the size of a typical kernel build by hundreds of bytes.

    • TICKLESS_KERNEL mode is now the default on all architectures. Many bugs were fixed in this support.

  • Lots of work on the rapidly-evolving SMP subsystem:

    • There is a new CPU affinity API available to “pin” threads to specific cores or sets of cores.

    • The core kernel is now 100% free of use of the global irq_lock on SMP systems, and exclusively uses the spinlock API (which on uniprocessor systems reduces to the same code).

    • Zephyr now has a simple interprocessor interrupt framework for applications, such as the scheduler, to use for synchronously notifying other processors of state changes. It’s currently implemented only on x86_64 and used only for thread abort.

  • Zephyr now has support for the x86_64 architecture. It is currently implemented only for QEMU targets.

    • It supports arbitrary numbers of CPUs in SMP, and runs in SMP mode by default, our first platform to do so.

    • It currently runs code built for the “x32” ABI, which is a native 64-bit hardware state, where pointers are 32 bit in memory. Zephyr still has some lurking word size bugs that will need to be fixed to turn on native 64 bit code generation.

  • K_THREAD_STACK_BUFFER() has been demoted to a private API and will be removed in a future Zephyr release.

  • A new API sys_mutex has been introduced. It has the same semantics as a k_mutex, but the memory for it can reside in user memory and so no explicit permission management is required.

  • sys_mem_pool() now uses a sys_mutex() for concurrency control.

  • Memory protection changes:

    • CONFIG_APPLICATION_MEMORY option has been removed from Zephyr. All test cases have been appropriately converted to use memory domains.

    • The build time memory domain partition generation mechanism, formerly an optional feature under CONFIG_APP_SHARED_MEM, has been overhauled and is now a core part of memory protection.

    • Userspace is no longer enabled by default for tests. Tests that are written to execute wholly or in part in user mode will need to enable CONFIG_TEST_USERSPACE in the test’s project configuration. There are assertions in place to enforce that this is done.

    • The default stack size for handling system calls has been increased to 1024 bytes.

  • We started applying MISRA-C (https://www.misra.org.uk/) code guideline on the Zephyr kernel. MISRA-C is a well established code guideline focused on embedded systems and aims to improve code safety, security, and portability. This initial effort was narrowed to the Zephyr kernel and architecture code, and focused only on mandatory and required rules. The following rules were addressed:

    • Namespace changes

    • Normalize switch() operators

    • Avoid implicit conversion to boolean types

    • Fix and normalize headers guard

    • Make if() evaluate boolean operands

    • Remove all VLAs (variable length array)

    • Avoid undefined and implementation defined behavior with shift operator

    • Remove recursions

Architectures

  • Introduced X86_64 (64 bit) architecture support with SMP features

  • High-level Kconfig symbol structure for Trusted Execution

  • ARM:

    • Re-architect Memory Protection code for ARM and NXP

    • Fully support application user mode, memory partitions, and stack protection in ARMv8m

    • Support built-in stack overflow protection in user mode in ARMv8m

    • Fix stack overflow error reporting

    • Support executing from SRAM in XIP builds

    • Support non-cacheable memory sections

    • Remove power-of-two align and size requirement for ARMv8-m

    • Introduce sync barriers in ARM-specific IRQ lock/unlock functions

    • Enforce double-word stack alignment on exception entry

    • API to allow Non-Secure FPU Access (ARMv8-M)

    • Various enhancements in ARM system boot code

    • Indicate Secure domain fault in Non-Secure fault exception

    • Update ARM CMSIS headers to version 5.4.0

  • ARC:

    • Userspace and MPU driver improvements

    • Optimization of the thread stack definition macros

    • Bug fixes: handling of lp_xxx registers in _rirq_return_from_coop, nested interrupt handling, hardware stack bounds checking, execution benchmarking

    • Atomic operations are now usable from user mode on all ARC CPUs

  • x86:

    • Support for non-PAE page tables has been dropped.

    • Fixed various security CVEs related to micro-architecture side-effects of speculative execution, as detailed in the security notes.

    • Added robustness when reporting exceptions generated due to stack overflows or induced in user mode

    • Pages containing read-only data no longer have the execute disable (XD) bit un-set.

    • Fix potential IRQ stack corruption when handling double faults

Boards & SoC Support

  • Added the all new NRF52 simulated board: This simulator models some of the hardware in an NRF52832 SOC, to enable running full system, multi-node simulations, without the need of real hardware. It enables fast, reproducible testing, development, and debugging of an application, BlueTooth (BT) stack, and kernel. It relies on BabbleSim to simulate the radio physical layer.

  • Added SoC configuration for nRF9160 and Musca ARM Cortex-M33 CPU

  • Added support for the following ARM boards:

    • 96b_stm32_sensor_mez

    • b_l072z_lrwan1

    • bl652_dvk

    • bl654_dvk

    • cy8ckit_062_wifi_bt_m0

    • cy8ckit_062_wifi_bt_m4

    • efm32hg_slstk3400a

    • efm32pg_stk3402a

    • efr32mg_sltb004a

    • mimxrt1020_evk

    • mimxrt1060_evk

    • mimxrt1064_evk

    • nrf52832_mdk

    • nrf52840_blip

    • nrf52840_mdk

    • nrf52840_papyr

    • nrf52840_pca10090

    • nrf9160_pca10090

    • nucleo_f302r8

    • nucleo_f746zg

    • nucleo_f756zg

    • nucleo_l496zg

    • nucleo_l4r5zi

    • particle_argon

    • particle_xenon

    • v2m_musca

  • Added support for the following RISC-V boards:

    • rv32m1_vega

  • Added support for the following ARC boards: * Synopsys ARC IoT DevKit * Several ARC simulation targets (ARC nSIM EM/SEM; with and without MPU stack guards)

  • Added support for the following shield boards:

    • frdm_kw41z

    • x_nucleo_iks01a1

    • x_nucleo_iks01a2

Drivers and Sensors

  • Added new drivers and backends for native_posix:

    • A UART driver that maps the Zephyr UART to a new host PTY

    • A USB driver that can expose a host connected USB device

    • A display driver that will render to a dedicated window using the SDL library

    • A dedicated backend for the new logger subsystem

  • Counter

    • Refactored API

    • Ported existing counter and RTC drivers to the new API

    • Deprecated legacy API

  • RTC

    • Deprecated the RTC API. The Counter API should be used instead

  • UART

    • Added asynchronous API.

    • Added implementation of the new asynchronous API for nRF series (UART and UARTE).

  • ADC

    • ADC driver APIs are now available to threads running in user mode.

    • Overhauled adc_dw and renamed it to adc_intel_quark_se_c1000_ss

    • Fixed handling of invalid sampling requests

  • Display

    • Introduced mcux elcdif shim driver

    • Added support for ssd16xx monochrome controllers

    • Added support for ssd1608, gde029a1, and hink e0154a05

    • Added SDL based display emulation driver

    • Added SSD1673 EPD controller driver

    • Added SSD1306 display controller driver

  • Flash:

    • nRF5 flash driver support UICR operations

    • Added driver for STM32F7x series

    • Added flash driver support for Atmel SAM E70

    • Added a generic spi nor flash driver

    • Added flash driver for SiLabs Gecko SoCs

  • Ethernet:

    • Extended mcux driver for i.mx rt socs

    • Added driver for Intel PRO/1000 Ethernet controller

  • I2C

    • Added mcux lpi2c shim driver

    • Removed deprecated i2c_atmel_sam3 driver

    • Introduced Silabs i2c shim driver

    • Added support for I2S stm32

  • Pinmux

    • Added RV32M1 driver

    • Added pinmux driver for Intel S1000

    • Added support for STM32F302x8

  • PWM

    • Added SiFive PWM driver

    • Added Atmel SAM PWM driver

    • Converted nRF drivers to use device tree

  • Sensor

    • Added lis2ds12, lis2dw12, lis2mdl, and lsm303dlhc drivers

    • Added ms5837 driver

    • Added support for Nordic QDEC

    • Converted drivers to use device tree

  • Serial

    • Added RV32M1 driver

    • Added new asynchronous UART API

    • Added support for ARM PL011 UART

    • Introduced Silabs leuart shim serial driver

    • Adapted gecko uart driver for Silabs EFM32HG

  • USB

    • Added native_posix USB driver

    • Added usb device driver for Atmel SAM E70 family

    • Added nRF52840 USBD driver

  • Other Drivers

    • clock_control: Added RV32M1 driver

    • console: Removed telnet driver

    • entropy: Added Atmel SAM entropy generator driver

    • spi: Converted nRF drivers to use device tree

    • watchdog: Converted drivers to new API

    • wifi: simplelink: Implemented setsockopt() for TLS offload

    • wifi: Added inventek es-WiFi driver

    • timer: Refactored and accuracy improvements of the arcv2 timer driver (boot time measurements)

    • timer: Added/reworked Xtensa, RISV-V, NRF, HPET, and ARM systick drivers

    • gpio: Added RV32M1 driver

    • hwinfo: Added new hwinfo API and drivers

    • ipm: Added IMX IPM driver for i.MX socs

    • interrupt_controller: Added RV32M1 driver

    • interrupt_controller: Added support for STM32F302x8 EXTI_LINES

    • neural_net: Added Intel GNA driver

    • can: Added socket CAN support

Networking

  • The BSD socket API should be used by applications for any network connectivity needs.

  • Majority of the network sample applications were converted to use the BSD socket API.

  • New BSD socket based APIs were created for these components and protocols:

  • net-app client and server APIs were removed. This also required removal of the following net-app based legacy APIs:

    • MQTT

    • CoAP

    • SNTP

    • LWM2M

    • HTTP client and server

    • Websocket

  • Network packet (net-pkt) API overhaul. The new net-pkt API uses less memory and is more streamlined than the old one.

  • Implement following BSD socket APIs: freeaddrinfo(), gethostname(), getnameinfo(), getsockopt(), select(), setsockopt(), shutdown()

  • Converted BSD socket code to use global file descriptor numbers.

  • Network subsystem converted to use new logging system.

  • Added support for disabling IPv4, IPv6, UDP, and TCP simultaneously.

  • Added support for BSD socket offloading.

  • Added support for long lifetime IPv6 prefixes.

  • Added enhancements to IPv6 multicast address checking.

  • Added support for IPv6 Destination Options Header extension.

  • Added support for packet socket (AF_PACKET).

  • Added support for socket CAN (AF_CAN).

  • Added support for SOCKS5 proxy in MQTT client.

  • Added support for IPSO Timer object in LWM2M.

  • Added support for receiving gratuitous ARP request.

  • Added sample application for Google IoT Cloud.

  • Network interface numbering starts now from 1 for POSIX compatibility.

  • OpenThread enhancements.

  • zperf sample application fixes.

  • LLDP (Link Layer Discovery Protocol) enhancements.

  • ARP cache update fix.

  • gPTP link delay calculation fixes.

  • Changed how network data is passed from L2 to network device driver.

  • Removed RPL (Ripple) IPv6 mesh routing support.

  • MQTT is now available to threads running in user mode.

  • Network device driver additions and enhancements:

    • Added Intel PRO/1000 Ethernet driver (e1000).

    • Added SMSC9118/LAN9118 Ethernet driver (smsc911x).

    • Added Inventek es-WiFi driver for disco_l475_iot1 board.

    • Added support for automatically enabling QEMU based Ethernet drivers.

    • SAM-E70 gmac Ethernet driver Qav fixes.

    • enc28j60 Ethernet driver fixes and enhancements.

Bluetooth

  • Host:

    • GATT: Added support for Robust Caching

    • GATT: L2CAP: User driven flow control

    • Many fixes to Mesh

    • Fixed and improved persistent storage handling

    • Fixed direct advertising support

    • Fixed security level 4 handling

    • Add option to configure peripheral connection parameters

    • Added support for updating advertising data without having to restart advertising

    • Added API to iterate through existing bonds

    • Added support for setting channel map

    • Converted SPI HCI driver to use device tree

  • New BLE split software Controller (experimental):

    • Split design with Upper Link Layer and Lower Link Layer

    • Enabled with CONFIG_BT_LL_SW_SPLIT (disabled by default)

    • Support for multiple BLE radio hardware architectures

    • Asynchronous handling of procedures in the ULL

    • Enhanced radio utilization (99% on continuous 100ms scan)

    • Latency resilience: Approx 100uS vs 10uS, 10x improvement

    • CPU and power usage: About 20% improvement

    • Multiple advertiser and scanner instances

    • Support for both Big and Little-Endian architectures

  • Controller:

    • Added support for setting the public address

    • Multiple control procedures fixes and improvements

    • Advertising random delay fixes

    • Fixed a serious memory corruption issue during scanning

    • Fixes to RSSI measurement

    • Fixes to Connection Failed to be Established sequence

    • Transitioned to the new logging subsystem from syslog

    • Switched from -Ofast to -O2 in time-critical sections

    • Reworked the RNG/entropy driver to make it available to apps

    • Multiple size optimizations to make it fit in smaller devices

    • nRF: Rework the PPI channel assignment to use pre-assigned ones

    • Add extensive documentation to the shared primitives

  • Several fixes for big-endian architectures

Build and Infrastructure

  • Added support for out-of-tree architectures.

  • Added support for out-of-tree implementations of in-tree drivers.

  • BabbleSim has been integrated in Zephyr’s CI system.

  • Introduced DT_ prefix for all labels generated for information extracted from device tree (with a few exceptions, such as labels for LEDs and buttons, kept for backward compatibility with existing applications). Deprecated all other defines that are generated.

  • Introduce CMake variables for DT symbols, just as we have for CONFIG symbols.

  • Move DeviceTree processing before Kconfig. Thereby allowing software to be configured based on DeviceTree information.

  • Automatically change the KCONFIG_ROOT when the application directory has a Kconfig file.

  • Added west tool for multiple repository management

  • Added support for Zephyr modules

  • Build system flash and debug targets now require west

  • Added generation of DT_<COMPAT>_<INSTANCE>_<PROP> defines which allowed sensor or other drivers on buses like I2C or SPI to not require dts fixup.

  • Added proper support for device tree boolean properties

Libraries / Subsystems

  • Added a new display API and subsystem

  • Added support for CTF Tracing

  • Added support for JWT (JSON Web Tokens)

  • Flash Maps:

    • API extension

    • Automatic generation of the list of flash areas

  • Settings:

    • Enabled logging instead of ASSERTs

    • Always use the storage partition for FCB

    • Fixed FCB backend and common bugs

  • Logging:

    • Removed sys_log, which has been replaced by the new logging subsystem introduced in v1.13

    • Refactored log modules registration macros

    • Improved synchronous operation (see CONFIG_LOG_IMMEDIATE)

    • Added commands to control the logger using shell

    • Added LOG_PANIC() call to the fault handlers to ensure that logs are output on fault

    • Added mechanism for handling logging of transient strings. See log_strdup()

    • Added support for up to 15 arguments in the log message

    • Added optional function name prefix in the log message

    • Changed logging thread priority to the lowest application priority

    • Added notification about dropped log messages due to insufficient logger buffer size

    • Added log backends:

      • RTT

      • native_posix

      • net

      • SWO

      • Xtensa Sim

    • Changed default timestamp source function to k_uptime_get_32()

  • Shell:

    • Added new implementation of the shell sub-system. See Shell

    • Added shell backends:

      • UART

      • RTT

      • telnet

  • Ring buffer:

    • Added byte mode

    • Added API to work directly on ring buffer memory to reduce memory copying

    • Removed sys_ prefix from API functions

  • MBEDTLS APIs may now be used from user mode.

HALs

  • Updated Nordic nrfx to version 1.6.2

  • Updated Nordic nrf ieee802154 radio driver to version 1.2.3

  • Updated SimpleLink to TI CC32XX SDK 2.40.01.01

  • Added Microchip MEC1701 Support

  • Added Cypress PDL for PSoC6 SoC Support

  • Updates to stm32cube, Silabs Gecko SDK, Atmel.

  • Update ARM CMSIS headers to version 5.4.0

Documentation

  • Reorganized subsystem documentation into more meaningful collections and added or improved introductory material for each subsystem.

  • Overhauled Bluetooth documentation to split it into manageable units and included additional information, such as architecture and tooling.

  • Added to and improved documentation on many subsystems and APIs including socket offloading, Ethernet management, LLDP networking, network architecture and overview, net shell, CoAP, network interface, network configuration library, DNS resolver, DHCPv4, DTS, flash_area, flash_mpa, NVS, settings, and more.

  • Introduced a new debugging guide (see Debug Probes) that documents the supported debug probes and host tools in one place, including which combinations are valid.

  • Clarified and improved information about the west tool and its use.

  • Improved development process documentation including how new features are proposed and tracked, and clarifying API lifecycle, issue and PR tagging requirements, contributing guidelines, doc guidelines, release process, and PR review process.

  • Introduced a developer “fast” doc build option to eliminate the time needed to create the full kconfig option docs from a local doc build, saving potentially five minutes for a full doc build. (Doc building time depends on your development hardware performance.)

  • Made dramatic improvements to the doc build processing, bringing iterative local doc generation down from over two minutes to only a few seconds. This makes it much faster for doc developers to iteratively edit and test doc changes locally before submitting a PR.

  • Added a new zephyr-file directive to link directly to files in the Git tree.

  • Introduced simplified linking to doxygen-generated API reference material.

  • Made board documentation consistent, enabling a board-image carousel on the zephyrproject.org home page.

  • Reduced unnecessarily large images to improve page load times.

  • Added CSS changes to improve API docs appearance and usability

  • Made doc version selector more obvious, making it easier to select documentation for a specific release

  • Added a friendlier and more graphic home page.

Tests and Samples

  • A new set of, multinode, full system tests of the BT stack, based on BabbleSim have been added.

  • Added unique identifiers to all tests and samples.

  • Removed old footprint benchmarks

  • Added tests for CMSIS RTOS API v2, BSD Sockets, CANBus, Settings, USB, and miscellaneous drivers.

  • Added benchmark applications for the scheduler and mbedTLS

  • Added samples for the display subsystem, LVGL, Google IOT, Sockets, CMSIS RTOS API v2, Wifi, Shields, IPC subsystem, USB CDC ACM, and USB HID.

  • Add support for using sanitycheck testing with Renode