Commit Graph

4947 Commits

Author SHA1 Message Date
Mahavir Jain
7003f1ef0d Merge branch 'bugfix/ota_anti_rollback_checks_2_v5.1' into 'release/v5.1'
feat(bootloader_support): Read secure_version under sha256 protection (v5.1)

See merge request espressif/esp-idf!29060
2024-02-27 18:26:03 +08:00
Roland Dobai
47207b68ae Merge branch 'fix/gdbgui_py311_v5.1' into 'release/v5.1'
Tools: Fix support of gdbgui on Unix with Python 3.11 (v5.1)

See merge request espressif/esp-idf!28314
2024-02-27 17:46:48 +08:00
Roland Dobai
82563d3861 Merge branch 'fix/kconcheck_checks_v5.1' into 'release/v5.1'
fix(kconfcheck): Fixed false-positive indent errors and extended limits (backport v5.1)

See merge request espressif/esp-idf!28569
2024-02-27 17:46:13 +08:00
Roland Dobai
f85280f0ba Merge branch 'fix/runtool_crcrlf_v5.1' into 'release/v5.1'
fix: save RunTool command output with correct line endings (v5.1)

See merge request espressif/esp-idf!28678
2024-02-27 17:45:52 +08:00
Roland Dobai
b552d069a1 Merge branch 'fix/harden_hints_parsing_v5.1' into 'release/v5.1'
fix: harden input parsing in component_requirements hint module (v5.1)

See merge request espressif/esp-idf!28711
2024-02-27 17:45:31 +08:00
Roland Dobai
4f2de56e11 Merge branch 'fix/py_dep_check_v5.1' into 'release/v5.1'
fix(tools): catch more general errors in python dependency checker (v5.1)

See merge request espressif/esp-idf!29164
2024-02-27 17:44:49 +08:00
Marius Vikhammer
e7771c75bd versions: Update version to 5.1.3 2024-02-26 11:09:16 +08:00
Peter Dragun
a17ec488d9 fix(tools): catch more general errors in python dependency checker 2024-02-22 15:51:47 +01:00
Mahavir Jain
83ec466b26 fix(ota): additional checks for secure version in anti-rollback case
Some additional checks related to secure version of the application in
anti-rollback case have been added to avoid any attempts to boot lower
security version but valid application (e.g., passive partition image).

- Read secure_version under sha256 protection

- First check has been added in the bootloader to ensure correct secure
  version after application verification and loading stage. This check
  happens before setting up the flash cache mapping and handling over
  the final control to application. This check ensures that application
  was not swapped (e.g., to lower security version but valid image) just
  before the load stage in bootloader.

- Second check has been added in the application startup code to ensure
  that currently booting app has higher security version than the one
  programmed in the eFuse for anti-rollback scenario. This will ensure
  that only the legit application boots-up on the device for
  anti-rollback case.
2024-02-15 15:10:28 +02:00
Shu Chen
fa544a6dff feat(ieee802154): remove the ieee802154 lib submodule 2024-01-26 17:00:38 +08:00
Frantisek Hrbata
6133810392 fix: harden input parsing in component_requirements hint module
Currently we silently ignore when the original component is not found
in a hope we can provide at least some meaningful hint. As it turned
out it's not true. Instead of providing misleading hint, just return
error. This adds several checks for situations, which should not happen,
but when they do it should be easier to identify the root cause of the
problem.

For example when hint module received malformed output with extra new
lines, e.g. caused by a bug in RunTool, it wrongly reported the original
component as source component.

This should also fix the tests on Windows.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2024-01-25 14:20:22 +01:00
Frantisek Hrbata
0fc2e77017 feat(hints): use all_component_info from project_description.json
Currently the component_requirements hint module does not work
as expected if the component list for a project is trimmed down.
With the new "all_component_info" dictionary info in project_description.json,
the module can produce hints even if cmake's COMPONENTS variable is
set.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2024-01-25 14:20:22 +01:00
Frantisek Hrbata
87afd5e829 feat(tools): export information about all components in __COMPONENT_TARGETS
Add new "all_component_info" dictionary into the
project_description.json file. It contains information about all
registered components presented in the __COMPONENT_TARGETS list.
Since components in this list are not fully evaluated, because only the first
stage of cmakefiles processing is done, it does not contain the same information
as the "build_component_info" dictionary. The "type", "file" and "sources" variables
are missing.

Most of the properties are already attached to the component target, so
this only adds INCLUDE_DIRS property to the target during the first cmakefiles
processing stage.

The "all_component_info" dict is generated in a separate function, even
though the original function for "build_component_info" could be
adjusted. This introduces a little bit of boilerplate, but keeps it
logically separated and probably easier if we want to extend it in the
future.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2024-01-25 14:20:22 +01:00
Frantisek Hrbata
17aa60886c fix(hints): properly identify source component
If there is a component(child) within a component(parent), like for test_apps, the parent
component may be wrongly identified as source component for the failed include. This may
lead to a false bug report if the parent component has component, which provides the missing
header, in requirements.

Fix this by looking for the longest matching source component directory.

Suggested-by: Ivan Grokhotkov <ivan@espressif.com>
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2024-01-25 14:20:22 +01:00
Frantisek Hrbata
f3c6aa975d fix: save RunTool command output with correct line endings
Currently RunTool reads command's output with asyncio read, which
returns bytes. This is decoded into python's string and the output already
contains OS specific line endings, which on Windows is CRLF. Problem is
that the command output is saved by using python's text stream/file,
which replaces LF, native python's line ending, with OS specific line ending.
On Windows, and in this particular case, the CRLF from the command output is
translated into CRCRLF and saved in the commands output file. When this
file is read in again, e.g. for hint modules, the CRCRLF is replaced
with LFLF. Again the file is open as text file. Meaning a new emply line
is added.

Fix this by opening the output file with "newline=''", which prevents
this translation. We already have the OS specific line ending in the
command's output.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2024-01-24 13:15:03 +01:00
Jakub Kocka
ade4d4d757 fix(kconfcheck): Fixed false-positive indent errors and extended limits 2024-01-18 11:38:41 +01:00
Roland Dobai
74b20f3885 fix(gdbgui): Fix support of gdbgui on Unix with Python 3.11
Closes https://github.com/espressif/esp-idf/issues/12764
2024-01-05 18:52:19 +01:00
wuzhenghui
ecca6fb1c2
change(esp_hw_support/sleep): rename ESP_SLEEP_DEEP_SLEEP_WAKEUP_DELAY
1. Rename ESP_SLEEP_DEEP_SLEEP_WAKEUP_DELAY to ESP_SLEEP_WAIT_FLASH_READY_EXTRA_DELAY
2. Set ESP_SLEEP_WAIT_FLASH_READY_EXTRA_DELAY visible for all targets
2023-12-27 15:36:20 +08:00
Roshan Bangar
a95bf9e0c3 feat(nimble): added HID over Gatt profile support 2023-12-22 11:23:05 +05:30
xueyunfei
23148a3138 Fix(esp_wifi): Add the missing header file to the wifi header files. 2023-12-19 19:15:49 +08:00
muhaidong
7b3cee0dd8 update(esp_coexist): update esp coexist header file 2023-12-19 19:15:49 +08:00
Alexey Lapshin
8e11721c40 feat(tools): update gdb version to 12.1_20231023 2023-12-18 17:44:22 +08:00
morris
eb7022dd06 Merge branch 'contrib/github_pr_12559_v5.1' into 'release/v5.1'
fix(spi): Correct REG_SPI_BASE(i) macro for all targets (GitHub PR) (v5.1)

See merge request espressif/esp-idf!27714
2023-12-14 11:08:03 +08:00
GuyBrush
293bd9a0df fix(tools): fix path delimiter in gdbinit for Windows
Merges https://github.com/espressif/esp-idf/pull/12683

Signed-off-by: Alexey Lapshin <alexey.lapshin@espressif.com>
2023-12-13 09:27:08 +00:00
Roland Dobai
6dc9cc81cc Merge branch 'bugfix/coredump_detect_v5.1' into 'release/v5.1'
tools: idf.py: fix detection of raw core dump file (v5.1)

See merge request espressif/esp-idf!27842
2023-12-13 17:25:19 +08:00
Aleksei Apaseev
2ed73a0714 fix(idf_tools): Opt for the recommended tool in tools.json rather than the supported one 2023-12-12 14:21:55 +08:00
Jiang Jiang Jian
1a6a941521 Merge branch 'bugfix/connect_issue_for_zero_rssi_v5.1' into 'release/v5.1'
fix(esp_wifi): Fix issue of station disconnecting immediately after scanning  (Backport v5.1)

See merge request espressif/esp-idf!26743
2023-12-12 14:00:24 +08:00
Mahavir Jain
4aa464a4ea Merge branch 'fix/aes_mpi_interrupt_allocation_workflow_v5.1' into 'release/v5.1'
fix(mbedtls): move interrupt allocation during initialization phase (v5.1)

See merge request espressif/esp-idf!27204
2023-12-12 11:44:42 +08:00
Roland Dobai
e26de66065 Merge branch 'contrib/github_pr_12637_v5.1' into 'release/v5.1'
Dockerfile with variable depth parameter (GitHub PR) (v5.1)

See merge request espressif/esp-idf!27830
2023-12-11 23:09:50 +08:00
Anton Maklakov
e60b0235ad Merge branch 'feature/qemu-esp-develop-8.1.3-20231206_v5.1' into 'release/v5.1'
feat(tools): update qemu to esp-develop-8.1.3-20231206 (v5.1)

See merge request espressif/esp-idf!27812
2023-12-11 19:21:12 +08:00
Peter Dragun
62f3dddff7 fix(tools): idf.py: fix detection of raw core dump file
When idf.py coredump-debug is launched with '--core' argument, it
tries to determine the file format (raw, elf, b64). To detect the
'raw' core dump the code checked if the version word matched one of
the known values.
However, the version word also contains the chip ID in the high
half-word, so the check failed for anything other than the ESP32.
The detection of core file format has been moved to esp-coredump
package in version 1.9.0, including the fix for chip ID.

Reported in https://github.com/espressif/esp-idf/issues/10852
2023-12-11 11:26:58 +01:00
Sarvesh Bodakhe
d1e31a4194 fix(esp_wifi): Fix issue of station disconnecting immediately when AP RSSI is zero 2023-12-11 14:58:16 +05:30
timoxd7
b2250f31b9 feat(docker): Add Dockerfile argument for variable clone depth
Closes https://github.com/espressif/esp-idf/pull/12637
2023-12-11 09:03:46 +01:00
Jiang Jiang Jian
e0cd5b7aa5 Merge branch 'backport/add_config_to_set_custom_mac_as_base_mac_v5_1' into 'release/v5.1'
feat(mac): Add a configuration to set custom MAC as base MAC(Backport V5.1)

See merge request espressif/esp-idf!27737
2023-12-11 15:11:19 +08:00
harshal.patil
4c30f2a4a0 fix(mbedtls): move interrupt allocation during initialization phase 2023-12-11 06:46:24 +00:00
Ivan Grokhotkov
850bf2b156 feat(tools): update qemu to esp-develop-8.1.3-20231206
https://github.com/espressif/qemu/releases/tag/esp-develop-8.1.3-20231206
2023-12-11 10:35:35 +07:00
Frantisek Hrbata
db25ec2a37 feat: use esp-idf-sbom pre-commit plugin
Currently sbom manifest is checked only in .gitmodules and
this check is done in pre-commit and also in CI. Meaning it's running
three times(pre-commit before push if user has it enabled, in CI
as there is the pre-commit run again and again with test in CI). Since
esp-idf-sbom contains a full manifest validation support and pre-commit
plugin for it, let's use it. This removes all the current sbom testing
and replaces it with a signle pre-commit plugin which validates all
manifests files(sbom.yml, idf_component.yml, .gitmodules and also
referenced manifests) in repository. Note that this checks all
manifests, not only ones which were modified. The check is reasonably
fast though, so it should not cause any problem. The reason for
validating all manifest files is that we want to make sure that the sbom
information in .gitmodules is updated too and that the hash
recorded in .gitmodules is up-to-date. Meaning submodule update
would not trigger this plugin, because no manifest was changed.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-12-07 13:36:00 +01:00
zwx
923ce6a4b2 feat(mac): Add a configuration to set custom MAC as base MAC 2023-12-07 14:15:40 +08:00
Roland Dobai
ccc75dd2da fix(tools): Fix fatfsgen construct exception type and dependency
construct=2.10.70 fixed an issue
(c3866e9492)
and StringError is raised instead of UnicodeDecodeError.
2023-12-06 08:50:01 +00:00
TD-er
8e0d64e94c fix(spi): Correct REG_SPI_BASE(i) macro for all targets
The existing formula can never match these registers.

Closes https://github.com/espressif/esp-idf/pull/12559
Closes https://github.com/espressif/esp-idf/pull/12562
2023-12-06 16:13:01 +08:00
Anton Maklakov
4fe15460ab Merge branch 'ci/fix_build_linux_targets' into 'release/v5.1'
Ci/fix build linux targets (v5.1)

See merge request espressif/esp-idf!27519
2023-12-06 15:31:35 +08:00
Frantisek Hrbata
99f9dd4c07 feat(docker): allow to add paths into git's safe.directory
With 8959555cee7e[1] ("setup_git_directory(): add an owner check for the top..")
git added an ownership check of the git directory and refuses to
run any git commands, even parsing the config file, if the git directory
is not owned by the current user. The "fatal: detected dubious ownership in repository"
is reported.

This fixes CVE-2022-24765[2], which allows to compromise user account. On a
multi-user system or e.g. on a shared file system, one user may create a "rogue"
git repository with e.g. core.fsmonitor set to an arbitrary command. Other user
may unwillingly execute this command by running e.g. git-diff or
git-status within the "rogue" git repository, which may be in one of the parent
directories. If e.g. PS1 is set to display information about a git
repository in CWD, as suggested in Git in Bash[3], the user do not need to run
any git command to trigger this, just entering some subdirectory under
this "rogue" git repository is enough, because the git command will be
started transparently through the script used in PS1. The core.fsmonitor
can be set to arbitrary command. It's purpose is to help git to identify changed files
and speed up the scanning for changed files.

rogue
├── .git     # owned by user1
└── dir1     # owned by user2
    ├── dir2 # owned by user2
    └── .git # owned by user2

user1 sets core.fsmonitor for git repository in rogue directory
$ git config --add core.fsmonitor "bash -c 'rm -rf \$HOME'"

user2 enters dir1 and runs e.g. git diff and triggers the core.fsmonitor command.

The ownership check may cause problems when running git commands in
ESP-IDF Docker container. For example user may run the container as
root, but the mounted project may be owned by a particular user.

In this case git will refuse to execute any git command within the
"/project" directory, because it's not owned by root. To overcome this,
git allows to set safe.directories, for which the ownership check is
skipped. The security check may be completely disabled by setting
safe.directories to "*". This solution was proposed in PR 12636[4], but
it would allow make it possible to exploit this vulnerability again.

This fix allows user to specify git's safe.directory in IDF_GIT_SAFE_DIR
environmental variable, which may be set during container startup.

The IDF_GIT_SAFE_DIR has same format as PATH and multiple directories can be
specified by using a ":" separator. To entirely disable this git security check
within the container, user may set IDF_GIT_SAFE_DIR='*'. This might be
heplfull in CI.

Closes https://github.com/espressif/esp-idf/pull/12636

[1] - 8959555cee
[2] - https://nvd.nist.gov/vuln/detail/cve-2022-24765
[3] - https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash
[4] - https://github.com/espressif/esp-idf/pull/12636

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-12-01 08:23:16 +01:00
Fu Hanxi
1f0f661979
ci: skip pytest cases in managed_components 2023-11-30 09:08:01 +01:00
Ivan Grokhotkov
be057f26dc
ci(system): re-enable build test app for C2 and C6, clean up configs
Since we can use CONFIG_NAME now to specify build rules, we don't need
to have target-specific config files.
2023-11-28 18:09:06 +01:00
Fu Hanxi
3875e26b3b Merge branch 'test/idf-build-apps-1.0.0_v5.1' into 'release/v5.1'
CI: make master pipeline compatible with idf-build-apps 1.0.0 release (v5.1)

See merge request espressif/esp-idf!26247
2023-11-28 14:59:39 +08:00
Jiang Jiang Jian
3ba577165c Merge branch 'bugfix/esp32s3_usb_otg_console_v5.1' into 'release/v5.1'
system: support USB_OTG CDC console on ESP32-S3 (v5.1)

See merge request espressif/esp-idf!24337
2023-11-24 10:19:02 +08:00
Ivan Grokhotkov
6481b0161c
ci: add build test for CONFIG_ESP_CONSOLE_USB_CDC_SUPPORT_ETS_PRINTF 2023-11-21 17:33:30 +01:00
Ivan Grokhotkov
22dd730a7c
esp_rom: convert USB related headers to SPDX, update COPYRIGHTS.rst 2023-11-21 17:33:30 +01:00
Ivan Grokhotkov
c7b409aa94
esp_rom: sync changes for ESP32-S3 USB related files, minor fix for S2
Used esp-rom tag esp32s3-20210327 and did manual cleanup.
Rename s_usb_osglue to rom_usb_osglue like it was done for esp32s2.
Some comments in esp32s2 headers are synced from esp32s3.
2023-11-21 17:33:29 +01:00
Frantisek Hrbata
4c3beef656 feat(ci): add test for custom cmake CMAKE_EXECUTABLE_SUFFIX
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-11-20 11:03:28 +01:00