- This change will introduce a breaking change for SoCs with the HMAC
peripheral. Turning on flash encryption will no longer enable NVS
encryption automatically.
Closes https://github.com/espressif/esp-idf/issues/12549
IDF FreeRTOS v10.5.1 no longer accepts out of range xCoreID arguments in
"PinnedToCore" task creation functions when building for single-core. This
commit fixes those violations through ESP-IDF.
This commit does the following:
- removes the xCoreID member from the TCB when building for single-core
- xCoreID is no longer hard set to 0 when calling "PinnedToCore" task creation
functions in single-core
- Tidy up or add missing xCoreID asserts for functions that take xCoreID as an
argument:
- Functions that set/query a variable of a particular core will call
taskVALID_CORE_ID() to ensure ) 0 <= xCoreID < configNUMBER_OF_CORES
- Task creation functions that accept xCoreID also call taskVALID_CORE_ID()
but also allow tskNO_AFFINITY.
- Fix TaskStatus_t
- Remove xCoreID from TaskStatus_t if configTASKLIST_INCLUDE_COREID is not
defined.
- Set xCoreID to 0 when calling vTaskGetInfo() in single-core builds
This commit refactors the following macros so that calling them no longer
requires referencing pxTCB->xCoreID.
- taskIS_YIELD_REQUIRED()
- taskIS_YIELD_REQUIRED_USING_PRIORITY()
- taskIS_AFFINITY_COMPATIBLE()
Many places in the ESP_SYSTEM are using CONFIG_FREERTOS_UNICORE instead of CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE (GitHub PR)
Closes IDFGH-11333
See merge request espressif/esp-idf!27435
change(usb_serial_jtag): Add example for usb serial jtag echo
Closes IDFGH-11503, IDFGH-11493, and IDFGH-11478
See merge request espressif/esp-idf!27366
ble(update):Update c2 lib to 79ed4e8a,Update h2 lib to 9a237426,Update c6 lib to 9a237426
Closes BLERP-269 and BLERP-291
See merge request espressif/esp-idf!27391
1. fix the bug that station can't found AP when the authmode is WPA
2. fix wifi mode error when mesh start after station has connected to router
Closes https://github.com/espressif/esp-idf/issues/12646
fix(bt/bluedroid): Set the alarm_arg to NULL after releasing to avoid double free in l2cap
Closes BTQABR2023-141
See merge request espressif/esp-idf!27532
With 8959555cee7e[1] ("setup_git_directory(): add an owner check for the top..")
git added an ownership check of the git directory and refuses to
run any git commands, even parsing the config file, if the git directory
is not owned by the current user. The "fatal: detected dubious ownership in repository"
is reported.
This fixes CVE-2022-24765[2], which allows to compromise user account. On a
multi-user system or e.g. on a shared file system, one user may create a "rogue"
git repository with e.g. core.fsmonitor set to an arbitrary command. Other user
may unwillingly execute this command by running e.g. git-diff or
git-status within the "rogue" git repository, which may be in one of the parent
directories. If e.g. PS1 is set to display information about a git
repository in CWD, as suggested in Git in Bash[3], the user do not need to run
any git command to trigger this, just entering some subdirectory under
this "rogue" git repository is enough, because the git command will be
started transparently through the script used in PS1. The core.fsmonitor
can be set to arbitrary command. It's purpose is to help git to identify changed files
and speed up the scanning for changed files.
rogue
├── .git # owned by user1
└── dir1 # owned by user2
├── dir2 # owned by user2
└── .git # owned by user2
user1 sets core.fsmonitor for git repository in rogue directory
$ git config --add core.fsmonitor "bash -c 'rm -rf \$HOME'"
user2 enters dir1 and runs e.g. git diff and triggers the core.fsmonitor command.
The ownership check may cause problems when running git commands in
ESP-IDF Docker container. For example user may run the container as
root, but the mounted project may be owned by a particular user.
In this case git will refuse to execute any git command within the
"/project" directory, because it's not owned by root. To overcome this,
git allows to set safe.directories, for which the ownership check is
skipped. The security check may be completely disabled by setting
safe.directories to "*". This solution was proposed in PR 12636[4], but
it would allow make it possible to exploit this vulnerability again.
This fix allows user to specify git's safe.directory in IDF_GIT_SAFE_DIR
environmental variable, which may be set during container startup.
The IDF_GIT_SAFE_DIR has same format as PATH and multiple directories can be
specified by using a ":" separator. To entirely disable this git security check
within the container, user may set IDF_GIT_SAFE_DIR='*'. This might be
heplfull in CI.
Closes https://github.com/espressif/esp-idf/pull/12636
[1] - 8959555cee
[2] - https://nvd.nist.gov/vuln/detail/cve-2022-24765
[3] - https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash
[4] - https://github.com/espressif/esp-idf/pull/12636
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>