Merge pull request from GHSA-p8c7-qmm5-5h24

Sync release branch with main branch of private security fork for 202203.00 release
aws · Mar 16, 2022 · d60544d · d60544d
2 parents b7151fe + 1816e52
commit d60544d
Show file tree

Hide file tree

Showing 332 changed files with 28,034 additions and 19,732 deletions.
diff --git a/.gitignore b/.gitignore
@@ -7,12 +7,13 @@ doxygen_warnings.txt
 /.metadata/
 .vscode/*
 *.o
-*.d 
+*.d
 *.elf
 *.hex
 !/vendors/cypress/MTB/psoc6/psoc64tfm/COMPONENT_TFM_S_FW/tfm_s_unsigned.hex
 *.bin
 *.pyc
+*.log
 
 RemoteSystemsTempFiles/*
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,37 @@
-# Change Log
+# Changelog
 This repository contains the `FreeRTOS AWS Reference Integrations`, which are pre-integrated FreeRTOS projects ported to microcontroller-based evaluation boards that demonstrate end-to-end connectivity to AWS IoT Core. The repository contains projects for several microcontroller-based evaluation boards.
 
+## 202203.00 March 2022
+
+### Updates
+
+#### FreeRTOS Kernel
+
+- Updated to use V10.4.3-LTS-Patch-2
+
+#### FreeRTOS-Plus-TCP
+
+- Updated to use V2.3.2-LTS-Patch-2
+
+#### corePKCS11
+
+- Updated Mbed TLS version to 2.28.0
+
+#### Vendors
+
+- Updated the Wi-Fi abstraction implementations for the ports listed below. This is to minimize the time the Wi-Fi password is held in RAM by clearing it immediately after usage. In particular, within implementations of the WIFI_ConnectAP() and WIFI_ConfigureAP() functions on the following platforms:
+
+    - CC3220SF-LAUNCHXL
+    - STM32L4 Discovery kit IoT node 
+    - LPC54018 IoT Module 
+    - ESP32-DevKitC, ESP-WROVER-KIT, ESP32-WROOM-32SE, ESP32-S2-SAOLA-1 
+    - XMC4800 Iot Connectivity Kit, XMC4800 and Optiga TrustX 
+    - MediaTek MT7697Hx Development Kit 
+    - Renesas Starter Kit+ for RX65N-2MB 
+    - Cypress CYW954907AEVAL1F, CYW43907AEVAL1F Evaluation Kit, PSoC 64 Standard Secure AWS Wi-Fi Bluetooth Pioneer Kit 
+    - MW320, MW322 AWS IoT Starter Kit 
+    - Numaker-IoT-M487
+
 ## 202107.00 July 2021
 
 ### New Features

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -6,10 +6,18 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
 endif()
 
 project(amazon-freertos)
-set(PROJECT_VERSION "202107.00")
-set(PROJECT_VERSION_MAJOR "202107")
+set(PROJECT_VERSION "202203.00")
+set(PROJECT_VERSION_MAJOR "202203")
 set(PROJECT_VERSION_MINOR "00")
 
+# If it's TI boards, enable split mbedtls source build to 
+# shorten the build command length to avoid "The command line is too long" error.
+if (AFR_BOARD STREQUAL ti.cc3220_launchpad)
+    set(AFR_SEPARATE_MBEDTLS_SOURCE_BUILD TRUE)
+else()
+    set(AFR_SEPARATE_MBEDTLS_SOURCE_BUILD FALSE)
+endif()
+
 # Import global configurations.
 include("tools/cmake/afr.cmake")
 
@@ -90,7 +98,20 @@ if( "${mbedtls_config_pos}" EQUAL "-1")
         -DMBEDTLS_CONFIG_FILE="aws_mbedtls_config.h"
         -DCONFIG_MEDTLS_USE_AFR_MEMORY
     )
-
+
+    if (${AFR_SEPARATE_MBEDTLS_SOURCE_BUILD})
+        target_include_directories(
+            afr_3rdparty_mbedtls_part2
+            PUBLIC
+            "${AFR_3RDPARTY_DIR}/mbedtls_config"
+        )
+        target_compile_definitions(
+            afr_3rdparty_mbedtls_part2
+            PUBLIC
+            -DMBEDTLS_CONFIG_FILE="aws_mbedtls_config.h"
+            -DCONFIG_MEDTLS_USE_AFR_MEMORY
+        )
+    endif()
 endif()
 
 # -------------------------------------------------------------------------------------------------

diff --git a/README.md b/README.md
@@ -5,10 +5,11 @@ This repo uses [Git Submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodu
 
 Note: If you download the ZIP file provided by GitHub UI, you will not get the contents of the submodules. (The ZIP file is also not a valid git repository)
 
-If using Windows, set `core.symlinks` to true since copying a directory with symlinks may cause hangups:
+If using Windows, because this repository and its submodules contain symbolic links, set `core.symlinks` to true with the following command:
 ```
 git config --global core.symlinks true
 ```
+In addition to this, either enable [Developer Mode](https://docs.microsoft.com/en-us/windows/apps/get-started/enable-your-device-for-development) or, whenever using a git command that writes to the system (e.g. `git pull`, `git clone`, and `git submodule update --init --recursive`), use a console elevated as administrator so that git can properly create symbolic links for this repository. Otherwise, symbolic links will be written as normal files with the symbolic links' paths in them as text. [This](https://blogs.windows.com/windowsdeveloper/2016/12/02/symlinks-windows-10/) gives more explanation.
 
 To clone using HTTPS:
 ```

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,5 @@
+## Reporting a Vulnerability
+
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security
+via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to [email protected].
+Please do **NOT** create a public github issue.