From 1af94b4316b80a7ae547a800f0ee063026ea3549 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 3 Jan 2024 12:25:17 -0600 Subject: [PATCH] wolfSentry update for release 1.6.2 --- wolfSentry/src/ChangeLog.md | 33 +++++++++++++++++++++++++++++++++ wolfSentry/src/README.md | 5 ++++- 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/wolfSentry/src/ChangeLog.md b/wolfSentry/src/ChangeLog.md index de92d0e1..3e5a9745 100644 --- a/wolfSentry/src/ChangeLog.md +++ b/wolfSentry/src/ChangeLog.md @@ -2,6 +2,39 @@
+# wolfSentry Release 1.6.2 (January 2, 2024) + +Release 1.6.2 of the wolfSentry embedded firewall/IDPS has enhancements, +additions, and improvements including: + +## Noteworthy Changes and Additions + +In scripts and Makefile, interpreters (`bash` and `awk`) now follow search `PATH`. Explicit override paths to `bash` and `awk` can be supplied by passing values for `SHELL` and `AWK` to `make`. + +Change type of length argument to `wolfsentry_action_res_assoc_by_name()` to `int`, to allow it to accept `WOLFSENTRY_LENGTH_NULL_TERMINATED` (negative number). + +Makefile option `STRIPPED` has been split into `STRIPPED` and `FUNCTION_SECTIONS`, the latter directing the compiler and linker to cull any unused object code (with function granularity) to minimize total size. + +## Bug Fixes, Cleanups, and Debugging Aids + +In `handle_route_endpoint_clause()`, add casts to work around an implicit-promotion bug in gcc-7.5. + +In `wolfsentry_route_table_max_purgeable_idle_time_get()` and `_set()`, don't use atomic operations, as the context is already locked and the operand is an `int64_t`. This avoids an inadvertent dependency on software __atomic_load_8() and __atomic_store_8() on 32 bit targets. + +Various fixes for benign `cppcheck` reports (`duplicateCondition`, `unsignedLessThanZero`, `unreadVariable`, `invalidPrintfArgType_uint`, `invalidPrintfArgType_sint`, `shadowFunction`, `constVariablePointer`, `preprocessorErrorDirective`). + +## Self-Test Enhancements + +Add `replace_rule_transactionally()`, now used in `test_static_routes()` for a thorough workout. + +Enhance `freertos-arm32-build-test` target to do two builds, one with and one without `FUNCTION_SECTIONS`, for more thorough coverage. + +In `test_lwip()` (`tests/unittests.c`), pass a trivial JSON config to `activate_wolfsentry_lwip()`, to avoid compiler optimizing away `wolfsentry_config_json_oneshot()` and its dependencies. + +Split cppcheck-analyze recipe into cppcheck-library, cppcheck-force-library, cppcheck-extras, and cppcheck-force-extras, with increased coverage. Only cppcheck-library and cppcheck-extras are included in the "check-all" dependency list. + +
+ # wolfSentry Release 1.6.1 (November 18, 2023) Release 1.6.1 of the wolfSentry embedded firewall/IDPS has enhancements, diff --git a/wolfSentry/src/README.md b/wolfSentry/src/README.md index 25a626dc..3f5beaf3 100644 --- a/wolfSentry/src/README.md +++ b/wolfSentry/src/README.md @@ -101,7 +101,9 @@ topic. | `make` Option | Macro Option | Description | | -------------- | ------------ | ----------- | -| `V` | | Verbose `make` output
e.g. `make V=1 -j test` | +| `SHELL` | | Supplies an explicit/alternative path to `bash`. | +| `AWK` | | Supplies an explicit/alternative path to Gnu `awk`. | +| `V` | | Verbose `make` output
e.g. `make V=1 -j test` | | `USER_MAKE_CONF` | | User-defined make clauses to include at the top of the main Makefile
e.g. `make -j USER_MAKE_CONF=Makefile.settings` | | `EXTRA_CFLAGS` | | Additional arguments to be passed verbatim to the compiler | | `EXTRA_LDFLAGS` | | Additional arguments to be passed verbatim to the linker | @@ -114,6 +116,7 @@ topic. | `C_WARNFLAGS` | | The warning flags to use (overriding the generally applicable defaults) | | `STATIC` | | Build statically linked unit tests | | `STRIPPED` | | Strip binaries of debugging symbols | +| `FUNCTION_SECTIONS` | | Cull any unused object code (with function granularity) to minimize total size. | | `BUILD_DYNAMIC` | | Build dynamically linked library | | `VERY_QUIET` | | Inhibit all non-error output during build | | `TAR` | | Path to GNU tar binary for `make dist`, should be set to `gtar` for macOS |