Comparing changes

@RetVal

* next release will probably be 2.2.1... * ping: add stop function ping in raw mode does some set up and sets timeout, but clean up procedure is missing. That is needed for case if PING_RESULT() macro is used for application exit. Also implement stop functionality when using sockets. Running ping is stopped when calling ping_init() again. Signed-off-by: Maxim Uvarov <[email protected]> Signed-off-by: Simon Goldschmidt <[email protected]> * Fix bug #64637 ("iperf -n 1000 -r" does not work) * win32 pcapif: fix "heap-use-after-free" on shutdown * icmp: fix bug #64211 (ICMP reply error when using bridge) when reusing an rx pbuf for tx, its if_idx has to be reset or else bridgeif_send_to_port() might drop it * ci: Bump github action version Fix warning: "The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2." * nd6: Update RA link-local addr option length check lwIP might support different hardware address lengths (when using Ethernet and 6LoWPAN for instance). Match provided lladdr length from Router Advertisement to the current network interface instead of comparing against longest that can be stored. * httpd: compare client requests case-insensitive Fixes bug #10047 (Fix case-sensitive comparison of Content-Length header for POST requests) Signed-off-by: Simon Goldschmidt <[email protected]> * nd6: Fix RA link-local address option length check Length field is in units of 8 bytes. * mem: Include stdio.h Memory overflow checks uses snprintf. Reported in bug #63904. * opt.h: Fix typo * minor: fix spaces in unix/lib/lwipopts.h * mqtt: support binary Will Message see patch #10049 * guard when data is NULL [build] ../../3rd/lwip/src/include/lwip/opt.h:137:41: error: argument 2 null where non-null expected [-Werror=nonnull] [build] #define MEMCPY(dst,src,len) memcpy(dst,src,len) [build] ^~~~~~~~~~~~~~~~~~~ [build] ../../3rd/lwip/src/netif/ppp/fsm.c:791:7: note: in expansion of macro 'MEMCPY' [build] MEMCPY(outp + PPP_HDRLEN + HEADERLEN, data, datalen); [build] ^~~~~~ [build] In file included from c:\mentorgraphics\fly380s_8910\prebuilts\win32\gcc-arm-none-eabi\arm-none-eabi\include\sys\time.h:40:0, [build] from ../../3rd/../src/cat1/arch/cc.h:40, [build] from ../../3rd/lwip/src/include/lwip/arch.h:50, [build] from ../../3rd/lwip/src/include/lwip/debug.h:40, [build] from ../../3rd/lwip/src/include/lwip/opt.h:52, [build] from ../../3rd/lwip/src/include/netif/ppp/ppp_opts.h:31, [build] from ../../3rd/lwip/src/netif/ppp/fsm.c:43: [build] c:\mentorgraphics\fly380s_8910\prebuilts\win32\gcc-arm-none-eabi\arm-none-eabi\include\string.h:31:8: note: in a call to function 'memcpy' declared here [build] _PTR _EXFUN(memcpy,(_PTR __restrict, const _PTR __restrict, size_t)); [build] ^ * ping: do not clear IP address with ping_stop at the init commit 4e6dd9 "ping: add stop function", was corrected and wrongly added stop function after IP address set up. Signed-off-by: Maxim Uvarov <[email protected]> * tcp: fix compiling with LWIP_NOASSERT See bug #64734 * pbuf: fix "returns" documentation on pbuf_get_contiguous() See bug #64049 * ipv6: frag: fix bogus icmp6 response on reassembly timeout See bug #63929 * msvc: add project + sln for fuzz tests * fuzz: fix warning casting u64_t to s32_t/u32_t * fuzz: count packets for debugging * ping: fix assert in ping_init() * msvc: clean up duplicate use of intermediate directories * apps: http client: improve the HTTP client; ensure connection settings are passed Without connection settings, the caller is not informed of success vs failure of a transfer. See bug #63554 * posixlib: fix posixlib/CMakeLists.txt * ipv6: fix ip6_current_header() after reassembly ip6_current_header() should point to the header before the reassembled data, not to the first received pbuf (not necessarily the same). See bug #64031 * ipv6 reassembly: fix detecting holes in reassembled packets Added unit test for reassembly. See bug #64767 * Fix running IPv6 reassembly unit tests on 64-bit * win32 port: add x64 configurations * unittests: fix compiling in release mode * ping: fix compiling in dual-stack mode * apps/tftp: fix compiling for 64-bit * httpd: fix bug #64458: When tcp_err() is invoked, tcp_pcb is freed but httpd_post_finished() is not called by httpd.c * win32 port: fix wrong intermediate directories * win32 port: allow "edit-and-continue" by disabling /SAFESEH * win32 port: fix linking x64 with pcap * sockets: fix bug #63898: allow socket option IPV6_CHECKSUM for both IPPROTO_IPV6 and IPPROTO_RAW See bug #63898 * altcp_mbedtls: don't ignore return value of mbedtls_ssl_flush_output see bug #64045/task #16283 * sockets: fix socket leak when using setsockopt/getsockopt hook with LWIP_NETCONN_FULLDUPLEX==1 see bug #63458 * dhcp: set LWIP_DHCP_DISCOVER_ADD_HOSTNAME==1 by DEFAULT_ACCEPTMBOX_SIZE see bug #63457 * Add MEM_CUSTOM_ALLOCATOR and make LIBC a subset of it Allow one to provide a custom implementation of free/malloc/calloc instead of the lwip internal allocator. The code to use the libc's implementation already existed, so generalize the existing code and make the libc variant a specialized case of this new capability, retaining full backwards compatibility. * pbuf: pbuf_get_contiguous: allow passing NULL for buffer to prevent copying see bug #62832 * Fix bug #60681: Initialize custom data in pbuf struct Add a #define that users can use to initialize LWIP_PBUF_CUSTOM_DATA fields. see patch #10072 idea by Thomas Kindler <[email protected]> * tcp_in : fix ooseq update error if a pbuf received with the same seqno in ooseq , we then check the size and replace the existing one with the larger one,but if the existing one is the last segment in ooseq ,it might has been trimed before. the replacing action will overrun our receive windows see patch #10106 and bug #56397 * Document that sntp_setservername doesn't copy the string I was expecting the string to be duplicated, doing a Google search shows others did as well. * unixlib: LWIP_LISTEN_BACKLOG -> TCP_LISTEN_BACKLOG see patch #10116 * pbuf_cat: add a simple check to ensure we don't cat the same pbuf to itself * Fix building with ISO C90 This fixes the changes of commit 574bd6e * dhcp: fix memory corruption when LWIP_DHCP_MAX_DNS_SERVERS > DNS_MAX_SERVERS see patch #10124 * Fix typos From patch #10399 * Update codespell false positives * test: Fix speling issues Found by codespell * PPP: Fix speling issues Found by codespell * apps/http_client: Fix speling issues Found by codespell * contrib: Fix speling issues Found by codespell * src/api: Fix speling issues Found by codespell * src/apps: Fix speling issues Found by codespell * Ignore vim swap files * src/core: Fix speling issues Found by codespell * httpc with LWIP_HTTPC_HAVE_FILE_IO: fix heap buffer overflow for long local filenames See bug #64940 * makefsdata: fix buffer corruption with very long paths See bug #64941 * update tinydir.h to newest version (1.2.6) Update to cxong/tinydir version 1.2.6 commit 8124807 ("Fix buffer overflow in tinydir_file_open with long path names") Although we're not affected of this bug, prevent others copying from our repo being affected... * avoid callbacks for unsuccessful lwip_accept See bug #64780 * Fix uninitialized variable warning introduced with last commit (at least reported by MS-VS C compiler) * Introduce constant-time memcmp and use it for snmpv3_get_engine_boots See #65118 * ppp: use constant-time memcmp for checking credentials See #65119 * Fix C++ compatibility of newly added function lwip_memcmp_consttime() * contrib: fixed c++ compatibility of unix port * Added "lwip/errno.h" to netdb.c includes Defines EINVAL and ERANGE are used in the file but not included directly. When I try to use <sys/socket.h> and <arpa/inet.h> as LWIP_SOCKET_EXTERNAL_HEADERS it causes errors with this defines. * Fixed netdb.c when LWIP_SOCKET_HAVE_SA_LEN == 0 Fields sin6_len and sin_len are always used in the file but not all implementations of sockaddr_in or sockaddr_in6 have this fields (including Linux implementation). Added #if-check to avoid compilation errors in such cases. * Add CodeQL Workflow for Code Security Analysis Add CodeQL Workflow for Code Security Analysis This pull request introduces a CodeQL workflow to enhance the security analysis of our repository. CodeQL is a powerful static analysis tool that helps identify and mitigate security vulnerabilities in our codebase. By integrating this workflow into our GitHub Actions, we can proactively identify and address potential issues before they become security threats. We added a new CodeQL workflow file (.github/workflows/codeql.yml) that - Runs on every push and pull request to the main branch. - Excludes queries with a high false positive rate or low-severity findings. - Does not display results for third-party code, focusing only on our own codebase. Testing: To validate the functionality of this workflow, we have run several test scans on the codebase and reviewed the results. The workflow successfully compiles the project, identifies issues, and provides actionable insights while reducing noise by excluding certain queries and third-party code. Deployment: Once this pull request is merged, the CodeQL workflow will be active and automatically run on every push and pull request to the main branch. To view the results of these code scans, please follow these steps: 1. Under the repository name, click on the Security tab. 2. In the left sidebar, click Code scanning alerts. Additional Information: - You can further customize the workflow to adapt to your specific needs by modifying the workflow file. - For more information on CodeQL and how to interpret its results, refer to the GitHub documentation and the CodeQL documentation. Signed-off-by: Brian <[email protected]> * Add CodeQL Workflow for Code Security Analysis Add CodeQL Workflow for Code Security Analysis This pull request introduces a CodeQL workflow to enhance the security analysis of our repository. CodeQL is a powerful static analysis tool that helps identify and mitigate security vulnerabilities in our codebase. By integrating this workflow into our GitHub Actions, we can proactively identify and address potential issues before they become security threats. We added a new CodeQL workflow file (.github/workflows/codeql.yml) that - Runs on every pull request (functionality to run on every push to main branches is included as a comment for convenience). - Runs daily. - Excludes queries with a high false positive rate or low-severity findings. - Does not display results for git submodules, focusing only on our own codebase. Testing: To validate the functionality of this workflow, we have run several test scans on the codebase and reviewed the results. The workflow successfully compiles the project, identifies issues, and provides actionable insights while reducing noise by excluding certain queries and third-party code. Deployment: Once this pull request is merged, the CodeQL workflow will be active and automatically run on every push and pull request to the main branch. To view the results of these code scans, please follow these steps: 1. Under the repository name, click on the Security tab. 2. In the left sidebar, click Code scanning alerts. Additional Information: - You can further customize the workflow to adapt to your specific needs by modifying the workflow file. - For more information on CodeQL and how to interpret its results, refer to the GitHub documentation and the CodeQL documentation (https://codeql.github.com/ and https://codeql.github.com/docs/). Signed-off-by: Brian <[email protected]> * Add CodeQL Workflow for Code Security Analysis Add CodeQL Workflow for Code Security Analysis This pull request introduces a CodeQL workflow to enhance the security analysis of our repository. CodeQL is a powerful static analysis tool that helps identify and mitigate security vulnerabilities in our codebase. By integrating this workflow into our GitHub Actions, we can proactively identify and address potential issues before they become security threats. We added a new CodeQL workflow file (.github/workflows/codeql.yml) that - Runs on every pull request (functionality to run on every push to main branches is included as a comment for convenience). - Runs daily. - Excludes queries with a high false positive rate or low-severity findings. - Does not display results for git submodules, focusing only on our own codebase. Testing: To validate the functionality of this workflow, we have run several test scans on the codebase and reviewed the results. The workflow successfully compiles the project, identifies issues, and provides actionable insights while reducing noise by excluding certain queries and third-party code. Deployment: Once this pull request is merged, the CodeQL workflow will be active and automatically run on every push and pull request to the main branch. To view the results of these code scans, please follow these steps: 1. Under the repository name, click on the Security tab. 2. In the left sidebar, click Code scanning alerts. Additional Information: - You can further customize the workflow to adapt to your specific needs by modifying the workflow file. - For more information on CodeQL and how to interpret its results, refer to the GitHub documentation and the CodeQL documentation (https://codeql.github.com/ and https://codeql.github.com/docs/). Signed-off-by: Brian <[email protected]> * Add CodeQL Workflow for Code Security Analysis Add CodeQL Workflow for Code Security Analysis This pull request introduces a CodeQL workflow to enhance the security analysis of our repository. CodeQL is a powerful static analysis tool that helps identify and mitigate security vulnerabilities in our codebase. By integrating this workflow into our GitHub Actions, we can proactively identify and address potential issues before they become security threats. We added a new CodeQL workflow file (.github/workflows/codeql.yml) that - Runs on every pull request (functionality to run on every push to main branches is included as a comment for convenience). - Runs daily. - Excludes queries with a high false positive rate or low-severity findings. - Does not display results for git submodules, focusing only on our own codebase. Testing: To validate the functionality of this workflow, we have run several test scans on the codebase and reviewed the results. The workflow successfully compiles the project, identifies issues, and provides actionable insights while reducing noise by excluding certain queries and third-party code. Deployment: Once this pull request is merged, the CodeQL workflow will be active and automatically run on every push and pull request to the main branch. To view the results of these code scans, please follow these steps: 1. Under the repository name, click on the Security tab. 2. In the left sidebar, click Code scanning alerts. Additional Information: - You can further customize the workflow to adapt to your specific needs by modifying the workflow file. - For more information on CodeQL and how to interpret its results, refer to the GitHub documentation and the CodeQL documentation (https://codeql.github.com/ and https://codeql.github.com/docs/). Signed-off-by: Brian <[email protected]> * Update codeql-buildscript.sh Adding install dependencies step * makefsdata: extend file type matching with .shtml and .shtm [Problem] When using makefsdata perl script to convert shtml files with SSI tags the shtml files get generated with text/plain content type, making browsers not render them correctly [Solution] Extend the regex to generate text/html content type for any of: .htm, .html, .shtm, .shtml extensions * tcpip: fix that TCPIP_CORE_LOCK is not released for LWIP_TIMERS==0 See bug #65328 Signed-off-by: Simon Goldschmidt <[email protected]> * test/unit: fix inconsistent nullness check error Inside a testcase, but still. Trying to address #160 * refactor: added macOS include file MacOS supports util.h as well * refactor: added apple macro for fs handling * Run ci job on github pull requests * Stop running codeql every 24h Only run on push/pull requests * test/unit: Fix test_ip4_frag Reset linkoutput_byte_ctr for this test case. * test/unit: Fix DHCP tests On big-endian targets, the htonl() function is a no operation. We need another way to get a bad XID. Add get_bad_xid() to avoid code duplication. * Bump versions in codeql action * cmake: create dist target if not exists * apps/snmp: Remove @RetVal tags on void methods Fixing clang 19.1.0 error: src/apps/snmp/snmp_traps.c:140:15: error: empty paragraph passed to '@RetVal' command [-Werror,-Wdocumentation] * Support FreeBSD in the default configuration FreeBSD support is basically just very small changes related to some different includes and one define to not hide non-standard defines like B115200. Signed-off-by: Arne Schwabe <[email protected]> * snmp: fix dangling pointer in snmp_traps * snmp: remove handling of varbind->prev because it is never used No code in snmp traverses varbinds backwards so prev is never used. This also fixes false positive dangling pointer detection by GCC. * snmp: remove unused prev field from snmp_varbind * snmp: Mention struct field removal in UPGRADING * Support mbedTLS version 3.x * Use the id_len instead of the master * Fix a finding * Revert "Merge branch 'master' into FSPRA-4133_Update_lwIP_to_support_TLS_on_MbedTLS" This reverts commit 73a6fc1, reversing changes made to 4fd1f63. --------- Signed-off-by: Maxim Uvarov <[email protected]> Signed-off-by: Simon Goldschmidt <[email protected]> Signed-off-by: Brian <[email protected]> Signed-off-by: Arne Schwabe <[email protected]> Co-authored-by: Simon Goldschmidt <[email protected]> Co-authored-by: Maxim Uvarov <[email protected]> Co-authored-by: Erik Ekman <[email protected]> Co-authored-by: Florian La Roche <[email protected]> Co-authored-by: Yonggang Luo <[email protected]> Co-authored-by: Faidon Liambotis <[email protected]> Co-authored-by: Thomas Kindler <[email protected]> Co-authored-by: duckpowerMB <[email protected]> Co-authored-by: David Fries <[email protected]> Co-authored-by: Renzo Davoli <[email protected]> Co-authored-by: Sebastian Michel <[email protected]> Co-authored-by: Kirill Lokotkov <[email protected]> Co-authored-by: Brian <[email protected]> Co-authored-by: Brian <[email protected]> Co-authored-by: Krzysztof Mazur <[email protected]> Co-authored-by: jeans <[email protected]> Co-authored-by: Sebastian Huber <[email protected]> Co-authored-by: scribam <[email protected]> Co-authored-by: Arne Schwabe <[email protected]> Co-authored-by: Jan Breuer <[email protected]> Co-authored-by: Canh Phan <[email protected]> Co-authored-by: Tomu Danura <[email protected]>

* Support mbedTLS version 3.x * Use the id_len instead of the master * Fix a finding * Replace mbedtls_ssl_flush_output() by altcp_mbedtls_flush_output() --------- Co-authored-by: Canh Phan <[email protected]> Co-authored-by: Tomu Danura <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Uh oh!

Commits on Oct 15, 2025

This comparison is taking too long to generate.

Uh oh!