From v5.1 to v5.2

PartitionStream: Breaking change

The Storage::PartitionStream constructors with blockErase parameter have been deprecated. The intended default behaviour is read-only, however previously this also allowed writing without block erase. This can result in corrupted flash contents where the flash has not been explicitly erased beforehand.

The new constructors instead use a Storage::Mode so behaviour is more explicit. The default is read-only and writes will now be failed. For example:

Storage::PartitionStream stream(myPartition, Storage::Mode::BlockErase);

64-bit time_t

There is some variability in whether time_t is 32 or 64 bits. See Issue #2758.

This is dependent on the toolchain and accompanying C library.

32-bits:

  • Esp32 IDF 4.x

  • Windows Host (using mingw)

  • Linux host builds prior to Sming v5.2

Building for these will generate a warning **Y2038** time_t is only 32-bits in this build configuration. If you cannot upgrade then build with STRICT set to 1.

Range of time_t:

value

Timestamp

-0x80000000

1901-12-13 20:45:52

0x00000000

1970-01-01 00:00:00

0x7fffffff

2038-01-19 03:14:07

All others use 64-bit values.

For reference, C library source code can be found here https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=newlib/libc/

Rp2040 builds with standard ARM toolkit so probably accommodated by the standard repo.

Espressif toolchains use forks:

Toolchain versions updated

Esp8266

The installer has been updated to use the latest toolchain (Feb 23), gcc 10.3.

Esp32 IDF

The installation scripts now install IDF version 5.2 by default. See IDF versions for further details.

RP2040

The installer has been updated to use the latest toolchain (Oct 23), gcc 13.2.

Bearssl client certificate validation

Using ENABLE_SSL=Bearssl in a client application, no verification on the server certificate is performed. This is a potential security issue.

Attempting the same thing with Axtls results in an X509_VFY_ERROR_NO_TRUSTED_CERT error. Applications must explicitly call HttpRequest::onSslInit() and set the verifyLater flag. This extra step ensures that security checks are not unintentionally bypassed.

The same behaviour is now presented when using Bearssl, and will now fail with X509_NOT_TRUSTED.