RunsOn v2.12.0 (March 6, 2026) removed v1 cache toolkit support,
causing the buildx GHA cache proxy to return 404 for v1 endpoints.
This has broken container builds on main since March 12.
Removing the explicit version=1 parameter lets buildkit auto-detect
the v2 protocol, which is the only version now supported by both
GitHub (since April 2025) and RunsOn.
First build after this change will have a cold cache.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
The mavlink_tests module was deleted in 1009268d311 but several
references were left behind, breaking builds on all targets.
Removed:
- CMakeLists.txt: add_subdirectory(mavlink_tests)
- mavlink_ftp.cpp: #include of deleted mavlink_ftp_test.h
- mavlink_ftp.h: MavlinkFtpTest forward decl and friend class
- posix-configs/SITL/init/test/test_mavlink: dead init script
- sitl_tests.cmake: sitl-mavlink CTest target
- install-voxl.sh: px4-mavlink_tests symlink
Ref: https://github.com/PX4/PX4-Autopilot/issues/26738
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Reject Zenoh payloads that exceed the expected uORB topic size plus
CDR header (4 bytes), or that are too small to contain a valid CDR
header. This prevents a stack overflow from crafted network input
where z_bytes_len(payload) controls a VLA allocation.
Fixes GHSA-69g4-hcqf-j45p
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Use logical OR (||) instead of AND (&&) in _workWrite() and _workBurst()
session validation, matching the correct logic already used in _workRead()
and _workTerminate(). The AND operator allowed operations to proceed with
an invalid session ID as long as a valid file descriptor existed.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Remove the old MAVLINK_FTP_UNIT_TEST infrastructure that has been dead
code for years (not enabled in any board config). This includes:
- src/modules/mavlink/mavlink_tests/ directory (test suite, CMakeLists)
- All #ifdef MAVLINK_FTP_UNIT_TEST blocks in mavlink_ftp.cpp
- set_unittest_worker() callback mechanism in mavlink_ftp.h
- Conditional uAvionix include in mavlink_bridge_header.h
The test suite will be ported to GTest as a follow-up.
Ref: https://github.com/PX4/PX4-Autopilot/issues/26738
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Add bounds checking in the CAN frame assembly loop to prevent a buffer
overflow when copying payloads into the Tattu12SBatteryMessage struct.
A crafted CAN frame with a corrupt payload_size could write past the
48-byte struct boundary. Also guard against payload_size of 0 which
would cause an unsigned integer underflow on the size_t subtraction.
Fixes GHSA-wxwm-xmx9-hr32
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Variable-length known packet types (CRSF_PACKET_TYPE_ELRS_STATUS,
CRSF_PACKET_TYPE_LINK_STATISTICS_TX, CRSF_PACKET_TYPE_MSP_WRITE)
bypassed the bounds check that exists for unknown packets. A crafted
packet with a large size field could overflow the 64-byte process_buffer
during QueueBuffer_PeekBuffer() in the CRC state.
Apply the same CRSF_MAX_PACKET_LEN bounds check to variable-length
known packets that already exists for unknown packets.
Fixes GHSA-mqgj-hh4g-fg5p
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Reject replies with length >= sizeof(BSTPacket) to prevent OOB read
in CRC calculation. Clamp dev_name_len to buffer size to prevent OOB
write during null termination.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
airframes.xml and all_events.json.xz on the px4-travis S3 bucket have
been stale since October 2025 because package_build_artifacts.sh had
wrong paths for both files after the migration from metadata.yml to
build_all_targets.yml.
- airframes.xml: SITL builds produce it under docs/, not at the build
root (only NuttX does that). Use explicit file checks to try both.
- all_events.json.xz: was copied flat into artifacts/$build_dir/ but
the _general section expected it under events/. Preserve the
subdirectory so the copy to _general/ actually finds the file.
- Remove duplicate cp lines that were misleadingly commented as
"ROS 2 msgs".
- Fail with an error when critical _general metadata files are missing
rather than silently producing incomplete artifacts.
Also uploaded fresh metadata to S3 manually to unblock Flight Review.
Fixes#26713
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Add explicit coding standards section referencing astyle and
clang-tidy enforcement. Add formal test policy requiring tests
where practical and types of tests table.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Update supported versions to 1.16.x, add response process with
7-day acknowledgment timeline, reporter credit policy, and secure
development practices section.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
* docs(mavlink): add security hardening guide for production deployments
Add a dedicated security hardening page covering MAVLink authentication
risks, a hardening checklist (enable signing, secure physical access,
secure network links), and integrator responsibility for deployment
security. Add a warning block to the main MAVLink page linking to the
new guide.
---------
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
* docs(ekf2): clarify EKF2_HGT_REF param description
To me it was not obvious that with EKF2_GPS_CTRL=0 this altitude
initialisation based on GPS again does not apply.
* docs(ekf2): separate paragraph
