Commit Graph

3478 Commits

Author SHA1 Message Date
Frantisek Hrbata
99f9dd4c07 feat(docker): allow to add paths into git's safe.directory
With 8959555cee7e[1] ("setup_git_directory(): add an owner check for the top..")
git added an ownership check of the git directory and refuses to
run any git commands, even parsing the config file, if the git directory
is not owned by the current user. The "fatal: detected dubious ownership in repository"
is reported.

This fixes CVE-2022-24765[2], which allows to compromise user account. On a
multi-user system or e.g. on a shared file system, one user may create a "rogue"
git repository with e.g. core.fsmonitor set to an arbitrary command. Other user
may unwillingly execute this command by running e.g. git-diff or
git-status within the "rogue" git repository, which may be in one of the parent
directories. If e.g. PS1 is set to display information about a git
repository in CWD, as suggested in Git in Bash[3], the user do not need to run
any git command to trigger this, just entering some subdirectory under
this "rogue" git repository is enough, because the git command will be
started transparently through the script used in PS1. The core.fsmonitor
can be set to arbitrary command. It's purpose is to help git to identify changed files
and speed up the scanning for changed files.

rogue
├── .git     # owned by user1
└── dir1     # owned by user2
    ├── dir2 # owned by user2
    └── .git # owned by user2

user1 sets core.fsmonitor for git repository in rogue directory
$ git config --add core.fsmonitor "bash -c 'rm -rf \$HOME'"

user2 enters dir1 and runs e.g. git diff and triggers the core.fsmonitor command.

The ownership check may cause problems when running git commands in
ESP-IDF Docker container. For example user may run the container as
root, but the mounted project may be owned by a particular user.

In this case git will refuse to execute any git command within the
"/project" directory, because it's not owned by root. To overcome this,
git allows to set safe.directories, for which the ownership check is
skipped. The security check may be completely disabled by setting
safe.directories to "*". This solution was proposed in PR 12636[4], but
it would allow make it possible to exploit this vulnerability again.

This fix allows user to specify git's safe.directory in IDF_GIT_SAFE_DIR
environmental variable, which may be set during container startup.

The IDF_GIT_SAFE_DIR has same format as PATH and multiple directories can be
specified by using a ":" separator. To entirely disable this git security check
within the container, user may set IDF_GIT_SAFE_DIR='*'. This might be
heplfull in CI.

Closes https://github.com/espressif/esp-idf/pull/12636

[1] - 8959555cee
[2] - https://nvd.nist.gov/vuln/detail/cve-2022-24765
[3] - https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash
[4] - https://github.com/espressif/esp-idf/pull/12636

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-12-01 08:23:16 +01:00
Shang Zhou
c14d05ff61 docs: Update CN translation for api-guides/tools/idf-monitor.rst 2023-11-27 09:38:39 +01:00
Peter Dragun
c0e8969afa fix(tools/monitor): fix PRINT_FILTER env variable usage 2023-11-27 09:37:36 +01:00
Jiang Jiang Jian
3ba577165c Merge branch 'bugfix/esp32s3_usb_otg_console_v5.1' into 'release/v5.1'
system: support USB_OTG CDC console on ESP32-S3 (v5.1)

See merge request espressif/esp-idf!24337
2023-11-24 10:19:02 +08:00
Marius Vikhammer
0feef5f2f3 Merge branch 'backport/add_docs_for_coex_v51' into 'release/v5.1'
feat(docs) Add RF Coexist docs for H2(BackportV5.1)

See merge request espressif/esp-idf!27236
2023-11-23 13:57:42 +08:00
zwx
f710a49680 feat(docs) Add RF Coexist docs for H2 2023-11-22 17:04:55 +08:00
Shu Chen
ecbbd3c3d9 Merge branch 'backport/add_ot_radio_stats_enable_config_5_1' into 'release/v5.1'
feat(openthread): backport some openthread features(BackportV5.1)

See merge request espressif/esp-idf!26885
2023-11-22 12:23:53 +08:00
Ivan Grokhotkov
22dd730a7c
esp_rom: convert USB related headers to SPDX, update COPYRIGHTS.rst 2023-11-21 17:33:30 +01:00
Aditya Patwardhan
514cd783a3 Merge branch 'bugfix/esp32h2_ecdsa_hardware_k_v5.1' into 'release/v5.1'
fix(esp32h2): program use_hardware_k efuse bit for ECDSA key purpose (v5.1)

See merge request espressif/esp-idf!27271
2023-11-21 13:57:38 +08:00
Jiang Jiang Jian
d578395041 Merge branch 'bugfix/secure_boot_v2_docs_v5.1' into 'release/v5.1'
fix(docs): correct the target specific macros for secure boot v2 guide (v5.1)

See merge request espressif/esp-idf!27170
2023-11-21 11:10:41 +08:00
Jiang Jiang Jian
b3479b3164 Merge branch 'bugfix/docs_hw_breakpoints_num_v5.1' into 'release/v5.1'
fix(docs/jtag): Fix hard-coded HW breakpoints/watchpoints number (v5.1)

See merge request espressif/esp-idf!26500
2023-11-21 11:07:13 +08:00
morris
6bc8a025d5 Merge branch 'bugfix/ledc_max_duty_cycle_v5.1' into 'release/v5.1'
fix(ledc): fix ledc driver 100% duty cycle configuration (backport v5.1)

See merge request espressif/esp-idf!27179
2023-11-21 10:58:16 +08:00
Mahavir Jain
78453c8918
docs(ecdsa): add a note about TRNG dependency for ECDSA peripheral 2023-11-20 16:17:51 +05:30
Mahavir Jain
d9abb44049
docs: add ECDSA peripheral chapter for H2/P4
- Add ECDSA peripheral chapter and instructions to program efuse key block
- Update security guide for ECDSA peripheral mention for device identity
- Link with ESP-TLS guide about using ECDSA peripheral in TLS connection
2023-11-20 16:13:35 +05:30
Harshit Malpani
7d6ef329d7
docs: Add documentation for using ECDSA peripheral with TLS 2023-11-17 16:25:58 +05:30
morris
1b3713f7cd Merge branch 'feature/support_adc_calibration_on_h2_v5.1' into 'release/v5.1'
adc_cali: supported adc calibration v1 on ESP32H2 (v5.1)

See merge request espressif/esp-idf!26963
2023-11-17 16:41:00 +08:00
morris
ddb6d22468 Merge branch 'feature/gpio_dump_io_info_v5.1' into 'release/v5.1'
feat(gpio): add a dump API to dump IO configurations (v5.1)

See merge request espressif/esp-idf!26870
2023-11-17 16:30:22 +08:00
morris
ceb0aec0cc Merge branch 'bugfix/rmt_stop_issue_v5.1' into 'release/v5.1'
fix(rmt): a disabled channel may pick up a pending transaction (v5.1)

See merge request espressif/esp-idf!26779
2023-11-17 16:27:21 +08:00
morris
a32f0cf11e Merge branch 'feature/mcpwm_trigger_driver_v5.1' into 'release/v5.1'
feature(MCPWM): Add MCPWM trigger driver (v5.1)

See merge request espressif/esp-idf!26787
2023-11-17 16:17:34 +08:00
Song Ruo Jing
03299962f6 fix(ledc): fix ledc driver 100% duty cycle configuration
Update ledc duty cycle value range in doxygen.
Fix duty configuration error at 100% duty cycle for ESP32.
Improve LEDC API doxygen.

Closes https://github.com/espressif/esp-idf/pull/11516
Closes https://github.com/espressif/esp-idf/issues/12593
Closes https://github.com/espressif/esp-idf/issues/12083
2023-11-17 12:38:32 +08:00
Roland Dobai
53aaf3462f Merge branch 'feature/add_qemu_to_tools-json_v5.1' into 'release/v5.1'
Add QEMU to tools.json (v5.1)

See merge request espressif/esp-idf!26407
2023-11-16 18:54:46 +08:00
Mahavir Jain
5f9f8ac068
fix(docs): correct the target specific macros for secure boot v2 guide
It appears that target specific or'ing is not supported through the
docs build. Actual text rendering on the docs site was still using
"default" field from the custom macro, rather than using target
specific.
2023-11-15 15:37:59 +05:30
morris
bfeae3857c feat(rmt): support calling rmt_receive in ISR callback 2023-11-15 05:57:45 +00:00
morris
d260d43168 fix(rmt): a disabled channel may pick up a pending transaction
because in the trans_done interrupt, the driver didn't check the channel FSM
2023-11-15 05:57:45 +00:00
Chen Jichang
0ce2683d81 feature(MCPWM): Add MCPWM trigger driver and test
Each MCPWM operator has two Trigger (named T0 and T1), and they can be
routed to GPIO fault signal or timer sync event.Generator can be set up
to perform different action on Trigger event.
This commit add a trigger driver and a test for the driver.
2023-11-15 05:57:37 +00:00
Marius Vikhammer
3d296723f3 Merge branch 'bugfix/fix_freertos_system_task_names_v5.1' into 'release/v5.1'
fix(freertos): Updated IDLE task names for each core to have the coreID as a suffix (v5.1)

See merge request espressif/esp-idf!26118
2023-11-14 16:35:25 +08:00
Jiang Jiang Jian
822aa69a4b Merge branch 'feature/support_esp32c2_rom_mbedtls_v5.1' into 'release/v5.1'
feat(mbedtls): support c2 mbedtls can use crypto algorithm in ROM (backport v5.1)

See merge request espressif/esp-idf!26698
2023-11-14 15:10:20 +08:00
morris
efafacae40 Merge branch 'feature/mcpwm_timer_change_freq_v5.1' into 'release/v5.1'
feat(mcpwm): support update timer period dynamically (v5.1)

See merge request espressif/esp-idf!26624
2023-11-13 17:55:52 +08:00
gaoxu
df46426321 docs(adc): added adc calibration doc on h2 2023-11-13 03:04:03 +00:00
Armando
6de9757a4b fix(adc): rename ADC_ATTEN_DB_11 to ADC_ATTEN_DB_12
By design, it's 12 dB. There're errors among chips, so the actual
attenuation will be 11dB more or less
2023-11-07 14:09:21 +08:00
Song Ruo Jing
4892c481b5 feat(gpio): add a dump API to dump IO configurations
Merges https://github.com/espressif/esp-idf/pull/12511
2023-11-03 16:21:31 +08:00
Lou Tianhao
b27b124898 docs(pm): add ext1 wakeup per pin description 2023-11-03 11:02:56 +08:00
Shyamal Khachane
8bea4c4f1d docs(esp_wifi): Fix inconsistency in NAN documentation 2023-11-01 12:53:58 +05:30
Jiang Guang Ming
76bd3ab832 docs: Update COPYRIGHT.rst since mbedtls supported in C2 ROM 2023-10-26 20:28:03 +08:00
Jiang Guang Ming
e3a6001284 docs: add the description of CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL 2023-10-26 20:26:19 +08:00
morris
9b4a42e728 feat(mcpwm): support update timer period dynamically
Implement the requirement asked in
https://www.esp32.com/viewtopic.php?f=13&t=35919
2023-10-24 10:11:47 +08:00
Shen Weilong
ea06b047c2 feat(bt): Frees BLE memory when no longer in use
It will free libble.a & libbt all txt, data and bss segment memory.
          This memory is combined into one large memory and put into the heap
          pool.
2023-10-19 14:52:29 +08:00
xuxiao
bfe6a24c57 revert(lwip): Revert changes to LWIP task priority macro from MR 25020 (backport v5.1) 2023-10-17 14:39:39 +08:00
Nic Ballinger
235c82b6ee fix(docs/jtag): Fix hard-coded HW breakpoints/watchpoints number
Closes https://github.com/espressif/esp-idf/pull/11986
2023-10-16 17:30:36 +03:00
Anton Maklakov
be79c75b64 feat(tools): Add QEMU 8.0.0_20230522 to tools.json
Process wildcards in the install and download lists of idf_tools
    Fix the install and download handlers to get common behaviour
2023-10-11 12:28:47 +07:00
Jiang Jiang Jian
4b3cc2aa02 Merge branch 'feature/eth_iram_optimization_v5.1' into 'release/v5.1'
feat(esp_eth): added IRAM optimization option for internal EMAC (v5.1)

See merge request espressif/esp-idf!25842
2023-09-27 10:34:00 +08:00
Jiang Jiang Jian
face850973 Merge branch 'feature/rename_wpa2_ent_to_eap_client_v5.1' into 'release/v5.1'
WiFi: Rename WPA2 enterprise APIs to EAP Client. (v5.1)

See merge request espressif/esp-idf!26082
2023-09-26 13:30:52 +08:00
Ondrej Kosta
1199806d71 docs(esp_eth): added Ethernet to Improving Network Speed section 2023-09-25 10:54:08 +02:00
Kapil Gupta
52120cde26 change(wifi): Add supplicant's public API header files to doc 2023-09-25 10:54:52 +05:30
laokaiyao
1880ddca9e docs(dac): added the explanation to Vref (v5.1) 2023-09-22 14:24:13 +08:00
Krzysztof Budzynski
cef55b1712 Merge branch 'docs/add_Chinese_translation_for_api-reference/peripherals/clk_trees.rst_backport_v5.1' into 'release/v5.1'
docs: provide CN translation for api-reference/peripherals/clk_tree.rst (Backport v5.1)

See merge request espressif/esp-idf!26108
2023-09-22 10:52:59 +08:00
Cai Xin Ying
198ea10c59 docs: provide CN translation for api-reference/peripherals/clk_tree.rst (Backport v5.1) 2023-09-22 10:52:56 +08:00
Krzysztof Budzynski
c395dd3781 Merge branch 'docs/add_Chinese_translation_for_api-reference/peripherals/spi_slave_hd.rst_backport_v5.1' into 'release/v5.1'
docs: provide CN translation for api-reference/peripherals/spi_slave_hd.rst (Backport v5.1)

See merge request espressif/esp-idf!26107
2023-09-22 10:52:31 +08:00
Cai Xin Ying
fb969a4411 docs: provide CN translation for api-reference/peripherals/spi_slave_hd.rst (Backport v5.1) 2023-09-22 10:52:31 +08:00
Krzysztof Budzynski
6d9046a64d Merge branch 'docs/add_Chinese_translation_for_api-reference_peripherals_sdspi_host.rst_backport_v5.1' into 'release/v5.1'
docs: provide CN translation for api-reference/peripherals/sdspi_host.rst (Backport v5.1)

See merge request espressif/esp-idf!26106
2023-09-22 10:52:18 +08:00