Commit Graph

1115 Commits

Author SHA1 Message Date
Frantisek Hrbata
99f9dd4c07 feat(docker): allow to add paths into git's safe.directory
With 8959555cee7e[1] ("setup_git_directory(): add an owner check for the top..")
git added an ownership check of the git directory and refuses to
run any git commands, even parsing the config file, if the git directory
is not owned by the current user. The "fatal: detected dubious ownership in repository"
is reported.

This fixes CVE-2022-24765[2], which allows to compromise user account. On a
multi-user system or e.g. on a shared file system, one user may create a "rogue"
git repository with e.g. core.fsmonitor set to an arbitrary command. Other user
may unwillingly execute this command by running e.g. git-diff or
git-status within the "rogue" git repository, which may be in one of the parent
directories. If e.g. PS1 is set to display information about a git
repository in CWD, as suggested in Git in Bash[3], the user do not need to run
any git command to trigger this, just entering some subdirectory under
this "rogue" git repository is enough, because the git command will be
started transparently through the script used in PS1. The core.fsmonitor
can be set to arbitrary command. It's purpose is to help git to identify changed files
and speed up the scanning for changed files.

rogue
├── .git     # owned by user1
└── dir1     # owned by user2
    ├── dir2 # owned by user2
    └── .git # owned by user2

user1 sets core.fsmonitor for git repository in rogue directory
$ git config --add core.fsmonitor "bash -c 'rm -rf \$HOME'"

user2 enters dir1 and runs e.g. git diff and triggers the core.fsmonitor command.

The ownership check may cause problems when running git commands in
ESP-IDF Docker container. For example user may run the container as
root, but the mounted project may be owned by a particular user.

In this case git will refuse to execute any git command within the
"/project" directory, because it's not owned by root. To overcome this,
git allows to set safe.directories, for which the ownership check is
skipped. The security check may be completely disabled by setting
safe.directories to "*". This solution was proposed in PR 12636[4], but
it would allow make it possible to exploit this vulnerability again.

This fix allows user to specify git's safe.directory in IDF_GIT_SAFE_DIR
environmental variable, which may be set during container startup.

The IDF_GIT_SAFE_DIR has same format as PATH and multiple directories can be
specified by using a ":" separator. To entirely disable this git security check
within the container, user may set IDF_GIT_SAFE_DIR='*'. This might be
heplfull in CI.

Closes https://github.com/espressif/esp-idf/pull/12636

[1] - 8959555cee
[2] - https://nvd.nist.gov/vuln/detail/cve-2022-24765
[3] - https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash
[4] - https://github.com/espressif/esp-idf/pull/12636

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-12-01 08:23:16 +01:00
Shang Zhou
c14d05ff61 docs: Update CN translation for api-guides/tools/idf-monitor.rst 2023-11-27 09:38:39 +01:00
Peter Dragun
c0e8969afa fix(tools/monitor): fix PRINT_FILTER env variable usage 2023-11-27 09:37:36 +01:00
Marius Vikhammer
0feef5f2f3 Merge branch 'backport/add_docs_for_coex_v51' into 'release/v5.1'
feat(docs) Add RF Coexist docs for H2(BackportV5.1)

See merge request espressif/esp-idf!27236
2023-11-23 13:57:42 +08:00
zwx
f710a49680 feat(docs) Add RF Coexist docs for H2 2023-11-22 17:04:55 +08:00
Jiang Jiang Jian
b3479b3164 Merge branch 'bugfix/docs_hw_breakpoints_num_v5.1' into 'release/v5.1'
fix(docs/jtag): Fix hard-coded HW breakpoints/watchpoints number (v5.1)

See merge request espressif/esp-idf!26500
2023-11-21 11:07:13 +08:00
Roland Dobai
53aaf3462f Merge branch 'feature/add_qemu_to_tools-json_v5.1' into 'release/v5.1'
Add QEMU to tools.json (v5.1)

See merge request espressif/esp-idf!26407
2023-11-16 18:54:46 +08:00
Jiang Guang Ming
e3a6001284 docs: add the description of CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL 2023-10-26 20:26:19 +08:00
Shen Weilong
ea06b047c2 feat(bt): Frees BLE memory when no longer in use
It will free libble.a & libbt all txt, data and bss segment memory.
          This memory is combined into one large memory and put into the heap
          pool.
2023-10-19 14:52:29 +08:00
xuxiao
bfe6a24c57 revert(lwip): Revert changes to LWIP task priority macro from MR 25020 (backport v5.1) 2023-10-17 14:39:39 +08:00
Nic Ballinger
235c82b6ee fix(docs/jtag): Fix hard-coded HW breakpoints/watchpoints number
Closes https://github.com/espressif/esp-idf/pull/11986
2023-10-16 17:30:36 +03:00
Anton Maklakov
be79c75b64 feat(tools): Add QEMU 8.0.0_20230522 to tools.json
Process wildcards in the install and download lists of idf_tools
    Fix the install and download handlers to get common behaviour
2023-10-11 12:28:47 +07:00
Ondrej Kosta
1199806d71 docs(esp_eth): added Ethernet to Improving Network Speed section 2023-09-25 10:54:08 +02:00
xuxiao
2a0a080c9f feat(doc): update wifi sections for H2 2023-09-21 14:28:12 +08:00
Jiang Jiang Jian
8ce86c32d0 Merge branch 'bugfix/fix_some_wifi_bugs_230913_v5.1' into 'release/v5.1'
fix(wifi): fix some wifi bugs 20230913(Backport v5.1)

See merge request espressif/esp-idf!25960
2023-09-18 12:09:31 +08:00
zhangwenxu
331cc97d01 feat(openthread): Add support to allocate message pool from PSRAM 2023-09-15 18:30:42 +08:00
Li Xiaoyi
dcddd48d6a Docs: add CN translation for api-guides/performance/speed.rst 2023-09-15 10:53:07 +08:00
Jiang Jiang Jian
bb8f10533f Merge branch 'docs/docker_image_flashing_v5.1' into 'release/v5.1'
docs(docker): Update Using Remote Serial Port chapter (backport v5.1)

See merge request espressif/esp-idf!25852
2023-09-15 10:26:37 +08:00
xuxiao
b74c293505 feat(wifi): optimize esp32c6 iperf performance 2023-09-14 10:14:13 +08:00
Shreyas Sheth
05915fee6e docs(wifi): Update wifi and wifi security documentation
1. Update documentation for WPA3 Enterprise and WPA3 Enterprise 192-bit
mode
2. Update documentation for WPA3 OWE and OWE transition mode
3. Update documentation related to SAE PK, SAE PWE and Transition Disable
4. Update documnetation for wifi connect API
5. Fix config paramter information for wifi scan start
6. Fix documentation related to scan threshold config setting
7. Replace ESP_ERR_WIFI_ARG error code as ESP_ERR_INVALID_ARG
8. Update documentation for 802.11R Fast transition
2023-09-14 10:14:13 +08:00
Jiang Jiang Jian
111779db5a Merge branch 'feature/configurable_wpa2_ent_v5.1' into 'release/v5.1'
Make enterprise support configurable to save binary size.(v5.1)

See merge request espressif/esp-idf!25558
2023-09-13 10:18:05 +08:00
Jakub Kocka
2c3c4adaa3 docs(docker): Update Using Remote Serial Port chapter
By default some shells such as zsh has NOMATCH option set (https://zsh.sourceforge.io/Doc/Release/Options.html).
The root cause of the problem is that while bash expands the parameter to itself if it does not match any filename, the zsh reports an error. IOW if we do % setopt nonomatch it will work even in zsh.

Closes https://github.com/espressif/esp-idf/issues/12060
2023-09-08 09:15:30 +02:00
Jiang Jiang Jian
b3717678c3 Merge branch 'docs/update_multi_antenna_switch_docs_v5.1' into 'release/v5.1'
Docs/update multi antenna switch docs v5.1(Backport v5.1)

See merge request espressif/esp-idf!25822
2023-09-08 10:18:43 +08:00
Krzysztof Budzynski
cbee3f67b2 Merge branch 'docs/add_Chinese_translation_for_api-guides/cplusplus.rst_backport_v5.1' into 'release/v5.1'
docs: provide CN translation for api-guides/cplusplus.rst (backport v5.1)

See merge request espressif/esp-idf!25755
2023-09-07 13:15:27 +08:00
Cai Xin Ying
36376e0eab docs: provide CN translation for api-guides/cplusplus.rst (backport v5.1) 2023-09-07 13:15:27 +08:00
muhaidong
01ebf0775e esp_wifi: update multi antenna switch docs 2023-09-07 11:06:28 +08:00
Krzysztof Budzynski
0954c0a231 Merge branch 'docs/add_Chinese_translation_for_api-guides/core_dump.rst_backport_v5.1' into 'release/v5.1'
docs: provide CN translation for api-guides/core_dump.rst and api-guides/core_dump_internals.rst (Backport v5.1)

See merge request espressif/esp-idf!25740
2023-09-05 14:44:29 +08:00
Cai Xin Ying
75e176fd21 docs: provide CN translation for api-guides/core_dump.rst and api-guides/core_dump_internals.rst (Backport v5.1) 2023-09-05 14:44:29 +08:00
Cai Xin Ying
ef5c85158d docs: provide CN translation for three short docs of api-guides (backport v5.1) 2023-09-05 11:11:27 +08:00
Jiang Jiang Jian
5fa0d2a83d Merge branch 'contrib/github_pr_9694_v5.1' into 'release/v5.1'
add low power doc and picture (GitHub PR)(backport v5.1)

See merge request espressif/esp-idf!25590
2023-08-30 14:56:31 +08:00
wang tao
164d5df66a add low power doc and picture
Merges https://github.com/espressif/esp-idf/pull/9694
2023-08-28 14:07:45 +08:00
Roland Dobai
84e5d91b4e Merge branch 'docs/uninstall_idf_v5.1' into 'release/v5.1'
docs(idf-tools): Add uninstallation instructions (backport v5.1)

See merge request espressif/esp-idf!25494
2023-08-25 14:27:54 +08:00
Roland Dobai
cc380696e4 Merge branch 'docs/monitor_rom_address_decoding_v5.1' into 'release/v5.1'
docs(esp_idf_monitor): ROM ELF address decoding (backport v5.1)

See merge request espressif/esp-idf!24856
2023-08-25 14:19:44 +08:00
aditi_lonkar
0624d5e58f esp_wifi: Make enterprise support configurable to save binary size. 2023-08-25 11:20:58 +05:30
morris
667493584c Merge branch 'bugfix/fix_psram_size_doc_s3_v5.1' into 'release/v5.1'
doc: update s3 psram vaddr max range size (v5.1)

See merge request espressif/esp-idf!25503
2023-08-24 17:36:48 +08:00
morris
fad1874ae2 Merge branch 'docs/add_Chinese_translation_for_api-guides_hardware-abstraction.rst_backport_v5.1' into 'release/v5.1'
docs: provide CN tranlsation for api-guides/hardware-abstraction.rst (backport v5.1)

See merge request espressif/esp-idf!25045
2023-08-24 10:06:39 +08:00
morris
faf5941978 Merge branch 'docs/add_Chinese_translation_for_api-guides/performance/ram-usage.rst_backport_v5.1' into 'release/v5.1'
docs: provide CN translation for api-guides/performance/ram-usage.rst (backport v5.1)

See merge request espressif/esp-idf!25038
2023-08-24 10:05:57 +08:00
Armando
83bab7591e doc: update s3 psram vaddr max range size 2023-08-23 19:10:58 +08:00
Krzysztof Budzynski
13f261a8ea Merge branch 'docs/add_Chinese_translation_for_api-guides/openthread.rst_backport_v5.1' into 'release/v5.1'
provide CN translation for api-guides/openthread.rst (backport v5.1)

See merge request espressif/esp-idf!25048
2023-08-23 19:09:08 +08:00
Cai Xin Ying
60164a230c provide CN translation for api-guides/openthread.rst (backport v5.1) 2023-08-23 19:09:07 +08:00
Shang Zhou
3a3c9a73f0 docs: Update CN translation for get-started/index.rst 2023-08-23 11:19:43 +02:00
radim.karnis
4e88f767cd docs(idf-tools): Add uninstallation instructions 2023-08-23 11:19:33 +02:00
Jiang Guang Ming
fdc8654c55 docs: add new mbedtls configuration option in optimize size 2023-08-11 16:40:38 +08:00
caixinying-git
2e8dea7622 docs: provide CN tranlsation for api-guides/hardware-abstraction.rst 2023-07-28 14:42:03 +08:00
caixinying-git
d5c6719a69 docs: provide CN translation for api-guides/performance/ram-usage.rst 2023-07-28 11:59:21 +08:00
radim.karnis
c4b984734f docs(esp_idf_monitor): ROM ELF address decoding 2023-07-27 06:50:36 +00:00
Shu Chen
d8db9235ff Merge branch 'backport/update_docs_for_openthread' into 'release/v5.1'
docs(openthread): update openthread README for H2 and C6 (Backport v5.1)

See merge request espressif/esp-idf!24750
2023-07-13 17:10:36 +08:00
muhaidong
d4bb163e32 lower the dhcp discover and request retry backoff time 2023-07-13 11:49:12 +08:00
zhangwenxu
30c5638ce6 docs(openthread): update openthread README for H2 and C6 2023-07-12 20:51:58 +08:00
Darian Leung
074850e87c wifi: Fix typos and formatting issues with wifi.rst
- Used code-blocks for correct highlighting
- Use inline literals for macros
- Fixed some typos
2023-07-12 16:44:17 +08:00