Commit Graph

28436 Commits

Author SHA1 Message Date
Frantisek Hrbata
13e4c1a9e7 feat(docker): allow to add paths into git's safe.directory
With 8959555cee7e[1] ("setup_git_directory(): add an owner check for the top..")
git added an ownership check of the git directory and refuses to
run any git commands, even parsing the config file, if the git directory
is not owned by the current user. The "fatal: detected dubious ownership in repository"
is reported.

This fixes CVE-2022-24765[2], which allows to compromise user account. On a
multi-user system or e.g. on a shared file system, one user may create a "rogue"
git repository with e.g. core.fsmonitor set to an arbitrary command. Other user
may unwillingly execute this command by running e.g. git-diff or
git-status within the "rogue" git repository, which may be in one of the parent
directories. If e.g. PS1 is set to display information about a git
repository in CWD, as suggested in Git in Bash[3], the user do not need to run
any git command to trigger this, just entering some subdirectory under
this "rogue" git repository is enough, because the git command will be
started transparently through the script used in PS1. The core.fsmonitor
can be set to arbitrary command. It's purpose is to help git to identify changed files
and speed up the scanning for changed files.

rogue
├── .git     # owned by user1
└── dir1     # owned by user2
    ├── dir2 # owned by user2
    └── .git # owned by user2

user1 sets core.fsmonitor for git repository in rogue directory
$ git config --add core.fsmonitor "bash -c 'rm -rf \$HOME'"

user2 enters dir1 and runs e.g. git diff and triggers the core.fsmonitor command.

The ownership check may cause problems when running git commands in
ESP-IDF Docker container. For example user may run the container as
root, but the mounted project may be owned by a particular user.

In this case git will refuse to execute any git command within the
"/project" directory, because it's not owned by root. To overcome this,
git allows to set safe.directories, for which the ownership check is
skipped. The security check may be completely disabled by setting
safe.directories to "*". This solution was proposed in PR 12636[4], but
it would allow make it possible to exploit this vulnerability again.

This fix allows user to specify git's safe.directory in IDF_GIT_SAFE_DIR
environmental variable, which may be set during container startup.

The IDF_GIT_SAFE_DIR has same format as PATH and multiple directories can be
specified by using a ":" separator. To entirely disable this git security check
within the container, user may set IDF_GIT_SAFE_DIR='*'. This might be
heplfull in CI.

Closes https://github.com/espressif/esp-idf/pull/12636

[1] - 8959555cee
[2] - https://nvd.nist.gov/vuln/detail/cve-2022-24765
[3] - https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash
[4] - https://github.com/espressif/esp-idf/pull/12636

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-12-01 08:31:06 +01:00
Island
a060a261ef Merge branch 'bugfix/ble_update_lib_20231124_v5.0' into 'release/v5.0'
ble(update):Update c2 lib to 79ed4e8a

See merge request espressif/esp-idf!27392
2023-12-01 13:58:16 +08:00
Jiang Jiang Jian
c56fa7ce36 Merge branch 'bugfix/fix_wifi_deinit_s_wifi_modem_sleep_lock_v5.0' into 'release/v5.0'
fix(wifi): fix wifi deinit s_wifi_modem_sleep_lock

See merge request espressif/esp-idf!27449
2023-12-01 13:57:41 +08:00
Jin Cheng
db287328bc fix(bt/bluedroid): Set the alarm_arg to NULL after releasing to avoid double free in L2CAP layer 2023-11-30 20:14:31 +08:00
Jin Cheng
bab64a98d8 fix(bt/bluedroid): Set the alarm_arg to NULL after releasing to avoid double free in BTC layer 2023-11-30 20:14:31 +08:00
Michael (XIAO Xufeng)
3cab1a00bc Merge branch 'feat/max_ver_c3_199_v5.0' into 'release/v5.0'
feat(soc): Increase max supported version of C3 to 1.99 (v5.0)

See merge request espressif/esp-idf!26824
2023-11-30 17:01:13 +08:00
Harshit Malpani
c2f66b5d89
fix(esp_http_client): Fix esp_http_client async mode
Closes https://github.com/espressif/esp-idf/issues/12358
2023-11-30 12:11:43 +05:30
Liu Linyan
4de66ad588 fix(ble_mesh): Enable relay by default for the specific dev role 2023-11-30 12:28:32 +08:00
zhanghaipeng
9ab954096a fix(bt/bluedroid): Fix bluedroid menuconfig 2023-11-30 10:39:06 +08:00
zhanghaipeng
92080994fd docs(bt/bluedroid): Update ble example document 2023-11-30 10:38:43 +08:00
Michael (XIAO Xufeng)
893725dd40 feat(soc): Increase max supported version of C3 to 1.99 2023-11-29 15:52:09 +08:00
luomanruo
0b71f8a2d2 ble(fix): fix RX issue on ESP32-C2(amend) 2023-11-29 11:05:11 +08:00
liuning
606360d33d fix(wifi): fix wifi deinit s_wifi_modem_sleep_lock 2023-11-28 20:52:42 +08:00
morris
f73a701e3c fix(i80_lcd): enhance the check of a valid data phase
in case the user passes a (uint8_t){0x00} parameter with the perameter size
set to zero
2023-11-28 09:57:21 +08:00
David Cermak
41cd40e7f3 fix(esp_netif): Make esp_netif_next_unsafe() public and update usage
Updates usage of esp_netif_next() in examples and tests
* Uses netif_find_if() in IPv6 examples
* Fixes esp_netif_next() usage in L2TAP
2023-11-27 08:22:55 +01:00
David Cermak
b3954c198d feat(esp_netif): Added new API to search in netif list 2023-11-27 08:22:55 +01:00
David Cermak
104a1eeb16 fix(esp_netif): Fix races in netif object locking 2023-11-27 08:22:51 +01:00
Roman Leonov
e50593662f fix(usb/host): remove bInterval verification during pipe opening for INTR and ISOC EPs 2023-11-24 16:26:08 +01:00
Tomas Rezucha
9cdd6ac5f1 fix(usb/host): Do not abort on string descriptor overflow
Some devices return full LANGID table, even if short LANGID table was requested.
No memory overflow occurs, because we have allocated enough memory for transfers to the
default pipe. So we can ignore the error and continue with string desc fetching.
2023-11-24 16:25:54 +01:00
Darian Leung
ce351790a8 refactor(hal/usb_dwc): Add DWC OTG configuration values
This commit adds a subset of the DWC OTG configuration values to the
'usb_dwc_ll.h' file. Only relevant configuration values have been added.

Some DWC OTG releated constants have also been moved from 'usb_dwc_hal.h'
to 'usb_dwc_ll.h' and renamed.
2023-11-24 16:25:02 +01:00
Darian Leung
ec2ba71f97 refactor(soc): SOC_USB_PERIPH_NUM option
This commit refactors SOC_USB_PERIPH_NUM as follows:

- Renamed to SOC_USB_OTG_PERIPH_NUM to avoid confusion with USB Serial JTAG
- Updated to unsigned integer "1U"
- Updated some build rules to depend on SOC_USB_OTG_SUPPORTED instead
2023-11-24 16:21:07 +01:00
luomanruo
71ed11a7f0 ble: update rom.ld file 2023-11-24 20:35:07 +08:00
luomanruo
b147fcad42 ble: update sdkconfig_version on ESP32C2, ESP32H2 and ESP32C6 2023-11-24 20:17:28 +08:00
luomanruo
d8dd468631 ble(fix): fix RX issue on ESP32-C2 2023-11-24 19:44:11 +08:00
luomanruo
69e7b56c48 ble:
Update c2 lib to 79ed4e8a
2023-11-24 19:20:54 +08:00
Alexey Lapshin
f7a6ca13e9 feat(tools): update gdb version to 12.1_20231023 2023-11-24 11:17:52 +04:00
Jiang Jiang Jian
32160c7b74 Merge branch 'bugfix/fix_ps_none_wake_null_v5.0' into 'release/v5.0'
fix(wifi): fix endless wake null at ps none mode (v5.0)

See merge request espressif/esp-idf!27346
2023-11-23 23:57:07 +08:00
Ondrej Kosta
3c8b6d328c feat(esp_eth): added ioctl option to read/write PHY registers
LAN87xx: Added extra delay after setting PHY speed
2023-11-23 15:34:34 +01:00
Ondrej Kosta
4da9358402 fix(esp_eth): various Ethernet driver fixes
ksz8851snl: enabled reception of multicast frames

Internal EMAC: fixed APLL CLK deinitialization

DM9051 and KSZ80xx: fixed speed configuration when not in loopback mode

phy_802_3: added multiple attempts when autodetecting PHY address
2023-11-23 13:14:31 +00:00
Bogdan Kolendovskyy
64ee5098b2 esp_eth: fixed chip drivers to reflect chip specific loopback behaviour
In esp_eth_phy_802_3.h:
Make 802.3 API public.

In esp_eth_phy_802_3.c:
Add loopback check in eth_phy_802_3_set_duplex(). Now ESP_ERR_INVALID_STATE is invoked on attempt to set duplex to half
when loopback is enabled.
Remove static property from esp_eth_phy_802_3_autonego_ctrl and esp_eth_phy_802_3_loopback.

In esp_eth_phy_dm9051.c:
Add dm9051_loopback() because DM9051 requires setting additional bit to enable auto-negotiation loopback for data to be
received. Add dm9051_set_speed() which invokes ESP_ERR_INVALID_STATE on attempt to set speed to 10 Mbps when loopback is
enabled because such speed configuration is unsupported.

In esp_eth_phy_ksz80xx.c:
Add ksz80xx_set_speed() which invokes ESP_ERR_INVALID_STATE on attempt to set speed to 10 Mbps when loopback is enabled
because such speed configuration is unsupported.

In esp_eth_phy_ksz8851snl.c:
Change phy_ksz8851_set_duplex() to invoke ESP_ERR_INVALID_STATE on attempt to set duplex to half when loopback is enabled.

In  esp_eth_phy_dp83848.c, esp_eth_phy_rtl8201.c:
Add autonego_ctrl implementation which prevents enabling autonegotiation when loopback is enabled.
Add loopback implementation which disables autonegotiation prior to enabling loopback.

In esp_eth_phy_lan87xx.c:
Add autonego_ctrl implementation which prevents enabling autonegotiation when loopback is enabled.
Add loopback implementation which disables autonegotiation prior to enabling loopback.
Fix link indicating being down when loopback is enabled by force setting link up.
2023-11-23 13:14:31 +00:00
Jiang Jiang Jian
15825570a3 Merge branch 'contrib/github_pr_12052_v5.0' into 'release/v5.0'
Two small patches for build system and fatfs (GitHub PR) (v5.0)

See merge request espressif/esp-idf!26432
2023-11-23 19:27:38 +08:00
Jiang Jiang Jian
eaba52d7df Merge branch 'fix/remove_deprecated_bt_example_sdkfonfigs_v5.0' into 'release/v5.0'
ci(bt/bluedroid): remove configs that are not in effect (backport v5.0)

See merge request espressif/esp-idf!27283
2023-11-23 19:14:14 +08:00
Jiang Jiang Jian
893dac658e Merge branch 'bugfix/validate_random_address_v5.0' into 'release/v5.0'
fix(nimble): Added check to validate allowed random address (v5.0)

See merge request espressif/esp-idf!26929
2023-11-23 19:12:15 +08:00
nilesh.kale
54bf1e708b fix: fix preencrypted ota failed with pytest server and partial http enabled 2023-11-23 12:48:28 +05:30
Jiang Jiang Jian
ae02cc7b7c Merge branch 'feat/dynamic_integration_pipeline_v5.0' into 'release/v5.0'
CI: dynamic integration pipeline v5.0

See merge request espressif/esp-idf!26947
2023-11-23 15:17:12 +08:00
Jiang Jiang Jian
85651c507f Merge branch 'contrib/github_pr_12558_v5.0' into 'release/v5.0'
Fix: esptool_py incorrectly assumed target name equals binary name (GitHub PR) (v5.0)

See merge request espressif/esp-idf!27272
2023-11-23 15:13:59 +08:00
nilesh.kale
47fe2499ca fix(component-esp_https_ota): Fix wrong debug print for ota upgrade size 2023-11-23 12:28:50 +05:30
Jiang Jiang Jian
a8caeb9af4 Merge branch 'bugfix/fix_lightsleep_current_leakage_on_usj_pad_v5.0' into 'release/v5.0'
fix(esp_hw_support): fix lightsleep current leakage on usb pad (backport v5.0)

See merge request espressif/esp-idf!27208
2023-11-23 14:46:38 +08:00
zhangyanjiao
0b740b3b80 fix(wifi): fix endless wake null at ps none mode 2023-11-23 14:43:40 +08:00
Jiang Jiang Jian
cba997763d Merge branch 'bugfix/fix_some_wifi_bugs_231121_v5.0' into 'release/v5.0'
fix(wifi): fix some wifi bugs(Backport v5.0)

See merge request espressif/esp-idf!27306
2023-11-23 14:41:40 +08:00
morris
f97e379122 Merge branch 'fix/twai_crash_on_s3_gpio_19and20' into 'release/v5.0'
fix(twai): example crash using usb-serial-jtag gpio (v5.0)

See merge request espressif/esp-idf!26660
2023-11-23 14:34:20 +08:00
morris
3bb601cee7 Merge branch 'feature/mcpwm_trigger_driver_v5.0' into 'release/v5.0'
feature(MCPWM): Add MCPWM trigger driver (v5.0)

See merge request espressif/esp-idf!26788
2023-11-23 14:33:20 +08:00
Jiang Jiang Jian
5f497153f7 Merge branch 'bugfix/rmt_stop_issue_v5.0' into 'release/v5.0'
fix(rmt): a disabled channel may pick up a pending transaction (v5.0)

See merge request espressif/esp-idf!26780
2023-11-23 14:27:25 +08:00
Rahul Tank
94c90c71bc fix(nimble): Added check to validate allowed random address 2023-11-23 10:37:54 +05:30
morris
28224b3af5 Merge branch 'bugfix/fix_wrong_adc_attenuation_name_v5.0' into 'release/v5.0'
fix(adc): rename ADC_ATTEN_DB_11 to ADC_ATTEN_DB_12 (v5.0)

See merge request espressif/esp-idf!26968
2023-11-23 12:04:24 +08:00
Jiang Jiang Jian
20d82594d7 Merge branch 'bugfix/ble_gap_connect_v5.0' into 'release/v5.0'
fix(nimble):Handled the Load access fault crash caused due to an invalid setting of index-variable 'reattempt_idx'.(v5.0)

See merge request espressif/esp-idf!26950
2023-11-23 12:03:59 +08:00
morris
692952d60e Merge branch 'bugfix/ledc_max_duty_cycle_v5.0' into 'release/v5.0'
fix(ledc): fix ledc driver 100% duty cycle configuration (backport v5.0)

See merge request espressif/esp-idf!27228
2023-11-23 12:03:28 +08:00
Jiang Jiang Jian
a5c2e40416 Merge branch 'bugfix/ble_update_lib_1110_5.0' into 'release/v5.0'
Bugfix/ble update lib 1110 5.0

See merge request espressif/esp-idf!27063
2023-11-23 11:05:29 +08:00
Jiang Jiang Jian
457c00eead Merge branch 'fix/ci_autocomplete_v5.0' into 'release/v5.0'
Tools, CI: Improve autocomplete tests (v5.0)

See merge request espressif/esp-idf!27038
2023-11-23 11:04:37 +08:00
Jiang Jiang Jian
201608e590 Merge branch 'bugfix/fix_adc_oneshot_do_not_spilt_clk_v5.0' into 'release/v5.0'
fix(adc): fix ADC oneshot mod don't divide clk (v5.0)

See merge request espressif/esp-idf!26676
2023-11-23 11:02:10 +08:00