Commit Graph

31228 Commits

Author SHA1 Message Date
Mahavir Jain
d083a0e313 Merge branch 'support/add_srp_salt_ver_gen_api_v5.1' into 'release/v5.1'
Generate Salt and verifier pair for given username and password (v5.1)

See merge request espressif/esp-idf!27351
2023-12-04 21:10:51 +08:00
Roland Dobai
b5289ed2ba Merge branch 'feature/docker_git_safe_dirs_v5.1' into 'release/v5.1'
feat(docker): allow to add dirs into git's safe.directory (v5.1)

See merge request espressif/esp-idf!27560
2023-12-01 20:02:53 +08:00
Frantisek Hrbata
99f9dd4c07 feat(docker): allow to add paths into git's safe.directory
With 8959555cee7e[1] ("setup_git_directory(): add an owner check for the top..")
git added an ownership check of the git directory and refuses to
run any git commands, even parsing the config file, if the git directory
is not owned by the current user. The "fatal: detected dubious ownership in repository"
is reported.

This fixes CVE-2022-24765[2], which allows to compromise user account. On a
multi-user system or e.g. on a shared file system, one user may create a "rogue"
git repository with e.g. core.fsmonitor set to an arbitrary command. Other user
may unwillingly execute this command by running e.g. git-diff or
git-status within the "rogue" git repository, which may be in one of the parent
directories. If e.g. PS1 is set to display information about a git
repository in CWD, as suggested in Git in Bash[3], the user do not need to run
any git command to trigger this, just entering some subdirectory under
this "rogue" git repository is enough, because the git command will be
started transparently through the script used in PS1. The core.fsmonitor
can be set to arbitrary command. It's purpose is to help git to identify changed files
and speed up the scanning for changed files.

rogue
├── .git     # owned by user1
└── dir1     # owned by user2
    ├── dir2 # owned by user2
    └── .git # owned by user2

user1 sets core.fsmonitor for git repository in rogue directory
$ git config --add core.fsmonitor "bash -c 'rm -rf \$HOME'"

user2 enters dir1 and runs e.g. git diff and triggers the core.fsmonitor command.

The ownership check may cause problems when running git commands in
ESP-IDF Docker container. For example user may run the container as
root, but the mounted project may be owned by a particular user.

In this case git will refuse to execute any git command within the
"/project" directory, because it's not owned by root. To overcome this,
git allows to set safe.directories, for which the ownership check is
skipped. The security check may be completely disabled by setting
safe.directories to "*". This solution was proposed in PR 12636[4], but
it would allow make it possible to exploit this vulnerability again.

This fix allows user to specify git's safe.directory in IDF_GIT_SAFE_DIR
environmental variable, which may be set during container startup.

The IDF_GIT_SAFE_DIR has same format as PATH and multiple directories can be
specified by using a ":" separator. To entirely disable this git security check
within the container, user may set IDF_GIT_SAFE_DIR='*'. This might be
heplfull in CI.

Closes https://github.com/espressif/esp-idf/pull/12636

[1] - 8959555cee
[2] - https://nvd.nist.gov/vuln/detail/cve-2022-24765
[3] - https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash
[4] - https://github.com/espressif/esp-idf/pull/12636

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-12-01 08:23:16 +01:00
Island
9a05c9446f Merge branch 'fix/ble_mesh_example_relay_enable_v5.1' into 'release/v5.1'
fix(ble_mesh): Enable relay by default for the specific dev role (v5.1)

See merge request espressif/esp-idf!27512
2023-12-01 15:17:24 +08:00
Island
fae44bf123 Merge branch 'bugfix/ble_update_lib_20231124_v5.1' into 'release/v5.1'
ble(update):Update c2 lib to 79ed4e8a,Update h2 lib to 9a237426,Update c6 lib to 9a237426

See merge request espressif/esp-idf!27393
2023-12-01 13:58:21 +08:00
Roland Dobai
76d3d18fdd Merge branch 'fix/monitor_print_filter_v5.1' into 'release/v5.1'
fix(tools/monitor): fix PRINT_FILTER env variable usage (v5.1)

See merge request espressif/esp-idf!27418
2023-12-01 00:09:14 +08:00
Liu Linyan
1bfd5e35af fix(ble_mesh): Enable relay by default for the specific dev role 2023-11-30 12:29:37 +08:00
Ivan Grokhotkov
a803c846aa Merge branch 'bugfix/console_examples_reenable_v5.1' into 'release/v5.1'
examples: re-enable console examples for C2, C6, H2 (v5.1)

See merge request espressif/esp-idf!24336
2023-11-29 23:57:09 +08:00
Martin Vychodil
a165b5c1d5 Merge branch 'feature/expose_unload_partitions_v5.1' into 'release/v5.1'
refactor(esp_partition): Expose function for unloading partitions (v5.1)

See merge request espressif/esp-idf!27426
2023-11-29 16:35:19 +08:00
Martin Vychodil
958d98c8e7 Merge branch 'fix/fatfs_formatting_wrong_volume_v5.1' into 'release/v5.1'
Fix: FATFS formatting wrong partition (v5.1)

See merge request espressif/esp-idf!27373
2023-11-29 16:33:29 +08:00
Wang Meng Yang
d51b71260a Merge branch 'feature/support_ble_esp32c3_eco7_v5.1' into 'release/v5.1'
Feature/support ble esp32c3 eco7 (backport v5.1)

See merge request espressif/esp-idf!27326
2023-11-29 14:14:22 +08:00
Mahavir Jain
3b1d428501 Merge branch 'bugfix/preencrypted_ota_failed_with_partial_download_v5.1' into 'release/v5.1'
fix(esp_https_ota): fix preencrypted ota failed with pytest server and partial http enabled (v5.1)

See merge request espressif/esp-idf!27354
2023-11-29 14:05:39 +08:00
Mahavir Jain
4788804f6d Merge branch 'bugfix/wrong_ota_upgrade_size_log_v5.1' into 'release/v5.1'
fix(esp_https_ota): Fix wrong debug print for ota upgrade size (v5.1)

See merge request espressif/esp-idf!27352
2023-11-29 11:38:53 +08:00
morris
5f35f5ddb8 Merge branch 'bugfix/i80_lcd_tx_param_check_enhancement_v5.1' into 'release/v5.1'
fix(i80_lcd): enhance the check of a valid data phase (v5.1)

See merge request espressif/esp-idf!27428
2023-11-29 10:37:43 +08:00
Ivan Grokhotkov
be057f26dc
ci(system): re-enable build test app for C2 and C6, clean up configs
Since we can use CONFIG_NAME now to specify build rules, we don't need
to have target-specific config files.
2023-11-28 18:09:06 +01:00
Ivan Grokhotkov
6e2dd2924a
fix(esp_hw_support): fix build with CONFIG_ESP_CONSOLE_UART=n on C6
Closes https://github.com/espressif/esp-idf/issues/11924
2023-11-28 18:08:11 +01:00
Ivan Grokhotkov
b52607af71
examples: re-enable console examples for C2, C6, H2
- Split the sleep-related system commands into a separate file
- Don't compile that file and don't register sleep commands for H2 yet
- Exclude Wi-Fi commands if the chip doesn't have Wi-Fi
2023-11-28 18:08:11 +01:00
Rahul Tank
4f16f201af Merge branch 'bugfix/fix_duplicate_exception_vsc_5.1' into 'release/v5.1'
fix(nimble): Fix the parameters in duplicate exception list vsc command(v5.1)

See merge request espressif/esp-idf!27406
2023-11-28 15:49:37 +08:00
Fu Hanxi
3875e26b3b Merge branch 'test/idf-build-apps-1.0.0_v5.1' into 'release/v5.1'
CI: make master pipeline compatible with idf-build-apps 1.0.0 release (v5.1)

See merge request espressif/esp-idf!26247
2023-11-28 14:59:39 +08:00
morris
d8456e5767 fix(i80_lcd): enhance the check of a valid data phase
in case the user passes a (uint8_t){0x00} parameter with the perameter size
set to zero
2023-11-28 09:57:11 +08:00
Adam Múdry
5e140f4228 refactor(esp_partition): Expose function for unloading partitions
Closes https://github.com/espressif/esp-idf/issues/12625
2023-11-27 19:50:16 +01:00
zhiweijian
a34d9774bf feat: support ble esp32c3 eco7 2023-11-27 11:32:50 +00:00
Jiang Guang Ming
03582a8cfe fix(esp32c3): Update esp32c3 chip revision 2023-11-27 11:32:50 +00:00
Jiang Guang Ming
5aa458a591 feat(esp32c3): Add rom ld with ROM tag esp32c3-eco7-20230720 2023-11-27 11:32:50 +00:00
Shang Zhou
c14d05ff61 docs: Update CN translation for api-guides/tools/idf-monitor.rst 2023-11-27 09:38:39 +01:00
Peter Dragun
c0e8969afa fix(tools/monitor): fix PRINT_FILTER env variable usage 2023-11-27 09:37:36 +01:00
Mahavir Jain
2c77ccda5e Merge branch 'check_debug_aware_config_v5.1' into 'release/v5.1'
fix(esp_hw_support): re-enable CONFIG_ESP_DEBUG_OCDAWARE functionality (v5.1)

See merge request espressif/esp-idf!27106
2023-11-27 14:12:05 +08:00
Rahul Tank
d300f91b4e fix(nimble): Fix the parameters in duplicate exception list vsc command 2023-11-27 09:22:07 +05:30
Rahul Tank
54a5d13a7a Merge branch 'bugfix/fix_dangling_pointer_compilation_warning_v5.1' into 'release/v5.1'
fix(nimble): Fix dangling pointer error during compilation (v5.1)

See merge request espressif/esp-idf!27161
2023-11-27 10:38:03 +08:00
Rahul Tank
40534e5ad6 fix(nimble): Fix dangling pointer error during compilation 2023-11-26 12:38:19 +05:30
luomanruo
e6602ced8e ble: update rom.ld file 2023-11-24 20:34:21 +08:00
luomanruo
8f37c22a0d ble: update sdkconfig_version on ESP32C2, ESP32H2 and ESP32C6 2023-11-24 20:19:50 +08:00
luomanruo
49d81c71a8 ble(fix): fix RX issue on ESP32-C2 2023-11-24 19:40:28 +08:00
luomanruo
ff0106345f ble:
Update c2 lib to 79ed4e8a
Update h2 lib to 9a237426
Update c6 lib to 9a237426
2023-11-24 19:21:04 +08:00
Erhan Kurubas
5e88ecfd02 fix(esp_hw_support): re-enable CONFIG_ESP_DEBUG_OCDAWARE functionality 2023-11-24 09:54:18 +00:00
Jiang Jiang Jian
3ba577165c Merge branch 'bugfix/esp32s3_usb_otg_console_v5.1' into 'release/v5.1'
system: support USB_OTG CDC console on ESP32-S3 (v5.1)

See merge request espressif/esp-idf!24337
2023-11-24 10:19:02 +08:00
Jiang Jiang Jian
9e863521c6 Merge branch 'bugfix/ble_gap_unpair_oldest_peer_fix_v5.1' into 'release/v5.1'
fix(nimble): Fixed ble_gap_unpair_oldest_peer to prevent writing to invalid memory (v5.1)

See merge request espressif/esp-idf!27316
2023-11-24 10:15:33 +08:00
Adam Múdry
ff8b0cf14b fix(storage): FATFS WL function formatting wrong partition
Closes https://github.com/espressif/esp-idf/issues/12542

Co-authored-by: Tony Stuart <anthonyfstuart@gmail.com>
2023-11-23 22:55:58 +01:00
David Čermák
3bcbbf13fe Merge branch 'feature/eth_loopback_test_v5.1' into 'release/v5.1'
esp_eth/test_apps: add loopback test (v5.1)

See merge request espressif/esp-idf!26806
2023-11-24 00:43:35 +08:00
Island
80b61281b9 Merge branch 'bugfix/ble_update_lib_1110_5.1' into 'release/v5.1'
Bugfix/ble update lib 1110 5.1

See merge request espressif/esp-idf!27061
2023-11-23 19:10:49 +08:00
Mahavir Jain
c1eae4b7be Merge branch 'bugfix/return_code_of_ota_finish_api_v5.1' into 'release/v5.1'
fix(esp_https_ota): fix return code of esp_https_ota_finish API (v5.1)

See merge request espressif/esp-idf!27335
2023-11-23 16:31:06 +08:00
nilesh.kale
0e214b776b fix: fix preencrypted ota failed with pytest server and partial http enabled 2023-11-23 12:50:18 +05:30
nilesh.kale
79704082c2 fix(component-esp_https_ota): Fix wrong debug print for ota upgrade size 2023-11-23 12:28:39 +05:30
Vikram Dattu
6b8ba332b8
feat(provisioning): Generate Salt and verifier pair for given username and password
This commit adds a new feature to generate a salt and verifier pair for a given username and
password during the provisioning process. This is useful in scenarios where the pairing pin is
randomly generated and shown via some interface such as a display or console.

- Uses the provided username and password to generate a salt and verifier pair
- Adds support for dev mode where the pin/password can still be read from flash
2023-11-23 12:01:10 +05:30
Vikram Dattu
8857082585
refactor(esp_srp): Expose esp_srp.h and add API docs
- Also added missing `protocomm_security2` reference in `protocomm.rst`
2023-11-23 12:01:10 +05:30
Marius Vikhammer
0feef5f2f3 Merge branch 'backport/add_docs_for_coex_v51' into 'release/v5.1'
feat(docs) Add RF Coexist docs for H2(BackportV5.1)

See merge request espressif/esp-idf!27236
2023-11-23 13:57:42 +08:00
darshan7patel
2db80a8d3c fix(nimble): Fixed ble_gap_unpair_oldest_peer to prevent writing to invalid memory (v5.1) 2023-11-23 11:17:04 +05:30
Rahul Tank
e55ede5f94 Merge branch 'feature/get_whitelist_size_v5.1' into 'release/v5.1'
feat(nimble): Added API to retrieve the size of the controller's white list (v5.1)

See merge request espressif/esp-idf!26954
2023-11-23 12:34:19 +08:00
Roland Dobai
3e2dbfec47 Merge branch 'contrib/github_pr_12558_v5.1' into 'release/v5.1'
Fix: esptool_py incorrectly assumed target name equals binary name (GitHub PR) (v5.1)

See merge request espressif/esp-idf!27269
2023-11-22 22:41:47 +08:00
Martin Vychodil
3e04fba477 Merge branch 'bugfix/uart_vfs_select_in_iram_v5.1' into 'release/v5.1'
fix: add UART VFS select callback in IRAM when CONFIG_UART_ISR_IN_IRAM is enabled (v5.1)

See merge request espressif/esp-idf!27298
2023-11-22 22:41:18 +08:00