Commit Graph

35072 Commits

Author SHA1 Message Date
Frantisek Hrbata
647c485a76 feat(docker): allow to add paths into git's safe.directory
With 8959555cee7e[1] ("setup_git_directory(): add an owner check for the top..")
git added an ownership check of the git directory and refuses to
run any git commands, even parsing the config file, if the git directory
is not owned by the current user. The "fatal: detected dubious ownership in repository"
is reported.

This fixes CVE-2022-24765[2], which allows to compromise user account. On a
multi-user system or e.g. on a shared file system, one user may create a "rogue"
git repository with e.g. core.fsmonitor set to an arbitrary command. Other user
may unwillingly execute this command by running e.g. git-diff or
git-status within the "rogue" git repository, which may be in one of the parent
directories. If e.g. PS1 is set to display information about a git
repository in CWD, as suggested in Git in Bash[3], the user do not need to run
any git command to trigger this, just entering some subdirectory under
this "rogue" git repository is enough, because the git command will be
started transparently through the script used in PS1. The core.fsmonitor
can be set to arbitrary command. It's purpose is to help git to identify changed files
and speed up the scanning for changed files.

rogue
├── .git     # owned by user1
└── dir1     # owned by user2
    ├── dir2 # owned by user2
    └── .git # owned by user2

user1 sets core.fsmonitor for git repository in rogue directory
$ git config --add core.fsmonitor "bash -c 'rm -rf \$HOME'"

user2 enters dir1 and runs e.g. git diff and triggers the core.fsmonitor command.

The ownership check may cause problems when running git commands in
ESP-IDF Docker container. For example user may run the container as
root, but the mounted project may be owned by a particular user.

In this case git will refuse to execute any git command within the
"/project" directory, because it's not owned by root. To overcome this,
git allows to set safe.directories, for which the ownership check is
skipped. The security check may be completely disabled by setting
safe.directories to "*". This solution was proposed in PR 12636[4], but
it would allow make it possible to exploit this vulnerability again.

This fix allows user to specify git's safe.directory in IDF_GIT_SAFE_DIR
environmental variable, which may be set during container startup.

The IDF_GIT_SAFE_DIR has same format as PATH and multiple directories can be
specified by using a ":" separator. To entirely disable this git security check
within the container, user may set IDF_GIT_SAFE_DIR='*'. This might be
heplfull in CI.

Closes https://github.com/espressif/esp-idf/pull/12636

[1] - 8959555cee
[2] - https://nvd.nist.gov/vuln/detail/cve-2022-24765
[3] - https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash
[4] - https://github.com/espressif/esp-idf/pull/12636

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-11-30 12:18:40 +01:00
Roland Dobai
4797d744fa Merge branch 'fix/coredump_port' into 'master'
fix(tools/coredump): do not detect port when core file is used

Closes IDFGH-11552

See merge request espressif/esp-idf!27441
2023-11-30 18:40:23 +08:00
aditi_lonkar
bdeec024e8 fix(esp_wifi):Fix WDT when esp_supp_dpp_start_listen called multiple times 2023-11-30 15:37:17 +05:30
Shu Chen
195d4013a2 Merge branch 'fix/lwip_na_packets_router_flag' into 'master'
feat(lwip): support NA router farwording flag set

See merge request espressif/esp-idf!27132
2023-11-30 17:48:42 +08:00
Ivan Grokhotkov
e39d1ae9ce Merge branch 'feature/update_unity' into 'master'
feat(unity): upgrade to 2.6.0-RC1

See merge request espressif/esp-idf!27456
2023-11-30 17:12:12 +08:00
Liu Linyan
94d3f5037b fix(ble_mesh): Use submodule for mesh 1.1 lib files 2023-11-30 16:56:58 +08:00
Liu Linyan
2c579d03ca fix(ble_mesh): Remove the orginal mesh 1.1 lib files 2023-11-30 16:34:22 +08:00
Omar Chebib
dc8fdae31b docs(freertos): revert usage of hidden option CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE when :ref: is used 2023-11-30 16:33:28 +08:00
Frantisek Hrbata
18334588bc feat(tools): esp_idf_size.ng integration
This integrates esp_idf_size.ng, refactored esp-idf-size version, into
esp-idf and enables it by default. The esp_idf_size.ng may be enabled
by using the --ng option, but also via ESP_IDF_SIZE_NG env. variable,
which is used in this integration.

New -l/--legacy option is added, which enforces usage of the old version.
This option can be also set via "ESP_IDF_SIZE_LEGACY" env. variable.
This should allow to easily switch back to old version if there is any
problem.

The new version is used by default for all formats, except for the "json".

Examples:
$ idf.py size                           # uses refactored version
$ idf.py size --legacy                  # uses legacy version
$ idf.py size --l                       # uses legacy version
$ idf.py size --format json             # uses legacy version
$ idf.py size --format json2            # uses refactored version
$ export ESP_IDF_SIZE_LEGACY="1"        # use legacy version only from now on

ESP_IDF_SIZE_FORCE_TERMINAL, which forces terminal control codes(colors), is also set
when running from idf.py, so the colors are propagated even if stdout
for esp_idf_size.ng is not attached to tty.

The same changes are applied also to the idf_size.py wrapper.

There is an import check if esp_idf_size.ng is available. If not,
we switch into the legacy mode. This should cover situation when the
esp-idf has support for refactored version, but it's not installed.
This should also allow users to bind to a legacy version(<1.0.0) and the
idf.py size and idf_size.py should still work. This also allow us to
restring the version in constraints file if we need to switch back to
legacy version globally.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-11-30 09:26:51 +01:00
Sudeep Mohanty
35fc493dcc Merge branch 'bugfix/freertos_incorrect_placement_of_unblocked_task_during_tick_increment' into 'master'
fix(freertos/idf): Refactor suspend-resume tests

Closes IDF-8364

See merge request espressif/esp-idf!26849
2023-11-30 15:53:31 +08:00
Kevin (Lao Kaiyao)
15803e14e9 Merge branch 'feature/add_esp32c5_beta3_soc_header_files' into 'master'
feat(esp32c5): add esp32c5 soc header files (stage 2, part 1)

See merge request espressif/esp-idf!27492
2023-11-30 15:07:04 +08:00
Cao Sen Miao
2a0debde3c change(usb_serial_jtag): Add a usb_serial_jtag echo example for how to use usb_serial_jtag APIs,
Closes https://github.com/espressif/esp-idf/issues/12620,
Closes https://github.com/espressif/esp-idf/issues/12605
2023-11-30 14:38:06 +08:00
Cao Sen Miao
b8e8042c4e fix(usb_serial_jtag): Fix issue that buffer seems not flush when TX buffer is full and flush slow,
Closes https://github.com/espressif/esp-idf/issues/12628
2023-11-30 14:38:06 +08:00
Kevin (Lao Kaiyao)
11461aff62 Merge branch 'feature/add_esp32c5_beta3_soc_header_files_part2' into 'master'
feat(esp32c5): add esp32c5-beta3 soc header files (stage2, part2)

See merge request espressif/esp-idf!27500
2023-11-30 14:35:54 +08:00
harshal.patil
47821f6299
fix(mbedtls/aes): fix AES interrupt allocation for AES-GCM operations 2023-11-30 11:59:59 +05:30
Jiang Jiang Jian
41400d8224 Merge branch 'feat/add_new_api_to_get_scan_ap_record' into 'master'
feat(wifi): add new api to get one scan ap record

Closes WIFI-6311, WIFIBUG-210, and WIFIBUG-211

See merge request espressif/esp-idf!26912
2023-11-30 13:56:51 +08:00
C.S.M
cce1bf36fc Merge branch 'bugfix/u32_reg_tsens' into 'master'
fix(temperature_sensor): Fix regs on temperature sensor is not volatile due to GCC bug

See merge request espressif/esp-idf!27468
2023-11-30 12:37:10 +08:00
Tomas Rezucha
39d57f1cfd refactor(usb/host): Move FIFO size configuration to HAL layer
The logic of calculating FIFO sizes is DWC OTG specific.
We move it to the HAL layer to provide better abstraction in the HDC layer.
2023-11-30 12:04:30 +08:00
zhanghaipeng
a1b678e721 fix(bt/bluedroid): Fix bluedroid menuconfig 2023-11-30 10:43:12 +08:00
zhanghaipeng
a5a7e60ad0 docs(bt/bluedroid): Update ble example document 2023-11-30 10:42:49 +08:00
shangke
a7dc484564 fix(bt/controller): Fixed some HCI commands parameter 2023-11-30 02:41:56 +00:00
Wang Meng Yang
0fb0fc8654 Merge branch 'bugfix/alarm_args_double_free' into 'master'
fix(bt/bluedroid): Free the alarm args only when it is not NULL

Closes BTQABR2023-141

See merge request espressif/esp-idf!27475
2023-11-30 10:27:14 +08:00
Tomas Rezucha
b258bbf068 refactor(usb/host): Make private hal types USB_DWC specific 2023-11-30 10:24:53 +08:00
Armando (Dou Yiwen)
d36fe73960 Merge branch 'test/improve_sdmmc_tests' into 'master'
sd: improve tests and added on CI

See merge request espressif/esp-idf!27384
2023-11-30 10:21:11 +08:00
Tomas Rezucha
69d9e7625b feat(usb/host): Add High Speed enumeration types 2023-11-30 10:17:00 +08:00
Marius Vikhammer
ae4be8eb03 Merge branch 'feature/p4_lp_core' into 'master'
feat(ulp/lp_core): Added basic support for building and running a LP-Core app on ESP32P4

Closes IDF-7534

See merge request espressif/esp-idf!26869
2023-11-30 09:35:49 +08:00
Marek Fiala
04ade501aa feat(tools): Disable failing build system tests on Windows runner 2023-11-29 23:10:38 +01:00
Marek Fiala
b535ec9a99 feat(tools): Fix some failing tests on Windows runner 2023-11-29 23:10:38 +01:00
Marek Fiala
0a3b57e48a feat(tools): Add pytest build system on Windows runner 2023-11-29 23:10:37 +01:00
Adam Múdry
a4ff2decdd Merge branch 'fix/esp_vfs_fat_sdcard_format_workbuf_leak' into 'master'
fix: esp_vfs_fat_sdcard_format workbuf memory leak

Closes IDF-8779

See merge request espressif/esp-idf!27490
2023-11-30 05:42:00 +08:00
Alexey Lapshin
3ac31855b2 Merge branch 'contrib/github_pr_12683' into 'master'
fix(tools): fix path delimiter in gdbinit for Windows

Closes IDFGH-11562

See merge request espressif/esp-idf!27485
2023-11-30 04:57:07 +08:00
David Cermak
96069eef3b feat(http_client): Add support for using custom tcp_transport 2023-11-29 20:48:40 +01:00
David Cermak
7e22a13afe feat(http_client): Add support for TLS session tickets 2023-11-29 20:48:35 +01:00
Gao Xu
4e843a1a70 Merge branch 'bugfix/fix_adc_continuous_do_not_rst_apb_clk' into 'master'
fix(adc): fix adc continuous get less results beacuse do not reset apb clk

Closes IDF-8414

See merge request espressif/esp-idf!27115
2023-11-30 00:22:48 +08:00
laokaiyao
d87e007c66 feat(esp32c5): add esp32c5-beta3 soc header files (part1) 2023-11-29 20:53:33 +08:00
laokaiyao
87f7d2edc4 feat(esp32c5): add esp32c5-beta3 soc header files (part2) 2023-11-29 20:48:52 +08:00
Kevin (Lao Kaiyao)
cd9d321062 Merge branch 'feature/introduce_target_esp32c5' into 'master'
feat(esp32c5): introduce target esp32c5 (stage 1)

See merge request espressif/esp-idf!27299
2023-11-29 20:31:34 +08:00
Adam Múdry
29c30b961d fix: esp_vfs_fat_sdcard_format workbuf memory leak 2023-11-29 12:39:15 +01:00
Ivan Grokhotkov
b52182e14f
ci(tcp_transport): upgrade to Catch2 as a component 2023-11-29 12:38:47 +01:00
Ivan Grokhotkov
ae3da4a383
ci(wear_levelling): upgrade to Catch2 as a component 2023-11-29 12:38:47 +01:00
Ivan Grokhotkov
33896fe67e
ci(log): upgrade to Catch2 as a component 2023-11-29 12:38:47 +01:00
Ivan Grokhotkov
88e77ba1ed
ci(nvs_flash): upgrade to Catch2 as a component, fix warnings 2023-11-29 12:38:47 +01:00
Ivan Grokhotkov
047e50615e
ci(fatfs): upgrade to Catch2 as a component, enable CI build 2023-11-29 12:38:46 +01:00
Ivan Grokhotkov
8e81bbe014
ci(esp_rom): upgrade to Catch2 as a component, enable CI build 2023-11-29 12:38:46 +01:00
Ivan Grokhotkov
79a2c15477
ci(esp_event): upgrade host test to Catch2 as a component, fix build
- use espressif/catch2 component
- fix build issues after FreeRTOS upgrade
- enable test app build in CI
2023-11-29 12:38:46 +01:00
zhangyanjiao
b495f54329 fix(wifi): fix the crash issue when clear scan ap list 2023-11-29 19:23:35 +08:00
zhangyanjiao
0f18104d53 feat(wifi): add new api to get one scan ap record 2023-11-29 19:19:25 +08:00
GuyBrush
090bb85a12 fix(tools): fix path delimiter in gdbinit for Windows
Merges https://github.com/espressif/esp-idf/pull/12683

Signed-off-by: Alexey Lapshin <alexey.lapshin@espressif.com>
2023-11-29 13:54:48 +04:00
C.S.M
96f49c2603 Merge branch 'bugfix/bod_reset_c6_h2' into 'master'
fix(bod): Fix issue that RF cannot be enabled again after BOD triggered.

See merge request espressif/esp-idf!27287
2023-11-29 17:21:38 +08:00
Martin Vychodil
875849128f Merge branch 'feature/add_fatfs_sbom' into 'master'
feat(storage/fatfs): add sbom file manifest for FatFs

Closes IDF-8229

See merge request espressif/esp-idf!27436
2023-11-29 17:11:52 +08:00