All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>,
	buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/cereal: bump to version 1.3.1
Date: Sun, 23 Jan 2022 10:11:49 +0100	[thread overview]
Message-ID: <20220123091149.GA2502@scaer> (raw)
In-Reply-To: <20220122223516.306713-1-fontaine.fabrice@gmail.com>

Fabrice, All,

On 2022-01-22 23:35 +0100, Fabrice Fontaine spake thusly:
> - Drop patch (already in version)
> - Update hash of LICENSE file (license updated to match BSD template:
>   https://github.com/USCiLab/cereal/commit/8291f44e05d3e3ee3c4fc9e088231789b701e17e)
> - Update indentation in hash file (two spaces)
> 
> https://github.com/USCiLab/cereal/releases/tag/v1.3.1
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  ...alized-shared_ptr-within-the-archive.patch | 67 -------------------
>  package/cereal/cereal.hash                    | 10 +--
>  package/cereal/cereal.mk                      |  5 +-
>  3 files changed, 6 insertions(+), 76 deletions(-)
>  delete mode 100644 package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
> 
> diff --git a/package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch b/package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
> deleted file mode 100644
> index 3458ec1b59..0000000000
> --- a/package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
> +++ /dev/null
> @@ -1,67 +0,0 @@
> -From f27c12d491955c94583512603bf32c4568f20929 Mon Sep 17 00:00:00 2001
> -From: Michael Walz <code@serpedon.de>
> -Date: Tue, 2 Feb 2021 00:50:29 +0100
> -Subject: [PATCH] Store a copy of each serialized shared_ptr within the archive
> - to prevent the shared_ptr to be freed to early. (#667)
> -
> -The archives use the memory address pointed by the shared_ptr as a
> -unique id which must not be reused during lifetime of the archive.
> -Therefore, the archives stores a copy of it.
> -This problem was also reported as CVE-2020-11105.
> -
> -[Retrieved from:
> -https://github.com/USCiLab/cereal/commit/f27c12d491955c94583512603bf32c4568f20929]
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ----
> - include/cereal/cereal.hpp       | 13 +++++++++++--
> - include/cereal/types/memory.hpp |  2 +-
> - 2 files changed, 12 insertions(+), 3 deletions(-)
> -
> -diff --git a/include/cereal/cereal.hpp b/include/cereal/cereal.hpp
> -index 99bed9d6..f0d15e8b 100644
> ---- a/include/cereal/cereal.hpp
> -+++ b/include/cereal/cereal.hpp
> -@@ -369,12 +369,17 @@ namespace cereal
> -           point to the same data.
> - 
> -           @internal
> --          @param addr The address (see shared_ptr get()) pointed to by the shared pointer
> -+          @param sharedPointer The shared pointer itself (the adress is taked via get()).
> -+                               The archive takes a copy to prevent the memory location to be freed
> -+                               as long as the address is used as id. This is needed to prevent CVE-2020-11105.
> -           @return A key that uniquely identifies the pointer */
> --      inline std::uint32_t registerSharedPointer( void const * addr )
> -+      inline std::uint32_t registerSharedPointer(const std::shared_ptr<const void>& sharedPointer)
> -       {
> -+        void const * addr = sharedPointer.get();
> -+
> -         // Handle null pointers by just returning 0
> -         if(addr == 0) return 0;
> -+        itsSharedPointerStorage.push_back(sharedPointer);
> - 
> -         auto id = itsSharedPointerMap.find( addr );
> -         if( id == itsSharedPointerMap.end() )
> -@@ -645,6 +650,10 @@ namespace cereal
> -       //! Maps from addresses to pointer ids
> -       std::unordered_map<void const *, std::uint32_t> itsSharedPointerMap;
> - 
> -+      //! Copy of shared pointers used in #itsSharedPointerMap to make sure they are kept alive
> -+      //  during lifetime of itsSharedPointerMap to prevent CVE-2020-11105.
> -+      std::vector<std::shared_ptr<const void>> itsSharedPointerStorage;
> -+
> -       //! The id to be given to the next pointer
> -       std::uint32_t itsCurrentPointerId;
> - 
> -diff --git a/include/cereal/types/memory.hpp b/include/cereal/types/memory.hpp
> -index 59e9da9b..cac1f334 100644
> ---- a/include/cereal/types/memory.hpp
> -+++ b/include/cereal/types/memory.hpp
> -@@ -263,7 +263,7 @@ namespace cereal
> -   {
> -     auto & ptr = wrapper.ptr;
> - 
> --    uint32_t id = ar.registerSharedPointer( ptr.get() );
> -+    uint32_t id = ar.registerSharedPointer( ptr );
> -     ar( CEREAL_NVP_("id", id) );
> - 
> -     if( id & detail::msb_32bit )
> diff --git a/package/cereal/cereal.hash b/package/cereal/cereal.hash
> index ddaf54e7b4..18889b4d42 100644
> --- a/package/cereal/cereal.hash
> +++ b/package/cereal/cereal.hash
> @@ -1,6 +1,6 @@
>  # Locally computed
> -sha256 329ea3e3130b026c03a4acc50e168e7daff4e6e661bc6a7dfec0d77b570851d5  cereal-1.3.0.tar.gz
> -sha256 18fd7618c44c9fe28b5f54cd19747df3c0472ed33e8507fea571e2acf6e72f34  LICENSE
> -sha256 d9e523e8736ac0c68064c7ad312a222f285e82bf6c96a1b1c2cadaffff9fc64f  include/cereal/external/base64.hpp
> -sha256 7fb69c707f0ed3a8b59b8f949f0928a9cc06d67bc15d599094693703ff70ea26  include/cereal/external/rapidjson/rapidjson.h
> -sha256 794bf3b2ecf5cf0c740ac6c524d66ce6284c4b1de1f983d21a242b8abbeb9720  include/cereal/external/rapidxml/license.txt
> +sha256  65ea6ddda98f4274f5c10fb3e07b2269ccdd1e5cbb227be6a2fd78b8f382c976  cereal-1.3.1.tar.gz
> +sha256  58604a126af6a671ea390ee3d5b3e42228aa59b2858fb7af1d5b20b31739ccbb  LICENSE
> +sha256  d9e523e8736ac0c68064c7ad312a222f285e82bf6c96a1b1c2cadaffff9fc64f  include/cereal/external/base64.hpp
> +sha256  7fb69c707f0ed3a8b59b8f949f0928a9cc06d67bc15d599094693703ff70ea26  include/cereal/external/rapidjson/rapidjson.h
> +sha256  794bf3b2ecf5cf0c740ac6c524d66ce6284c4b1de1f983d21a242b8abbeb9720  include/cereal/external/rapidxml/license.txt
> diff --git a/package/cereal/cereal.mk b/package/cereal/cereal.mk
> index 19faa2ac4e..a44f09c743 100644
> --- a/package/cereal/cereal.mk
> +++ b/package/cereal/cereal.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -CEREAL_VERSION = 1.3.0
> +CEREAL_VERSION = 1.3.1
>  CEREAL_SITE = $(call github,USCiLab,cereal,v$(CEREAL_VERSION))
>  # For licensing, see also: https://github.com/USCiLab/cereal/issues/609
>  CEREAL_LICENSE = BSD-3-Clause (cereal), Zlib (base64.hpp), MIT (rapidjson), BSL-1.0 or MIT (rapidxml)
> @@ -16,7 +16,4 @@ CEREAL_CONF_OPTS = \
>  	-DTHREAD_SAFE=ON \
>  	-DJUST_INSTALL_CEREAL=ON
>  
> -# 0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
> -CEREAL_IGNORE_CVES += CVE-2020-11105
> -
>  $(eval $(cmake-package))
> -- 
> 2.34.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

      reply	other threads:[~2022-01-23  9:12 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-22 22:35 [Buildroot] [PATCH 1/1] package/cereal: bump to version 1.3.1 Fabrice Fontaine
2022-01-23  9:11 ` Yann E. MORIN [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220123091149.GA2502@scaer \
    --to=yann.morin.1998@free.fr \
    --cc=buildroot@buildroot.org \
    --cc=fontaine.fabrice@gmail.com \
    --cc=thomas.de_schampheleire@nokia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.