* [Buildroot] [PATCH 1/1] package/cereal: bump to version 1.3.1
@ 2022-01-22 22:35 Fabrice Fontaine
2022-01-23 9:11 ` Yann E. MORIN
0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2022-01-22 22:35 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine, Thomas De Schampheleire
- Drop patch (already in version)
- Update hash of LICENSE file (license updated to match BSD template:
https://github.com/USCiLab/cereal/commit/8291f44e05d3e3ee3c4fc9e088231789b701e17e)
- Update indentation in hash file (two spaces)
https://github.com/USCiLab/cereal/releases/tag/v1.3.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...alized-shared_ptr-within-the-archive.patch | 67 -------------------
package/cereal/cereal.hash | 10 +--
package/cereal/cereal.mk | 5 +-
3 files changed, 6 insertions(+), 76 deletions(-)
delete mode 100644 package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
diff --git a/package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch b/package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
deleted file mode 100644
index 3458ec1b59..0000000000
--- a/package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From f27c12d491955c94583512603bf32c4568f20929 Mon Sep 17 00:00:00 2001
-From: Michael Walz <code@serpedon.de>
-Date: Tue, 2 Feb 2021 00:50:29 +0100
-Subject: [PATCH] Store a copy of each serialized shared_ptr within the archive
- to prevent the shared_ptr to be freed to early. (#667)
-
-The archives use the memory address pointed by the shared_ptr as a
-unique id which must not be reused during lifetime of the archive.
-Therefore, the archives stores a copy of it.
-This problem was also reported as CVE-2020-11105.
-
-[Retrieved from:
-https://github.com/USCiLab/cereal/commit/f27c12d491955c94583512603bf32c4568f20929]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- include/cereal/cereal.hpp | 13 +++++++++++--
- include/cereal/types/memory.hpp | 2 +-
- 2 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/include/cereal/cereal.hpp b/include/cereal/cereal.hpp
-index 99bed9d6..f0d15e8b 100644
---- a/include/cereal/cereal.hpp
-+++ b/include/cereal/cereal.hpp
-@@ -369,12 +369,17 @@ namespace cereal
- point to the same data.
-
- @internal
-- @param addr The address (see shared_ptr get()) pointed to by the shared pointer
-+ @param sharedPointer The shared pointer itself (the adress is taked via get()).
-+ The archive takes a copy to prevent the memory location to be freed
-+ as long as the address is used as id. This is needed to prevent CVE-2020-11105.
- @return A key that uniquely identifies the pointer */
-- inline std::uint32_t registerSharedPointer( void const * addr )
-+ inline std::uint32_t registerSharedPointer(const std::shared_ptr<const void>& sharedPointer)
- {
-+ void const * addr = sharedPointer.get();
-+
- // Handle null pointers by just returning 0
- if(addr == 0) return 0;
-+ itsSharedPointerStorage.push_back(sharedPointer);
-
- auto id = itsSharedPointerMap.find( addr );
- if( id == itsSharedPointerMap.end() )
-@@ -645,6 +650,10 @@ namespace cereal
- //! Maps from addresses to pointer ids
- std::unordered_map<void const *, std::uint32_t> itsSharedPointerMap;
-
-+ //! Copy of shared pointers used in #itsSharedPointerMap to make sure they are kept alive
-+ // during lifetime of itsSharedPointerMap to prevent CVE-2020-11105.
-+ std::vector<std::shared_ptr<const void>> itsSharedPointerStorage;
-+
- //! The id to be given to the next pointer
- std::uint32_t itsCurrentPointerId;
-
-diff --git a/include/cereal/types/memory.hpp b/include/cereal/types/memory.hpp
-index 59e9da9b..cac1f334 100644
---- a/include/cereal/types/memory.hpp
-+++ b/include/cereal/types/memory.hpp
-@@ -263,7 +263,7 @@ namespace cereal
- {
- auto & ptr = wrapper.ptr;
-
-- uint32_t id = ar.registerSharedPointer( ptr.get() );
-+ uint32_t id = ar.registerSharedPointer( ptr );
- ar( CEREAL_NVP_("id", id) );
-
- if( id & detail::msb_32bit )
diff --git a/package/cereal/cereal.hash b/package/cereal/cereal.hash
index ddaf54e7b4..18889b4d42 100644
--- a/package/cereal/cereal.hash
+++ b/package/cereal/cereal.hash
@@ -1,6 +1,6 @@
# Locally computed
-sha256 329ea3e3130b026c03a4acc50e168e7daff4e6e661bc6a7dfec0d77b570851d5 cereal-1.3.0.tar.gz
-sha256 18fd7618c44c9fe28b5f54cd19747df3c0472ed33e8507fea571e2acf6e72f34 LICENSE
-sha256 d9e523e8736ac0c68064c7ad312a222f285e82bf6c96a1b1c2cadaffff9fc64f include/cereal/external/base64.hpp
-sha256 7fb69c707f0ed3a8b59b8f949f0928a9cc06d67bc15d599094693703ff70ea26 include/cereal/external/rapidjson/rapidjson.h
-sha256 794bf3b2ecf5cf0c740ac6c524d66ce6284c4b1de1f983d21a242b8abbeb9720 include/cereal/external/rapidxml/license.txt
+sha256 65ea6ddda98f4274f5c10fb3e07b2269ccdd1e5cbb227be6a2fd78b8f382c976 cereal-1.3.1.tar.gz
+sha256 58604a126af6a671ea390ee3d5b3e42228aa59b2858fb7af1d5b20b31739ccbb LICENSE
+sha256 d9e523e8736ac0c68064c7ad312a222f285e82bf6c96a1b1c2cadaffff9fc64f include/cereal/external/base64.hpp
+sha256 7fb69c707f0ed3a8b59b8f949f0928a9cc06d67bc15d599094693703ff70ea26 include/cereal/external/rapidjson/rapidjson.h
+sha256 794bf3b2ecf5cf0c740ac6c524d66ce6284c4b1de1f983d21a242b8abbeb9720 include/cereal/external/rapidxml/license.txt
diff --git a/package/cereal/cereal.mk b/package/cereal/cereal.mk
index 19faa2ac4e..a44f09c743 100644
--- a/package/cereal/cereal.mk
+++ b/package/cereal/cereal.mk
@@ -4,7 +4,7 @@
#
################################################################################
-CEREAL_VERSION = 1.3.0
+CEREAL_VERSION = 1.3.1
CEREAL_SITE = $(call github,USCiLab,cereal,v$(CEREAL_VERSION))
# For licensing, see also: https://github.com/USCiLab/cereal/issues/609
CEREAL_LICENSE = BSD-3-Clause (cereal), Zlib (base64.hpp), MIT (rapidjson), BSL-1.0 or MIT (rapidxml)
@@ -16,7 +16,4 @@ CEREAL_CONF_OPTS = \
-DTHREAD_SAFE=ON \
-DJUST_INSTALL_CEREAL=ON
-# 0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
-CEREAL_IGNORE_CVES += CVE-2020-11105
-
$(eval $(cmake-package))
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/cereal: bump to version 1.3.1
2022-01-22 22:35 [Buildroot] [PATCH 1/1] package/cereal: bump to version 1.3.1 Fabrice Fontaine
@ 2022-01-23 9:11 ` Yann E. MORIN
0 siblings, 0 replies; 2+ messages in thread
From: Yann E. MORIN @ 2022-01-23 9:11 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Thomas De Schampheleire, buildroot
Fabrice, All,
On 2022-01-22 23:35 +0100, Fabrice Fontaine spake thusly:
> - Drop patch (already in version)
> - Update hash of LICENSE file (license updated to match BSD template:
> https://github.com/USCiLab/cereal/commit/8291f44e05d3e3ee3c4fc9e088231789b701e17e)
> - Update indentation in hash file (two spaces)
>
> https://github.com/USCiLab/cereal/releases/tag/v1.3.1
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> ...alized-shared_ptr-within-the-archive.patch | 67 -------------------
> package/cereal/cereal.hash | 10 +--
> package/cereal/cereal.mk | 5 +-
> 3 files changed, 6 insertions(+), 76 deletions(-)
> delete mode 100644 package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
>
> diff --git a/package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch b/package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
> deleted file mode 100644
> index 3458ec1b59..0000000000
> --- a/package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
> +++ /dev/null
> @@ -1,67 +0,0 @@
> -From f27c12d491955c94583512603bf32c4568f20929 Mon Sep 17 00:00:00 2001
> -From: Michael Walz <code@serpedon.de>
> -Date: Tue, 2 Feb 2021 00:50:29 +0100
> -Subject: [PATCH] Store a copy of each serialized shared_ptr within the archive
> - to prevent the shared_ptr to be freed to early. (#667)
> -
> -The archives use the memory address pointed by the shared_ptr as a
> -unique id which must not be reused during lifetime of the archive.
> -Therefore, the archives stores a copy of it.
> -This problem was also reported as CVE-2020-11105.
> -
> -[Retrieved from:
> -https://github.com/USCiLab/cereal/commit/f27c12d491955c94583512603bf32c4568f20929]
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ----
> - include/cereal/cereal.hpp | 13 +++++++++++--
> - include/cereal/types/memory.hpp | 2 +-
> - 2 files changed, 12 insertions(+), 3 deletions(-)
> -
> -diff --git a/include/cereal/cereal.hpp b/include/cereal/cereal.hpp
> -index 99bed9d6..f0d15e8b 100644
> ---- a/include/cereal/cereal.hpp
> -+++ b/include/cereal/cereal.hpp
> -@@ -369,12 +369,17 @@ namespace cereal
> - point to the same data.
> -
> - @internal
> -- @param addr The address (see shared_ptr get()) pointed to by the shared pointer
> -+ @param sharedPointer The shared pointer itself (the adress is taked via get()).
> -+ The archive takes a copy to prevent the memory location to be freed
> -+ as long as the address is used as id. This is needed to prevent CVE-2020-11105.
> - @return A key that uniquely identifies the pointer */
> -- inline std::uint32_t registerSharedPointer( void const * addr )
> -+ inline std::uint32_t registerSharedPointer(const std::shared_ptr<const void>& sharedPointer)
> - {
> -+ void const * addr = sharedPointer.get();
> -+
> - // Handle null pointers by just returning 0
> - if(addr == 0) return 0;
> -+ itsSharedPointerStorage.push_back(sharedPointer);
> -
> - auto id = itsSharedPointerMap.find( addr );
> - if( id == itsSharedPointerMap.end() )
> -@@ -645,6 +650,10 @@ namespace cereal
> - //! Maps from addresses to pointer ids
> - std::unordered_map<void const *, std::uint32_t> itsSharedPointerMap;
> -
> -+ //! Copy of shared pointers used in #itsSharedPointerMap to make sure they are kept alive
> -+ // during lifetime of itsSharedPointerMap to prevent CVE-2020-11105.
> -+ std::vector<std::shared_ptr<const void>> itsSharedPointerStorage;
> -+
> - //! The id to be given to the next pointer
> - std::uint32_t itsCurrentPointerId;
> -
> -diff --git a/include/cereal/types/memory.hpp b/include/cereal/types/memory.hpp
> -index 59e9da9b..cac1f334 100644
> ---- a/include/cereal/types/memory.hpp
> -+++ b/include/cereal/types/memory.hpp
> -@@ -263,7 +263,7 @@ namespace cereal
> - {
> - auto & ptr = wrapper.ptr;
> -
> -- uint32_t id = ar.registerSharedPointer( ptr.get() );
> -+ uint32_t id = ar.registerSharedPointer( ptr );
> - ar( CEREAL_NVP_("id", id) );
> -
> - if( id & detail::msb_32bit )
> diff --git a/package/cereal/cereal.hash b/package/cereal/cereal.hash
> index ddaf54e7b4..18889b4d42 100644
> --- a/package/cereal/cereal.hash
> +++ b/package/cereal/cereal.hash
> @@ -1,6 +1,6 @@
> # Locally computed
> -sha256 329ea3e3130b026c03a4acc50e168e7daff4e6e661bc6a7dfec0d77b570851d5 cereal-1.3.0.tar.gz
> -sha256 18fd7618c44c9fe28b5f54cd19747df3c0472ed33e8507fea571e2acf6e72f34 LICENSE
> -sha256 d9e523e8736ac0c68064c7ad312a222f285e82bf6c96a1b1c2cadaffff9fc64f include/cereal/external/base64.hpp
> -sha256 7fb69c707f0ed3a8b59b8f949f0928a9cc06d67bc15d599094693703ff70ea26 include/cereal/external/rapidjson/rapidjson.h
> -sha256 794bf3b2ecf5cf0c740ac6c524d66ce6284c4b1de1f983d21a242b8abbeb9720 include/cereal/external/rapidxml/license.txt
> +sha256 65ea6ddda98f4274f5c10fb3e07b2269ccdd1e5cbb227be6a2fd78b8f382c976 cereal-1.3.1.tar.gz
> +sha256 58604a126af6a671ea390ee3d5b3e42228aa59b2858fb7af1d5b20b31739ccbb LICENSE
> +sha256 d9e523e8736ac0c68064c7ad312a222f285e82bf6c96a1b1c2cadaffff9fc64f include/cereal/external/base64.hpp
> +sha256 7fb69c707f0ed3a8b59b8f949f0928a9cc06d67bc15d599094693703ff70ea26 include/cereal/external/rapidjson/rapidjson.h
> +sha256 794bf3b2ecf5cf0c740ac6c524d66ce6284c4b1de1f983d21a242b8abbeb9720 include/cereal/external/rapidxml/license.txt
> diff --git a/package/cereal/cereal.mk b/package/cereal/cereal.mk
> index 19faa2ac4e..a44f09c743 100644
> --- a/package/cereal/cereal.mk
> +++ b/package/cereal/cereal.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -CEREAL_VERSION = 1.3.0
> +CEREAL_VERSION = 1.3.1
> CEREAL_SITE = $(call github,USCiLab,cereal,v$(CEREAL_VERSION))
> # For licensing, see also: https://github.com/USCiLab/cereal/issues/609
> CEREAL_LICENSE = BSD-3-Clause (cereal), Zlib (base64.hpp), MIT (rapidjson), BSL-1.0 or MIT (rapidxml)
> @@ -16,7 +16,4 @@ CEREAL_CONF_OPTS = \
> -DTHREAD_SAFE=ON \
> -DJUST_INSTALL_CEREAL=ON
>
> -# 0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
> -CEREAL_IGNORE_CVES += CVE-2020-11105
> -
> $(eval $(cmake-package))
> --
> 2.34.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-01-23 9:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-01-22 22:35 [Buildroot] [PATCH 1/1] package/cereal: bump to version 1.3.1 Fabrice Fontaine
2022-01-23 9:11 ` Yann E. MORIN
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox