* [oe-core][PATCH 4/5] avahi fix CVE-2023-38472
@ 2023-11-16 11:18 mgupta1
0 siblings, 0 replies; 4+ messages in thread
From: mgupta1 @ 2023-11-16 11:18 UTC (permalink / raw)
To: openembedded-core
From: Meenali Gupta <meenali.gupta@windriver.com>
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_rdata_parse() function.
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38472.patch | 46 +++++++++++++++++++
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 9c903d6868..84eb1c554d 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -29,6 +29,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
file://CVE-2023-38469.patch \
file://CVE-2023-38470.patch \
file://CVE-2023-38471.patch \
+ file://CVE-2023-38472.patch \
"
GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/"
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
new file mode 100644
index 0000000000..a1de8e2a5a
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
@@ -0,0 +1,46 @@
+From 8cf606779dc356768afc6b70e53f2808a9655143 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Thu, 19 Oct 2023 17:36:44 +0200
+Subject: [PATCH] avahi: core: make sure there is rdata to process before
+ parsing it
+
+Fixes #452
+
+Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
+CVE: CVE-2023-38472
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ avahi-client/client-test.c | 3 +++
+ avahi-daemon/dbus-entry-group.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c
+index 7d04a6a..57750a4 100644
+--- a/avahi-client/client-test.c
++++ b/avahi-client/client-test.c
+@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
+ printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
+ printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
+
++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
++ assert(error != AVAHI_OK);
++
+ avahi_entry_group_commit (group);
+
+ domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
+diff --git a/avahi-daemon/dbus-entry-group.c b/avahi-daemon/dbus-entry-group.c
+index 4e879a5..aa23d4b 100644
+--- a/avahi-daemon/dbus-entry-group.c
++++ b/avahi-daemon/dbus-entry-group.c
+@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage
+ if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
+
+- if (avahi_rdata_parse (r, rdata, size) < 0) {
++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
+ avahi_record_unref (r);
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
+ }
+--
+2.40.0
--
2.40.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [oe-core][PATCH 4/5] avahi: fix CVE-2023-38472
@ 2023-11-16 11:44 mgupta1
2023-11-16 16:32 ` Alexandre Belloni
0 siblings, 1 reply; 4+ messages in thread
From: mgupta1 @ 2023-11-16 11:44 UTC (permalink / raw)
To: openembedded-core
From: Meenali Gupta <meenali.gupta@windriver.com>
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_rdata_parse() function.
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38472.patch | 46 +++++++++++++++++++
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 9c903d6868..84eb1c554d 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -29,6 +29,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
file://CVE-2023-38469.patch \
file://CVE-2023-38470.patch \
file://CVE-2023-38471.patch \
+ file://CVE-2023-38472.patch \
"
GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/"
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
new file mode 100644
index 0000000000..a1de8e2a5a
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
@@ -0,0 +1,46 @@
+From 8cf606779dc356768afc6b70e53f2808a9655143 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Thu, 19 Oct 2023 17:36:44 +0200
+Subject: [PATCH] avahi: core: make sure there is rdata to process before
+ parsing it
+
+Fixes #452
+
+Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
+CVE: CVE-2023-38472
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ avahi-client/client-test.c | 3 +++
+ avahi-daemon/dbus-entry-group.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c
+index 7d04a6a..57750a4 100644
+--- a/avahi-client/client-test.c
++++ b/avahi-client/client-test.c
+@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
+ printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
+ printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
+
++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
++ assert(error != AVAHI_OK);
++
+ avahi_entry_group_commit (group);
+
+ domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
+diff --git a/avahi-daemon/dbus-entry-group.c b/avahi-daemon/dbus-entry-group.c
+index 4e879a5..aa23d4b 100644
+--- a/avahi-daemon/dbus-entry-group.c
++++ b/avahi-daemon/dbus-entry-group.c
+@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage
+ if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
+
+- if (avahi_rdata_parse (r, rdata, size) < 0) {
++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
+ avahi_record_unref (r);
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
+ }
+--
+2.40.0
--
2.40.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [oe-core][PATCH 4/5] avahi: fix CVE-2023-38472
2023-11-16 11:44 [oe-core][PATCH 4/5] avahi: fix CVE-2023-38472 mgupta1
@ 2023-11-16 16:32 ` Alexandre Belloni
2023-11-17 14:08 ` Gupta, Meenali
0 siblings, 1 reply; 4+ messages in thread
From: Alexandre Belloni @ 2023-11-16 16:32 UTC (permalink / raw)
To: meenali.gupta; +Cc: openembedded-core
Please version properly your patches, this should have been v2.
Also please resend the whole series because now, I have to go and
cherry-pick patches from v1 because 5/5 doesn't apply standalone.
You hsould not push this work on the maintainers.
On 16/11/2023 11:44:50+0000, Meenali Gupta via lists.openembedded.org wrote:
> From: Meenali Gupta <meenali.gupta@windriver.com>
>
> A vulnerability was found in Avahi. A reachable assertion exists
> in the avahi_rdata_parse() function.
>
> Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
> ---
> meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
> .../avahi/files/CVE-2023-38472.patch | 46 +++++++++++++++++++
> 2 files changed, 47 insertions(+)
> create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
>
> diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
> index 9c903d6868..84eb1c554d 100644
> --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
> +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
> @@ -29,6 +29,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
> file://CVE-2023-38469.patch \
> file://CVE-2023-38470.patch \
> file://CVE-2023-38471.patch \
> + file://CVE-2023-38472.patch \
> "
>
> GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/"
> diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
> new file mode 100644
> index 0000000000..a1de8e2a5a
> --- /dev/null
> +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
> @@ -0,0 +1,46 @@
> +From 8cf606779dc356768afc6b70e53f2808a9655143 Mon Sep 17 00:00:00 2001
> +From: Michal Sekletar <msekleta@redhat.com>
> +Date: Thu, 19 Oct 2023 17:36:44 +0200
> +Subject: [PATCH] avahi: core: make sure there is rdata to process before
> + parsing it
> +
> +Fixes #452
> +
> +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
> +CVE: CVE-2023-38472
> +
> +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
> +---
> + avahi-client/client-test.c | 3 +++
> + avahi-daemon/dbus-entry-group.c | 2 +-
> + 2 files changed, 4 insertions(+), 1 deletion(-)
> +
> +diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c
> +index 7d04a6a..57750a4 100644
> +--- a/avahi-client/client-test.c
> ++++ b/avahi-client/client-test.c
> +@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
> + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
> + printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
> +
> ++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
> ++ assert(error != AVAHI_OK);
> ++
> + avahi_entry_group_commit (group);
> +
> + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
> +diff --git a/avahi-daemon/dbus-entry-group.c b/avahi-daemon/dbus-entry-group.c
> +index 4e879a5..aa23d4b 100644
> +--- a/avahi-daemon/dbus-entry-group.c
> ++++ b/avahi-daemon/dbus-entry-group.c
> +@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage
> + if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
> + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
> +
> +- if (avahi_rdata_parse (r, rdata, size) < 0) {
> ++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
> + avahi_record_unref (r);
> + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
> + }
> +--
> +2.40.0
> --
> 2.40.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#190784): https://lists.openembedded.org/g/openembedded-core/message/190784
> Mute This Topic: https://lists.openembedded.org/mt/102625030/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [oe-core][PATCH 4/5] avahi: fix CVE-2023-38472
2023-11-16 16:32 ` Alexandre Belloni
@ 2023-11-17 14:08 ` Gupta, Meenali
0 siblings, 0 replies; 4+ messages in thread
From: Gupta, Meenali @ 2023-11-17 14:08 UTC (permalink / raw)
To: Alexandre Belloni; +Cc: openembedded-core@lists.openembedded.org
[-- Attachment #1: Type: text/plain, Size: 5314 bytes --]
Hi Alexandre,
Understood your point, will abide by your request.
Regards
Meenali
________________________________
From: Alexandre Belloni <alexandre.belloni@bootlin.com>
Sent: 16 November 2023 22:02
To: Gupta, Meenali <Meenali.Gupta@windriver.com>
Cc: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>
Subject: Re: [oe-core][PATCH 4/5] avahi: fix CVE-2023-38472
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.
Please version properly your patches, this should have been v2.
Also please resend the whole series because now, I have to go and
cherry-pick patches from v1 because 5/5 doesn't apply standalone.
You hsould not push this work on the maintainers.
On 16/11/2023 11:44:50+0000, Meenali Gupta via lists.openembedded.org wrote:
> From: Meenali Gupta <meenali.gupta@windriver.com>
>
> A vulnerability was found in Avahi. A reachable assertion exists
> in the avahi_rdata_parse() function.
>
> Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
> ---
> meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
> .../avahi/files/CVE-2023-38472.patch | 46 +++++++++++++++++++
> 2 files changed, 47 insertions(+)
> create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
>
> diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
> index 9c903d6868..84eb1c554d 100644
> --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
> +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
> @@ -29,6 +29,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
> file://CVE-2023-38469.patch \
> file://CVE-2023-38470.patch \
> file://CVE-2023-38471.patch \
> + file://CVE-2023-38472.patch \
> "
>
> GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/"
> diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
> new file mode 100644
> index 0000000000..a1de8e2a5a
> --- /dev/null
> +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
> @@ -0,0 +1,46 @@
> +From 8cf606779dc356768afc6b70e53f2808a9655143 Mon Sep 17 00:00:00 2001
> +From: Michal Sekletar <msekleta@redhat.com>
> +Date: Thu, 19 Oct 2023 17:36:44 +0200
> +Subject: [PATCH] avahi: core: make sure there is rdata to process before
> + parsing it
> +
> +Fixes #452
> +
> +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
> +CVE: CVE-2023-38472
> +
> +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
> +---
> + avahi-client/client-test.c | 3 +++
> + avahi-daemon/dbus-entry-group.c | 2 +-
> + 2 files changed, 4 insertions(+), 1 deletion(-)
> +
> +diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c
> +index 7d04a6a..57750a4 100644
> +--- a/avahi-client/client-test.c
> ++++ b/avahi-client/client-test.c
> +@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
> + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
> + printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
> +
> ++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
> ++ assert(error != AVAHI_OK);
> ++
> + avahi_entry_group_commit (group);
> +
> + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
> +diff --git a/avahi-daemon/dbus-entry-group.c b/avahi-daemon/dbus-entry-group.c
> +index 4e879a5..aa23d4b 100644
> +--- a/avahi-daemon/dbus-entry-group.c
> ++++ b/avahi-daemon/dbus-entry-group.c
> +@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage
> + if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
> + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
> +
> +- if (avahi_rdata_parse (r, rdata, size) < 0) {
> ++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
> + avahi_record_unref (r);
> + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
> + }
> +--
> +2.40.0
> --
> 2.40.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#190784): https://lists.openembedded.org/g/openembedded-core/message/190784
> Mute This Topic: https://lists.openembedded.org/mt/102625030/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
[-- Attachment #2: Type: text/html, Size: 9238 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-11-17 14:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-16 11:44 [oe-core][PATCH 4/5] avahi: fix CVE-2023-38472 mgupta1
2023-11-16 16:32 ` Alexandre Belloni
2023-11-17 14:08 ` Gupta, Meenali
-- strict thread matches above, loose matches on Subject: below --
2023-11-16 11:18 [oe-core][PATCH 4/5] avahi " mgupta1
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox