NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/cereal: bump to version 1.3.1

Browse Source 
- Drop patch (already in version)
- Update hash of LICENSE file (license updated to match BSD template:
  8291f44e05)
- Update indentation in hash file (two spaces)

https://github.com/USCiLab/cereal/releases/tag/v1.3.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Fabrice Fontaine 2022-01-22 23:35:16 +01:00 committed by Yann E. MORIN
parent 653dc2e710
commit d824fc1145
3 changed files with 6 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
package/cereal/0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
View File

@ -1,67 +0,0 @@
From f27c12d491955c94583512603bf32c4568f20929 Mon Sep 17 00:00:00 2001
From: Michael Walz <code@serpedon.de>
Date: Tue, 2 Feb 2021 00:50:29 +0100
Subject: [PATCH] Store a copy of each serialized shared_ptr within the archive
to prevent the shared_ptr to be freed to early. (#667)
The archives use the memory address pointed by the shared_ptr as a
unique id which must not be reused during lifetime of the archive.
Therefore, the archives stores a copy of it.
This problem was also reported as CVE-2020-11105.
[Retrieved from:
https://github.com/USCiLab/cereal/commit/f27c12d491955c94583512603bf32c4568f20929]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
include/cereal/cereal.hpp | 13 +++++++++++--
include/cereal/types/memory.hpp | 2 +-
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/include/cereal/cereal.hpp b/include/cereal/cereal.hpp
index 99bed9d6..f0d15e8b 100644
--- a/include/cereal/cereal.hpp
+++ b/include/cereal/cereal.hpp
@@ -369,12 +369,17 @@ namespace cereal
point to the same data.
@internal
- @param addr The address (see shared_ptr get()) pointed to by the shared pointer
+ @param sharedPointer The shared pointer itself (the adress is taked via get()).
+ The archive takes a copy to prevent the memory location to be freed
+ as long as the address is used as id. This is needed to prevent CVE-2020-11105.
@return A key that uniquely identifies the pointer */
- inline std::uint32_t registerSharedPointer( void const * addr )
+ inline std::uint32_t registerSharedPointer(const std::shared_ptr<const void>& sharedPointer)
{
+ void const * addr = sharedPointer.get();
+
// Handle null pointers by just returning 0
if(addr == 0) return 0;
+ itsSharedPointerStorage.push_back(sharedPointer);
auto id = itsSharedPointerMap.find( addr );
if( id == itsSharedPointerMap.end() )
@@ -645,6 +650,10 @@ namespace cereal
//! Maps from addresses to pointer ids
std::unordered_map<void const *, std::uint32_t> itsSharedPointerMap;
+ //! Copy of shared pointers used in #itsSharedPointerMap to make sure they are kept alive
+ // during lifetime of itsSharedPointerMap to prevent CVE-2020-11105.
+ std::vector<std::shared_ptr<const void>> itsSharedPointerStorage;
+
//! The id to be given to the next pointer
std::uint32_t itsCurrentPointerId;
diff --git a/include/cereal/types/memory.hpp b/include/cereal/types/memory.hpp
index 59e9da9b..cac1f334 100644
--- a/include/cereal/types/memory.hpp
+++ b/include/cereal/types/memory.hpp
@@ -263,7 +263,7 @@ namespace cereal
{
auto & ptr = wrapper.ptr;
- uint32_t id = ar.registerSharedPointer( ptr.get() );
+ uint32_t id = ar.registerSharedPointer( ptr );
ar( CEREAL_NVP_("id", id) );
if( id & detail::msb_32bit )

10
package/cereal/cereal.hash
View File

@ -1,6 +1,6 @@
# Locally computed
sha256 329ea3e3130b026c03a4acc50e168e7daff4e6e661bc6a7dfec0d77b570851d5 cereal-1.3.0.tar.gz
sha256 18fd7618c44c9fe28b5f54cd19747df3c0472ed33e8507fea571e2acf6e72f34 LICENSE
sha256 d9e523e8736ac0c68064c7ad312a222f285e82bf6c96a1b1c2cadaffff9fc64f include/cereal/external/base64.hpp
sha256 7fb69c707f0ed3a8b59b8f949f0928a9cc06d67bc15d599094693703ff70ea26 include/cereal/external/rapidjson/rapidjson.h
sha256 794bf3b2ecf5cf0c740ac6c524d66ce6284c4b1de1f983d21a242b8abbeb9720 include/cereal/external/rapidxml/license.txt
sha256 65ea6ddda98f4274f5c10fb3e07b2269ccdd1e5cbb227be6a2fd78b8f382c976 cereal-1.3.1.tar.gz
sha256 58604a126af6a671ea390ee3d5b3e42228aa59b2858fb7af1d5b20b31739ccbb LICENSE
sha256 d9e523e8736ac0c68064c7ad312a222f285e82bf6c96a1b1c2cadaffff9fc64f include/cereal/external/base64.hpp
sha256 7fb69c707f0ed3a8b59b8f949f0928a9cc06d67bc15d599094693703ff70ea26 include/cereal/external/rapidjson/rapidjson.h
sha256 794bf3b2ecf5cf0c740ac6c524d66ce6284c4b1de1f983d21a242b8abbeb9720 include/cereal/external/rapidxml/license.txt

5
package/cereal/cereal.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
CEREAL_VERSION = 1.3.0
CEREAL_VERSION = 1.3.1
CEREAL_SITE = $(call github,USCiLab,cereal,v$(CEREAL_VERSION))
# For licensing, see also: https://github.com/USCiLab/cereal/issues/609
CEREAL_LICENSE = BSD-3-Clause (cereal), Zlib (base64.hpp), MIT (rapidjson), BSL-1.0 or MIT (rapidxml)
@ -16,7 +16,4 @@ CEREAL_CONF_OPTS = \
-DTHREAD_SAFE=ON \
-DJUST_INSTALL_CEREAL=ON
# 0001-Store-a-copy-of-each-serialized-shared_ptr-within-the-archive.patch
CEREAL_IGNORE_CVES += CVE-2020-11105
$(eval $(cmake-package))