Re: [PATCH 6.6 003/331] docs: kernel_feat.py: fix potential command injection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Jan 30, 2024 at 10:21 AM Jonathan Corbet <corbet@xxxxxxx> wrote:
>
> Justin Forbes <jforbes@xxxxxxxxxxxxxxxxx> writes:
>
> > On Mon, Jan 29, 2024 at 09:01:07AM -0800, Greg Kroah-Hartman wrote:
> >> 6.6-stable review patch.  If anyone has any objections, please let me know.
> >>
> >> ------------------
> >>
> >> From: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
> >>
> >> [ Upstream commit c48a7c44a1d02516309015b6134c9bb982e17008 ]
> >>
> >> The kernel-feat directive passes its argument straight to the shell.
> >> This is unfortunate and unnecessary.
> >>
> >> Let's always use paths relative to $srctree/Documentation/ and use
> >> subprocess.check_call() instead of subprocess.Popen(shell=True).
> >>
> >> This also makes the code shorter.
> >>
> >> This is analogous to commit 3231dd586277 ("docs: kernel_abi.py: fix
> >> command injection") where we did exactly the same thing for
> >> kernel_abi.py, somehow I completely missed this one.
> >>
> >> Link: https://fosstodon.org/@jani/111676532203641247
> >> Reported-by: Jani Nikula <jani.nikula@xxxxxxxxx>
> >> Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
> >> Cc: stable@xxxxxxxxxxxxxxx
> >> Signed-off-by: Jonathan Corbet <corbet@xxxxxxx>
> >> Link: https://lore.kernel.org/r/20240110174758.3680506-1-vegard.nossum@xxxxxxxxxx
> >> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
> >
> > This patch seems to be missing something. In 6.6.15-rc1 I get a doc
> > build failure with:
> >
> > /builddir/build/BUILD/kernel-6.6.14-332-g1ff49073b88b/linux-6.6.15-0.rc1.1ff49073b88b.200.fc39.noarch/Documentation/sphinx/kerneldoc.py:133: SyntaxWarning: invalid escape sequence '\.'
> >   line_regex = re.compile("^\.\. LINENO ([0-9]+)$")
>
> Ah ... you're missing 86a0adc029d3 (Documentation/sphinx: fix Python
> string escapes).  That is not a problem with this patch, though; I would
> expect you to get the same error (with Python 3.12) without.

Well, it appears that 6.6.15 shipped anyway, with this patch included,
but not with 86a0adc029d3.  If anyone else builds docs, this thread
should at least show them the fix.  Perhaps we can get the missing
patch into 6.6.16?

Jusitn

> Thanks,
>
> jon
>
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux