| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <da91980ce42f31730dc982920167b2757b9d2769.1756732363.git.mchehab+huawei@kernel.org>
Date: Mon, 1 Sep 2025 15:21:21 +0200
From: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
To: Jonathan Corbet <corbet@....net>,
Linux Doc Mailing List <linux-doc@...r.kernel.org>
Cc: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
Kees Cook <mchehab+huawei@...nel.org>,
Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
linux-kernel@...r.kernel.org,
Stephen Rothwell <sfr@...b.auug.org.au>
Subject: [PATCH 1/2] docs: kernel_include.py: fix an issue when O= is used
As reported by Stephen, building docs with O= is now
broken. Fix it by ensuring that it will seek files under
Kernel source tree.
The original logic was defined to accept including files
under Documentation/output. The new logic doesn't need it
anymore for media, but it might still be useful to preserve
the previous behavior. So, I ended preserving it.
Reported-by: Stephen Rothwell <sfr@...b.auug.org.au>
Closes: https://lore.kernel.org/all/20250901142639.4de35a11@canb.auug.org.au/
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
---
Documentation/sphinx/kernel_include.py | 44 +++++++++++++++++++++++---
1 file changed, 39 insertions(+), 5 deletions(-)
diff --git a/Documentation/sphinx/kernel_include.py b/Documentation/sphinx/kernel_include.py
index 23566ab74866..661ed978bed8 100755
--- a/Documentation/sphinx/kernel_include.py
+++ b/Documentation/sphinx/kernel_include.py
@@ -314,15 +314,49 @@ class KernelInclude(Directive):
def run(self):
"""Include a file as part of the content of this reST file."""
env = self.state.document.settings.env
- path = os.path.realpath(os.path.expandvars(self.arguments[0]))
- # to get a bit security back, prohibit /etc:
- if path.startswith(os.sep + "etc"):
- raise self.severe('Problems with "%s" directive, prohibited path: %s' %
- (self.name, path))
+ #
+ # The include logic accepts only patches relative to:
+ # - Kernel source tree
+ # - Documentation output directory
+ #
+ # The logic does check it to prevent directory traverse
+ #
+
+ srctree = os.path.abspath(os.environ["srctree"])
+
+ path = os.path.expandvars(self.arguments[0])
+ src_path = os.path.join(srctree, path)
+
+ if os.path.isfile(src_path):
+ base = srctree
+ path = src_path
+ elif os.path.exists(arg):
+ # Allow patches from output dir
+ base = os.getcwd()
+ path = os.path.abspath(path)
+ else:
+ raise self.warning(f'File "%s" doesn\'t exist', path)
+
+ abs_base = os.path.abspath(base)
+ abs_full_path = os.path.abspath(os.path.join(base, path))
+
+ try:
+ if os.path.commonpath([abs_full_path, abs_base]) != abs_base:
+ raise self.severe('Problems with "%s" directive, prohibited path: %s' %
+ (self.name, path))
+ except ValueError:
+ # Paths don't have the same drive (Windows) or other incompatibility
+ raise self.severe('Problems with "%s" directive, invalid path: %s' %
+ (self.name, path))
self.arguments[0] = path
+ #
+ # Add path location to Sphinx dependencies to ensure proper cache
+ # invalidation check.
+ #
+
env.note_dependency(os.path.abspath(path))
# HINT: I had to copy&paste the whole Include.run method. I'am not happy
--
2.51.0
Powered by blists - more mailing lists