* [oe-core][kirkstone][PATCH 1/1] xserver-xorg: fix CVE-2022-3550, CVE-2022-3551
@ 2022-11-25 16:44 Soumya
2022-11-25 17:59 ` Steve Sakoman
0 siblings, 1 reply; 3+ messages in thread
From: Soumya @ 2022-11-25 16:44 UTC (permalink / raw)
To: openembedded-core; +Cc: hari.gpillai, Soumya
A vulnerability classified as critical was found in X.org Server. Affected
by this vulnerability is the function _GetCountedString of the file
xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to
apply a patch to fix this issue. The associated identifier of this
vulnerability is VDB-211051.
A vulnerability, which was classified as problematic, has been found in
X.org Server. Affected by this issue is the function ProcXkbGetKbdByName
of the file xkb/xkb.c. The manipulation leads to memory leak. It is
recommended to apply a patch to fix this issue. The identifier of this
vulnerability is VDB-211052.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-3550
https://nvd.nist.gov/vuln/detail/CVE-2022-3551
Upstream patches:
https://gitlab.freedesktop.org/xorg/xserver/commit/11beef0b7f1ed290348e45618e5fa0d2bffcb72e
https://gitlab.freedesktop.org/xorg/xserver/commit/18f91b950e22c2a342a4fbc55e9ddf7534a707d2
Signed-off-by: Soumya <soumya.sambu@windriver.com>
---
...possible-memleaks-in-XkbGetKbdByName.patch | 63 +++++++++++++++++++
...ntedString-against-request-length-at.patch | 38 +++++++++++
2 files changed, 101 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
new file mode 100644
index 0000000000..0e61ec5953
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
@@ -0,0 +1,63 @@
+CVE: CVE-2022-3551
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 13 Jul 2022 11:23:09 +1000
+Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName
+
+GetComponentByName returns an allocated string, so let's free that if we
+fail somewhere.
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ xkb/xkb.c | 26 ++++++++++++++++++++------
+ 1 file changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 4692895db..b79a269e3 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client)
+ xkb = dev->key->xkbInfo->desc;
+ status = Success;
+ str = (unsigned char *) &stuff[1];
+- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */
+- return BadMatch;
++ {
++ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */
++ if (keymap) {
++ free(keymap);
++ return BadMatch;
++ }
++ }
+ names.keycodes = GetComponentSpec(&str, TRUE, &status);
+ names.types = GetComponentSpec(&str, TRUE, &status);
+ names.compat = GetComponentSpec(&str, TRUE, &status);
+ names.symbols = GetComponentSpec(&str, TRUE, &status);
+ names.geometry = GetComponentSpec(&str, TRUE, &status);
+- if (status != Success)
++ if (status == Success) {
++ len = str - ((unsigned char *) stuff);
++ if ((XkbPaddedSize(len) / 4) != stuff->length)
++ status = BadLength;
++ }
++
++ if (status != Success) {
++ free(names.keycodes);
++ free(names.types);
++ free(names.compat);
++ free(names.symbols);
++ free(names.geometry);
+ return status;
+- len = str - ((unsigned char *) stuff);
+- if ((XkbPaddedSize(len) / 4) != stuff->length)
+- return BadLength;
++ }
+
+ CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
+ CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
+--
+2.34.1
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
new file mode 100644
index 0000000000..6f862e82f9
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
@@ -0,0 +1,38 @@
+CVE: CVE-2022-3550
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 11beef0b7f1ed290348e45618e5fa0d2bffcb72e Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 5 Jul 2022 12:06:20 +1000
+Subject: [PATCH] xkb: proof GetCountedString against request length attacks
+
+GetCountedString did a check for the whole string to be within the
+request buffer but not for the initial 2 bytes that contain the length
+field. A swapped client could send a malformed request to trigger a
+swaps() on those bytes, writing into random memory.
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ xkb/xkb.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index f42f59ef3..1841cff26 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -5137,6 +5137,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str)
+ CARD16 len;
+
+ wire = *wire_inout;
++
++ if (client->req_len <
++ bytes_to_int32(wire + 2 - (char *) client->requestBuffer))
++ return BadValue;
++
+ len = *(CARD16 *) wire;
+ if (client->swapped) {
+ swaps(&len);
+--
+2.34.1
+
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [oe-core][kirkstone][PATCH 1/1] xserver-xorg: fix CVE-2022-3550, CVE-2022-3551
2022-11-25 16:44 [oe-core][kirkstone][PATCH 1/1] xserver-xorg: fix CVE-2022-3550, CVE-2022-3551 Soumya
@ 2022-11-25 17:59 ` Steve Sakoman
0 siblings, 0 replies; 3+ messages in thread
From: Steve Sakoman @ 2022-11-25 17:59 UTC (permalink / raw)
To: Soumya; +Cc: openembedded-core, hari.gpillai
On Fri, Nov 25, 2022 at 6:44 AM Soumya <soumya.sambu@windriver.com> wrote:
>
> A vulnerability classified as critical was found in X.org Server. Affected
> by this vulnerability is the function _GetCountedString of the file
> xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to
> apply a patch to fix this issue. The associated identifier of this
> vulnerability is VDB-211051.
>
> A vulnerability, which was classified as problematic, has been found in
> X.org Server. Affected by this issue is the function ProcXkbGetKbdByName
> of the file xkb/xkb.c. The manipulation leads to memory leak. It is
> recommended to apply a patch to fix this issue. The identifier of this
> vulnerability is VDB-211052.
>
> References:
> https://nvd.nist.gov/vuln/detail/CVE-2022-3550
> https://nvd.nist.gov/vuln/detail/CVE-2022-3551
>
> Upstream patches:
> https://gitlab.freedesktop.org/xorg/xserver/commit/11beef0b7f1ed290348e45618e5fa0d2bffcb72e
> https://gitlab.freedesktop.org/xorg/xserver/commit/18f91b950e22c2a342a4fbc55e9ddf7534a707d2
>
> Signed-off-by: Soumya <soumya.sambu@windriver.com>
> ---
> ...possible-memleaks-in-XkbGetKbdByName.patch | 63 +++++++++++++++++++
> ...ntedString-against-request-length-at.patch | 38 +++++++++++
> 2 files changed, 101 insertions(+)
> create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
> create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
You forgot to add the patches to the recipe!
Steve
>
> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
> new file mode 100644
> index 0000000000..0e61ec5953
> --- /dev/null
> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
> @@ -0,0 +1,63 @@
> +CVE: CVE-2022-3551
> +Upstream-Status: Backport
> +Signed-off-by: Ross Burton <ross.burton@arm.com>
> +
> +From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001
> +From: Peter Hutterer <peter.hutterer@who-t.net>
> +Date: Wed, 13 Jul 2022 11:23:09 +1000
> +Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName
> +
> +GetComponentByName returns an allocated string, so let's free that if we
> +fail somewhere.
> +
> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
> +---
> + xkb/xkb.c | 26 ++++++++++++++++++++------
> + 1 file changed, 20 insertions(+), 6 deletions(-)
> +
> +diff --git a/xkb/xkb.c b/xkb/xkb.c
> +index 4692895db..b79a269e3 100644
> +--- a/xkb/xkb.c
> ++++ b/xkb/xkb.c
> +@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client)
> + xkb = dev->key->xkbInfo->desc;
> + status = Success;
> + str = (unsigned char *) &stuff[1];
> +- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */
> +- return BadMatch;
> ++ {
> ++ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */
> ++ if (keymap) {
> ++ free(keymap);
> ++ return BadMatch;
> ++ }
> ++ }
> + names.keycodes = GetComponentSpec(&str, TRUE, &status);
> + names.types = GetComponentSpec(&str, TRUE, &status);
> + names.compat = GetComponentSpec(&str, TRUE, &status);
> + names.symbols = GetComponentSpec(&str, TRUE, &status);
> + names.geometry = GetComponentSpec(&str, TRUE, &status);
> +- if (status != Success)
> ++ if (status == Success) {
> ++ len = str - ((unsigned char *) stuff);
> ++ if ((XkbPaddedSize(len) / 4) != stuff->length)
> ++ status = BadLength;
> ++ }
> ++
> ++ if (status != Success) {
> ++ free(names.keycodes);
> ++ free(names.types);
> ++ free(names.compat);
> ++ free(names.symbols);
> ++ free(names.geometry);
> + return status;
> +- len = str - ((unsigned char *) stuff);
> +- if ((XkbPaddedSize(len) / 4) != stuff->length)
> +- return BadLength;
> ++ }
> +
> + CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
> + CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
> new file mode 100644
> index 0000000000..6f862e82f9
> --- /dev/null
> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
> @@ -0,0 +1,38 @@
> +CVE: CVE-2022-3550
> +Upstream-Status: Backport
> +Signed-off-by: Ross Burton <ross.burton@arm.com>
> +
> +From 11beef0b7f1ed290348e45618e5fa0d2bffcb72e Mon Sep 17 00:00:00 2001
> +From: Peter Hutterer <peter.hutterer@who-t.net>
> +Date: Tue, 5 Jul 2022 12:06:20 +1000
> +Subject: [PATCH] xkb: proof GetCountedString against request length attacks
> +
> +GetCountedString did a check for the whole string to be within the
> +request buffer but not for the initial 2 bytes that contain the length
> +field. A swapped client could send a malformed request to trigger a
> +swaps() on those bytes, writing into random memory.
> +
> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
> +---
> + xkb/xkb.c | 5 +++++
> + 1 file changed, 5 insertions(+)
> +
> +diff --git a/xkb/xkb.c b/xkb/xkb.c
> +index f42f59ef3..1841cff26 100644
> +--- a/xkb/xkb.c
> ++++ b/xkb/xkb.c
> +@@ -5137,6 +5137,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str)
> + CARD16 len;
> +
> + wire = *wire_inout;
> ++
> ++ if (client->req_len <
> ++ bytes_to_int32(wire + 2 - (char *) client->requestBuffer))
> ++ return BadValue;
> ++
> + len = *(CARD16 *) wire;
> + if (client->swapped) {
> + swaps(&len);
> +--
> +2.34.1
> +
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#173777): https://lists.openembedded.org/g/openembedded-core/message/173777
> Mute This Topic: https://lists.openembedded.org/mt/95257196/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [oe-core][kirkstone][PATCH 1/1] xserver-xorg: fix CVE-2022-3550, CVE-2022-3551
@ 2022-12-02 10:29 Soumya
0 siblings, 0 replies; 3+ messages in thread
From: Soumya @ 2022-12-02 10:29 UTC (permalink / raw)
To: openembedded-core; +Cc: steve, Hari.GPillai, Soumya
A vulnerability classified as critical was found in X.org Server. Affected
by this vulnerability is the function _GetCountedString of the file
xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to
apply a patch to fix this issue. The associated identifier of this
vulnerability is VDB-211051.
A vulnerability, which was classified as problematic, has been found in
X.org Server. Affected by this issue is the function ProcXkbGetKbdByName
of the file xkb/xkb.c. The manipulation leads to memory leak. It is
recommended to apply a patch to fix this issue. The identifier of this
vulnerability is VDB-211052.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-3550
https://nvd.nist.gov/vuln/detail/CVE-2022-3551
Upstream patches:
https://gitlab.freedesktop.org/xorg/xserver/commit/11beef0b7f1ed290348e45618e5fa0d2bffcb72e
https://gitlab.freedesktop.org/xorg/xserver/commit/18f91b950e22c2a342a4fbc55e9ddf7534a707d2
Signed-off-by: Soumya <soumya.sambu@windriver.com>
---
...possible-memleaks-in-XkbGetKbdByName.patch | 63 +++++++++++++++++++
...ntedString-against-request-length-at.patch | 38 +++++++++++
.../xorg-xserver/xserver-xorg_21.1.4.bb | 2 +
3 files changed, 103 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
new file mode 100644
index 0000000000..0e61ec5953
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
@@ -0,0 +1,63 @@
+CVE: CVE-2022-3551
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 13 Jul 2022 11:23:09 +1000
+Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName
+
+GetComponentByName returns an allocated string, so let's free that if we
+fail somewhere.
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ xkb/xkb.c | 26 ++++++++++++++++++++------
+ 1 file changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 4692895db..b79a269e3 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client)
+ xkb = dev->key->xkbInfo->desc;
+ status = Success;
+ str = (unsigned char *) &stuff[1];
+- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */
+- return BadMatch;
++ {
++ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */
++ if (keymap) {
++ free(keymap);
++ return BadMatch;
++ }
++ }
+ names.keycodes = GetComponentSpec(&str, TRUE, &status);
+ names.types = GetComponentSpec(&str, TRUE, &status);
+ names.compat = GetComponentSpec(&str, TRUE, &status);
+ names.symbols = GetComponentSpec(&str, TRUE, &status);
+ names.geometry = GetComponentSpec(&str, TRUE, &status);
+- if (status != Success)
++ if (status == Success) {
++ len = str - ((unsigned char *) stuff);
++ if ((XkbPaddedSize(len) / 4) != stuff->length)
++ status = BadLength;
++ }
++
++ if (status != Success) {
++ free(names.keycodes);
++ free(names.types);
++ free(names.compat);
++ free(names.symbols);
++ free(names.geometry);
+ return status;
+- len = str - ((unsigned char *) stuff);
+- if ((XkbPaddedSize(len) / 4) != stuff->length)
+- return BadLength;
++ }
+
+ CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
+ CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
+--
+2.34.1
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
new file mode 100644
index 0000000000..6f862e82f9
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
@@ -0,0 +1,38 @@
+CVE: CVE-2022-3550
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 11beef0b7f1ed290348e45618e5fa0d2bffcb72e Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 5 Jul 2022 12:06:20 +1000
+Subject: [PATCH] xkb: proof GetCountedString against request length attacks
+
+GetCountedString did a check for the whole string to be within the
+request buffer but not for the initial 2 bytes that contain the length
+field. A swapped client could send a malformed request to trigger a
+swaps() on those bytes, writing into random memory.
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ xkb/xkb.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index f42f59ef3..1841cff26 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -5137,6 +5137,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str)
+ CARD16 len;
+
+ wire = *wire_inout;
++
++ if (client->req_len <
++ bytes_to_int32(wire + 2 - (char *) client->requestBuffer))
++ return BadValue;
++
+ len = *(CARD16 *) wire;
+ if (client->swapped) {
+ swaps(&len);
+--
+2.34.1
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb
index b9cbc9989e..7ed2096560 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb
@@ -2,6 +2,8 @@ require xserver-xorg.inc
SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
+ file://0001-xkb-proof-GetCountedString-against-request-length-at.patch \
+ file://0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch \
"
SRC_URI[sha256sum] = "5cc4be8ee47edb58d4a90e603a59d56b40291ad38371b0bd2471fc3cbee1c587"
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-12-02 10:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-25 16:44 [oe-core][kirkstone][PATCH 1/1] xserver-xorg: fix CVE-2022-3550, CVE-2022-3551 Soumya
2022-11-25 17:59 ` Steve Sakoman
2022-12-02 10:29 Soumya
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.