[oe-commits] [openembedded-core] 02/02: classes: sanity-check LIC_FILES_CHKSUM

git at git.openembedded.org git at git.openembedded.org
Tue Aug 14 09:49:03 UTC 2018 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch master-next
in repository openembedded-core.

commit 9a8bc95019f29bd03538ed80fa4c4d978e1253b7
Author: Ross Burton <ross.burton at intel.com>
AuthorDate: Mon Aug 13 18:20:54 2018 +0100

    classes: sanity-check LIC_FILES_CHKSUM
    
    We assume that LIC_FILES_CHKSUM is a file: URI but don't actually verify this,
    which can lead to problems if you have a URI that resolves to a path of / as
    Bitbake will then dutifully checksum / recursively.
    
    [ YOCTO #12883 ]
    
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
 meta/classes/base.bbclass    | 4 ++--
 meta/classes/license.bbclass | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index 1a359a0..df11c8b 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -100,8 +100,8 @@ def get_lic_checksum_file_list(d):
         # We only care about items that are absolute paths since
         # any others should be covered by SRC_URI.
         try:
-            path = bb.fetch.decodeurl(url)[2]
-            if not path:
+            (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            if method != "file" or not path:
                 raise bb.fetch.MalformedUrl(url)
 
             if path[0] == '/':
diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass
index 2ac15a1..4cf7f07 100644
--- a/meta/classes/license.bbclass
+++ b/meta/classes/license.bbclass
@@ -205,7 +205,9 @@ def find_license_files(d):
 
     for url in lic_files.split():
         try:
-            (type, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            if method != "file" or not path:
+                raise bb.fetch.MalformedUrl()
         except bb.fetch.MalformedUrl:
             bb.fatal("%s: LIC_FILES_CHKSUM contains an invalid URL:  %s" % (d.getVar('PF'), url))
         # We want the license filename and path

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list