[OE-core] [yocto-security][PATCH] package_ipk: Remove Source entry from ipk packages
Andrej Valek
andrej.valek at siemens.com
Thu Jun 15 13:43:44 UTC 2017
There is the potential for sensitive information to leak through the urls
there and removing it brings this into the behavior of the other package
backends since filtering it is likely error prone.
Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
---
meta/classes/package_ipk.bbclass | 4 ----
1 file changed, 4 deletions(-)
diff --git a/meta/classes/package_ipk.bbclass b/meta/classes/package_ipk.bbclass
index d2ce3b3..2a291b0 100644
--- a/meta/classes/package_ipk.bbclass
+++ b/meta/classes/package_ipk.bbclass
@@ -205,10 +205,6 @@ def ipk_write_pkg(pkg, d):
ctrlfile.write("Replaces: %s\n" % bb.utils.join_deps(rreplaces))
if rconflicts:
ctrlfile.write("Conflicts: %s\n" % bb.utils.join_deps(rconflicts))
- src_uri = localdata.getVar("SRC_URI").strip() or "None"
- if src_uri:
- src_uri = re.sub("\s+", " ", src_uri)
- ctrlfile.write("Source: %s\n" % " ".join(src_uri.split()))
ctrlfile.close()
for script in ["preinst", "postinst", "prerm", "postrm"]:
--
2.1.4
More information about the Openembedded-core
mailing list