openembedded-core.git/meta/recipes-devtools/dpkg, branch 2015-4 Mirror of openembedded-core dpkg-native: Avoid 'file changed' errors from tar 2015-03-31T21:21:45+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2015-03-28T08:50:27+00:00 77e077a57536c764034f06723edd0749dc578626 Hardlink count duing do_package_write_deb can change causing dpkg-deb failures. We don't care about this error case so avoid it by checking the tar exit code. [YOCTO #7529] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Hardlink count duing do_package_write_deb can change causing dpkg-deb
failures. We don't care about this error case so avoid it by checking
the tar exit code.

[YOCTO #7529]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
dpkg: Don't move update-alternatives to sbindir 2015-03-24T10:07:59+00:00 Andreas Oberritter obi@opendreambox.org 2015-03-23T19:09:25+00:00 5f6faeb24ba80cdb6c9f62b185e40adc15f0fd6e Debian, Ubuntu and opkg all have it in bindir. Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Debian, Ubuntu and opkg all have it in bindir.

Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
recipes: Delete superfluous assignments, S = ${WORKDIR}/${BP} 2015-02-23T18:00:12+00:00 Robert P. J. Day rpjday@crashcourse.ca 2015-02-21T21:28:42+00:00 ebe8578df3f162045086cd60a129eb7ac3eacf4c Given that bitbake.conf sets the default values: BP = "${BPN}-${PV}" S = "${WORKDIR}/${BP}" there are a number of recipes that set the variable S completely superfluously, so get rid of them. Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Given that bitbake.conf sets the default values:

BP = "${BPN}-${PV}"
S = "${WORKDIR}/${BP}"

there are a number of recipes that set the variable S completely
superfluously, so get rid of them.

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta: enable parallel build for several recipes 2015-02-14T22:26:10+00:00 Robert Yang liezhi.yang@windriver.com 2015-02-13T01:39:34+00:00 7957c5bc2771a763d26e50e716733c6335cef3c2 I used a for loop to build these packages more than 520 times, these recipes never failed. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
I used a for loop to build these packages more than 520 times, these
recipes never failed.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
dpkg: add perl to RDEPENDS 2015-02-03T14:53:40+00:00 Robert Yang liezhi.yang@windriver.com 2015-01-19T08:21:58+00:00 eb7179e3c182dc456956fd8ae7e0b512488ad0f2 perl scripts: packages-split/dpkg/usr/bin/dpkg-parsechangelog:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-mergechangelogs:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-architecture:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-vendor:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-shlibdeps:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-scanpackages:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-buildpackage:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-genchanges:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-gensymbols:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-distaddfile:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-buildflags:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-checkbuilddeps:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-gencontrol:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-scansources:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-source:#!/usr/bin/perl packages-split/dpkg/usr/bin/dpkg-name:#!/usr/bin/perl packages-split/dpkg/usr/lib/dpkg/parsechangelog/debian:#!/usr/bin/perl Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
perl scripts:
packages-split/dpkg/usr/bin/dpkg-parsechangelog:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-mergechangelogs:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-architecture:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-vendor:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-shlibdeps:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-scanpackages:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-buildpackage:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-genchanges:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-gensymbols:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-distaddfile:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-buildflags:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-checkbuilddeps:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-gencontrol:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-scansources:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-source:#!/usr/bin/perl
packages-split/dpkg/usr/bin/dpkg-name:#!/usr/bin/perl
packages-split/dpkg/usr/lib/dpkg/parsechangelog/debian:#!/usr/bin/perl

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
dpkg: fix host contamination 2015-01-29T10:37:53+00:00 Dan McGregor dan.mcgregor@usask.ca 2015-01-15T15:41:14+00:00 45bcb1ea92f244df4745aca6f9f9556c43e9b6ce Force dpkg to use "tar" on the target. The dpkg configure script looks for gnutar, gtar, and tar in order. If it finds gnutar or gtar on the host it expects to use that as its tar program on the target. Without this, if gtar exists (as it does on my system) then dpkg will consistently fail on the target with an error about gtar not being found. Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Force dpkg to use "tar" on the target.

The dpkg configure script looks for gnutar, gtar, and
tar in order. If it finds gnutar or gtar on the host
it expects to use that as its tar program on the target.
Without this, if gtar exists (as it does on my system) then
dpkg will consistently fail on the target with an error about
gtar not being found.

Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
dpkg: Upgrade to 1.17.21 2014-12-25T08:17:19+00:00 Aníbal Limón anibal.limon@linux.intel.com 2014-11-24T21:16:31+00:00 d09ea40d7f5b59f37625e43973c363c07053fdfb Remove dpkg-1.17.4-CVE-2014-0471, dpkg-1.17.4-CVE-2014-0471-CVE-2014-3127 and ignore_extra_fields patches that are already in upstream. Rebase no-vla-warning patch. Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Remove dpkg-1.17.4-CVE-2014-0471, dpkg-1.17.4-CVE-2014-0471-CVE-2014-3127 and
ignore_extra_fields patches that are already in upstream.

Rebase no-vla-warning patch.

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
dpkg: Security Advisory - CVE-2014-3127 2014-06-17T09:23:45+00:00 Guillem Jover guillem@debian.org 2014-06-17T08:25:52+00:00 2c3838443eacd3a86ea8917ea53a20248e7bdf03 v2 changes: * update format for commit log * add Upstream-Status for patch commit a12eb58959d0a10584a428f4a3103a49204c410f upstream Dpkg::Source::Patch: Outright reject C-style filenames in patches Because patch only started recognizing C-style filenames in diffs in version 2.7, it's not safe to assume one behaviour or the other, as the system might or might not have a recent enough version, or a GNU patch program at all. There's also no reason we should be supporting this kind of strange encoded filenames in patches, when we have not done so up to now. Let's just ban these types of diffs and be done with it. Fixes: CVE-2014-0471, CVE-2014-3127 Closes: #746306 [drop the text for debian/changelog,because it's not suitable for the veriosn] Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
v2 changes:
* update format for commit log
* add Upstream-Status for patch

commit a12eb58959d0a10584a428f4a3103a49204c410f upstream

Dpkg::Source::Patch: Outright reject C-style filenames in patches

Because patch only started recognizing C-style filenames in diffs
in version 2.7, it's not safe to assume one behaviour or the other,
as the system might or might not have a recent enough version, or
a GNU patch program at all. There's also no reason we should be
supporting this kind of strange encoded filenames in patches, when
we have not done so up to now.

Let's just ban these types of diffs and be done with it.

Fixes: CVE-2014-0471, CVE-2014-3127
Closes: #746306

[drop the text for debian/changelog,because it's not suitable
for the veriosn]
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
dpkg: Security Advisory - CVE-2014-0471 2014-06-17T09:23:45+00:00 Guillem Jover guillem@debian.org 2014-06-17T08:25:51+00:00 81880b34a8261e824c5acafaa4cb321908e554a0 v2 changes: * update format for commit log * add Upstream-Status for patch commit a82651188476841d190c58693f95827d61959b51 upstream Dkpkg::Source::Patch: Correctly parse C-style diff filenames We need to strip the surrounding quotes, and unescape any escape sequence, so that we check the same files that the patch program will be using, otherwise a malicious package could overpass those checks, and perform directory traversal attacks on source package unpacking. Fixes: CVE-2014-0471 Reported-by: Jakub Wilk <jwilk@debian.org> [drop the text for debian/changelog,because it's not suitable for the veriosn] Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
v2 changes:
* update format for commit log
* add Upstream-Status for patch

commit a82651188476841d190c58693f95827d61959b51 upstream

Dkpkg::Source::Patch: Correctly parse C-style diff filenames

We need to strip the surrounding quotes, and unescape any escape
sequence, so that we check the same files that the patch program will
be using, otherwise a malicious package could overpass those checks,
and perform directory traversal attacks on source package unpacking.

Fixes: CVE-2014-0471

Reported-by: Jakub Wilk <jwilk@debian.org>
[drop the text for debian/changelog,because it's not suitable
 for the veriosn]

Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Globally replace 'base_contains' calls with 'bb.utils.contains' 2014-04-25T16:10:58+00:00 Otavio Salvador otavio@ossystems.com.br 2014-04-24T18:59:20+00:00 d83b16dbf0862be387f84228710cb165c6d2b03b The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>