[meta-intel] [PATCH] oobe: fixed shell injection vulnerability
mark at yoctoproject.org
mark at yoctoproject.org
Mon Apr 20 16:59:35 PDT 2015
From: Mark Ceisel <mark.n.ceisel at intel.com>
Tracked-On: EDISON-2544
changed configure_edison script to use subprocess.call or Popen for commands
that have arguments
Change-Id: I6d79ff8b0bc544dda3ff00f3e95dc0f178889698
Signed-off-by: Mark Ceisel <mark.n.ceisel at intel.com>
---
.../recipes-support/oobe/oobe_0.0.1.bb | 65 ----------------------
.../recipes-support/oobe/oobe_0.0.2.bb | 65 ++++++++++++++++++++++
2 files changed, 65 insertions(+), 65 deletions(-)
delete mode 100644 meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.1.bb
create mode 100644 meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.2.bb
diff --git a/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.1.bb b/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.1.bb
deleted file mode 100644
index 709c408..0000000
--- a/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.1.bb
+++ /dev/null
@@ -1,65 +0,0 @@
-DESCRIPTION="The out-of-box configuration service"
-LICENSE = "MIT"
-
-SRC_URI = "git://github.com/01org/edison-oobe.git;protocol=https"
-SRCREV = "e50c93cd5124bb1112a9e992a1569975df6c9a8a"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=ea398a763463b76b18da15f013c0c531"
-
-S = "${WORKDIR}/git"
-
-DEPENDS = "nodejs-native"
-
-do_compile() {
- # changing the home directory to the working directory, the .npmrc will be created in this directory
- export HOME=${WORKDIR}
-
- # does not build dev packages
- npm config set dev false
-
- # access npm registry using http
- npm set strict-ssl false
- npm config set registry http://registry.npmjs.org/
-
- # configure http proxy if neccessary
- if [ -n "${http_proxy}" ]; then
- npm config set proxy ${http_proxy}
- fi
- if [ -n "${HTTP_PROXY}" ]; then
- npm config set proxy ${HTTP_PROXY}
- fi
-
- # configure cache to be in working directory
- npm set cache ${WORKDIR}/npm_cache
-
- # clear local cache prior to each compile
- npm cache clear
-
- # compile and install node modules in source directory
- npm --arch=${TARGET_ARCH} --verbose install
-}
-
-do_install() {
- install -d ${D}${libdir}/edison_config_tools
- install -d ${D}/var/lib/edison_config_tools
- cp -r ${S}/src/public ${D}${libdir}/edison_config_tools
- cp -r ${S}/node_modules ${D}${libdir}/edison_config_tools
- install -m 0644 ${S}/src/server.js ${D}${libdir}/edison_config_tools/edison-config-server.js
- install -d ${D}${systemd_unitdir}/system/
- install -m 0644 ${S}/src/edison_config.service ${D}${systemd_unitdir}/system/
- install -d ${D}${bindir}
- install -m 0755 ${S}/src/configure_edison ${D}${bindir}
-}
-
-inherit systemd
-
-SYSTEMD_AUTO_ENABLE = "enable"
-SYSTEMD_SERVICE_${PN} = "edison_config.service"
-
-FILES_${PN} = "${libdir}/edison_config_tools \
- ${systemd_unitdir}/system \
- /var/lib/edison_config_tools \
- ${bindir}/"
-
-PACKAGES = "${PN}"
-
diff --git a/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.2.bb b/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.2.bb
new file mode 100644
index 0000000..082a084
--- /dev/null
+++ b/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.2.bb
@@ -0,0 +1,65 @@
+DESCRIPTION="The out-of-box configuration service"
+LICENSE = "MIT"
+
+SRC_URI = "git://github.com/01org/edison-oobe.git;protocol=https"
+SRCREV = "6ef511cc01f6bed79cda5c21a45e7ee306af882e"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ea398a763463b76b18da15f013c0c531"
+
+S = "${WORKDIR}/git"
+
+DEPENDS = "nodejs-native"
+
+do_compile() {
+ # changing the home directory to the working directory, the .npmrc will be created in this directory
+ export HOME=${WORKDIR}
+
+ # does not build dev packages
+ npm config set dev false
+
+ # access npm registry using http
+ npm set strict-ssl false
+ npm config set registry http://registry.npmjs.org/
+
+ # configure http proxy if neccessary
+ if [ -n "${http_proxy}" ]; then
+ npm config set proxy ${http_proxy}
+ fi
+ if [ -n "${HTTP_PROXY}" ]; then
+ npm config set proxy ${HTTP_PROXY}
+ fi
+
+ # configure cache to be in working directory
+ npm set cache ${WORKDIR}/npm_cache
+
+ # clear local cache prior to each compile
+ npm cache clear
+
+ # compile and install node modules in source directory
+ npm --arch=${TARGET_ARCH} --verbose install
+}
+
+do_install() {
+ install -d ${D}${libdir}/edison_config_tools
+ install -d ${D}/var/lib/edison_config_tools
+ cp -r ${S}/src/public ${D}${libdir}/edison_config_tools
+ cp -r ${S}/node_modules ${D}${libdir}/edison_config_tools
+ install -m 0644 ${S}/src/server.js ${D}${libdir}/edison_config_tools/edison-config-server.js
+ install -d ${D}${systemd_unitdir}/system/
+ install -m 0644 ${S}/src/edison_config.service ${D}${systemd_unitdir}/system/
+ install -d ${D}${bindir}
+ install -m 0755 ${S}/src/configure_edison ${D}${bindir}
+}
+
+inherit systemd
+
+SYSTEMD_AUTO_ENABLE = "enable"
+SYSTEMD_SERVICE_${PN} = "edison_config.service"
+
+FILES_${PN} = "${libdir}/edison_config_tools \
+ ${systemd_unitdir}/system \
+ /var/lib/edison_config_tools \
+ ${bindir}/"
+
+PACKAGES = "${PN}"
+
--
2.3.4
More information about the meta-intel
mailing list