[meta-intel] [PATCH] oobe: fixed shell injection vulnerability

[mark at yoctoproject.org]

From: Mark Ceisel <mark.n.ceisel at intel.com>

Tracked-On: EDISON-2544

changed configure_edison script to use subprocess.call or Popen for commands
that have arguments

Change-Id: I6d79ff8b0bc544dda3ff00f3e95dc0f178889698
Signed-off-by: Mark Ceisel <mark.n.ceisel at intel.com>
---
 .../recipes-support/oobe/oobe_0.0.1.bb             | 65 ----------------------
 .../recipes-support/oobe/oobe_0.0.2.bb             | 65 ++++++++++++++++++++++
 2 files changed, 65 insertions(+), 65 deletions(-)
 delete mode 100644 meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.1.bb
 create mode 100644 meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.2.bb

diff --git a/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.1.bb b/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.1.bb
deleted file mode 100644
index 709c408..0000000
--- a/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.1.bb
+++ /dev/null
@@ -1,65 +0,0 @@
-DESCRIPTION="The out-of-box configuration service"
-LICENSE = "MIT"
-
-SRC_URI = "git://github.com/01org/edison-oobe.git;protocol=https"
-SRCREV = "e50c93cd5124bb1112a9e992a1569975df6c9a8a"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=ea398a763463b76b18da15f013c0c531"
-
-S = "${WORKDIR}/git"
-
-DEPENDS = "nodejs-native"
-
-do_compile() {
-    # changing the home directory to the working directory, the .npmrc will be created in this directory
-    export HOME=${WORKDIR}
-
-    # does not build dev packages
-    npm config set dev false
-
-    # access npm registry using http
-    npm set strict-ssl false
-    npm config set registry http://registry.npmjs.org/
-
-    # configure http proxy if neccessary
-    if [ -n "${http_proxy}" ]; then
-        npm config set proxy ${http_proxy}
-    fi
-    if [ -n "${HTTP_PROXY}" ]; then
-        npm config set proxy ${HTTP_PROXY}
-    fi
-
-    # configure cache to be in working directory
-    npm set cache ${WORKDIR}/npm_cache
-
-    # clear local cache prior to each compile
-    npm cache clear
-
-    # compile and install  node modules in source directory
-    npm --arch=${TARGET_ARCH} --verbose install
-}
-
-do_install() {
-   install -d ${D}${libdir}/edison_config_tools
-   install -d ${D}/var/lib/edison_config_tools
-   cp -r ${S}/src/public ${D}${libdir}/edison_config_tools
-   cp -r ${S}/node_modules ${D}${libdir}/edison_config_tools
-   install -m 0644 ${S}/src/server.js ${D}${libdir}/edison_config_tools/edison-config-server.js
-   install -d ${D}${systemd_unitdir}/system/
-   install -m 0644 ${S}/src/edison_config.service ${D}${systemd_unitdir}/system/
-   install -d ${D}${bindir}
-   install -m 0755 ${S}/src/configure_edison ${D}${bindir}
-}
-
-inherit systemd
-
-SYSTEMD_AUTO_ENABLE = "enable"
-SYSTEMD_SERVICE_${PN} = "edison_config.service"
-
-FILES_${PN} = "${libdir}/edison_config_tools \
-               ${systemd_unitdir}/system \
-               /var/lib/edison_config_tools \
-               ${bindir}/"
-
-PACKAGES = "${PN}"
-
diff --git a/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.2.bb b/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.2.bb
new file mode 100644
index 0000000..082a084
--- /dev/null
+++ b/meta-intel-edison-distro/recipes-support/oobe/oobe_0.0.2.bb
@@ -0,0 +1,65 @@
+DESCRIPTION="The out-of-box configuration service"
+LICENSE = "MIT"
+
+SRC_URI = "git://github.com/01org/edison-oobe.git;protocol=https"
+SRCREV = "6ef511cc01f6bed79cda5c21a45e7ee306af882e"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ea398a763463b76b18da15f013c0c531"
+
+S = "${WORKDIR}/git"
+
+DEPENDS = "nodejs-native"
+
+do_compile() {
+    # changing the home directory to the working directory, the .npmrc will be created in this directory
+    export HOME=${WORKDIR}
+
+    # does not build dev packages
+    npm config set dev false
+
+    # access npm registry using http
+    npm set strict-ssl false
+    npm config set registry http://registry.npmjs.org/
+
+    # configure http proxy if neccessary
+    if [ -n "${http_proxy}" ]; then
+        npm config set proxy ${http_proxy}
+    fi
+    if [ -n "${HTTP_PROXY}" ]; then
+        npm config set proxy ${HTTP_PROXY}
+    fi
+
+    # configure cache to be in working directory
+    npm set cache ${WORKDIR}/npm_cache
+
+    # clear local cache prior to each compile
+    npm cache clear
+
+    # compile and install  node modules in source directory
+    npm --arch=${TARGET_ARCH} --verbose install
+}
+
+do_install() {
+   install -d ${D}${libdir}/edison_config_tools
+   install -d ${D}/var/lib/edison_config_tools
+   cp -r ${S}/src/public ${D}${libdir}/edison_config_tools
+   cp -r ${S}/node_modules ${D}${libdir}/edison_config_tools
+   install -m 0644 ${S}/src/server.js ${D}${libdir}/edison_config_tools/edison-config-server.js
+   install -d ${D}${systemd_unitdir}/system/
+   install -m 0644 ${S}/src/edison_config.service ${D}${systemd_unitdir}/system/
+   install -d ${D}${bindir}
+   install -m 0755 ${S}/src/configure_edison ${D}${bindir}
+}
+
+inherit systemd
+
+SYSTEMD_AUTO_ENABLE = "enable"
+SYSTEMD_SERVICE_${PN} = "edison_config.service"
+
+FILES_${PN} = "${libdir}/edison_config_tools \
+               ${systemd_unitdir}/system \
+               /var/lib/edison_config_tools \
+               ${bindir}/"
+
+PACKAGES = "${PN}"
+
-- 
2.3.4