Please see
https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265
for what changes are needed, and sed commands that can be used to make them en masse.
I've verified that bitbake -c patch world works with these, but did not run a world
build; the majority of recipes shouldn't need further fixups, but if there are
some that still fall out, they can be fixed in followups.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The recipe used in the `meta-openembedded` is a different mercurial package compared to the one which has the CVE issue.
Package used in `meta-embedded`: https://www.mercurial-scm.org/
Package with CVE issue is a Jenkins plugin: https://plugins.jenkins.io/mercurial/
(This is reflected in the CPE)
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It uses python3-config during build to grok the python specific
includedirs, therefore its important to ensure that target specific
python3-config is used, otherwise currently it defaults to native
python3-config which ends up adding native python3 include paths
which might work out ok but is exposed when target is 32bit + lfs
enabled, the headers don't match between native and target python
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Upgrade to release 5.5:
- clonebundles can be annotated with the expected memory
requirements using the REQUIREDRAM option. This allows clients
to skip bundles created with large zstd windows and fallback
to larger, but less demanding bundles.
- The phabricator extension now provides more functionality of the
arcanist CLI like changing the status of a differential.
- Phases processing is much faster, especially for repositories
with old non-public changesets.
- For the case when connected to a TTY, stdout was fixed to be
line-buffered on Python 3
- Subversion sources of the convert extension were fixed to work
on Python 3
- Subversion sources of the convert extension now interpret the
encoding of URLs like Subversion.
- The empty changeset check of in-memory rebases was fixed to
match that of normal rebases (and that of the commit command).
- The push command now checks the correct set of outgoing
changesets for obsolete and unstable changesets. Previously, it
could happen that the check prevented pushing changesets which
were already on the server.
More details are available at:
https://www.mercurial-scm.org/wiki/Release5.5
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rather than trying to work out the exact python modules needed, we just add
'python-modules' to the dependencies list. If you can afford to install
mercurial on target then python-modules shouldn't be too much of a burden.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This update addresses the following CVEs:
- CVE-2017-1000116
- CVE-2017-1000115
We can also drop the patch for CVE-2017-9462 as it's incorporated into this
release.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport the CVE patch from
https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
"hg serve --stdio" allows remote authenticated users to launch the
Python debugger, and consequently execute arbitrary code, by using
--debugger as a repository name.
CVE: CVE-2017-9462
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Upgrade to the latest release to fix some CVEs:
- CVE-2016-3068: arbitrary code execution with Git subrepos
- CVE-2016-3069: arbitrary code execution when converting Git repos
- CVE-2016-3630: remote code execution in binary delta decoding
- CVE-2016-3105: arbitrary code execution when converting Git repos
* For other changes please see:
https://www.mercurial-scm.org/wiki/WhatsNew
* Update SRC_URI with the new download link
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
They are no longer required to build python software.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Update the mercurial version to 3.0.1.
Update the checksums.
Remove the PR per current best-practice.
This resolves an issue with Mercurial 1.9 where fetching from behind a
proxy breaks with a python stack trace. The current python
httpconnection class no longer has the port setter method.
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Changes:
- rename SUMMARY with length > 80 to DESCRIPTION
- rename DESCRIPTION with length < 80 to (non present tag) SUMMARY
- drop final point character at the end of SUMMARY string
- remove trailing whitespace of SUMMARY line
Note: don't bump PR
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* This change is only aesthetic (unlike indentation in Python
tasks).
* Some recipes were using tabs.
* Some were using 8 spaces.
* Some were using mix or different number of spaces.
* Make them consistently use 4 spaces everywhere.
* Yocto styleguide advises to use tabs (but the only reason to keep
tabs is the need to update a lot of recipes). Lately this advice
was also merged into the styleguide on the OE wiki.
* Using 4 spaces in both types of tasks is better because it's less
error prone when someone is not sure if e.g.
do_generate_toolchain_file() is Python or shell task and also allows
to highlight every tab used in .bb, .inc, .bbappend, .bbclass as
potentially bad (shouldn't be used for indenting of multiline
variable assignments and cannot be used for Python tasks).
* Don't indent closing quote on multiline variables
we're quite inconsistent wheater it's first character on line
under opening quote or under first non-whitespace character in
previous line.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Acked-by: Koen Kooi <koen@dominion.thruhere.net>
else host python is used leading to the following error if the host doesn't
have the python headers installed :
| Python headers are required to build Mercurial
| make: *** [build] Error 1
Signed-off-by: Eric Bénard <eric@eukrea.com>
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
