| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
12-cve-2014-9636-test-compr-eb.patch is same as unzip-6.0_overflow3.diff,
is to fix CVE-2014-9636
(From OE-Core rev: 43cc77f6dd1615ec6797a159647a1ad677c1df23)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 2fa7214ddf4a9548ec954181f951fbfcc197a83b)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: a5500f348fa58962cbd4a36c154d311c71bc7233)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
ROOTDIR should be defined, otherwise man files will be installed
to host root dir.
(From OE-Core rev: 72430a8db44eaab2704c0d828171d3c98a48fe2a)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bzip2-native is in ASSUME_PROVIDED but we don't just want "bzip2" but
libbz2 here. To do this, we need to DEPEND on bzip2-replacement-native
which hints to bitbake we really do want to build it.
Add the missing dependency to avoid failures on machines which don't
have libbz2-dev installed.
(From OE-Core rev: a87b7172a99051c2ea61bcfae60e922b58333291)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: c8c890d1cee8cd8426f8db13b1d36c36da03d66d)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Port four patches from unzip_6.0-8+deb7u2.debian.tar.gz to fix:
cve-2014-8139
cve-2014-8140
cve-2014-8141
cve-2014-9636
(From OE-Core rev: 5e9f29b1c212f7a067772699e7fc9b6e233baa34)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than just use d.getVar(X), use the more explict d.getVar(X, False)
since at some point in the future, having the default of expansion would
be nice. This is the first step towards that.
This patch was mostly made using the command:
sed -e 's:\(getVar([^,()]*\)\s*):\1, False):g' -i `grep -ril getVar *`
(From OE-Core rev: ab7c1d239b122c8e549e8112c88fd46c9e2b061b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade cups from 2.0.2 to 2.0.3. In its release log, it fixes
CERT VU #810572/CVE-2015-1158/CVE-2015-1159.
(From OE-Core rev: d719d2d9bf7c57efd2bc249d06bf4f9e3876a766)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
merged inc back into recipe.
Changes affecting future time stamps
Morocco will suspend DST from 2015-06-14 03:00 through 2015-07-19 02:00,
not 06-13 and 07-18 as we had guessed. (Thanks to Milamber.)
Assume Cayman Islands will observe DST starting next year, using US rules.
Although it isn't guaranteed, it is the most likely.
(From OE-Core rev: 3c63274c306c46d2ec9210b1b505b2a0aafccb70)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
merged inc back into recipe.
Changes affecting code
When displaying data, tzselect converts it to the current locale's
encoding if the iconv command works. (Problem reported by random832.)
tzselect no longer mishandles Dominica, fixing a bug introduced
in Release 2014f. (Problem reported by Owen Leibman.)
zic -l no longer fails when compiled with -DTZDEFAULT=\"/etc/localtime\".
This fixes a bug introduced in Release 2014f.
(Problem reported by Leonardo Chiquitto.)
(From OE-Core rev: aa82ed313f4e377eb25e324d90b9229e0ff24878)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
To fix an error in the patch.Otherwise,the dictionary would be wrong.
(From OE-Core rev: 8670b99b06ce14ed391b4713d7887af90d44a2c8)
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed:
| install -m 644 -g man man/sa1.8 /path/to/tmp/work/i586-poky-linux/sysstat/11.1.4-r0/image/usr/share/man/man8
| install: invalid group `man'
(From OE-Core rev: 153c3dd4d4c5eab52b953901fb6bc681c349a710)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of hand-rolling a do_configure() simply use autotools and disable
autoheader (upstream uses a hand-generated config.h.in).
Also do_compile() doesn't need to pass SSLLIBS as configure uses pkgconfig to
find gnutls, LIBPNG and LIBJPEG are not used anywhere in the build system, and
LIBZ is detected correctly.
(From OE-Core rev: 9c25af5483280c5c753f981504eb373d6e58c7f3)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 9de66c04e326abbc120f062edffdc1ec3aff3921)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This is not needed since its target recipe and we always
need to pass 'linux' for OS
(From OE-Core rev: 4580b59d07af2e0a18eaf0110eae06de1c7969d4)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Surfaced when building with musl This details are in patch headers
Enabel innetgr.patch for musl as well
(From OE-Core rev: 6ec229d8dec6a5978ebf6b264c332590c8be0b3a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Removed ethtool-uint.patch since it is already in the source.
(From OE-Core rev: 0a5bb9f617dffbfddf599555cff5f5536f10b93f)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following two patches are removed because they have been merged
in the new version.
Use-DESTDIR-in-extension-Makefile.am-when-removing-..patch
extension-Add-DESTDIR-prefix-to-remaining-pkgextensi.patch
(From OE-Core rev: 491d485ade68c128624eee00977f293dba8f64b9)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The packagegroup-core-full-cmdline-sys-services should not pull in
lighttpd, move it to packagegroup-core-lsb since lsb needs it.
[YOCTO #7086]
(From OE-Core rev: f1b91bca8f314548f8b616c870cacf9507649c19)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2015-1345. The issue was introduced with
v2.18-90-g73893ff, and version 2.5.1a is not affected.
Replace tab with spaces in SRC_URI as well.
(From OE-Core rev: ea97b1dee834594358c342515720559ad5d56f33)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1aeeb17a01c4a585b84ed52bd29d47e3e027d0b0)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 6c6cfcc25717c09b02801065cd2de816f3f1f068)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-/tset/LI18NUX2K.L1/utils/egrep-tp/T.egrep-tp 5
-/tset/LI18NUX2K.L1/utils/fgrep/T.fgrep 5
-/tset/LI18NUX2K.L1/utils/grep-tp/T.grep-tp 5
The LSB core test requires grep egrep and fgrep can
perform pattern matching in searches without regard
to case if -i option is specified.
(From OE-Core rev: d3b6aa30b3ea30d4e6a6ca923693367f66957ab0)
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 0c65e61d029e2c2293b072ff950aa825394abb79)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: ceb77cfaee7789fdff07aaa08ab89de9d4b3e513)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
LIC_CHKSUM updated because year was changed in those associated files.
(From OE-Core rev: 1f030a5355c234dc6d1d2b22a25cbb96d5628056)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update LICENSE's md5sum, the new version added a "of" in the file, the
license is the same.
* Remove ghostscript-9.02-parallel-make.patch, it has 932 lines and
modified 24 files, which is hard to maintain, and it can't be applied
since the code has changed, and if we meet parallel issues again, we
need fix it in other ways.
* Fix a build error of -Werror=return-type.
(From OE-Core rev: c5adb5903bd93f1c71acd52062d8c8620de2f944)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
They can't be built withou x11 in DISTRO_FEATURES.
(From OE-Core rev: e66f1c830bfee09ed9a043ade5374fe61fea3c99)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636
unzip 6.0 allows remote attackers to cause a denial of service
(out-of-bounds read or write and crash) via an extra field with
an uncompressed size smaller than the compressed field size in a
zip archive that advertises STORED method compression.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1315
Buffer overflow in the charset_to_intern function in unix/unix.c in
Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code
via a crafted string, as demonstrated by converting a string from CP866
to UTF-8.
(From OE-Core rev: f86a178fd7036541a45bf31a46bddf634c133802)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
The old SRC_URI is redirected to the new one, fixed:
WARNING: Failed to fetch URL ftp://metalab.unc.edu/pub/Linux/utils/file/stat-3.3.tar.gz, attempting MIRRORS if available
(From OE-Core rev: 45034239c7e38ec991aa75d7c30417c22bfdef28)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 4201e432e4034907efeaebfea6509e821a9ba3c5)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
* Add objarch.h for MicroBlaze big and little endian
(From OE-Core rev: cb7e4f8e3dcbe1d85eabc7d1545fddcd2500e02b)
Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Set ALTERNATIVE for nativesdk package to empty to avoid warnings like below.
WARNING: pigz: NOT adding alternative provide xxx/bin/gunzip: xxx/bin/pigz does not exist
(From OE-Core rev: 666e0b5c117202e9e866ef62eac99e0af9c8c2fb)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* Updated 0001-Avoid-use-of-glibc-sys-cdefs.h-header.patch
* Removed 0002-uclibc-rpcsvc-defines.patch since it is already in the
source.
(From OE-Core rev: 713ac3bfbc95e58ce3332409bae838053fdeced8)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The COPYING's md5sum is changed by this commit:
commit 945f9c69af665044448b0eb6816656acc84fca77
Author: Ken Dreyer <kdreyer@redhat.com>
Date: Mon Jan 26 14:02:46 2015 -0700
update GPLv2 text in COPYING
The FSF has issued a couple of tiny updates to the GPLv2. The main
change is a new mailing address for the FSF headquarters.
This license text was taken verbatim from
https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
The main content are the same.
(From OE-Core rev: b91909e15f817294e609cffcb71c123d44cf7b4b)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 5deb2adc5a2db250a3ffa9974af51ded6e10e446)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
It is a backport patch, and verified that the patch is in the source.
(From OE-Core rev: a46976b9de5a2270f041a73661a6ed635bf4eb43)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
It is already in the source.
(From OE-Core rev: e6b2def565c1201c3b0a0d2a8c296b65e6cafb02)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
It is a backport patch, and verified that the patch is in the source.
(From OE-Core rev: 370dc496c2d6f8fa97a18af49747d15a41fc7bcf)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libarchive: Updated libarchive packages fix security vulnerability
Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio"
program part of the libarchive project, is susceptible to a directory
traversal vulnerability via absolute paths.
(From OE-Core rev: e64a961e9c5e94e643896e4b68b85bd5b4c27470)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An out of bounds read access in the UTF-8 decoding can be triggered with
a malformed file in the tool less. The access happens in the function
is_utf8_well_formed due to a truncated multibyte character in the sample
file.
The bug does not crash less, it can only be made visible by running less
with valgrind or compiling it with Address Sanitizer.
Version 475 of less contains a fix for this issue. The file version.c
contains some entry mentioning this issue (without any credit):
- v475 3/2/15 Fix possible buffer overrun with invalid UTF-8
The fix is in the file line.c. We derive this patch from:
https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
Thank Claire Robinson for validating it on Mageia 4 i586. Refer to:
https://bugs.mageia.org/show_bug.cgi?id=15567
(From OE-Core rev: 68994284f3c059b737bfc5afc2600ebd09bdf47f)
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: ce3a3ce3246af8be9b276248b7fc756e7e6a8be1)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes affecting future time stamps
Egypt will not observe DST in 2015 and will consider canceling it
permanently. For now, assume no DST indefinitely.
(Thanks to Ahmed Nazmy and Tim Parenti.)
Changes affecting past time stamps
America/Whitehorse switched from UTC-9 to UTC-8 on 1967-05-28, not
1966-07-01. Also, Yukon's time zone history is documented better.
(Thanks to Brian Inglis and Dennis Ferguson.)
Change affecting past and future time zone abbreviations
The abbreviations for Hawaii-Aleutian standard and daylight times
have been changed from HAST/HADT to HST/HDT, as per US Government
Printing Office style. This affects only America/Adak since 1983,
as America/Honolulu was already using the new style.
(From OE-Core rev: b9f366ab4e0a9cad69b631f402b9afa02d40f667)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Changes affecting code
zic has some minor performance improvements.
(From OE-Core rev: 3ab7e247b0662a1791169f16424abec426885f80)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
With gcc-5 defaulting to gnu11 C we need to follow
c99 inline semantics
Change-Id: I397520c36c81634556b3f3782aebc532e4a79aed
(From OE-Core rev: 944f94a32577969ee1fc197ab285b0abd9e541fa)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Make skipping expression simpler to check for given libc
Make sure glibc specific items are covered with right override
Change-Id: I8b4a0b7cbfe38ffdc9320f798038c79c7220552b
(From OE-Core rev: 6f4be55ca66b4470aa46c0ae356070ed166f44ce)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Using PERLHOSTLIB as possible, which is same as
${STAGING_LIBDIR_NATIVE}/perl-native/perl/${@get_perl_version(d)}
(From OE-Core rev: 981a054eb352bcdcc2b9450dc24718e6695ac99f)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If NON_INTERACTIVE_LOGIN_SHELLS is defined, all login shells read the
startup files, even if they are not interactive.
This is the behaviour of other major distros like Ubuntu and Fedora.
We also need to set it so that when executing `su -l xxx -c env' command,
/etc/profile is parsed.
[YOCTO #5359]
[YOCTO #7137]
(From OE-Core rev: 33af68d62bb427c588f5eeecb75fbc31b55f8459)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason.
This patch is introduced to solve the 'su: applet not found' problem when
executing `su -l xxx -c env'. The patch references codes of previous release
of shadow. However, this patch introduces bug#5359. So it's not correct.
Let's first look at the root cause of 'su: applet not found' problem.
This problem appears when /bin/sh is provided by busybox.
When executing `su -l xxx -c env' command, the following function is invoked.
execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */])
Note that the argv[0] provided to new executable file (/bin/sh) is "-su".
As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed.
In busybox's appletlib.c, it would examine argv[0], try to find an applet
that has the same name, and then try to execute the main function of the
applet. This logic results in `su' applet from busybox to be executed.
However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found.
Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet
is found. The whole behaviour is still not correct. Because 'su' from shadow
takes higher priority than that from busybox, so 'su' from busybox should never
be executed on such system unless it's specified clearly by the end user.
The logic of busybox's appletlib.c is totally correct from the point of busybox
itself. It's an integration problem.
To solve the above problem, this patch comment out SU_NAME in /etc/login.defs
so that the final function executed in shadow's su is as below.
execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */])
[YOCTO #5359]
[YOCTO #7137]
(From OE-Core rev: 6820f05dad0b4f9b9bbcf7c2a0af8c34f66199ae)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|