Age | Commit message (Collapse) | Author |
|
Rather than trying to work out the exact python modules needed, we just add
'python-modules' to the dependencies list. If you can afford to install
mercurial on target then python-modules shouldn't be too much of a burden.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This update addresses the following CVEs:
- CVE-2017-1000116
- CVE-2017-1000115
We can also drop the patch for CVE-2017-9462 as it's incorporated into this
release.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport the CVE patch from
https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
"hg serve --stdio" allows remote authenticated users to launch the
Python debugger, and consequently execute arbitrary code, by using
--debugger as a repository name.
CVE: CVE-2017-9462
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* Upgrade to the latest release to fix some CVEs:
- CVE-2016-3068: arbitrary code execution with Git subrepos
- CVE-2016-3069: arbitrary code execution when converting Git repos
- CVE-2016-3630: remote code execution in binary delta decoding
- CVE-2016-3105: arbitrary code execution when converting Git repos
* For other changes please see:
https://www.mercurial-scm.org/wiki/WhatsNew
* Update SRC_URI with the new download link
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
They are no longer required to build python software.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Update mercurial to fix CVE-2014-9462:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9462
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Update the mercurial version to 3.0.1.
Update the checksums.
Remove the PR per current best-practice.
This resolves an issue with Mercurial 1.9 where fetching from behind a
proxy breaks with a python stack trace. The current python
httpconnection class no longer has the port setter method.
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Changes:
- rename SUMMARY with length > 80 to DESCRIPTION
- rename DESCRIPTION with length < 80 to (non present tag) SUMMARY
- drop final point character at the end of SUMMARY string
- remove trailing whitespace of SUMMARY line
Note: don't bump PR
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* This change is only aesthetic (unlike indentation in Python
tasks).
* Some recipes were using tabs.
* Some were using 8 spaces.
* Some were using mix or different number of spaces.
* Make them consistently use 4 spaces everywhere.
* Yocto styleguide advises to use tabs (but the only reason to keep
tabs is the need to update a lot of recipes). Lately this advice
was also merged into the styleguide on the OE wiki.
* Using 4 spaces in both types of tasks is better because it's less
error prone when someone is not sure if e.g.
do_generate_toolchain_file() is Python or shell task and also allows
to highlight every tab used in .bb, .inc, .bbappend, .bbclass as
potentially bad (shouldn't be used for indenting of multiline
variable assignments and cannot be used for Python tasks).
* Don't indent closing quote on multiline variables
we're quite inconsistent wheater it's first character on line
under opening quote or under first non-whitespace character in
previous line.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Acked-by: Koen Kooi <koen@dominion.thruhere.net>
|
|
else host python is used leading to the following error if the host doesn't
have the python headers installed :
| Python headers are required to build Mercurial
| make: *** [build] Error 1
Signed-off-by: Eric BĂ©nard <eric@eukrea.com>
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
|
|
This variable is no longer used with OE-Core.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
This is based on 91c14caa8819b08def8ea99e02949e49604c2e86 from oe.dev
with an update to 1.9.
Signed-off-by: Tom Rini <tom_rini@mentor.com>
|