classes: sanity-check LIC_FILES_CHKSUM

We assume that LIC_FILES_CHKSUM is a file: URI but don't actually verify this,
which can lead to problems if you have a URI that resolves to a path of / as
Bitbake will then dutifully checksum / recursively.

[ YOCTO #12883 ]

(From OE-Core rev: e2b8a3d5a10868f9c0dec8d7b9f5f89fdd100fc8)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2 files changed, 5 insertions, 3 deletions

diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index bd0d6e3ca6..3014767b8a 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -100,8 +100,8 @@ def get_lic_checksum_file_list(d):
         # We only care about items that are absolute paths since
         # any others should be covered by SRC_URI.
         try:
-            path = bb.fetch.decodeurl(url)[2]
-            if not path:
+            (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            if method != "file" or not path:
                 raise bb.fetch.MalformedUrl(url)
 
             if path[0] == '/':
diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass
index d353110464..82fab9c63b 100644
--- a/meta/classes/license.bbclass
+++ b/meta/classes/license.bbclass
@@ -482,7 +482,9 @@ def find_license_files(d):
 
     for url in lic_files.split():
         try:
-            (type, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            if method != "file" or not path:
+                raise bb.fetch.MalformedUrl()
         except bb.fetch.MalformedUrl:
             bb.fatal("%s: LIC_FILES_CHKSUM contains an invalid URL:  %s" % (d.getVar('PF'), url))
         # We want the license filename and path