On Fri, 2017-06-16 at 09:46 +0100, Richard Purdie wrote: > There is the potential for sensitive information to leak through the > urls > there and removing it brings this into the behavior of the other > package > backends since filtering it is likely error prone. > > Since ipks don't appear to be generated at all if we don't set this, > set > the field to the recipe name used (basename only, no paths). This > avoids > information leaking. We may want to drop the field if opkg can allow > that > at a future point but the recipe name is a suitable identifier for > now. > > Reported-by: Andrej Valek <[email protected]> > Signed-off-by: Richard Purdie <[email protected]> > --- > meta/classes/package_ipk.bbclass | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-)
Since this is rather important I have backported this to pyro/morty/krogoth with the appropriate tweaks. Cheers, Richard -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
