From: Bob C. <bco...@ve...> - 2011-03-13 13:43:55
|
I keep hitting this problem with bitbakes of db-native_5.0.21: -------------------------------------------------------------------------------------------------- 10400K .......... .......... .......... .......... .......... 83% 517K 4s 10450K .......... ........FATAL: Execution of 'quilt --quiltrc=/home/bob3a/overo-oe/tmp/sysroots/x86_64-linux/usr/bin/quiltrc push' failed with exit code 1: Applying patch db5-arm-thumb-mutex.patch patch: **** rejecting target file name with ".." component: ../dbinc/mutex_int.h Patch db5-arm-thumb-mutex.patch does not apply (enforce with -f) ---------------------------------------------------------------------------------------------------- I'm using Fedora 14 x86_64, and in February, the Redhat version of patch 2.6.1 was changed to implement fixes for CVE-2010-4651: [bob@57 ~]$ rpm -q --changelog patch | more * Thu Feb 10 2011 Tim Waugh <tw...@re...> 2.6.1-8 - Incorporate upstream fix for CVE-2010-4651 patch so that a target name given on the command line is not validated (bug #667529). * Tue Feb 08 2011 Tim Waugh <tw...@re...> 2.6.1-7 - Applied upstream patch to fix CVE-2010-4651 so that malicious patches cannot create files above the current directory (bug #667529). Does anyone here agree that the change to patch for version 2.6.1-7 shown above is affecting the bitbake of db-native_5.0.21? Or am I misinterpreting the changelog entry? Thanks Bob Cochran |
From: Bob C. <bco...@ve...> - 2011-03-13 16:52:54
|
I downgraded Fedora 14's patch version (with `yum downgrade patch') from 2.6.1-8 to 2.6.1-5 and now my build seems to be proceeding normally. It might even be done and ready to network boot my Over with in an hour or so. Bob Cochran On 03/13/2011 09:43 AM, Bob Cochran wrote: > I keep hitting this problem with bitbakes of db-native_5.0.21: > > -------------------------------------------------------------------------------------------------- > > 10400K .......... .......... .......... .......... .......... 83% 517K 4s > 10450K .......... ........FATAL: Execution of 'quilt > --quiltrc=/home/bob3a/overo-oe/tmp/sysroots/x86_64-linux/usr/bin/quiltrc > push' failed with exit code 1: > Applying patch db5-arm-thumb-mutex.patch > patch: **** rejecting target file name with ".." component: > ../dbinc/mutex_int.h > Patch db5-arm-thumb-mutex.patch does not apply (enforce with -f) > > ---------------------------------------------------------------------------------------------------- > > I'm using Fedora 14 x86_64, and in February, the Redhat version of patch > 2.6.1 was changed to implement fixes for CVE-2010-4651: > > [bob@57 ~]$ rpm -q --changelog patch | more > * Thu Feb 10 2011 Tim Waugh<tw...@re...> 2.6.1-8 > - Incorporate upstream fix for CVE-2010-4651 patch so that a target > name given on the command line is not validated (bug #667529). > > * Tue Feb 08 2011 Tim Waugh<tw...@re...> 2.6.1-7 > - Applied upstream patch to fix CVE-2010-4651 so that malicious > patches cannot create files above the current directory > (bug #667529). > > Does anyone here agree that the change to patch for version 2.6.1-7 > shown above is affecting the bitbake of db-native_5.0.21? Or am I > misinterpreting the changelog entry? > > Thanks > > Bob Cochran > > > ------------------------------------------------------------------------------ > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d > _______________________________________________ > gumstix-users mailing list > gum...@li... > https://lists.sourceforge.net/lists/listinfo/gumstix-users > |