[OE-core] ✗ patchtest: failure for curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842

Grygorii Tertychnyi gtertych at cisco.com
Mon Nov 5 17:39:27 UTC 2018 

On Fri Nov02 2018 @ 06:48, Changqing Li 
<changqing.li at windriver.com> wrote:

> I have add CVE tag in the patch file, is this test result 
> incorrect?

My guess is it was fooled by (well, "incorrect") "CVE-YYYY-XXXX" 
lines. Even thouhg it is followed by the (correct) "CVE: 
CVE-YYYY-XXXX" in your CVE patches

 43                     # first match is lax but second strict                                                                                                                   
 44                     if 
 self.re_cve_payload_pattern.match(line):                                                                                                              
 45                         if not 
 self.re_cve_payload_tag.match(line):                                                                                                          
 46                             self.fail('Missing or incorrectly 
 formatted CVE tag in included patch file',                                                                     
 47                                       'Correct or include the 
 CVE tag on cve patch with format: "CVE: CVE-YYYY-XXXX"',                                                       
 48                                       commit)                                                                                                                                

Do you really need "incorrect" lines?

> On 11/2/18 2:41 PM, Patchwork wrote:
>> == Series Details ==
>>
>> Series: curl: fix for 
>> CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
>> Revision: 1
>> URL   : https://patchwork.openembedded.org/series/14764/
>> State : failure
>>
>> == Summary ==
>>
>>
>> Thank you for submitting this patch series to OpenEmbedded 
>> Core. This is
>> an automated response. Several tests have been executed on the 
>> proposed
>> series by patchtest resulting in the following failures:
>>
>>
>>
>> * Patch            curl: fix for 
>> CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
>>   Issue             Missing or incorrectly formatted CVE tag in 
>>   included patch file [test_cve_tag_format]
>>    Suggested fix    Correct or include the CVE tag on cve patch 
>>    with format: "CVE: CVE-YYYY-XXXX"
>>
>>
>>
>> If you believe any of these test results are incorrect, please 
>> reply to the
>> mailing list (openembedded-core at lists.openembedded.org) raising 
>> your concerns.
>> Otherwise we would appreciate you correcting the issues and 
>> submitting a new
>> version of the patchset if applicable. Please ensure you 
>> add/increment the
>> version number when sending the new version (i.e. [PATCH] -> 
>> [PATCH v2] ->
>> [PATCH v3] -> ...).
>>
>> ---
>> Guidelines: 
>> https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
>> Test framework: 
>> http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
>> Test suite: 
>> http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
>>
>>
> -- 
> BRs
>
> Sandy(Li Changqing)

More information about the Openembedded-core mailing list