[OE-core] ✗ patchtest: failure for curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
Grygorii Tertychnyi
gtertych at cisco.com
Mon Nov 5 17:39:27 UTC 2018
On Fri Nov02 2018 @ 06:48, Changqing Li
<changqing.li at windriver.com> wrote:
> I have add CVE tag in the patch file, is this test result
> incorrect?
My guess is it was fooled by (well, "incorrect") "CVE-YYYY-XXXX"
lines. Even thouhg it is followed by the (correct) "CVE:
CVE-YYYY-XXXX" in your CVE patches
43 # first match is lax but second strict
44 if
self.re_cve_payload_pattern.match(line):
45 if not
self.re_cve_payload_tag.match(line):
46 self.fail('Missing or incorrectly
formatted CVE tag in included patch file',
47 'Correct or include the
CVE tag on cve patch with format: "CVE: CVE-YYYY-XXXX"',
48 commit)
Do you really need "incorrect" lines?
> On 11/2/18 2:41 PM, Patchwork wrote:
>> == Series Details ==
>>
>> Series: curl: fix for
>> CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
>> Revision: 1
>> URL : https://patchwork.openembedded.org/series/14764/
>> State : failure
>>
>> == Summary ==
>>
>>
>> Thank you for submitting this patch series to OpenEmbedded
>> Core. This is
>> an automated response. Several tests have been executed on the
>> proposed
>> series by patchtest resulting in the following failures:
>>
>>
>>
>> * Patch curl: fix for
>> CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
>> Issue Missing or incorrectly formatted CVE tag in
>> included patch file [test_cve_tag_format]
>> Suggested fix Correct or include the CVE tag on cve patch
>> with format: "CVE: CVE-YYYY-XXXX"
>>
>>
>>
>> If you believe any of these test results are incorrect, please
>> reply to the
>> mailing list (openembedded-core at lists.openembedded.org) raising
>> your concerns.
>> Otherwise we would appreciate you correcting the issues and
>> submitting a new
>> version of the patchset if applicable. Please ensure you
>> add/increment the
>> version number when sending the new version (i.e. [PATCH] ->
>> [PATCH v2] ->
>> [PATCH v3] -> ...).
>>
>> ---
>> Guidelines:
>> https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
>> Test framework:
>> http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
>> Test suite:
>> http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
>>
>>
> --
> BRs
>
> Sandy(Li Changqing)
More information about the Openembedded-core
mailing list