[OE-core] ✗ patchtest: failure for curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
Changqing Li
changqing.li at windriver.com
Tue Nov 6 02:09:31 UTC 2018
On 11/6/18 1:39 AM, Grygorii Tertychnyi wrote:
>
> On Fri Nov02 2018 @ 06:48, Changqing Li <changqing.li at windriver.com>
> wrote:
>
>> I have add CVE tag in the patch file, is this test result incorrect?
>
> My guess is it was fooled by (well, "incorrect") "CVE-YYYY-XXXX"
> lines. Even thouhg it is followed by the (correct) "CVE:
> CVE-YYYY-XXXX" in your CVE patches
>
> 43 # first match is lax but second strict
> 44 if self.re_cve_payload_pattern.match(line):
> 45 if not self.re_cve_payload_tag.match(line):
> 46 self.fail('Missing or incorrectly
> formatted CVE tag in included patch file',
> 47 'Correct or include the CVE
> tag on cve patch with format: "CVE: CVE-YYYY-XXXX"', 48 commit)
> Do you really need "incorrect" lines?
Thanks. the incorrect line are not necessary. I will rework this patch
based on new updated version 7.61.1
//changqing
>
>> On 11/2/18 2:41 PM, Patchwork wrote:
>>> == Series Details ==
>>>
>>> Series: curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
>>> Revision: 1
>>> URL : https://patchwork.openembedded.org/series/14764/
>>> State : failure
>>>
>>> == Summary ==
>>>
>>>
>>> Thank you for submitting this patch series to OpenEmbedded Core.
>>> This is
>>> an automated response. Several tests have been executed on the proposed
>>> series by patchtest resulting in the following failures:
>>>
>>>
>>>
>>> * Patch curl: fix for
>>> CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
>>> Issue Missing or incorrectly formatted CVE tag in
>>> included patch file [test_cve_tag_format]
>>> Suggested fix Correct or include the CVE tag on cve patch
>>> with format: "CVE: CVE-YYYY-XXXX"
>>>
>>>
>>>
>>> If you believe any of these test results are incorrect, please reply
>>> to the
>>> mailing list (openembedded-core at lists.openembedded.org) raising your
>>> concerns.
>>> Otherwise we would appreciate you correcting the issues and
>>> submitting a new
>>> version of the patchset if applicable. Please ensure you
>>> add/increment the
>>> version number when sending the new version (i.e. [PATCH] -> [PATCH
>>> v2] ->
>>> [PATCH v3] -> ...).
>>>
>>> ---
>>> Guidelines:
>>> https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
>>> Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
>>> Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
>>>
>>>
>> --
>> BRs
>>
>> Sandy(Li Changqing)
>
>
--
BRs
Sandy(Li Changqing)
More information about the Openembedded-core
mailing list