[OE-core] ✗ patchtest: failure for "[v1] busybox: CVE-2017-15874..." and 2 more

Sinan Kaya okaya at kernel.org
Fri Sep 21 22:52:34 UTC 2018 

On 9/21/2018 6:33 PM, Patchwork wrote:
> == Series Details ==
> 
> Series: "[v1] busybox: CVE-2017-15874..." and 2 more
> Revision: 1
> URL   : https://patchwork.openembedded.org/series/14184/
> State : failure
> 
> == Summary ==
> 
> 
> Thank you for submitting this patch series to OpenEmbedded Core. This is
> an automated response. Several tests have been executed on the proposed
> series by patchtest resulting in the following failures:
> 
> 
> 
> * Issue             Series does not apply on top of target branch [test_series_merge_on_head]
>    Suggested fix    Rebase your series on top of targeted branch
>    Targeted branch  master (currently at 957a2f95b8)
> 

These patches do not apply to the master branch because they were intended
for the sumo branch as a security fix. Is there a way to specify what
particular branch this patch is targeting?

Another reason is that package versions on master branch are newer.

> * Issue             A patch file has been added, but does not have a Signed-off-by tag [test_signed_off_by_presence]
>    Suggested fix    Sign off the added patch file (meta/recipes-multimedia/libpng/files/CVE-2018-13785.patch)
> 

the original patch doesn't have a signed-off. What's the policy?

> * Issue             Added patch file is missing Upstream-Status in the header [test_upstream_status_presence_format]
>    Suggested fix    Add Upstream-Status: <Valid status> to the header of meta/recipes-core/busybox/busybox/CVE-2017-15874.patch
>    Standard format  Upstream-Status: <Valid status>
>    Valid status     Pending, Accepted, Backport, Denied, Inappropriate [reason], Submitted [where]
> 

I'm fairly new to this. I believe I have this tag. Do I have a mistake?

commit b3761a1a9b05c97028034a44be27400114ccf526
Author: Sinan Kaya <okaya at kernel.org>
Date:   Fri Sep 21 04:20:44 2018 +0000

     busybox: CVE-2017-15874

     * CVE-2017-15874
     busybox: Integer underflow in archival/libarchive/decompress_unlzma.c

     (cherry picked from 9ac42c500586fa5f10a1f6d22c3f797df11b1f6b)

     Affects busybox <= 1.27.2

     Upstream-Status: Backport [ 
https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b]
     CVE: CVE-2017-15874
     Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15874
     Signed-off-by: Sinan Kaya <okaya at kernel.org>

> 
> 
> If you believe any of these test results are incorrect, please reply to the
> mailing list (openembedded-core at lists.openembedded.org) raising your concerns.
> Otherwise we would appreciate you correcting the issues and submitting a new
> version of the patchset if applicable. Please ensure you add/increment the
> version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
> [PATCH v3] -> ...).
> 
> ---
> Guidelines:     https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
> Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
> Test suite:     http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
> 
>

More information about the Openembedded-core mailing list