[OE-core] ✗ patchtest: failure for "[v1] busybox: CVE-2017-15874..." and 2 more
Sinan Kaya
okaya at kernel.org
Fri Sep 21 22:52:34 UTC 2018
On 9/21/2018 6:33 PM, Patchwork wrote:
> == Series Details ==
>
> Series: "[v1] busybox: CVE-2017-15874..." and 2 more
> Revision: 1
> URL : https://patchwork.openembedded.org/series/14184/
> State : failure
>
> == Summary ==
>
>
> Thank you for submitting this patch series to OpenEmbedded Core. This is
> an automated response. Several tests have been executed on the proposed
> series by patchtest resulting in the following failures:
>
>
>
> * Issue Series does not apply on top of target branch [test_series_merge_on_head]
> Suggested fix Rebase your series on top of targeted branch
> Targeted branch master (currently at 957a2f95b8)
>
These patches do not apply to the master branch because they were intended
for the sumo branch as a security fix. Is there a way to specify what
particular branch this patch is targeting?
Another reason is that package versions on master branch are newer.
> * Issue A patch file has been added, but does not have a Signed-off-by tag [test_signed_off_by_presence]
> Suggested fix Sign off the added patch file (meta/recipes-multimedia/libpng/files/CVE-2018-13785.patch)
>
the original patch doesn't have a signed-off. What's the policy?
> * Issue Added patch file is missing Upstream-Status in the header [test_upstream_status_presence_format]
> Suggested fix Add Upstream-Status: <Valid status> to the header of meta/recipes-core/busybox/busybox/CVE-2017-15874.patch
> Standard format Upstream-Status: <Valid status>
> Valid status Pending, Accepted, Backport, Denied, Inappropriate [reason], Submitted [where]
>
I'm fairly new to this. I believe I have this tag. Do I have a mistake?
commit b3761a1a9b05c97028034a44be27400114ccf526
Author: Sinan Kaya <okaya at kernel.org>
Date: Fri Sep 21 04:20:44 2018 +0000
busybox: CVE-2017-15874
* CVE-2017-15874
busybox: Integer underflow in archival/libarchive/decompress_unlzma.c
(cherry picked from 9ac42c500586fa5f10a1f6d22c3f797df11b1f6b)
Affects busybox <= 1.27.2
Upstream-Status: Backport [
https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b]
CVE: CVE-2017-15874
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15874
Signed-off-by: Sinan Kaya <okaya at kernel.org>
>
>
> If you believe any of these test results are incorrect, please reply to the
> mailing list (openembedded-core at lists.openembedded.org) raising your concerns.
> Otherwise we would appreciate you correcting the issues and submitting a new
> version of the patchset if applicable. Please ensure you add/increment the
> version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
> [PATCH v3] -> ...).
>
> ---
> Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
> Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
> Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
>
>
More information about the Openembedded-core
mailing list