Hi,
On 2/3/2021 11:02 AM, Mikko Rapeli wrote:
Hi,
On Wed, Feb 03, 2021 at 08:42:57AM +0000, Anatol Belski wrote:
The naming convention needs to be help so the CVE is recognized as
fixed by the tooling.
Yocto CVE checker does detect CVE patches also from patch comments so
this change is not needed for that. This is sufficient:
poky$ git grep CVE-2020-35457
meta/recipes-core/glib-2.0/glib-2.0/0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch:CVE:
CVE-2020-35457
Is there some other tooling that you are referring to?
I should have read meta/classes/cve-check.bbclass before :) Looks like
it was a wrong impression on my side, that the filename needs to match
there, also when working with older versions. Thanks for the
explanation, indeed there's no action required on this, I didn't refer
to any other tools.
Regards
Anatol
Cheers,
-Mikko
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147629):
https://lists.openembedded.org/g/openembedded-core/message/147629
Mute This Topic: https://lists.openembedded.org/mt/80349258/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
