On Wed, 2018-11-07 at 09:01 +0000, Richard Purdie wrote: > On Fri, 2018-11-02 at 14:03 +0800, Chen Qi wrote: > > The current logic for checking cve tag is not correct. It errors > > out if and only if the patch contains a line which begins with > > CVE-YYYY-XXXX and contains nothing else. > > > > It will not error out if the patch contains no CVE information, nor > > will it error out if the patch contains line like below. > > > > 'Fix CVE-YYYY-XXXX' > > > > I can see that the cve tag checking logic tries to ensure the patch > > contains something like 'CVE: CVE-YYYY-XXXX'. So fix to implement > > such > > logic. > > > > Signed-off-by: Chen Qi <qi.c...@windriver.com> > > --- > > tests/test_patch_cve.py | 15 ++++++++------- > > 1 file changed, 8 insertions(+), 7 deletions(-) > > Thanks, good find. > > I've merged this and I believe the instance should have it applied > now > too. >
Not sure if this is related but it looks like the tests aren't running at all now ... https://patchwork.openembedded.org/project/oe-core/series/?ordering=-last_updated Thanks, Anuj -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
