The first patch is actually unchanged, just re-sending it. However, in the discussion on the patch there seemed to be some confusion regarding the relation between LICENSE and LICENSE_<pkg> variables. Thus, I decided to implement the second patch of this series which does basic verification/sanity checking of LICENSE_<pkg> values.
Looking at the warnings I get after applying the second patch, at least nettle 2.7.1 and hdparm in OE-Core seem to be using LICENSE and LICENSE_<pkg> incorrectly. [YOCTO #9499] The following changes since commit 986f7fbe37a48d050611f08f7160ed96755ac3dc: foomatic-filters: Security fixes CVE-2015-8327 (2016-08-01 12:11:09 +0100) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib marquiz/fixes-9499 http://git.openembedded.org/openembedded-core-contrib/log/?h=marquiz/fixes-9499 Markus Lehtonen (2): license.bbclass: do not process LICENSE_pn variables license: simple verification of LICENSE_<pkg> values meta/classes/base.bbclass | 13 +++++++++++++ meta/classes/license.bbclass | 16 +--------------- meta/lib/oe/license.py | 18 ++++++++++++++++++ 3 files changed, 32 insertions(+), 15 deletions(-) -- 2.6.6 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core