On Fri, 2018-11-02 at 14:03 +0800, Chen Qi wrote: > The current logic for checking cve tag is not correct. It errors > out if and only if the patch contains a line which begins with > CVE-YYYY-XXXX and contains nothing else. > > It will not error out if the patch contains no CVE information, nor > will it error out if the patch contains line like below. > > 'Fix CVE-YYYY-XXXX' > > I can see that the cve tag checking logic tries to ensure the patch > contains something like 'CVE: CVE-YYYY-XXXX'. So fix to implement > such > logic. > > Signed-off-by: Chen Qi <qi.c...@windriver.com> > --- > tests/test_patch_cve.py | 15 ++++++++------- > 1 file changed, 8 insertions(+), 7 deletions(-)
Thanks, good find. I've merged this and I believe the instance should have it applied now too. Cheers, Richard -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
