diff options
author | Ross Burton <ross.burton@arm.com> | 2022-04-27 12:43:39 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-08-18 17:52:23 +0100 |
commit | c4499b85f70bb6224f048ec9fd48ad195fd08cca (patch) | |
tree | 8496b8ea4aa5a6a8cffe85f09d7d12f56485878e | |
parent | c35c1e15f0e9903079691981f49540aeef1f39b6 (diff) | |
download | poky-c4499b85f70bb6224f048ec9fd48ad195fd08cca.tar.gz |
cve_check: skip remote patches that haven't been fetched when searching for CVE tags
If a remote patch is compressed we need to have run the unpack task for
the file to exist locally. Currently cve_check only depends on fetch so
instead of erroring out, emit a warning that this file won't be scanned
for CVE references.
Typically, remote compressed patches won't contain our custom tags, so
this is unlikely to be an issue.
(From OE-Core rev: a2d03f445c45558997484240d2549eaa1e103692)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cefc8741438c91f74264da6b59dece2e31f9e5a5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/lib/oe/cve_check.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index a4b831831b..30fdc3e3dd 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py | |||
@@ -114,9 +114,10 @@ def get_patched_cves(d): | |||
114 | for url in oe.patch.src_patches(d): | 114 | for url in oe.patch.src_patches(d): |
115 | patch_file = bb.fetch.decodeurl(url)[2] | 115 | patch_file = bb.fetch.decodeurl(url)[2] |
116 | 116 | ||
117 | # Remote compressed patches may not be unpacked, so silently ignore them | ||
117 | if not os.path.isfile(patch_file): | 118 | if not os.path.isfile(patch_file): |
118 | bb.error("File Not found: %s" % patch_file) | 119 | bb.warn("%s does not exist, cannot extract CVE list" % patch_file) |
119 | raise FileNotFoundError | 120 | continue |
120 | 121 | ||
121 | # Check patch file name for CVE ID | 122 | # Check patch file name for CVE ID |
122 | fname_match = cve_file_name_match.search(patch_file) | 123 | fname_match = cve_file_name_match.search(patch_file) |