diff options
| author | Colin McAllister <colinmca242@gmail.com> | 2024-12-30 19:22:24 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-01-08 13:25:11 +0000 |
| commit | 35f4253a10eb9e77f10236134892d7d347e52540 (patch) | |
| tree | 3de170886c2db9e063381a26be4d3743563a9d3b /documentation/ref-manual/qa-checks.rst | |
| parent | db2146dbe6a701e8eb225607aa6b8196273bc552 (diff) | |
| download | poky-35f4253a10eb9e77f10236134892d7d347e52540.tar.gz | |
cve-check: Rework patch parsing
The cve_check functionality to parse CVE IDs from the patch filename and
patch contents have been reworked to improve parsing and also utilize
tests. This ensures that the parsing works as intended.
Additionally, the new patched_cves dict has a few issues I tried to fix
as well. If multiple patch files exist for a single CVE ID, only the
last one will show up with the "resource" key. The value for the
"resource" key has been updated to hold a list and return all patch
files associated with a given CVE ID. Also, at the end of
get_patch_cves, CVE_STATUS can overwrite an existing entry in the dict.
This could cause an issue, for example, if a CVE has been addressed via
a patch, but a CVE_STATUS line also exists that ignores the given CVE
ID. A warning has been added if this ever happens.
(From OE-Core rev: 87c6da681609b4f8e048eca2a27ae8e068c724e1)
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation/ref-manual/qa-checks.rst')
0 files changed, 0 insertions, 0 deletions