diff options
author | Michael Opdenacker <michael.opdenacker@bootlin.com> | 2021-08-05 18:50:46 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-08-06 06:34:26 +0100 |
commit | 8aa613480663e11ecc62278d8c57ca719eb23899 (patch) | |
tree | 90da404ebdbf73b98ca97e666f75df626403ba0f /meta/classes | |
parent | 57adb57a9d9b08c08ab606ec7b561792e4f4ff2d (diff) | |
download | openembedded-core-contrib-8aa613480663e11ecc62278d8c57ca719eb23899.tar.gz |
cve-check: improve comment about CVE patch file names
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
-rw-r--r-- | meta/classes/cve-check.bbclass | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index bf7dd15c73..6582f97151 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -166,9 +166,12 @@ def get_patches_cves(d): pn = d.getVar("PN") cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+") - # Matches last CVE-1234-211432 in the file name, also if written - # with small letters. Not supporting multiple CVE id's in a single - # file name. + # Matches the last "CVE-YYYY-ID" in the file name, also if written + # in lowercase. Possible to have multiple CVE IDs in a single + # file name, but only the last one will be detected from the file name. + # However, patch files contents addressing multiple CVE IDs are supported + # (cve_match regular expression) + cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)") patched_cves = set() |