summaryrefslogtreecommitdiff
path: root/meta/classes
diff options
context:
space:
mode:
Diffstat (limited to 'meta/classes')
-rw-r--r--meta/classes/cve-check.bbclass16
1 files changed, 15 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index f44bbed6ac..bc2f03f7dd 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -118,10 +118,24 @@ def get_patches_cves(d):
pn = d.getVar("PN")
cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
+
+ # Matches last CVE-1234-211432 in the file name, also if written
+ # with small letters. Not supporting multiple CVE id's in a single
+ # file name.
+ cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
+
patched_cves = set()
bb.debug(2, "Looking for patches that solves CVEs for %s" % pn)
for url in src_patches(d):
patch_file = bb.fetch.decodeurl(url)[2]
+
+ # Check patch file name for CVE ID
+ fname_match = cve_file_name_match.search(patch_file)
+ if fname_match:
+ cve = fname_match.group(1).upper()
+ patched_cves.add(cve)
+ bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file))
+
with open(patch_file, "r", encoding="utf-8") as f:
try:
patch_text = f.read()
@@ -140,7 +154,7 @@ def get_patches_cves(d):
for cve in cves.split():
bb.debug(2, "Patch %s solves %s" % (patch_file, cve))
patched_cves.add(cve)
- else:
+ elif not fname_match:
bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file)
return patched_cves
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-28 19:50:34 +0000