diff mbox series

at-spi2-core: set CVE_PRODUCT

Message ID 20240417142100.56518-1-emil.kronborg@protonmail.com
State New
Headers show
Series at-spi2-core: set CVE_PRODUCT | expand

Commit Message

Emil Kronborg April 17, 2024, 2:21 p.m. UTC 
Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com>
---
 meta/recipes-support/atk/at-spi2-core_2.52.0.bb | 2 ++
 1 file changed, 2 insertions(+)


base-commit: 946086abf5ac5172258ddb27af9c1c615258f62f

Comments

patchtest@automation.yoctoproject.org April 17, 2024, 2:34 p.m. UTC | #1 
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch /home/patchtest/share/mboxes/at-spi2-core-set-CVE_PRODUCT.patch

FAIL: test commit message presence: Please include a commit message on your patch explaining the change (test_mbox.TestMbox.test_commit_message_presence)

PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files)
PASS: test CVE check ignore (test_metadata.TestMetadata.test_cve_check_ignore)
PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files)

SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint)
SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence)
SKIP: test target mailing list: Series merged, no reason to check other mailing lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!
Ross Burton April 17, 2024, 3:49 p.m. UTC | #2 
On 17 Apr 2024, at 15:21, Emil Kronborg via lists.openembedded.org <emil.kronborg=protonmail.com@lists.openembedded.org> wrote:
> 
> Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com>
> ---
> meta/recipes-support/atk/at-spi2-core_2.52.0.bb | 2 ++
> 1 file changed, 2 insertions(+)
> 
> diff --git a/meta/recipes-support/atk/at-spi2-core_2.52.0.bb b/meta/recipes-support/atk/at-spi2-core_2.52.0.bb
> index cf221e038927..2ab42ba13f50 100644
> --- a/meta/recipes-support/atk/at-spi2-core_2.52.0.bb
> +++ b/meta/recipes-support/atk/at-spi2-core_2.52.0.bb
> @@ -7,6 +7,8 @@ BUGTRACKER = "http://bugzilla.gnome.org/"
> LICENSE = "LGPL-2.1-or-later"
> LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
> 
> +CVE_PRODUCT = "at-spi2-atk"

Don’t you mean +=?  We care about issues against at-spi2-core too, surely.

Ross
Emil Kronborg April 18, 2024, 7:11 a.m. UTC | #3 
On Wed, Apr 17, 2024 at 15:49 +0000, Ross Burton wrote:
> Don’t you mean +=?  We care about issues against at-spi2-core too, surely.
> 
> Ross

I was unable to find any (previous) CVEs for at-spi2-core, but I think
you are right. Also, at-spi2-atk was merged into at-spi2-core last year
[1], so matching both should be correct. I will send a v2 with this fix
and a commit message as well, so the patchtest bot becomes happy.

[1]: https://gitlab.gnome.org/GNOME/at-spi2-core/-/merge_requests/78
diff mbox series

Patch

diff --git a/meta/recipes-support/atk/at-spi2-core_2.52.0.bb b/meta/recipes-support/atk/at-spi2-core_2.52.0.bb
index cf221e038927..2ab42ba13f50 100644
--- a/meta/recipes-support/atk/at-spi2-core_2.52.0.bb
+++ b/meta/recipes-support/atk/at-spi2-core_2.52.0.bb
@@ -7,6 +7,8 @@  BUGTRACKER = "http://bugzilla.gnome.org/"
 LICENSE = "LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
 
+CVE_PRODUCT = "at-spi2-atk"
+
 MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}"
 
 SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz"