On Sat Dec 28, 2024 at 7:27 PM CET, Colin McAllister via lists.openembedded.org
wrote:
> The cve_check functionality to parse CVE IDs from the patch filename and
> patch contents have been reworked to improve parsing and also add tests.
> This ensures that the parsing works as intended.
>
> Signed-off-by: Colin McAllister <[email protected]>
> ---
Hi Colin,
It looks like this patch is causing a break on the autobuilder, with the
following error:
ERROR: libidn2-2.3.7-r0 do_cve_check: Error executing a python function in
exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:do_cve_check(d)
0003:
File:
'/srv/pokybuild/yocto-worker/oe-selftest-debian/build/meta/classes/cve-check.bbclass',
lineno: 184, function: do_cve_check
0180: try:
0181: patched_cves = get_patched_cves(d)
0182: except FileNotFoundError:
0183: bb.fatal("Failure in searching patches")
*** 0184: cve_data, status = check_cves(d, patched_cves)
0185: if len(cve_data) or (d.getVar("CVE_CHECK_COVERAGE") ==
"1" and status):
0186: get_cve_info(d, cve_data)
0187: cve_write_data(d, cve_data, status)
0188: else:
File:
'/srv/pokybuild/yocto-worker/oe-selftest-debian/build/meta/classes/cve-check.bbclass',
lineno: 423, function: check_cves
0419: product_cursor.close()
0420:
0421: if not vulnerable:
0422: bb.note("%s-%s is not vulnerable to %s" % (pn,
real_pv, cve))
*** 0423: cve_update(d, cve_data, cve, {"abbrev-status":
"Patched", "status": "version-not-in-range"})
0424: cve_cursor.close()
0425:
0426: if not cves_in_product:
0427: bb.note("No CVE records found for product %s, pn %s" %
(product, pn))
File:
'/srv/pokybuild/yocto-worker/oe-selftest-debian/build/meta/classes/cve-check.bbclass',
lineno: 287, function: cve_update
0283:
0284:def cve_update(d, cve_data, cve, entry):
0285: # If no entry, just add it
0286: if cve not in cve_data:
*** 0287: cve_data[cve] = entry
0288: return
0289: # If we are updating, there might be change in the status
0290: bb.debug("Trying CVE entry update for %s from %s to %s" % (cve,
cve_data[cve]['abbrev-status'], entry['abbrev-status']))
0291: if cve_data[cve]['abbrev-status'] == "Unknown":
Exception: TypeError: 'set' object does not support item assignment
https://valkyrie.yoctoproject.org/#/builders/35/builds/683/steps/14/logs/stdio
On first read, it looks like get_patched_cves() was previously returning
a dictionary and is now returning a set().
Can you fix this please ?
--
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#209154):
https://lists.openembedded.org/g/openembedded-core/message/209154
Mute This Topic: https://lists.openembedded.org/mt/110320291/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
