diff options
author | Ross Burton <ross.burton@intel.com> | 2018-02-09 12:37:08 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-02-16 18:05:40 +0000 |
commit | 4873716c0cb436c82e877db2bba2d748b675c08b (patch) | |
tree | 8715dea3bbf31013988a1db515624009d629c048 | |
parent | ccd664d8d0afb03a66f00804b919b9878962eea5 (diff) | |
download | poky-4873716c0cb436c82e877db2bba2d748b675c08b.tar.gz |
cve-check: allow recipes to override their version
For reasons which I don't understand, the Berkeley DB tarball is version 5.3.28
but in CVE reports the version is 11.2.5.3.28.
To handle this allow recipes to override their version as well as their name.
(From OE-Core rev: 36fbf96cf284acbc810ff3bf00702f1f82bc0da9)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/classes/cve-check.bbclass | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 62dd6424d5..061e883fa7 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -23,6 +23,7 @@ | |||
23 | # The product name that the CVE database uses. Defaults to BPN, but may need to | 23 | # The product name that the CVE database uses. Defaults to BPN, but may need to |
24 | # be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff). | 24 | # be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff). |
25 | CVE_PRODUCT ??= "${BPN}" | 25 | CVE_PRODUCT ??= "${BPN}" |
26 | CVE_VERSION ??= "${PV}" | ||
26 | 27 | ||
27 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" | 28 | CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" |
28 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db" | 29 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db" |
@@ -168,7 +169,7 @@ def check_cves(d, patched_cves): | |||
168 | cves_patched = [] | 169 | cves_patched = [] |
169 | cves_unpatched = [] | 170 | cves_unpatched = [] |
170 | bpn = d.getVar("CVE_PRODUCT") | 171 | bpn = d.getVar("CVE_PRODUCT") |
171 | pv = d.getVar("PV").split("+git")[0] | 172 | pv = d.getVar("CVE_VERSION").split("+git")[0] |
172 | cves = " ".join(patched_cves) | 173 | cves = " ".join(patched_cves) |
173 | cve_db_dir = d.getVar("CVE_CHECK_DB_DIR") | 174 | cve_db_dir = d.getVar("CVE_CHECK_DB_DIR") |
174 | cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST")) | 175 | cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST")) |