summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2018-02-09 12:37:08 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-02-16 18:05:40 +0000
commit4873716c0cb436c82e877db2bba2d748b675c08b (patch)
tree8715dea3bbf31013988a1db515624009d629c048
parentccd664d8d0afb03a66f00804b919b9878962eea5 (diff)
downloadpoky-4873716c0cb436c82e877db2bba2d748b675c08b.tar.gz
cve-check: allow recipes to override their version
For reasons which I don't understand, the Berkeley DB tarball is version 5.3.28 but in CVE reports the version is 11.2.5.3.28. To handle this allow recipes to override their version as well as their name. (From OE-Core rev: 36fbf96cf284acbc810ff3bf00702f1f82bc0da9) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/cve-check.bbclass3
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 62dd6424d5..061e883fa7 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -23,6 +23,7 @@
23# The product name that the CVE database uses. Defaults to BPN, but may need to 23# The product name that the CVE database uses. Defaults to BPN, but may need to
24# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff). 24# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
25CVE_PRODUCT ??= "${BPN}" 25CVE_PRODUCT ??= "${BPN}"
26CVE_VERSION ??= "${PV}"
26 27
27CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" 28CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
28CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db" 29CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db"
@@ -168,7 +169,7 @@ def check_cves(d, patched_cves):
168 cves_patched = [] 169 cves_patched = []
169 cves_unpatched = [] 170 cves_unpatched = []
170 bpn = d.getVar("CVE_PRODUCT") 171 bpn = d.getVar("CVE_PRODUCT")
171 pv = d.getVar("PV").split("+git")[0] 172 pv = d.getVar("CVE_VERSION").split("+git")[0]
172 cves = " ".join(patched_cves) 173 cves = " ".join(patched_cves)
173 cve_db_dir = d.getVar("CVE_CHECK_DB_DIR") 174 cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
174 cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST")) 175 cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST"))