diff options
| author | Grygorii Tertychnyi <gtertych@cisco.com> | 2018-10-29 17:13:10 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-10-29 17:01:45 +0000 |
| commit | e93457c1511037a9ebac8e9794db65d9ff0113f4 (patch) | |
| tree | afb9360e9494028491f45dcf02a71ee49d91971e /meta/classes/cve-check.bbclass | |
| parent | bc395e0e87136832f2b086bc6daf40715079e734 (diff) | |
| download | poky-e93457c1511037a9ebac8e9794db65d9ff0113f4.tar.gz | |
cve-check: Allow multiple entries in CVE_PRODUCT
There are both "curl" and "libcurl" CPEs in NVD.
All "curl" CVEs are currently missing in the reports.
Hence, switch "CVE_PRODUCT" to a space separated list.
It is useful for recipes generating several packages,
that have different product names in NVD.
(From OE-Core rev: 404f75e026393ddc55da87f6f04fb1201cff4e11)
Signed-off-by: Grygorii Tertychnyi <gtertych@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 12ad3e5c5c..743bc08a4f 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -190,7 +190,8 @@ def check_cves(d, patched_cves): | |||
| 190 | # Write the faux CSV file to be used with cve-check-tool | 190 | # Write the faux CSV file to be used with cve-check-tool |
| 191 | fd, faux = tempfile.mkstemp(prefix="cve-faux-") | 191 | fd, faux = tempfile.mkstemp(prefix="cve-faux-") |
| 192 | with os.fdopen(fd, "w") as f: | 192 | with os.fdopen(fd, "w") as f: |
| 193 | f.write("%s,%s,%s," % (bpn, pv, cves)) | 193 | for pn in bpn.split(): |
| 194 | f.write("%s,%s,%s,\n" % (pn, pv, cves)) | ||
| 194 | cmd.append(faux) | 195 | cmd.append(faux) |
| 195 | 196 | ||
| 196 | output = subprocess.check_output(cmd).decode("utf-8") | 197 | output = subprocess.check_output(cmd).decode("utf-8") |