summaryrefslogtreecommitdiffstats
path: root/meta/classes/cve-check.bbclass
diff options
context:
space:
mode:
authorGrygorii Tertychnyi <gtertych@cisco.com>2018-10-29 17:13:10 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-10-29 17:01:45 +0000
commite93457c1511037a9ebac8e9794db65d9ff0113f4 (patch)
treeafb9360e9494028491f45dcf02a71ee49d91971e /meta/classes/cve-check.bbclass
parentbc395e0e87136832f2b086bc6daf40715079e734 (diff)
downloadpoky-e93457c1511037a9ebac8e9794db65d9ff0113f4.tar.gz
cve-check: Allow multiple entries in CVE_PRODUCT
There are both "curl" and "libcurl" CPEs in NVD. All "curl" CVEs are currently missing in the reports. Hence, switch "CVE_PRODUCT" to a space separated list. It is useful for recipes generating several packages, that have different product names in NVD. (From OE-Core rev: 404f75e026393ddc55da87f6f04fb1201cff4e11) Signed-off-by: Grygorii Tertychnyi <gtertych@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r--meta/classes/cve-check.bbclass3
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 12ad3e5c5c..743bc08a4f 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -190,7 +190,8 @@ def check_cves(d, patched_cves):
190 # Write the faux CSV file to be used with cve-check-tool 190 # Write the faux CSV file to be used with cve-check-tool
191 fd, faux = tempfile.mkstemp(prefix="cve-faux-") 191 fd, faux = tempfile.mkstemp(prefix="cve-faux-")
192 with os.fdopen(fd, "w") as f: 192 with os.fdopen(fd, "w") as f:
193 f.write("%s,%s,%s," % (bpn, pv, cves)) 193 for pn in bpn.split():
194 f.write("%s,%s,%s,\n" % (pn, pv, cves))
194 cmd.append(faux) 195 cmd.append(faux)
195 196
196 output = subprocess.check_output(cmd).decode("utf-8") 197 output = subprocess.check_output(cmd).decode("utf-8")