mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-20 08:29:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

cve-check: Allow multiple entries in CVE_PRODUCT

Browse Source 
There are both "curl" and "libcurl" CPEs in NVD.
All "curl" CVEs are currently missing in the reports.

Hence, switch "CVE_PRODUCT" to a space separated list.
It is useful for recipes generating several packages,
that have different product names in NVD.

(From OE-Core rev: 404f75e026393ddc55da87f6f04fb1201cff4e11)

Signed-off-by: Grygorii Tertychnyi <gtertych@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Grygorii Tertychnyi
2018-10-29 17:13:10 +02:00
committed by Richard Purdie
parent bc395e0e87
commit e93457c151
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
meta/classes/cve-check.bbclass
View File

@@ -190,7 +190,8 @@ def check_cves(d, patched_cves):
# Write the faux CSV file to be used with cve-check-tool
fd, faux = tempfile.mkstemp(prefix="cve-faux-")
with os.fdopen(fd, "w") as f:
f.write("%s,%s,%s," % (bpn, pv, cves))
for pn in bpn.split():
f.write("%s,%s,%s,\n" % (pn, pv, cves))
cmd.append(faux)
output = subprocess.check_output(cmd).decode("utf-8")