[oe-commits] [openembedded-core] 32/33: cve-check.bbclass: use "+git" as separator in PV instead of "git+"

git at git.openembedded.org git at git.openembedded.org
Mon Jul 24 08:14:50 UTC 2017 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch master
in repository openembedded-core.

commit db8815abe3db60b0510fb378bf6d82172c2f2768
Author: Mikko Rapeli <mikko.rapeli at bmw.de>
AuthorDate: Thu Jul 20 16:23:11 2017 +0300

    cve-check.bbclass: use "+git" as separator in PV instead of "git+"
    
    PV is the recipe major version number. cve-check tries to map that to
    NVD database release versions of the component. If the recipe sources
    are taken from git, the PV can be automatically modified to include
    git details, but the syntax is like 233+gitAUTOINC+a1e2ef7ec9.
    In CVE checks we want to remove the git details and just use the major
    version information, in this example 233.
    
    Thus use "+git" as the separator and use the first part before the separator
    as SW product version number in CVE check.
    
    Fixes version number for e.g. systemd recipe. If systemd PV is
    233+gitAUTOINC+a1e2ef7ec9 there will be no matches from CVE database where
    latest release mentioned is plain 233. If the filter is set to +git, then
    CVE PV is 233 and issues like this are detected by do_cve_check:
    
    https://nvd.nist.gov/vuln/detail/CVE-2017-1000082
    
    Signed-off-by: Mikko Rapeli <mikko.rapeli at bmw.de>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
---
 meta/classes/cve-check.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 8dde4a2..f44bbed 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -155,7 +155,7 @@ def check_cves(d, patched_cves):
     cves_patched = []
     cves_unpatched = []
     bpn = d.getVar("CVE_PRODUCT")
-    pv = d.getVar("PV").split("git+")[0]
+    pv = d.getVar("PV").split("+git")[0]
     cves = " ".join(patched_cves)
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
     cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST"))

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list