[oe-commits] [openembedded-core] 06/35: cve-check: Allow multiple entries in CVE_PRODUCT

[git at git.openembedded.org]

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch sumo
in repository openembedded-core.

commit 667d5e77e1ce0f0e531ed87f6fc30e1d65b16759
Author: Grygorii Tertychnyi <gtertych at cisco.com>
AuthorDate: Mon Oct 29 17:13:10 2018 +0200

    cve-check: Allow multiple entries in CVE_PRODUCT
    
    There are both "curl" and "libcurl" CPEs in NVD.
    All "curl" CVEs are currently missing in the reports.
    
    Hence, switch "CVE_PRODUCT" to a space separated list.
    It is useful for recipes generating several packages,
    that have different product names in NVD.
    
    (From OE-Core rev: 404f75e026393ddc55da87f6f04fb1201cff4e11)
    
    Signed-off-by: Grygorii Tertychnyi <gtertych at cisco.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 meta/classes/cve-check.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 12ad3e5..743bc08 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -190,7 +190,8 @@ def check_cves(d, patched_cves):
         # Write the faux CSV file to be used with cve-check-tool
         fd, faux = tempfile.mkstemp(prefix="cve-faux-")
         with os.fdopen(fd, "w") as f:
-            f.write("%s,%s,%s," % (bpn, pv, cves))
+            for pn in bpn.split():
+                f.write("%s,%s,%s,\n" % (pn, pv, cves))
         cmd.append(faux)
 
         output = subprocess.check_output(cmd).decode("utf-8")

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.