[oe-commits] [openembedded-core] 02/03: cve-check: Allow multiple entries in CVE_PRODUCT
git at git.openembedded.org
git at git.openembedded.org
Mon Oct 29 17:02:24 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master
in repository openembedded-core.
commit 404f75e026393ddc55da87f6f04fb1201cff4e11
Author: Grygorii Tertychnyi <gtertych at cisco.com>
AuthorDate: Mon Oct 29 17:13:10 2018 +0200
cve-check: Allow multiple entries in CVE_PRODUCT
There are both "curl" and "libcurl" CPEs in NVD.
All "curl" CVEs are currently missing in the reports.
Hence, switch "CVE_PRODUCT" to a space separated list.
It is useful for recipes generating several packages,
that have different product names in NVD.
Signed-off-by: Grygorii Tertychnyi <gtertych at cisco.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/classes/cve-check.bbclass | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 12ad3e5..743bc08 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -190,7 +190,8 @@ def check_cves(d, patched_cves):
# Write the faux CSV file to be used with cve-check-tool
fd, faux = tempfile.mkstemp(prefix="cve-faux-")
with os.fdopen(fd, "w") as f:
- f.write("%s,%s,%s," % (bpn, pv, cves))
+ for pn in bpn.split():
+ f.write("%s,%s,%s,\n" % (pn, pv, cves))
cmd.append(faux)
output = subprocess.check_output(cmd).decode("utf-8")
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list