[OE-core] [PATCH] curl: extend CVE_PRODUCT
Richard Purdie
richard.purdie at linuxfoundation.org
Mon Oct 29 17:02:50 UTC 2018
On Mon, 2018-10-29 at 15:46 +0000, akuster808 wrote:
> On 10/29/18 3:13 PM, grygorii tertychnyi via Openembedded-core wrote:
> > There are both "curl" and "libcurl" CPEs in NVD.
> > All "curl" CVEs are now missed in the reports.
> >
> > Hence, switch "CVE_PRODUCT" to a space separated list.
> > It is useful for recipes generating several packages,
> > that have different product names in NVD.
> >
> > Signed-off-by: grygorii tertychnyi <gtertych at cisco.com>
> > ---
> > meta/classes/cve-check.bbclass | 3 ++-
> > meta/recipes-support/curl/curl_7.61.0.bb | 2 +-
> > 2 files changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-
> > check.bbclass
> > index 12ad3e5c5c..743bc08a4f 100644
> > --- a/meta/classes/cve-check.bbclass
> > +++ b/meta/classes/cve-check.bbclass
> > @@ -190,7 +190,8 @@ def check_cves(d, patched_cves):
> > # Write the faux CSV file to be used with cve-check-tool
> > fd, faux = tempfile.mkstemp(prefix="cve-faux-")
> > with os.fdopen(fd, "w") as f:
> > - f.write("%s,%s,%s," % (bpn, pv, cves))
> > + for pn in bpn.split():
> > + f.write("%s,%s,%s,\n" % (pn, pv, cves))
> > cmd.append(faux)
>
>
> Please split this patch into two parts. the appear to be
> independent.
Since we need to get 2.6 built I've split this up.
Cheers,
Richard
More information about the Openembedded-core
mailing list