diff options
| author |   Ross Burton <ross.burton@intel.com> | 2018-02-09 12:37:08 +0000 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-02-16 18:05:25 +0000 |
| commit | 36fbf96cf284acbc810ff3bf00702f1f82bc0da9 (patch) | |
| tree | 6b7274ed483f18f6c7877a634fbf32b78b24c9e8 | |
| parent | 4bbb8cd5f3943231ab5be0448d1b0d4a08341249 (diff) | |
| download | openembedded-core-contrib-36fbf96cf284acbc810ff3bf00702f1f82bc0da9.tar.gz | |
cve-check: allow recipes to override their version
For reasons which I don't understand, the Berkeley DB tarball is version 5.3.28
but in CVE reports the version is 11.2.5.3.28.
To handle this allow recipes to override their version as well as their name.
Signed-off-by: Ross Burton <ross.burton@intel.com>
| -rw-r--r-- | meta/classes/cve-check.bbclass | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 62dd6424d5..061e883fa7 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -23,6 +23,7 @@ # The product name that the CVE database uses. Defaults to BPN, but may need to # be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff). CVE_PRODUCT ??= "${BPN}" +CVE_VERSION ??= "${PV}" CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db" @@ -168,7 +169,7 @@ def check_cves(d, patched_cves): cves_patched = [] cves_unpatched = [] bpn = d.getVar("CVE_PRODUCT") - pv = d.getVar("PV").split("+git")[0] + pv = d.getVar("CVE_VERSION").split("+git")[0] cves = " ".join(patched_cves) cve_db_dir = d.getVar("CVE_CHECK_DB_DIR") cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST")) |