cve-check: Allow multiple entries in CVE_PRODUCT

There are both "curl" and "libcurl" CPEs in NVD. All "curl" CVEs are currently missing in the reports. Hence, switch "CVE_PRODUCT" to a space separated list. It is useful for recipes generating several packages, that have different product names in NVD. Signed-off-by: Grygorii Tertychnyi <gtertych@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Grygorii Tertychnyi <gtertych@cisco.com> 2018-10-29 17:13:10 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-10-29 17:00:34 +0000
commit: 404f75e026393ddc55da87f6f04fb1201cff4e11 (patch)
tree: 49e402ba56b9a5546e17baf74a52a028c943538d
parent: 67f9e9045ab91a9df15876ad73e44ff98f11bf59 (diff)
download: openembedded-core-contrib-404f75e026393ddc55da87f6f04fb1201cff4e11.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 12ad3e5c5c..743bc08a4f 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -190,7 +190,8 @@ def check_cves(d, patched_cves):
         # Write the faux CSV file to be used with cve-check-tool
         fd, faux = tempfile.mkstemp(prefix="cve-faux-")
         with os.fdopen(fd, "w") as f:
-            f.write("%s,%s,%s," % (bpn, pv, cves))
+            for pn in bpn.split():
+                f.write("%s,%s,%s,\n" % (pn, pv, cves))
         cmd.append(faux)
 
         output = subprocess.check_output(cmd).decode("utf-8")
author	Grygorii Tertychnyi <gtertych@cisco.com>	2018-10-29 17:13:10 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-10-29 17:00:34 +0000
commit	404f75e026393ddc55da87f6f04fb1201cff4e11 (patch)
tree	49e402ba56b9a5546e17baf74a52a028c943538d
parent	67f9e9045ab91a9df15876ad73e44ff98f11bf59 (diff)
download	openembedded-core-contrib-404f75e026393ddc55da87f6f04fb1201cff4e11.tar.gz