From bee636b759feafba544e95d6355c52eb85e4ba72 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 7 Dec 2016 11:25:53 +0000
Subject: cve-check: allow recipes to override the product name

Add a new variable CVE_PRODUCT for the product name to look up in the NVD
database.  Default this to BPN, but allow recipes such as tiff (which is libtiff
in NVD) to override it.

(From OE-Core rev: ba330051570a4c991885ee726cb187e0c911bd4f)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/cve-check.bbclass | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index b0febfb2e5..75b8fa9ab9 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -20,6 +20,10 @@
 # the only method to check against CVEs. Running this tool
 # doesn't guarantee your packages are free of CVEs.
 
+# The product name that the CVE database uses.  Defaults to BPN, but may need to
+# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
+CVE_PRODUCT ?= "${BPN}"
+
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
 CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db"
 
@@ -144,7 +148,7 @@ def check_cves(d, patched_cves):
 
     cves_patched = []
     cves_unpatched = []
-    bpn = d.getVar("BPN", True)
+    bpn = d.getVar("CVE_PRODUCT")
     pv = d.getVar("PV", True).split("git+")[0]
     cves = " ".join(patched_cves)
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR", True)
-- 
cgit 1.2.3-korg