diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/classes/cve-check.bbclass')
-rw-r--r-- | import-layers/yocto-poky/meta/classes/cve-check.bbclass | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/import-layers/yocto-poky/meta/classes/cve-check.bbclass b/import-layers/yocto-poky/meta/classes/cve-check.bbclass index 1425a4055..75b8fa9ab 100644 --- a/import-layers/yocto-poky/meta/classes/cve-check.bbclass +++ b/import-layers/yocto-poky/meta/classes/cve-check.bbclass @@ -20,6 +20,10 @@ # the only method to check against CVEs. Running this tool # doesn't guarantee your packages are free of CVEs. +# The product name that the CVE database uses. Defaults to BPN, but may need to +# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff). +CVE_PRODUCT ?= "${BPN}" + CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db" @@ -39,7 +43,7 @@ CVE_CHECK_PN_WHITELIST = "\ # Whitelist for CVE and version of package CVE_CHECK_CVE_WHITELIST = "{\ - 'CVE-2014-2524': ('6.3',), \ + 'CVE-2014-2524': ('6.3','5.2',), \ }" python do_cve_check () { @@ -144,7 +148,7 @@ def check_cves(d, patched_cves): cves_patched = [] cves_unpatched = [] - bpn = d.getVar("BPN", True) + bpn = d.getVar("CVE_PRODUCT") pv = d.getVar("PV", True).split("git+")[0] cves = " ".join(patched_cves) cve_db_dir = d.getVar("CVE_CHECK_DB_DIR", True) |