From patchwork Wed Dec 7 16:50:36 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 87133 Delivered-To: patch@linaro.org Received: by 10.140.20.101 with SMTP id 92csp414380qgi; Wed, 7 Dec 2016 08:51:05 -0800 (PST) X-Received: by 10.84.215.148 with SMTP id l20mr148848397pli.120.1481129465778; Wed, 07 Dec 2016 08:51:05 -0800 (PST) Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id b34si24845467pli.224.2016.12.07.08.51.05; Wed, 07 Dec 2016 08:51:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org Received: from review.yoctoproject.org (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 1A78471B2B; Wed, 7 Dec 2016 16:51:03 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wj0-f182.google.com (mail-wj0-f182.google.com [209.85.210.182]) by mail.openembedded.org (Postfix) with ESMTP id A026060017 for ; Wed, 7 Dec 2016 16:50:43 +0000 (UTC) Received: by mail-wj0-f182.google.com with SMTP id tg4so111473529wjb.1 for ; Wed, 07 Dec 2016 08:50:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id; bh=orUCJQY2AyGDI8JPgcP6cq+uGV7GUN5hTC77FL+5fTc=; b=ZJGUH60wBG89/tihYkuzyMLy7mxkXaHutwQIxsLB5of/nauGqJbYeVdxoqEhnp8+0c WPBTXuH2fm3GaK+dIcnj6+VTag1KRNyC0ne0RxAKLKWRARH/C7JtvcuvxPvGl5EVghmb hX31qOTBpzMsXtYpm2VNzUGFjZFxvMNeaMs477fOZgp4VfqvIYkAyfPWbCzVLiXpRIA/ Eofrz45wZqQmTRes3THUqWuCPBGSannr5yWIYhlmTWBOexqnmn5W7Rwmzz+rZC8FCv1f kQpwaPUWnLWh/GhoaKEj+Kl/NqMRbEVaz4byFwxb36mFRwEV8laEIIrhdccn6iU1AAAw PYdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id; bh=orUCJQY2AyGDI8JPgcP6cq+uGV7GUN5hTC77FL+5fTc=; b=FHeE2DXgttmMk8hLP5g5JsOlx7d4hqcFVQdTIJIbXBIyy5r7t6SIvHKcXdFHnNzS3w Q+de+rkijFo3zEVtxaQyD6qXNs8tRNqloD/rL8KWb7+ZX5uKO9oVUnjSOsrbYaf4FsOD JrqjE6sJMFGbupVdmh/Wynv4Ppdo1G4yYyMg6CRNqeH/7ZU1QeJSw8nkCNLYdj6fGGcD F3HmV1ZDmVLhAvFFTMW9U0iE0VY2ihxVLT826nIcapxYGeAszEeietOeFQiL1VNrxP3D MMBabHgL5Z56YaAqJx+Dv7p0YQpO7xJyy/304B+bmx0vNFUr8mBrOk2jJQJMl8UeEOV2 tSNg== X-Gm-Message-State: AKaTC02r4JxfkojYqTecS9+CBnZrjgUyyoThrLZft/wCNHAMkXQ8Yj7pspZBIOXzuSJ9fZb6 X-Received: by 10.194.171.66 with SMTP id as2mr71804106wjc.77.1481129444083; Wed, 07 Dec 2016 08:50:44 -0800 (PST) Received: from flashheart.burtonini.com (home.burtonini.com. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id 138sm10535402wms.20.2016.12.07.08.50.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 07 Dec 2016 08:50:43 -0800 (PST) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Wed, 7 Dec 2016 16:50:36 +0000 Message-Id: <1481129438-28306-1-git-send-email-ross.burton@intel.com> X-Mailer: git-send-email 2.8.1 Subject: [OE-core] [PATCH 1/3] cve-check: allow recipes to override the product name X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org Add a new variable CVE_PRODUCT for the product name to look up in the NVD database. Default this to BPN, but allow recipes such as tiff (which is libtiff in NVD) to override it. Signed-off-by: Ross Burton --- meta/classes/cve-check.bbclass | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -- 2.8.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index b0febfb..75b8fa9 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -20,6 +20,10 @@ # the only method to check against CVEs. Running this tool # doesn't guarantee your packages are free of CVEs. +# The product name that the CVE database uses. Defaults to BPN, but may need to +# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff). +CVE_PRODUCT ?= "${BPN}" + CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db" @@ -144,7 +148,7 @@ def check_cves(d, patched_cves): cves_patched = [] cves_unpatched = [] - bpn = d.getVar("BPN", True) + bpn = d.getVar("CVE_PRODUCT") pv = d.getVar("PV", True).split("git+")[0] cves = " ".join(patched_cves) cve_db_dir = d.getVar("CVE_CHECK_DB_DIR", True)