Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 37a0e4ddff58c0120cc5cfef104b60d0e180638c^! / . / import-layers / yocto-poky / meta / classes / cve-check.bbclass
commit37a0e4ddff58c0120cc5cfef104b60d0e180638c[log] [tgz]
authorBrad Bishop <bradleyb@fuzziesquirrel.com>Mon Dec 04 01:01:44 2017 -0500
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Thu Dec 14 17:17:23 2017 +0000
tree1628857a2eb33ab517ba93d6a3ca25e55bd3e628
parent3c4c45d1e9a2324191a8640b22df1b71f15f3037 [diff] [blame]
Squashed 'import-layers/yocto-poky/' changes from dc8508f6099..67491b0c104

Yocto 2.2.2 (Morty)

Change-Id: Id9a452e28940d9f166957de243d9cb1d8818704e
git-subtree-dir: import-layers/yocto-poky
git-subtree-split: 67491b0c104101bb9f366d697edd23c895be4302
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

diff --git a/import-layers/yocto-poky/meta/classes/cve-check.bbclass b/import-layers/yocto-poky/meta/classes/cve-check.bbclass
index 1425a40..75b8fa9 100644
--- a/import-layers/yocto-poky/meta/classes/cve-check.bbclass
+++ b/import-layers/yocto-poky/meta/classes/cve-check.bbclass

@@ -20,6 +20,10 @@
 # the only method to check against CVEs. Running this tool
 # doesn't guarantee your packages are free of CVEs.
 
+# The product name that the CVE database uses.  Defaults to BPN, but may need to
+# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
+CVE_PRODUCT ?= "${BPN}"
+
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
 CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db"
 
@@ -39,7 +43,7 @@
 
 # Whitelist for CVE and version of package
 CVE_CHECK_CVE_WHITELIST = "{\
-    'CVE-2014-2524': ('6.3',), \
+    'CVE-2014-2524': ('6.3','5.2',), \
 }"
 
 python do_cve_check () {
@@ -144,7 +148,7 @@
 
     cves_patched = []
     cves_unpatched = []
-    bpn = d.getVar("BPN", True)
+    bpn = d.getVar("CVE_PRODUCT")
     pv = d.getVar("PV", True).split("git+")[0]
     cves = " ".join(patched_cves)
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR", True)