CVE_CHECK_PATCHED - should contains an additional CVEs which have been fixed and shouldn't be mark as vulnerable nor ignored.
Signed-off-by: Andrej Valek <[email protected]> --- meta/classes/cve-check.bbclass | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index bd9e7e7445c..957ea0130dc 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -78,6 +78,11 @@ CVE_CHECK_SKIP_RECIPE ?= "" # CVE_CHECK_IGNORE ?= "" +# Usually a CVE gets treated as patched when a patch with the name of the CVE +# gets applied. Basically this variable should not be used. But if there are +# other reasons to mark a CVE as patched it can be added to this list. +CVE_CHECK_PATCHED ?= "" + # Layers to be excluded CVE_CHECK_LAYER_EXCLUDELIST ??= "" @@ -284,6 +289,9 @@ def check_cves(d, patched_cves): cve_ignore = d.getVar("CVE_CHECK_IGNORE").split() + # add additional patched CVEs into existing patched list + patched_cves.update(d.getVar("CVE_CHECK_PATCHED").split()) + import sqlite3 db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") conn = sqlite3.connect(db_file, uri=True) -- 2.40.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#180911): https://lists.openembedded.org/g/openembedded-core/message/180911 Mute This Topic: https://lists.openembedded.org/mt/98703185/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
