Re: [OE-core] [PATCH] cve-check.bbclass: support embedded SW components with different version number

Mikko Rapeli Thu, 19 Oct 2023 05:46:04 -0700

Hi,

Could something like this work?


--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -140,15 +140,14 @@ def get_patched_cves(d):
     return patched_cves
 
 
-def get_cpe_ids(cve_product, version):
+def get_cpe_ids(cve_product, cve_version):
     """
     Get list of CPE identifiers for the given product and version
     """
 
-    version = version.split("+git")[0]
-
     cpe_ids = []
     for product in cve_product.split():
+        version = (d.getVar("CVE_VERSION_%s" % product) or 
cve_version).split("+git")[0]
         # CVE_PRODUCT in recipes may include vendor information for CPE 
identifiers. If not,
         # use wildcard for vendor.
         if ":" in product:

Cheers,

-Mikko

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189455): 
https://lists.openembedded.org/g/openembedded-core/message/189455
Mute This Topic: https://lists.openembedded.org/mt/101991269/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] cve-check.bbclass: support embedded SW components with different version number

Reply via email to