Re: [OE-core] [PATCH] cve-check.bbclass: support embedded SW components with different version number

Jose Quaresma Fri, 20 Oct 2023 00:57:00 -0700

Mikko Rapeli <mikko.rap...@linaro.org> escreveu no dia quinta, 19/10/2023
à(s) 13:45:


> Hi,
>
> Could something like this work?
>
> --- a/meta/lib/oe/cve_check.py
> +++ b/meta/lib/oe/cve_check.py
> @@ -140,15 +140,14 @@ def get_patched_cves(d):
>      return patched_cves
>
>
> -def get_cpe_ids(cve_product, version):
> +def get_cpe_ids(cve_product, cve_version):
>      """
>      Get list of CPE identifiers for the given product and version
>      """
>
> -    version = version.split("+git")[0]
> -
>      cpe_ids = []
>      for product in cve_product.split():
> +        version = (d.getVar("CVE_VERSION_%s" % product) or
> cve_version).split("+git")[0]
>

Looks like your patch fixes the remaining issue
but don't know if it will be better to get the CVE_VERSION_ after
splitting  the vendor from the product

Jose


>          # CVE_PRODUCT in recipes may include vendor information for CPE
> identifiers. If not,
>          # use wildcard for vendor.
>          if ":" in product:
>
> Cheers,
>
> -Mikko
>


-- 
Best regards,

José Quaresma

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189502): 
https://lists.openembedded.org/g/openembedded-core/message/189502
Mute This Topic: https://lists.openembedded.org/mt/101991269/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] cve-check.bbclass: support embedded SW components with different version number

Reply via email to