On Fri, Oct 20, 2023 at 08:56:43AM +0100, Jose Quaresma wrote: > Mikko Rapeli <mikko.rap...@linaro.org> escreveu no dia quinta, 19/10/2023 > à(s) 13:45: > > > Hi, > > > > Could something like this work? > > > > --- a/meta/lib/oe/cve_check.py > > +++ b/meta/lib/oe/cve_check.py > > @@ -140,15 +140,14 @@ def get_patched_cves(d): > > return patched_cves > > > > > > -def get_cpe_ids(cve_product, version): > > +def get_cpe_ids(cve_product, cve_version): > > """ > > Get list of CPE identifiers for the given product and version > > """ > > > > - version = version.split("+git")[0] > > - > > cpe_ids = [] > > for product in cve_product.split(): > > + version = (d.getVar("CVE_VERSION_%s" % product) or > > cve_version).split("+git")[0] > > > > Looks like your patch fixes the remaining issue > but don't know if it will be better to get the CVE_VERSION_ after > splitting the vendor from the product
This is now in v2. For the CVE_VERSION_%s, it uses what ever product was defined in CVE_PRODUCT space separated list so it is used before vendor and product split. Cheers, -Mikko
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189504): https://lists.openembedded.org/g/openembedded-core/message/189504 Mute This Topic: https://lists.openembedded.org/mt/101991269/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-