This way yocto cve-check can find open CVE's. See also: http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html
"Results from cve-check are not very good at the moment. One of the reasons for this is that component names used in CVE database differ from yocto recipe names. This series fixes several of those name mapping problems by setting the CVE_PRODUCT correctly in the recipes. To check this mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to buildhistory for recipes and packages." Value added is based on: https://nvd.nist.gov/products/cpe/search/results?keyword=netcat&status=FINAL&orderBy=CPEURI&namingFormat=2.3 Signed-off-by: Andre Carvalho <[email protected]> --- meta-networking/recipes-support/netcat/netcat_0.7.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-networking/recipes-support/netcat/netcat_0.7.1.bb b/meta-networking/recipes-support/netcat/netcat_0.7.1.bb index 14d743f82..1e113de51 100644 --- a/meta-networking/recipes-support/netcat/netcat_0.7.1.bb +++ b/meta-networking/recipes-support/netcat/netcat_0.7.1.bb @@ -16,6 +16,8 @@ SRC_URI[sha256sum] = "b55af0bbdf5acc02d1eb6ab18da2acd77a400bafd074489003f3df0967 inherit autotools +CVE_PRODUCT = "netcat_project:netcat" + do_install_append() { install -d ${D}${bindir} mv ${D}${bindir}/nc ${D}${bindir}/nc.${BPN} -- 2.24.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#85564): https://lists.openembedded.org/g/openembedded-devel/message/85564 Mute This Topic: https://lists.openembedded.org/mt/75262081/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
