cve-check: allow recipes to override their version

For reasons which I don't understand, the Berkeley DB tarball is version 5.3.28
but in CVE reports the version is 11.2.5.3.28.

To handle this allow recipes to override their version as well as their name.

Signed-off-by: Ross Burton <ross.burton@intel.com>

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 62dd6424d5cd7acd719d9ade6331e558cab3cc46..061e883fa7b1b1e06d290d2a8544bdc7342c3dae 100644 (file)
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -23,6 +23,7 @@
 # The product name that the CVE database uses.  Defaults to BPN, but may need to
 # be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
 CVE_PRODUCT ??= "${BPN}"
+CVE_VERSION ??= "${PV}"
 
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
 CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db"
@@ -168,7 +169,7 @@ def check_cves(d, patched_cves):
     cves_patched = []
     cves_unpatched = []
     bpn = d.getVar("CVE_PRODUCT")
-    pv = d.getVar("PV").split("+git")[0]
+    pv = d.getVar("CVE_VERSION").split("+git")[0]
     cves = " ".join(patched_cves)
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
     cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST"))