From: Grygorii Tertychnyi <gtertych@cisco.com>
Date: Mon, 29 Oct 2018 15:13:10 +0000 (+0200)
Subject: cve-check: Allow multiple entries in CVE_PRODUCT
X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=667d5e77e1ce0f0e531ed87f6fc30e1d65b16759;p=openembedded-core.git

cve-check: Allow multiple entries in CVE_PRODUCT

There are both "curl" and "libcurl" CPEs in NVD.
All "curl" CVEs are currently missing in the reports.

Hence, switch "CVE_PRODUCT" to a space separated list.
It is useful for recipes generating several packages,
that have different product names in NVD.

(From OE-Core rev: 404f75e026393ddc55da87f6f04fb1201cff4e11)

Signed-off-by: Grygorii Tertychnyi <gtertych@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 12ad3e5c5c..743bc08a4f 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -190,7 +190,8 @@ def check_cves(d, patched_cves):
         # Write the faux CSV file to be used with cve-check-tool
         fd, faux = tempfile.mkstemp(prefix="cve-faux-")
         with os.fdopen(fd, "w") as f:
-            f.write("%s,%s,%s," % (bpn, pv, cves))
+            for pn in bpn.split():
+                f.write("%s,%s,%s,\n" % (pn, pv, cves))
         cmd.append(faux)
 
         output = subprocess.check_output(cmd).decode("utf-8")