From: "Anuj Mittal" <anuj.mittal@intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [gatesgarth][PATCH 08/21] cve-check: show real PN/PV
Date: Mon, 30 Nov 2020 09:11:23 +0800 [thread overview]
Message-ID: <62e07072bbeeebfead34bbdb04e75cff1c4ef1e1.1606698421.git.anuj.mittal@intel.com> (raw)
In-Reply-To: <cover.1606698421.git.anuj.mittal@intel.com>
From: Ross Burton <ross@burtonini.com>
The output currently shows the remapped product and version fields,
which may not be the actual recipe name/version. As this report is about
recipes, use the real values.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 18827d7f40db4a4f92680bd59ca655cca373ad65)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/cve-check.bbclass | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 25cefda92e..d843e7c4ac 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -208,6 +208,9 @@ def check_cves(d, patched_cves):
"""
from distutils.version import LooseVersion
+ pn = d.getVar("PN")
+ real_pv = d.getVar("PV")
+
cves_unpatched = []
# CVE_PRODUCT can contain more than one product (eg. curl/libcurl)
products = d.getVar("CVE_PRODUCT").split()
@@ -217,7 +220,7 @@ def check_cves(d, patched_cves):
pv = d.getVar("CVE_VERSION").split("+git")[0]
# If the recipe has been whitlisted we return empty lists
- if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split():
+ if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split():
bb.note("Recipe has been whitelisted, skipping check")
return ([], [], [])
@@ -286,12 +289,12 @@ def check_cves(d, patched_cves):
vulnerable = vulnerable_start or vulnerable_end
if vulnerable:
- bb.note("%s-%s is vulnerable to %s" % (product, pv, cve))
+ bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
cves_unpatched.append(cve)
break
if not vulnerable:
- bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve))
+ bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
# TODO: not patched but not vulnerable
patched_cves.add(cve)
--
2.28.0
next prev parent reply other threads:[~2020-11-30 1:12 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-30 1:11 [gatesgarth][PATCH 00/21] patch review request Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 01/21] license_image.bbclass: use canonical name for license files Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 02/21] kernel-devsrc: improve reproducibility for arm64 Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 03/21] linux-yocto/5.4: perf: Alias SYS_futex with SYS_futex_time64 on 32-bit arches with 64bit time_t Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 04/21] linux-yocto/5.8: " Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 05/21] linux-yocto/5.8: ext4/tipc warning fixups Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 06/21] linux-yocto/5.4: update to v5.4.78 Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 07/21] glib-2.0: RDEPEND on dbusmock only when GI_DATA_ENABLED is True Anuj Mittal
2020-11-30 1:11 ` Anuj Mittal [this message]
2020-11-30 1:11 ` [gatesgarth][PATCH 09/21] python3: add CVE-2007-4559 to whitelist Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 10/21] sqlite3: add CVE-2015-3717 " Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 11/21] gstreamer1.0-rtsp-server: set CVE_PRODUCT Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 12/21] gstreamer1.0-plugins-base: " Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 13/21] sysvinit: remove bashism to be compatible with dash Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 14/21] eudev: " Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 15/21] valgrind: helgrind: Intercept libc functions Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 16/21] fs-perms: Ensure /usr/src/debug/ file modes are correct Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 17/21] e2fsprogs: Fix a ptest permissions determinism issue Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 18/21] binutils: Fix linker errors on chromium/ffmpeg on aarch64 Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 19/21] distutils-common-base: fix LINKSHARED expansion Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 20/21] lttng-modules: update 2.12.2 -> 2.12.3 Anuj Mittal
2020-11-30 1:11 ` [gatesgarth][PATCH 21/21] lttng-modules: Backport a patch to fix btrfs build failure Anuj Mittal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=62e07072bbeeebfead34bbdb04e75cff1c4ef1e1.1606698421.git.anuj.mittal@intel.com \
--to=anuj.mittal@intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox