[gnome-continuous-yocto/gnomeostree-3.28-rocko: 6934/8267] cve-check.bbclass: use "+git" as separator in PV instead of "git+"

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 6934/8267] cve-check.bbclass: use "+git" as separator in PV instead of "git+"
Date: Sun, 17 Dec 2017 05:32:28 +0000 (UTC)

commit 87af2104afc3c6119ac150873aca0aeded3d3c42
Author: Mikko Rapeli <mikko rapeli bmw de>
Date:   Thu Jul 20 16:23:11 2017 +0300

    cve-check.bbclass: use "+git" as separator in PV instead of "git+"
    
    PV is the recipe major version number. cve-check tries to map that to
    NVD database release versions of the component. If the recipe sources
    are taken from git, the PV can be automatically modified to include
    git details, but the syntax is like 233+gitAUTOINC+a1e2ef7ec9.
    In CVE checks we want to remove the git details and just use the major
    version information, in this example 233.
    
    Thus use "+git" as the separator and use the first part before the separator
    as SW product version number in CVE check.
    
    Fixes version number for e.g. systemd recipe. If systemd PV is
    233+gitAUTOINC+a1e2ef7ec9 there will be no matches from CVE database where
    latest release mentioned is plain 233. If the filter is set to +git, then
    CVE PV is 233 and issues like this are detected by do_cve_check:
    
    https://nvd.nist.gov/vuln/detail/CVE-2017-1000082
    
    (From OE-Core rev: db8815abe3db60b0510fb378bf6d82172c2f2768)
    
    Signed-off-by: Mikko Rapeli <mikko rapeli bmw de>
    Signed-off-by: Ross Burton <ross burton intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 meta/classes/cve-check.bbclass |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 8dde4a2..f44bbed 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -155,7 +155,7 @@ def check_cves(d, patched_cves):
     cves_patched = []
     cves_unpatched = []
     bpn = d.getVar("CVE_PRODUCT")
-    pv = d.getVar("PV").split("git+")[0]
+    pv = d.getVar("PV").split("+git")[0]
     cves = " ".join(patched_cves)
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
     cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST"))

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]