cve-check: allow recipes to override the product name

Add a new variable CVE_PRODUCT for the product name to look up in the NVD database. Default this to BPN, but allow recipes such as tiff (which is libtiff in NVD) to override it. (From OE-Core rev: ba330051570a4c991885ee726cb187e0c911bd4f) (From OE-Core rev: bee636b759feafba544e95d6355c52eb85e4ba72) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-04 16:10:04 +00:00 · 2016-12-07 11:25:53 +00:00 · 2016-12-07 11:25:53 +00:00 · 6011f5658d
commit 6011f5658d
parent b9879ad3f9
1 changed files with 5 additions and 1 deletions
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@ -20,6 +20,10 @@
 # the only method to check against CVEs. Running this tool
 # doesn't guarantee your packages are free of CVEs.

+# The product name that the CVE database uses.  Defaults to BPN, but may need to
+# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
+CVE_PRODUCT ?= "${BPN}"
+
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
 CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvd.db"

@ -144,7 +148,7 @@ def check_cves(d, patched_cves):

    cves_patched = []
    cves_unpatched = []
-    bpn = d.getVar("BPN", True)
+    bpn = d.getVar("CVE_PRODUCT")
    pv = d.getVar("PV", True).split("git+")[0]
    cves = " ".join(patched_cves)
    cve_db_dir = d.getVar("CVE_CHECK_DB_DIR", True)