Mikko Rapeli <mikko.rap...@linaro.org> escreveu no dia quinta, 19/10/2023 à(s) 13:45:
> Hi, > > Could something like this work? > > --- a/meta/lib/oe/cve_check.py > +++ b/meta/lib/oe/cve_check.py > @@ -140,15 +140,14 @@ def get_patched_cves(d): > return patched_cves > > > -def get_cpe_ids(cve_product, version): > +def get_cpe_ids(cve_product, cve_version): > """ > Get list of CPE identifiers for the given product and version > """ > > - version = version.split("+git")[0] > - > cpe_ids = [] > for product in cve_product.split(): > + version = (d.getVar("CVE_VERSION_%s" % product) or > cve_version).split("+git")[0] > Looks like your patch fixes the remaining issue but don't know if it will be better to get the CVE_VERSION_ after splitting the vendor from the product Jose > # CVE_PRODUCT in recipes may include vendor information for CPE > identifiers. If not, > # use wildcard for vendor. > if ":" in product: > > Cheers, > > -Mikko > -- Best regards, José Quaresma
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189502): https://lists.openembedded.org/g/openembedded-core/message/189502 Mute This Topic: https://lists.openembedded.org/mt/101991269/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-