[gnome-continuous-yocto/gnomeostree-3.28-rocko: 5905/8267] cve-check.bbclass: make warning contain CVE IDs

[Emmanuele Bassi <ebassi src gnome org>]

commit 86795b756a503825539e8677d20e719a8e8eb9d1
Author: Chen Qi <Qi Chen windriver com>
Date:   Tue May 9 17:31:36 2017 +0800

    cve-check.bbclass: make warning contain CVE IDs
    
    When warning users about unpatched CVE, we'd better put CVE IDs into
    the warning message, so that it would be more straight forward for the
    user to know which CVEs are not patched.
    
    So instead of:
      WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE, for more information check 
/path/to/workdir/cve/cve.log.
    We should have:
      WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE (CVE-2017-7869), for more information check 
/path/to/workdir/cve/cve.log.
    
    (From OE-Core rev: ad46069e7b58f2fba373131716f28407816fa1a6)
    
    Signed-off-by: Chen Qi <Qi Chen windriver com>
    Signed-off-by: Ross Burton <ross burton intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 meta/classes/cve-check.bbclass |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)
---
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 0e4294f..3a9e227 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -234,7 +234,7 @@ def cve_write_data(d, patched, unpatched, cve_data):
     cve_file = d.getVar("CVE_CHECK_LOCAL_FILE")
     nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=";
     write_string = ""
-    first_alert = True
+    unpatched_cves = []
     bb.utils.mkdirhier(d.getVar("CVE_CHECK_LOCAL_DIR"))
 
     for cve in sorted(cve_data):
@@ -244,15 +244,16 @@ def cve_write_data(d, patched, unpatched, cve_data):
         if cve in patched:
             write_string += "CVE STATUS: Patched\n"
         else:
+            unpatched_cves.append(cve)
             write_string += "CVE STATUS: Unpatched\n"
-            if first_alert:
-                bb.warn("Found unpatched CVE, for more information check %s" % cve_file)
-                first_alert = False
         write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
         write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["score"]
         write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
         write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
 
+    if unpatched_cves:
+        bb.warn("Found unpatched CVE (%s), for more information check %s" % (" 
".join(unpatched_cves),cve_file))
+
     with open(cve_file, "w") as f:
         bb.note("Writing file %s with CVE information" % cve_file)
         f.write(write_string)