[2/2] spdx: extend CVE_STATUS variables

Message ID	20250417093457.2091799-2-peter.marko@siemens.com
State	New
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.65.225, mailfrom: fm-256628-20250417093517c9d3e1a7a21e404a6c-qffd4_@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: jpewhacker@gmail.com, Peter Marko <peter.marko@siemens.com> Subject: [PATCH 2/2] spdx: extend CVE_STATUS variables Date: Thu, 17 Apr 2025 11:34:57 +0200 Message-Id: <20250417093457.2091799-2-peter.marko@siemens.com> In-Reply-To: <20250417093457.2091799-1-peter.marko@siemens.com> References: <20250417093457.2091799-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	[1/2] cve-check: extract extending CVE_STATUS to library function \| expand [1/2] cve-check: extract extending CVE_STATUS to library function [2/2] spdx: extend CVE_STATUS variables

Message ID

20250417093457.2091799-2-peter.marko@siemens.com

State

New

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: jpewhacker@gmail.com,
	Peter Marko <peter.marko@siemens.com>
Subject: [PATCH 2/2] spdx: extend CVE_STATUS variables
Date: Thu, 17 Apr 2025 11:34:57 +0200
Message-Id: <20250417093457.2091799-2-peter.marko@siemens.com>
In-Reply-To: <20250417093457.2091799-1-peter.marko@siemens.com>
References: <20250417093457.2091799-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

[1/2] cve-check: extract extending CVE_STATUS to library function | expand

Commit Message

Peter Marko April 17, 2025, 9:34 a.m. UTC

From: Peter Marko <peter.marko@siemens.com>

If spdx is generated without inheriting cve/vex classes (which is poky
default), only explicitly set CVE_STATUS fields are handled.
Calculated ones (e.g. from CVE_STATUS_GROUPS) are ignored.

Fix this by expanding the CVE_STATUS in spdx classes.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/classes/spdx-common.bbclass | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Joshua Watt April 17, 2025, 3:24 p.m. UTC | #1

LGTM: Reviewed-by: Joshua Watt <JPEWhacker@gmail.com>

On Thu, Apr 17, 2025 at 3:35 AM Peter Marko <peter.marko@siemens.com> wrote:
>
> From: Peter Marko <peter.marko@siemens.com>
>
> If spdx is generated without inheriting cve/vex classes (which is poky
> default), only explicitly set CVE_STATUS fields are handled.
> Calculated ones (e.g. from CVE_STATUS_GROUPS) are ignored.
>
> Fix this by expanding the CVE_STATUS in spdx classes.
>
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> ---
>  meta/classes/spdx-common.bbclass | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass
> index 36feb56807..713a7fc651 100644
> --- a/meta/classes/spdx-common.bbclass
> +++ b/meta/classes/spdx-common.bbclass
> @@ -37,6 +37,11 @@ SPDX_CUSTOM_ANNOTATION_VARS ??= ""
>
>  SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}"
>
> +python () {
> +    from oe.cve_check import extend_cve_status
> +    extend_cve_status(d)
> +}
> +
>  def create_spdx_source_deps(d):
>      import oe.spdx_common
>

diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass
index 36feb56807..713a7fc651 100644
--- a/meta/classes/spdx-common.bbclass
+++ b/meta/classes/spdx-common.bbclass
@@ -37,6 +37,11 @@  SPDX_CUSTOM_ANNOTATION_VARS ??= ""
 
 SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}"
 
+python () {
+    from oe.cve_check import extend_cve_status
+    extend_cve_status(d)
+}
+
 def create_spdx_source_deps(d):
     import oe.spdx_common

[2/2] spdx: extend CVE_STATUS variables

Commit Message

Comments

Patch