diff mbox series

[scarthgap,v2,4/5] spdx: extend CVE_STATUS variables

Message ID 20251121095415.288301-5-benjamin.robin@bootlin.com
State New
Headers show
Series backport: allow to extract all CVE_STATUS info | expand

Commit Message

Benjamin ROBIN Nov. 21, 2025, 9:54 a.m. UTC 
If spdx is generated without inheriting cve/vex classes (which is poky
default), only explicitly set CVE_STATUS fields are handled.
Calculated ones (e.g. from CVE_STATUS_GROUPS) are ignored.

Fix this by expanding the CVE_STATUS in spdx classes.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ead9c6a8770463c21210a57cc5320f44f7754dd3)
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
---
 meta/classes/spdx-common.bbclass | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass
index 36feb5680777..713a7fc651e5 100644
--- a/meta/classes/spdx-common.bbclass
+++ b/meta/classes/spdx-common.bbclass
@@ -37,6 +37,11 @@  SPDX_CUSTOM_ANNOTATION_VARS ??= ""
 
 SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}"
 
+python () {
+    from oe.cve_check import extend_cve_status
+    extend_cve_status(d)
+}
+
 def create_spdx_source_deps(d):
     import oe.spdx_common