diff mbox series

[styhead,02/12] cve-check: restore CVE_CHECK_SHOW_WARNINGS functionality

Message ID 3cf7c6bcd569cb19ac2b9c05f1134fdda6e9e714.1738965898.git.steve@sakoman.com
State Accepted
Delegated to: Steve Sakoman
Headers show
Series [styhead,01/12] libnsl2: set CVE_PRODUCT | expand

Commit Message

Steve Sakoman Feb. 7, 2025, 10:06 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

Commit 05ef4f2a7b225c8d230eaca8d333ffb921729d79 removed this
functionality by accident. It was implemented in text exporter, while it
should have been a global feature independent on exporter type to avoid
such accidental deletion.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Cc: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2996b11596afca288a6b7f409a5287063d331f3b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 0c92b87f52..33d41b912d 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -422,6 +422,11 @@  def check_cves(d, cve_data):
     if not cves_in_recipe:
         bb.note("No CVE records for products in recipe %s" % (pn))
 
+    if d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
+        unpatched_cves = [cve for cve in cve_data if cve_data[cve]["abbrev-status"] == "Unpatched"]
+        if unpatched_cves:
+            bb.warn("Found unpatched CVE (%s)" % " ".join(unpatched_cves))
+
     return (cve_data, cves_status)
 
 def get_cve_info(d, cve_data):