diff options
| author | Joshua Watt <JPEWhacker@gmail.com> | 2025-03-06 14:20:07 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-03-08 18:08:04 +0000 |
| commit | e852d99018cb4d597c48211d0c0b56ab5770f684 (patch) | |
| tree | 8c021e2daa265c82465a7c13b6c1c40496622371 | |
| parent | 5e1a91bc5bf16da5a8d68d7a29f99b11fcb9b8f6 (diff) | |
| download | poky-e852d99018cb4d597c48211d0c0b56ab5770f684.tar.gz | |
lib: spdx30_tasks: Handle patched CVEs
The code to iterate over patched CVEs (e.g. those patched by a .patch
file in SRC_URI) was accidentally omitted when writing the SPDX 3
handling. Add it in now
[YOCTO #15789]
(From OE-Core rev: 1ff496546279d8a97df5ec475007cfb095c2a0bc)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/lib/oe/spdx30_tasks.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index e3e5dbc742..e20bb0c86f 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py | |||
| @@ -498,6 +498,16 @@ def create_spdx(d): | |||
| 498 | # Add CVEs | 498 | # Add CVEs |
| 499 | cve_by_status = {} | 499 | cve_by_status = {} |
| 500 | if include_vex != "none": | 500 | if include_vex != "none": |
| 501 | for cve in oe.cve_check.get_patched_cves(d): | ||
| 502 | spdx_cve = build_objset.new_cve_vuln(cve) | ||
| 503 | build_objset.set_element_alias(spdx_cve) | ||
| 504 | |||
| 505 | cve_by_status.setdefault("Patched", {})[cve] = ( | ||
| 506 | spdx_cve, | ||
| 507 | "patched", | ||
| 508 | "", | ||
| 509 | ) | ||
| 510 | |||
| 501 | for cve in d.getVarFlags("CVE_STATUS") or {}: | 511 | for cve in d.getVarFlags("CVE_STATUS") or {}: |
| 502 | decoded_status = oe.cve_check.decode_cve_status(d, cve) | 512 | decoded_status = oe.cve_check.decode_cve_status(d, cve) |
| 503 | 513 | ||