diff options
Diffstat (limited to 'meta/lib')
| -rw-r--r-- | meta/lib/oe/spdx30_tasks.py | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index 0fa9a7d724..e425958991 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py | |||
| @@ -453,6 +453,22 @@ def set_purposes(d, element, *var_names, force_purposes=[]): | |||
| 453 | ] | 453 | ] |
| 454 | 454 | ||
| 455 | 455 | ||
| 456 | def _get_cves_info(d): | ||
| 457 | patched_cves = oe.cve_check.get_patched_cves(d) | ||
| 458 | for cve_id in (d.getVarFlags("CVE_STATUS") or {}): | ||
| 459 | mapping, detail, description = oe.cve_check.decode_cve_status(d, cve_id) | ||
| 460 | if not mapping or not detail: | ||
| 461 | bb.warn(f"Skipping {cve_id} — missing or unknown CVE status") | ||
| 462 | continue | ||
| 463 | yield cve_id, mapping, detail, description | ||
| 464 | patched_cves.discard(cve_id) | ||
| 465 | |||
| 466 | # decode_cve_status is decoding CVE_STATUS, so patch files need to be hardcoded | ||
| 467 | for cve_id in patched_cves: | ||
| 468 | # fix-file-included is not available in scarthgap | ||
| 469 | yield cve_id, "Patched", "backported-patch", None | ||
| 470 | |||
| 471 | |||
| 456 | def create_spdx(d): | 472 | def create_spdx(d): |
| 457 | def set_var_field(var, obj, name, package=None): | 473 | def set_var_field(var, obj, name, package=None): |
| 458 | val = None | 474 | val = None |
| @@ -502,20 +518,7 @@ def create_spdx(d): | |||
| 502 | # Add CVEs | 518 | # Add CVEs |
| 503 | cve_by_status = {} | 519 | cve_by_status = {} |
| 504 | if include_vex != "none": | 520 | if include_vex != "none": |
| 505 | patched_cves = oe.cve_check.get_patched_cves(d) | 521 | for cve_id, mapping, detail, description in _get_cves_info(d): |
| 506 | for cve_id in patched_cves: | ||
| 507 | # decode_cve_status is decoding CVE_STATUS, so patch files need to be hardcoded | ||
| 508 | if cve_id in (d.getVarFlags("CVE_STATUS") or {}): | ||
| 509 | mapping, detail, description = oe.cve_check.decode_cve_status(d, cve_id) | ||
| 510 | else: | ||
| 511 | mapping = "Patched" | ||
| 512 | detail = "backported-patch" # fix-file-included is not available in scarthgap | ||
| 513 | description = None | ||
| 514 | |||
| 515 | if not mapping or not detail: | ||
| 516 | bb.warn(f"Skipping {cve_id} — missing or unknown CVE status") | ||
| 517 | continue | ||
| 518 | |||
| 519 | # If this CVE is fixed upstream, skip it unless all CVEs are | 522 | # If this CVE is fixed upstream, skip it unless all CVEs are |
| 520 | # specified. | 523 | # specified. |
| 521 | if ( | 524 | if ( |
