git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Andrej Valek <andrej.valek@siemens.com>
	Fri, 23 Jun 2023 11:14:56 +0000 (13:14 +0200)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Wed, 19 Jul 2023 22:24:58 +0000 (23:24 +0100)
commit	34f682a24b7075b12ec308154b937ad118d69fe5
tree	3d235e5091f1113503a5756bdea198408f2989d4	tree
parent	ee3e2af4f8ed95b4fd0f7cec52ae4e169401b719	commit \| diff

cve-check: add option to add additional patched CVEs

- Replace CVE_CHECK_IGNORE with CVE_STATUS to be more flexible.
The CVE_STATUS should contain an information about status wich
is decoded in 3 items:
- generic status: "Ignored", "Patched" or "Unpatched"
- more detailed status enum
- description: free text describing reason for status

Examples of usage:
CVE_STATUS[CVE-1234-0001] = "not-applicable-platform: Issue only applies on Windows"
CVE_STATUS[CVE-1234-0002] = "fixed-version: Fixed externally"

CVE_CHECK_STATUSMAP[not-applicable-platform] = "Ignored"
CVE_CHECK_STATUSMAP[fixed-version] = "Patched"

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/classes/cve-check.bbclass		diff \| blob \| blame \| history
meta/conf/bitbake.conf		diff \| blob \| blame \| history
meta/conf/cve-check-map.conf	[new file with mode: 0644]	blob
meta/lib/oe/cve_check.py		diff \| blob \| blame \| history