git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Marta Rybczynska <rybczynska@gmail.com>
	Wed, 14 Aug 2024 05:30:35 +0000 (07:30 +0200)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 20 Aug 2024 13:11:57 +0000 (14:11 +0100)
commit	abca80a716e92fc18d3085aba1a15f4bac72379c
tree	1539610148f5bdd7b220a4d97abf4227c593b669	tree
parent	23600f9566a2e5272baa258443c9611aa9bd3169	commit \| diff

cve-check: encode affected product/vendor in CVE_STATUS

CVE_STATUS contains assesment of a given CVE, but until now it didn't have
include the affected vendor/product. In the case of a global system include,
that CVE_STATUS was visible in all recipes.

This patch allows encoding of affected product/vendor to each CVE_STATUS
assessment, also for groups. We can then filter them later and use only
CVEs that correspond to the recipe.

This is going to be used in meta/conf/distro/include/cve-extra-exclusions.inc
and similar places.

Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/classes/cve-check.bbclass		diff \| blob \| blame \| history
meta/lib/oe/cve_check.py		diff \| blob \| blame \| history
meta/lib/oe/spdx30_tasks.py		diff \| blob \| blame \| history