If spdx is generated without inheriting cve/vex classes (which is poky default), only explicitly set CVE_STATUS fields are handled. Calculated ones (e.g. from CVE_STATUS_GROUPS) are ignored.
Fix this by expanding the CVE_STATUS in spdx classes. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit ead9c6a8770463c21210a57cc5320f44f7754dd3) Signed-off-by: Benjamin Robin (Schneider Electric) <[email protected]> --- meta/classes/spdx-common.bbclass | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass index 36feb5680777..713a7fc651e5 100644 --- a/meta/classes/spdx-common.bbclass +++ b/meta/classes/spdx-common.bbclass @@ -37,6 +37,11 @@ SPDX_CUSTOM_ANNOTATION_VARS ??= "" SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}" +python () { + from oe.cve_check import extend_cve_status + extend_cve_status(d) +} + def create_spdx_source_deps(d): import oe.spdx_common -- 2.51.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#226661): https://lists.openembedded.org/g/openembedded-core/message/226661 Mute This Topic: https://lists.openembedded.org/mt/116405462/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
